Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp560781pxa; Fri, 14 Aug 2020 11:19:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4QdRaQfwnDoXw6EET5oFvDx7HfH/POiOZ2SwAmk4/Vt0JORWjX/6wjfYg29qDTupyVz6w X-Received: by 2002:aa7:d5d5:: with SMTP id d21mr3533894eds.229.1597429159593; Fri, 14 Aug 2020 11:19:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597429159; cv=none; d=google.com; s=arc-20160816; b=tb6o9BTuV1S1A7EFr5xV+93qvdEOL9wKkeiOgXgsVRbwr9FmzXdwd7lzD98kYxIDNe V74cxAH3crv+TKczgU3CZDrHihsKNJjHTipLS1XcizK8UEGsltRhA2AmLeH5tRDnhvUe bPXbp6LTFQC0nECWhESX8MQsNXqT8ZN7HLLtxD647+FjkuVOCBZKk/3WuZp37VLXFIrL nLOniooD/VoErgiTXsUav89OhFhFxDVy53ZqJAEp7/WpDf1sZDOctiK8bP8PhZLMCCD1 PEsSyEserEmL5UvSl8/eGzQzVNOPZPGo1zjW1ZaYkAegBGnYNyte78IRWGL8tzmETE3s IUvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=E0RrGh1M0jqaaDoEOkU8MvQi4g07cx9su4pS9IT1SWw=; b=FcmF0KVQuNxM8fh4GdXbnsuLWUqK0YDKZ9fbdBdPU1mB6QdC1+BIsI1KK4o1dK37vw ectHvdRhGUbzNPwdmfQNst1Id4RzeaVvDTjKA5avwj52BjEQOfymb4forO+WVFffrSUV W3vVgO0cYlNPjsvg07/ona3bggSDuVxi2E8TLZVfikiOBwe2sHJsThy3tReOZwz+5uNh KqDY+viLBTnFVTFjLhIPmLXbe/XbT0TXL7WrkItFsBALJ+lseG04BGnTvMys1hcNgCex We5hSAxmv8cvpD75s6sC/TlPrWS85vXhTLsyCvgzFGi1kUF4xd9VmMAwO+XMZoHYtGBH dF7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=J0yRjS8w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o21si5804803ejc.533.2020.08.14.11.18.56; Fri, 14 Aug 2020 11:19:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=J0yRjS8w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728737AbgHNR2Y (ORCPT + 99 others); Fri, 14 Aug 2020 13:28:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728706AbgHNR2P (ORCPT ); Fri, 14 Aug 2020 13:28:15 -0400 Received: from mail-qv1-xf49.google.com (mail-qv1-xf49.google.com [IPv6:2607:f8b0:4864:20::f49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C2EE3C061386 for ; Fri, 14 Aug 2020 10:28:14 -0700 (PDT) Received: by mail-qv1-xf49.google.com with SMTP id l18so6471301qvq.16 for ; Fri, 14 Aug 2020 10:28:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=E0RrGh1M0jqaaDoEOkU8MvQi4g07cx9su4pS9IT1SWw=; b=J0yRjS8wAi98SLl40BtGkKwGJXb87bHWptPKQUee0Z7i8RnowmsAsnTsSSGI/mRVKG /jBE+O/OM0IlfTDa5WKWGDVszoGwgZAxqhir2+UYOvzVv0T0kxYGs89EIVE3j7zvDcQP GPQ1zisFX3ghoL4cEwaGUe+RAIqE8fE978O2GWSaMwrA6JP4uyHCDH6oudvPU+qzrFnK s/DztyfYwRhXAGuuuDUHlU5qU/ik0sNsoQCOVLC2aU7SaX6rXyrlmEfq6jLz9760Mo/W YzyxoAF7tuNY/jCOHcxGNwqQSk8KoNiASEdIQr3iycLeHaTqYkXL/Uqo8uXoj1mabJku 9Q2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=E0RrGh1M0jqaaDoEOkU8MvQi4g07cx9su4pS9IT1SWw=; b=pOgMdZf0rxAYThQcinx/6bM0wIlz8gfs8hLWdt3g0tDwrlyhvxrXWSjDA5cJtZMHsk UL5H5C8k2Vm3a+LykSSh2glOI+AdvGeRyyDjp+zuKU0zf4L2P/Z1CpSQn8iWNvueu1aV cLfgVrXSRxm7Kv/Zarf0HHLCPfTzirxArEvUV9GKUPWyZDRZGgmLKglhUhNrz9axJdY/ EIGwvvD0Zj30KUXMRN0dFtv8a367bfVXGatOVCdRbkeHtTN9OG6uRzeGx/llJ5YdQCuu XNRIJxyRyWe5Xzs+K82rSMVvEpwXIvHjWwMd/uzKHvBYUrQntst0hDAeHavEPjQ7oxSj ugig== X-Gm-Message-State: AOAM532SpGHnoX93dUHcCI6hQ3pLYe8BSX0ldHeDWADjIt0AvjPtvNC9 Z4H2dQh4Lwg0bAv6LjWfpctlgBbnv9CwM4JO X-Received: by 2002:a0c:9a0c:: with SMTP id p12mr3610073qvd.75.1597426093874; Fri, 14 Aug 2020 10:28:13 -0700 (PDT) Date: Fri, 14 Aug 2020 19:27:03 +0200 In-Reply-To: Message-Id: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.28.0.220.ged08abb693-goog Subject: [PATCH 21/35] arm64: mte: Add in-kernel tag fault handler From: Andrey Konovalov To: Dmitry Vyukov , Vincenzo Frascino , Catalin Marinas , kasan-dev@googlegroups.com Cc: Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Elena Petrova , Branislav Rankov , Kevin Brodsky , Will Deacon , Andrew Morton , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vincenzo Frascino Add the implementation of the in-kernel fault handler. When a tag fault happens on a kernel address: * a warning is logged, * the faulting instruction is skipped, * the execution continues. When a tag fault happens on a user address: * the kernel executes do_bad_area() and panics. Signed-off-by: Vincenzo Frascino Co-developed-by: Andrey Konovalov Signed-off-by: Andrey Konovalov --- arch/arm64/mm/fault.c | 50 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 5e832b3387f1..c62c8ba85c0e 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -222,6 +223,20 @@ int ptep_set_access_flags(struct vm_area_struct *vma, return 1; } +static bool is_el1_mte_sync_tag_check_fault(unsigned int esr) +{ + unsigned int ec = ESR_ELx_EC(esr); + unsigned int fsc = esr & ESR_ELx_FSC; + + if (ec != ESR_ELx_EC_DABT_CUR) + return false; + + if (fsc == ESR_ELx_FSC_MTE) + return true; + + return false; +} + static bool is_el1_instruction_abort(unsigned int esr) { return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_CUR; @@ -294,6 +309,18 @@ static void die_kernel_fault(const char *msg, unsigned long addr, do_exit(SIGKILL); } +static void report_tag_fault(unsigned long addr, unsigned int esr, + struct pt_regs *regs) +{ + bool is_write = ((esr & ESR_ELx_WNR) >> ESR_ELx_WNR_SHIFT) != 0; + + pr_alert("Memory Tagging Extension Fault in %pS\n", (void *)regs->pc); + pr_alert(" %s at address %lx\n", is_write ? "Write" : "Read", addr); + pr_alert(" Pointer tag: [%02x], memory tag: [%02x]\n", + mte_get_ptr_tag(addr), + mte_get_mem_tag((void *)addr)); +} + static void __do_kernel_fault(unsigned long addr, unsigned int esr, struct pt_regs *regs) { @@ -317,12 +344,16 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr, msg = "execute from non-executable memory"; else msg = "read from unreadable memory"; + } else if (is_el1_mte_sync_tag_check_fault(esr)) { + report_tag_fault(addr, esr, regs); + msg = "memory tagging extension fault"; } else if (addr < PAGE_SIZE) { msg = "NULL pointer dereference"; } else { msg = "paging request"; } + die_kernel_fault(msg, addr, esr, regs); } @@ -658,10 +689,27 @@ static int do_sea(unsigned long addr, unsigned int esr, struct pt_regs *regs) return 0; } +static int do_tag_recovery(unsigned long addr, unsigned int esr, + struct pt_regs *regs) +{ + report_tag_fault(addr, esr, regs); + + /* Skip over the faulting instruction and continue: */ + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); + + return 0; +} + + static int do_tag_check_fault(unsigned long addr, unsigned int esr, struct pt_regs *regs) { - do_bad_area(addr, esr, regs); + /* The tag check fault (TCF) is per TTBR */ + if (is_ttbr0_addr(addr)) + do_bad_area(addr, esr, regs); + else + do_tag_recovery(addr, esr, regs); + return 0; } -- 2.28.0.220.ged08abb693-goog