From: Andrey Konovalov <andreyknvl@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>,
Evgeniy Stepanov <eugenis@google.com>,
Lee Smith <Lee.Smith@arm.com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>,
Chintan Pandya <cpandya@codeaurora.org>,
Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
Andrey Konovalov <andreyknvl@google.com>
Subject: [PATCH v7 6/8] fs, arm64: untag user address in copy_mount_options
Date: Tue, 2 Oct 2018 15:12:41 +0200 [thread overview]
Message-ID: <c16db382982a7c2888e1241a455341118cd63b89.1538485901.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1538485901.git.andreyknvl@google.com>
In copy_mount_options a user address is being subtracted from TASK_SIZE.
If the address is lower than TASK_SIZE, the size is calculated to not
allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
However if the address is tagged, then the size will be calculated
incorrectly.
Untag the address before subtracting.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 99186556f8d3..51f763fb9430 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2672,7 +2672,7 @@ void *copy_mount_options(const void __user * data)
* the remainder of the page.
*/
/* copy_from_user cannot cross TASK_SIZE ! */
- size = TASK_SIZE - (unsigned long)data;
+ size = TASK_SIZE - (unsigned long)untagged_addr(data);
if (size > PAGE_SIZE)
size = PAGE_SIZE;
--
2.19.0.605.g01d371f741-goog
WARNING: multiple messages have this Message-ID (diff)
From: andreyknvl at google.com (Andrey Konovalov)
Subject: [PATCH v7 6/8] fs, arm64: untag user address in copy_mount_options
Date: Tue, 2 Oct 2018 15:12:41 +0200 [thread overview]
Message-ID: <c16db382982a7c2888e1241a455341118cd63b89.1538485901.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1538485901.git.andreyknvl@google.com>
In copy_mount_options a user address is being subtracted from TASK_SIZE.
If the address is lower than TASK_SIZE, the size is calculated to not
allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
However if the address is tagged, then the size will be calculated
incorrectly.
Untag the address before subtracting.
Signed-off-by: Andrey Konovalov <andreyknvl at google.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 99186556f8d3..51f763fb9430 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2672,7 +2672,7 @@ void *copy_mount_options(const void __user * data)
* the remainder of the page.
*/
/* copy_from_user cannot cross TASK_SIZE ! */
- size = TASK_SIZE - (unsigned long)data;
+ size = TASK_SIZE - (unsigned long)untagged_addr(data);
if (size > PAGE_SIZE)
size = PAGE_SIZE;
--
2.19.0.605.g01d371f741-goog
WARNING: multiple messages have this Message-ID (diff)
From: andreyknvl@google.com (Andrey Konovalov)
Subject: [PATCH v7 6/8] fs, arm64: untag user address in copy_mount_options
Date: Tue, 2 Oct 2018 15:12:41 +0200 [thread overview]
Message-ID: <c16db382982a7c2888e1241a455341118cd63b89.1538485901.git.andreyknvl@google.com> (raw)
Message-ID: <20181002131241.2Qty2xwwZZ41Izj1a7a06R8x7SC5jOxLNM-ks09CNUs@z> (raw)
In-Reply-To: <cover.1538485901.git.andreyknvl@google.com>
In copy_mount_options a user address is being subtracted from TASK_SIZE.
If the address is lower than TASK_SIZE, the size is calculated to not
allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
However if the address is tagged, then the size will be calculated
incorrectly.
Untag the address before subtracting.
Signed-off-by: Andrey Konovalov <andreyknvl at google.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 99186556f8d3..51f763fb9430 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2672,7 +2672,7 @@ void *copy_mount_options(const void __user * data)
* the remainder of the page.
*/
/* copy_from_user cannot cross TASK_SIZE ! */
- size = TASK_SIZE - (unsigned long)data;
+ size = TASK_SIZE - (unsigned long)untagged_addr(data);
if (size > PAGE_SIZE)
size = PAGE_SIZE;
--
2.19.0.605.g01d371f741-goog
WARNING: multiple messages have this Message-ID (diff)
From: andreyknvl@google.com (Andrey Konovalov)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v7 6/8] fs, arm64: untag user address in copy_mount_options
Date: Tue, 2 Oct 2018 15:12:41 +0200 [thread overview]
Message-ID: <c16db382982a7c2888e1241a455341118cd63b89.1538485901.git.andreyknvl@google.com> (raw)
In-Reply-To: <cover.1538485901.git.andreyknvl@google.com>
In copy_mount_options a user address is being subtracted from TASK_SIZE.
If the address is lower than TASK_SIZE, the size is calculated to not
allow the exact_copy_from_user() call to cross TASK_SIZE boundary.
