Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp907480imm; Wed, 20 Jun 2018 08:28:31 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJhBkGLUMuCZF1txn9qlHEwEjW23ut85LNgxng2mMRGRR4xISciAtANf4W7IbIqVbsAsjtu X-Received: by 2002:a63:aa4c:: with SMTP id x12-v6mr18694488pgo.387.1529508511318; Wed, 20 Jun 2018 08:28:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529508511; cv=none; d=google.com; s=arc-20160816; b=cmEGgwM/yfmf0o5DzDLPqAW/WkuX4JYsM04IVhZmIpSkmKews4aJqmn15o+FMByr2d 4ggrt2Kc9+a0Ft3AHvJ/86lNqWKVfWhhD5fvZrNzQBorxNTq/NJbdQmW42VJASihy9en jVrsMjT5e5PP37slmuI50LAzpp2EBoV2I6O66b/Sf4h96hoaXyTSVFCsDL9rHj9qRa9B uQGV2BhtnGM5Reeds1PNexCRH2laqOiBbdBIbqCI4CiiBJL51hu10Z3s4OE4s2NemyZw h6EbhnLubLcO3dMX0JEHpYD+dJCMdXTYF4pKvst/PDHTd7eS/0EzyGwsE7gP4XoSb6vJ SzUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=okiTSK1tdrD6CxI+XnDS0dRhQiJPuer6SaivSONRTCE=; b=WbcricaVskjeXpXe33eH4745TnYT1x6ZX1I90+aLDHvy/2DD8yanMPTqlkRJ/VMqiL 1MI2peC8ru0iu9VaEFGblgZUxRW6lS2v1Hs4mPiwuvIORSwH5nkSMB0kzsIJ+mQFUrVQ PGwlNT+B1n2fGWVreZ8PiPRMfz+O7lWo9B7+ywBRWeoXYfP9OEmnlinihnR1JStSma4W Wyt3toLOx2hrMK3dOGKcebgNO1LRnt/owH+eqMJ3xJjMn3JMd96lWzrvEBDcFb/SX24Z tD+3eI3Je8SNPZl+MELD67xuxLJnI1m34fbZ2xrvks21OQyX+lgcvmHmPrrfj2wwW/Xo VeVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wAkXY1rj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l4-v6si2530635plb.213.2018.06.20.08.28.16; Wed, 20 Jun 2018 08:28:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wAkXY1rj; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932082AbeFTPYg (ORCPT + 99 others); Wed, 20 Jun 2018 11:24:36 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:38941 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753938AbeFTPYb (ORCPT ); Wed, 20 Jun 2018 11:24:31 -0400 Received: by mail-wr0-f193.google.com with SMTP id w7-v6so3730121wrn.6 for ; Wed, 20 Jun 2018 08:24:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=okiTSK1tdrD6CxI+XnDS0dRhQiJPuer6SaivSONRTCE=; b=wAkXY1rjeaSfKbTo0Fum9wsLODSwsEgrk0pDhSDejSI5AsqkzbqODUJgbynZFECj1h jRPDhd8j95hcADElXXMWCDwu9o9cZ8oymkItZbSXeoN638cCxyuhlnJ17JUo0iJa8uwG fI2Xde95xX8XXVl1dQMu0N/jI0F3Kym89rOFv69I3gGu1nY3L7veIPDCxDtlErufvzbN vr2ffmx/chvGAaBjRbBdQCEo6BBQn9pjVhWEtnEk5TflJo4IyUbKJccSCRqw25cfQqzO Zb3QA/pmbkeNum7VPxh19o6M8E8uMUbXe0vFafFfg8ndf2O9LDQ669AOFl9HgjuEWW9Z 60lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=okiTSK1tdrD6CxI+XnDS0dRhQiJPuer6SaivSONRTCE=; b=Z1AWiEE0133thZSYCxrU4+6Wsl2Ma5df0yvAAgZYdHHqK+F5iNsUbLHY/R1l436eLy WfzvXBngLKOeL5MyWfGDWPACHJILlnnRO8CfiikKAFcSAmKWN33aVghF0aXtQeQ/prFM rurtrzV5UDxOMvFAl4YbwwNqvZCCWOiGtvUAlMxMPLg1YZCSg38W7C6XDmHyyUq8cQmY D8+BthTR3DwQ25pIZ6OqdCHk96EcN6tuXYUTPNLKGOGSfS/YzkN7sOadXisn+u/MW6RW ZpnpIamvVL6U9Z8Dbr+t3wd/qy+krKGJO2XiPHqcGhgqMnN5qySv3zMRzKcLfxihQU2y hl2w== X-Gm-Message-State: APt69E2+69CTQOMJjhOWGpgUxPHhwc3jM1qBNeIf9Qq5r6UezSd/zMzL oKfji4+mLccCWOMMNltlLW3bsA== X-Received: by 2002:adf:ebc3:: with SMTP id v3-v6mr18085294wrn.33.1529508270029; Wed, 20 Jun 2018 08:24:30 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([2a00:79e0:15:10:84be:a42a:826d:c530]) by smtp.gmail.com with ESMTPSA id c11-v6sm3959244wrm.65.2018.06.20.08.24.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Jun 2018 08:24:29 -0700 (PDT) From: Andrey Konovalov To: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya Subject: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel Date: Wed, 20 Jun 2018 17:24:19 +0200 Message-Id: X-Mailer: git-send-email 2.18.0.rc1.244.gcf134e6275-goog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. We're not trying to cover all possible ways the kernel accepts user pointers in one patchset, so this one should be considered as a start. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped “mm, arm64: untag user addresses in memory syscalls”. - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (7): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: update Documentation/arm64/tagged-pointers.txt selftests, arm64: add a selftest for passing tagged pointers to kernel Documentation/arm64/tagged-pointers.txt | 5 +++-- arch/arm64/include/asm/uaccess.h | 14 +++++++++----- include/linux/uaccess.h | 4 ++++ lib/strncpy_from_user.c | 2 ++ lib/strnlen_user.c | 2 ++ mm/gup.c | 4 ++++ tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 +++++++++++ .../testing/selftests/arm64/run_tags_test.sh | 12 ++++++++++++ tools/testing/selftests/arm64/tags_test.c | 19 +++++++++++++++++++ 10 files changed, 67 insertions(+), 7 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.18.0.rc1.244.gcf134e6275-goog