From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AE82C43334 for ; Wed, 15 Jun 2022 16:58:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1EB2A6B0071; Wed, 15 Jun 2022 12:58:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 19AF86B0074; Wed, 15 Jun 2022 12:58:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 08A7E6B0075; Wed, 15 Jun 2022 12:58:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id ED17A6B0071 for ; Wed, 15 Jun 2022 12:58:32 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay12.hostedemail.com (Postfix) with ESMTP id 998B61202D6 for ; Wed, 15 Jun 2022 16:58:32 +0000 (UTC) X-FDA: 79581078864.04.2096609 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by imf15.hostedemail.com (Postfix) with ESMTP id 82358A0082 for ; Wed, 15 Jun 2022 16:58:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655312311; x=1686848311; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=bmcpvg7QLQWHYlV2e3pTfXD5SVvwtZuJHl7SPF3EiJE=; b=NHZx4+MkK9avCFA2kP2iYIa8LaVCmUsSl50z7qf/cznmcnhLI5RFX/+Q WWeFxmL355Phip29pB8bKghrcglckkLE8mMbVYRHKKxNsXqcUFoV/Zyk9 Ic9jwRUcdIrYrKVIUMC3ksC6PwLoG8YZuRWGqzMOdUGJ5yuzkJC9wWiAU NvUUoHQ3PFy0npnr1n7mqSrkT/kJioCH0v2FoXzCH08Ii5zcw3Logrl3p ydTC+yaz7yc+wnp88my+ZOsrwFWG5BEwvHD9vUypH0vhot+/ROgV8BtW9 7CAGZ4HjyC+uDI0wiFwjTLK/OP9X6l1xkdYH/edoVWCelbBhYZo4XN2XW Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10379"; a="276604236" X-IronPort-AV: E=Sophos;i="5.91,302,1647327600"; d="scan'208";a="276604236" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jun 2022 09:58:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,302,1647327600"; d="scan'208";a="762547847" Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 15 Jun 2022 09:58:24 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 0E39F109; Wed, 15 Jun 2022 19:58:28 +0300 (EEST) Date: Wed, 15 Jun 2022 19:58:28 +0300 From: "Kirill A. Shutemov" To: "Edgecombe, Rick P" Cc: "peterz@infradead.org" , "Lutomirski, Andy" , "dave.hansen@linux.intel.com" , "linux-kernel@vger.kernel.org" , "hjl.tools@gmail.com" , "linux-mm@kvack.org" , "kcc@google.com" , "andreyknvl@gmail.com" , "ak@linux.intel.com" , "dvyukov@google.com" , "x86@kernel.org" , "ryabinin.a.a@gmail.com" , "glider@google.com" Subject: Re: [PATCHv3 5/8] x86/uaccess: Provide untagged_addr() and remove tags before address check Message-ID: <20220615165828.5ggwnoxo7zhvmqzt@black.fi.intel.com> References: <20220610143527.22974-1-kirill.shutemov@linux.intel.com> <20220610143527.22974-6-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655312312; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=poaobBRpwGYNnJCIZiXQgwJVCWemFBq7I2WiIfg0rvg=; b=HOnHW726B1iwVX/LXezYdHtCzJq0QAM67P2KjrC3R7aTaQsD0AQkdVgofhf9XhF/h+wKWG U0J7UaL7AzJ83uHvhxGy8jw3tvVbc0EwBLLNt8z49rRvg63/CLoTrPezancxE816dJH+Vf 9PgBUiqSE2t/nrsvC0R3Ne2xV73WlJc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655312312; a=rsa-sha256; cv=none; b=qlVJZeu0pE8GUXOxawrg1bYJNpkkYCKr1uCTRce5oqWgAOg5hDAlwe9lLrn0b2gDdRJf1f FGsLlX6rRfDah3DeDvjCDgUKpoX3IAimtjhhmphVpbRs6qLy1q5iiWYkMG1T7GNB1+9mSF iNcwjJgMKKNOtPlnmHI8j6setBjHGZI= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=NHZx4+Mk; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.93) smtp.mailfrom=kirill.shutemov@linux.intel.com Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=NHZx4+Mk; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf15.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 192.55.52.93) smtp.mailfrom=kirill.shutemov@linux.intel.com X-Rspamd-Server: rspam12 X-Rspam-User: X-Stat-Signature: 8qqofkkmkf6a989t8ia516kqn9sgruwf X-Rspamd-Queue-Id: 82358A0082 X-HE-Tag: 1655312311-376391 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jun 13, 2022 at 05:36:43PM +0000, Edgecombe, Rick P wrote: > On Fri, 2022-06-10 at 17:35 +0300, Kirill A. Shutemov wrote: > > +#ifdef CONFIG_X86_64 > > +/* > > + * Mask out tag bits from the address. > > + * > > + * Magic with the 'sign' allows to untag userspace pointer without > > any branches > > + * while leaving kernel addresses intact. > > Trying to understand the magic part here. I guess how it works is, when > the high bit is set, it does the opposite of untagging the addresses by > setting the tag bits instead of clearing them. So: > - For proper canonical kernel addresses (with U57) it leaves them > intact since the tag bits were already set. > - For non-canonical kernel-half addresses, it fixes them up. > (0xeffffff000000840->0xfffffff000000840) > - For U48 and 5 level paging, it corrupts some normal kernel > addresses. (0xff90ffffffffffff->0xffffffffffffffff) > > I just ported this to userspace and threw some addresses at it to see > what happened, so hopefully I got that right. Ouch. Thanks for noticing this. I should have catched this myself. Yes, this implementation is broken for LAM_U48 on 5-level machine. What about this: #define untagged_addr(mm, addr) ({ \ u64 __addr = (__force u64)(addr); \ s64 sign = (s64)__addr >> 63; \ __addr &= (mm)->context.untag_mask | sign; \ (__force __typeof__(addr))__addr; \ }) It makes mask effectively. all-ones for supervisor addresses. And it is less magic to my eyes. The generated code also look sane to me: 11d0: 48 89 f8 mov %rdi,%rax 11d3: 48 c1 f8 3f sar $0x3f,%rax 11d7: 48 0b 05 52 2e 00 00 or 0x2e52(%rip),%rax # 4030 11de: 48 21 f8 and %rdi,%rax Any comments? > Is this special kernel address handling only needed because > copy_to_kernel_nofault(), etc call the user helpers? I did not have any particular use-case in mind. But just if some kernel address gets there and bits get cleared we will have very hard to debug bug. -- Kirill A. Shutemov