From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3495C433E0 for ; Thu, 11 Mar 2021 16:35:44 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2C4BD64FA3 for ; Thu, 11 Mar 2021 16:35:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C4BD64FA3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From: References:Cc:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Q0LLWfzHQFhhbdOzEnu4+wpNqFkGRbKMI2REdisWEu8=; b=g8YE83bfrN+UqxpaUca/SpEqx Hde6JXWgoVkyPzFMiWuEm7niibsXYxvogU5dxNv0Cx4zTspWG//J9PK7B/om55e0xWwFH4IUy9fST Ms9XhbnuNXA/k8v4xqX3DAl2tv+uzU6wpaCX8J9L4sHAEz2CWHGFAwDB7dyxNLihW59Ja7oGEJrCY an1qh/jO4WHO1vvxHcPm5axut5GC1POyB1tTBhBkLt4wHcLLuiACLksVK65BIsitdlsH8kdlgL/dY rOjmodgQeY+8zjUrUtjGWhkWn+Yy4hgTrWCrrKMLqdevFfCmxh0KqIx/R43M0j2+um/u7tl53/+53 TmuCpzfvw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKOGZ-009aHl-Ps; Thu, 11 Mar 2021 16:34:27 +0000 Received: from foss.arm.com ([217.140.110.172]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKOGR-009aFE-Qx for linux-arm-kernel@lists.infradead.org; Thu, 11 Mar 2021 16:34:24 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5F0EA1FB; Thu, 11 Mar 2021 08:34:18 -0800 (PST) Received: from [10.37.8.5] (unknown [10.37.8.5]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 61A193F70D; Thu, 11 Mar 2021 08:34:16 -0800 (PST) Subject: Re: [PATCH v14 8/8] kselftest/arm64: Verify that TCO is enabled in load_unaligned_zeropad() To: Catalin Marinas Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Andrew Morton , Will Deacon , Dmitry Vyukov , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Branislav Rankov , Andrey Konovalov , Lorenzo Pieralisi References: <20210308161434.33424-1-vincenzo.frascino@arm.com> <20210308161434.33424-9-vincenzo.frascino@arm.com> <20210311132509.GB30821@arm.com> <20210311162820.GE30821@arm.com> From: Vincenzo Frascino Message-ID: <60c1eedb-edc7-e92f-73ed-b26f97a21b97@arm.com> Date: Thu, 11 Mar 2021 16:34:15 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210311162820.GE30821@arm.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210311_163420_190418_9C4BDBED X-CRM114-Status: GOOD ( 23.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 3/11/21 4:28 PM, Catalin Marinas wrote: > On Thu, Mar 11, 2021 at 03:00:26PM +0000, Vincenzo Frascino wrote: >> On 3/11/21 1:25 PM, Catalin Marinas wrote: >>> On Mon, Mar 08, 2021 at 04:14:34PM +0000, Vincenzo Frascino wrote: >>>> load_unaligned_zeropad() and __get/put_kernel_nofault() functions can >>>> read passed some buffer limits which may include some MTE granule with a >>>> different tag. >>>> >>>> When MTE async mode is enable, the load operation crosses the boundaries >>>> and the next granule has a different tag the PE sets the TFSR_EL1.TF1 >>>> bit as if an asynchronous tag fault is happened: >>>> >>>> ================================================================== >>>> BUG: KASAN: invalid-access >>>> Asynchronous mode enabled: no access details available >>>> >>>> CPU: 0 PID: 1 Comm: init Not tainted 5.12.0-rc1-ge1045c86620d-dirty #8 >>>> Hardware name: FVP Base RevC (DT) >>>> Call trace: >>>> dump_backtrace+0x0/0x1c0 >>>> show_stack+0x18/0x24 >>>> dump_stack+0xcc/0x14c >>>> kasan_report_async+0x54/0x70 >>>> mte_check_tfsr_el1+0x48/0x4c >>>> exit_to_user_mode+0x18/0x38 >>>> finish_ret_to_user+0x4/0x15c >>>> ================================================================== >>>> >>>> Verify that Tag Check Override (TCO) is enabled in these functions before >>>> the load and disable it afterwards to prevent this to happen. >>>> >>>> Note: The issue has been observed only with an MTE enabled userspace. >>> >>> The above bug is all about kernel buffers. While userspace can trigger >>> the relevant code paths, it should not matter whether the user has MTE >>> enabled or not. Can you please confirm that you can still triggered the >>> fault with kernel-mode MTE but non-MTE user-space? If not, we may have a >>> bug somewhere as the two are unrelated: load_unaligned_zeropad() only >>> acts on kernel buffers and are subject to the kernel MTE tag check fault >>> mode. >> >> I retried and you are right, it does not matter if it is a MTE or non-MTE >> user-space. The issue seems to be that this test does not trigger the problem >> all the times which probably lead me to the wrong conclusions. > > Keep the test around for some quick checks before you get the kasan > test support. > Of course, I never throw away my code. >>> I don't think we should have a user-space selftest for this. The bug is >>> not about a user-kernel interface, so an in-kernel test is more >>> appropriate. Could we instead add this to the kasan tests and calling >>> load_unaligned_zeropad() and other functions directly? >> >> I agree with you we should abandon this strategy of triggering the issue due to >> my comment above. I will investigate the option of having a kasan test and try >> to come up with one that calls the relevant functions directly. I would prefer >> though, since the rest of the series is almost ready, to post it in a future >> series. What do you think? > > That's fine by me. > -- Regards, Vincenzo _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel