From: Catalin Marinas <catalin.marinas@arm.com>
To: Kees Cook <keescook@chromium.org>
Cc: enh <enh@google.com>, Evgenii Stepanov <eugenis@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Khalid Aziz <khalid.aziz@oracle.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-rdma@vger.kernel.org, linux-media@vger.kernel.org,
kvm@vger.kernel.org,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Yishai Hadas <yishaih@mellanox.com>Felix Kuehling <F>
Subject: Re: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Kees Cook <keescook@chromium.org>
Cc: enh <enh@google.com>, Evgenii Stepanov <eugenis@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Khalid Aziz <khalid.aziz@oracle.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-rdma@vger.kernel.org, linux-media@vger.kernel.org,
kvm@vger.kernel.org,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Yishai Hadas <yishaih@mellanox.com>,
Felix Kuehling <Felix.Kuehling@amd.com>,
Alexander Deucher <Alexander.Deucher@amd.com>,
Christian Koenig <Christian.Koenig@amd.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Jens Wiklander <jens.wiklander@linaro.org>,
Alex Williamson <alex.williamson@redhat.com>,
Leon Romanovsky <leon@kernel.org>,
Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>, Lee Smith <Lee.Smith@arm.com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Dave Martin <Dave.Martin@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Szabolcs Nagy <Szabolcs.Nagy@arm.com>
Subject: Re: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: catalin.marinas at arm.com (Catalin Marinas)
Subject: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: catalin.marinas@arm.com (Catalin Marinas)
Subject: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
Message-ID: <20190528170245.GEkfENy-ZDnAPjgHLcmeFgOUtCm35yUCL8JP3miFmDQ@z> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019@02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Kees Cook <keescook@chromium.org>
Cc: enh <enh@google.com>, Evgenii Stepanov <eugenis@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Khalid Aziz <khalid.aziz@oracle.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux Memory Management List <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
linux-rdma@vger.kernel.org, linux-media@vger.kernel.org,
kvm@vger.kernel.org,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Yishai Hadas <yishaih@mellanox.com>,
Felix Kuehling <Felix.Kuehling@amd.com>,
Alexander Deucher <Alexander.Deucher@amd.com>,
Christian Koenig <Christian.Koenig@amd.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Jens Wiklander <jens.wiklander@linaro.org>,
Alex Williamson <alex.williamson@redhat.com>,
Leon Romanovsky <leon@kernel.org>,
Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>, Lee Smith <Lee.Smith@arm.com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Dave Martin <Dave.Martin@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Szabolcs Nagy <Szabolcs.Nagy@arm.com>
Subject: Re: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Kees Cook <keescook@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>,
kvm@vger.kernel.org, Szabolcs Nagy <Szabolcs.Nagy@arm.com>,
Will Deacon <will.deacon@arm.com>,
dri-devel@lists.freedesktop.org,
Linux Memory Management List <linux-mm@kvack.org>,
Khalid Aziz <khalid.aziz@oracle.com>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Leon Romanovsky <leon@kernel.org>,
linux-rdma@vger.kernel.org, amd-gfx@lists.freedesktop.org,
Dmitry Vyukov <dvyukov@google.com>,
Dave Martin <Dave.Martin@arm.com>,
Evgenii Stepanov <eugenis@google.com>,
linux-media@vger.kernel.org,
Kevin Brodsky <kevin.brodsky@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Alex Williamson <alex.williamson@redhat.com>,
Yishai Hadas <yishaih@mellanox.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Kostya Serebryany <kcc@google.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Felix Kuehling <Felix.Kuehling@amd.com>,
LKML <linux-kernel@vger.kernel.org>,
Jens Wiklander <jens.wiklander@linaro.org>,
Lee Smith <Lee.Smith@arm.com>,
Alexander Deucher <Alexander.Deucher@amd.com>,
Andrew Morton <akpm@linux-foundation.org>, enh <enh@google.com>,
Robin Murphy <robin.murphy@arm.com>,
Christian Koenig <Christian.Koenig@amd.com>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Subject: Re: [PATCH v15 00/17] arm64: untag user pointers passed to the kernel
Date: Tue, 28 May 2019 18:02:45 +0100 [thread overview]
Message-ID: <20190528170244.GF32006@arrakis.emea.arm.com> (raw)
In-Reply-To: <201905231327.77CA8D0A36@keescook>
On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> syzkaller already attempts to randomly inject non-canonical and
> 0xFFFF....FFFF addresses for user pointers in syscalls in an effort to
> find bugs like CVE-2017-5123 where waitid() via unchecked put_user() was
> able to write directly to kernel memory[1].
