This series implements the in-kernel asymmetric mode support for
ARMv8.7-A Memory Tagging Extension (MTE), which is a debugging feature
that allows to detect with the help of the architecture the C and C++
programmatic memory errors like buffer overflow, use-after-free,
use-after-return, etc.
MTE is built on top of the AArch64 v8.0 virtual address tagging TBI
(Top Byte Ignore) feature and allows a task to set a 4 bit tag on any
subset of its address space that is multiple of a 16 bytes granule. MTE
is based on a lock-key mechanism where the lock is the tag associated to
the physical memory and the key is the tag associated to the virtual
address.
When MTE is enabled and tags are set for ranges of address space of a task,
the PE will compare the tag related to the physical memory with the tag
related to the virtual address (tag check operation). Access to the memory
is granted only if the two tags match. In case of mismatch the PE will raise
an exception.
When asymmetric mode is present, the CPU triggers a fault on a tag mismatch
during a load operation and asynchronously updates a register when a tag
mismatch is detected during a store operation.
Note: The userspace support will be sent with a future patch series.
The series is based on linux-v5.15-rc4.
To simplify the testing a tree with the new patches on top has been made
available at [1].
[1] https://git.gitlab.arm.com/linux-arm/linux-vf.git mte/v3.asymm
Cc: Andrew Morton <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Marco Elver <[email protected]>
Cc: Evgenii Stepanov <[email protected]>
Cc: Branislav Rankov <[email protected]>
Cc: Andrey Konovalov <[email protected]>
Cc: Lorenzo Pieralisi <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Vincenzo Frascino (5):
kasan: Remove duplicate of kasan_flag_async
arm64: mte: Bitfield definitions for Asymm MTE
arm64: mte: CPU feature detection for Asymm MTE
arm64: mte: Add asymmetric mode support
kasan: Extend KASAN mode kernel parameter
Documentation/dev-tools/kasan.rst | 7 +++--
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/mte-kasan.h | 5 ++++
arch/arm64/include/asm/mte.h | 8 +++---
arch/arm64/include/asm/sysreg.h | 3 +++
arch/arm64/include/asm/uaccess.h | 4 +--
arch/arm64/kernel/cpufeature.c | 10 +++++++
arch/arm64/kernel/mte.c | 43 +++++++++++++++++++++++++-----
arch/arm64/tools/cpucaps | 1 +
lib/test_kasan.c | 2 +-
mm/kasan/hw_tags.c | 28 ++++++++++++-------
mm/kasan/kasan.h | 33 ++++++++++++++++++-----
mm/kasan/report.c | 2 +-
13 files changed, 115 insertions(+), 32 deletions(-)
--
2.33.0
MTE provides an asymmetric mode for detecting tag exceptions. In
particular, when such a mode is present, the CPU triggers a fault
on a tag mismatch during a load operation and asynchronously updates
a register when a tag mismatch is detected during a store operation.
Add support for MTE asymmetric mode.
Note: If the CPU does not support MTE asymmetric mode the kernel falls
back on synchronous mode which is the default for kasan=on.
Cc: Will Deacon <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Andrey Konovalov <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Reviewed-by: Catalin Marinas <[email protected]>
---
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/mte-kasan.h | 5 ++++
arch/arm64/include/asm/mte.h | 8 +++---
arch/arm64/include/asm/uaccess.h | 4 +--
arch/arm64/kernel/mte.c | 43 +++++++++++++++++++++++++-----
5 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index f1745a843414..1b9a1e242612 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -243,6 +243,7 @@ static inline const void *__tag_set(const void *addr, u8 tag)
#ifdef CONFIG_KASAN_HW_TAGS
#define arch_enable_tagging_sync() mte_enable_kernel_sync()
#define arch_enable_tagging_async() mte_enable_kernel_async()
+#define arch_enable_tagging_asymm() mte_enable_kernel_asymm()
#define arch_force_async_tag_fault() mte_check_tfsr_exit()
#define arch_get_random_tag() mte_get_random_tag()
#define arch_get_mem_tag(addr) mte_get_mem_tag(addr)
diff --git a/arch/arm64/include/asm/mte-kasan.h b/arch/arm64/include/asm/mte-kasan.h
index 22420e1f8c03..478b9bcf69ad 100644
--- a/arch/arm64/include/asm/mte-kasan.h
+++ b/arch/arm64/include/asm/mte-kasan.h
@@ -130,6 +130,7 @@ static inline void mte_set_mem_tag_range(void *addr, size_t size, u8 tag,
void mte_enable_kernel_sync(void);
void mte_enable_kernel_async(void);
+void mte_enable_kernel_asymm(void);
#else /* CONFIG_ARM64_MTE */
@@ -161,6 +162,10 @@ static inline void mte_enable_kernel_async(void)
{
}
+static inline void mte_enable_kernel_asymm(void)
+{
+}
+
#endif /* CONFIG_ARM64_MTE */
#endif /* __ASSEMBLY__ */
diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
index 02511650cffe..075539f5f1c8 100644
--- a/arch/arm64/include/asm/mte.h
+++ b/arch/arm64/include/asm/mte.h
@@ -88,11 +88,11 @@ static inline int mte_ptrace_copy_tags(struct task_struct *child,
#ifdef CONFIG_KASAN_HW_TAGS
/* Whether the MTE asynchronous mode is enabled. */
-DECLARE_STATIC_KEY_FALSE(mte_async_mode);
+DECLARE_STATIC_KEY_FALSE(mte_async_or_asymm_mode);
-static inline bool system_uses_mte_async_mode(void)
+static inline bool system_uses_mte_async_or_asymm_mode(void)
{
- return static_branch_unlikely(&mte_async_mode);
+ return static_branch_unlikely(&mte_async_or_asymm_mode);
}
void mte_check_tfsr_el1(void);
@@ -121,7 +121,7 @@ static inline void mte_check_tfsr_exit(void)
mte_check_tfsr_el1();
}
#else
-static inline bool system_uses_mte_async_mode(void)
+static inline bool system_uses_mte_async_or_asymm_mode(void)
{
return false;
}
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 190b494e22ab..315354047d69 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -196,13 +196,13 @@ static inline void __uaccess_enable_tco(void)
*/
static inline void __uaccess_disable_tco_async(void)
{
- if (system_uses_mte_async_mode())
+ if (system_uses_mte_async_or_asymm_mode())
__uaccess_disable_tco();
}
static inline void __uaccess_enable_tco_async(void)
{
- if (system_uses_mte_async_mode())
+ if (system_uses_mte_async_or_asymm_mode())
__uaccess_enable_tco();
}
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index e5e801bc5312..d7da4e3924c4 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -26,9 +26,14 @@
static DEFINE_PER_CPU_READ_MOSTLY(u64, mte_tcf_preferred);
#ifdef CONFIG_KASAN_HW_TAGS
-/* Whether the MTE asynchronous mode is enabled. */
-DEFINE_STATIC_KEY_FALSE(mte_async_mode);
-EXPORT_SYMBOL_GPL(mte_async_mode);
+/*
+ * The MTE asynchronous and asymmetric mode have the same
+ * behavior for the store operations.
+ *
+ * Whether the MTE asynchronous or asymmetric mode is enabled.
+ */
+DEFINE_STATIC_KEY_FALSE(mte_async_or_asymm_mode);
+EXPORT_SYMBOL_GPL(mte_async_or_asymm_mode);
#endif
static void mte_sync_page_tags(struct page *page, pte_t old_pte,
@@ -116,7 +121,7 @@ void mte_enable_kernel_sync(void)
* Make sure we enter this function when no PE has set
* async mode previously.
*/
- WARN_ONCE(system_uses_mte_async_mode(),
+ WARN_ONCE(system_uses_mte_async_or_asymm_mode(),
"MTE async mode enabled system wide!");
__mte_enable_kernel("synchronous", SCTLR_ELx_TCF_SYNC);
@@ -134,8 +139,34 @@ void mte_enable_kernel_async(void)
* mode in between sync and async, this strategy needs
* to be reviewed.
*/
- if (!system_uses_mte_async_mode())
- static_branch_enable(&mte_async_mode);
+ if (!system_uses_mte_async_or_asymm_mode())
+ static_branch_enable(&mte_async_or_asymm_mode);
+}
+
+void mte_enable_kernel_asymm(void)
+{
+ if (cpus_have_cap(ARM64_MTE_ASYMM)) {
+ __mte_enable_kernel("asymmetric", SCTLR_ELx_TCF_ASYMM);
+
+ /*
+ * MTE asymm mode behaves as async mode for store
+ * operations. The mode is set system wide by the
+ * first PE that executes this function.
+ *
+ * Note: If in future KASAN acquires a runtime switching
+ * mode in between sync and async, this strategy needs
+ * to be reviewed.
+ */
+ if (!system_uses_mte_async_or_asymm_mode())
+ static_branch_enable(&mte_async_or_asymm_mode);
+ } else {
+ /*
+ * If the CPU does not support MTE asymmetric mode the
+ * kernel falls back on synchronous mode which is the
+ * default for kasan=on.
+ */
+ mte_enable_kernel_sync();
+ }
}
#endif
--
2.33.0
After merging async mode for KASAN_HW_TAGS a duplicate of the
kasan_flag_async flag was left erroneously inside the code.
Remove the duplicate.
Note: This change does not bring functional changes to the code
base.
Cc: Dmitry Vyukov <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Marco Elver <[email protected]>
Cc: Evgenii Stepanov <[email protected]>
Cc: Andrey Konovalov <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Acked-by: Catalin Marinas <[email protected]>
Reviewed-by: Andrey Konovalov <[email protected]>
---
mm/kasan/kasan.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 8bf568a80eb8..3639e7c8bb98 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -38,8 +38,6 @@ static inline bool kasan_async_mode_enabled(void)
#endif
-extern bool kasan_flag_async __ro_after_init;
-
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
#define KASAN_GRANULE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT)
#else
--
2.33.0
Add Asymmetric Memory Tagging Extension bitfield definitions.
