lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 3 May 2019 17:28:46 +0100
From:   Catalin Marinas <>
To:     Jason Gunthorpe <>
Cc:     Leon Romanovsky <>,
        Andrey Konovalov <>,
        Will Deacon <>,
        Robin Murphy <>,
        Kees Cook <>,
        Greg Kroah-Hartman <>,
        Andrew Morton <>,
        Vincenzo Frascino <>,
        Eric Dumazet <>,
        "David S. Miller" <>,
        Yishai Hadas <>,,,,,,,
        Dmitry Vyukov <>,
        Kostya Serebryany <>,
        Evgeniy Stepanov <>,
        Ramana Radhakrishnan <>,
        Ruben Ayrapetyan <>,
        Luc Van Oostenryck <>,
        Dave Martin <>,
        Kevin Brodsky <>,
        Szabolcs Nagy <>
Subject: Re: [PATCH v13 16/20] IB/mlx4, arm64: untag user pointers in

Thanks Jason and Leon for the information.

On Thu, May 02, 2019 at 03:44:42PM -0300, Jason Gunthorpe wrote:
> On Tue, Apr 30, 2019 at 12:16:25PM +0100, Catalin Marinas wrote:
> > > Interesting, the followup question is why mlx4 is only one driver in IB which
> > > needs such code in umem_mr. I'll take a look on it.
> > 
> > I don't know. Just using the light heuristics of find_vma() shows some
> > other places. For example, ib_umem_odp_get() gets the umem->address via
> > ib_umem_start(). This was previously set in ib_umem_get() as called from
> > mlx4_get_umem_mr(). Should the above patch have just untagged "start" on
> > entry?
> I have a feeling that there needs to be something for this in the odp
> code..
> Presumably mmu notifiers and what not also use untagged pointers? Most
> likely then the umem should also be storing untagged pointers.


> This probably becomes problematic because we do want the tag in cases
> talking about the base VA of the MR..

It depends on whether the tag is relevant to the kernel or not. The only
useful case so far is for the kernel performing copy_form_user() etc.
accesses so they'd get checked in the presence of hardware memory
tagging (MTE; but it's not mandatory, a 0 tag would do as well).

If we talk about a memory range where the content is relatively opaque
(or irrelevant) to the kernel code, we don't really need the tag. I'm
not familiar to RDMA but I presume it would be a device accessing such
MR but not through the user VA directly. The tag is a property of the
buffer address/pointer when accessed by the CPU at that specific address
range. Any DMA or even kernel accessing it through the linear mapping
(get_user_pages()) would drop such tag.


Powered by blists - more mailing lists