| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c4bdd767-eb3f-6668-0f49-4aaf4bc7689d@oracle.com>
Date: Wed, 19 Jun 2019 10:46:17 -0600
From: Khalid Aziz <khalid.aziz@...cle.com>
To: Andrey Konovalov <andreyknvl@...gle.com>,
linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, amd-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org, linux-rdma@...r.kernel.org,
linux-media@...r.kernel.org, kvm@...r.kernel.org,
linux-kselftest@...r.kernel.org
Cc: Catalin Marinas <catalin.marinas@....com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Will Deacon <will.deacon@....com>,
Mark Rutland <mark.rutland@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...omium.org>,
Yishai Hadas <yishaih@...lanox.com>,
Felix Kuehling <Felix.Kuehling@....com>,
Alexander Deucher <Alexander.Deucher@....com>,
Christian Koenig <Christian.Koenig@....com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Jens Wiklander <jens.wiklander@...aro.org>,
Alex Williamson <alex.williamson@...hat.com>,
Leon Romanovsky <leon@...nel.org>,
Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
Dave Martin <Dave.Martin@....com>, enh <enh@...gle.com>,
Jason Gunthorpe <jgg@...pe.ca>,
Christoph Hellwig <hch@...radead.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
Evgeniy Stepanov <eugenis@...gle.com>,
Lee Smith <Lee.Smith@....com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
Jacob Bramley <Jacob.Bramley@....com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
Robin Murphy <robin.murphy@....com>,
Kevin Brodsky <kevin.brodsky@....com>,
Szabolcs Nagy <Szabolcs.Nagy@....com>
Subject: Re: [PATCH v17 04/15] mm, arm64: untag user pointers passed to memory
syscalls
On 6/19/19 9:55 AM, Khalid Aziz wrote:
> On 6/12/19 5:43 AM, Andrey Konovalov wrote:
>> This patch is a part of a series that extends arm64 kernel ABI to allow to
>> pass tagged user pointers (with the top byte set to something else other
>> than 0x00) as syscall arguments.
>>
>> This patch allows tagged pointers to be passed to the following memory
>> syscalls: get_mempolicy, madvise, mbind, mincore, mlock, mlock2, mprotect,
>> mremap, msync, munlock, move_pages.
>>
>> The mmap and mremap syscalls do not currently accept tagged addresses.
>> Architectures may interpret the tag as a background colour for the
>> corresponding vma.
>>
>> Reviewed-by: Catalin Marinas <catalin.marinas@....com>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
>> ---
>
> Reviewed-by: Khalid Aziz <khalid.aziz@...cle.com>
>
>
I would also recommend updating commit log for all the patches in this
series that are changing files under mm/ as opposed to arch/arm64 to not
reference arm64 kernel ABI since the change applies to every
architecture. So something along the lines of "This patch is part of a
series that extends kernel ABI to allow......."
--
Khalid
>> mm/madvise.c | 2 ++
>> mm/mempolicy.c | 3 +++
>> mm/migrate.c | 2 +-
>> mm/mincore.c | 2 ++
>> mm/mlock.c | 4 ++++
>> mm/mprotect.c | 2 ++
>> mm/mremap.c | 7 +++++++
>> mm/msync.c | 2 ++
>> 8 files changed, 23 insertions(+), 1 deletion(-)
>>
>> diff --git a/mm/madvise.c b/mm/madvise.c
>> index 628022e674a7..39b82f8a698f 100644
>> --- a/mm/madvise.c
>> +++ b/mm/madvise.c
>> @@ -810,6 +810,8 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
>> size_t len;
>> struct blk_plug plug;
>>
>> + start = untagged_addr(start);
>> +
>> if (!madvise_behavior_valid(behavior))
>> return error;
>>
>> diff --git a/mm/mempolicy.c b/mm/mempolicy.c
>> index 01600d80ae01..78e0a88b2680 100644
