From: Greg Kroah-Hartman Date: Mon, 15 Feb 2021 12:36:37 +0000 (+0100) Subject: drop queue-5.10/arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch X-Git-Tag: v5.4.99~23 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=886dde7c1cbc43af019f6f0d7427687b85238583;p=thirdparty%2Fkernel%2Fstable-queue.git drop queue-5.10/arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch --- diff --git a/queue-5.10/arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch b/queue-5.10/arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch deleted file mode 100644 index bc425e8608d..00000000000 --- a/queue-5.10/arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 42138508d8089c9ba8258c37dc3988a451bbc72e Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Wed, 10 Feb 2021 18:03:16 +0000 -Subject: arm64: mte: Allow PTRACE_PEEKMTETAGS access to the zero page - -From: Catalin Marinas - -[ Upstream commit 68d54ceeec0e5fee4fb8048e6a04c193f32525ca ] - -The ptrace(PTRACE_PEEKMTETAGS) implementation checks whether the user -page has valid tags (mapped with PROT_MTE) by testing the PG_mte_tagged -page flag. If this bit is cleared, ptrace(PTRACE_PEEKMTETAGS) returns --EIO. - -A newly created (PROT_MTE) mapping points to the zero page which had its -tags zeroed during cpu_enable_mte(). If there were no prior writes to -this mapping, ptrace(PTRACE_PEEKMTETAGS) fails with -EIO since the zero -page does not have the PG_mte_tagged flag set. - -Set PG_mte_tagged on the zero page when its tags are cleared during -boot. In addition, to avoid ptrace(PTRACE_PEEKMTETAGS) succeeding on -!PROT_MTE mappings pointing to the zero page, change the -__access_remote_tags() check to (vm_flags & VM_MTE) instead of -PG_mte_tagged. - -Signed-off-by: Catalin Marinas -Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE") -Cc: # 5.10.x -Cc: Will Deacon -Reported-by: Luis Machado -Tested-by: Luis Machado -Reviewed-by: Vincenzo Frascino -Link: https://lore.kernel.org/r/20210210180316.23654-1-catalin.marinas@arm.com -Signed-off-by: Sasha Levin ---- - arch/arm64/kernel/cpufeature.c | 5 +---- - arch/arm64/kernel/mte.c | 3 ++- - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 0a52e076153bb..e01ad6aa9674e 100644 ---- a/arch/arm64/kernel/cpufeature.c -+++ b/arch/arm64/kernel/cpufeature.c -@@ -1696,14 +1696,11 @@ static void bti_enable(const struct arm64_cpu_capabilities *__unused) - #ifdef CONFIG_ARM64_MTE - static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap) - { -- static bool cleared_zero_page = false; -- - /* - * Clear the tags in the zero page. This needs to be done via the - * linear map which has the Tagged attribute. - */ -- if (!cleared_zero_page) { -- cleared_zero_page = true; -+ if (!test_and_set_bit(PG_mte_tagged, &ZERO_PAGE(0)->flags)) - mte_clear_page_tags(lm_alias(empty_zero_page)); - } - } -diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c -index ef15c8a2a49dc..7a66a7d9c1ffc 100644 ---- a/arch/arm64/kernel/mte.c -+++ b/arch/arm64/kernel/mte.c -@@ -239,11 +239,12 @@ static int __access_remote_tags(struct mm_struct *mm, unsigned long addr, - * would cause the existing tags to be cleared if the page - * was never mapped with PROT_MTE. - */ -- if (!test_bit(PG_mte_tagged, &page->flags)) { -+ if (!(vma->vm_flags & VM_MTE)) { - ret = -EOPNOTSUPP; - put_page(page); - break; - } -+ WARN_ON_ONCE(!test_bit(PG_mte_tagged, &page->flags)); - - /* limit access to the end of the page */ - offset = offset_in_page(addr); --- -2.27.0 - diff --git a/queue-5.10/series b/queue-5.10/series index 6da9cf89c95..4348748bf1e 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -45,7 +45,6 @@ ubsan-implement-__ubsan_handle_alignment_assumption.patch revert-lib-restrict-cpumask_local_spread-to-houskeep.patch x86-efi-remove-efi-pgd-build-time-checks.patch lkdtm-don-t-move-ctors-to-.rodata.patch -arm64-mte-allow-ptrace_peekmtetags-access-to-the-zer.patch kvm-x86-cleanup-cr3-reserved-bits-checks.patch cgroup-v1-add-disabled-controller-check-in-cgroup1_p.patch dmaengine-idxd-fix-misc-interrupt-completion.patch