diff for duplicates of <87k0pdt6yq.fsf@linaro.org>
diff --git a/a/1.txt b/N1/1.txt
index c6b1d82..ddc36f6 100644
--- a/a/1.txt
+++ b/N1/1.txt
@@ -1,4 +1,3 @@
-
Peter Maydell <peter.maydell@linaro.org> writes:
> On Wed, 7 Apr 2021 at 19:54, Alex Bennée <alex.bennee@linaro.org> wrote:
@@ -34,4 +33,65 @@ because the original bug reporters weren't Cc'ed on the patches and lo
now they know about the iteration they have tested it ;-)
--
-Alex Bennée
\ No newline at end of file
+Alex Bennée
+
+--
+You received this bug notification because you are a member of qemu-
+devel-ml, which is subscribed to QEMU.
+https://bugs.launchpad.net/bugs/1921948
+
+Title:
+ MTE tags not checked properly for unaligned accesses at EL1
+
+Status in QEMU:
+ In Progress
+
+Bug description:
+ For kernel memory accesses that span across two memory granules,
+ QEMU's MTE implementation only checks the tag of the first granule but
+ not of the second one.
+
+ To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS
+ enabled, apply the patch below, and boot the kernel:
+
+ diff --git a/sound/last.c b/sound/last.c
+ index f0bb98780e70..04745cb30b74 100644
+ --- a/sound/last.c
+ +++ b/sound/last.c
+ @@ -5,12 +5,18 @@
+ */
+
+ #include <linux/init.h>
+ +#include <linux/slab.h>
+ #include <sound/core.h>
+
+ static int __init alsa_sound_last_init(void)
+ {
+ struct snd_card *card;
+ int idx, ok = 0;
+ +
+ + char *ptr = kmalloc(128, GFP_KERNEL);
+ + pr_err("KASAN report should follow:\n");
+ + *(volatile unsigned long *)(ptr + 124);
+ + kfree(ptr);
+
+ printk(KERN_INFO "ALSA device list:\n");
+ for (idx = 0; idx < SNDRV_CARDS; idx++) {
+
+ KASAN tags the 128 allocated bytes with the same tag as the returned
+ pointer. The memory granule that follows the 128 allocated bytes has a
+ different tag (with 1/15 probability).
+
+ Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130).
+ Observed result: no tag fault is detected and no KASAN report is printed.
+
+ Here are the flags that I use to run QEMU if they matter:
+
+ qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net
+ user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic
+ -nographic -kernel ./Image -append "console=ttyAMA0 root=/dev/vda
+ earlyprintk=serial" -drive file=./fs.img,format=raw,if=virtio -no-
+ shutdown -no-reboot
+
+To manage notifications about this bug go to:
+https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions
\ No newline at end of file
diff --git a/a/content_digest b/N1/content_digest
index 609d22f..ad2474b 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -1,8 +1,5 @@
[
- "ref\00020210406174031.64299-1-richard.henderson\@linaro.org\0"
-]
-[
- "ref\00020210406174031.64299-4-richard.henderson\@linaro.org\0"
+ "ref\000161713286145.25906.15042270704525675392.malonedeb\@wampee.canonical.com\0"
]
[
"ref\000877dleuds3.fsf\@linaro.org\0"
@@ -11,22 +8,16 @@
"ref\0CAFEAcA9Vc=w9d-3DkwuyY8Vzrj4d=f2zHn4OXauQRc-Vr=oQzQ\@mail.gmail.com\0"
]
[
- "From\0Alex Benn\303\251e <alex.bennee\@linaro.org>\0"
+ "From\0Alex Benn\303\251e <1921948\@bugs.launchpad.net>\0"
]
[
- "Subject\0Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0"
+ "Subject\0[Bug 1921948] Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0"
