From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.7 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC728C31E48 for ; Wed, 12 Jun 2019 14:28:34 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8F28821019 for ; Wed, 12 Jun 2019 14:28:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="o8K6qM1w" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8F28821019 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Reply-To:Content-ID:Content-Description :Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=DqazYoDsY8kGlXRu8JInm4/KvsQOeFaD58gn0EhUUSY=; b=o8K6qM1wROZ/+S 6Om0MFyZtCZTnXjV0i1XiLUswlpQglusVEMTV27Oz8I8YMaMNo7QjmpvEh0Doq3CSLnHcdDGgjEpO ZXNkcj1cFzqSgywyx9WP1KK2NpjJzY5TurJjM2IT3Xvp3r1zhzWyAB707MU4fnQjgUtzmGsLCOWP0 JvnvEKx/tmyBi+IFnCXN8zRZTDNI6rjpIc6pIqXEEQ2vvghauFiIrjLtmh3QCxEBJz0kBySz0AqDZ r10sh+hS8as3eh6xF1KLYoXugOVxBrGTi+4cNDNvVAqSQmCr2QjFAXLOpd3qxV+ol5PlMAZ1wxrpE GBlAE+FM4nKdNcMRSO9g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hb4Er-0006Lo-5m; Wed, 12 Jun 2019 14:28:33 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hb4DR-0005Gq-79 for linux-arm-kernel@lists.infradead.org; Wed, 12 Jun 2019 14:27:07 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A1BAA2B; Wed, 12 Jun 2019 07:27:04 -0700 (PDT) Received: from [10.1.196.72] (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3DCE73F557; Wed, 12 Jun 2019 07:26:59 -0700 (PDT) Subject: Re: [PATCH v17 01/15] arm64: untag user pointers in access_ok and __uaccess_mask_ptr To: Andrey Konovalov , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-rdma@vger.kernel.org, linux-media@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org References: <9ed583c1a3acf014987e3aef12249506c1c69146.1560339705.git.andreyknvl@google.com> From: Vincenzo Frascino Message-ID: <52e93b24-3302-e890-5799-6502042ea5c9@arm.com> Date: Wed, 12 Jun 2019 15:26:58 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <9ed583c1a3acf014987e3aef12249506c1c69146.1560339705.git.andreyknvl@google.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190612_072705_395957_23808FE8 X-CRM114-Status: GOOD ( 23.44 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Szabolcs Nagy , Catalin Marinas , Will Deacon , Kostya Serebryany , Khalid Aziz , Felix Kuehling , Jacob Bramley , Leon Romanovsky , Christoph Hellwig , Jason Gunthorpe , Dave Martin , Evgeniy Stepanov , Kevin Brodsky , Kees Cook , Ruben Ayrapetyan , Ramana Radhakrishnan , Alex Williamson , Mauro Carvalho Chehab , Dmitry Vyukov , Greg Kroah-Hartman , Yishai Hadas , Jens Wiklander , Lee Smith , Alexander Deucher , Andrew Morton , enh , Robin Murphy , Christian Koenig , Luc Van Oostenryck Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 12/06/2019 12:43, Andrey Konovalov wrote: > This patch is a part of a series that extends arm64 kernel ABI to allow to > pass tagged user pointers (with the top byte set to something else other > than 0x00) as syscall arguments. > > copy_from_user (and a few other similar functions) are used to copy data > from user memory into the kernel memory or vice versa. Since a user can > provided a tagged pointer to one of the syscalls that use copy_from_user, > we need to correctly handle such pointers. > > Do this by untagging user pointers in access_ok and in __uaccess_mask_ptr, > before performing access validity checks. > > Note, that this patch only temporarily untags the pointers to perform the > checks, but then passes them as is into the kernel internals. > > Reviewed-by: Kees Cook > Reviewed-by: Catalin Marinas > Signed-off-by: Andrey Konovalov Reviewed-by: Vincenzo Frascino > --- > arch/arm64/include/asm/uaccess.h | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h > index e5d5f31c6d36..df729afca0ba 100644 > --- a/arch/arm64/include/asm/uaccess.h > +++ b/arch/arm64/include/asm/uaccess.h > @@ -73,6 +73,8 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si > { > unsigned long ret, limit = current_thread_info()->addr_limit; > > + addr = untagged_addr(addr); > + > __chk_user_ptr(addr); > asm volatile( > // A + B <= C + 1 for all A,B,C, in four easy steps: > @@ -226,7 +228,8 @@ static inline void uaccess_enable_not_uao(void) > > /* > * Sanitise a uaccess pointer such that it becomes NULL if above the > - * current addr_limit. > + * current addr_limit. In case the pointer is tagged (has the top byte set), > + * untag the pointer before checking. > */ > #define uaccess_mask_ptr(ptr) (__typeof__(ptr))__uaccess_mask_ptr(ptr) > static inline void __user *__uaccess_mask_ptr(const void __user *ptr) > @@ -234,10 +237,11 @@ static inline void __user *__uaccess_mask_ptr(const void __user *ptr) > void __user *safe_ptr; > > asm volatile( > - " bics xzr, %1, %2\n" > + " bics xzr, %3, %2\n" > " csel %0, %1, xzr, eq\n" > : "=&r" (safe_ptr) > - : "r" (ptr), "r" (current_thread_info()->addr_limit) > + : "r" (ptr), "r" (current_thread_info()->addr_limit), > + "r" (untagged_addr(ptr)) > : "cc"); > > csdb(); > -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel