From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-mm@kvack.org, linux-arch@vger.kernel.org,
Will Deacon <will@kernel.org>,
Dave P Martin <Dave.Martin@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Peter Collingbourne <pcc@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Suzuki K Poulose <Suzuki.Poulose@arm.com>
Subject: [PATCH v5 03/25] arm64: mte: Use Normal Tagged attributes for the linear map
Date: Wed, 24 Jun 2020 18:52:22 +0100 [thread overview]
Message-ID: <20200624175244.25837-4-catalin.marinas@arm.com> (raw)
In-Reply-To: <20200624175244.25837-1-catalin.marinas@arm.com>
Once user space is given access to tagged memory, the kernel must be
able to clear/save/restore tags visible to the user. This is done via
the linear mapping, therefore map it as such. The new MT_NORMAL_TAGGED
index for MAIR_EL1 is initially mapped as Normal memory and later
changed to Normal Tagged via the cpufeature infrastructure. From a
mismatched attribute aliases perspective, the Tagged memory is
considered a permission and it won't lead to undefined behaviour.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Suzuki K Poulose <Suzuki.Poulose@arm.com>
---
Notes:
v5:
- Move the clearing of the zero page since clear_page() to a later
patch.
v3:
- Restrict the safe attribute change in pgattr_change_is_safe() only to
Normal to/from Normal-Tagged (old version allow any other type as long
as old or new was Normal(-Tagged)).
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/pgtable-prot.h | 2 ++
arch/arm64/kernel/cpufeature.c | 24 ++++++++++++++++++++++++
arch/arm64/mm/dump.c | 4 ++++
arch/arm64/mm/mmu.c | 22 ++++++++++++++++++++--
arch/arm64/mm/proc.S | 8 ++++++--
6 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index a1871bb32bb1..472c77a68225 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -136,6 +136,7 @@
#define MT_NORMAL_NC 3
#define MT_NORMAL 4
#define MT_NORMAL_WT 5
+#define MT_NORMAL_TAGGED 6
/*
* Memory types for Stage-2 translation
diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
index 2e7e0f452301..292f1d58b96e 100644
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@ -50,6 +50,7 @@ extern bool arm64_use_ng_mappings;
#define PROT_NORMAL_NC (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_NC))
#define PROT_NORMAL_WT (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_WT))
#define PROT_NORMAL (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL))
+#define PROT_NORMAL_TAGGED (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_WRITE | PTE_ATTRINDX(MT_NORMAL_TAGGED))
#define PROT_SECT_DEVICE_nGnRE (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_DEVICE_nGnRE))
#define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
@@ -59,6 +60,7 @@ extern bool arm64_use_ng_mappings;
#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT
#define PAGE_KERNEL __pgprot(PROT_NORMAL)
+#define PAGE_KERNEL_TAGGED __pgprot(PROT_NORMAL_TAGGED)
#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index f6e3965b98a3..aeb9cb9c57f7 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1660,13 +1660,37 @@ static void bti_enable(const struct arm64_cpu_capabilities *__unused)
#ifdef CONFIG_ARM64_MTE
static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
{
+ u64 mair;
+
/* all non-zero tags excluded by default */
write_sysreg_s(SYS_GCR_EL1_RRND | SYS_GCR_EL1_EXCL_MASK, SYS_GCR_EL1);
write_sysreg_s(0, SYS_TFSR_EL1);
write_sysreg_s(0, SYS_TFSRE0_EL1);
+ /*
+ * Update the MT_NORMAL_TAGGED index in MAIR_EL1. Tag checking is
+ * disabled for the kernel, so there won't be any observable effect
+ * other than allowing the kernel to read and write tags.
+ */
+ mair = read_sysreg_s(SYS_MAIR_EL1);
+ mair &= ~MAIR_ATTRIDX(MAIR_ATTR_MASK, MT_NORMAL_TAGGED);
+ mair |= MAIR_ATTRIDX(MAIR_ATTR_NORMAL_TAGGED, MT_NORMAL_TAGGED);
+ write_sysreg_s(mair, SYS_MAIR_EL1);
+
isb();
}
+
+static int __init system_enable_mte(void)
+{
+ if (!system_supports_mte())
+ return 0;
+
+ /* Ensure the TLB does not have stale MAIR attributes */
+ flush_tlb_all();
+
+ return 0;
+}
+core_initcall(system_enable_mte);
#endif /* CONFIG_ARM64_MTE */
/* Internal helper functions to match cpu capability type */
diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
index 0b8da1cc1c07..ba6d1d89f9b2 100644
--- a/arch/arm64/mm/dump.c
+++ b/arch/arm64/mm/dump.c
@@ -169,6 +169,10 @@ static const struct prot_bits pte_bits[] = {
.mask = PTE_ATTRINDX_MASK,
.val = PTE_ATTRINDX(MT_NORMAL),
.set = "MEM/NORMAL",
+ }, {
+ .mask = PTE_ATTRINDX_MASK,
+ .val = PTE_ATTRINDX(MT_NORMAL_TAGGED),
+ .set = "MEM/NORMAL-TAGGED",
}
};
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 1df25f26571d..0bbe96c006ad 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -121,7 +121,7 @@ static bool pgattr_change_is_safe(u64 old, u64 new)
* The following mapping attributes may be updated in live
* kernel mappings without the need for break-before-make.
*/
- static const pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE | PTE_NG;
+ pteval_t mask = PTE_PXN | PTE_RDONLY | PTE_WRITE | PTE_NG;
/* creating or taking down mappings is always safe */
if (old == 0 || new == 0)
@@ -135,6 +135,19 @@ static bool pgattr_change_is_safe(u64 old, u64 new)
if (old & ~new & PTE_NG)
return false;
+ if (system_supports_mte()) {
+ /*
+ * Changing the memory type between Normal and Normal-Tagged
+ * is safe since Tagged is considered a permission attribute
+ * from the mismatched attribute aliases perspective.
+ */
+ if (((old & PTE_ATTRINDX_MASK) == PTE_ATTRINDX(MT_NORMAL) ||
+ (old & PTE_ATTRINDX_MASK) == PTE_ATTRINDX(MT_NORMAL_TAGGED)) &&
+ ((new & PTE_ATTRINDX_MASK) == PTE_ATTRINDX(MT_NORMAL) ||
+ (new & PTE_ATTRINDX_MASK) == PTE_ATTRINDX(MT_NORMAL_TAGGED)))
+ mask |= PTE_ATTRINDX_MASK;
+ }
+
return ((old ^ new) & ~mask) == 0;
}
@@ -490,7 +503,12 @@ static void __init map_mem(pgd_t *pgdp)
if (memblock_is_nomap(reg))
continue;
- __map_memblock(pgdp, start, end, PAGE_KERNEL, flags);
+ /*
+ * The linear map must allow allocation tags reading/writing
+ * if MTE is present. Otherwise, it has the same attributes as
+ * PAGE_KERNEL.
+ */
+ __map_memblock(pgdp, start, end, PAGE_KERNEL_TAGGED, flags);
}
/*
diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 796e47a571e6..152d74f2cc9c 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -44,14 +44,18 @@
#define TCR_KASAN_FLAGS 0
#endif
-/* Default MAIR_EL1 */
+/*
+ * Default MAIR_EL1. MT_NORMAL_TAGGED is initially mapped as Normal memory and
+ * changed later to Normal Tagged if the system supports MTE.
+ */
#define MAIR_EL1_SET \
(MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRnE, MT_DEVICE_nGnRnE) | \
MAIR_ATTRIDX(MAIR_ATTR_DEVICE_nGnRE, MT_DEVICE_nGnRE) | \
MAIR_ATTRIDX(MAIR_ATTR_DEVICE_GRE, MT_DEVICE_GRE) | \
MAIR_ATTRIDX(MAIR_ATTR_NORMAL_NC, MT_NORMAL_NC) | \
MAIR_ATTRIDX(MAIR_ATTR_NORMAL, MT_NORMAL) | \
- MAIR_ATTRIDX(MAIR_ATTR_NORMAL_WT, MT_NORMAL_WT))
+ MAIR_ATTRIDX(MAIR_ATTR_NORMAL_WT, MT_NORMAL_WT) | \
+ MAIR_ATTRIDX(MAIR_ATTR_NORMAL, MT_NORMAL_TAGGED))
#ifdef CONFIG_CPU_PM
/**
next prev parent reply other threads:[~2020-06-24 17:52 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 17:52 [PATCH v5 00/25] arm64: Memory Tagging Extension user-space support Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 01/25] arm64: mte: system register definitions Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 02/25] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas
2020-06-24 17:52 ` Catalin Marinas [this message]
2020-06-24 17:52 ` [PATCH v5 04/25] arm64: mte: Add specific SIGSEGV codes Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 05/25] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 06/25] mm: Add PG_ARCH_2 page flag Catalin Marinas
2020-06-24 18:33 ` Andrew Morton
2020-06-24 18:36 ` Matthew Wilcox
2020-06-25 17:10 ` Catalin Marinas
2020-07-01 17:30 ` Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 07/25] arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 08/25] arm64: mte: Tags-aware copy_{user_,}highpage() implementations Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 09/25] arm64: Avoid unnecessary clear_user_page() indirection Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 10/25] arm64: mte: Tags-aware aware memcmp_pages() implementation Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 11/25] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas
2020-06-24 18:36 ` Andrew Morton
2020-06-25 17:34 ` Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 12/25] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 13/25] mm: Introduce arch_validate_flags() Catalin Marinas
2020-06-24 18:37 ` Andrew Morton
2020-06-24 17:52 ` [PATCH v5 14/25] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 15/25] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas
2020-06-24 18:42 ` Andrew Morton
2020-06-24 17:52 ` [PATCH v5 16/25] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 17/25] arm64: mte: Allow user control of the generated random tags " Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 18/25] arm64: mte: Restore the GCR_EL1 register after a suspend Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 19/25] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support Catalin Marinas
2020-06-25 17:10 ` Luis Machado
2020-07-01 17:16 ` Catalin Marinas
2020-07-01 17:32 ` Luis Machado
2020-07-03 13:18 ` Catalin Marinas
2020-07-03 10:50 ` Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 20/25] fs: Handle intra-page faults in copy_mount_options() Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 21/25] mm: Add arch hooks for saving/restoring tags Catalin Marinas
2020-06-24 18:45 ` Andrew Morton
2020-06-25 9:04 ` Steven Price
2020-06-25 12:09 ` Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 22/25] arm64: mte: Enable swap of tagged pages Catalin Marinas
2020-06-25 11:37 ` Steven Price
2020-06-25 11:59 ` Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 23/25] arm64: mte: Save tags when hibernating Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 24/25] arm64: mte: Kconfig entry Catalin Marinas
2020-06-24 17:52 ` [PATCH v5 25/25] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas
2020-06-25 12:22 ` Szabolcs Nagy
2020-06-26 14:54 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200624175244.25837-4-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=Dave.Martin@arm.com \
--cc=Suzuki.Poulose@arm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=pcc@google.com \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).