[PATCH v6 5/5] arm64: futex: support futex with FEAT_LSUI
Yeoreum Yun
yeoreum.yun at arm.com
Tue Aug 19 08:15:20 PDT 2025
> > > > > > why we need to care about the different settings for tag checking when
> > > > > > we use uaccess_disable_privileged()?
> > > [...]
> > > > > > But, although tag check fault happens in kernel side,
> > > > > > It seems to be handled by fixup code if user address is wrong.
> > > > >
> > > > > The user may know it is wrong and not care (e.g. one wants to keep using
> > > > > a buggy application).
> > > >
> > > > Then Does this example -- ignoring wrong and keep using a buggy
> > > > application shows us that we need to enable TCO when
> > > > we runs the LSUI instruction?
> > > >
> > > > AFAIK, LSUI instruction also check memory tag -- i.e) ldtadd.
> > > > if passed user address which has unmatched tag and if user isn't
> > > > interested in tah check, It can meet the unexpected report from KASAN.
> > >
> > > That's a valid point w.r.t. PSTATE.TCO that applies to copy_to/from_user
> > > as well. I don't think we documented it but we don't expect the user
> > > PSTATE.TCO state to be taken into account while doing uaccess from the
> > > kernel. We do, however, expect SCTLR_EL1.TCF0 to be honoured and that's
> > > what the user normally tweaks via a prctl(). The TCO is meant to
> > > disable tag checking briefly when TCF enabled the tag check faults.
> >
> > So, IMHO, as copy_to/from_user (ldt/sttr) enable tco before it operates,
>
> They don't enable TCO.
Ah right. I've confused. Thanks for answer!
>
> --
> Catalin
--
Sincerely,
Yeoreum Yun
More information about the linux-arm-kernel
mailing list