Re: [PATCH v16 02/16] arm64: untag user pointers in access_ok and __uaccess_mask_ptr
From: Andrey Konovalov <hidden>
Date: 2019-06-12 11:03:25
Also in:
amd-gfx, dri-devel, kvm, linux-kselftest, linux-media, linux-mm, linux-rdma, lkml
On Tue, Jun 11, 2019 at 7:39 PM Catalin Marinas [off-list ref] wrote:
On Tue, Jun 11, 2019 at 07:09:46PM +0200, Andrey Konovalov wrote:quoted
On Tue, Jun 11, 2019 at 4:57 PM Catalin Marinas [off-list ref] wrote:quoted
On Mon, Jun 10, 2019 at 06:53:27PM +0100, Catalin Marinas wrote:quoted
On Mon, Jun 03, 2019 at 06:55:04PM +0200, Andrey Konovalov wrote:quoted
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index e5d5f31c6d36..9164ecb5feca 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h@@ -94,7 +94,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si return ret; } -#define access_ok(addr, size) __range_ok(addr, size) +#define access_ok(addr, size) __range_ok(untagged_addr(addr), size)I'm going to propose an opt-in method here (RFC for now). We can't have a check in untagged_addr() since this is already used throughout the kernel for both user and kernel addresses (khwasan) but we can add one in __range_ok(). The same prctl() option will be used for controlling the precise/imprecise mode of MTE later on. We can use a TIF_ flag here assuming that this will be called early on and any cloned thread will inherit this.Updated patch, inlining it below. Once we agreed on the approach, I think Andrey can insert in in this series, probably after patch 2. The differences from the one I posted yesterday: - renamed PR_* macros together with get/set variants and the possibility to disable the relaxed ABI - sysctl option - /proc/sys/abi/tagged_addr to disable the ABI globally (just the prctl() opt-in, tasks already using it won't be affected) And, of course, it needs more testing.Sure, I'll add it to the series. Should I drop access_ok() change from my patch, since yours just reverts it?Not necessary, your patch just relaxes the ABI for all apps, mine tightens it. You could instead move the untagging to __range_ok() and rebase my patch accordingly.
OK, will do. I'll also add a comment next to TIF_TAGGED_ADDR as Vincenzo asked.
-- Catalin
_______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel