From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
Mark Rutland <Mark.Rutland@arm.com>,
Robin Murphy <Robin.Murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Chintan Pandya <cpandya@codeaurora.org>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Evgeniy Stepanov <eugenis@google.com>, nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
Mark Rutland <Mark.Rutland@arm.com>,
Robin Murphy <Robin.Murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Chintan Pandya <cpandya@codeaurora.org>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Evgeniy Stepanov <eugenis@google.com>, nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan at arm.com (Ramana Radhakrishnan)
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas at arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl at google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan@arm.com (Ramana Radhakrishnan)
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
Message-ID: <20180627150809.JyHVqkTU_uucJMslNl-UzYnKN2h1Q9G_RhD_2wTK1nI@z> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018@02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018@5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
Mark Rutland <Mark.Rutland@arm.com>,
Robin Murphy <Robin.Murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>C
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
WARNING: multiple messages have this Message-ID
From: Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>,
Catalin Marinas <Catalin.Marinas@arm.com>
Cc: Will Deacon <Will.Deacon@arm.com>,
Mark Rutland <Mark.Rutland@arm.com>,
Robin Murphy <Robin.Murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Linux Memory Management List <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Chintan Pandya <cpandya@codeaurora.org>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Lee Smith <Lee.Smith@arm.com>, Kostya Serebryany <kcc@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Evgeniy Stepanov <eugenis@google.com>nd <nd@arm.com>
Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
Message-ID: <20180627150809.UNjROcTjtZkz5gUprdDlcUMxdMZV-n4MxBcm4AG-PFg@z> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
WARNING: multiple messages have this Message-ID
From: ramana.radhakrishnan@arm.com (Ramana Radhakrishnan)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel
Date: Wed, 27 Jun 2018 16:08:09 +0100 [thread overview]
Message-ID: <0cef1643-a523-98e7-95e2-9ec595137642@arm.com> (raw)
In-Reply-To: <CAAeHK+yqWKTdTG+ymZ2-5XKiDANV+fmUjnQkRy-5tpgphuLJRA@mail.gmail.com>
On 27/06/2018 16:05, Andrey Konovalov wrote:
> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas
> <catalin.marinas@arm.com> wrote:
>> Hi Andrey,
>>
>> On Tue, Jun 26, 2018 at 02:47:50PM +0200, Andrey Konovalov wrote:
>>> On Wed, Jun 20, 2018 at 5:24 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>>> arm64 has a feature called Top Byte Ignore, which allows to embed pointer
>>>> tags into the top byte of each pointer. Userspace programs (such as
>>>> HWASan, a memory debugging tool [1]) might use this feature and pass
>>>> tagged user pointers to the kernel through syscalls or other interfaces.
>>>>
>>>> This patch makes a few of the kernel interfaces accept tagged user
>>>> pointers. The kernel is already able to handle user faults with tagged
>>>> pointers and has the untagged_addr macro, which this patchset reuses.
>>>>
>>>> We're not trying to cover all possible ways the kernel accepts user
>>>> pointers in one patchset, so this one should be considered as a start.
>>>>
>>>> Thanks!
>>>>
>>>> [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
>>>
>>> Is there anything I should do to move forward with this?
>>>
>>> I've received zero replies to this patch set (v3 and v4) over the last
>>> month.
>>
>> The patches in this series look fine but my concern is that they are not
>> sufficient and we don't have (yet?) a way to identify where such
>> annotations are required. You even say in patch 6 that this is "some
>> initial work for supporting non-zero address tags passed to the kernel".
>> Unfortunately, merging (or relaxing) an ABI without a clear picture is
>> not really feasible.
>>
>> While I support this work, as a maintainer I'd like to understand
>> whether we'd be in a continuous chase of ABI breaks with every kernel
>> release or we have a better way to identify potential issues. Is there
>> any way to statically analyse conversions from __user ptr to long for
>> example? Or, could we get the compiler to do this for us?
>
>
> OK, got it, I'll try to figure out a way to find these conversions.
This sounds like the kind of thing we should be able to get sparse to do
already, no ? It's been many years since I last looked at it but I
thought sparse was the tool of choice in the kernel to do this kind of
checking.
regards
Ramana
>
> Thanks!
>
next prev parent reply other threads:[~2018-06-27 15:08 UTC|newest]
Thread overview: 195+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-20 15:24 Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 1/7] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 2/7] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 3/7] arm64: untag user addresses in access_ok and __uaccess_mask_ptr Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 4/7] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 5/7] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 6/7] arm64: update Documentation/arm64/tagged-pointers.txt Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` [PATCH v4 7/7] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` Andrey Konovalov
2018-06-20 15:24 ` andreyknvl
2018-06-20 15:24 ` Andrey Konovalov
2018-06-26 12:47 ` [PATCH v4 0/7] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-06-26 12:47 ` Andrey Konovalov
2018-06-26 12:47 ` Andrey Konovalov
2018-06-26 12:47 ` andreyknvl
2018-06-26 12:47 ` Andrey Konovalov
2018-06-26 17:29 ` Catalin Marinas
2018-06-26 17:29 ` Catalin Marinas
2018-06-26 17:29 ` Catalin Marinas
2018-06-26 17:29 ` Catalin Marinas
2018-06-26 17:29 ` catalin.marinas
2018-06-26 17:29 ` Catalin Marinas
2018-06-27 15:05 ` Andrey Konovalov
2018-06-27 15:05 ` Andrey Konovalov
2018-06-27 15:05 ` Andrey Konovalov
2018-06-27 15:05 ` Andrey Konovalov
2018-06-27 15:05 ` andreyknvl
2018-06-27 15:05 ` Andrey Konovalov
2018-06-27 15:08 ` Ramana Radhakrishnan [this message]
2018-06-27 15:08 ` Ramana Radhakrishnan
2018-06-27 15:08 ` Ramana Radhakrishnan
2018-06-27 15:08 ` Ramana Radhakrishnan
2018-06-27 15:08 ` Ramana Radhakrishnan
2018-06-27 15:08 ` ramana.radhakrishnan
2018-06-27 15:08 ` Ramana Radhakrishnan
2018-06-27 17:17 ` Catalin Marinas
2018-06-27 17:17 ` Catalin Marinas
2018-06-27 17:17 ` Catalin Marinas
2018-06-27 17:17 ` Catalin Marinas
2018-06-27 17:17 ` Catalin Marinas
2018-06-27 17:17 ` catalin.marinas
2018-06-27 17:17 ` Catalin Marinas
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 6:17 ` luc.vanoostenryck
2018-06-28 6:17 ` Luc Van Oostenryck
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:27 ` catalin.marinas
2018-06-28 10:27 ` Catalin Marinas
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 10:46 ` luc.vanoostenryck
2018-06-28 10:46 ` Luc Van Oostenryck
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 14:48 ` catalin.marinas
2018-06-28 14:48 ` Catalin Marinas
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-28 15:28 ` luc.vanoostenryck
2018-06-28 15:28 ` Luc Van Oostenryck
2018-06-29 15:27 ` David Laight
2018-06-29 15:27 ` David Laight
2018-06-29 15:27 ` David Laight
2018-06-29 15:27 ` David Laight
2018-06-29 15:27 ` David Laight
2018-06-29 15:27 ` David.Laight
2018-06-29 15:27 ` David Laight
2018-06-28 23:21 ` [PATCH] sparse: stricter warning for explicit cast to ulong Luc Van Oostenryck
2018-06-28 23:21 ` Luc Van Oostenryck
2018-06-28 23:21 ` Luc Van Oostenryck
2018-06-28 23:21 ` Luc Van Oostenryck
2018-06-28 23:21 ` luc.vanoostenryck
2018-06-28 23:21 ` Luc Van Oostenryck
2018-06-28 23:21 ` Luc Van Oostenryck
2018-06-28 19:30 ` [PATCH v4 0/7] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-06-28 19:30 ` Andrey Konovalov
