From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.3 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E42F5C34047 for ; Wed, 19 Feb 2020 12:18:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 968AA206EF for ; Wed, 19 Feb 2020 12:18:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XerOxm05" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 968AA206EF Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 05A9D6B0007; Wed, 19 Feb 2020 07:18:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 00B316B0008; Wed, 19 Feb 2020 07:18:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E3BEE6B000A; Wed, 19 Feb 2020 07:18:57 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0251.hostedemail.com [216.40.44.251]) by kanga.kvack.org (Postfix) with ESMTP id C89566B0007 for ; Wed, 19 Feb 2020 07:18:57 -0500 (EST) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 74DC72C2A for ; Wed, 19 Feb 2020 12:18:57 +0000 (UTC) X-FDA: 76506780714.02.crook57_6b4434cd74529 X-HE-Tag: crook57_6b4434cd74529 X-Filterd-Recvd-Size: 6528 Received: from mail-pl1-f196.google.com (mail-pl1-f196.google.com [209.85.214.196]) by imf01.hostedemail.com (Postfix) with ESMTP for ; Wed, 19 Feb 2020 12:18:56 +0000 (UTC) Received: by mail-pl1-f196.google.com with SMTP id b22so802pls.12 for ; Wed, 19 Feb 2020 04:18:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=w3P9TdBjFh0vATkgitLWzvzr6wzTEMeglnTFjOVQk1I=; b=XerOxm05Ox54idaV/ojpa+K64U4Ude9W3bd91UbCClypYPfo7nYltMf4Vxx7wmh/jh rhE5IFQCHvBGufUyG76zEfBLuxfhCOr2x2MLX4HX3oOK/5lkxX1OKvN1eQBZdVfxjFwC cTS7yPv9EkIGyqd23njgAUV3rSETJNXURwEzqyEwivJ9wSWTlhmSggw2pQyOC+/zgreu pp0frEdCcOHneTIZtMpqgKa0NKq8gWu3Jhn8vHkC0D9hM0IIlWhCbBciem3awRct3arw P2f9PPW8hJnscmwnnVk8fnzZZQ7y+tNTwuHlHeHK6ftoH2878zg4VCwH5Z8vSHSSd2dz Lb2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=w3P9TdBjFh0vATkgitLWzvzr6wzTEMeglnTFjOVQk1I=; b=CKgwcNPWPRtc5QOgKH3mZxv/Y119/6aalFicgxrnK6wvrbqS2xx4ur+LMEO+W9+S7Z RPJe0Q0aNVD3Id79Wdt566U5Pw6pMSLfAxQxIAJRZwoRc5yMt0+PldyGjCmFr1HkrZfn KhsCHNj09vtpKZwU+t1MpRuRrTFbB2y3q+Y4rsjSVJxpuPIYXXkx9sNd25QukumZZ8Gh PLV7mkT3kCO080PL8YGIYt8/agUbGymHUV3Iw7H2cuDyvxJpJ45nHGqWPlDPxz4/oLf8 ftEGbhxR6Ych/ep8kDA9LoQJsSSofLwZGrmfE+siL7SReldSVk56vjBbJWeUEQmAH8KS 7Qow== X-Gm-Message-State: APjAAAWR/prQvagsYGAvOzhXn+SrT/AzFKWrVKTHJ/1SqyhMqf0Q/RM3 pEeR/LE/Xyk/zvHWap+JyfI3DePAQwfcROVKoUDdNQ== X-Google-Smtp-Source: APXvYqyW05FD/DL2/IoTnDevuDn+1c13YIyPNoh/rgaR5TH6AObZA4byaPNdHLew5ygfRbzqFij/FB9O/YlOBxLQPD4= X-Received: by 2002:a17:902:8486:: with SMTP id c6mr26696192plo.147.1582114735626; Wed, 19 Feb 2020 04:18:55 -0800 (PST) MIME-Version: 1.0 References: <20200218122310.72710-1-catalin.marinas@arm.com> In-Reply-To: <20200218122310.72710-1-catalin.marinas@arm.com> From: Andrey Konovalov Date: Wed, 19 Feb 2020 13:18:44 +0100 Message-ID: Subject: Re: [PATCH] mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() To: Catalin Marinas Cc: Linux Memory Management List , Linux ARM , Szabolcs Nagy , Will Deacon , Andrew Morton , Florian Weimer , Victor Stinner , Evgenii Stepanov Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Feb 18, 2020 at 1:23 PM Catalin Marinas wrote: > > Currently the arm64 kernel ignores the top address byte passed to brk(), > mmap() and mremap(). When the user is not aware of the 56-bit address > limit or relies on the kernel to return an error, untagging such > pointers has the potential to create address aliases in user-space. > Passing a tagged address to munmap(), madvise() is permitted since the > tagged pointer is expected to be inside an existing mapping. > > Remove untagging in the above functions by partially reverting commit > ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In > addition, update the arm64 tagged-address-abi.rst document accordingly. > > Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk") > Cc: # 5.4.x- > Cc: Andrey Konovalov > Cc: Will Deacon > Cc: Andrew Morton > Cc: Florian Weimer > Reported-by: Victor Stinner > Signed-off-by: Catalin Marinas Acked-by: Andrey Konovalov > --- > Documentation/arm64/tagged-address-abi.rst | 7 +++++-- > mm/mmap.c | 4 ---- > mm/mremap.c | 1 - > 3 files changed, 5 insertions(+), 7 deletions(-) > > diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst > index d4a85d535bf9..1771a8b5712e 100644 > --- a/Documentation/arm64/tagged-address-abi.rst > +++ b/Documentation/arm64/tagged-address-abi.rst > @@ -44,8 +44,11 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending > how the user addresses are used by the kernel: > > 1. User addresses not accessed by the kernel but used for address space > - management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use > - of valid tagged pointers in this context is always allowed. > + management (e.g. ``mprotect()``, ``madvise()``). The use of valid > + tagged pointers in this context is allowed with the exception of > + ``brk()``, ``mmap()`` and the ``new_address`` argument to > + ``mremap()`` as these have the potential of aliasing with existing > + user addresses. > > 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI > relaxation is disabled by default and the application thread needs to > diff --git a/mm/mmap.c b/mm/mmap.c > index 6756b8bb0033..d681a20eb4ea 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) > bool downgraded = false; > LIST_HEAD(uf); > > - brk = untagged_addr(brk); > - > if (down_write_killable(&mm->mmap_sem)) > return -EINTR; > > @@ -1557,8 +1555,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, > struct file *file = NULL; > unsigned long retval; > > - addr = untagged_addr(addr); > - > if (!(flags & MAP_ANONYMOUS)) { > audit_mmap_fd(fd, flags); > file = fget(fd); > diff --git a/mm/mremap.c b/mm/mremap.c > index 122938dcec15..af363063ea23 100644 > --- a/mm/mremap.c > +++ b/mm/mremap.c > @@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, > LIST_HEAD(uf_unmap); > > addr = untagged_addr(addr); > - new_addr = untagged_addr(new_addr); > > if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) > return ret;