From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8282DC433ED for ; Wed, 7 Apr 2021 21:46:32 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C951C611C1 for ; Wed, 7 Apr 2021 21:46:31 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C951C611C1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:45342 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lUG0M-0003E5-Gd for qemu-devel@archiver.kernel.org; Wed, 07 Apr 2021 17:46:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49262) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUFzS-0002i0-2G for qemu-devel@nongnu.org; Wed, 07 Apr 2021 17:45:34 -0400 Received: from mail-wr1-x434.google.com ([2a00:1450:4864:20::434]:42943) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lUFzN-0004Ve-QW for qemu-devel@nongnu.org; Wed, 07 Apr 2021 17:45:33 -0400 Received: by mail-wr1-x434.google.com with SMTP id q26so13795715wrz.9 for ; Wed, 07 Apr 2021 14:45:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=references:user-agent:from:to:cc:subject:date:in-reply-to :message-id:mime-version:content-transfer-encoding; bh=v8f/9c3GpvPxTWX4xWD0idwa7RrNsuUHI53yfF1vLL4=; b=UgaskKDQVectrbZkXRdUbakav8AY9W6jVPOXKQpwzVCYC6Mz5lGgIVIgDgO41Wu9Bv dAR3qtRiD/QQCLMKvhCls1Y6nJ/ilmCGF6z5B/uy+jVNHPM8zS/gQErpletsQVz/ofw5 kPnsM9huNAex4SxES0lyZORS4QP84SQFRxBnstdFQexwbS40R6xDV9KW2daehuoNNUeg ebVTnOzdPmrrkIN7C311rbzp9lheWWYMfKF+UBNmvZ8snugUbxOGnQ6krnE6SHu7cdUe 9hZJhfUvM9OiTZ8X33rTNS8fjHdN1DsJcZscvWd/VY5UrIi/ZIo1QmB2EBKroThG+PT0 md3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject:date :in-reply-to:message-id:mime-version:content-transfer-encoding; bh=v8f/9c3GpvPxTWX4xWD0idwa7RrNsuUHI53yfF1vLL4=; b=DPY5y5pJmtKVYz+0Y/GIiDXwu+6EmsOOaf9912iOWA1jyttANTltCG0ugavqLHLfv0 0ds3p1cyGGmmZwDyomSTJ18cYFW8LYyEsxbTY8Ynaf80i/Y+jACANlZg44mVmyDKbf72 XkSavekT6niZ5T7s4TX7TVi2tEY/HXgFgFW9pI+HH8faIzr5/+8DDnY3I630RpKD2GKF RW1eUIh273kIXiFlgkuH5VirS/CbDzuKrd/Ik1dfnBZPV7XefnecW7jZXXc/U2J/hZNH t1o6BZcVS2v92jFNZqIZZImiHlrobS6c0SDmcrB/7N6cfcq6VepKyT1L+O4XS6T3GD8Y ViwA== X-Gm-Message-State: AOAM531Y3sCxaJiLRXIbLfdadoB/wpEPbyuAKlDISYsLH2spIjNE6M/7 JGhFu7XbnF18zwzydxZ6UgqLCg== X-Google-Smtp-Source: ABdhPJxLBu2xu/CwMOPuQtHjBPFn6Uf6VQpHieNU1FqumBn2RuQZN3gNPnga/onDKe8yQryxnWDgEQ== X-Received: by 2002:adf:d208:: with SMTP id j8mr6953343wrh.115.1617831927467; Wed, 07 Apr 2021 14:45:27 -0700 (PDT) Received: from zen.linaroharston ([51.148.130.216]) by smtp.gmail.com with ESMTPSA id a65sm11088418wme.17.2021.04.07.14.45.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Apr 2021 14:45:26 -0700 (PDT) Received: from zen (localhost [127.0.0.1]) by zen.linaroharston (Postfix) with ESMTP id B9E4A1FF7E; Wed, 7 Apr 2021 22:45:25 +0100 (BST) References: <161713286145.25906.15042270704525675392.malonedeb@wampee.canonical.com> <161782908442.29743.17585290508436200821.malone@gac.canonical.com> <874kghvl2s.fsf@linaro.org> User-agent: mu4e 1.5.11; emacs 28.0.50 From: Alex =?utf-8?Q?Benn=C3=A9e?= To: Bug 1921948 <1921948@bugs.launchpad.net> Subject: Re: [Bug 1921948] Re: MTE tags not checked properly for unaligned accesses at EL1 Date: Wed, 07 Apr 2021 22:45:06 +0100 In-reply-to: <874kghvl2s.fsf@linaro.org> Message-ID: <871rblvkei.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::434; envelope-from=alex.bennee@linaro.org; helo=mail-wr1-x434.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Alex Benn=C3=A9e writes: > Andrey Konovalov <1921948@bugs.launchpad.net> writes: > >> Is this with QEMU master without the patches mentioned in this bug? > > This is with Richard's latest series. > >> >> Which kernel version do you use? > > v5.11 > >> Could you share your kernel config? > > We are just testing with Richard's config and eliminating compiler > shenanigans now. OK with v5.12-rc5 and Richard's config I get a clean pass. --=20 Alex Benn=C3=A9e From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C8E3C433B4 for ; Wed, 7 Apr 2021 21:51:47 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CC58461246 for ; Wed, 7 Apr 2021 21:51:46 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CC58461246 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=bugs.launchpad.