Cc: Will Deacon <[email protected]>
Cc: Catalin Marinas <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Acked-by: Catalin Marinas <[email protected]>
---
arch/arm64/include/asm/sysreg.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index b268082d67ed..f51d5912b41c 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -621,6 +621,7 @@
#define SCTLR_ELx_TCF_NONE (UL(0x0) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_SYNC (UL(0x1) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_ASYNC (UL(0x2) << SCTLR_ELx_TCF_SHIFT)
+#define SCTLR_ELx_TCF_ASYMM (UL(0x3) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_MASK (UL(0x3) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_ENIA_SHIFT 31
@@ -666,6 +667,7 @@
#define SCTLR_EL1_TCF0_NONE (UL(0x0) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_SYNC (UL(0x1) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_ASYNC (UL(0x2) << SCTLR_EL1_TCF0_SHIFT)
+#define SCTLR_EL1_TCF0_ASYMM (UL(0x3) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_MASK (UL(0x3) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_BT1 (BIT(36))
@@ -807,6 +809,7 @@
#define ID_AA64PFR1_MTE_NI 0x0
#define ID_AA64PFR1_MTE_EL0 0x1
#define ID_AA64PFR1_MTE 0x2
+#define ID_AA64PFR1_MTE_ASYMM 0x3
/* id_aa64zfr0 */
#define ID_AA64ZFR0_F64MM_SHIFT 56
--
2.33.0
Add the cpufeature entries to detect the presence of Asymmetric MTE.
Note: The tag checking mode is initialized via cpu_enable_mte() ->
kasan_init_hw_tags() hence to enable it we require asymmetric mode
to be at least on the boot CPU. If the boot CPU does not have it, it is
fine for late CPUs to have it as long as the feature is not enabled
(ARM64_CPUCAP_BOOT_CPU_FEATURE).
Cc: Will Deacon <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Suzuki K Poulose <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Reviewed-by: Catalin Marinas <[email protected]>
Reviewed-by: Suzuki K Poulose <[email protected]>
---
arch/arm64/kernel/cpufeature.c | 10 ++++++++++
arch/arm64/tools/cpucaps | 1 +
2 files changed, 11 insertions(+)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 6ec7036ef7e1..9e3e8ad75f20 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2321,6 +2321,16 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.sign = FTR_UNSIGNED,
.cpu_enable = cpu_enable_mte,
},
+ {
+ .desc = "Asymmetric MTE Tag Check Fault",
+ .capability = ARM64_MTE_ASYMM,
+ .type = ARM64_CPUCAP_BOOT_CPU_FEATURE,
+ .matches = has_cpuid_feature,
+ .sys_reg = SYS_ID_AA64PFR1_EL1,
+ .field_pos = ID_AA64PFR1_MTE_SHIFT,
+ .min_field_value = ID_AA64PFR1_MTE_ASYMM,
+ .sign = FTR_UNSIGNED,
+ },
#endif /* CONFIG_ARM64_MTE */
{
.desc = "RCpc load-acquire (LDAPR)",
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index 49305c2e6dfd..74a569bf52d6 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -39,6 +39,7 @@ HW_DBM
KVM_PROTECTED_MODE
MISMATCHED_CACHE_TYPE
MTE
+MTE_ASYMM
SPECTRE_V2
SPECTRE_V3A
SPECTRE_V4
--
2.33.0
Architectures supported by KASAN_HW_TAGS can provide an asymmetric mode
of execution. On an MTE enabled arm64 hw for example this can be
identified with the asymmetric tagging mode of execution. In particular,
when such a mode is present, the CPU triggers a fault on a tag mismatch
during a load operation and asynchronously updates a register when a tag
mismatch is detected during a store operation.
Extend the KASAN HW execution mode kernel command line parameter to
support asymmetric mode.
Cc: Dmitry Vyukov <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Andrey Konovalov <[email protected]>
Signed-off-by: Vincenzo Frascino <[email protected]>
Reviewed-by: Catalin Marinas <[email protected]>
---
Documentation/dev-tools/kasan.rst | 7 +++++--
lib/test_kasan.c | 2 +-
mm/kasan/hw_tags.c | 28 ++++++++++++++++++----------
mm/kasan/kasan.h | 31 +++++++++++++++++++++++++++----
mm/kasan/report.c | 2 +-
5 files changed, 52 insertions(+), 18 deletions(-)
diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index 21dc03bc10a4..8089c559d339 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -194,14 +194,17 @@ additional boot parameters that allow disabling KASAN or controlling features:
- ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``).
-- ``kasan.mode=sync`` or ``=async`` controls whether KASAN is configured in
- synchronous or asynchronous mode of execution (default: ``sync``).
+- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN
+ is configured in synchronous, asynchronous or asymmetric mode of
+ execution (default: ``sync``).
Synchronous mode: a bad access is detected immediately when a tag
check fault occurs.
Asynchronous mode: a bad access detection is delayed. When a tag check
fault occurs, the information is stored in hardware (in the TFSR_EL1
register for arm64). The kernel periodically checks the hardware and
only reports tag faults during these checks.
+ Asymmetric mode: a bad access is detected synchronously on reads and
+ asynchronously on writes.
- ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack
traces collection (default: ``on``).
diff --git a/lib/test_kasan.c b/lib/test_kasan.c
index 8835e0784578..ebed755ebf34 100644
--- a/lib/test_kasan.c
+++ b/lib/test_kasan.c
@@ -88,7 +88,7 @@ static void kasan_test_exit(struct kunit *test)
*/
#define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \
if (IS_ENABLED(CONFIG_KASAN_HW_TAGS) && \
- !kasan_async_mode_enabled()) \
+ kasan_sync_fault_possible()) \
migrate_disable(); \
KUNIT_EXPECT_FALSE(test, READ_ONCE(fail_data.report_found)); \
barrier(); \
diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
index 05d1e9460e2e..39e34595f2b4 100644
--- a/mm/kasan/hw_tags.c
+++ b/mm/kasan/hw_tags.c
@@ -29,6 +29,7 @@ enum kasan_arg_mode {
KASAN_ARG_MODE_DEFAULT,
KASAN_ARG_MODE_SYNC,
KASAN_ARG_MODE_ASYNC,
+ KASAN_ARG_MODE_ASYMM,
};
enum kasan_arg_stacktrace {
@@ -45,9 +46,9 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init;
DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled);
EXPORT_SYMBOL(kasan_flag_enabled);
-/* Whether the asynchronous mode is enabled. */
-bool kasan_flag_async __ro_after_init;
-EXPORT_SYMBOL_GPL(kasan_flag_async);
+/* Whether the selected mode is synchronous/asynchronous/asymmetric.*/
+enum kasan_mode kasan_mode __ro_after_init;
+EXPORT_SYMBOL_GPL(kasan_mode);
/* Whether to collect alloc/free stack traces. */
DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
@@ -69,7 +70,7 @@ static int __init early_kasan_flag(char *arg)
}
early_param("kasan", early_kasan_flag);
-/* kasan.mode=sync/async */
+/* kasan.mode=sync/async/asymm */
static int __init early_kasan_mode(char *arg)
{
if (!arg)
@@ -79,6 +80,8 @@ static int __init early_kasan_mode(char *arg)
kasan_arg_mode = KASAN_ARG_MODE_SYNC;
else if (!strcmp(arg, "async"))
kasan_arg_mode = KASAN_ARG_MODE_ASYNC;
+ else if (!strcmp(arg, "asymm"))
+ kasan_arg_mode = KASAN_ARG_MODE_ASYMM;
else
return -EINVAL;
@@ -116,11 +119,13 @@ void kasan_init_hw_tags_cpu(void)
return;
/*
- * Enable async mode only when explicitly requested through
- * the command line.
+ * Enable async or asymm modes only when explicitly requested
+ * through the command line.
*/
if (kasan_arg_mode == KASAN_ARG_MODE_ASYNC)
hw_enable_tagging_async();
+ else if (kasan_arg_mode == KASAN_ARG_MODE_ASYMM)
+ hw_enable_tagging_asymm();
else
hw_enable_tagging_sync();
}
@@ -143,15 +148,18 @@ void __init kasan_init_hw_tags(void)
case KASAN_ARG_MODE_DEFAULT:
/*
* Default to sync mode.
- * Do nothing, kasan_flag_async keeps its default value.
*/
- break;
case KASAN_ARG_MODE_SYNC:
- /* Do nothing, kasan_flag_async keeps its default value. */
+ /* Sync mode enabled. */
+ kasan_mode = KASAN_MODE_SYNC;
break;
case KASAN_ARG_MODE_ASYNC:
/* Async mode enabled. */
- kasan_flag_async = true;
+ kasan_mode = KASAN_MODE_ASYNC;
+ break;
+ case KASAN_ARG_MODE_ASYMM:
+ /* Asymm mode enabled. */
+ kasan_mode = KASAN_MODE_ASYMM;
break;
}
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 3639e7c8bb98..71b1b5d3d97e 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -13,16 +13,29 @@
#include "../slab.h"
DECLARE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
-extern bool kasan_flag_async __ro_after_init;
+
+enum kasan_mode {
+ KASAN_MODE_SYNC,
+ KASAN_MODE_ASYNC,
+ KASAN_MODE_ASYMM,
+};
+
+extern enum kasan_mode kasan_mode __ro_after_init;
static inline bool kasan_stack_collection_enabled(void)
{
return static_branch_unlikely(&kasan_flag_stacktrace);
}
-static inline bool kasan_async_mode_enabled(void)
+static inline bool kasan_async_fault_possible(void)
+{
+ return kasan_mode == KASAN_MODE_ASYNC ||
+ kasan_mode == KASAN_MODE_ASYMM;
+}
+
+static inline bool kasan_sync_fault_possible(void)
{
- return kasan_flag_async;
+ return kasan_mode != KASAN_MODE_ASYNC;
}
#else
@@ -31,11 +44,16 @@ static inline bool kasan_stack_collection_enabled(void)
return true;
}
-static inline bool kasan_async_mode_enabled(void)
+static inline bool kasan_async_fault_possible(void)
{
return false;
}
+static inline bool kasan_sync_fault_possible(void)
+{
+ return true;
+}
+
#endif
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
@@ -287,6 +305,9 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
#ifndef arch_enable_tagging_async
#define arch_enable_tagging_async()
#endif
+#ifndef arch_enable_tagging_asymm
+#define arch_enable_tagging_asymm()
+#endif
#ifndef arch_force_async_tag_fault
#define arch_force_async_tag_fault()
#endif
@@ -302,6 +323,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
#define hw_enable_tagging_sync() arch_enable_tagging_sync()
#define hw_enable_tagging_async() arch_enable_tagging_async()
+#define hw_enable_tagging_asymm() arch_enable_tagging_asymm()
#define hw_force_async_tag_fault() arch_force_async_tag_fault()
#define hw_get_random_tag() arch_get_random_tag()
#define hw_get_mem_tag(addr) arch_get_mem_tag(addr)
@@ -312,6 +334,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
#define hw_enable_tagging_sync()
#define hw_enable_tagging_async()
+#define hw_enable_tagging_asymm()