>
> It seems that using TBI by default and not allowing a switch back to
> "normal" ABI without a reboot actually means that userspace cannot inject
> kernel pointers into syscalls any more, since they'll get universally
> stripped now. Is my understanding correct, here? i.e. exploiting
> CVE-2017-5123 would be impossible under TBI?
>
> If so, then I think we should commit to the TBI ABI and have a boot
> flag to disable it, but NOT have a process flag, as that would allow
> attackers to bypass the masking. The only flag should be "TBI or MTE".
>
> If so, can I get top byte masking for other architectures too? Like,
> just to strip high bits off userspace addresses? ;)
Just for fun, hack/attempt at your idea which should not interfere with
TBI. Only briefly tested on arm64 (and the s390 __TYPE_IS_PTR macro is
pretty weird ;)):
--------------------------8<---------------------------------
diff --git a/arch/s390/include/asm/compat.h b/arch/s390/include/asm/compat.h
index 63b46e30b2c3..338455a74eff 100644
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -11,9 +11,6 @@
#include <asm-generic/compat.h>
-#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p( \
- typeof(0?(__force t)0:0ULL), u64))
-
#define __SC_DELOUSE(t,v) ({ \
BUILD_BUG_ON(sizeof(t) > 4 && !__TYPE_IS_PTR(t)); \
(__force t)(__TYPE_IS_PTR(t) ? ((v) & 0x7fffffff) : (v)); \
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index e2870fe1be5b..b1b9fe8502da 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -119,8 +119,15 @@ struct io_uring_params;
#define __TYPE_IS_L(t) (__TYPE_AS(t, 0L))
#define __TYPE_IS_UL(t) (__TYPE_AS(t, 0UL))
#define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+#define __TYPE_IS_PTR(t) (!__builtin_types_compatible_p(typeof(0 ? (__force t)0 : 0ULL), u64))
#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+#ifdef CONFIG_64BIT
+#define __SC_CAST(t, a) (__TYPE_IS_PTR(t) \
+ ? (__force t) ((__u64)a & ~(1UL << 55)) \
+ : (__force t) a)
+#else
#define __SC_CAST(t, a) (__force t) a
+#endif
#define __SC_ARGS(t, a) a
#define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-05-28 17:02 UTC|newest]
Thread overview: 558+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-06 16:30 [PATCH v15 00/17] arm64: untag user pointers passed to the kernel Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` [PATCH v15 01/17] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-29 14:49 ` Khalid Aziz
2019-05-29 14:49 ` Khalid Aziz
2019-05-29 14:49 ` Khalid Aziz
2019-05-29 14:49 ` khalid.aziz
2019-05-29 14:49 ` Khalid Aziz
2019-05-06 16:30 ` [PATCH v15 02/17] arm64: untag user pointers in access_ok and __uaccess_mask_ptr Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` [PATCH v15 03/17] lib, arm64: untag user pointers in strn*_user Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 10:41 ` Catalin Marinas
2019-05-22 10:41 ` Catalin Marinas
