On Thu, May 03, 2018 at 04:09:56PM +0200, Andrey Konovalov wrote: > On Wed, May 2, 2018 at 7:25 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote: > > On Wed, May 2, 2018 at 5:36 PM, Kirill A. Shutemov > > <kirill.shutemov@xxxxxxxxxxxxxxx> wrote: > >> On Wed, May 02, 2018 at 02:38:42PM +0000, Andrey Konovalov wrote: > >>> > Does having a tagged address here makes any difference? I couldn't hit a > >>> > failure with my simple tests (LD_PRELOAD a library that randomly adds > >>> > tags to pointers returned by malloc). > >>> > >>> I think you're right, follow_page_mask is only called from > >>> __get_user_pages, which already untagged the address. I'll remove > >>> untagging here. > >> > >> It also called from follow_page(). Have you covered all its callers? > > > > Oh, missed that, will take a look. > > I wasn't able to find anything that calls follow_page with pointers > passed from userspace except for the memory subsystem syscalls, and we > deliberately don't add untagging in those. I guess I missed this part, but could you elaborate on this? Why? Not yet or not ever? Also I wounder if we can find (with sparse?) all places where we cast out __user. This would give a nice list of places where to pay attention. -- Kirill A. Shutemov