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:47596 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lUG5R-0004OG-RE for qemu-devel@archiver.kernel.org; Wed, 07 Apr 2021 17:51:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50354) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUG4b-0003rk-3j for qemu-devel@nongnu.org; Wed, 07 Apr 2021 17:50:53 -0400 Received: from indium.canonical.com ([91.189.90.7]:36086) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lUG4X-0007xs-Uw for qemu-devel@nongnu.org; Wed, 07 Apr 2021 17:50:52 -0400 Received: from loganberry.canonical.com ([91.189.90.37]) by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian)) id 1lUG4V-0000Kw-OG for ; Wed, 07 Apr 2021 21:50:47 +0000 Received: from loganberry.canonical.com (localhost [127.0.0.1]) by loganberry.canonical.com (Postfix) with ESMTP id 870D92E8166 for ; Wed, 7 Apr 2021 21:50:47 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Wed, 07 Apr 2021 21:45:06 -0000 From: =?utf-8?q?Alex_Benn=C3=A9e?= <1921948@bugs.launchpad.net> To: qemu-devel@nongnu.org X-Launchpad-Notification-Type: bug X-Launchpad-Bug: product=qemu; status=In Progress; importance=Undecided; assignee=rth@twiddle.net; X-Launchpad-Bug-Information-Type: Public X-Launchpad-Bug-Private: no X-Launchpad-Bug-Security-Vulnerability: no X-Launchpad-Bug-Commenters: ajbennee pcc-goog rth xairy X-Launchpad-Bug-Reporter: Andrey Konovalov (xairy) X-Launchpad-Bug-Modifier: =?utf-8?q?Alex_Benn=C3=A9e_=28ajbennee=29?= References: <161713286145.25906.15042270704525675392.malonedeb@wampee.canonical.com> <161782908442.29743.17585290508436200821.malone@gac.canonical.com> <874kghvl2s.fsf@linaro.org> Message-ID: <871rblvkei.fsf@linaro.org> Subject: Re: [Bug 1921948] Re: MTE tags not checked properly for unaligned accesses at EL1 X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml X-Launchpad-Message-For: qemu-devel-ml Precedence: bulk X-Generated-By: Launchpad (canonical.com); Revision="57f1f603f707b9cfa764cae8dd0f3999026b4763"; Instance="production" X-Launchpad-Hash: fff4464e5e233013c0f83626e85aaf0f4e6f9f7e Received-SPF: none client-ip=91.189.90.7; envelope-from=bounces@canonical.com; helo=indium.canonical.com X-Spam_score_int: -65 X-Spam_score: -6.6 X-Spam_bar: ------ X-Spam_report: (-6.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bug 1921948 <1921948@bugs.launchpad.net> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Message-ID: <20210407214506.kxp87RUl1snrlsTtgAROmY7TgTH_EYPOyXuQ2HRcPYA@z> Alex Benn=C3=A9e writes: > Andrey Konovalov <1921948@bugs.launchpad.net> writes: > >> Is this with QEMU master without the patches mentioned in this bug? > > This is with Richard's latest series. > >> >> Which kernel version do you use? > > v5.11 > >> Could you share your kernel config? > > We are just testing with Richard's config and eliminating compiler > shenanigans now. OK with v5.12-rc5 and Richard's config I get a clean pass. -- = Alex Benn=C3=A9e -- = You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1921948 Title: MTE tags not checked properly for unaligned accesses at EL1 Status in QEMU: In Progress Bug description: For kernel memory accesses that span across two memory granules, QEMU's MTE implementation only checks the tag of the first granule but not of the second one. To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS enabled, apply the patch below, and boot the kernel: diff --git a/sound/last.c b/sound/last.c index f0bb98780e70..04745cb30b74 100644 --- a/sound/last.c +++ b/sound/last.c @@ -5,12 +5,18 @@ */ = #include +#include #include = static int __init alsa_sound_last_init(void) { struct snd_card *card; int idx, ok =3D 0; + + char *ptr =3D kmalloc(128, GFP_KERNEL); + pr_err("KASAN report should follow:\n"); + *(volatile unsigned long *)(ptr + 124); + kfree(ptr); = printk(KERN_INFO "ALSA device list:\n"); for (idx =3D 0; idx < SNDRV_CARDS; idx++) { KASAN tags the 128 allocated bytes with the same tag as the returned pointer. The memory granule that follows the 128 allocated bytes has a different tag (with 1/15 probability). Expected result: a tag fault is detected and a KASAN report is printed wh= en accessing bytes [124, 130). Observed result: no tag fault is detected and no KASAN report is printed. Here are the flags that I use to run QEMU if they matter: qemu-system-aarch64 -s -machine virt,mte=3Don -cpu max -m 2G -smp 2 -net user,host=3D10.0.2.10,hostfwd=3Dtcp:127.0.0.1:10021-:22 -net nic -nographic -kernel ./Image -append "console=3DttyAMA0 root=3D/dev/vda earlyprintk=3Dserial" -drive file=3D./fs.img,format=3Draw,if=3Dvirtio -no- shutdown -no-reboot To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions