From patchwork Tue Feb 18 12:23:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 11388331 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 59BA713A4 for ; Tue, 18 Feb 2020 12:23:23 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 18A332176D for ; Tue, 18 Feb 2020 12:23:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 18A332176D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 417D46B0003; Tue, 18 Feb 2020 07:23:22 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3C8CE6B0006; Tue, 18 Feb 2020 07:23:22 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2DE776B0007; Tue, 18 Feb 2020 07:23:22 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0240.hostedemail.com [216.40.44.240]) by kanga.kvack.org (Postfix) with ESMTP id 15BBB6B0003 for ; Tue, 18 Feb 2020 07:23:22 -0500 (EST) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id C59792C96 for ; Tue, 18 Feb 2020 12:23:21 +0000 (UTC) X-FDA: 76503163002.08.steam08_577f72e422953 X-Spam-Summary: 2,0,0,c4ab08f64c0cc0b2,d41d8cd98f00b204,catalin.marinas@arm.com,::linux-arm-kernel@lists.infradead.org:szabolcs.nagy@arm.com:andreyknvl@google.com:will@kernel.org:akpm@linux-foundation.org:fweimer@redhat.com:vstinner@redhat.com,RULES_HIT:41:355:379:541:800:960:968:973:988:989:1260:1261:1311:1314:1345:1431:1437:1515:1534:1543:1711:1730:1747:1777:1792:1801:2393:2559:2562:2693:2895:2918:3138:3139:3140:3141:3142:3354:3865:3866:3867:3868:3870:3871:4250:4321:4419:4605:5007:6119:6261:7903:8634:9592:10004:11026:11232:11658:11914:12043:12297:12555:12679:13153:13221:13228:13229:13894:14181:14394:14721:21080:21230:21433:21451:21627:21795:21966:21990:30003:30051:30054:30055:30070,0,RBL:217.140.110.172:@arm.com:.lbl8.mailshell.net-62.2.0.100 64.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: steam08_577f72e422953 X-Filterd-Recvd-Size: 4449 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf19.hostedemail.com (Postfix) with ESMTP for ; Tue, 18 Feb 2020 12:23:21 +0000 (UTC) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5CA681FB; Tue, 18 Feb 2020 04:23:20 -0800 (PST) Received: from arrakis.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 27ACF3F6CF; Tue, 18 Feb 2020 04:23:19 -0800 (PST) From: Catalin Marinas To: linux-mm@kvack.org Cc: linux-arm-kernel@lists.infradead.org, Szabolcs Nagy , Andrey Konovalov , Will Deacon , Andrew Morton , Florian Weimer , Victor Stinner Subject: [PATCH] mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() Date: Tue, 18 Feb 2020 12:23:10 +0000 Message-Id: <20200218122310.72710-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.25.0 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently the arm64 kernel ignores the top address byte passed to brk(), mmap() and mremap(). When the user is not aware of the 56-bit address limit or relies on the kernel to return an error, untagging such pointers has the potential to create address aliases in user-space. Passing a tagged address to munmap(), madvise() is permitted since the tagged pointer is expected to be inside an existing mapping. Remove untagging in the above functions by partially reverting commit ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In addition, update the arm64 tagged-address-abi.rst document accordingly. Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk") Cc: # 5.4.x- Cc: Andrey Konovalov Cc: Will Deacon Cc: Andrew Morton Cc: Florian Weimer Reported-by: Victor Stinner Signed-off-by: Catalin Marinas Acked-by: Will Deacon Acked-by: Andrey Konovalov --- Documentation/arm64/tagged-address-abi.rst | 7 +++++-- mm/mmap.c | 4 ---- mm/mremap.c | 1 - 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst index d4a85d535bf9..1771a8b5712e 100644 --- a/Documentation/arm64/tagged-address-abi.rst +++ b/Documentation/arm64/tagged-address-abi.rst @@ -44,8 +44,11 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending how the user addresses are used by the kernel: 1. User addresses not accessed by the kernel but used for address space - management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use - of valid tagged pointers in this context is always allowed. + management (e.g. ``mprotect()``, ``madvise()``). The use of valid + tagged pointers in this context is allowed with the exception of + ``brk()``, ``mmap()`` and the ``new_address`` argument to + ``mremap()`` as these have the potential of aliasing with existing + user addresses. 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI relaxation is disabled by default and the application thread needs to diff --git a/mm/mmap.c b/mm/mmap.c index 6756b8bb0033..d681a20eb4ea 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) bool downgraded = false; LIST_HEAD(uf); - brk = untagged_addr(brk); - if (down_write_killable(&mm->mmap_sem)) return -EINTR; @@ -1557,8 +1555,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, struct file *file = NULL; unsigned long retval; - addr = untagged_addr(addr); - if (!(flags & MAP_ANONYMOUS)) { audit_mmap_fd(fd, flags); file = fget(fd); diff --git a/mm/mremap.c b/mm/mremap.c index 122938dcec15..af363063ea23 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, LIST_HEAD(uf_unmap); addr = untagged_addr(addr); - new_addr = untagged_addr(new_addr); if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) return ret;