From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE9C8C47422 for ; Thu, 25 Jan 2024 16:45:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8C1206B007B; Thu, 25 Jan 2024 11:45:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 872366B0099; Thu, 25 Jan 2024 11:45:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EBA06B007E; Thu, 25 Jan 2024 11:45:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5A1266B00AB for ; Thu, 25 Jan 2024 11:45:43 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 2B0931A0DF3 for ; Thu, 25 Jan 2024 16:45:43 +0000 (UTC) X-FDA: 81718409766.24.B5801D0 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf14.hostedemail.com (Postfix) with ESMTP id 5AB98100017 for ; Thu, 25 Jan 2024 16:45:41 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf14.hostedemail.com: domain of alexandru.elisei@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=alexandru.elisei@arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706201141; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JDPvXQHRthpuSC/CtNOCvPZ9frOdnRIFjtDWOmmFb68=; b=5R6OvTX+sQc9+gliH4kOMYSgCSYEKWd1Xq/YXGMIKDBrKRMFvOSS/4VFEmvGSlVgyZmlRd t1yCrv/7uPZvHF8IbLmnMyutjsPBnHI6CKBnLMcXzVQaKXwpG0bvc262qom6QFVce49V56 5wotRtGN4HJ9JlwsDIHkQoE3LU9W+AY= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=arm.com; spf=pass (imf14.hostedemail.com: domain of alexandru.elisei@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=alexandru.elisei@arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706201141; a=rsa-sha256; cv=none; b=OFMkA4Dv/FO/igXJNo+8ePm2zK1Mns7OPG07yfM3uKXWkLCQR22AAyjloeCSujZzeW53jL rIm8gJU4vXXaDZxyW89H1N/Izzf/CMCaU/w3zjpE0jqjrNYmxwisIQmmZSCNZCAf2myJNT JepbS5EVZYXy5c6Z/UsmiA6lP/QJ40E= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 09C361713; Thu, 25 Jan 2024 08:46:25 -0800 (PST) Received: from e121798.cable.virginm.net (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D3D8E3F5A1; Thu, 25 Jan 2024 08:45:34 -0800 (PST) From: Alexandru Elisei To: catalin.marinas@arm.com, will@kernel.org, oliver.upton@linux.dev, maz@kernel.org, james.morse@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, arnd@arndb.de, akpm@linux-foundation.org, mingo@redhat.com, peterz@infradead.org, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, vschneid@redhat.com, mhiramat@kernel.org, rppt@kernel.org, hughd@google.com Cc: pcc@google.com, steven.price@arm.com, anshuman.khandual@arm.com, vincenzo.frascino@arm.com, david@redhat.com, eugenis@google.com, kcc@google.com, hyesoo.yu@samsung.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-trace-kernel@vger.kernel.org Subject: [PATCH RFC v3 30/35] arm64: mte: ptrace: Handle pages with missing tag storage Date: Thu, 25 Jan 2024 16:42:51 +0000 Message-Id: <20240125164256.4147-31-alexandru.elisei@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240125164256.4147-1-alexandru.elisei@arm.com> References: <20240125164256.4147-1-alexandru.elisei@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 5AB98100017 