From: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
To: luto@kernel.org, xin@zytor.com, kirill.shutemov@linux.intel.com,
palmer@dabbelt.com, tj@kernel.org, andreyknvl@gmail.com,
brgerst@gmail.com, ardb@kernel.org, dave.hansen@linux.intel.com,
jgross@suse.com, will@kernel.org, akpm@linux-foundation.org,
arnd@arndb.de, corbet@lwn.net, maciej.wieczor-retman@intel.com,
dvyukov@google.com, richard.weiyang@gmail.com, ytcoode@gmail.com,
tglx@linutronix.de, hpa@zytor.com, seanjc@google.com,
paul.walmsley@sifive.com, aou@eecs.berkeley.edu,
justinstitt@google.com, jason.andryuk@amd.com, glider@google.com,
ubizjak@gmail.com, jannh@google.com, bhe@redhat.com,
vincenzo.frascino@arm.com, rafael.j.wysocki@intel.com,
ndesaulniers@google.com, mingo@redhat.com,
catalin.marinas@arm.com, junichi.nomura@nec.com,
nathan@kernel.org, ryabinin.a.a@gmail.com, dennis@kernel.org,
bp@alien8.de, kevinloughlin@google.com, morbo@google.com,
dan.j.williams@intel.com, julian.stecklina@cyberus-technology.de,
peterz@infradead.org, cl@linux.com, kees@kernel.org
Cc: kasan-dev@googlegroups.com, x86@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, llvm@lists.linux.dev,
linux-doc@vger.kernel.org
Subject: [PATCH 06/15] x86: Reset tag for virtual to physical address conversions
Date: Tue, 4 Feb 2025 18:33:47 +0100 [thread overview]
Message-ID: <80aa9a4c633502b5330c40f8b2d4da705dca92e7.1738686764.git.maciej.wieczor-retman@intel.com> (raw)
In-Reply-To: <cover.1738686764.git.maciej.wieczor-retman@intel.com>
Any place where pointer arithmetic is used to convert a virtual address
into a physical one can raise errors if the virtual address is tagged.
Reset the pointer's tag by sign extending the tag bits in macros that do
pointer arithmetic in address conversions. There will be no change in
compiled code with KASAN disabled since the compiler will optimize the
__tag_reset() out.
Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
---
arch/x86/include/asm/page.h | 17 +++++++++++++----
arch/x86/include/asm/page_64.h | 2 +-
arch/x86/mm/physaddr.c | 1 +
3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
index 1b93ff80b43b..09c3914d8ce4 100644
--- a/arch/x86/include/asm/page.h
+++ b/arch/x86/include/asm/page.h
@@ -7,6 +7,7 @@
#ifdef __KERNEL__
#include <asm/page_types.h>
+#include <asm/kasan.h>
#ifdef CONFIG_X86_64
#include <asm/page_64.h>
@@ -41,7 +42,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
#define __pa(x) __phys_addr((unsigned long)(x))
#endif
-#define __pa_nodebug(x) __phys_addr_nodebug((unsigned long)(x))
+#define __pa_nodebug(x) __phys_addr_nodebug((unsigned long)(__tag_reset(x)))
/* __pa_symbol should be used for C visible symbols.
This seems to be the official gcc blessed way to do such arithmetic. */
/*
@@ -65,9 +66,17 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
* virt_to_page(kaddr) returns a valid pointer if and only if
* virt_addr_valid(kaddr) returns true.
*/
-#define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
+
+#ifdef CONFIG_KASAN_SW_TAGS
+#define page_to_virt(x) ({ \
+ __typeof__(x) __page = x; \
+ void *__addr = __va(page_to_pfn((__typeof__(x))__tag_reset(__page)) << PAGE_SHIFT); \
+ (void *)__tag_set((const void *)__addr, page_kasan_tag(__page)); \
+})
+#endif
+#define virt_to_page(kaddr) pfn_to_page(__pa((void *)__tag_reset(kaddr)) >> PAGE_SHIFT)
extern bool __virt_addr_valid(unsigned long kaddr);
-#define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long) (kaddr))
+#define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long)(__tag_reset(kaddr)))
static __always_inline void *pfn_to_kaddr(unsigned long pfn)
{
@@ -81,7 +90,7 @@ static __always_inline u64 __canonical_address(u64 vaddr, u8 vaddr_bits)
static __always_inline u64 __is_canonical_address(u64 vaddr, u8 vaddr_bits)
{
- return __canonical_address(vaddr, vaddr_bits) == vaddr;
+ return __canonical_address(vaddr, vaddr_bits) == __tag_reset(vaddr);
}
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h
index f3d257c45225..6e24aeff36eb 100644
--- a/arch/x86/include/asm/page_64.h
+++ b/arch/x86/include/asm/page_64.h
@@ -33,7 +33,7 @@ static __always_inline unsigned long __phys_addr_nodebug(unsigned long x)
extern unsigned long __phys_addr(unsigned long);
extern unsigned long __phys_addr_symbol(unsigned long);
#else
-#define __phys_addr(x) __phys_addr_nodebug(x)
+#define __phys_addr(x) __phys_addr_nodebug(__tag_reset(x))
#define __phys_addr_symbol(x) \
((unsigned long)(x) - __START_KERNEL_map + phys_base)
#endif
diff --git a/arch/x86/mm/physaddr.c b/arch/x86/mm/physaddr.c
index fc3f3d3e2ef2..7f2b11308245 100644
--- a/arch/x86/mm/physaddr.c
+++ b/arch/x86/mm/physaddr.c
@@ -14,6 +14,7 @@
#ifdef CONFIG_DEBUG_VIRTUAL
unsigned long __phys_addr(unsigned long x)
{
+ x = __tag_reset(x);
unsigned long y = x - __START_KERNEL_map;
/* use the carry flag to determine if x was < __START_KERNEL_map */
--
2.47.1
next prev parent reply other threads:[~2025-02-04 17:35 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-04 17:33 [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 01/15] kasan: Allocation enhancement for dense tag-based mode Maciej Wieczor-Retman
2025-02-05 23:43 ` Andrey Konovalov
2025-02-06 12:57 ` Maciej Wieczor-Retman
2025-02-06 18:14 ` Andrey Konovalov
2025-02-04 17:33 ` [PATCH 02/15] kasan: Tag checking with " Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 14:55 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 03/15] kasan: Vmalloc dense tag-based mode support Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 04/15] kasan: arm64: x86: risc-v: Make special tags arch specific Maciej Wieczor-Retman
2025-02-05 20:20 ` Palmer Dabbelt
2025-02-06 11:22 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 05/15] x86: Add arch specific kasan functions Maciej Wieczor-Retman
2025-02-04 17:33 ` Maciej Wieczor-Retman [this message]
2025-02-04 17:33 ` [PATCH 07/15] mm: Pcpu chunk address tag reset Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 08/15] x86: Physical address comparisons in fill_p*d/pte Maciej Wieczor-Retman
2025-02-06 0:57 ` Dave Hansen
2025-02-07 16:37 ` Maciej Wieczor-Retman
2025-02-11 19:59 ` Dave Hansen
2025-02-04 17:33 ` [PATCH 09/15] x86: Physical address comparison in current_mm pgd check Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 10/15] x86: KASAN raw shadow memory PTE init Maciej Wieczor-Retman
2025-02-05 23:45 ` Andrey Konovalov
2025-02-06 15:39 ` Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 11/15] x86: LAM initialization Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 12/15] x86: Minimal SLAB alignment Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 13/15] x86: runtime_const used for KASAN_SHADOW_END Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 14/15] x86: Make software tag-based kasan available Maciej Wieczor-Retman
2025-02-04 17:33 ` [PATCH 15/15] kasan: Add mititgation and debug modes Maciej Wieczor-Retman
2025-02-05 23:46 ` Andrey Konovalov
2025-02-07 9:08 ` Maciej Wieczor-Retman
2025-02-04 18:58 ` [PATCH 00/15] kasan: x86: arm64: risc-v: KASAN tag-based mode for x86 Christoph Lameter (Ampere)
2025-02-04 21:05 ` Dave Hansen
2025-02-05 18:59 ` Christoph Lameter (Ampere)
2025-02-05 23:04 ` Ard Biesheuvel
2025-02-04 23:36 ` Jessica Clarke
2025-02-04 23:36 ` Jessica Clarke
2025-02-05 18:51 ` Christoph Lameter (Ampere)
2025-02-06 1:05 ` Jessica Clarke
2025-02-06 19:11 ` Christoph Lameter (Ampere)
2025-02-06 21:41 ` Dave Hansen
2025-02-07 7:41 ` Maciej Wieczor-Retman
2025-02-06 22:56 ` Andrey Konovalov
2025-02-05 23:40 ` Andrey Konovalov
2025-02-06 10:40 ` Maciej Wieczor-Retman
2025-02-06 18:10 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80aa9a4c633502b5330c40f8b2d4da705dca92e7.1738686764.git.maciej.wieczor-retman@intel.com \
--to=maciej.wieczor-retman@intel.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dennis@kernel.org \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=jason.andryuk@amd.com \
--cc=jgross@suse.com \
--cc=julian.stecklina@cyberus-technology.de \
--cc=junichi.nomura@nec.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=kevinloughlin@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=richard.weiyang@gmail.com \
--cc=ryabinin.a.a@gmail.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=ubizjak@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox