From patchwork Fri Jul  2 22:57:03 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Collingbourne <pcc@google.com>
X-Patchwork-Id: 12356779
Return-Path: 
 <SRS0=JLcx=L2=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-12.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,
	USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6F76DC07E95
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri,  2 Jul 2021 22:59:09 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2F2AC60BD3
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri,  2 Jul 2021 22:59:09 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2F2AC60BD3
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org;
 spf=none
 smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Mime-Version:
	Message-Id:Date:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=G37veT9a4iX7mev/wrkQKWECX/5wm/g8QukryWmGeMU=; b=0jU
	Yw053t1YVkniOPqAz0VSj/YCQlFGPB7QIMP2rjR+9EloK5R1AHBXT5YLNHbbkcxJxzifloGppWEFI
	K5NWewY4ZXyrT3NbIgLVSftbAlw6ixdcZ7TK4jZnPErN8U4ko5qPEAW7o9+mYQhzKfK6l2hNniWJD
	0f97gPqjL7WotzX5/CTatjmWxChUwZFrwF96TnTsvweuQa520nAf5Vfjex9l0GnxlU6l+PHZktWKV
	uHoFUN0iqFOF//+8x3TGBhsYRWWUZLcn3NJPmklWB0WCRDyAAUeI+AfGBPD6WiwF3C9oyTsLjG1Jz
	U6j4QtTxzZkJ6Q/0veirEi8sPrZQoAw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1lzS66-004Dwo-4X; Fri, 02 Jul 2021 22:57:22 +0000
Received: from mail-qt1-x84a.google.com ([2607:f8b0:4864:20::84a])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1lzS61-004Duw-Mc
 for linux-arm-kernel@lists.infradead.org; Fri, 02 Jul 2021 22:57:19 +0000
Received: by mail-qt1-x84a.google.com with SMTP id
 e9-20020ac859890000b0290250be770d0fso6628951qte.15
 for <linux-arm-kernel@lists.infradead.org>;
 Fri, 02 Jul 2021 15:57:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=20161025;
 h=date:message-id:mime-version:subject:from:to:cc;
 bh=q6oJXWoSbdh9DKmt+Y+qpS8IucJtkdxemYnuR6oTvQc=;
 b=nE9wSK4xxSgJEZb4/xybh8kaXzE3i7ed1OuAV21sdD7AZv8npeDOVjvM+UQUgOxrC7
 6ueoeB/gkGLrUCeq9U5p+pY52L53wBZQxuwhRTGmbrtHdg22tjuH+ooC9Xs5dI2Xcdxi
 91PhzB4Brt6bvs2g3CTffSgNb3ZSKOdaPha2TJUrwgswlhylQytKyRscPIFSoSzJWHF7
 OJ/DRLZMbMA+EAhVTKyxjazGWBtXwtMcJo5HW9PUafrFGkUucIbqKcZ5AQ971XO85kqe
 +O7NRdUHlTi4ykRWpuj4IsXdm8IS/sJZ1HrM36P30+7n6ldaA4ClmNoc09B+3ukEYCuS
 AZgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
 bh=q6oJXWoSbdh9DKmt+Y+qpS8IucJtkdxemYnuR6oTvQc=;
 b=I64ufF4KL+JFI9sZQB+HoZRz/EtE5tXN1jhOn5aUgIq4Tfeg0XaWhZrA38S9oVdE8p
 eGU6YlwnQWThsPq1rSwIy62wgJgxkcNsbRd+PoPEbzMb+QOOBfgM5w6B0UBZ+OXDPq2v
 fis/LuHFzGuvXemfqedVstDXMbWmNeGzNBpoX8dYSEhz6udwuzgZb/MXEe94ktMcDbIR
 r2MA3PAIHCarYix2hl65j2UlwbSxVpc5LxNx36fbBlKu8t9bEIlGAPZQLdcpXHVNZxPY
 79+vcbcKRJyNW7+SVBSZElUBCOb/95E0B789fnhNlLeTdCOqbfJEllb2ukNhsjkMq5v9
 wM3w==
X-Gm-Message-State: AOAM533zPZYzJNsJ1Ll3EthR/ZKp3X+gTh9+xHnHpuBbQ//u+6LMo4Np
 dkejeCFSsWcOscQpJc6i8T2XY5c=
X-Google-Smtp-Source: 
 ABdhPJyeSEMOF1C2P2XJyPoVkOCVBoSc/e8woW84EmQNd/Z3T3sB4eK6/hA6KRgvbGJRi0+PUpgyRjM=
X-Received: from pcc-desktop.svl.corp.google.com
 ([2620:15c:2ce:200:7c5b:5407:a2db:c8fb])
 (user=pcc job=sendgmr) by 2002:a0c:b450:: with SMTP id
 e16mr1736597qvf.25.1625266634596;
 Fri, 02 Jul 2021 15:57:14 -0700 (PDT)
Date: Fri,  2 Jul 2021 15:57:03 -0700
Message-Id: <20210702225705.2477947-1-pcc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog
Subject: [PATCH v3 0/2] userfaultfd: do not untag user pointers
From: Peter Collingbourne <pcc@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
 Dave Martin <Dave.Martin@arm.com>, Will Deacon <will@kernel.org>,
 Andrew Morton <akpm@linux-foundation.org>,
 Andrea Arcangeli <aarcange@redhat.com>
Cc: Peter Collingbourne <pcc@google.com>, Alistair Delva <adelva@google.com>,
 Lokesh Gidra <lokeshgidra@google.com>,
 William McVicker <willmcvicker@google.com>,
 Evgenii Stepanov <eugenis@google.com>, Mitch Phillips <mitchp@google.com>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>, linux-mm@kvack.org,
 Andrey Konovalov <andreyknvl@gmail.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210702_155717_787999_2721157B 
X-CRM114-Status: GOOD (  14.79  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

If a user program uses userfaultfd on ranges of heap memory, it may
end up passing a tagged pointer to the kernel in the range.start
field of the UFFDIO_REGISTER ioctl. This can happen when using an
MTE-capable allocator, or on Android if using the Tagged Pointers
feature for MTE readiness [1].

When a fault subsequently occurs, the tag is stripped from the fault
address returned to the application in the fault.address field
of struct uffd_msg. However, from the application's perspective,
the tagged address *is* the memory address, so if the application
is unaware of memory tags, it may get confused by receiving an
address that is, from its point of view, outside of the bounds of the
allocation. We observed this behavior in the kselftest for userfaultfd
[2] but other applications could have the same problem.

Address this by not untagging pointers passed to the userfaultfd
ioctls. Instead, let the system call fail. Also change the kselftest
to use mmap so that it doesn't encounter this problem.

[1] https://source.android.com/devices/tech/debug/tagged-pointers
[2] tools/testing/selftests/vm/userfaultfd.c

Peter Collingbourne (2):
  userfaultfd: do not untag user pointers
  selftest: use mmap instead of posix_memalign to allocate memory

 Documentation/arm64/tagged-address-abi.rst | 25 +++++++++++++++-------
 fs/userfaultfd.c                           | 22 +++++++++----------
 tools/testing/selftests/vm/userfaultfd.c   |  6 ++++--
 3 files changed, 31 insertions(+), 22 deletions(-)