2019-05-22 10:41 ` Catalin Marinas
2019-05-22 10:41 ` catalin.marinas
2019-05-22 10:41 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 04/17] mm: add ksys_ wrappers to memory syscalls Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 10:56 ` Catalin Marinas
2019-05-22 10:56 ` Catalin Marinas
2019-05-22 10:56 ` Catalin Marinas
2019-05-22 10:56 ` catalin.marinas
2019-05-22 10:56 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 05/17] arms64: untag user pointers passed " Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 11:49 ` Catalin Marinas
2019-05-22 11:49 ` Catalin Marinas
2019-05-22 11:49 ` Catalin Marinas
2019-05-22 11:49 ` catalin.marinas
2019-05-22 11:49 ` Catalin Marinas
2019-05-22 21:16 ` Evgenii Stepanov
2019-05-22 21:16 ` Evgenii Stepanov
2019-05-22 21:16 ` Evgenii Stepanov
2019-05-22 21:16 ` Evgenii Stepanov
2019-05-22 21:16 ` eugenis
2019-05-22 21:16 ` Evgenii Stepanov
2019-05-23 9:04 ` Catalin Marinas
2019-05-23 9:04 ` Catalin Marinas
2019-05-23 9:04 ` Catalin Marinas
2019-05-23 9:04 ` Catalin Marinas
2019-05-23 9:04 ` catalin.marinas
2019-05-23 9:04 ` Catalin Marinas
2019-05-24 4:23 ` Evgenii Stepanov
2019-05-24 4:23 ` Evgenii Stepanov
2019-05-24 4:23 ` Evgenii Stepanov
2019-05-24 4:23 ` Evgenii Stepanov
2019-05-24 4:23 ` eugenis
2019-05-24 4:23 ` Evgenii Stepanov
2019-05-24 15:41 ` Andrew Murray
2019-05-24 15:41 ` Andrew Murray
2019-05-24 15:41 ` Andrew Murray
2019-05-24 15:41 ` andrew.murray
2019-05-24 15:41 ` Andrew Murray
2019-05-25 9:57 ` Catalin Marinas
2019-05-25 9:57 ` Catalin Marinas
2019-05-25 9:57 ` Catalin Marinas
2019-05-25 9:57 ` catalin.marinas
2019-05-25 9:57 ` Catalin Marinas
2019-05-27 9:42 ` Catalin Marinas
2019-05-27 9:42 ` Catalin Marinas
2019-05-27 9:42 ` Catalin Marinas
2019-05-27 9:42 ` catalin.marinas
2019-05-27 9:42 ` Catalin Marinas
2019-05-27 14:37 ` Catalin Marinas
2019-05-27 14:37 ` Catalin Marinas
2019-05-27 14:37 ` Catalin Marinas
2019-05-27 14:37 ` catalin.marinas
2019-05-27 14:37 ` Catalin Marinas
2019-05-28 14:54 ` Andrew Murray
2019-05-28 14:54 ` Andrew Murray
2019-05-28 14:54 ` Andrew Murray
2019-05-28 14:54 ` andrew.murray
2019-05-28 14:54 ` Andrew Murray
2019-05-28 15:40 ` Catalin Marinas
2019-05-28 15:40 ` Catalin Marinas
2019-05-28 15:40 ` Catalin Marinas
2019-05-28 15:40 ` catalin.marinas
2019-05-28 15:40 ` Catalin Marinas
2019-05-28 15:56 ` Dave Martin
2019-05-28 15:56 ` Dave Martin
2019-05-28 15:56 ` Dave Martin
2019-05-28 15:56 ` Dave.Martin
2019-05-28 15:56 ` Dave Martin
2019-05-28 16:34 ` Catalin Marinas
2019-05-28 16:34 ` Catalin Marinas
2019-05-28 16:34 ` Catalin Marinas
2019-05-28 16:34 ` catalin.marinas
2019-05-28 16:34 ` Catalin Marinas
2019-05-29 12:42 ` Dave Martin
2019-05-29 12:42 ` Dave Martin
2019-05-29 12:42 ` Dave Martin
2019-05-29 12:42 ` Dave.Martin
2019-05-29 12:42 ` Dave Martin
2019-05-29 13:23 ` Catalin Marinas
2019-05-29 13:23 ` Catalin Marinas
