Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp1149828img; Tue, 26 Feb 2019 15:18:33 -0800 (PST) X-Google-Smtp-Source: AHgI3IYgv2IY4dgcQykNycXRKghyZN6kkBnt1k6mfqLGnAfgC5HcspIhVJRb1o9IbZOsUvnskAee X-Received: by 2002:a62:ab04:: with SMTP id p4mr28544668pff.142.1551223113839; Tue, 26 Feb 2019 15:18:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551223113; cv=none; d=google.com; s=arc-20160816; b=QE1IeI7urYATJlOk3tJdCqhf7GNpRs+m8Xv1P8t6mXMXqHYmtU2gWZatprLg8WLNgO sVy8n/YVVJVM9LvRcH05W49ELx7rvlQfzXMCUkJEo7H9IvupV1LjeqOA+5Q6EN5Giw4V vbJVv5SGHeoWNhz4iFZebGgT0jP20/zaWi5+T7dhIjlsNjisnE/PlLDJ/mZnFcD3kG7o c38jsApx/0uehi6bYkNs67yz5THk9m/0/USs4xzJkjA1ij8ooGyCxUzRf/N8vNWHvXWl k2xPYlKjdBiQbhTH2GF2AqL/AP8QA4MjzlqH3rDFfDi5umiOH8JXd97OzXfnAEb/mvvX q6oQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=F/ZWUspDnO9H+N1b+3KaSbEisQ9DROKLGDc6Wk9zF/Q=; b=0DKoicqKK53m1psbsxgYx34CZOah0CKIpABKNobDeuWfj6czl/q3yTIVhQuVL+R60L 8QjGM/6d4PaeGECut4kcuQsPwPGEEJv+U4A8btJm6PUVmCTjalvxbA2kkUTCHPApS4BZ 1p4GiWxBBzFjFm3RZzRJkStKNvDGINCNGDku4aeUd8+dyLagnFvSRgOwRnEp2cDHmoFN Hs2ZWFbRo5Pw9dCJ8eGZUQ1QrPbH84AM6RO55EtsXqhIlS1VuJ7+OP/2CZsZgYTh/IjJ c5EXTPsVOeRGnDWRgx1cgFwA1U+JZ9mQffBf4S7qoF85r8059BjczhY4ficZm1kz1Pi8 SbUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ns64+bku; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 31si3830520ple.389.2019.02.26.15.18.18; Tue, 26 Feb 2019 15:18:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ns64+bku; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729360AbfBZXRy (ORCPT + 99 others); Tue, 26 Feb 2019 18:17:54 -0500 Received: from mail-ed1-f65.google.com ([209.85.208.65]:34710 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729038AbfBZXRy (ORCPT ); Tue, 26 Feb 2019 18:17:54 -0500 Received: by mail-ed1-f65.google.com with SMTP id a16so12331156edn.1; Tue, 26 Feb 2019 15:17:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=F/ZWUspDnO9H+N1b+3KaSbEisQ9DROKLGDc6Wk9zF/Q=; b=Ns64+bkuLm12DoKtMqYvm9spiyuFy91esqRW620Tr8a7c6yO/zBoKktXkM25pJWO7N KYZHrHySgbKp0ukEqgvOhVKztZuddf20j5XWcS8omSkG42v0aRxVNYrlBxPtJ5MKsME7 ICL0xa9DMOfylbdIxpEwAZmOFNWw8UhcTBw6asiXQj4RekvDc6+JweuyVSjAgI3eHELu vrpNWsBvdmFuFoBrNOxVtfbPgEBXp3J4Y4DdxNVAhdJW9HKxxO6kJVWQ6cQR3MOt6yFp sJZMlrFYPfy5nxUdukFrBbjcMPSYdZIfmqc7x6DDDKYm9VEv7xqnU2PBR6i514uULX4k dhBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=F/ZWUspDnO9H+N1b+3KaSbEisQ9DROKLGDc6Wk9zF/Q=; b=PInyJwQ3bxoIhfe6qFrVbVSVhuzdQVNxRMZDpbXkTKEebgurTmJumQhrEb/oWjqxVP bTOnbTH3yNvwQWcBxETP2IeoCODFdPSsycThk/kPg8IJ+ezriGbaOLu4JgDNYjj7jRmW 5+bW/asmJQ4AWWxsoVMe91LxyEaQujMYOBV9oit2RO3m5UF1ivb6S0OwSlz70pTfKz+d 5xmoZMz9+qICnRl4WfXxTps7H+L2p1HGpa42zMQvxnC7www6T/dvxmmjbWqEVmy0BDDB Y1SZjsGX9KbdErHqBAbj3waXdSbOFLBN1VM4n2lRaAv0MCZxf7dYz9Uex5jVcjpS2dWw 66Ow== X-Gm-Message-State: AHQUAuZbox7xhCX0UPBwsCUwTYZ+9PDratzLpN+Y3I2J9OAiShLcKNW8 MVVSaKC0E7Y4FQn7jcTv/Rw= X-Received: by 2002:a50:ca41:: with SMTP id e1mr3769377edi.73.1551223071600; Tue, 26 Feb 2019 15:17:51 -0800 (PST) Received: from ltop.local ([2a02:a03f:4034:3c00:69ad:1253:f4b5:5458]) by smtp.gmail.com with ESMTPSA id fy6sm2459233ejb.52.2019.02.26.15.17.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Feb 2019 15:17:50 -0800 (PST) Date: Wed, 27 Feb 2019 00:17:49 +0100 From: Luc Van Oostenryck To: Andrey Konovalov Cc: Dave Hansen , Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Vincenzo Frascino , Linux ARM , "open list:DOCUMENTATION" , Linux Memory Management List , linux-arch , "open list:KERNEL SELFTEST FRAMEWORK" , LKML , Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya , Dave Martin , Kevin Brodsky , Szabolcs Nagy Subject: Re: [PATCH v10 00/12] arm64: untag user pointers passed to the kernel Message-ID: <20190226231747.z3lc6yr6xmrw5q2z@ltop.local> References: <2ad5f897-25c0-90cf-f54f-827876873a0a@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 26, 2019 at 06:18:25PM +0100, Andrey Konovalov wrote: > On Fri, Feb 22, 2019 at 11:55 PM Dave Hansen wrote: > > > > On 2/22/19 4:53 AM, Andrey Konovalov wrote: > > > The following testing approaches has been taken to find potential issues > > > with user pointer untagging: > > > > > > 1. Static testing (with sparse [3] and separately with a custom static > > > analyzer based on Clang) to track casts of __user pointers to integer > > > types to find places where untagging needs to be done. > > > > First of all, it's really cool that you took this approach. Sounds like > > there was a lot of systematic work to fix up the sites in the existing > > codebase. > > > > But, isn't this a _bit_ fragile going forward? Folks can't just "make > > sparse" to find issues with missing untags. > > Yes, this static approach can only be used as a hint to find some > places where untagging is needed, but certainly not all. > > > This seems like something > > where we would ideally add an __tagged annotation (or something) to the > > source tree and then have sparse rules that can look for missed untags. > > This has been suggested before, search for __untagged here [1]. > However there are many places in the kernel where a __user pointer is > casted into unsigned long and passed further. I'm not sure if it's > possible apply a __tagged/__untagged kind of attribute to non-pointer > types, is it? > > [1] https://patchwork.kernel.org/patch/10581535/ It's something that should need to be added to sparse since it's different from what sparse already have (the existing __bitwise and concept of address-space doesn't seem to do the job here). -- Luc Van Oostenryck