From patchwork Wed Jul 14 19:54:35 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Collingbourne <pcc@google.com>
X-Patchwork-Id: 12378061
Return-Path: 
 <SRS0=F2nd=MG=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA4A6C12002
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 14 Jul 2021 23:24:29 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id A9BBD60E08
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 14 Jul 2021 23:24:29 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A9BBD60E08
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org;
 spf=none
 smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version:
	Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=d98AG1U/tuujc+aX0rh3AFAZVofVJfS4URUyKnp7oDs=; b=hVM
	mZ/XXotLYHPLgkmiRRmS1w1e5mcTxEcyFvpL0W24EHY6aWKcMPJ92qKDmyUOwVdGTgrHzrddM2aFP
	anuW63GcUKGHQTBCZQkhLis+BmaGg9i5QSUPy56kTA61Ds5Eml6K3whDChz0ZsdVwThcDVzWz5gDR
	Q0wxG2zWyGEMXdkKYXNvG/aXV5NW+VxT+m9Dy+KsO/X8BxDzI5isdoVt6NiPWOMY6MdwWv9vV5AaY
	IiZNuvgdJClNz1QefFyp1W25yF+3RP3f5a+AY2wcP6Lm1CvK6dPrDAjOyZz+qqy3rCP7sKZ6WV2E1
	7+LjvliW3i2TRUNoZsVIKDHZsa8IgNQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1m3oCc-00GF2o-2l; Wed, 14 Jul 2021 23:22:08 +0000
Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1m3kxu-00EkEz-QQ
 for linux-arm-kernel@lists.infradead.org; Wed, 14 Jul 2021 19:54:44 +0000
Received: by mail-qv1-xf49.google.com with SMTP id
 t7-20020a0562140c67b02902f36ca6afdcso1722049qvj.7
 for <linux-arm-kernel@lists.infradead.org>;
 Wed, 14 Jul 2021 12:54:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=20161025;
 h=date:message-id:mime-version:subject:from:to:cc;
 bh=B1SHSXMV0HwmC+9P5VFvVEWT1t8VGL6TFMbPuOOATxY=;
 b=WErmltjqCScAeoL/1UWj5U7LaiDDlcwOlSqg7PsI1qfsp6dfr6f0V3Bu7D/khHRaH7
 yKF8pmaPPzYJ9h/WX//XlPXgzHasENBCeOQTYL4uuwUAUnJQxwT7TIzmrd0FIkaHWCxd
 AoVQ5kysRm8aPbKCxxjZEbhJZz8qoY3P0Vl1yisjxph3paCLD4ofOLxuLMnPgohoSzfY
 1l/Xbbk6oTX0c/pa/LKxVtwpasQOSb3TRrwCvrH4GJMNl/T1d5QUtbkrvC3V35cTzbE/
 SDYr9Sx2QlqzvSUX/aSv5bC3+ybtRhHnAnugbrqR5JndCERoOKwx9fCk9d4Ji4baKjJY
 3Tmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
 bh=B1SHSXMV0HwmC+9P5VFvVEWT1t8VGL6TFMbPuOOATxY=;
 b=Z1AZMA+l9WPbWpGaEmf1gzgPZokqScV2K20ckcZQkehe8NYhhx/y7mEE3lc9SYf+Qr
 Z0iXoGJRfvMd5sANIN1rVF6JRR3Om495sxTBotZyh1nHaQvJ/reoEW4v+fUzbIhQkalE
 TZ5dYe+UrPcUOVx7u48ccHV/mzYYD/xYzYPiSC+FVGmY0/oir5CaPODUc8Sm6fajxhGN
 UpJS+CEKVrt8G02DLDPL7Za+YMjGaDMzujdLlVPbB0PWgLTtSQ/BZV8FWAR+POLYU7sx
 3mSASabRop1sEL2QuMUTntpQ6yEVvfGMw7e3cZA1VrABSPFvW9u3iPZ0iH+4Y1i/l31F
 ybhg==
X-Gm-Message-State: AOAM531hCS/HQF7HqShUJbomtfYGnlgKivgY7SNHUFTafkUJgK/FK8Wp
 F8buvD9n9RmGndYm/bOmad400kU=
X-Google-Smtp-Source: 
 ABdhPJy0PeCqbjVg3gqhPUpwRDdjza+5edRKU6em6ovECOEIlTb62E9S5tR/JiBcbi04spxvfIqSTME=
X-Received: from pcc-desktop.svl.corp.google.com
 ([2620:15c:2ce:200:a993:4290:ae1e:51db])
 (user=pcc job=sendgmr) by 2002:a05:6214:242b:: with SMTP id
 gy11mr12449501qvb.9.1626292480147; Wed, 14 Jul 2021 12:54:40 -0700 (PDT)
Date: Wed, 14 Jul 2021 12:54:35 -0700
Message-Id: <20210714195437.118982-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog
Subject: [PATCH v5 0/2] userfaultfd: do not untag user pointers
From: Peter Collingbourne <pcc@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
 Dave Martin <Dave.Martin@arm.com>, Will Deacon <will@kernel.org>,
 Andrew Morton <akpm@linux-foundation.org>,
 Andrea Arcangeli <aarcange@redhat.com>
Cc: Peter Collingbourne <pcc@google.com>, Alistair Delva <adelva@google.com>,
 Lokesh Gidra <lokeshgidra@google.com>,
 William McVicker <willmcvicker@google.com>,
 Evgenii Stepanov <eugenis@google.com>, Mitch Phillips <mitchp@google.com>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>, linux-mm@kvack.org,
 Andrey Konovalov <andreyknvl@gmail.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210714_125442_930195_BA51A4C8 
X-CRM114-Status: GOOD (  13.86  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

If a user program uses userfaultfd on ranges of heap memory, it may
end up passing a tagged pointer to the kernel in the range.start
field of the UFFDIO_REGISTER ioctl. This can happen when using an
MTE-capable allocator, or on Android if using the Tagged Pointers
feature for MTE readiness [1].

When a fault subsequently occurs, the tag is stripped from the fault
address returned to the application in the fault.address field
of struct uffd_msg. However, from the application's perspective,
the tagged address *is* the memory address, so if the application
is unaware of memory tags, it may get confused by receiving an
address that is, from its point of view, outside of the bounds of the
allocation. We observed this behavior in the kselftest for userfaultfd
[2] but other applications could have the same problem.

Address this by not untagging pointers passed to the userfaultfd
ioctls. Instead, let the system call fail. Also change the kselftest
to use mmap so that it doesn't encounter this problem.

[1] https://source.android.com/devices/tech/debug/tagged-pointers
[2] tools/testing/selftests/vm/userfaultfd.c

Peter Collingbourne (2):
  userfaultfd: do not untag user pointers
  selftest: use mmap instead of posix_memalign to allocate memory

 Documentation/arm64/tagged-address-abi.rst | 26 +++++++++++++++-------
 fs/userfaultfd.c                           | 26 ++++++++++------------
 tools/testing/selftests/vm/userfaultfd.c   |  6 +++--
 3 files changed, 34 insertions(+), 24 deletions(-)