lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aKNyj_6dZVp9O4BA@arm.com>
Date: Mon, 18 Aug 2025 19:35:59 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Yeoreum Yun <yeoreum.yun@....com>
Cc: will@...nel.org, broonie@...nel.org, maz@...nel.org,
	oliver.upton@...ux.dev, shameerali.kolothum.thodi@...wei.com,
	joey.gouly@....com, james.morse@....com, ardb@...nel.org,
	scott@...amperecomputing.com, suzuki.poulose@....com,
	yuzenghui@...wei.com, mark.rutland@....com,
	linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 5/5] arm64: futex: support futex with FEAT_LSUI

On Sat, Aug 16, 2025 at 03:57:49PM +0100, Yeoreum Yun wrote:
> > > > +#ifdef CONFIG_AS_HAS_LSUI
> > > > +
> > > > +#define __LSUI_PREAMBLE	".arch_extension lsui\n"
> > > > +
> > > > +#define LSUI_FUTEX_ATOMIC_OP(op, asm_op, mb)				\
> > > > +static __always_inline int						\
> > > > +__lsui_futex_atomic_##op(int oparg, u32 __user *uaddr, int *oval)	\
> > > > +{									\
> > > > +	int ret = 0;							\
> > > > +	int val;							\
> > > > +									\
> > > > +	mte_enable_tco();						\
> > >
> >
> > > The reason uaccess_disable_privileged() sets the MTE TCO (tag check
> > > override) is because the user and the kernel may have different settings
> > > for tag checking. If we use the user instructions provided by FEAT_LSUI,
> > > we leave the MTE checking as is.
> > >
> > > The same comment for all the other functions here.
> >
> > You're right. Thanks for catching this :)
> 
> But one bikeshedding question.
> why we need to care about the different settings for tag checking when
> we use uaccess_disable_privileged()?

Because, for example, the user may not be interested in any tag check
faults (has checking disabled) but the kernel uses KASAN with
synchronous tag check faults. If it uses the privileged instructions as
in the futex API, it either won't make progress or report errors to the
user which it does not expect.

> IIUC, the reason we uses to uaccess_disaable_privileged() to access
> user memory with copy_from/to_user() and etc.

We don't use uaccess_disable_privileged() with copy_from_user() since
those use the unprivileged instructions already.

> But, although tag check fault happens in kernel side,
> It seems to be handled by fixup code if user address is wrong.

The user may know it is wrong and not care (e.g. one wants to keep using
a buggy application).

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