Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp511827imm; Thu, 30 Aug 2018 04:44:36 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb0rkBIC7mYSLj5W9Ah3MbYyxKXFiLlx14t2W1ituOfjf/pGTndibuYTlLBfz8a3ZJYzrYm X-Received: by 2002:a17:902:42a5:: with SMTP id h34-v6mr10116919pld.228.1535629476090; Thu, 30 Aug 2018 04:44:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535629476; cv=none; d=google.com; s=arc-20160816; b=Jg2BcNC8/NBTdc8Ykox1OlcZJfhgeCzWv8a/CsES9eE8/1A0BhcdrTMmFcSHXEa3tb kDfe48DhUzSaXBhzRLUoZZCkhG6C89HxHbrFYVpodajFOk3UnHHjm4pvw9XsmenHXERG Fy0wYKAoVULXxq9jWOUZocvbZqrzoIiXFiDI6KYE+YP+iOKx+saYmSS76SR6BRBFh16Y i72mo7PyW3uYTxz6jBSlimQMu0SicFzrK1dVG1fhM0BxLjyweqXl8c7bUW72762It4sH PTJLjL9Ng0ZyOK7ZpKbMWVA+IgMgC6Ftifs7jcl/M0wD55IT7bPo8o4CIDCMEH5CcdiF 6wmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=YmU2UyMtUBNWrj8mk4LYzQ193g4/d71hDCIWAiq7WI0=; b=chWtqmSE2ohwENUQ2lci6uavMu1AlWNUrUHOHI+hLk92mxI+3DnMyn1yny31D51x8h nO+kgzkiHqTyceYX3BktQMbcU/XXxn/vq7MmpoSiCM/SKXsqCubTrOyuCrWRArbMUoTp TBtPn5zntqJj5rVQMcL99zoGxVAJNAyRu5aKbBrIH8Lnb3t9aIjgaexQ5dIv/Mdptuyg +DpZeZfD/Nr0pjmKKRY5WfltTdhoW40Vw23DVj0riycSMDVC+oKuvYhLYs6c3biO0hn/ DkjJjxbRZrk2gKvozA2rk+svHIl4ET3FJI7xVqQNnQPu/0nnfRpEEuZDe1Kix1KH/rT5 TTAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IfkjmFho; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1-v6si6476008pgf.146.2018.08.30.04.44.21; Thu, 30 Aug 2018 04:44:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IfkjmFho; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728115AbeH3PnG (ORCPT + 99 others); Thu, 30 Aug 2018 11:43:06 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:33327 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728004AbeH3PnG (ORCPT ); Thu, 30 Aug 2018 11:43:06 -0400 Received: by mail-wm0-f68.google.com with SMTP id i134-v6so1623968wmf.0 for ; Thu, 30 Aug 2018 04:41:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YmU2UyMtUBNWrj8mk4LYzQ193g4/d71hDCIWAiq7WI0=; b=IfkjmFhoYEchL2Isulzy2HGRhwUAvap8gk4OyFAK0S+ltBBXHbvrenzzgK+qvOksep rT9yKFfHZfQEV/a2ynV/OdX/nQGjRmi7he70z1eH6qrLQ3lwq4LuweIieHCRhK4Enyhv Y/gq3YABwR6a0aXat6gq+Lyr8Eio3epXuS7ZQuLPUltrbA2hH36lxQ5P/tM2cGhNAW/m EKAhVkg4m1MQR7TLAVQizX9UGMu7fl5t03okJs3F5vVf+fiG5emA5xD+U4Z9YlGmcW0B +eTkHSvtA0rc7e598IGlPLS/QkOhICrwKPD9gy6G9xIi+jtUcHw7zIgHTM2WTQBPhKfc xocw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=YmU2UyMtUBNWrj8mk4LYzQ193g4/d71hDCIWAiq7WI0=; b=nmw9vMMG4yv+qwdyPNwrXr6JIBgznCzKgElIf2yQvIIRLfgVJur6bqi8iXDofbeY3L dcWQfIfDUHn01UTxXDwxUQS2R94OWLE+ZVnH2KjA2phTFtD7BIIxs72INLI7mUR97vqj yPinPTygc30ACA2p6a11f9rGXymG3GD/zBB/QqxDLmt9ejCjaA07PI/rbyHDf79TdmRp sGD+t7N5ojwnnLsLWNOx7gxvu2xRzKlqoYspJPsr9V3UIRTBVsTq0rTahK1zzHlT4gZ0 NFT/xr8pIOggG03U6Iwya9ZvrlhoWAf/INPph1t4rhmrNwWOSfTr53bzCL6f63jJ6h6N A52w== X-Gm-Message-State: APzg51AcQPFeS18kjLhl4Yl/oSUYgZ6TjXqIp4YDEFqVuP0ymskz1/xY +4SmoT8wxTtH3D1sMFNEwOOGVQ== X-Received: by 2002:a1c:b6d6:: with SMTP id g205-v6mr1662119wmf.17.1535629280841; Thu, 30 Aug 2018 04:41:20 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([2a00:79e0:15:10:84be:a42a:826d:c530]) by smtp.gmail.com with ESMTPSA id z184-v6sm2175218wmz.0.2018.08.30.04.41.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Aug 2018 04:41:19 -0700 (PDT) From: Andrey Konovalov To: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya Subject: [PATCH v6 00/11] arm64: untag user pointers passed to the kernel Date: Thu, 30 Aug 2018 13:41:05 +0200 Message-Id: X-Mailer: git-send-email 2.19.0.rc0.228.g281dcd1b4d0-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v6: - Added annotations for user pointer casts found by sparse. - Rebased onto 050cdc6c (4.19-rc1+). Changes in v5: - Added 3 new patches that add untagging to places found with static analysis. - Rebased onto 44c929e1 (4.18-rc8). Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped "mm, arm64: untag user addresses in memory syscalls". - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (11): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: untag user address in __do_user_fault fs, arm64: untag user address in copy_mount_options usb, arm64: untag user addresses in devio arm64: update Documentation/arm64/tagged-pointers.txt selftests, arm64: add a selftest for passing tagged pointers to kernel arm64: annotate user pointers casts detected by sparse Documentation/arm64/tagged-pointers.txt | 5 +-- arch/arm64/include/asm/compat.h | 2 +- arch/arm64/include/asm/uaccess.h | 16 ++++++---- arch/arm64/kernel/perf_callchain.c | 4 +-- arch/arm64/kernel/signal.c | 16 +++++----- arch/arm64/kernel/signal32.c | 6 ++-- arch/arm64/mm/fault.c | 4 +-- block/compat_ioctl.c | 15 +++++---- drivers/ata/libata-scsi.c | 2 +- drivers/block/loop.c | 2 +- drivers/gpio/gpiolib.c | 8 +++-- drivers/input/evdev.c | 2 +- drivers/media/dvb-core/dvb_frontend.c | 3 +- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 9 +++--- drivers/mmc/core/block.c | 6 ++-- drivers/mtd/mtdchar.c | 2 +- drivers/net/tap.c | 2 +- drivers/net/tun.c | 2 +- drivers/spi/spidev.c | 6 ++-- drivers/tty/tty_ioctl.c | 3 +- drivers/tty/vt/vt_ioctl.c | 5 +-- drivers/usb/core/devio.c | 10 ++++-- drivers/vfio/vfio.c | 6 ++-- drivers/video/fbdev/core/fbmem.c | 4 +-- drivers/xen/gntdev.c | 6 ++-- drivers/xen/privcmd.c | 4 +-- fs/aio.c | 2 +- fs/autofs/dev-ioctl.c | 3 +- fs/autofs/root.c | 2 +- fs/binfmt_elf.c | 10 +++--- fs/btrfs/ioctl.c | 2 +- fs/compat_ioctl.c | 32 ++++++++++--------- fs/ext2/ioctl.c | 2 +- fs/ext4/ioctl.c | 2 +- fs/fat/file.c | 3 +- fs/fuse/file.c | 2 +- fs/namespace.c | 2 +- fs/readdir.c | 4 +-- fs/signalfd.c | 10 +++--- include/linux/mm.h | 2 +- include/linux/pagemap.h | 8 ++--- include/linux/socket.h | 2 +- include/linux/uaccess.h | 4 +++ ipc/shm.c | 4 +-- kernel/futex.c | 6 ++-- kernel/futex_compat.c | 2 +- kernel/power/user.c | 2 +- kernel/signal.c | 2 +- lib/iov_iter.c | 16 +++++----- lib/strncpy_from_user.c | 4 ++- lib/strnlen_user.c | 6 ++-- lib/test_kasan.c | 2 +- mm/gup.c | 4 +++ mm/memory.c | 2 +- mm/migrate.c | 4 +-- mm/process_vm_access.c | 13 ++++---- net/bluetooth/hidp/sock.c | 2 +- net/compat.c | 12 ++++--- sound/core/control_compat.c | 5 +-- sound/core/pcm_native.c | 5 +-- sound/core/timer_compat.c | 3 +- tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 +++++++ .../testing/selftests/arm64/run_tags_test.sh | 12 +++++++ tools/testing/selftests/arm64/tags_test.c | 19 +++++++++++ 65 files changed, 232 insertions(+), 147 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.19.0.rc0.228.g281dcd1b4d0-goog