Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2216931imm; Thu, 2 Aug 2018 08:02:38 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcIHrd+rNV14/Xwnbqt2UK/S/U63+EvvSc0Y2+52Saj7dS2UrPgm6NLm+4jRpSUMjv0CZoP X-Received: by 2002:a63:d518:: with SMTP id c24-v6mr3172421pgg.357.1533222158739; Thu, 02 Aug 2018 08:02:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533222158; cv=none; d=google.com; s=arc-20160816; b=eYwRS5hxES84WXLmQ3IFMnlYSdplR25w3cWbXiy2YBCyMAaF5VxY/d0zoVCTHk7xPS RpJImZcOhV8BnQsbRoKfRyOjoIvnzYukKUst7cWzVEfqjzzhf99Yz5HjtowYAWIyA2oQ HOWuyvcxgoocvl3+D9/XyUbQ6etYTHunBhLrPOJltyxqCfisSdnhofOp64ZvgFJa/ich I8UvM8QTlZnWKzc4MJH9jbuYh/MKr74j7vDMn7h3o9ejlHRZ2xAdAFVRawXPW/wlEI4G 8uFTQM/l2iGKB5WAwrLUbdzlgyIb9z5Ng7PMJxA9lhTNf0nsYT3mso8Zf9Dzl1fA0H9h YTeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=+6+ZVXBDS+MdjbGlZis5tLN4pZnRxLkrlq2TxOkZY64=; b=WxVwgxtGGxN5AMBNdYecRj/FRkbd/3CikMutY3FQkx9e+CwpgWZwaFuAucUXOBCMOb 7YzxM5H7Zq2OSxoJlUYK7ceaT+YaEnZvuJq7D9k2QQuD5d69+CMw/j4tk3hK8iHJBFIb lzc22jAcMpWBG16g9U6nnbpXJ1rqmKsri7XAWG+9NRah4OWwE2ngb9rlCUx6WFWAsggh wdCNA1DE5RX4Zb8wT2b0c1K6QUumlvnVg6fof95rKvp0XDuKeFohsD680g1nxJx8tdEM d931cJR8l2Fr7A2NO2VDO6+AWFJnC8FfhpCUDbbL767mt6+ybe3ZRvZ+irq//MvHJ4UH 5vmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=rjloKgKx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2-v6si2312289pfb.262.2018.08.02.08.02.24; Thu, 02 Aug 2018 08:02:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=rjloKgKx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732562AbeHBQwA (ORCPT + 99 others); Thu, 2 Aug 2018 12:52:00 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:36088 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732525AbeHBQwA (ORCPT ); Thu, 2 Aug 2018 12:52:00 -0400 Received: by mail-it0-f67.google.com with SMTP id p81-v6so3696782itp.1 for ; Thu, 02 Aug 2018 08:00:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+6+ZVXBDS+MdjbGlZis5tLN4pZnRxLkrlq2TxOkZY64=; b=rjloKgKxvf6gtZAosHUG/a2cex4b8sIGoe/SPjdisBLSa/1LTwU8Pp7PEL9DZF12nm 5HsF5EEs4v+bGTtkTHd5mQLu81g9jhdIG9oKcqsYZQUtSMVeWYSFAieEeRF23qm1OFN8 QRE3VyiS596B35XT31EV27ODwX/ymugFpHYzQAAidCuYSDnlKa4CHRhcOy71BTE3dGoO pvbvt5NBAnJVRkPqkB40LvmSv5UutT7QSPREXPL2V9jR9vOZyTjVNuaNGiWj0DFFcFRw lBHq4k/9EmEIUgmaJI5WjPuLFDpZFLKUuC0YBjFtTpqcxcZVS7ELm21h/GsEIOoyrLm7 2iPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+6+ZVXBDS+MdjbGlZis5tLN4pZnRxLkrlq2TxOkZY64=; b=PKb9DXWCheH3QKp9VGyVxsif0t336LdAhGdjyDt//IfsMcyE4JOmjm+PRcFPZ8mc8j kRsGbAwhdQiK5lB++FpnXQELCmKejWCPJZIGWA2wP/8bwMzX7VWmMzaJfTrJko95CX0M ++24glVqOaISHabMkbDdbvvf7AFHNK4zJDNy83bdYFUnqfkVKNDD/pzWJ4oxZep4g7Sw evDtjHmcbIMrr/at88tfm/jKVutlfI7EH5xgchfNfXLj3jh0ttzF7Ok548VatKBvCc47 0U5XVXLzMZHYX5LT8aAyxmxyR/TIGVwH+Hqsx3ndk96xdedpe1xdTcabFxvhdU6nujuG ib+g== X-Gm-Message-State: AOUpUlFrjqQIVRyp6T05gvNdjqrdrx4hQL+FAwqluSai+erx8K8NnevQ hpWaMmlejYNVF4kzn9WzjfNZ4SpH/O58Wl4feUcZYA== X-Received: by 2002:a02:ac8f:: with SMTP id x15-v6mr2815342jan.132.1533222025880; Thu, 02 Aug 2018 08:00:25 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:918c:0:0:0:0:0 with HTTP; Thu, 2 Aug 2018 08:00:25 -0700 (PDT) In-Reply-To: <20180801174256.5mbyf33eszml4nmu@armageddon.cambridge.arm.com> References: <20180626172900.ufclp2pfrhwkxjco@armageddon.cambridge.arm.com> <20180801174256.5mbyf33eszml4nmu@armageddon.cambridge.arm.com> From: Andrey Konovalov Date: Thu, 2 Aug 2018 17:00:25 +0200 Message-ID: Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel To: Catalin Marinas Cc: Mark Rutland , Kate Stewart , linux-doc@vger.kernel.org, Will Deacon , Kostya Serebryany , linux-kselftest@vger.kernel.org, Chintan Pandya , Shuah Khan , Ingo Molnar , linux-arch@vger.kernel.org, Jacob Bramley , Dmitry Vyukov , Evgeniy Stepanov , Kees Cook , Ruben Ayrapetyan , Ramana Radhakrishnan , Al Viro , Linux ARM , Linux Memory Management List , Greg Kroah-Hartman , LKML , Lee Smith , Andrew Morton , Robin Murphy , "Kirill A . Shutemov" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 1, 2018 at 7:42 PM, Catalin Marinas wrote: > On Mon, Jul 16, 2018 at 01:25:59PM +0200, Andrey Konovalov wrote: >> On Thu, Jun 28, 2018 at 9:30 PM, Andrey Konovalov wrote: >> So the checker reports ~100 different places where a __user pointer >> being casted. I've looked through them and found 3 places where we >> need to add untagging. Source code lines below come from 4.18-rc2+ >> (6f0d349d). > [...] >> I'll add the 3 patches with fixes to v5 of this patchset. > > Thanks for investigating. You can fix those three places in your code OK, will do. > but I was rather looking for a way to check such casting in the future > for newly added code. While for the khwasan we can assume it's a debug > option, the tagged user pointers are ABI and we need to keep it stable. > > We could we actually add some macros for explicit conversion between > __user ptr and long and silence the warning there (I guess this would > work better for sparse). We can then detect new ptr to long casts as > they appear. I just hope that's not too intrusive. > > (I haven't tried the sparse patch yet, hopefully sometime this week) Haven't look at that sparse patch yet myself, but sounds doable. Should these macros go into this patchset or should they go separately?