On Wed, Feb 10, 2021 at 03:52:18PM -0300, Luis Machado wrote:
On 2/10/21 3:03 PM, Catalin Marinas wrote:
The ptrace(PTRACE_PEEKMTETAGS) implementation checks whether the user page has valid tags (mapped with PROT_MTE) by testing the PG_mte_tagged page flag. If this bit is cleared, ptrace(PTRACE_PEEKMTETAGS) returns -EIO.
A newly created (PROT_MTE) mapping points to the zero page which had its tags zeroed during cpu_enable_mte(). If there were no prior writes to this mapping, ptrace(PTRACE_PEEKMTETAGS) fails with -EIO since the zero page does not have the PG_mte_tagged flag set.
Set PG_mte_tagged on the zero page when its tags are cleared during boot. In addition, to avoid ptrace(PTRACE_PEEKMTETAGS) succeeding on !PROT_MTE mappings pointing to the zero page, change the __access_remote_tags() check to (vm_flags & VM_MTE) instead of PG_mte_tagged.
Signed-off-by: Catalin Marinas catalin.marinas@arm.com Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE") Cc: stable@vger.kernel.org # 5.10.x Cc: Will Deacon will@kernel.org Reported-by: Luis Machado luis.machado@linaro.org
[...]
Thanks. I gave this a try and it works as expected. So memory that is PROT_MTE but has not been accessed yet can be inspected with PEEKMTETAGS without getting an EIO back.
Thanks. I assume I can add your tested-by.