linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andrey Konovalov <andreyknvl@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
	Kate Stewart <kstewart@linuxfoundation.org>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
	Will Deacon <will.deacon@arm.com>,
	Kostya Serebryany <kcc@google.com>,
	"open list:KERNEL SELFTEST FRAMEWORK" 
	<linux-kselftest@vger.kernel.org>,
	Chintan Pandya <cpandya@codeaurora.org>,
	Shuah Khan <shuah@kernel.org>, Ingo Molnar <mingo@kernel.org>,
	linux-arch <linux-arch@vger.kernel.org>,
	Jacob Bramley <Jacob.Bramley@arm.com>,
	linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
	Evgenii Stepanov <eugenis@google.com>,
	Kees Cook <keescook@chromium.org>,
	Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
	Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
	Robin Murphy <robin.murphy@arm.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Dmitry Vyukov <dvyukov@google.com>, linux-mm <linux-mm@kvack.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Lee Smith <Lee.Smith@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse
Date: Tue, 2 Oct 2018 15:19:57 +0200	[thread overview]
Message-ID: <CAAeHK+xK2Nb6J6YbvUJdXaZoecB0GS2UyY6pgGwrfCoOQJ34xg@mail.gmail.com> (raw)
In-Reply-To: <20180928175013.GC193149@arrakis.emea.arm.com>

On Fri, Sep 28, 2018 at 7:50 PM, Catalin Marinas
<catalin.marinas@arm.com> wrote:
> On Mon, Sep 17, 2018 at 07:01:00PM +0200, Andrey Konovalov wrote:

>> Looking at patch #8 ("usb, arm64: untag user addresses in devio") in
>> this series, it seems that that devio ioctl actually accepts a pointer
>> into a vma, so we shouldn't actually be untagging its argument and the
>> patch needs to be dropped.
>
> You are right, the pointer seems to have originated from the kernel as
> already untagged (mmap() on the driver), so we would expect the user to
> pass it back an untagged pointer.

OK, dropped this patch in v7.

>> As for case 1, the places where pointers are compared with TASK_SIZE
>> and others can be found with grep. Maybe it makes sense to introduce
>> some kind of routine like is_user_pointer() that handles tagged
>> pointers and refactor the existing code to use it? And maybe add a
>> rule to checkpatch.pl that forbids the direct usage of TASK_SIZE and
>> others.
>>
>> So I think detecting direct comparisons with TASK_SIZE and others
>> would more useful than finding __user pointer casts (it seems that the
>> latter requires a lot of annotations to be fixed/added), and I should
>> just drop this patch with annotations.
>
> I think point (1) is not too bad, usually found with grep.
>
> As I've said in my previous reply, I kind of came to the same conclusion
> that searching __user pointer casts to long may not actually scale. If
> we could add an __untagged annotation to ulong where it matters (e.g.
> find_vma()), we could identify a ulong (default tagged) and annotate
> some of those.
>
> However, this analysis on __user * casting was useful even if we don't
> end up using it. If we come up with a clearer definition of the ABI
> (which syscalls accept tagged pointers), we may conclude that the only
> places where untagging matters are a few find_vma() calls in the arch
> and mm code and can ignore the rest.

So what exactly should I do now?

For now I've posted v7 with the sparse annotation patch dropped (to
have the most up-do-date version posted).

  reply	other threads:[~2018-10-02 13:20 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-30 11:41 [PATCH v6 00/11] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 01/11] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 02/11] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 03/11] arm64: untag user addresses in access_ok and __uaccess_mask_ptr Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 04/11] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 05/11] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 06/11] arm64: untag user address in __do_user_fault Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 07/11] fs, arm64: untag user address in copy_mount_options Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 08/11] usb, arm64: untag user addresses in devio Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 09/11] arm64: update Documentation/arm64/tagged-pointers.txt Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 10/11] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse Andrey Konovalov
2018-08-31  8:11   ` Luc Van Oostenryck
2018-08-31 13:42     ` Al Viro
2018-09-03 12:34       ` Andrey Konovalov
2018-09-03 13:49         ` Vincenzo Frascino
2018-09-03 15:10           ` Luc Van Oostenryck
2018-09-04 11:27             ` Vincenzo Frascino
2018-09-05 19:03               ` Luc Van Oostenryck
2018-09-06 14:13                 ` Vincenzo Frascino
2018-09-06 20:10                   ` Luc Van Oostenryck
2018-09-03 13:56         ` Al Viro
2018-09-06 21:13   ` Linus Torvalds
2018-09-06 21:16     ` Linus Torvalds
2018-09-06 23:08       ` Luc Van Oostenryck
2018-09-07 15:26       ` Catalin Marinas
2018-09-07 16:30         ` Linus Torvalds
2018-09-11 16:41           ` Catalin Marinas
2018-09-17 17:01             ` Andrey Konovalov
2018-09-24 15:04               ` Andrey Konovalov
2018-09-28 17:50               ` Catalin Marinas
2018-10-02 13:19                 ` Andrey Konovalov [this message]
2018-09-14  1:25   ` [LKP] [arm64] 7b5b51e7b3: kvm-unit-tests.rmap_chain.fail kernel test robot
2018-08-30 11:48 ` [PATCH v6 00/11] arm64: untag user pointers passed to the kernel Andrey Konovalov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAeHK+xK2Nb6J6YbvUJdXaZoecB0GS2UyY6pgGwrfCoOQJ34xg@mail.gmail.com \
    --to=andreyknvl@google.com \
    --cc=Jacob.Bramley@arm.com \
    --cc=Lee.Smith@arm.com \
    --cc=Ramana.Radhakrishnan@arm.com \
    --cc=Ruben.Ayrapetyan@arm.com \
    --cc=akpm@linux-foundation.org \
    --cc=catalin.marinas@arm.com \
    --cc=cpandya@codeaurora.org \
    --cc=dvyukov@google.com \
    --cc=eugenis@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=kcc@google.com \
    --cc=keescook@chromium.org \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kstewart@linuxfoundation.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mark.rutland@arm.com \
    --cc=mingo@kernel.org \
    --cc=robin.murphy@arm.com \
    --cc=shuah@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=will.deacon@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).