2019-05-29 13:23 ` Catalin Marinas
2019-05-29 13:23 ` catalin.marinas
2019-05-29 13:23 ` Catalin Marinas
2019-05-29 15:18 ` Dave Martin
2019-05-29 15:18 ` Dave Martin
2019-05-29 15:18 ` Dave Martin
2019-05-29 15:18 ` Dave.Martin
2019-05-29 15:18 ` Dave Martin
2019-05-28 23:33 ` Khalid Aziz
2019-05-28 23:33 ` Khalid Aziz
2019-05-28 23:33 ` Khalid Aziz
2019-05-28 23:33 ` khalid.aziz
2019-05-28 23:33 ` Khalid Aziz
2019-05-29 14:20 ` Catalin Marinas
2019-05-29 14:20 ` Catalin Marinas
2019-05-29 14:20 ` Catalin Marinas
2019-05-29 14:20 ` catalin.marinas
2019-05-29 14:20 ` Catalin Marinas
2019-05-29 19:16 ` Khalid Aziz
2019-05-29 19:16 ` Khalid Aziz
2019-05-29 19:16 ` Khalid Aziz
2019-05-29 19:16 ` khalid.aziz
2019-05-29 19:16 ` Khalid Aziz
2019-05-30 15:11 ` Catalin Marinas
2019-05-30 15:11 ` Catalin Marinas
2019-05-30 15:11 ` Catalin Marinas
2019-05-30 15:11 ` catalin.marinas
2019-05-30 15:11 ` Catalin Marinas
2019-05-30 16:05 ` Khalid Aziz
2019-05-30 16:05 ` Khalid Aziz
2019-05-30 16:05 ` Khalid Aziz
2019-05-30 16:05 ` khalid.aziz
2019-05-30 16:05 ` Khalid Aziz
2019-05-30 16:57 ` Catalin Marinas
2019-05-30 16:57 ` Catalin Marinas
2019-05-30 16:57 ` Catalin Marinas
2019-05-30 16:57 ` catalin.marinas
2019-05-30 16:57 ` Catalin Marinas
2019-05-28 13:05 ` Catalin Marinas
2019-05-28 13:05 ` Catalin Marinas
2019-05-28 13:05 ` Catalin Marinas
2019-05-28 13:05 ` catalin.marinas
2019-05-28 13:05 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 06/17] mm: untag user pointers in do_pages_move Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 11:51 ` Catalin Marinas
2019-05-22 11:51 ` Catalin Marinas
2019-05-22 11:51 ` Catalin Marinas
2019-05-22 11:51 ` catalin.marinas
2019-05-22 11:51 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 07/17] mm, arm64: untag user pointers in mm/gup.c Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 11:56 ` Catalin Marinas
2019-05-22 11:56 ` Catalin Marinas
2019-05-22 11:56 ` Catalin Marinas
2019-05-22 11:56 ` catalin.marinas
2019-05-22 11:56 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 08/17] mm, arm64: untag user pointers in get_vaddr_frames Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` [PATCH v15 09/17] fs, arm64: untag user pointers in copy_mount_options Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-22 12:09 ` Catalin Marinas
2019-05-22 12:09 ` Catalin Marinas
2019-05-22 12:09 ` Catalin Marinas
2019-05-22 12:09 ` catalin.marinas
2019-05-22 12:09 ` Catalin Marinas
2019-05-06 16:30 ` [PATCH v15 10/17] fs, arm64: untag user pointers in fs/userfaultfd.c Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` [PATCH v15 11/17] drm/amdgpu, arm64: untag user pointers Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-07 16:43 ` Kuehling, Felix
2019-05-07 16:43 ` Kuehling, Felix
2019-05-07 16:43 ` Kuehling, Felix
2019-05-07 16:43 ` Kuehling, Felix
2019-05-07 16:43 ` Felix.Kuehling
2019-05-07 16:43 ` Kuehling, Felix
2019-05-06 16:30 ` [PATCH v15 12/17] drm/radeon, arm64: untag user pointers in radeon_gem_userptr_ioctl Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
[not found] ` <03fe9d923db75cf72678f3ce103838e67390751a.1557160186.git.andreyknvl-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2019-05-07 16:44 ` Kuehling, Felix
2019-05-07 16:44 ` Kuehling, Felix
2019-05-07 16:44 ` Kuehling, Felix
2019-05-07 16:44 ` Kuehling, Felix
2019-05-07 16:44 ` Felix.Kuehling
2019-05-07 16:44 ` Kuehling, Felix
2019-05-06 16:30 ` [PATCH v15 13/17] IB, arm64: untag user pointers in ib_uverbs_(re)reg_mr() Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 16:30 ` andreyknvl
2019-05-06 16:30 ` Andrey Konovalov
2019-05-06 19:50 ` Jason Gunthorpe
2019-05-06 19:50 ` Jason Gunthorpe
2019-05-06 19:50 ` Jason Gunthorpe
2019-05-06 19:50 ` jgg
2019-05-06 19:50 ` Jason Gunthorpe
2019-05-07 6:33 ` Leon Romanovsky
2019-05-07 6:33 ` Leon Romanovsky
2019-05-07 6:33 ` Leon Romanovsky
2019-05-07 6:33 ` leon
2019-05-07 6:33 ` Leon Romanovsky
2019-05-06 16:31 ` [PATCH v15 14/17] media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` andreyknvl
2019-05-06 16:31 ` Andrey Konovalov
2019-05-24 13:13 ` Mauro Carvalho Chehab
2019-05-24 13:13 ` Mauro Carvalho Chehab
2019-05-24 13:13 ` Mauro Carvalho Chehab
2019-05-24 13:13 ` mchehab+samsung
2019-05-24 13:13 ` Mauro Carvalho Chehab
2019-05-06 16:31 ` [PATCH v15 15/17] tee, arm64: untag user pointers in tee_shm_register Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` andreyknvl
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` [PATCH v15 16/17] vfio/type1, arm64: untag user pointers in vaddr_get_pfn Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` andreyknvl
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` [PATCH v15 17/17] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` Andrey Konovalov
2019-05-06 16:31 ` andreyknvl
2019-05-06 16:31 ` Andrey Konovalov
2019-05-22 14:16 ` Catalin Marinas
2019-05-22 14:16 ` Catalin Marinas
2019-05-22 14:16 ` Catalin Marinas
2019-05-22 14:16 ` catalin.marinas
2019-05-22 14:16 ` Catalin Marinas
2019-05-31 14:21 ` Andrey Konovalov
2019-05-31 14:21 ` Andrey Konovalov
2019-05-31 14:21 ` Andrey Konovalov
2019-05-31 14:21 ` Andrey Konovalov
2019-05-31 14:21 ` andreyknvl
2019-05-31 14:21 ` Andrey Konovalov
2019-05-31 16:22 ` Catalin Marinas
2019-05-31 16:22 ` Catalin Marinas
2019-05-31 16:22 ` Catalin Marinas
2019-05-31 16:22 ` Catalin Marinas
2019-05-31 16:22 ` catalin.marinas
2019-05-31 16:22 ` Catalin Marinas
2019-05-17 14:49 ` [PATCH v15 00/17] arm64: untag user pointers passed to the kernel Catalin Marinas
2019-05-17 14:49 ` Catalin Marinas
2019-05-17 14:49 ` Catalin Marinas
2019-05-17 14:49 ` catalin.marinas
2019-05-17 14:49 ` Catalin Marinas
2019-05-20 23:53 ` Evgenii Stepanov
2019-05-20 23:53 ` Evgenii Stepanov
2019-05-20 23:53 ` Evgenii Stepanov
2019-05-20 23:53 ` Evgenii Stepanov
2019-05-20 23:53 ` eugenis
2019-05-20 23:53 ` Evgenii Stepanov
2019-05-21 18:29 ` Catalin Marinas
2019-05-21 18:29 ` Catalin Marinas
2019-05-21 18:29 ` Catalin Marinas
2019-05-21 18:29 ` Catalin Marinas
2019-05-21 18:29 ` catalin.marinas
2019-05-21 18:29 ` Catalin Marinas
2019-05-22 0:04 ` Kees Cook
2019-05-22 0:04 ` Kees Cook
2019-05-22 0:04 ` Kees Cook
2019-05-22 0:04 ` Kees Cook
2019-05-22 0:04 ` keescook
2019-05-22 0:04 ` Kees Cook
2019-05-22 10:11 ` Catalin Marinas
2019-05-22 10:11 ` Catalin Marinas
2019-05-22 10:11 ` Catalin Marinas
2019-05-22 10:11 ` Catalin Marinas
2019-05-22 10:11 ` catalin.marinas
2019-05-22 10:11 ` Catalin Marinas
2019-05-22 15:30 ` enh
2019-05-22 15:30 ` enh
2019-05-22 15:30 ` enh
2019-05-22 15:30 ` enh
2019-05-22 15:30 ` enh
2019-05-22 15:30 ` enh
2019-05-22 16:35 ` Catalin Marinas
2019-05-22 16:35 ` Catalin Marinas
2019-05-22 16:35 ` Catalin Marinas
2019-05-22 16:35 ` Catalin Marinas
2019-05-22 16:35 ` catalin.marinas
2019-05-22 16:35 ` Catalin Marinas
2019-05-22 16:58 ` enh
2019-05-22 16:58 ` enh
2019-05-22 16:58 ` enh
2019-05-22 16:58 ` enh
2019-05-22 16:58 ` enh
2019-05-22 16:58 ` enh
2019-05-23 15:21 ` Catalin Marinas
2019-05-23 15:21 ` Catalin Marinas
2019-05-23 15:21 ` Catalin Marinas
2019-05-23 15:21 ` Catalin Marinas
2019-05-23 15:21 ` catalin.marinas
2019-05-23 15:21 ` Catalin Marinas
2019-05-22 20:47 ` Kees Cook
2019-05-22 20:47 ` Kees Cook
2019-05-22 20:47 ` Kees Cook
2019-05-22 20:47 ` Kees Cook
2019-05-22 20:47 ` keescook
2019-05-22 20:47 ` Kees Cook
2019-05-22 23:03 ` Evgenii Stepanov
2019-05-22 23:03 ` Evgenii Stepanov
2019-05-22 23:03 ` Evgenii Stepanov
2019-05-22 23:03 ` Evgenii Stepanov
2019-05-22 23:03 ` eugenis
2019-05-22 23:03 ` Evgenii Stepanov
2019-05-22 23:09 ` enh
2019-05-22 23:09 ` enh
2019-05-22 23:09 ` enh
2019-05-22 23:09 ` enh
2019-05-22 23:09 ` enh
2019-05-22 23:09 ` enh
2019-05-23 7:34 ` Catalin Marinas
2019-05-23 7:34 ` Catalin Marinas
2019-05-23 7:34 ` Catalin Marinas
2019-05-23 7:34 ` Catalin Marinas
2019-05-23 7:34 ` catalin.marinas
2019-05-23 7:34 ` Catalin Marinas
2019-05-23 14:44 ` Catalin Marinas
2019-05-23 14:44 ` Catalin Marinas
2019-05-23 14:44 ` Catalin Marinas
2019-05-23 14:44 ` Catalin Marinas
2019-05-23 14:44 ` catalin.marinas
2019-05-23 14:44 ` Catalin Marinas
2019-05-23 15:44 ` enh
2019-05-23 15:44 ` enh
2019-05-23 15:44 ` enh
2019-05-23 15:44 ` enh
2019-05-23 15:44 ` enh
2019-05-23 15:44 ` enh
2019-05-23 17:00 ` Catalin Marinas
2019-05-23 17:00 ` Catalin Marinas
2019-05-23 17:00 ` Catalin Marinas
2019-05-23 17:00 ` Catalin Marinas
2019-05-23 17:00 ` catalin.marinas
2019-05-23 17:00 ` Catalin Marinas
2019-05-23 16:38 ` Kees Cook
2019-05-23 16:38 ` Kees Cook
2019-05-23 16:38 ` Kees Cook
2019-05-23 16:38 ` Kees Cook
2019-05-23 16:38 ` keescook
2019-05-23 16:38 ` Kees Cook
2019-05-23 17:43 ` Catalin Marinas
2019-05-23 17:43 ` Catalin Marinas
