[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190809160800.GC23083@arrakis.emea.arm.com>
Date: Fri, 9 Aug 2019 17:08:00 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Andrey Konovalov <andreyknvl@...gle.com>,
Will Deacon <will.deacon@....com>
Cc: linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, amd-gfx@...ts.freedesktop.org,
dri-devel@...ts.freedesktop.org, linux-rdma@...r.kernel.org,
linux-media@...r.kernel.org, kvm@...r.kernel.org,
linux-kselftest@...r.kernel.org,
Vincenzo Frascino <vincenzo.frascino@....com>,
Mark Rutland <mark.rutland@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...omium.org>,
Yishai Hadas <yishaih@...lanox.com>,
Felix Kuehling <Felix.Kuehling@....com>,
Alexander Deucher <Alexander.Deucher@....com>,
Christian Koenig <Christian.Koenig@....com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Jens Wiklander <jens.wiklander@...aro.org>,
Alex Williamson <alex.williamson@...hat.com>,
Leon Romanovsky <leon@...nel.org>,
Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
Dave Martin <Dave.Martin@....com>,
Khalid Aziz <khalid.aziz@...cle.com>, enh <enh@...gle.com>,
Jason Gunthorpe <jgg@...pe.ca>,
Christoph Hellwig <hch@...radead.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
Evgeniy Stepanov <eugenis@...gle.com>,
Lee Smith <Lee.Smith@....com>,
Ramana Radhakrishnan <Ramana.Radhakrishnan@....com>,
Jacob Bramley <Jacob.Bramley@....com>,
Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
Robin Murphy <robin.murphy@....com>,
Kevin Brodsky <kevin.brodsky@....com>,
Szabolcs Nagy <Szabolcs.Nagy@....com>,
Dave Hansen <dave.hansen@...el.com>
Subject: Re: [PATCH v19 02/15] arm64: Introduce prctl() options to control
the tagged user addresses ABI
On Tue, Jul 23, 2019 at 07:58:39PM +0200, Andrey Konovalov wrote:
> From: Catalin Marinas <catalin.marinas@....com>
>
> It is not desirable to relax the ABI to allow tagged user addresses into
> the kernel indiscriminately. This patch introduces a prctl() interface
> for enabling or disabling the tagged ABI with a global sysctl control
> for preventing applications from enabling the relaxed ABI (meant for
> testing user-space prctl() return error checking without reconfiguring
> the kernel). The ABI properties are inherited by threads of the same
> application and fork()'ed children but cleared on execve(). A Kconfig
> option allows the overall disabling of the relaxed ABI.
>
> The PR_SET_TAGGED_ADDR_CTRL will be expanded in the future to handle
> MTE-specific settings like imprecise vs precise exceptions.
>
> Reviewed-by: Kees Cook <keescook@...omium.org>
> Signed-off-by: Catalin Marinas <catalin.marinas@....com>
> Signed-off-by: Andrey Konovalov <andreyknvl@...gle.com>
Following several discussions on the list and in private, I'm proposing
the update below. I can send it as a patch on top of the current series
since Will has already queued this.
---------------8<-------------------------------------
>From 1b3f57ab0c2c51f8b31c19fb34d270e1f3ee57fe Mon Sep 17 00:00:00 2001
From: Catalin Marinas <catalin.marinas@....com>
Date: Fri, 9 Aug 2019 15:09:15 +0100
Subject: [PATCH] fixup! arm64: Introduce prctl() options to control the
tagged user addresses ABI
Rename abi.tagged_addr sysctl control to abi.tagged_addr_disabled,
defaulting to 0. Only prevent prctl(PR_TAGGED_ADDR_ENABLE)from being
called when abi.tagged_addr_disabled==1.
Force unused arg* of the new prctl() to 0.
Signed-off-by: Catalin Marinas <catalin.marinas@....com>
---
arch/arm64/kernel/process.c | 17 ++++++++++-------
kernel/sys.c | 4 ++++
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 76b7c55026aa..03689c0beb34 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -579,17 +579,22 @@ void arch_setup_new_exec(void)
/*
* Control the relaxed ABI allowing tagged user addresses into the kernel.
*/
-static unsigned int tagged_addr_prctl_allowed = 1;
+static unsigned int tagged_addr_disabled;
long set_tagged_addr_ctrl(unsigned long arg)
{
- if (!tagged_addr_prctl_allowed)
- return -EINVAL;
if (is_compat_task())
return -EINVAL;
if (arg & ~PR_TAGGED_ADDR_ENABLE)
return -EINVAL;
+ /*
+ * Do not allow the enabling of the tagged address ABI if globally
+ * disabled via sysctl abi.tagged_addr_disabled.
+ */
+ if (arg & PR_TAGGED_ADDR_ENABLE && tagged_addr_disabled)
+ return -EINVAL;
+
update_thread_flag(TIF_TAGGED_ADDR, arg & PR_TAGGED_ADDR_ENABLE);
return 0;
@@ -597,8 +602,6 @@ long set_tagged_addr_ctrl(unsigned long arg)
long get_tagged_addr_ctrl(void)
{
- if (!tagged_addr_prctl_allowed)
- return -EINVAL;
if (is_compat_task())
return -EINVAL;
@@ -618,9 +621,9 @@ static int one = 1;
static struct ctl_table tagged_addr_sysctl_table[] = {
{
- .procname = "tagged_addr",
+ .procname = "tagged_addr_disabled",
.mode = 0644,
- .data = &tagged_addr_prctl_allowed,
+ .data = &tagged_addr_disabled,
.maxlen = sizeof(int),
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
diff --git a/kernel/sys.c b/kernel/sys.c
index c6c4d5358bd3..ec48396b4943 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2499,9 +2499,13 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = PAC_RESET_KEYS(me, arg2);
break;
case PR_SET_TAGGED_ADDR_CTRL:
+ if (arg3 || arg4 || arg5)
+ return -EINVAL;
error = SET_TAGGED_ADDR_CTRL(arg2);
break;
case PR_GET_TAGGED_ADDR_CTRL:
+ if (arg2 || arg3 || arg4 || arg5)
+ return -EINVAL;
error = GET_TAGGED_ADDR_CTRL();
break;
default:
Powered by blists - more mailing lists