On Wed, Feb 19, 2020 at 12:31:56PM +0000, Catalin Marinas wrote:
> Currently the arm64 kernel ignores the top address byte passed to brk(),
> mmap() and mremap(). When the user is not aware of the 56-bit address
> limit or relies on the kernel to return an error, untagging such
> pointers has the potential to create address aliases in user-space.
> Passing a tagged address to munmap(), madvise() is permitted since the
> tagged pointer is expected to be inside an existing mapping.
>
> The current behaviour breaks the existing glibc malloc() implementation
> which relies on brk() with an address beyond 56-bit to be rejected by
> the kernel.
>
> Remove untagging in the above functions by partially reverting commit
> ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In
> addition, update the arm64 tagged-address-abi.rst document accordingly.
>
> Link: https://bugzilla.redhat.com/1797052
> Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk")
> Cc: <stable@xxxxxxxxxxxxxxx> # 5.4.x-
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Florian Weimer <fweimer@xxxxxxxxxx>
> Reported-by: Victor Stinner <vstinner@xxxxxxxxxx>
> Acked-by: Will Deacon <will@xxxxxxxxxx>
> Acked-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
> Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
> ---
>
> Changes in v2:
>
> - Added note to tagged-address-abi.rst that this behaviour changed in v5.6 and
> some older kernel may still have the old behaviour.
>
> - Updated the commit log to make it clearer we broke the user ABI, also adding
> link to the Red Hat bugzilla entry.
Cheers, I'll queue this up as I have a couple of other arm64 fixes pending
now. (Andrew, please shout if you'd prefer to take it).
Will
