From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 730ABC433F5
	for <linux-mm@archiver.kernel.org>; Sat, 21 May 2022 22:16:05 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E04DB8D0002; Sat, 21 May 2022 18:16:04 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D8D258D0001; Sat, 21 May 2022 18:16:04 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C2F228D0002; Sat, 21 May 2022 18:16:04 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id B06B68D0001
	for <linux-mm@kvack.org>; Sat, 21 May 2022 18:16:04 -0400 (EDT)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay11.hostedemail.com (Postfix) with ESMTP id 813E480780
	for <linux-mm@kvack.org>; Sat, 21 May 2022 22:16:04 +0000 (UTC)
X-FDA: 79491159048.01.E67689C
Received: from mail-io1-f47.google.com (mail-io1-f47.google.com [209.85.166.47])
	by imf02.hostedemail.com (Postfix) with ESMTP id 41AC98002F
	for <linux-mm@kvack.org>; Sat, 21 May 2022 22:16:02 +0000 (UTC)
Received: by mail-io1-f47.google.com with SMTP id a10so11961285ioe.9
        for <linux-mm@kvack.org>; Sat, 21 May 2022 15:16:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=aWQQOMvZvNb9EO+tYEYsUZRSb2Mw7z8jDGanyH/woCE=;
        b=Au8Iw4FqNjw+fwOqhRb0ssQXNPLZUEkn60B/6fPJU5nsKfYuf4s6BQIyNB7SkALf+m
         TZvbQBzSdsYUqHKzgsRNvWNqrQgfY2JCJ7AlbTQviRqkMI9LMPyJ5pfkk7LbGfHeekQR
         zG6KIWOpChy59HqoB4usaUQSl6GH7KqkzEsaJWplN7FZ/JRJp5iNetoa8Bh0UItdRFIy
         c/d95LICPN4dPPVe4joE5pB0I901mafh46m8LPG4MyamdTMkVyacJkOAEfsx/NyrPWZM
         2n63yYLfGw2OiXMBrzgiXN5mF1NmDLdJDvoQoZPWIzib4W58GiD3emxGUogx9Mp7q/GO
         8sDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=aWQQOMvZvNb9EO+tYEYsUZRSb2Mw7z8jDGanyH/woCE=;
        b=Rf7WHdUIxWE6hqygaDvd5DhcYnrUw9QKj1B7j791qIkSz8YLdIVianb+XI0ICsq9uE
         /DrNgBZ5rKvIzkv2XvIR44V/tsRDzIKbO9emkwaOsrVHX0s78LxKJIsyiM4gvIHHWQhW
         bHWXqPfCgGO/kBBNSkOWI5SOVm604k6q4b1OgxXd6KL6xYzsvmgWlxg08afIsyi7seVw
         p/QMIdZnDCoy/vUAdtL0bEulJbzRZSEFFqOcYxwp2tllYOEl5BwUJppHoTPj/Dkco0Ya
         v+bdXOBkU7q301cVFOz8TeUSWi3SAOJ/RCeXh1Zi+VQVPDxniG5ffHq+fnf6EpZthYa5
         rl0w==
X-Gm-Message-State: AOAM532uv4mU7ZUdUMiDnhkKJLnhV9pQmaB43U856aInldxZ+G7wteA/
	pdvr+cZxlRsbYSa8JQwtt64V4q8vnlpKlTYhJK0LsthJ
X-Google-Smtp-Source: ABdhPJxgk3ar1OXznBBYLc3uyNc91jwDTzWJ7S0ySTy9Fsrszmm6FA3Rx/oj4zn795o1bbJTuhjkB00KCc/Mdq8co3M=
X-Received: by 2002:a05:6638:d13:b0:32b:cf94:275b with SMTP id
 q19-20020a0566380d1300b0032bcf94275bmr8771607jaj.22.1653171363343; Sat, 21
 May 2022 15:16:03 -0700 (PDT)
MIME-Version: 1.0
References: <20220517180945.756303-1-catalin.marinas@arm.com> <20220517180945.756303-3-catalin.marinas@arm.com>
In-Reply-To: <20220517180945.756303-3-catalin.marinas@arm.com>
From: Andrey Konovalov <andreyknvl@gmail.com>
Date: Sun, 22 May 2022 00:15:52 +0200
Message-ID: <CA+fCnZf+1qM9sPNp1EMRW19P++J3o8cQ1wce2sbHuEoi-hczpw@mail.gmail.com>
Subject: Re: [PATCH 2/3] mm: kasan: Reset the tag on pages intended for user
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>, Will Deacon <will@kernel.org>, 
	Vincenzo Frascino <vincenzo.frascino@arm.com>, Peter Collingbourne <pcc@google.com>, 
	kasan-dev <kasan-dev@googlegroups.com>, 
	Linux Memory Management List <linux-mm@kvack.org>, Linux ARM <linux-arm-kernel@lists.infradead.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: 41AC98002F
X-Stat-Signature: na8beu3jm484whmtnt83mu777tqq8b1u
X-Rspam-User: 
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=Au8Iw4Fq;
	spf=pass (imf02.hostedemail.com: domain of andreyknvl@gmail.com designates 209.85.166.47 as permitted sender) smtp.mailfrom=andreyknvl@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-HE-Tag: 1653171362-287050
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, May 17, 2022 at 8:09 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On allocation kasan colours a page with a random tag and stores such tag
> in page->flags so that a subsequent page_to_virt() reconstructs the
> correct tagged pointer. However, when such page is mapped in user-space
> with PROT_MTE, the kernel's initial tag is overridden. Ensure that such
> pages have the tag reset (match-all) at allocation time since any late
> clearing of the tag is racy with other page_to_virt() dereferencing.
>
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
> Cc: Andrey Konovalov <andreyknvl@gmail.com>
> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
> ---
>  include/linux/gfp.h | 10 +++++++---
>  mm/page_alloc.c     |  9 ++++++---
>  2 files changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/include/linux/gfp.h b/include/linux/gfp.h
> index 3e3d36fc2109..88b1d4fe4dcb 100644
> --- a/include/linux/gfp.h
> +++ b/include/linux/gfp.h
> @@ -58,13 +58,15 @@ struct vm_area_struct;
>  #define ___GFP_SKIP_ZERO               0x1000000u
>  #define ___GFP_SKIP_KASAN_UNPOISON     0x2000000u
>  #define ___GFP_SKIP_KASAN_POISON       0x4000000u
> +#define ___GFP_PAGE_KASAN_TAG_RESET    0x8000000u