#endif /* CONFIG_KASAN_HW_TAGS */
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 884a950c7026..9da071ad930c 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -112,7 +112,7 @@ static void start_report(unsigned long *flags)
static void end_report(unsigned long *flags, unsigned long addr)
{
- if (!kasan_async_mode_enabled())
+ if (!kasan_async_fault_possible())
trace_error_report_end(ERROR_DETECTOR_KASAN, addr);
pr_err("==================================================================\n");
add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
--
2.33.0
.On Wed, Oct 6, 2021 at 5:48 PM Vincenzo Frascino
<[email protected]> wrote:
>
> Architectures supported by KASAN_HW_TAGS can provide an asymmetric mode
> of execution. On an MTE enabled arm64 hw for example this can be
> identified with the asymmetric tagging mode of execution. In particular,
> when such a mode is present, the CPU triggers a fault on a tag mismatch
> during a load operation and asynchronously updates a register when a tag
> mismatch is detected during a store operation.
>
> Extend the KASAN HW execution mode kernel command line parameter to
> support asymmetric mode.
>
> Cc: Dmitry Vyukov <[email protected]>
> Cc: Andrey Ryabinin <[email protected]>
> Cc: Alexander Potapenko <[email protected]>
> Cc: Andrey Konovalov <[email protected]>
> Signed-off-by: Vincenzo Frascino <[email protected]>
> Reviewed-by: Catalin Marinas <[email protected]>
> ---
> Documentation/dev-tools/kasan.rst | 7 +++++--
> lib/test_kasan.c | 2 +-
> mm/kasan/hw_tags.c | 28 ++++++++++++++++++----------
> mm/kasan/kasan.h | 31 +++++++++++++++++++++++++++----
> mm/kasan/report.c | 2 +-
> 5 files changed, 52 insertions(+), 18 deletions(-)
>
> diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
> index 21dc03bc10a4..8089c559d339 100644
> --- a/Documentation/dev-tools/kasan.rst
> +++ b/Documentation/dev-tools/kasan.rst
> @@ -194,14 +194,17 @@ additional boot parameters that allow disabling KASAN or controlling features:
>
> - ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``).
>
> -- ``kasan.mode=sync`` or ``=async`` controls whether KASAN is configured in
> - synchronous or asynchronous mode of execution (default: ``sync``).
> +- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN
> + is configured in synchronous, asynchronous or asymmetric mode of
> + execution (default: ``sync``).
> Synchronous mode: a bad access is detected immediately when a tag
> check fault occurs.
> Asynchronous mode: a bad access detection is delayed. When a tag check
> fault occurs, the information is stored in hardware (in the TFSR_EL1
> register for arm64). The kernel periodically checks the hardware and
> only reports tag faults during these checks.
> + Asymmetric mode: a bad access is detected synchronously on reads and
> + asynchronously on writes.
>
> - ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack
> traces collection (default: ``on``).
> diff --git a/lib/test_kasan.c b/lib/test_kasan.c
> index 8835e0784578..ebed755ebf34 100644
> --- a/lib/test_kasan.c
> +++ b/lib/test_kasan.c
> @@ -88,7 +88,7 @@ static void kasan_test_exit(struct kunit *test)
> */
> #define KUNIT_EXPECT_KASAN_FAIL(test, expression) do { \
> if (IS_ENABLED(CONFIG_KASAN_HW_TAGS) && \
> - !kasan_async_mode_enabled()) \
> + kasan_sync_fault_possible()) \
> migrate_disable(); \
> KUNIT_EXPECT_FALSE(test, READ_ONCE(fail_data.report_found)); \
> barrier(); \
> diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
> index 05d1e9460e2e..39e34595f2b4 100644
> --- a/mm/kasan/hw_tags.c
> +++ b/mm/kasan/hw_tags.c
> @@ -29,6 +29,7 @@ enum kasan_arg_mode {
> KASAN_ARG_MODE_DEFAULT,
> KASAN_ARG_MODE_SYNC,
> KASAN_ARG_MODE_ASYNC,
> + KASAN_ARG_MODE_ASYMM,
> };
>
> enum kasan_arg_stacktrace {
> @@ -45,9 +46,9 @@ static enum kasan_arg_stacktrace kasan_arg_stacktrace __ro_after_init;
> DEFINE_STATIC_KEY_FALSE(kasan_flag_enabled);
> EXPORT_SYMBOL(kasan_flag_enabled);
>
> -/* Whether the asynchronous mode is enabled. */
> -bool kasan_flag_async __ro_after_init;
> -EXPORT_SYMBOL_GPL(kasan_flag_async);
> +/* Whether the selected mode is synchronous/asynchronous/asymmetric.*/
> +enum kasan_mode kasan_mode __ro_after_init;
> +EXPORT_SYMBOL_GPL(kasan_mode);
>
> /* Whether to collect alloc/free stack traces. */
> DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
> @@ -69,7 +70,7 @@ static int __init early_kasan_flag(char *arg)
> }
> early_param("kasan", early_kasan_flag);
>
> -/* kasan.mode=sync/async */
> +/* kasan.mode=sync/async/asymm */
> static int __init early_kasan_mode(char *arg)
> {
> if (!arg)
> @@ -79,6 +80,8 @@ static int __init early_kasan_mode(char *arg)
> kasan_arg_mode = KASAN_ARG_MODE_SYNC;
> else if (!strcmp(arg, "async"))
> kasan_arg_mode = KASAN_ARG_MODE_ASYNC;
> + else if (!strcmp(arg, "asymm"))
> + kasan_arg_mode = KASAN_ARG_MODE_ASYMM;
> else
> return -EINVAL;
>
> @@ -116,11 +119,13 @@ void kasan_init_hw_tags_cpu(void)
> return;
>
> /*
> - * Enable async mode only when explicitly requested through
> - * the command line.
> + * Enable async or asymm modes only when explicitly requested
> + * through the command line.
> */
> if (kasan_arg_mode == KASAN_ARG_MODE_ASYNC)
> hw_enable_tagging_async();
> + else if (kasan_arg_mode == KASAN_ARG_MODE_ASYMM)
> + hw_enable_tagging_asymm();
> else
> hw_enable_tagging_sync();
> }
> @@ -143,15 +148,18 @@ void __init kasan_init_hw_tags(void)
> case KASAN_ARG_MODE_DEFAULT:
> /*
> * Default to sync mode.
> - * Do nothing, kasan_flag_async keeps its default value.
> */
kasan_mode = KASAN_MODE_SYNC;
then, since the "do nothing" comment is dropped.
> - break;
> case KASAN_ARG_MODE_SYNC:
> - /* Do nothing, kasan_flag_async keeps its default value. */
> + /* Sync mode enabled. */
> + kasan_mode = KASAN_MODE_SYNC;
> break;
> case KASAN_ARG_MODE_ASYNC:
> /* Async mode enabled. */
> - kasan_flag_async = true;
> + kasan_mode = KASAN_MODE_ASYNC;
> + break;
> + case KASAN_ARG_MODE_ASYMM:
> + /* Asymm mode enabled. */
> + kasan_mode = KASAN_MODE_ASYMM;
> break;
> }
>
> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
> index 3639e7c8bb98..71b1b5d3d97e 100644
> --- a/mm/kasan/kasan.h
> +++ b/mm/kasan/kasan.h
> @@ -13,16 +13,29 @@
> #include "../slab.h"
>
> DECLARE_STATIC_KEY_FALSE(kasan_flag_stacktrace);
> -extern bool kasan_flag_async __ro_after_init;
> +
> +enum kasan_mode {
> + KASAN_MODE_SYNC,
> + KASAN_MODE_ASYNC,
> + KASAN_MODE_ASYMM,
> +};
> +
> +extern enum kasan_mode kasan_mode __ro_after_init;
>
> static inline bool kasan_stack_collection_enabled(void)
> {
> return static_branch_unlikely(&kasan_flag_stacktrace);
> }
>
> -static inline bool kasan_async_mode_enabled(void)
> +static inline bool kasan_async_fault_possible(void)
> +{
> + return kasan_mode == KASAN_MODE_ASYNC ||
> + kasan_mode == KASAN_MODE_ASYMM;
> +}
> +
> +static inline bool kasan_sync_fault_possible(void)
> {
> - return kasan_flag_async;
> + return kasan_mode != KASAN_MODE_ASYNC;
kasan_mode == KASAN_MODE_SYNC || kasan_mode == KASAN_MODE_ASYMM
is more in line with the condition in kasan_async_fault_possible().
> }
> #else
>
> @@ -31,11 +44,16 @@ static inline bool kasan_stack_collection_enabled(void)
> return true;
> }
>
> -static inline bool kasan_async_mode_enabled(void)
> +static inline bool kasan_async_fault_possible(void)
> {
> return false;
> }
>
> +static inline bool kasan_sync_fault_possible(void)
> +{
> + return true;
> +}
> +
> #endif
>
> #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
> @@ -287,6 +305,9 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
> #ifndef arch_enable_tagging_async
> #define arch_enable_tagging_async()
> #endif
> +#ifndef arch_enable_tagging_asymm
> +#define arch_enable_tagging_asymm()
> +#endif
> #ifndef arch_force_async_tag_fault
> #define arch_force_async_tag_fault()
> #endif
> @@ -302,6 +323,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
>
> #define hw_enable_tagging_sync() arch_enable_tagging_sync()
> #define hw_enable_tagging_async() arch_enable_tagging_async()
> +#define hw_enable_tagging_asymm() arch_enable_tagging_asymm()
> #define hw_force_async_tag_fault() arch_force_async_tag_fault()
> #define hw_get_random_tag() arch_get_random_tag()
> #define hw_get_mem_tag(addr) arch_get_mem_tag(addr)
> @@ -312,6 +334,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
>
> #define hw_enable_tagging_sync()
> #define hw_enable_tagging_async()
> +#define hw_enable_tagging_asymm()
>
> #endif /* CONFIG_KASAN_HW_TAGS */
>
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 884a950c7026..9da071ad930c 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -112,7 +112,7 @@ static void start_report(unsigned long *flags)
>
> static void end_report(unsigned long *flags, unsigned long addr)
> {
> - if (!kasan_async_mode_enabled())
> + if (!kasan_async_fault_possible())
> trace_error_report_end(ERROR_DETECTOR_KASAN, addr);
> pr_err("==================================================================\n");
> add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> --
> 2.33.0
>
With the mentioned changes:
Reviewed-by: Andrey Konovalov <[email protected]>
On Wed, Oct 6, 2021 at 5:48 PM Vincenzo Frascino
<[email protected]> wrote:
>
> MTE provides an asymmetric mode for detecting tag exceptions. In
> particular, when such a mode is present, the CPU triggers a fault
> on a tag mismatch during a load operation and asynchronously updates
> a register when a tag mismatch is detected during a store operation.
>
> Add support for MTE asymmetric mode.
>
> Note: If the CPU does not support MTE asymmetric mode the kernel falls
> back on synchronous mode which is the default for kasan=on.
>
> Cc: Will Deacon <[email protected]>
> Cc: Catalin Marinas <[email protected]>
> Cc: Andrey Konovalov <[email protected]>
> Signed-off-by: Vincenzo Frascino <[email protected]>
> Reviewed-by: Catalin Marinas <[email protected]>
> ---
> arch/arm64/include/asm/memory.h | 1 +
> arch/arm64/include/asm/mte-kasan.h | 5 ++++
> arch/arm64/include/asm/mte.h | 8 +++---
> arch/arm64/include/asm/uaccess.h | 4 +--
> arch/arm64/kernel/mte.c | 43 +++++++++++++++++++++++++-----
> 5 files changed, 49 insertions(+), 12 deletions(-)
>
> diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
> index f1745a843414..1b9a1e242612 100644
> --- a/arch/arm64/include/asm/memory.h
> +++ b/arch/arm64/include/asm/memory.h
> @@ -243,6 +243,7 @@ static inline const void *__tag_set(const void *addr, u8 tag)
> #ifdef CONFIG_KASAN_HW_TAGS
> #define arch_enable_tagging_sync() mte_enable_kernel_sync()
> #define arch_enable_tagging_async() mte_enable_kernel_async()
> +#define arch_enable_tagging_asymm() mte_enable_kernel_asymm()
> #define arch_force_async_tag_fault() mte_check_tfsr_exit()
> #define arch_get_random_tag() mte_get_random_tag()
> #define arch_get_mem_tag(addr) mte_get_mem_tag(addr)
> diff --git a/arch/arm64/include/asm/mte-kasan.h b/arch/arm64/include/asm/mte-kasan.h
> index 22420e1f8c03..478b9bcf69ad 100644
> --- a/arch/arm64/include/asm/mte-kasan.h
> +++ b/arch/arm64/include/asm/mte-kasan.h
> @@ -130,6 +130,7 @@ static inline void mte_set_mem_tag_range(void *addr, size_t size, u8 tag,
>
> void mte_enable_kernel_sync(void);
> void mte_enable_kernel_async(void);
> +void mte_enable_kernel_asymm(void);
>
> #else /* CONFIG_ARM64_MTE */
>
> @@ -161,6 +162,10 @@ static inline void mte_enable_kernel_async(void)
> {
> }
>
> +static inline void mte_enable_kernel_asymm(void)
> +{
> +}
> +
> #endif /* CONFIG_ARM64_MTE */
>
> #endif /* __ASSEMBLY__ */
> diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
> index 02511650cffe..075539f5f1c8 100644
> --- a/arch/arm64/include/asm/mte.h
> +++ b/arch/arm64/include/asm/mte.h
> @@ -88,11 +88,11 @@ static inline int mte_ptrace_copy_tags(struct task_struct *child,
>
> #ifdef CONFIG_KASAN_HW_TAGS
> /* Whether the MTE asynchronous mode is enabled. */
> -DECLARE_STATIC_KEY_FALSE(mte_async_mode);
> +DECLARE_STATIC_KEY_FALSE(mte_async_or_asymm_mode);
>
> -static inline bool system_uses_mte_async_mode(void)
> +static inline bool system_uses_mte_async_or_asymm_mode(void)
> {
> - return static_branch_unlikely(&mte_async_mode);
> + return static_branch_unlikely(&mte_async_or_asymm_mode);
> }
>
> void mte_check_tfsr_el1(void);
> @@ -121,7 +121,7 @@ static inline void mte_check_tfsr_exit(void)
> mte_check_tfsr_el1();
> }
> #else
> -static inline bool system_uses_mte_async_mode(void)
> +static inline bool system_uses_mte_async_or_asymm_mode(void)
> {
> return false;
> }
> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
> index 190b494e22ab..315354047d69 100644
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -196,13 +196,13 @@ static inline void __uaccess_enable_tco(void)
> */
> static inline void __uaccess_disable_tco_async(void)
> {
> - if (system_uses_mte_async_mode())
> + if (system_uses_mte_async_or_asymm_mode())
> __uaccess_disable_tco();
> }
>
> static inline void __uaccess_enable_tco_async(void)
> {
> - if (system_uses_mte_async_mode())
> + if (system_uses_mte_async_or_asymm_mode())
> __uaccess_enable_tco();
> }
>
> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
> index e5e801bc5312..d7da4e3924c4 100644
> --- a/arch/arm64/kernel/mte.c
> +++ b/arch/arm64/kernel/mte.c
> @@ -26,9 +26,14 @@
> static DEFINE_PER_CPU_READ_MOSTLY(u64, mte_tcf_preferred);
>
> #ifdef CONFIG_KASAN_HW_TAGS
> -/* Whether the MTE asynchronous mode is enabled. */
> -DEFINE_STATIC_KEY_FALSE(mte_async_mode);
> -EXPORT_SYMBOL_GPL(mte_async_mode);
> +/*
> + * The MTE asynchronous and asymmetric mode have the same
> + * behavior for the store operations.
> + *
> + * Whether the MTE asynchronous or asymmetric mode is enabled.
Nit:
The asynchronous and asymmetric MTE modes have the same behavior for
store operations. This flag is set when either of these modes is
enabled.
> + */
> +DEFINE_STATIC_KEY_FALSE(mte_async_or_asymm_mode);
> +EXPORT_SYMBOL_GPL(mte_async_or_asymm_mode);
> #endif
>
> static void mte_sync_page_tags(struct page *page, pte_t old_pte,
> @@ -116,7 +121,7 @@ void mte_enable_kernel_sync(void)
> * Make sure we enter this function when no PE has set
> * async mode previously.
> */
> - WARN_ONCE(system_uses_mte_async_mode(),
> + WARN_ONCE(system_uses_mte_async_or_asymm_mode(),
> "MTE async mode enabled system wide!");
>
> __mte_enable_kernel("synchronous", SCTLR_ELx_TCF_SYNC);
> @@ -134,8 +139,34 @@ void mte_enable_kernel_async(void)
> * mode in between sync and async, this strategy needs
> * to be reviewed.
> */
> - if (!system_uses_mte_async_mode())
> - static_branch_enable(&mte_async_mode);
> + if (!system_uses_mte_async_or_asymm_mode())
> + static_branch_enable(&mte_async_or_asymm_mode);
> +}
> +
> +void mte_enable_kernel_asymm(void)
> +{
> + if (cpus_have_cap(ARM64_MTE_ASYMM)) {
> + __mte_enable_kernel("asymmetric", SCTLR_ELx_TCF_ASYMM);
> +
> + /*
> + * MTE asymm mode behaves as async mode for store
> + * operations. The mode is set system wide by the
> + * first PE that executes this function.
> + *
> + * Note: If in future KASAN acquires a runtime switching
> + * mode in between sync and async, this strategy needs
> + * to be reviewed.
> + */
> + if (!system_uses_mte_async_or_asymm_mode())
> + static_branch_enable(&mte_async_or_asymm_mode);
> + } else {
> + /*
> + * If the CPU does not support MTE asymmetric mode the
> + * kernel falls back on synchronous mode which is the
> + * default for kasan=on.
> + */
> + mte_enable_kernel_sync();
> + }
> }
> #endif
>
> --
> 2.33.0
>
Acked-by: Andrey Konovalov <[email protected]>
On Wed, 6 Oct 2021 16:47:46 +0100, Vincenzo Frascino wrote:
> This series implements the in-kernel asymmetric mode support for
> ARMv8.7-A Memory Tagging Extension (MTE), which is a debugging feature
> that allows to detect with the help of the architecture the C and C++
> programmatic memory errors like buffer overflow, use-after-free,
> use-after-return, etc.
>
> MTE is built on top of the AArch64 v8.0 virtual address tagging TBI
> (Top Byte Ignore) feature and allows a task to set a 4 bit tag on any
> subset of its address space that is multiple of a 16 bytes granule. MTE
> is based on a lock-key mechanism where the lock is the tag associated to
> the physical memory and the key is the tag associated to the virtual
> address.
>
> [...]
Applied to arm64 (for-next/mte), thanks!
[1/5] kasan: Remove duplicate of kasan_flag_async
https://git.kernel.org/arm64/c/f5627ec1ff2c
[2/5] arm64: mte: Bitfield definitions for Asymm MTE
https://git.kernel.org/arm64/c/ba1a98e8b172
[3/5] arm64: mte: CPU feature detection for Asymm MTE
https://git.kernel.org/arm64/c/d73c162e0733
[4/5] arm64: mte: Add asymmetric mode support
https://git.kernel.org/arm64/c/ec0288369f0c
[5/5] kasan: Extend KASAN mode kernel parameter
https://git.kernel.org/arm64/c/2d27e5851473
Cheers,
--
Will
https://fixes.arm64.dev
https://next.arm64.dev
https://will.arm64.dev