[PATCH] arm64: mte: Allow PTRACE_PEEKMTETAGS access to the zero page

Catalin Marinas catalin.marinas at arm.com
Thu Feb 11 05:35:29 EST 2021


On Wed, Feb 10, 2021 at 03:52:18PM -0300, Luis Machado wrote:
> On 2/10/21 3:03 PM, Catalin Marinas wrote:
> > The ptrace(PTRACE_PEEKMTETAGS) implementation checks whether the user
> > page has valid tags (mapped with PROT_MTE) by testing the PG_mte_tagged
> > page flag. If this bit is cleared, ptrace(PTRACE_PEEKMTETAGS) returns
> > -EIO.
> > 
> > A newly created (PROT_MTE) mapping points to the zero page which had its
> > tags zeroed during cpu_enable_mte(). If there were no prior writes to
> > this mapping, ptrace(PTRACE_PEEKMTETAGS) fails with -EIO since the zero
> > page does not have the PG_mte_tagged flag set.
> > 
> > Set PG_mte_tagged on the zero page when its tags are cleared during
> > boot. In addition, to avoid ptrace(PTRACE_PEEKMTETAGS) succeeding on
> > !PROT_MTE mappings pointing to the zero page, change the
> > __access_remote_tags() check to (vm_flags & VM_MTE) instead of
> > PG_mte_tagged.
> > 
> > Signed-off-by: Catalin Marinas <catalin.marinas at arm.com>
> > Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE")
> > Cc: <stable at vger.kernel.org> # 5.10.x
> > Cc: Will Deacon <will at kernel.org>
> > Reported-by: Luis Machado <luis.machado at linaro.org>
[...]
> Thanks. I gave this a try and it works as expected. So memory that is
> PROT_MTE but has not been accessed yet can be inspected with PEEKMTETAGS
> without getting an EIO back.

Thanks. I assume I can add your tested-by.

-- 
Catalin



More information about the linux-arm-kernel mailing list