Received: by 2002:ab2:715a:0:b0:1fd:c064:50c with SMTP id l26csp91984lqm;
        Mon, 10 Jun 2024 13:50:29 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXhvBLHn3Snatg4xn6D8acfF+4HouYkFekop/uxFX3BZrlFuNyz0XFfxxwm8ViQ9WKDoXCJ2T7Xv+yHyw0DQWBLmIbpchGbUAaG/SEb6Q==
X-Google-Smtp-Source: AGHT+IH6KnPcZ2tT9jfo+Mz5pK1kBth0qK7c5aJbW+3fGgYshBYX3H0gMLn4V+1/QevRmNMJyBPz
X-Received: by 2002:a50:d5cc:0:b0:57c:60e5:c2d7 with SMTP id 4fb4d7f45d1cf-57c90a18bc7mr587222a12.1.1718052629115;
        Mon, 10 Jun 2024 13:50:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1718052629; cv=pass;
        d=google.com; s=arc-20160816;
        b=uR2/3DdJ24BmurF+hPB9IAyu0QdLZ6URp3zBk5bWHTnd0L9c4Q2oH4nF5Eo1BNTdBo
         KHRm6cJnlV7FGjxek843Bcw6hfZE4Z2zOzT5aO464JVXBlNtn079/U2s+Qjyxjt3lPvD
         OXbrTqO5ZJUkzlYczMxu3/btveoE71QmnlbBK41N5UfgkcbPePz6it84jFLBLZhlQAuM
         X8+Exg/M5wDRpRyibwns2DXNtR6QhlHuksDsH+5mTMNG51F7ATmpULt8roDwe6H+FAI7
         xcsZRadYH8P7KEMCXKCVynNeJw3lGSr/B7cqRzICWSFZ/bBe/1E7RTsjsdyVCvdG44OH
         ePOg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=cHllRSUVOHeLObBelP5vBhBdr5sWTqD2YFUSQ8p9uMg=;
        fh=gOiB6O4qTz0lnjzVhoJ4fPMl6n+fqzmQ+latPH+Ar/Q=;
        b=pOXBkP+jNwX2vhXsdo06hurLohuk/70eR9dRmLUyvFR9VhUmxxTXicizZcN8bIIYGg
         F0TxbaO62A3WvvfdCGlWCJFK1mc3E9KL2EZFDaf9kJz3IvpZGBcBd02d0LnuscLqkKvm
         UIUeqZkrP0n+KgGgRgtPYlDMcsRYOdq4vNgBBAHmY8//NYIbpp6vGppIxJW+fGXFmLYh
         uZbb+bGWhQuG2YV+mxPA77rWVilISsxcxAyCH0/G5Y8rwIkYYpmWKPpHGCiMEByI2VTF
         R4aDLSdR4QPBJNQ8/g03ZTweNcxZj5M6PlDRu97Kli/yzFKIAa9HXhESEFqzTvz+6alN
         rWxw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=oW6YdVQZ;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id 4fb4d7f45d1cf-57c7ec1db9bsi1733235a12.525.2024.06.10.13.50.29
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Jun 2024 13:50:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=oW6YdVQZ;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-208886-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id A398E1F23850
	for <linux.lists.archive@gmail.com>; Mon, 10 Jun 2024 20:50:28 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id BFB34152516;
	Mon, 10 Jun 2024 20:48:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="oW6YdVQZ"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6DCE15217E;
	Mon, 10 Jun 2024 20:48:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1718052538; cv=none; b=U3/hrJA7DIZC9cMEE7g8m1Xa0vGs8yfAe6BcaXEg/HPKikS4gVWPwyR1hXPtHlzaxNQZclkYRj/UMKwofF47Y5smVVxXRcDU07fDMAEXLEVE+koewfV5vBd50ATjjqHp2PvtfRnBABhNnLLBeTbaDsIFMWgd8xbot1yiBCJfZGM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1718052538; c=relaxed/simple;
	bh=ZLKP+8SlFBbrksEeWgQE5JXZVIKp4sUqZEnPm1wWp08=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=DmQmGWsbsFaV0WwYhbBAvHQMrK4eKeGFueAFv+n0znOjbrvD0cihqYEcZBv1WGR4TKFn4TaEiINUrlU9vqY8nR5/3JZ7Ern4v8gK6M98ai0VqlFfrOGV+P2PXWrKxX7RHuyixIzmQKnH4eietw0jSkYy6GVlAkVPk4Egsz5a1sE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=oW6YdVQZ; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8A8B8C2BBFC;
	Mon, 10 Jun 2024 20:48:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1718052537;
	bh=ZLKP+8SlFBbrksEeWgQE5JXZVIKp4sUqZEnPm1wWp08=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=oW6YdVQZvb7pT3RZFzWwOH0DwmEzdPSEz6ug0yrQT5f7eFcIFPll+TIRF/JYMqYAN
	 IPuGjDiAiCBVYcvtkSVVlzyLqnVfjT59DCr4d/zHaCDWs3pNa9EDzgXhxWifioijEi
	 SB0wd1qaiCK27TsS/Cb+VMdqMj9GjYqEaSE5JufY=
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Peter Anvin <hpa@zytor.com>,
	Ingo Molnar <mingo@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	Thomas Gleixner <tglx@linutronix.de>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	the arch/x86 maintainers <x86@kernel.org>,
	linux-arm-kernel@lists.infradead.org,
	linux-arch <linux-arch@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 7/7] arm64: access_ok() optimization
Date: Mon, 10 Jun 2024 13:48:21 -0700
Message-ID: <20240610204821.230388-8-torvalds@linux-foundation.org>
X-Mailer: git-send-email 2.45.1.209.gc6f12300df
In-Reply-To: <20240610204821.230388-1-torvalds@linux-foundation.org>
References: <20240610204821.230388-1-torvalds@linux-foundation.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

The TBI setup on arm64 is very strange: HW is set up to always do TBI,
but the kernel enforcement for system calls is purely a software
contract, and user space is supposed to mask off the top bits before the
system call.

Except all the actual brk/mmap/etc() system calls then mask it in kernel
space anyway, and accept any TBI address.

This basically unifies things and makes access_ok() also ignore it.

This is an ABI change, but the current situation is very odd, and this
change avoids the current mess and makes the kernel more permissive, and
as such is unlikely to break anything.

The way forward - for some possible future situation when people want to
use more bits - is probably to introduce a new "I actually want the full
64-bit address space" prctl.  But we should make sure that the software
and hardware rules actually match at that point.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 arch/arm64/include/asm/uaccess.h | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 4ab3938290ab..a435eff4ee93 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -30,23 +30,20 @@ static inline int __access_ok(const void __user *ptr, unsigned long size);
 
 /*
  * Test whether a block of memory is a valid user space address.
- * Returns 1 if the range is valid, 0 otherwise.
  *
- * This is equivalent to the following test:
- * (u65)addr + (u65)size <= (u65)TASK_SIZE_MAX
+ * We only care that the address cannot reach the kernel mapping, and
+ * that an invalid address will fault.
  */
-static inline int access_ok(const void __user *addr, unsigned long size)
+static inline int access_ok(const void __user *p, unsigned long size)
 {
-	/*
-	 * Asynchronous I/O running in a kernel thread does not have the
-	 * TIF_TAGGED_ADDR flag of the process owning the mm, so always untag
-	 * the user address before checking.
-	 */
-	if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI) &&
-	    (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
-		addr = untagged_addr(addr);
+	unsigned long addr = (unsigned long)p;
 
-	return likely(__access_ok(addr, size));
+	/* Only bit 55 of the address matters */
+	addr |= addr+size;
+	addr = (addr >> 55) & 1;
+	size >>= 55;
+
+	return !(addr | size);
 }
 #define access_ok access_ok
 
-- 
2.45.1.209.gc6f12300df