From patchwork Wed Jul  7 18:43:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Collingbourne <pcc@google.com>
X-Patchwork-Id: 12363771
Return-Path: 
 <SRS0=uKMd=L7=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5ED91C07E95
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed,  7 Jul 2021 18:44:51 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2585860720
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed,  7 Jul 2021 18:44:51 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2585860720
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org;
 spf=none
 smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version:
	Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=d98AG1U/tuujc+aX0rh3AFAZVofVJfS4URUyKnp7oDs=; b=Ths
	beM7u186x3vyct73LzG6npmluR6246Z4kY+emwmt3+dkUUmLfuANJj5Gn6j7FAlD7DI1cIWfQxW45
	nasMYVbEOlJ39Jhb0YcJ4Qvih7FH7WDfNbckLQM4wJFx46nBmml28P1JChDVZegSyueurdRZPDDgp
	hrnU63aQALd3CUa5KDNjmfrc+vOMA+GLPRpF0v5Ia1++LAIZYPQ2gDMdQfXhSXaXnVRYBpZF3YvA/
	NHgbbdj6aBqVtnrQ7M4jUDjRTfdvZONX52EWjXmdoh7lchd4pXpF4uv9Tn3642Dc1Qfqnmu5WXKxz
	xrQ6Z5cjICPGUpauw1xbit3VLgsfTlg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1m1CW4-00FWt4-UT; Wed, 07 Jul 2021 18:43:25 +0000
Received: from mail-qv1-xf4a.google.com ([2607:f8b0:4864:20::f4a])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1m1CW0-00FWof-H1
 for linux-arm-kernel@lists.infradead.org; Wed, 07 Jul 2021 18:43:22 +0000
Received: by mail-qv1-xf4a.google.com with SMTP id
 q2-20020ad45ca20000b02902b1554c2318so2279177qvh.11
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 07 Jul 2021 11:43:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=20161025;
 h=date:message-id:mime-version:subject:from:to:cc;
 bh=B1SHSXMV0HwmC+9P5VFvVEWT1t8VGL6TFMbPuOOATxY=;
 b=KTEq2G08z0KygBORnDNKjolOnRBesSfdEjOjFAlqb4xRshTUE+9W1NxVHwSwjKcbeh
 WuoNMOFmyoxRA0wsHluRTEBdfnmXU9ZkuhElMQmtIqPFaNThWYYqx8VH7y2r+aHMgmG8
 tj2UAmWecVqpCSeL4cqj5sJzkawMsy21UUr1C6vcMNalqKBc8vX55Y10oVPVjhmISnMa
 o+uEqPrmls8JI0w8dj37Wp+dhGxWpLBXF0evZJaqU1ZkZIEQsN15bPWX+a/2YoZUMa4O
 QxLaLRtDSE/AH0VQMigqoR2DGZND5W66+xC/lU1B44NvSdxv1O50wrUSbNOPO9jVNOD/
 KARA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
 bh=B1SHSXMV0HwmC+9P5VFvVEWT1t8VGL6TFMbPuOOATxY=;
 b=A0JSFAMTw4Rz0VNvm0DiK+DvCP6eJRPfcKHLh0FlDZhE7ZZ49myf2gf9iqbBtXnNu+
 651UexJI791qPndJsDnxxEYKa3OOjhmwXsJ3MFH3RiS2h+fde7IuL+iPaJXPJygQjr+3
 frRnCyL9cRbw72I6TeQg9k6gjz31sO2AMXqh+hVuoRtL9ViThc74Q95agpGZhnIfs0Yh
 pezZvPZx/7dbp8zbWM0ea5XNgFpTzWvcecwEunPs9BMz9mdnzbBtGt/UpzzxfBtxcVSW
 tbbRTrlT279o60NbN8accQjLdottkDmvTq6ldidFF4w/MD+FYwd7M/4zwWCBhztMOyeV
 +58w==
X-Gm-Message-State: AOAM531/xVfXKRyKilAuClaFaDYSWV4AuEIPk8uEMiS1Bv9fFMNYb9O2
 p43+oNXRaL6SY3zOxe0ncVOa764=
X-Google-Smtp-Source: 
 ABdhPJzip+f6PsQM2ye7QjMaeQwFz7yIYQnXWFcTHHmpqVJJRbHm9u0nXU1iQ3MIuP4Fxj93dlkmr10=
X-Received: from pcc-desktop.svl.corp.google.com
 ([2620:15c:2ce:200:3b71:8b83:5f3c:e3df])
 (user=pcc job=sendgmr) by 2002:a05:6214:c48:: with SMTP id
 r8mr25587238qvj.62.1625683398494; Wed, 07 Jul 2021 11:43:18 -0700 (PDT)
Date: Wed,  7 Jul 2021 11:43:11 -0700
Message-Id: <20210707184313.3697385-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog
Subject: [PATCH v4 0/2] userfaultfd: do not untag user pointers
From: Peter Collingbourne <pcc@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
 Dave Martin <Dave.Martin@arm.com>, Will Deacon <will@kernel.org>,
 Andrew Morton <akpm@linux-foundation.org>,
 Andrea Arcangeli <aarcange@redhat.com>
Cc: Peter Collingbourne <pcc@google.com>, Alistair Delva <adelva@google.com>,
 Lokesh Gidra <lokeshgidra@google.com>,
 William McVicker <willmcvicker@google.com>,
 Evgenii Stepanov <eugenis@google.com>, Mitch Phillips <mitchp@google.com>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>, linux-mm@kvack.org,
 Andrey Konovalov <andreyknvl@gmail.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210707_114320_607652_8D52F320 
X-CRM114-Status: GOOD (  14.79  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

If a user program uses userfaultfd on ranges of heap memory, it may
end up passing a tagged pointer to the kernel in the range.start
field of the UFFDIO_REGISTER ioctl. This can happen when using an
MTE-capable allocator, or on Android if using the Tagged Pointers
feature for MTE readiness [1].

When a fault subsequently occurs, the tag is stripped from the fault
address returned to the application in the fault.address field
of struct uffd_msg. However, from the application's perspective,
the tagged address *is* the memory address, so if the application
is unaware of memory tags, it may get confused by receiving an
address that is, from its point of view, outside of the bounds of the
allocation. We observed this behavior in the kselftest for userfaultfd
[2] but other applications could have the same problem.

Address this by not untagging pointers passed to the userfaultfd
ioctls. Instead, let the system call fail. Also change the kselftest
to use mmap so that it doesn't encounter this problem.

[1] https://source.android.com/devices/tech/debug/tagged-pointers
[2] tools/testing/selftests/vm/userfaultfd.c

Peter Collingbourne (2):
  userfaultfd: do not untag user pointers
  selftest: use mmap instead of posix_memalign to allocate memory

 Documentation/arm64/tagged-address-abi.rst | 26 +++++++++++++++-------
 fs/userfaultfd.c                           | 26 ++++++++++------------
 tools/testing/selftests/vm/userfaultfd.c   |  6 +++--
 3 files changed, 34 insertions(+), 24 deletions(-)