On Mon, Feb 15, 2021 at 01:13:03PM +0000, Catalin Marinas wrote:
> commit 68d54ceeec0e5fee4fb8048e6a04c193f32525ca upstream.
>
> The ptrace(PTRACE_PEEKMTETAGS) implementation checks whether the user
> page has valid tags (mapped with PROT_MTE) by testing the PG_mte_tagged
> page flag. If this bit is cleared, ptrace(PTRACE_PEEKMTETAGS) returns
> -EIO.
>
> A newly created (PROT_MTE) mapping points to the zero page which had its
> tags zeroed during cpu_enable_mte(). If there were no prior writes to
> this mapping, ptrace(PTRACE_PEEKMTETAGS) fails with -EIO since the zero
> page does not have the PG_mte_tagged flag set.
>
> Set PG_mte_tagged on the zero page when its tags are cleared during
> boot. In addition, to avoid ptrace(PTRACE_PEEKMTETAGS) succeeding on
> !PROT_MTE mappings pointing to the zero page, change the
> __access_remote_tags() check to (vm_flags & VM_MTE) instead of
> PG_mte_tagged.
>
> Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
> Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE")
> Cc: <stable@xxxxxxxxxxxxxxx> # 5.10.x
> Cc: Will Deacon <will@xxxxxxxxxx>
> Reported-by: Luis Machado <luis.machado@xxxxxxxxxx>
> Tested-by: Luis Machado <luis.machado@xxxxxxxxxx>
> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
> Link: https://lore.kernel.org/r/20210210180316.23654-1-catalin.marinas@xxxxxxx
> ---
> arch/arm64/kernel/cpufeature.c | 6 +-----
> arch/arm64/kernel/mte.c | 3 ++-
> 2 files changed, 3 insertions(+), 6 deletions(-)
Thanks, now queued up.
greg k-h