X-Stat-Signature: ntspob4r591kw44j4im47gnhbra7zskc X-Rspam-User: X-HE-Tag: 1706201141-667057 X-HE-Meta: U2FsdGVkX1+y/ZTSTJB1UapGm2us4RDVdrcvrt44xNTbecb6tLv85DgiE2ceDgaXymH+FA5eZgpBCpU3HfQPFK1PokLtk6xmkafjgHkv+I36Fud9UEH/ybOzIdSgM9927PY8ErAJ3UqWgWCaYPE++YIfJ2dOc20Al6R5Lcvq/01Jp/N/kmrHZSCDtBQUuO5tw/K8zwLRNnTX1SHZpjxT2eb8nFZ3RzKflDfr32PiNBPowNDulLxDXg+5zUC0GhfhCj95yGjCCXSTOdgapj5OIdhwHRWGfthouARnn5wqxCAkYf0/V0EroQkJvmu9GDQqUIAYpqfQK5eFP9MEoXTv0S7sw3dM6G3DV25n6Mc1v0522RqNz3iwnvzDueEWA/Enc8T9V7DZ1vAiw7OihWKJ1K6KNaVoRoPkuqF9IfYJ1UWoXJBVxPh1GRmBojecgZT2vLTAEEGmvpuP2UbTU5qY4lNyD0Jcz8kbCaR7bXZYjnfSbun3P+4/SahxqbKF9uCFEoEu/iK4t4fhSa/51ECMb1lQqsPxHVDf+ZJM7+bSQaCiU7UPl/m/P4YRPnI5f400ZBSUukAMAVbo/V8nZUkELhg2ABL92p9tdt/VdyrwlHR6ivwTngRSnvqCJ9W4gmSRgIirafhEP9oMWfudO7cZnZSbxWE+/7ntMT064x7PPTEfPKXYK4U0OQXTeTGVyw5hF4fga8arEG1zM+rfBg4vxtCgQM9q5Zz6VQ3+R7+myFxIJGv4C6Jnptzxfj78UtPx3uEh/o5TzFV2R4MWLh3pwS5uoNsLLUzOPkf6y1hdiOFrrPTsoBErwkks8uU2rPNFbZPwdfcxero7e2bQHtcDfurkw7UK1qfDYc9iQHHNVAFxzmLV5oPnM2i8epVuoYCG714epIQPqqU8Q3f8Zg87fVmawfHK5BxX6D9O4WOVCLRU5QHdUSYQqX0QuMsPSX5dEPGisA63ckZArq+tbEK ARJT1WkB wTrMP3GOiRFAdXxY6lEFFiK4AHeETRTv54ad8FtsYIXAdCdoIeJz/hgJ+1kpiBdu3+nSq6v4uL1Uywgy6KPtmVGFen2vc4luBCOwUnLmdGd+ZUHMmny2myq2QBtZbgfQ6EY1SbGK3AfVbcUQ2Lr0bQhEpXKPPzVuKxPSV X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A page can end up mapped in a MTE enabled VMA without the corresponding tag storage block reserved. Tag accesses made by ptrace in this case can lead to the wrong tags being read or memory corruption for the process that is using the tag storage memory as data. Reserve tag storage by treating ptrace accesses like a fault. Signed-off-by: Alexandru Elisei --- Changes since rfc v2: * New patch, issue reported by Peter Collingbourne. arch/arm64/kernel/mte.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c index faf09da3400a..b1fa02dad4fd 100644 --- a/arch/arm64/kernel/mte.c +++ b/arch/arm64/kernel/mte.c @@ -412,10 +412,13 @@ static int __access_remote_tags(struct mm_struct *mm, unsigned long addr, while (len) { struct vm_area_struct *vma; unsigned long tags, offset; + unsigned int fault_flags; + struct page *page; + vm_fault_t ret; void *maddr; - struct page *page = get_user_page_vma_remote(mm, addr, - gup_flags, &vma); +get_page: + page = get_user_page_vma_remote(mm, addr, gup_flags, &vma); if (IS_ERR(page)) { err = PTR_ERR(page); break; @@ -433,6 +436,25 @@ static int __access_remote_tags(struct mm_struct *mm, unsigned long addr, put_page(page); break; } + + if (tag_storage_enabled() && !page_tag_storage_reserved(page)) { + fault_flags = FAULT_FLAG_DEFAULT | \ + FAULT_FLAG_USER | \ + FAULT_FLAG_REMOTE | \ + FAULT_FLAG_ALLOW_RETRY | \ + FAULT_FLAG_RETRY_NOWAIT; + if (write) + fault_flags |= FAULT_FLAG_WRITE; + + put_page(page); + ret = handle_mm_fault(vma, addr, fault_flags, NULL); + if (ret & VM_FAULT_ERROR) { + err = -EFAULT; + break; + } + goto get_page; + } + WARN_ON_ONCE(!page_mte_tagged(page)); /* limit access to the end of the page */ -- 2.43.0