From: Vincenzo Frascino <vincenzo.frascino@arm.com>
To: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>,
Evgenii Stepanov <eugenis@google.com>,
Branislav Rankov <Branislav.Rankov@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Subject: [PATCH v12 4/7] arm64: mte: Enable TCO in functions that can read beyond buffer limits
Date: Mon, 8 Feb 2021 16:56:14 +0000 [thread overview]
Message-ID: <20210208165617.9977-5-vincenzo.frascino@arm.com> (raw)
In-Reply-To: <20210208165617.9977-1-vincenzo.frascino@arm.com>
load_unaligned_zeropad() and __get/put_kernel_nofault() functions can
read passed some buffer limits which may include some MTE granule with a
different tag.
When MTE async mode is enable, the load operation crosses the boundaries
and the next granule has a different tag the PE sets the TFSR_EL1.TF1 bit
as if an asynchronous tag fault is happened.
Enable Tag Check Override (TCO) in these functions before the load and
disable it afterwards to prevent this to happen.
Note: The same condition can be hit in MTE sync mode but we deal with it
through the exception handling.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Reported-by: Branislav Rankov <Branislav.Rankov@arm.com>
Tested-by: Branislav Rankov <Branislav.Rankov@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
---
arch/arm64/include/asm/uaccess.h | 19 +++++++++++++++++++
arch/arm64/include/asm/word-at-a-time.h | 4 ++++
arch/arm64/kernel/mte.c | 10 ++++++++++
3 files changed, 33 insertions(+)
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 0deb88467111..f43d78aee593 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -188,6 +188,21 @@ static inline void __uaccess_enable_tco(void)
ARM64_MTE, CONFIG_KASAN_HW_TAGS));
}
+/* Whether the MTE asynchronous mode is enabled. */
+DECLARE_STATIC_KEY_FALSE(mte_async_mode);
+
+static inline void __uaccess_disable_tco_async(void)
+{
+ if (static_branch_unlikely(&mte_async_mode))
+ __uaccess_disable_tco();
+}
+
+static inline void __uaccess_enable_tco_async(void)
+{
+ if (static_branch_unlikely(&mte_async_mode))
+ __uaccess_enable_tco();
+}
+
static inline void uaccess_disable_privileged(void)
{
__uaccess_disable_tco();
@@ -307,8 +322,10 @@ do { \
do { \
int __gkn_err = 0; \
\
+ __uaccess_enable_tco_async(); \
__raw_get_mem("ldr", *((type *)(dst)), \
(__force type *)(src), __gkn_err); \
+ __uaccess_disable_tco_async(); \
if (unlikely(__gkn_err)) \
goto err_label; \
} while (0)
@@ -379,9 +396,11 @@ do { \
#define __put_kernel_nofault(dst, src, type, err_label) \
do { \
int __pkn_err = 0; \
+ __uaccess_enable_tco_async(); \
\
__raw_put_mem("str", *((type *)(src)), \
(__force type *)(dst), __pkn_err); \
+ __uaccess_disable_tco_async(); \
if (unlikely(__pkn_err)) \
goto err_label; \
} while(0)
diff --git a/arch/arm64/include/asm/word-at-a-time.h b/arch/arm64/include/asm/word-at-a-time.h
index 3333950b5909..c62d9fa791aa 100644
--- a/arch/arm64/include/asm/word-at-a-time.h
+++ b/arch/arm64/include/asm/word-at-a-time.h
@@ -55,6 +55,8 @@ static inline unsigned long load_unaligned_zeropad(const void *addr)
{
unsigned long ret, offset;
+ __uaccess_enable_tco_async();
+
/* Load word from unaligned pointer addr */
asm(
"1: ldr %0, %3\n"
@@ -76,6 +78,8 @@ static inline unsigned long load_unaligned_zeropad(const void *addr)
: "=&r" (ret), "=&r" (offset)
: "r" (addr), "Q" (*(unsigned long *)addr));
+ __uaccess_disable_tco_async();
+
return ret;
}
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index 92078e1eb627..60531afc706e 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -27,6 +27,10 @@ u64 gcr_kernel_excl __ro_after_init;
static bool report_fault_once = true;
+/* Whether the MTE asynchronous mode is enabled. */
+DEFINE_STATIC_KEY_FALSE(mte_async_mode);
+EXPORT_SYMBOL_GPL(mte_async_mode);
+
static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool check_swap)
{
pte_t old_pte = READ_ONCE(*ptep);
@@ -170,6 +174,12 @@ void mte_enable_kernel_sync(void)
void mte_enable_kernel_async(void)
{
__mte_enable_kernel("asynchronous", SCTLR_ELx_TCF_ASYNC);
+
+ /*
+ * This function is called on each active smp core, we do not
+ * to take cpu_hotplug_lock again.
+ */
+ static_branch_enable_cpuslocked(&mte_async_mode);
}
void mte_set_report_once(bool state)
--
2.30.0
next prev parent reply other threads:[~2021-02-08 18:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-08 16:56 [PATCH v12 0/7] arm64: ARMv8.5-A: MTE: Add async mode support Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 1/7] arm64: mte: Add asynchronous " Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 2/7] kasan: Add KASAN mode kernel parameter Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 3/7] kasan: Add report for async mode Vincenzo Frascino
2021-02-09 7:39 ` kernel test robot
2021-02-09 11:32 ` Vincenzo Frascino
2021-02-08 16:56 ` Vincenzo Frascino [this message]
2021-02-09 11:35 ` [PATCH v12 4/7] arm64: mte: Enable TCO in functions that can read beyond buffer limits Catalin Marinas
2021-02-09 11:45 ` Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 5/7] arm64: mte: Enable async tag check fault Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 6/7] arm64: mte: Save/Restore TFSR_EL1 during suspend Vincenzo Frascino
2021-02-08 18:56 ` Lorenzo Pieralisi
2021-02-09 10:41 ` Vincenzo Frascino
2021-02-09 11:55 ` Catalin Marinas
2021-02-09 14:33 ` Lorenzo Pieralisi
2021-02-09 14:54 ` Vincenzo Frascino
2021-02-09 17:28 ` Catalin Marinas
2021-02-09 18:25 ` Vincenzo Frascino
2021-02-08 16:56 ` [PATCH v12 7/7] kasan: don't run tests in async mode Vincenzo Frascino
2021-02-09 6:32 ` kernel test robot
2021-02-09 11:33 ` Vincenzo Frascino
2021-02-10 6:33 ` [kbuild-all] " Rong Chen
2021-02-09 12:02 ` Catalin Marinas
2021-02-09 12:20 ` Vincenzo Frascino
2021-02-09 15:02 ` Andrey Konovalov
2021-02-09 17:06 ` Catalin Marinas
2021-02-09 17:26 ` Andrey Konovalov
2021-02-09 17:37 ` Vincenzo Frascino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210208165617.9977-5-vincenzo.frascino@arm.com \
--to=vincenzo.frascino@arm.com \
--cc=Branislav.Rankov@arm.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).