From: Catalin Marinas <catalin.marinas@arm.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Andrey Konovalov <andreyknvl@google.com>,
Will Deacon <will.deacon@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Arnd Bergmann <arnd@arndb.de>,
linux-arch@vger.kernel.org, Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>,
Evgeniy Stepanov <eugenis@google.com>,
Lee Smith <Lee.Smith@arm.com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Jacob Bramley <Jacob.Bramley@arm.com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@arm.com>
Subject: Re: [RFC PATCH 2/6] arm64: untag user addresses in copy_from_user and others
Date: Fri, 9 Mar 2018 15:58:29 +0000 [thread overview]
Message-ID: <20180309155829.2fzgevhsxj3gnyly@armageddon.cambridge.arm.com> (raw)
In-Reply-To: <20180309150309.4sue2zj6teehx6e3@lakrids.cambridge.arm.com>
On Fri, Mar 09, 2018 at 03:03:09PM +0000, Mark Rutland wrote:
> On Fri, Mar 09, 2018 at 03:02:00PM +0100, Andrey Konovalov wrote:
> > copy_from_user (and a few other similar functions) are used to copy data
> > from user memory into the kernel memory or vice versa. Since a user can
> > provided a tagged pointer to one of the syscalls that use copy_from_user,
> > we need to correctly handle such pointers.
>
> I don't think it makes sense to do this in the low-level uaccess
> primitives, given we're going to have to untag pointers before common
> code can use them, e.g. for comparisons against TASK_SIZE or
> user_addr_max().
>
> I think we'll end up with subtle bugs unless we consistently untag
> pointers before we get to uaccess primitives. If core code does untag
> pointers, then it's redundant to do so here.
A quick "hack" below clears the tag on syscall entry (where the argument
is a __user pointer). However, we still have cases in core code where
the pointer is read from a structure or even passed as an unsigned long
as part of a command + argument (like in ptrace).
The "hack":
---------------------------------8<--------------------------
next prev parent reply other threads:[~2018-03-09 15:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-09 14:01 [RFC PATCH 0/6] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-03-09 14:01 ` [RFC PATCH 1/6] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-03-09 14:02 ` [RFC PATCH 2/6] arm64: untag user addresses in copy_from_user and others Andrey Konovalov
2018-03-09 15:03 ` Mark Rutland
2018-03-09 15:58 ` Catalin Marinas [this message]
2018-03-09 17:57 ` Andrey Konovalov
2018-03-09 14:02 ` [RFC PATCH 3/6] mm, arm64: untag user addresses in memory syscalls Andrey Konovalov
2018-03-09 14:02 ` [RFC PATCH 4/6] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-03-09 14:02 ` [RFC PATCH 5/6] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-03-09 14:02 ` [RFC PATCH 6/6] arch: add untagged_addr definition for other arches Andrey Konovalov
2018-03-09 14:11 ` Arnd Bergmann
2018-03-09 14:16 ` Robin Murphy
2018-03-09 15:47 ` Andrey Konovalov
2018-03-09 14:15 ` [RFC PATCH 0/6] arm64: untag user pointers passed to the kernel Robin Murphy
2018-03-09 17:58 ` Andrey Konovalov
2018-03-09 14:55 ` Mark Rutland
2018-03-09 15:16 ` Geert Uytterhoeven
2018-03-09 17:58 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180309155829.2fzgevhsxj3gnyly@armageddon.cambridge.arm.com \
--to=catalin.marinas@arm.com \
--cc=Jacob.Bramley@arm.com \
--cc=Lee.Smith@arm.com \
--cc=Ramana.Radhakrishnan@arm.com \
--cc=Ruben.Ayrapetyan@arm.com \
--cc=andreyknvl@google.com \
--cc=arnd@arndb.de \
--cc=dvyukov@google.com \
--cc=eugenis@google.com \
--cc=kcc@google.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=robin.murphy@arm.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox