Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp568537imm; Fri, 3 Aug 2018 08:00:58 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe2R3hfmDpCjgKf1u1OIUzNTz9hvmHnj7Z9mraIwOU/VZ/1ZMwzIVDzbhSlv1IVMOHGiUiN X-Received: by 2002:a62:cc4d:: with SMTP id a74-v6mr4967492pfg.200.1533308458534; Fri, 03 Aug 2018 08:00:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533308458; cv=none; d=google.com; s=arc-20160816; b=HqVs6yxHSqJasCZKcZh7SsNFeiuSIiWk4wIZQebyQYbI/EO6bPW63FrkfikMuI3dbR SQwwTmN7J08BRkSYUxyMcL9KhGhOviGTaZ9UT8GP12pHgp6Yi6pPCrjB7PsmlCHS1gV7 26dQVLPovhVVbePbQt5Esn2dj8TuWbYH0TrI7wwpETr+rrK+inGssurDnBGuFOFXoIKB xL0jopZnuWCu4pm8gPrelZL6sXiArvNSgF9lIzYDAeuvF25GeY+LXKSEl5+ln4P0duED Ys9gzGO5sRoQHeXHZd2BlrgrkIQapFPI98/DGK40t6oec63Rb1EVM/Dmb6srbzRz0bp8 HW3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=ppJIs+P8Ko2KhT9RCQqlsS1cBGmRmm5t4Oo2RZ2oXZA=; b=ZQ992ffuBb+VrthBq2TnGFbjCVTa4SuZDbPcgr0asANZQkNQpcwGdAZYmBtUp7mnax 7quaAhJxUidph+WPnzxR/gYqwD386FhUyfmUol5PooxpDb5veFow1vrqnEXkL6M+EyQL 5WcfaGhl8X5FrPx+4Bm+/BtdWSAuIdnEDyU12ZWTJXHLP0SrC7zxcfKFLLC2r/AqYqiV xd1RyQTRRv5AXlqQIl32d6FsrTuf0FS5/hTxSZ/lhFPSJ9Ge3mJl0ch52fbaeQWi54uI fTRmEFx26Mx/9zW1wli0ii9OngBD0eSvMOAe5LE4Nk+dQ77b2PxclB3DWd/r1DGUMRbp 8blQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YstjJ5zu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12-v6si3729698plt.212.2018.08.03.08.00.43; Fri, 03 Aug 2018 08:00:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YstjJ5zu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732393AbeHCQ4B (ORCPT + 99 others); Fri, 3 Aug 2018 12:56:01 -0400 Received: from mail-io0-f181.google.com ([209.85.223.181]:46706 "EHLO mail-io0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732188AbeHCQ4B (ORCPT ); Fri, 3 Aug 2018 12:56:01 -0400 Received: by mail-io0-f181.google.com with SMTP id i18-v6so5176353ioj.13 for ; Fri, 03 Aug 2018 07:59:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ppJIs+P8Ko2KhT9RCQqlsS1cBGmRmm5t4Oo2RZ2oXZA=; b=YstjJ5zuT+fTs0rq2SGWibooAj9k1vyGw9eNT9WPPxctZ/qMmcF/DTebW07XnDlmxg prdpYo8kUdmJ1TPFew+Y/cSC4U5LRfLfV9RCXJhujXq8cyA2dixv/iwoc5tQN9S0CPr6 oWkFtWmYJIBZQgMtVaQRZ4pzDGRpOHkRqOaHWcwGoPaV3zF0FWlZsrDEop/4eIq2l92a WT91MGJ3cemoAI6tLix9xGi2mUDQackyiRCwjBo1iB7dFJq0a7oF0aLfBPYquBpN+exb l19BIJvADvsfXYQk6MJkLIX0C8rHtknPv65MjRtwRzwIsF9c13e6HdfRSPQAnpVjM6il /vww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ppJIs+P8Ko2KhT9RCQqlsS1cBGmRmm5t4Oo2RZ2oXZA=; b=lXIT2MPhORhZTSmDVtyEl7wM81hNWJVmWZV76rOVssL2ceIVRzOjRNojLIYAweDaGM zHA1Oxsp4t8HCOxmam/zmIVhfcOgeft+RMwkC32EwAAnfLxLpxj3aVGAIKNS5TfSGSb3 +5Iz8n0nkez1U3a84JNGA4eCqmD5Y8IMM+7kar8txffkNHOWykJlBlEY19/VqwulrHll NJZS9bxmHtz1elaln/sYeHeiS8IZ1gTObx+NrJAMNkXOZZ1XzMBXIPIloAdVw4weoIJ4 