[PATCH 2/2] arm64: uaccess: disable preempt during uaccess PSTATE.{PAN,TCO}

[Catalin Marinas]

On Tue, Dec 21, 2021 at 09:42:42PM +0800, Pingfan Liu wrote:
> For the pair of
> uaccess_enable_privileged()/uaccess_disable_privileged(), if preemption
> happens, the exposure of the access to user space by another code piece
> is unexpected.

How can this happen? We set PAN on exception entry.

> For the pair of
> __uaccess_enable_tco_async()/__uaccess_disable_tco_async(), the change
> of PSTATE.TCO is exposed unexpectedly.

As above, we disable TCO on exception entry.

> For the two cases, simply disable preemption to fix the issue.
> 
> Signed-off-by: Pingfan Liu <kernelfans at gmail.com>
> Cc: Catalin Marinas <catalin.marinas at arm.com>
> Cc: Will Deacon <will at kernel.org>
> Cc: Mark Rutland <mark.rutland at arm.com>
> Cc: Vincenzo Frascino <vincenzo.frascino at arm.com>
> Cc: Andrey Konovalov <andreyknvl at gmail.com>
> Cc: Arnd Bergmann <arnd at arndb.de>
> To: linux-arm-kernel at lists.infradead.org
> ---
>  arch/arm64/include/asm/uaccess.h | 15 +++++++++++----
>  1 file changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
> index 406888877bbd..37d5531f210d 100644
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -193,14 +193,18 @@ static inline void __uaccess_enable_tco(void)
>   */
>  static inline void __uaccess_disable_tco_async(void)
>  {
> -	if (system_uses_mte_async_or_asymm_mode())
> -		 __uaccess_disable_tco();
> +	if (system_uses_mte_async_or_asymm_mode()) {
> +		__uaccess_disable_tco();
> +		preempt_enable();
> +	}
>  }
>  
>  static inline void __uaccess_enable_tco_async(void)
>  {
> -	if (system_uses_mte_async_or_asymm_mode())
> +	if (system_uses_mte_async_or_asymm_mode()) {
> +		preempt_disable();
>  		__uaccess_enable_tco();
> +	}
>  }

As with the previous patch, disabling preemption prior to a
might_sleep() is wrong.

-- 
Catalin