>> --- a/mm/mempolicy.c
>> +++ b/mm/mempolicy.c
>> @@ -1360,6 +1360,7 @@ static long kernel_mbind(unsigned long start, unsigned long len,
>> int err;
>> unsigned short mode_flags;
>>
>> + start = untagged_addr(start);
>> mode_flags = mode & MPOL_MODE_FLAGS;
>> mode &= ~MPOL_MODE_FLAGS;
>> if (mode >= MPOL_MAX)
>> @@ -1517,6 +1518,8 @@ static int kernel_get_mempolicy(int __user *policy,
>> int uninitialized_var(pval);
>> nodemask_t nodes;
>>
>> + addr = untagged_addr(addr);
>> +
>> if (nmask != NULL && maxnode < nr_node_ids)
>> return -EINVAL;
>>
>> diff --git a/mm/migrate.c b/mm/migrate.c
>> index f2ecc2855a12..d22c45cf36b2 100644
>> --- a/mm/migrate.c
>> +++ b/mm/migrate.c
>> @@ -1616,7 +1616,7 @@ static int do_pages_move(struct mm_struct *mm, nodemask_t task_nodes,
>> goto out_flush;
>> if (get_user(node, nodes + i))
>> goto out_flush;
>> - addr = (unsigned long)p;
>> + addr = (unsigned long)untagged_addr(p);
>>
>> err = -ENODEV;
>> if (node < 0 || node >= MAX_NUMNODES)
>> diff --git a/mm/mincore.c b/mm/mincore.c
>> index c3f058bd0faf..64c322ed845c 100644
>> --- a/mm/mincore.c
>> +++ b/mm/mincore.c
>> @@ -249,6 +249,8 @@ SYSCALL_DEFINE3(mincore, unsigned long, start, size_t, len,
>> unsigned long pages;
>> unsigned char *tmp;
>>
>> + start = untagged_addr(start);
>> +
>> /* Check the start address: needs to be page-aligned.. */
>> if (start & ~PAGE_MASK)
>> return -EINVAL;fixup_user_fault
>> diff --git a/mm/mlock.c b/mm/mlock.c
>> index 080f3b36415b..e82609eaa428 100644
>> --- a/mm/mlock.c
>> +++ b/mm/mlock.c
>> @@ -674,6 +674,8 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla
>> unsigned long lock_limit;
>> int error = -ENOMEM;
>>
>> + start = untagged_addr(start);
>> +
>> if (!can_do_mlock())
>> return -EPERM;
>>
>> @@ -735,6 +737,8 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
>> {
>> int ret;
>>
>> + start = untagged_addr(start);
>> +
>> len = PAGE_ALIGN(len + (offset_in_page(start)));
>> start &= PAGE_MASK;
>>
>> diff --git a/mm/mprotect.c b/mm/mprotect.c
>> index bf38dfbbb4b4..19f981b733bc 100644
>> --- a/mm/mprotect.c
>> +++ b/mm/mprotect.c
>> @@ -465,6 +465,8 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
>> const bool rier = (current->personality & READ_IMPLIES_EXEC) &&
>> (prot & PROT_READ);
>>
>> + start = untagged_addr(start);
>> +
>> prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
>> if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */
>> return -EINVAL;
>> diff --git a/mm/mremap.c b/mm/mremap.c
>> index fc241d23cd97..64c9a3b8be0a 100644
>> --- a/mm/mremap.c
>> +++ b/mm/mremap.c
>> @@ -606,6 +606,13 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
>> LIST_HEAD(uf_unmap_early);
>> LIST_HEAD(uf_unmap);
>>
>> + /*
>> + * Architectures may interpret the tag passed to mmap as a background
>> + * colour for the corresponding vma. For mremap we don't allow tagged
>> + * new_addr to preserve similar behaviour to mmap.
>> + */
>> + addr = untagged_addr(addr);
>> +
>> if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
>> return ret;
>>
>> diff --git a/mm/msync.c b/mm/msync.c
>> index ef30a429623a..c3bd3e75f687 100644
>> --- a/mm/msync.c
>> +++ b/mm/msync.c
>> @@ -37,6 +37,8 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags)
>> int unmapped_error = 0;
>> int error = -EINVAL;
>>
>> + start = untagged_addr(start);
>> +
>> if (flags & ~(MS_ASYNC | MS_INVALIDATE | MS_SYNC))
>> goto out;
>> if (offset_in_page(start))
>>
>
>
Powered by blists - more mailing lists