2019-05-23 17:43 ` Catalin Marinas
2019-05-23 17:43 ` Catalin Marinas
2019-05-23 17:43 ` catalin.marinas
2019-05-23 17:43 ` Catalin Marinas
2019-05-23 21:31 ` Kees Cook
2019-05-23 21:31 ` Kees Cook
2019-05-23 21:31 ` Kees Cook
2019-05-23 21:31 ` Kees Cook
2019-05-23 21:31 ` keescook
2019-05-23 21:31 ` Kees Cook
2019-05-24 11:20 ` Catalin Marinas
2019-05-24 11:20 ` Catalin Marinas
2019-05-24 11:20 ` Catalin Marinas
2019-05-24 11:20 ` Catalin Marinas
2019-05-24 11:20 ` catalin.marinas
2019-05-24 11:20 ` Catalin Marinas
2019-05-28 17:02 ` Catalin Marinas [this message]
2019-05-28 17:02 ` Catalin Marinas
2019-05-28 17:02 ` Catalin Marinas
2019-05-28 17:02 ` Catalin Marinas
2019-05-28 17:02 ` catalin.marinas
2019-05-28 17:02 ` Catalin Marinas
2019-06-02 5:06 ` Kees Cook
2019-06-02 5:06 ` Kees Cook
2019-06-02 5:06 ` Kees Cook
2019-06-02 5:06 ` Kees Cook
2019-06-02 5:06 ` keescook
2019-06-02 5:06 ` Kees Cook
2019-05-22 19:21 ` Kees Cook
2019-05-22 19:21 ` Kees Cook
2019-05-22 19:21 ` Kees Cook
2019-05-22 19:21 ` Kees Cook
2019-05-22 19:21 ` keescook
2019-05-22 19:21 ` Kees Cook
2019-05-22 20:15 ` enh
2019-05-22 20:15 ` enh
2019-05-22 20:15 ` enh
2019-05-22 20:15 ` enh
2019-05-22 20:15 ` enh
2019-05-22 20:15 ` enh
2019-05-23 15:08 ` Catalin Marinas
2019-05-23 15:08 ` Catalin Marinas
2019-05-23 15:08 ` Catalin Marinas
2019-05-23 15:08 ` Catalin Marinas
2019-05-23 15:08 ` catalin.marinas
2019-05-23 15:08 ` Catalin Marinas
2019-05-23 17:51 ` Khalid Aziz
2019-05-23 17:51 ` Khalid Aziz
2019-05-23 17:51 ` Khalid Aziz
2019-05-23 17:51 ` Khalid Aziz
2019-05-23 17:51 ` khalid.aziz
2019-05-23 17:51 ` Khalid Aziz
2019-05-23 20:11 ` Catalin Marinas
2019-05-23 20:11 ` Catalin Marinas
2019-05-23 20:11 ` Catalin Marinas
2019-05-23 20:11 ` Catalin Marinas
2019-05-23 20:11 ` catalin.marinas
2019-05-23 20:11 ` Catalin Marinas
2019-05-23 21:42 ` Khalid Aziz
2019-05-23 21:42 ` Khalid Aziz
2019-05-23 21:42 ` Khalid Aziz
2019-05-23 21:42 ` Khalid Aziz
2019-05-23 21:42 ` khalid.aziz
2019-05-23 21:42 ` Khalid Aziz
2019-05-23 21:49 ` Khalid Aziz
2019-05-23 21:49 ` Khalid Aziz
2019-05-23 21:49 ` Khalid Aziz
2019-05-23 21:49 ` Khalid Aziz
2019-05-23 21:49 ` khalid.aziz
2019-05-23 21:49 ` Khalid Aziz
2019-05-24 10:11 ` Catalin Marinas
2019-05-24 10:11 ` Catalin Marinas
2019-05-24 10:11 ` Catalin Marinas
2019-05-24 10:11 ` Catalin Marinas
2019-05-24 10:11 ` catalin.marinas
2019-05-24 10:11 ` Catalin Marinas
2019-05-24 14:25 ` Khalid Aziz
2019-05-24 14:25 ` Khalid Aziz
2019-05-24 14:25 ` Khalid Aziz
2019-05-24 14:25 ` Khalid Aziz
2019-05-24 14:25 ` khalid.aziz
2019-05-24 14:25 ` Khalid Aziz
2019-05-28 14:14 ` Andrey Konovalov
2019-05-28 14:14 ` Andrey Konovalov
2019-05-28 14:14 ` Andrey Konovalov
2019-05-28 14:14 ` Andrey Konovalov
2019-05-28 14:14 ` andreyknvl
2019-05-28 14:14 ` Andrey Konovalov
2019-05-29 6:11 ` Christoph Hellwig
2019-05-29 6:11 ` Christoph Hellwig
2019-05-29 6:11 ` Christoph Hellwig
2019-05-29 6:11 ` Christoph Hellwig
2019-05-29 6:11 ` hch
2019-05-29 6:11 ` Christoph Hellwig
2019-05-29 12:12 ` Catalin Marinas
2019-05-29 12:12 ` Catalin Marinas
2019-05-29 12:12 ` Catalin Marinas
2019-05-29 12:12 ` Catalin Marinas
2019-05-29 12:12 ` catalin.marinas
2019-05-29 12:12 ` Catalin Marinas
2019-05-30 17:15 ` Catalin Marinas
2019-05-30 17:15 ` Catalin Marinas
2019-05-30 17:15 ` Catalin Marinas
2019-05-30 17:15 ` Catalin Marinas
2019-05-30 17:15 ` catalin.marinas
2019-05-30 17:15 ` Catalin Marinas
2019-05-31 14:29 ` Andrey Konovalov
2019-05-31 14:29 ` Andrey Konovalov
2019-05-31 14:29 ` Andrey Konovalov
2019-05-31 14:29 ` Andrey Konovalov
2019-05-31 14:29 ` andreyknvl
2019-05-31 14:29 ` Andrey Konovalov
2019-05-31 16:19 ` Catalin Marinas
2019-05-31 16:19 ` Catalin Marinas
2019-05-31 16:19 ` Catalin Marinas
2019-05-31 16:19 ` Catalin Marinas
2019-05-31 16:19 ` catalin.marinas
2019-05-31 16:19 ` Catalin Marinas
2019-05-31 16:24 ` Andrey Konovalov
2019-05-31 16:24 ` Andrey Konovalov
2019-05-31 16:24 ` Andrey Konovalov
2019-05-31 16:24 ` Andrey Konovalov
2019-05-31 16:24 ` andreyknvl
2019-05-31 16:24 ` Andrey Konovalov
2019-05-31 16:46 ` Catalin Marinas
2019-05-31 16:46 ` Catalin Marinas
2019-05-31 16:46 ` Catalin Marinas
2019-05-31 16:46 ` Catalin Marinas
2019-05-31 16:46 ` catalin.marinas
2019-05-31 16:46 ` Catalin Marinas
2019-05-21 18:48 ` Jason Gunthorpe
2019-05-21 18:48 ` Jason Gunthorpe
2019-05-21 18:48 ` Jason Gunthorpe
2019-05-21 18:48 ` jgg
2019-05-21 18:48 ` Jason Gunthorpe
2019-05-22 13:49 ` Dave Martin
2019-05-22 13:49 ` Dave Martin
2019-05-22 13:49 ` Dave Martin
2019-05-22 13:49 ` Dave.Martin
2019-05-22 13:49 ` Dave Martin
2019-05-23 0:20 ` Jason Gunthorpe
2019-05-23 0:20 ` Jason Gunthorpe
2019-05-23 0:20 ` Jason Gunthorpe
2019-05-23 0:20 ` jgg
2019-05-23 0:20 ` Jason Gunthorpe
2019-05-23 10:42 ` Dave Martin
2019-05-23 10:42 ` Dave Martin
2019-05-23 10:42 ` Dave Martin
2019-05-23 10:42 ` Dave.Martin
2019-05-23 10:42 ` Dave Martin
2019-05-23 16:57 ` Catalin Marinas
2019-05-23 16:57 ` Catalin Marinas
2019-05-23 16:57 ` Catalin Marinas
2019-05-23 16:57 ` catalin.marinas
2019-05-23 16:57 ` Catalin Marinas
2019-05-24 14:23 ` Dave Martin
2019-05-24 14:23 ` Dave Martin
2019-05-24 14:23 ` Dave Martin
2019-05-24 14:23 ` Dave.Martin
2019-05-24 14:23 ` Dave Martin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190528170244.GF32006@arrakis.emea.arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=amd-gfx@lists.freedesktop.org \
--cc=andreyknvl@google.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=enh@google.com \
--cc=eugenis@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=khalid.aziz@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-rdma@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will.deacon@arm.com \
--cc=yishaih@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.