lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Sep 2020 15:59:10 +0100
From:   Catalin Marinas <catalin.marinas@....com>
To:     Andrey Konovalov <andreyknvl@...gle.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Vincenzo Frascino <vincenzo.frascino@....com>,
        kasan-dev@...glegroups.com,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Alexander Potapenko <glider@...gle.com>,
        Marco Elver <elver@...gle.com>,
        Evgenii Stepanov <eugenis@...gle.com>,
        Elena Petrova <lenaptr@...gle.com>,
        Branislav Rankov <Branislav.Rankov@....com>,
        Kevin Brodsky <kevin.brodsky@....com>,
        Will Deacon <will.deacon@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 24/37] arm64: mte: Add in-kernel tag fault handler

On Tue, Sep 15, 2020 at 11:16:06PM +0200, Andrey Konovalov wrote:
>  static int do_tag_check_fault(unsigned long addr, unsigned int esr,
>  			      struct pt_regs *regs)
>  {
> -	do_bad_area(addr, esr, regs);
> +	/* The tag check fault (TCF) is per TTBR */
> +	if (is_ttbr0_addr(addr))
> +		do_bad_area(addr, esr, regs);
> +	else
> +		do_tag_recovery(addr, esr, regs);
> +
>  	return 0;
>  }

I had forgotten the details here. The TCF mode is per EL, so TCF0
affects EL0, TCF affects EL1 irrespective of which TTBR is used. Now, we
know the kernel accesses TTBR0 usually with LDTR/STTR instructions if
UAO is available (soon to get rid of), so these would act as EL0
accesses using TCF0. However, we have the futex.h code which uses
exclusives and they'd be executed as EL1, so you can potentially get a
tag check fault for such uaccess even if the user disabled it in TCF0.

The solution here I think is for uaccess_enable() to set PSTATE.TCO,
restore it in uaccess_disable().

We get away with not toggling PSTATE.TCO in the user MTE patches since
the TCF is always 0 for the kernel.

The do_tag_check_fault() above is still correct, apart from the comment
which needs a better explanation on why we do a is_ttbr0_addr() check.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