| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c1e9c10a-c4d0-caf5-5501-6d676ac2abea@arm.com>
Date: Thu, 3 Dec 2020 10:39:22 +0000
From: Vincenzo Frascino <vincenzo.frascino@....com>
To: Catalin Marinas <catalin.marinas@....com>,
Andrey Konovalov <andreyknvl@...gle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Will Deacon <will@...nel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Marco Elver <elver@...gle.com>,
Evgenii Stepanov <eugenis@...gle.com>,
Branislav Rankov <Branislav.Rankov@....com>,
Kevin Brodsky <kevin.brodsky@....com>,
kasan-dev@...glegroups.com, linux-arm-kernel@...ts.infradead.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Mark Rutland <mark.rutland@....com>
Subject: Re: [PATCH mm v11 27/42] arm64: mte: Add in-kernel tag fault handler
On 12/3/20 10:26 AM, Catalin Marinas wrote:
>> static inline void uaccess_enable(void)
>> {
>> + asm volatile(ALTERNATIVE("nop", SET_PSTATE_TCO(1),
>> + ARM64_MTE, CONFIG_KASAN_HW_TAGS));
>> +
>> __uaccess_enable(ARM64_HAS_PAN);
>> }
>
> I think that's insufficient if CONFIG_ARM64_PAN is disabled. In the !PAN
> case, the get/put_user() accessors use standard LDR/STR instructions
> which would follow the TCF rather than TCF0 mode checking. However, they
> don't use the above uaccess_disable/enable() functions.
>
> The current user space support is affected as well but luckily we just
> skip tag checking on the uaccess routines if !PAN since the kernel TCF
> is 0. With the in-kernel MTE, TCF may be more strict than TCF0.
>
> My suggestion is to simply make CONFIG_ARM64_MTE depend on (or select)
> PAN. Architecturally this should work since PAN is required for ARMv8.1,
> so present with any MTE implementation. This patch is on top of -next,
> though it has a Fixes tag in 5.10:
>
Agreed, since PAN is required for ARMv8.1 we should not find any implementation
of MTE that lacks PAN.
> --------------------------8<---------------------------
> From ecc819804c1fb1ad498d7ced07e01e3b3e055a3f Mon Sep 17 00:00:00 2001
> From: Catalin Marinas <catalin.marinas@....com>
> Date: Thu, 3 Dec 2020 10:15:39 +0000
> Subject: [PATCH] arm64: mte: Ensure CONFIG_ARM64_PAN is enabled with MTE
>
> The uaccess routines like get/put_user() rely on the user TCF0 mode
> setting for tag checking. However, if CONFIG_ARM64_PAN is disabled,
> these routines would use the standard LDR/STR instructions and therefore
> the kernel TCF mode. In 5.10, the kernel TCF==0, so no tag checking, but
> this will change with the in-kernel MTE support.
>
> Make ARM64_MTE depend on ARM64_PAN.
>
> Fixes: 89b94df9dfb1 ("arm64: mte: Kconfig entry")
> Signed-off-by: Catalin Marinas <catalin.marinas@....com>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@....com>
> ---
> arch/arm64/Kconfig | 2 ++
> 1 file changed, 2 insertions(+)
>
> =======================================
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 844d62df776c..f9eed3a5917e 100644
>
> --- a/arch/arm64/Kconfig
>
> +++ b/arch/arm64/Kconfig
>
> @@ -1673,6 +1673,8 @@
>
> config ARM64_MTE
>
> » default·y
> » depends·on·ARM64_AS_HAS_MTE·&&·ARM64_TAGGED_ADDR_ABI
> » depends·on·AS_HAS_ARMV8_5
> +» #·Required·for·tag·checking·in·the·uaccess·routines
> +» depends·on·ARM64_PAN
> » select·ARCH_USES_HIGH_VMA_FLAGS
> » help
> » ··Memory·Tagging·(part·of·the·ARMv8.5·Extensions)·provides
--
Regards,
Vincenzo
Powered by blists - more mailing lists