However if the address is tagged, then the size will be calculated
incorrectly.
Untag the address before subtracting.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
fs/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 99186556f8d3..51f763fb9430 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2672,7 +2672,7 @@ void *copy_mount_options(const void __user * data)
* the remainder of the page.
*/
/* copy_from_user cannot cross TASK_SIZE ! */
- size = TASK_SIZE - (unsigned long)data;
+ size = TASK_SIZE - (unsigned long)untagged_addr(data);
if (size > PAGE_SIZE)
size = PAGE_SIZE;
--
2.19.0.605.g01d371f741-goog
next prev parent reply other threads:[~2018-10-02 13:13 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-02 13:12 [PATCH v7 0/8] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 1/8] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 2/8] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 3/8] arm64: untag user addresses in access_ok and __uaccess_mask_ptr Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 4/8] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 5/8] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` Andrey Konovalov [this message]
2018-10-02 13:12 ` [PATCH v7 6/8] fs, arm64: untag user address in copy_mount_options Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-02 13:12 ` [PATCH v7 7/8] arm64: update Documentation/arm64/tagged-pointers.txt Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-03 17:32 ` Catalin Marinas
2018-10-03 17:32 ` Catalin Marinas
2018-10-03 17:32 ` Catalin Marinas
2018-10-03 17:32 ` Catalin Marinas
2018-10-03 17:32 ` catalin.marinas
2018-10-10 14:09 ` Andrey Konovalov
2018-10-10 14:09 ` Andrey Konovalov
2018-10-10 14:09 ` Andrey Konovalov
2018-10-10 14:09 ` Andrey Konovalov
2018-10-10 14:09 ` Andrey Konovalov
2018-10-10 14:09 ` andreyknvl
2018-10-18 17:31 ` Catalin Marinas
2018-10-18 17:31 ` Catalin Marinas
2018-10-18 17:31 ` Catalin Marinas
2018-10-18 17:31 ` Catalin Marinas
2018-10-18 17:31 ` Catalin Marinas
2018-10-18 17:31 ` catalin.marinas
2018-10-02 13:12 ` [PATCH v7 8/8] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` Andrey Konovalov
2018-10-02 13:12 ` andreyknvl
2018-10-03 13:31 ` [PATCH v7 0/8] arm64: untag user pointers passed to the kernel Luc Van Oostenryck
2018-10-03 13:31 ` Luc Van Oostenryck
2018-10-03 13:31 ` Luc Van Oostenryck
2018-10-03 13:31 ` Luc Van Oostenryck
2018-10-03 13:31 ` luc.vanoostenryck
2018-10-17 14:06 ` Vincenzo Frascino
2018-10-17 14:06 ` Vincenzo Frascino
2018-10-17 14:06 ` Vincenzo Frascino
2018-10-17 14:06 ` vincenzo.frascino
2018-10-17 14:20 ` Andrey Konovalov
2018-10-17 14:20 ` Andrey Konovalov
2018-10-17 14:20 ` Andrey Konovalov
2018-10-17 14:20 ` Andrey Konovalov
2018-10-17 14:20 ` Andrey Konovalov
2018-10-17 14:20 ` andreyknvl
2018-10-17 20:25 ` Evgenii Stepanov
2018-10-17 20:25 ` Evgenii Stepanov
2018-10-17 20:25 ` Evgenii Stepanov
2018-10-17 20:25 ` Evgenii Stepanov
2018-10-17 20:25 ` Evgenii Stepanov
2018-10-17 20:25 ` eugenis
2018-10-18 17:33 ` Catalin Marinas
2018-10-18 17:33 ` Catalin Marinas
2018-10-18 17:33 ` Catalin Marinas
2018-10-18 17:33 ` Catalin Marinas
2018-10-18 17:33 ` Catalin Marinas
2018-10-18 17:33 ` catalin.marinas
2018-10-19 9:04 ` Vincenzo Frascino
2018-10-19 9:04 ` Vincenzo Frascino
2018-10-19 9:04 ` Vincenzo Frascino
2018-10-19 9:04 ` Vincenzo Frascino
2018-10-19 9:04 ` Vincenzo Frascino
2018-10-19 9:04 ` vincenzo.frascino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c16db382982a7c2888e1241a455341118cd63b89.1538485901.git.andreyknvl@google.com \
--to=andreyknvl@google.com \
--cc=Jacob.Bramley@arm.com \
--cc=Lee.Smith@arm.com \
--cc=Ramana.Radhakrishnan@arm.com \
--cc=Ruben.Ayrapetyan@arm.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=cpandya@codeaurora.org \
--cc=dvyukov@google.com \
--cc=eugenis@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=kcc@google.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luc.vanoostenryck@gmail.com \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.