2018-06-28 19:30 ` Andrey Konovalov
2018-06-28 19:30 ` Andrey Konovalov
2018-06-28 19:30 ` andreyknvl
2018-06-28 19:30 ` Andrey Konovalov
2018-06-29 15:19 ` Andrey Konovalov
2018-06-29 15:19 ` Andrey Konovalov
2018-06-29 15:19 ` Andrey Konovalov
2018-06-29 15:19 ` Andrey Konovalov
2018-06-29 15:19 ` andreyknvl
2018-06-29 15:19 ` Andrey Konovalov
2018-06-29 15:20 ` Andrey Konovalov
2018-06-29 15:20 ` Andrey Konovalov
2018-06-29 15:20 ` Andrey Konovalov
2018-06-29 15:20 ` Andrey Konovalov
2018-06-29 15:20 ` andreyknvl
2018-06-29 15:20 ` Andrey Konovalov
2018-07-16 11:25 ` Andrey Konovalov
2018-07-16 11:25 ` Andrey Konovalov
2018-07-16 11:25 ` Andrey Konovalov
2018-07-16 11:25 ` Andrey Konovalov
2018-07-16 11:25 ` andreyknvl
2018-07-16 11:25 ` Andrey Konovalov
2018-07-31 13:23 ` Andrey Konovalov
2018-07-31 13:23 ` Andrey Konovalov
2018-07-31 13:23 ` Andrey Konovalov
2018-07-31 13:23 ` Andrey Konovalov
2018-07-31 13:23 ` andreyknvl
2018-07-31 13:23 ` Andrey Konovalov
2018-08-01 17:42 ` Catalin Marinas
2018-08-01 17:42 ` Catalin Marinas
2018-08-01 17:42 ` Catalin Marinas
2018-08-01 17:42 ` Catalin Marinas
2018-08-01 17:42 ` catalin.marinas
2018-08-01 17:42 ` Catalin Marinas
2018-08-02 15:00 ` Andrey Konovalov
2018-08-02 15:00 ` Andrey Konovalov
2018-08-02 15:00 ` Andrey Konovalov
2018-08-02 15:00 ` Andrey Konovalov
2018-08-02 15:00 ` andreyknvl
2018-08-02 15:00 ` Andrey Konovalov
2018-08-03 14:59 ` Andrey Konovalov
2018-08-03 14:59 ` Andrey Konovalov
2018-08-03 14:59 ` Andrey Konovalov
2018-08-03 14:59 ` Andrey Konovalov
2018-08-03 14:59 ` andreyknvl
2018-08-03 14:59 ` Andrey Konovalov
2018-08-03 15:09 ` Greg Kroah-Hartman
2018-08-03 15:09 ` Greg Kroah-Hartman
2018-08-03 15:09 ` Greg Kroah-Hartman
2018-08-03 15:09 ` Greg Kroah-Hartman
2018-08-03 15:09 ` gregkh
2018-08-03 15:09 ` Greg Kroah-Hartman
2018-08-03 16:43 ` Matthew Wilcox
2018-08-03 16:43 ` Matthew Wilcox
2018-08-03 16:43 ` Matthew Wilcox
2018-08-03 16:43 ` Matthew Wilcox
2018-08-03 16:43 ` willy
2018-08-03 16:43 ` Matthew Wilcox
2018-08-03 16:54 ` Andrey Konovalov
2018-08-03 16:54 ` Andrey Konovalov
2018-08-03 16:54 ` Andrey Konovalov
2018-08-03 16:54 ` Andrey Konovalov
2018-08-03 16:54 ` andreyknvl
2018-08-03 16:54 ` Andrey Konovalov
2018-08-06 19:12 ` Luc Van Oostenryck
2018-08-06 19:12 ` Luc Van Oostenryck
2018-08-06 19:12 ` Luc Van Oostenryck
2018-08-06 19:12 ` Luc Van Oostenryck
2018-08-06 19:12 ` luc.vanoostenryck
2018-08-06 19:12 ` Luc Van Oostenryck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0cef1643-a523-98e7-95e2-9ec595137642@arm.com \
--to=ramana.radhakrishnan@arm.com \
--cc=Catalin.Marinas@arm.com \
--cc=Jacob.Bramley@arm.com \
--cc=Lee.Smith@arm.com \
--cc=Mark.Rutland@arm.com \
--cc=Robin.Murphy@arm.com \
--cc=Ruben.Ayrapetyan@arm.com \
--cc=Will.Deacon@arm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=cpandya@codeaurora.org \
--cc=dvyukov@google.com \
--cc=eugenis@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=kcc@google.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@kernel.org \
--cc=nd@arm.com \
--cc=shuah@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--subject='Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.