Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp414029pxb; Tue, 9 Feb 2021 03:47:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJyqUKYgKaYB26ajlr20T0S+UGD/Z/rrvCnMsJMCJjPNUf9ln1RMGPYcaqvO3Yash+cU9wh/ X-Received: by 2002:a17:906:3006:: with SMTP id 6mr12531500ejz.448.1612871242818; Tue, 09 Feb 2021 03:47:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612871242; cv=none; d=google.com; s=arc-20160816; b=bWckBzTp+xWod9AwzW8gf2fg4ERV44U1K22+3V+cHNPU3s09sdEprt9kCHi4F8u4Qx dX7vaBNdu64TZrlB0krjhijqVRlBU1UBa6YJLRGBCZTRIjmQdt8vf/npootCiS+V4fIq YYzFfkd47CBXJbYg1IwxM+3poObedOcSTZEVOh0aflddWqxTceTsK04CJNZ7xvAqfXK6 5436znq0thowfnGdUFEVMaNme53QRsERxgZqgJYhdyPrXsX31+qEYria8lmneYh/6bJh 8+NpX80tSSy2l8Gp3rZG0XdGA2uYD+aV24dDQ9DwyQPsMQkHS5WHl6ADE+NyVY9sgwrd sDfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=Bb5yoERLfelmNtYPMhKYZh+X+ZFIHafVG9XaUqwdHDc=; b=LovqEp2z7wvvBsyD4xcqF+PrStsUzq2HCR1rqR0hcZQW3Is8+e3aiFpehuDdn/xqQO +w61Gs+FF0G47uDOnJDuv20fXfYr6P5SyVqnWHqN3/DvoWVLqWaTw4VzxRBxqzMdB9rN mjjx+hFu3z59BanLSx7MSYWDm6X4YhIO8Pq7iQYHsYcxYKsJF4BWU6XsrJ05PQWXBdZp 7a5Pdfwh+DM0EZGLp2hvOu9ivvMnH3W5VbB6i5Nr74DDUfb85YrHurWJVy0lmeF41Tfe RDs070KSrCHRHKaFv38sAaHbR6ZVu3k8e/mEJHEs086L9Oa96hYp2ITiiCQe8Slg5iUK mssg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a9si3647146edv.308.2021.02.09.03.46.57; Tue, 09 Feb 2021 03:47:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230380AbhBILoV (ORCPT + 99 others); Tue, 9 Feb 2021 06:44:21 -0500 Received: from foss.arm.com ([217.140.110.172]:50228 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229816AbhBILmS (ORCPT ); Tue, 9 Feb 2021 06:42:18 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7C5B1ED1; Tue, 9 Feb 2021 03:41:32 -0800 (PST) Received: from [10.37.8.18] (unknown [10.37.8.18]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A34EF3F73B; Tue, 9 Feb 2021 03:41:29 -0800 (PST) Subject: Re: [PATCH v12 4/7] arm64: mte: Enable TCO in functions that can read beyond buffer limits To: Catalin Marinas Cc: linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, Andrew Morton , Will Deacon , Dmitry Vyukov , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Branislav Rankov , Andrey Konovalov , Lorenzo Pieralisi References: <20210208165617.9977-1-vincenzo.frascino@arm.com> <20210208165617.9977-5-vincenzo.frascino@arm.com> <20210209113505.GD1435@arm.com> From: Vincenzo Frascino Message-ID: <1d8c98bc-2192-94c9-a383-d3e9cecc2eed@arm.com> Date: Tue, 9 Feb 2021 11:45:32 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210209113505.GD1435@arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/9/21 11:35 AM, Catalin Marinas wrote: > On Mon, Feb 08, 2021 at 04:56:14PM +0000, Vincenzo Frascino wrote: >> diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h >> index 0deb88467111..f43d78aee593 100644 >> --- a/arch/arm64/include/asm/uaccess.h >> +++ b/arch/arm64/include/asm/uaccess.h >> @@ -188,6 +188,21 @@ static inline void __uaccess_enable_tco(void) >> ARM64_MTE, CONFIG_KASAN_HW_TAGS)); >> } >> >> +/* Whether the MTE asynchronous mode is enabled. */ >> +DECLARE_STATIC_KEY_FALSE(mte_async_mode); >> + >> +static inline void __uaccess_disable_tco_async(void) >> +{ >> + if (static_branch_unlikely(&mte_async_mode)) >> + __uaccess_disable_tco(); >> +} >> + >> +static inline void __uaccess_enable_tco_async(void) >> +{ >> + if (static_branch_unlikely(&mte_async_mode)) >> + __uaccess_enable_tco(); >> +} > > I would add a comment here along the lines of what's in the commit log: > these functions disable tag checking only if in MTE async mode since the > sync mode generates exceptions synchronously and the nofault or > load_unaligned_zeropad can handle them. > Good point, increases clarity. I will add it in the next version. >> + >> static inline void uaccess_disable_privileged(void) >> { >> __uaccess_disable_tco(); >> @@ -307,8 +322,10 @@ do { \ >> do { \ >> int __gkn_err = 0; \ >> \ >> + __uaccess_enable_tco_async(); \ >> __raw_get_mem("ldr", *((type *)(dst)), \ >> (__force type *)(src), __gkn_err); \ >> + __uaccess_disable_tco_async(); \ >> if (unlikely(__gkn_err)) \ >> goto err_label; \ >> } while (0) >> @@ -379,9 +396,11 @@ do { \ >> #define __put_kernel_nofault(dst, src, type, err_label) \ >> do { \ >> int __pkn_err = 0; \ >> + __uaccess_enable_tco_async(); \ >> \ > > Nitpick: for consistency with the __get_kernel_nofault() function, > please move the empty line above __uaccess_enable_tco_async(). > Ok, will do in the next version. >> __raw_put_mem("str", *((type *)(src)), \ >> (__force type *)(dst), __pkn_err); \ >> + __uaccess_disable_tco_async(); \ >> if (unlikely(__pkn_err)) \ >> goto err_label; \ >> } while(0) > > [...] > >> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c >> index 92078e1eb627..60531afc706e 100644 >> --- a/arch/arm64/kernel/mte.c >> +++ b/arch/arm64/kernel/mte.c >> @@ -27,6 +27,10 @@ u64 gcr_kernel_excl __ro_after_init; >> >> static bool report_fault_once = true; >> >> +/* Whether the MTE asynchronous mode is enabled. */ >> +DEFINE_STATIC_KEY_FALSE(mte_async_mode); >> +EXPORT_SYMBOL_GPL(mte_async_mode); >> + >> static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool check_swap) >> { >> pte_t old_pte = READ_ONCE(*ptep); >> @@ -170,6 +174,12 @@ void mte_enable_kernel_sync(void) >> void mte_enable_kernel_async(void) >> { >> __mte_enable_kernel("asynchronous", SCTLR_ELx_TCF_ASYNC); >> + >> + /* >> + * This function is called on each active smp core, we do not >> + * to take cpu_hotplug_lock again. >> + */ >> + static_branch_enable_cpuslocked(&mte_async_mode); >> } > > Do we need to disable mte_async_mode in mte_enable_kernel_sync()? I > think currently that's only done at boot time but kasan may gain some > run-time features and change the mode dynamically. > Indeed, as you are saying at the moment is done at boot only but it is better to make the code more future proof. Maybe with a note in the commit message. -- Regards, Vincenzo