Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1104897imm; Fri, 29 Jun 2018 11:26:54 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfTL1wek1OQQq1TdDo2dJM+RsouOZBpTcg5VFduAkqr1Ihop1zMsQj+5XwG13i//eXA5iXL X-Received: by 2002:a62:b29c:: with SMTP id z28-v6mr10759630pfl.8.1530296814608; Fri, 29 Jun 2018 11:26:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530296814; cv=none; d=google.com; s=arc-20160816; b=oy4bQIlXAvQqWaPPTfRudm5iZ5eGCrnQh/74vzA85O9u3W1dX29Am0nrrxq+WyOhAD pSrTpeZjd5Oh/jfya3G+N1eURNuPrB5SuU8thp+LJNS9U0jbeLtlVEVPw5kpU5GRwq8f huVX+W7o2ZdXxY3MoJKixD0WCjLMtGPF8+OdVIeEUZlmXFBkhuszYoOirH2DSjKYJS7e tmarPKqgvzGk8UGlCjr1zsWAtJ0xeVIhsZEEYrcrDaKnISWoFMOiLj5Lk3P2VWcZsBuQ /Gxa4i28mn5V7MkTpq466c96OTDDewTe45kSODwfiZBzXW/jvThrF54p9lVf/fKA2ZpU UbWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=n5dU8dDYoBFRM7eczdVWVhaAjjfQ7BkUWnwJMOWIdY0=; b=rmNDeOykhXP42Q21RaLNSkLa09QEMhI4UckEaIOKpDmuREueyyT/FONFFmP4YqIchY JOctsUOhz0fYFMyMXtYbJziTpSEWMPZyEipVodyd3VxPB2X5pYLoL1HbRHLvJWiHYJwj j5wc45T8tEMpN9wnd+r7eZnpplObT6a+bEVdNOuYgF+IlRxDO3LqF8WpsqGJ/QaFjE0D BaPc9d6LSBWEtKYvqncwT1XUnwjg4mf10+DvNSBjqm1KuZc9m9o6z3TI424S1duTnRqS k8yMMDknUu1qKlr6FW9pLtrCVklJgycL8NyDktEoZSAKGE/xpForCqoIZmqRSSCFyoky VKNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=W7AXN49c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j8-v6si9930819plt.307.2018.06.29.11.26.40; Fri, 29 Jun 2018 11:26:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=W7AXN49c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936446AbeF2PTk (ORCPT + 99 others); Fri, 29 Jun 2018 11:19:40 -0400 Received: from mail-it0-f65.google.com ([209.85.214.65]:36677 "EHLO mail-it0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932296AbeF2PTi (ORCPT ); Fri, 29 Jun 2018 11:19:38 -0400 Received: by mail-it0-f65.google.com with SMTP id j135-v6so3382318itj.1 for ; Fri, 29 Jun 2018 08:19:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=n5dU8dDYoBFRM7eczdVWVhaAjjfQ7BkUWnwJMOWIdY0=; b=W7AXN49cIGz2/GF6ihIIvi948MQqazCya4QC/ybKmn+0O3Ny3DDkjnNhBTnB5L58nD YaHmZwPQOBJIbtIAPEWyjv/Kt50IlY16BzyRHZ0Yfoj0lsOClsKo26t+JNG6/L0KdM0n GRNI35aBE4l8t+cLAw4Rz81RqQNdW5tM42c0iLNI5b3ucQtdIHi6rnOrtHLzlDAHSZ98 PKL7aAJG090cb855mwQVJpM5XDSQDn2HQyMjJhMt9ghZYUa10c7szRGLmRWH/dLa/9kR ONP6zTd0W3DBT9llfaWKOeQwaVtlwjaJPNTGJRHwfp/wym0xNSral9vbaxxutL1qyotV 1O2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=n5dU8dDYoBFRM7eczdVWVhaAjjfQ7BkUWnwJMOWIdY0=; b=FDfQdNmfy6XFOvISmY5nNKWfvSgxo6Ck1H+Jmc1Kb9QRiJBpjKq6GEH3BOKYg/+Ljo 5urDxcwSeNFk5xsrTl68X8lULaGdTIuISOAn60yfy4EDnTnKUJJ91FywzBxhp80SPoyW bo4ZVZ5kZ67kfOMtQHNX/aD9i7+saQzyEAsmbX5lGlPqjwpacBGAHBnBLxx3wZhr+fOo TjI595LP+kJtud3us/hv7b3aNd2tONYLMs6LW/JzcVoVa7Z/Qgrbai/TD2dRqg4ggN5j VHZgxUT+buI6wxku771mkEkk91cMAWHoTWZG+mUppyZH6TeOI97SAJbVftOzRJabA9ds fkng== X-Gm-Message-State: APt69E2j+eYfnqVHBti3nU6/qAT+Ln4paFoK+8LTNyBcNoJ/7rVGo4Ak NXpWGB3dpHdDt+2tDmYmHkgOQXijB7UsGs4Wb9wNiA== X-Received: by 2002:a24:ca43:: with SMTP id k64-v6mr2303524itg.44.1530285577284; Fri, 29 Jun 2018 08:19:37 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9082:0:0:0:0:0 with HTTP; Fri, 29 Jun 2018 08:19:36 -0700 (PDT) In-Reply-To: References: <20180626172900.ufclp2pfrhwkxjco@armageddon.cambridge.arm.com> From: Andrey Konovalov Date: Fri, 29 Jun 2018 17:19:36 +0200 Message-ID: Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel To: Catalin Marinas Cc: Will Deacon , Mark Rutland , Robin Murphy , Al Viro , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Linux ARM , linux-doc@vger.kernel.org, Linux Memory Management List , linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, LKML , Chintan Pandya , Jacob Bramley , Ruben Ayrapetyan , Lee Smith , Kostya Serebryany , Dmitry Vyukov , Ramana Radhakrishnan , Evgeniy Stepanov Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org a bunch of compat a bunch of ioctl that use ptr to stored ints ipc/shm.c:1355 ipc/shm.c:1566 mm/process_vm_access.c:178:20 mm/process_vm_access.c:180:19 substraction => harmless mm/process_vm_access.c:221:4 ? mm/memory.c:4679:14 should be __user pointer fs/fuse/file.c:1256:9 ? kernel/kthread.c:73:9 ? mm/migrate.c:1586:10 mm/migrate.c:1660:24 lib/iov_iter.c ??? kernel/futex.c:502 uses user addr as key kernel/futex.c:730 gup, fixed lib/strncpy_from_user.c:110:13 fixed? lib/strnlen_user.c:112 fixed? fs/readdir.c:369 ??? On Thu, Jun 28, 2018 at 9:30 PM, Andrey Konovalov wrote: > On Wed, Jun 27, 2018 at 5:05 PM, Andrey Konovalov wrote: >> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas >> wrote: >>> While I support this work, as a maintainer I'd like to understand >>> whether we'd be in a continuous chase of ABI breaks with every kernel >>> release or we have a better way to identify potential issues. Is there >>> any way to statically analyse conversions from __user ptr to long for >>> example? Or, could we get the compiler to do this for us? >> >> >> OK, got it, I'll try to figure out a way to find these conversions. > > I've prototyped a checker on top of clang static analyzer (initially > looked at sparse, but couldn't find any documentation or examples). > The results are here [1], search for "warning: user pointer cast". > Sharing in case anybody wants to take a look, will look at them myself > tomorrow. > > [1] https://gist.github.com/xairy/433edd5c86456a64026247cb2fef2115