Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp410280pxa; Thu, 27 Aug 2020 06:00:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4qUyevo6wv3yJGZV+aKTHmyanIyVWUciuxyi5NyEeUvP/fmIuG9LAcuVue0OEN9a/AFo1 X-Received: by 2002:aa7:ca46:: with SMTP id j6mr17498555edt.128.1598533207343; Thu, 27 Aug 2020 06:00:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598533207; cv=none; d=google.com; s=arc-20160816; b=ZJHc3IZBgznM/A80opjsKwbBCYaNy7luxxwchAOx0AaweIcwm9G9PMXCChyc47Kl4H GP1t5js2pAkAf1miOyRGH2g1ER0SdsSCZddmNNdFxALO+QevQI27fRj/dagw4sBBL33Y DckppuGqRT69I1PnVuvliFL/fQ2PwrXjbGbf4LrUmamS8JnmSJ22BctrdymMywKl9O84 g/HqJVqhu4TriSdZUUnPAqLEs5LiAXUw76oyh3PT1F4eNamnXkS83guuLEmq8vaA74ZW AXUGntaCtqwi9IzuvVqTdLiQVC6hEEMb6gPZA9dDeNngPk1ppte7H24sPhz9vJ7dduD6 Onsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yQ34VdsT1gZZpD4I8FVa5CTJn00Te78jNd2pA6lLPkY=; b=CN8nLgp+EUYxX93vzMt/iFJjDqrWbnDrbWNWnPhZHCzVDu/pK43z4nWnoxD/wC6Nf8 r90w1nTUJ03Y8ZbVXiLkBrJisTcvgJEwwqurrKSqAqoQLBE9Fnfli+9FtX71tmgyTmtr 0mSEtu+oeOBWN1wAPlo+MHhT9tlFg7YndUFMA1PCoVoeOezrifaMgJufRMkF71X4+vF+ kmxgw1ZhAtk3gFcTkN7I0U0WWMqnMm8eAEF/MvCFG785fYF2OUgz0ShDIx3P0ep78nL9 ja9DygMj7jBr2W582qpZj9sh9nYOlzSSRjj6tsyxoW4mn5tt7DjwAJSoXqMnhQ8hm/Bt 4uXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=I1epf77j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l14si1576325edv.544.2020.08.27.05.59.43; Thu, 27 Aug 2020 06:00:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=I1epf77j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726995AbgH0M7B (ORCPT + 99 others); Thu, 27 Aug 2020 08:59:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729051AbgH0MmM (ORCPT ); Thu, 27 Aug 2020 08:42:12 -0400 Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 839D6C06121B for ; Thu, 27 Aug 2020 05:31:39 -0700 (PDT) Received: by mail-pj1-x1042.google.com with SMTP id q1so2515369pjd.1 for ; Thu, 27 Aug 2020 05:31:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yQ34VdsT1gZZpD4I8FVa5CTJn00Te78jNd2pA6lLPkY=; b=I1epf77jfolvXZ3lxPPerNV6b8ZR+vAs1jMXJRljeHO4smH2mv2d/HofqXH/7th22j RAuCv5zawN4S0NQp1oMcbV7rprwSgI9inHZv6mH5ztgY0JijkSvpAwvgvIgUuNEz/J7m +h5oynsBLzazcuzTgTdIrP0CLSswcNzISkJ2Dhg+naUoEP7PfnG3dEnEqXF3lwxRjH/k 1HkGx3MrXz0pMyMcOldMH88mE1GlygmVmHBRAC5UtpsHzusbufe4vrn2WbIPqpjnehrD GN4t7ktbeaWZUrIDi3yQuWHZXqVtYYvF6aUj+le8gk/4mQwukcfGQBu0f87Vf1dKd1rh Iiog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yQ34VdsT1gZZpD4I8FVa5CTJn00Te78jNd2pA6lLPkY=; b=EU5zHpjJWTwFLISnYOdohbE2aKFb0dLGMOoQG3KVW7K+Vwt8XUBxuu1Y7Wsb8GSndL DQJ3MDd8WXhMso//WCbmzjwj4Hvm3iBLFV4XHdJnAoUQdnVzA8CPjGgM2iT09P8/A5VG jVxhe5x3jXBcSuvZtVExpJJ17GF99y0VtZsSzZAqctX/ImGGdbaSNn2mjGB7R1KFWFr0 7CL9zyJL2ANQVS9aqEG2Gpy5HJI/de3kT/Ut+JSBCimKifqAlkVzbXYR2AYijsFbW0QE 8pE7jMhqzr11aBE/B4SOMKdP6Rt9aHSTpYy8If5AzNpHv2Tgo+2QBnBI2/JcUrFW0God Zthg== X-Gm-Message-State: AOAM530eSOclNFyRXtQ+A+G3tl22YEah4CnI0X1EZi3pgg3V2XjKHmlC lQnBkMf+APkYgquy7qUfBpC0z7QB34q4AagEhnUTQw== X-Received: by 2002:a17:90a:a791:: with SMTP id f17mr10252307pjq.136.1598531494572; Thu, 27 Aug 2020 05:31:34 -0700 (PDT) MIME-Version: 1.0 References: <20200827095429.GC29264@gaia> In-Reply-To: <20200827095429.GC29264@gaia> From: Andrey Konovalov Date: Thu, 27 Aug 2020 14:31:23 +0200 Message-ID: Subject: Re: [PATCH 21/35] arm64: mte: Add in-kernel tag fault handler To: Catalin Marinas , Vincenzo Frascino Cc: Dmitry Vyukov , kasan-dev , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Elena Petrova , Branislav Rankov , Kevin Brodsky , Will Deacon , Andrew Morton , Linux ARM , Linux Memory Management List , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 27, 2020 at 11:54 AM Catalin Marinas wrote: > > On Fri, Aug 14, 2020 at 07:27:03PM +0200, Andrey Konovalov wrote: > > diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c > > index 5e832b3387f1..c62c8ba85c0e 100644 > > --- a/arch/arm64/mm/fault.c > > +++ b/arch/arm64/mm/fault.c > > @@ -33,6 +33,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -222,6 +223,20 @@ int ptep_set_access_flags(struct vm_area_struct *vma, > > return 1; > > } > > > > +static bool is_el1_mte_sync_tag_check_fault(unsigned int esr) > > +{ > > + unsigned int ec = ESR_ELx_EC(esr); > > + unsigned int fsc = esr & ESR_ELx_FSC; > > + > > + if (ec != ESR_ELx_EC_DABT_CUR) > > + return false; > > + > > + if (fsc == ESR_ELx_FSC_MTE) > > + return true; > > + > > + return false; > > +} > > + > > static bool is_el1_instruction_abort(unsigned int esr) > > { > > return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_CUR; > > @@ -294,6 +309,18 @@ static void die_kernel_fault(const char *msg, unsigned long addr, > > do_exit(SIGKILL); > > } > > > > +static void report_tag_fault(unsigned long addr, unsigned int esr, > > + struct pt_regs *regs) > > +{ > > + bool is_write = ((esr & ESR_ELx_WNR) >> ESR_ELx_WNR_SHIFT) != 0; > > + > > + pr_alert("Memory Tagging Extension Fault in %pS\n", (void *)regs->pc); > > + pr_alert(" %s at address %lx\n", is_write ? "Write" : "Read", addr); > > + pr_alert(" Pointer tag: [%02x], memory tag: [%02x]\n", > > + mte_get_ptr_tag(addr), > > + mte_get_mem_tag((void *)addr)); > > +} > > + > > static void __do_kernel_fault(unsigned long addr, unsigned int esr, > > struct pt_regs *regs) > > { > > @@ -317,12 +344,16 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr, > > msg = "execute from non-executable memory"; > > else > > msg = "read from unreadable memory"; > > + } else if (is_el1_mte_sync_tag_check_fault(esr)) { > > + report_tag_fault(addr, esr, regs); > > + msg = "memory tagging extension fault"; > > IIUC, that's dead code. See my comment below on do_tag_check_fault(). > > > } else if (addr < PAGE_SIZE) { > > msg = "NULL pointer dereference"; > > } else { > > msg = "paging request"; > > } > > > > + > > Unnecessary empty line. > > > die_kernel_fault(msg, addr, esr, regs); > > } > > > > @@ -658,10 +689,27 @@ static int do_sea(unsigned long addr, unsigned int esr, struct pt_regs *regs) > > return 0; > > } > > > > +static int do_tag_recovery(unsigned long addr, unsigned int esr, > > + struct pt_regs *regs) > > +{ > > + report_tag_fault(addr, esr, regs); > > + > > + /* Skip over the faulting instruction and continue: */ > > + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); > > Ooooh, do we expect the kernel to still behave correctly after this? I > thought the recovery means disabling tag checking altogether and > restarting the instruction rather than skipping over it. The intention is to be able to catch multiple MTE faults without panicking or disabling MTE when executing KASAN tests (those do multiple bad accesses one after another). We do arm64_skip_faulting_instruction() for software tag-based KASAN too, it's not ideal, but works for testing purposes. Can we disable MTE, reexecute the instruction, and then reenable MTE, or something like that? When running in-kernel MTE in production, we'll either panic or disable MTE after the first fault. This was controlled by the panic_on_mte_fault option Vincenzo initially had. > We only skip if we emulated it. I'm not sure I understand this part, what do you mean by emulating? > > > + > > + return 0; > > +} > > + > > + > > static int do_tag_check_fault(unsigned long addr, unsigned int esr, > > struct pt_regs *regs) > > { > > - do_bad_area(addr, esr, regs); > > + /* The tag check fault (TCF) is per TTBR */ > > + if (is_ttbr0_addr(addr)) > > + do_bad_area(addr, esr, regs); > > + else > > + do_tag_recovery(addr, esr, regs); > > So we never invoke __do_kernel_fault() for a synchronous tag check in > the kernel. What's with all the is_el1_mte_sync_tag_check_fault() check > above? > > -- > Catalin > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200827095429.GC29264%40gaia.