All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
	Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
	Mark Rutland <Mark.Rutland@arm.com>,
	Robin Murphy <Robin.Murphy@arm.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Kees Cook <keescook@chromium.org>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Shuah Khan <shuah@kernel.org>,
	Linux ARM <linux-arm-kernel@lists.infradead.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Linux Memory Management List <linux-mm@kvack.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Chintan Pandya <cpandya@codeaurora.org>,
	Jacob Bramley <Jacob.Bramley@arm.com>,
	Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
	Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Evgeniy Stepanov <eugenis@google.com>, nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 


WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
	Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
	Mark Rutland <Mark.Rutland@arm.com>,
	Robin Murphy <Robin.Murphy@arm.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Kees Cook <keescook@chromium.org>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Shuah Khan <shuah@kernel.org>,
	Linux ARM <linux-arm-kernel@lists.infradead.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Linux Memory Management List <linux-mm@kvack.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Chintan Pandya <cpandya@codeaurora.org>,
	Jacob Bramley <Jacob.Bramley@arm.com>,
	Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
	Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Evgeniy Stepanov <eugenis@google.com>, nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan at arm.com (Ramana Radhakrishnan)
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas at arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl at google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan@arm.com (Ramana Radhakrishnan)
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
Message-ID: <20180627150809.JyHVqkTU_uucJMslNl-UzYnKN2h1Q9G_RhD_2wTK1nI@z> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018@02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018@5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
	Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
	Mark Rutland <Mark.Rutland@arm.com>,
	Robin Murphy <Robin.Murphy@arm.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Kees Cook <keescook@chromium.org>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Shuah Khan <shuah@kernel.org>,
	Linux ARM <linux-arm-kernel@lists.infradead.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Linux Memory Management List <linux-mm@kvack.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>C
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
	Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
	Mark Rutland <Mark.Rutland@arm.com>,
	Robin Murphy <Robin.Murphy@arm.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Kees Cook <keescook@chromium.org>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Shuah Khan <shuah@kernel.org>,
	Linux ARM <linux-arm-kernel@lists.infradead.org>,
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
	Linux Memory Management List <linux-mm@kvack.org>,
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Chintan Pandya <cpandya@codeaurora.org>,
	Jacob Bramley <Jacob.Bramley@arm.com>,
	Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
	Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Evgeniy Stepanov <eugenis@google.com>nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
Message-ID: <20180627150809.UNjROcTjtZkz5gUprdDlcUMxdMZV-n4MxBcm4AG-PFg@z> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan@arm.com (Ramana Radhakrishnan)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100	[thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>

On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
> 
> 
> OK, got it, I'll try to figure out a way to find these conversions.


This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.

regards
Ramana



> 
> Thanks!
> 

  reply	other threads:[~2018-06-27 15:08 UTC|newest]

Thread overview: 195+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-20 15:24 Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 1/7] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 2/7] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 3/7] arm64: untag user addresses in access_ok and __uaccess_mask_ptr Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 4/7] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 5/7] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 6/7] arm64: update Documentation/arm64/tagged-pointers.txt Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 7/7] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` Andrey Konovalov
2018-06-20 15:24   ` andreyknvl
2018-06-20 15:24   ` Andrey Konovalov
2018-06-26 12:47 ` [PATCH v4 0/7] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-06-26 12:47   ` Andrey Konovalov
2018-06-26 12:47   ` Andrey Konovalov
2018-06-26 12:47   ` andreyknvl
2018-06-26 12:47   ` Andrey Konovalov
2018-06-26 17:29   ` Catalin Marinas
2018-06-26 17:29     ` Catalin Marinas
2018-06-26 17:29     ` Catalin Marinas
2018-06-26 17:29     ` Catalin Marinas
2018-06-26 17:29     ` catalin.marinas
2018-06-26 17:29     ` Catalin Marinas
2018-06-27 15:05     ` Andrey Konovalov
2018-06-27 15:05       ` Andrey Konovalov
2018-06-27 15:05       ` Andrey Konovalov
2018-06-27 15:05       ` Andrey Konovalov
2018-06-27 15:05       ` andreyknvl
2018-06-27 15:05       ` Andrey Konovalov
2018-06-27 15:08       ` Ramana Radhakrishnan [this message]
2018-06-27 15:08         ` Ramana Radhakrishnan
2018-06-27 15:08         ` Ramana Radhakrishnan
2018-06-27 15:08         ` Ramana Radhakrishnan
2018-06-27 15:08         ` Ramana Radhakrishnan
2018-06-27 15:08         ` ramana.radhakrishnan
2018-06-27 15:08         ` Ramana Radhakrishnan
2018-06-27 17:17         ` Catalin Marinas
2018-06-27 17:17           ` Catalin Marinas
2018-06-27 17:17           ` Catalin Marinas
2018-06-27 17:17           ` Catalin Marinas
2018-06-27 17:17           ` Catalin Marinas
2018-06-27 17:17           ` catalin.marinas
2018-06-27 17:17           ` Catalin Marinas
2018-06-28  6:17           ` Luc Van Oostenryck
2018-06-28  6:17             ` Luc Van Oostenryck
2018-06-28  6:17             ` Luc Van Oostenryck
2018-06-28  6:17             ` Luc Van Oostenryck
2018-06-28  6:17             ` Luc Van Oostenryck
2018-06-28  6:17             ` luc.vanoostenryck
2018-06-28  6:17             ` Luc Van Oostenryck
2018-06-28 10:27             ` Catalin Marinas
2018-06-28 10:27               ` Catalin Marinas
2018-06-28 10:27               ` Catalin Marinas
2018-06-28 10:27               ` Catalin Marinas
2018-06-28 10:27               ` Catalin Marinas
2018-06-28 10:27               ` catalin.marinas
2018-06-28 10:27               ` Catalin Marinas
2018-06-28 10:46               ` Luc Van Oostenryck
2018-06-28 10:46                 ` Luc Van Oostenryck
2018-06-28 10:46                 ` Luc Van Oostenryck
2018-06-28 10:46                 ` Luc Van Oostenryck
2018-06-28 10:46                 ` Luc Van Oostenryck
2018-06-28 10:46                 ` luc.vanoostenryck
2018-06-28 10:46                 ` Luc Van Oostenryck
2018-06-28 14:48                 ` Catalin Marinas
2018-06-28 14:48                   ` Catalin Marinas
2018-06-28 14:48                   ` Catalin Marinas
2018-06-28 14:48                   ` Catalin Marinas
2018-06-28 14:48                   ` Catalin Marinas
2018-06-28 14:48                   ` catalin.marinas
2018-06-28 14:48                   ` Catalin Marinas
2018-06-28 15:28                   ` Luc Van Oostenryck
2018-06-28 15:28                     ` Luc Van Oostenryck
2018-06-28 15:28                     ` Luc Van Oostenryck
2018-06-28 15:28                     ` Luc Van Oostenryck
2018-06-28 15:28                     ` Luc Van Oostenryck
2018-06-28 15:28                     ` luc.vanoostenryck
2018-06-28 15:28                     ` Luc Van Oostenryck
2018-06-29 15:27                   ` David Laight
2018-06-29 15:27                     ` David Laight
2018-06-29 15:27                     ` David Laight
2018-06-29 15:27                     ` David Laight
2018-06-29 15:27                     ` David Laight
2018-06-29 15:27                     ` David.Laight
2018-06-29 15:27                     ` David Laight
2018-06-28 23:21               ` [PATCH] sparse: stricter warning for explicit cast to ulong Luc Van Oostenryck
2018-06-28 23:21                 ` Luc Van Oostenryck
2018-06-28 23:21                 ` Luc Van Oostenryck
2018-06-28 23:21                 ` Luc Van Oostenryck
2018-06-28 23:21                 ` luc.vanoostenryck
2018-06-28 23:21                 ` Luc Van Oostenryck
2018-06-28 23:21                 ` Luc Van Oostenryck
2018-06-28 19:30       ` [PATCH v4 0/7] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-06-28 19:30         ` Andrey Konovalov
2018-06-28 19:30         ` Andrey Konovalov
2018-06-28 19:30         ` Andrey Konovalov
2018-06-28 19:30         ` andreyknvl
2018-06-28 19:30         ` Andrey Konovalov
2018-06-29 15:19         ` Andrey Konovalov
2018-06-29 15:19           ` Andrey Konovalov
2018-06-29 15:19           ` Andrey Konovalov
2018-06-29 15:19           ` Andrey Konovalov
2018-06-29 15:19           ` andreyknvl
2018-06-29 15:19           ` Andrey Konovalov
2018-06-29 15:20           ` Andrey Konovalov
2018-06-29 15:20             ` Andrey Konovalov
2018-06-29 15:20             ` Andrey Konovalov
2018-06-29 15:20             ` Andrey Konovalov
2018-06-29 15:20             ` andreyknvl
2018-06-29 15:20             ` Andrey Konovalov
2018-07-16 11:25         ` Andrey Konovalov
2018-07-16 11:25           ` Andrey Konovalov
2018-07-16 11:25           ` Andrey Konovalov
2018-07-16 11:25           ` Andrey Konovalov
2018-07-16 11:25           ` andreyknvl
2018-07-16 11:25           ` Andrey Konovalov
2018-07-31 13:23           ` Andrey Konovalov
2018-07-31 13:23             ` Andrey Konovalov
2018-07-31 13:23             ` Andrey Konovalov
2018-07-31 13:23             ` Andrey Konovalov
2018-07-31 13:23             ` andreyknvl
2018-07-31 13:23             ` Andrey Konovalov
2018-08-01 17:42           ` Catalin Marinas
2018-08-01 17:42             ` Catalin Marinas
2018-08-01 17:42             ` Catalin Marinas
2018-08-01 17:42             ` Catalin Marinas
2018-08-01 17:42             ` catalin.marinas
2018-08-01 17:42             ` Catalin Marinas
2018-08-02 15:00             ` Andrey Konovalov
2018-08-02 15:00               ` Andrey Konovalov
2018-08-02 15:00               ` Andrey Konovalov
2018-08-02 15:00               ` Andrey Konovalov
2018-08-02 15:00               ` andreyknvl
2018-08-02 15:00               ` Andrey Konovalov
2018-08-03 14:59               ` Andrey Konovalov
2018-08-03 14:59                 ` Andrey Konovalov
2018-08-03 14:59                 ` Andrey Konovalov
2018-08-03 14:59                 ` Andrey Konovalov
2018-08-03 14:59                 ` andreyknvl
2018-08-03 14:59                 ` Andrey Konovalov
2018-08-03 15:09                 ` Greg Kroah-Hartman
2018-08-03 15:09                   ` Greg Kroah-Hartman
2018-08-03 15:09                   ` Greg Kroah-Hartman
2018-08-03 15:09                   ` Greg Kroah-Hartman
2018-08-03 15:09                   ` gregkh
2018-08-03 15:09                   ` Greg Kroah-Hartman
2018-08-03 16:43                   ` Matthew Wilcox
2018-08-03 16:43                     ` Matthew Wilcox
2018-08-03 16:43                     ` Matthew Wilcox
2018-08-03 16:43                     ` Matthew Wilcox
2018-08-03 16:43                     ` willy
2018-08-03 16:43                     ` Matthew Wilcox
2018-08-03 16:54                     ` Andrey Konovalov
2018-08-03 16:54                       ` Andrey Konovalov
2018-08-03 16:54                       ` Andrey Konovalov
2018-08-03 16:54                       ` Andrey Konovalov
2018-08-03 16:54                       ` andreyknvl
2018-08-03 16:54                       ` Andrey Konovalov
2018-08-06 19:12                   ` Luc Van Oostenryck
2018-08-06 19:12                     ` Luc Van Oostenryck
2018-08-06 19:12                     ` Luc Van Oostenryck
2018-08-06 19:12                     ` Luc Van Oostenryck
2018-08-06 19:12                     ` luc.vanoostenryck
2018-08-06 19:12                     ` Luc Van Oostenryck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0cef1643-a523-98e7-95e2-9ec595137642@arm.com \
    --to=ramana.radhakrishnan@arm.com \
    --cc=Catalin.Marinas@arm.com \
    --cc=Jacob.Bramley@arm.com \
    --cc=Lee.Smith@arm.com \
    --cc=Mark.Rutland@arm.com \
    --cc=Robin.Murphy@arm.com \
    --cc=Ruben.Ayrapetyan@arm.com \
    --cc=Will.Deacon@arm.com \
    --cc=akpm@linux-foundation.org \
    --cc=andreyknvl@google.com \
    --cc=cpandya@codeaurora.org \
    --cc=dvyukov@google.com \
    --cc=eugenis@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kcc@google.com \
    --cc=keescook@chromium.org \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kstewart@linuxfoundation.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mingo@kernel.org \
    --cc=nd@arm.com \
    --cc=shuah@kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    --subject='Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.