Let's name it ___GFP_RESET_KASAN_PAGE_TAG to be consistent with the rest.

Also, please add a comment above that explains the new flag's purpose.

>  #else
>  #define ___GFP_SKIP_ZERO               0
>  #define ___GFP_SKIP_KASAN_UNPOISON     0
>  #define ___GFP_SKIP_KASAN_POISON       0
> +#define ___GFP_PAGE_KASAN_TAG_RESET    0
>  #endif
>  #ifdef CONFIG_LOCKDEP
> -#define ___GFP_NOLOCKDEP       0x8000000u
> +#define ___GFP_NOLOCKDEP       0x10000000u
>  #else
>  #define ___GFP_NOLOCKDEP       0
>  #endif
> @@ -259,12 +261,13 @@ struct vm_area_struct;
>  #define __GFP_SKIP_ZERO ((__force gfp_t)___GFP_SKIP_ZERO)
>  #define __GFP_SKIP_KASAN_UNPOISON ((__force gfp_t)___GFP_SKIP_KASAN_UNPOISON)
>  #define __GFP_SKIP_KASAN_POISON   ((__force gfp_t)___GFP_SKIP_KASAN_POISON)
> +#define __GFP_PAGE_KASAN_TAG_RESET ((__force gfp_t)___GFP_PAGE_KASAN_TAG_RESET)
>
>  /* Disable lockdep for GFP context tracking */
>  #define __GFP_NOLOCKDEP ((__force gfp_t)___GFP_NOLOCKDEP)
>
>  /* Room for N __GFP_FOO bits */
> -#define __GFP_BITS_SHIFT (27 + IS_ENABLED(CONFIG_LOCKDEP))
> +#define __GFP_BITS_SHIFT (28 + IS_ENABLED(CONFIG_LOCKDEP))
>  #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1))
>
>  /**
> @@ -343,7 +346,8 @@ struct vm_area_struct;
>  #define GFP_NOWAIT     (__GFP_KSWAPD_RECLAIM)
>  #define GFP_NOIO       (__GFP_RECLAIM)
>  #define GFP_NOFS       (__GFP_RECLAIM | __GFP_IO)
> -#define GFP_USER       (__GFP_RECLAIM | __GFP_IO | __GFP_FS | __GFP_HARDWALL)
> +#define GFP_USER       (__GFP_RECLAIM | __GFP_IO | __GFP_FS | __GFP_HARDWALL | \
> +                        __GFP_PAGE_KASAN_TAG_RESET)

I guess we can also add both ___GFP_SKIP_KASAN_UNPOISON and
___GFP_SKIP_KASAN_POISON here then? Since we don't care about tags.

Or maybe we can add all three flags to GFP_HIGHUSER_MOVABLE instead?

>  #define GFP_DMA                __GFP_DMA
>  #define GFP_DMA32      __GFP_DMA32
>  #define GFP_HIGHUSER   (GFP_USER | __GFP_HIGHMEM)

In case we add __GFP_SKIP_KASAN_POISON to GFP_USER, we should drop it
from GFP_HIGHUSER_MOVABLE.

> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index 0e42038382c1..f9018a84f4e3 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -2382,6 +2382,7 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
>         bool init = !want_init_on_free() && want_init_on_alloc(gfp_flags) &&
>                         !should_skip_init(gfp_flags);
>         bool init_tags = init && (gfp_flags & __GFP_ZEROTAGS);
> +       int i;
>
>         set_page_private(page, 0);
>         set_page_refcounted(page);
> @@ -2407,8 +2408,6 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
>          * should be initialized as well).
>          */
>         if (init_tags) {
> -               int i;
> -
>                 /* Initialize both memory and tags. */
>                 for (i = 0; i != 1 << order; ++i)
>                         tag_clear_highpage(page + i);
> @@ -2430,7 +2429,11 @@ inline void post_alloc_hook(struct page *page, unsigned int order,
>         /* Propagate __GFP_SKIP_KASAN_POISON to page flags. */
>         if (kasan_hw_tags_enabled() && (gfp_flags & __GFP_SKIP_KASAN_POISON))
>                 SetPageSkipKASanPoison(page);
> -
> +       /* if match-all page address required, reset the tag */

Please match the style of other comments: capitalize the first letter
and add a dot at the end.

I would also simply say: "Reset page tags if required."

> +       if (gfp_flags & __GFP_PAGE_KASAN_TAG_RESET) {
> +               for (i = 0; i != 1 << order; ++i)
> +                       page_kasan_tag_reset(page + i);
> +       };

I would add an empty line here.



>         set_page_owner(page, order, gfp_flags);
>         page_table_check_alloc(page, order);
>  }