From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D025C07E96 for ; Tue, 13 Jul 2021 17:20:58 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 0E17261353 for ; Tue, 13 Jul 2021 17:20:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0E17261353 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id DC7DC6B0083; Tue, 13 Jul 2021 13:20:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D51516B0085; Tue, 13 Jul 2021 13:20:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BC97D6B0088; Tue, 13 Jul 2021 13:20:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0163.hostedemail.com [216.40.44.163]) by kanga.kvack.org (Postfix) with ESMTP id 900A26B0083 for ; Tue, 13 Jul 2021 13:20:57 -0400 (EDT) Received: from smtpin35.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 8442F20BCF for ; Tue, 13 Jul 2021 17:20:56 +0000 (UTC) X-FDA: 78358229712.35.3557A47 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf20.hostedemail.com (Postfix) with ESMTP id 1DD5AD0000A7 for ; Tue, 13 Jul 2021 17:20:55 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id E778661183; Tue, 13 Jul 2021 17:20:53 +0000 (UTC) Date: Tue, 13 Jul 2021 18:20:46 +0100 From: Catalin Marinas To: Will Deacon Cc: Robin Murphy , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Chen Huang , Al Viro Subject: Re: [PATCH] arm64: Avoid premature usercopy failure Message-ID: <20210713172045.GD13181@arm.com> References: <20210713165957.GA30304@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210713165957.GA30304@willie-the-truck> User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 1DD5AD0000A7 X-Stat-Signature: a3grdfrqq4nnqn84gyz4zxgh7paf8hci Authentication-Results: imf20.hostedemail.com; dkim=none; spf=pass (imf20.hostedemail.com: domain of cmarinas@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) X-HE-Tag: 1626196855-7897 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Jul 13, 2021 at 05:59:58PM +0100, Will Deacon wrote: > On Mon, Jul 12, 2021 at 03:27:46PM +0100, Robin Murphy wrote: > > Al reminds us that the usercopy API must only return complete failure > > if absolutely nothing could be copied. Currently, if userspace does > > something silly like giving us an unaligned pointer to Device memory, > > or a size which overruns MTE tag bounds, we may fail to honour that > > requirement when faulting on a multi-byte access even though a smaller > > access could have succeeded. > > > > Add a mitigation to the fixup routines to fall back to a single-byte > > copy if we faulted on a larger access before anything has been written > > to the destination, to guarantee making *some* forward progress. We > > needn't be too concerned about the overall performance since this should > > only occur when callers are doing something a bit dodgy in the first > > place. Particularly broken userspace might still be able to trick > > generic_perform_write() into an infinite loop by targeting write() at > > an mmap() of some read-only device register where the fault-in load > > succeeds but any store synchronously aborts such that copy_to_user() is > > genuinely unable to make progress, but, well, don't do that... > > > > CC: stable@vger.kernel.org > > Reported-by: Chen Huang > > Suggested-by: Al Viro > > Reviewed-by: Catalin Marinas > > Signed-off-by: Robin Murphy > > --- > > > > I've started trying the "replay" approach for figuring out more precise > > remainders in general, but that quickly got more complicated with > > rebasing the fault address passing stuff, so I'm resending this now as > > a point fix and will continue to explore that as an improvement on top. > > Is it possible to add/extend a selftest for this, please? I think Catalin > mentioned that before, but not sure if he got anywhere with it. It's on my to-do list but going on holiday soon. If Robin is keen on this, I don't really mind ;). -- Catalin