]
[
- "Date\0Thu, 08 Apr 2021 11:02:57 +0100\0"
+ "Date\0Thu, 08 Apr 2021 10:02:57 -0000\0"
]
[
- "To\0Peter Maydell <peter.maydell\@linaro.org>\0"
-]
-[
- "Cc\0001921948\@bugs.launchpad.net",
- " qemu-arm <qemu-arm\@nongnu.org>",
- " Richard Henderson <richard.henderson\@linaro.org>",
- " QEMU Developers <qemu-devel\@nongnu.org>\0"
+ "To\0qemu-devel\@nongnu.org\0"
]
[
"\0000:1\0"
@@ -35,7 +26,6 @@
"b\0"
]
[
- "\n",
"Peter Maydell <peter.maydell\@linaro.org> writes:\n",
"\n",
"> On Wed, 7 Apr 2021 at 19:54, Alex Benn\303\251e <alex.bennee\@linaro.org> wrote:\n",
@@ -71,7 +61,68 @@
"now they know about the iteration they have tested it ;-)\n",
"\n",
"-- \n",
- "Alex Benn\303\251e"
+ "Alex Benn\303\251e\n",
+ "\n",
+ "-- \n",
+ "You received this bug notification because you are a member of qemu-\n",
+ "devel-ml, which is subscribed to QEMU.\n",
+ "https://bugs.launchpad.net/bugs/1921948\n",
+ "\n",
+ "Title:\n",
+ " MTE tags not checked properly for unaligned accesses at EL1\n",
+ "\n",
+ "Status in QEMU:\n",
+ " In Progress\n",
+ "\n",
+ "Bug description:\n",
+ " For kernel memory accesses that span across two memory granules,\n",
+ " QEMU's MTE implementation only checks the tag of the first granule but\n",
+ " not of the second one.\n",
+ "\n",
+ " To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS\n",
+ " enabled, apply the patch below, and boot the kernel:\n",
+ "\n",
+ " diff --git a/sound/last.c b/sound/last.c\n",
+ " index f0bb98780e70..04745cb30b74 100644\n",
+ " --- a/sound/last.c\n",
+ " +++ b/sound/last.c\n",
+ " \@\@ -5,12 +5,18 \@\@\n",
+ " */\n",
+ " \n",
+ " #include <linux/init.h>\n",
+ " +#include <linux/slab.h>\n",
+ " #include <sound/core.h>\n",
+ " \n",
+ " static int __init alsa_sound_last_init(void)\n",
+ " {\n",
+ " struct snd_card *card;\n",
+ " int idx, ok = 0;\n",
+ " +\n",
+ " + char *ptr = kmalloc(128, GFP_KERNEL);\n",
+ " + pr_err(\"KASAN report should follow:\\n\");\n",
+ " + *(volatile unsigned long *)(ptr + 124);\n",
+ " + kfree(ptr);\n",
+ " \n",
+ " printk(KERN_INFO \"ALSA device list:\\n\");\n",
+ " for (idx = 0; idx < SNDRV_CARDS; idx++) {\n",
+ "\n",
+ " KASAN tags the 128 allocated bytes with the same tag as the returned\n",
+ " pointer. The memory granule that follows the 128 allocated bytes has a\n",
+ " different tag (with 1/15 probability).\n",
+ "\n",
+ " Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130).\n",
+ " Observed result: no tag fault is detected and no KASAN report is printed.\n",
+ "\n",
+ " Here are the flags that I use to run QEMU if they matter:\n",
+ "\n",
+ " qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net\n",
+ " user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic\n",
+ " -nographic -kernel ./Image -append \"console=ttyAMA0 root=/dev/vda\n",
+ " earlyprintk=serial\" -drive file=./fs.img,format=raw,if=virtio -no-\n",
+ " shutdown -no-reboot\n",
+ "\n",
+ "To manage notifications about this bug go to:\n",
+ "https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions"
]
-966cf01a8081c34ce0cf83766aba7aa5b290f5289ece416658e1caf30d91a4be
+a389a852e63fa8ce2f4425a85db7d7c53f59805e90a6f2f15bf0194b565c146e
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).