DTBhy5EyzPKFfaksvT4KsD8ZH2jaEW+FVd0jodRlCJvLcZDishqpQlfi1/euzMAEeVbp Y7Tg== X-Gm-Message-State: AOUpUlH7BghsC7AqKNy3ovUWid9ITCMhkOtDbLfg9w7Z0cyKwWB7LQxu fIqUnNuBz5tFp4LVzIzk8X0Z1WFjR5dF5DJ/4x3wiw== X-Received: by 2002:a6b:ca85:: with SMTP id a127-v6mr6714619iog.31.1533308359181; Fri, 03 Aug 2018 07:59:19 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:918c:0:0:0:0:0 with HTTP; Fri, 3 Aug 2018 07:59:18 -0700 (PDT) In-Reply-To: References: <20180626172900.ufclp2pfrhwkxjco@armageddon.cambridge.arm.com> <20180801174256.5mbyf33eszml4nmu@armageddon.cambridge.arm.com> From: Andrey Konovalov Date: Fri, 3 Aug 2018 16:59:18 +0200 Message-ID: Subject: Re: [PATCH v4 0/7] arm64: untag user pointers passed to the kernel To: Catalin Marinas Cc: Mark Rutland , Kate Stewart , linux-doc@vger.kernel.org, Will Deacon , Kostya Serebryany , linux-kselftest@vger.kernel.org, Chintan Pandya , Shuah Khan , Ingo Molnar , linux-arch@vger.kernel.org, Jacob Bramley , Dmitry Vyukov , Evgeniy Stepanov , Kees Cook , Ruben Ayrapetyan , Ramana Radhakrishnan , Al Viro , Linux ARM , Linux Memory Management List , Greg Kroah-Hartman , LKML , Lee Smith , Andrew Morton , Robin Murphy , "Kirill A . Shutemov" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 2, 2018 at 5:00 PM, Andrey Konovalov wrote: > On Wed, Aug 1, 2018 at 7:42 PM, Catalin Marinas wrote: >> On Mon, Jul 16, 2018 at 01:25:59PM +0200, Andrey Konovalov wrote: >>> On Thu, Jun 28, 2018 at 9:30 PM, Andrey Konovalov wrote: >>> So the checker reports ~100 different places where a __user pointer >>> being casted. I've looked through them and found 3 places where we >>> need to add untagging. Source code lines below come from 4.18-rc2+ >>> (6f0d349d). >> [...] >>> I'll add the 3 patches with fixes to v5 of this patchset. >> >> Thanks for investigating. You can fix those three places in your code > > OK, will do. > >> but I was rather looking for a way to check such casting in the future >> for newly added code. While for the khwasan we can assume it's a debug >> option, the tagged user pointers are ABI and we need to keep it stable. >> >> We could we actually add some macros for explicit conversion between >> __user ptr and long and silence the warning there (I guess this would >> work better for sparse). We can then detect new ptr to long casts as >> they appear. I just hope that's not too intrusive. >> >> (I haven't tried the sparse patch yet, hopefully sometime this week) > > Haven't look at that sparse patch yet myself, but sounds doable. > Should these macros go into this patchset or should they go > separately? Started looking at this. When I run sparse with default checks enabled (make C=1) I get countless warnings. Does anybody actually use it?