| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Mar 2023 12:48:08 -0400
From: Gregory Price <gourry.memverge@...il.com>
To: linux-kernel@...r.kernel.org
Cc: linux-doc@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-arch@...r.kernel.org, oleg@...hat.com, avagin@...il.com,
peterz@...radead.org, luto@...nel.org, krisman@...labora.com,
tglx@...utronix.de, corbet@....net, shuah@...nel.org,
catalin.marinas@....com, arnd@...db.de, will@...nel.org,
mark.rutland@....com, tongtiangen@...wei.com, robin.murphy@....com,
Gregory Price <gregory.price@...verge.com>
Subject: [PATCH v14 1/4] asm-generic,arm64: create task variant of access_ok
On arm64, access_ok makes adjustments to pointers based on whether
memory tagging is enabled for a task (ARM MTE). When leveraging ptrace,
it's possible for a task to enable/disable various kernel features (such
as syscall user dispatch) which require user points as arguments.
To enable Task A to set these features via ptrace with Task B's
pointers, a task variant of access_ok is required for architectures with
features such as memory tagging.
If the architecture does not implement task_access_ok, the operation
reduces to access_ok and the task argument is discarded.
Signed-off-by: Gregory Price <gregory.price@...verge.com>
---
arch/arm64/include/asm/uaccess.h | 13 +++++++++++--
include/asm-generic/access_ok.h | 10 ++++++++++
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 5c7b2f9d5913..1a51a54f264f 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -35,7 +35,9 @@ static inline int __access_ok(const void __user *ptr, unsigned long size);
* This is equivalent to the following test:
* (u65)addr + (u65)size <= (u65)TASK_SIZE_MAX
*/
-static inline int access_ok(const void __user *addr, unsigned long size)
+static inline int task_access_ok(struct task_struct *task,
+ const void __user *addr,
+ unsigned long size)
{
/*
* Asynchronous I/O running in a kernel thread does not have the
@@ -43,11 +45,18 @@ static inline int access_ok(const void __user *addr, unsigned long size)
* the user address before checking.
*/
if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI) &&
- (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
+ (task->flags & PF_KTHREAD || test_ti_thread_flag(task, TIF_TAGGED_ADDR)))
addr = untagged_addr(addr);
return likely(__access_ok(addr, size));
}
+
+static inline int access_ok(const void __user *addr, unsigned long size)
+{
+ return task_access_ok(current, addr, size);
+}
+
+#define task_access_ok task_access_ok
#define access_ok access_ok
#include <asm-generic/access_ok.h>
diff --git a/include/asm-generic/access_ok.h b/include/asm-generic/access_ok.h
index 2866ae61b1cd..31465773c40a 100644
--- a/include/asm-generic/access_ok.h
+++ b/include/asm-generic/access_ok.h
@@ -45,4 +45,14 @@ static inline int __access_ok(const void __user *ptr, unsigned long size)
#define access_ok(addr, size) likely(__access_ok(addr, size))
#endif
+/*
+ * Some architectures may have special features (such as ARM MTE)
+ * that require handling if access_ok is called on a pointer from one
+ * task in the context of another. On most architectures this operation
+ * is equivalent to simply __access_ok.
+ */
+#ifndef task_access_ok
+#define task_access_ok(task, addr, size) likely(__access_ok(addr, size))
+#endif
+
#endif
--
2.39.1
Powered by blists - more mailing lists