From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89B1AC433DF for ; Thu, 27 Aug 2020 12:31:38 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 288EF2177B for ; Thu, 27 Aug 2020 12:31:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="I1epf77j" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 288EF2177B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AF53C900004; Thu, 27 Aug 2020 08:31:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AA4F38E0006; Thu, 27 Aug 2020 08:31:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9936D900004; Thu, 27 Aug 2020 08:31:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0254.hostedemail.com [216.40.44.254]) by kanga.kvack.org (Postfix) with ESMTP id 7F8618E0006 for ; Thu, 27 Aug 2020 08:31:37 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id C53131DF4 for ; Thu, 27 Aug 2020 12:31:36 +0000 (UTC) X-FDA: 77196284592.19.hope76_1f1543a2706d Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin19.hostedemail.com (Postfix) with ESMTP id 3F0721AD1B7 for ; Thu, 27 Aug 2020 12:31:36 +0000 (UTC) X-HE-Tag: hope76_1f1543a2706d X-Filterd-Recvd-Size: 8391 Received: from mail-pj1-f66.google.com (mail-pj1-f66.google.com [209.85.216.66]) by imf18.hostedemail.com (Postfix) with ESMTP for ; Thu, 27 Aug 2020 12:31:35 +0000 (UTC) Received: by mail-pj1-f66.google.com with SMTP id ls14so2509651pjb.3 for ; Thu, 27 Aug 2020 05:31:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yQ34VdsT1gZZpD4I8FVa5CTJn00Te78jNd2pA6lLPkY=; b=I1epf77jfolvXZ3lxPPerNV6b8ZR+vAs1jMXJRljeHO4smH2mv2d/HofqXH/7th22j RAuCv5zawN4S0NQp1oMcbV7rprwSgI9inHZv6mH5ztgY0JijkSvpAwvgvIgUuNEz/J7m +h5oynsBLzazcuzTgTdIrP0CLSswcNzISkJ2Dhg+naUoEP7PfnG3dEnEqXF3lwxRjH/k 1HkGx3MrXz0pMyMcOldMH88mE1GlygmVmHBRAC5UtpsHzusbufe4vrn2WbIPqpjnehrD GN4t7ktbeaWZUrIDi3yQuWHZXqVtYYvF6aUj+le8gk/4mQwukcfGQBu0f87Vf1dKd1rh Iiog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yQ34VdsT1gZZpD4I8FVa5CTJn00Te78jNd2pA6lLPkY=; b=de6E1s9+xz3DyW8TdorvIre4U962wiODpaCL0mCPIyZxe1gnds4BDs5AJ/to7T3SJ0 za98UPWZGG0oPJptLp7ons0pG7BodF5Ycdf2C18ie3S4ywrXA9sDFVuXio2BDr8w7IxF qQpb3MmUTfJjDWRsQd2gOHtZ8e86Qj5X3xFQGnAAriPPO0mAffqxiFZ6xi5OS7IyAA8J QHRFw1ePnCQoXWB4tPLtnGFm7WF2Mm2tdFkeVirfkJO4sIIFbBjemArY4xuyS5dfejUe MAbmjzqk1ouzRVwxXWsan0jYM63XEGMfv5VCDwEnLIt8CGMEOuSqbfOw7TxdVayFgFBh n3lQ== X-Gm-Message-State: AOAM530SoNYVMKeu9JG/4bwfmcDt+gDwoe2C7eqIasjbXf+6rS2HtgcE oNavwY0eWwvdw2VTMRkVMyMRwsZYew/mNsCgeGNQKg== X-Google-Smtp-Source: ABdhPJwxzIdT6r9g81onp4MRqvYw7f8GGSwFXswQ6f0+r9QV6hN6QDWWv4HYAZfzDIlvMnb+t7jPZJne+TEwcPQdEZ8= X-Received: by 2002:a17:90a:a791:: with SMTP id f17mr10252307pjq.136.1598531494572; Thu, 27 Aug 2020 05:31:34 -0700 (PDT) MIME-Version: 1.0 References: <20200827095429.GC29264@gaia> In-Reply-To: <20200827095429.GC29264@gaia> From: Andrey Konovalov Date: Thu, 27 Aug 2020 14:31:23 +0200 Message-ID: Subject: Re: [PATCH 21/35] arm64: mte: Add in-kernel tag fault handler To: Catalin Marinas , Vincenzo Frascino Cc: Dmitry Vyukov , kasan-dev , Andrey Ryabinin , Alexander Potapenko , Marco Elver , Evgenii Stepanov , Elena Petrova , Branislav Rankov , Kevin Brodsky , Will Deacon , Andrew Morton , Linux ARM , Linux Memory Management List , LKML Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 3F0721AD1B7 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam02 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Aug 27, 2020 at 11:54 AM Catalin Marinas wrote: > > On Fri, Aug 14, 2020 at 07:27:03PM +0200, Andrey Konovalov wrote: > > diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c > > index 5e832b3387f1..c62c8ba85c0e 100644 > > --- a/arch/arm64/mm/fault.c > > +++ b/arch/arm64/mm/fault.c > > @@ -33,6 +33,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -222,6 +223,20 @@ int ptep_set_access_flags(struct vm_area_struct *vma, > > return 1; > > } > > > > +static bool is_el1_mte_sync_tag_check_fault(unsigned int esr) > > +{ > > + unsigned int ec = ESR_ELx_EC(esr); > > + unsigned int fsc = esr & ESR_ELx_FSC; > > + > > + if (ec != ESR_ELx_EC_DABT_CUR) > > + return false; > > + > > + if (fsc == ESR_ELx_FSC_MTE) > > + return true; > > + > > + return false; > > +} > > + > > static bool is_el1_instruction_abort(unsigned int esr) > > { > > return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_CUR; > > @@ -294,6 +309,18 @@ static void die_kernel_fault(const char *msg, unsigned long addr, > > do_exit(SIGKILL); > > } > > > > +static void report_tag_fault(unsigned long addr, unsigned int esr, > > + struct pt_regs *regs) > > +{ > > + bool is_write = ((esr & ESR_ELx_WNR) >> ESR_ELx_WNR_SHIFT) != 0; > > + > > + pr_alert("Memory Tagging Extension Fault in %pS\n", (void *)regs->pc); > > + pr_alert(" %s at address %lx\n", is_write ? "Write" : "Read", addr); > > + pr_alert(" Pointer tag: [%02x], memory tag: [%02x]\n", > > + mte_get_ptr_tag(addr), > > + mte_get_mem_tag((void *)addr)); > > +} > > + > > static void __do_kernel_fault(unsigned long addr, unsigned int esr, > > struct pt_regs *regs) > > { > > @@ -317,12 +344,16 @@ static void __do_kernel_fault(unsigned long addr, unsigned int esr, > > msg = "execute from non-executable memory"; > > else > > msg = "read from unreadable memory"; > > + } else if (is_el1_mte_sync_tag_check_fault(esr)) { > > + report_tag_fault(addr, esr, regs); > > + msg = "memory tagging extension fault"; > > IIUC, that's dead code. See my comment below on do_tag_check_fault(). > > > } else if (addr < PAGE_SIZE) { > > msg = "NULL pointer dereference"; > > } else { > > msg = "paging request"; > > } > > > > + > > Unnecessary empty line. > > > die_kernel_fault(msg, addr, esr, regs); > > } > > > > @@ -658,10 +689,27 @@ static int do_sea(unsigned long addr, unsigned int esr, struct pt_regs *regs) > > return 0; > > } > > > > +static int do_tag_recovery(unsigned long addr, unsigned int esr, > > + struct pt_regs *regs) > > +{ > > + report_tag_fault(addr, esr, regs); > > + > > + /* Skip over the faulting instruction and continue: */ > > + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); > > Ooooh, do we expect the kernel to still behave correctly after this? I > thought the recovery means disabling tag checking altogether and > restarting the instruction rather than skipping over it. The intention is to be able to catch multiple MTE faults without panicking or disabling MTE when executing KASAN tests (those do multiple bad accesses one after another). We do arm64_skip_faulting_instruction() for software tag-based KASAN too, it's not ideal, but works for testing purposes. Can we disable MTE, reexecute the instruction, and then reenable MTE, or something like that? When running in-kernel MTE in production, we'll either panic or disable MTE after the first fault. This was controlled by the panic_on_mte_fault option Vincenzo initially had. > We only skip if we emulated it. I'm not sure I understand this part, what do you mean by emulating? > > > + > > + return 0; > > +} > > + > > + > > static int do_tag_check_fault(unsigned long addr, unsigned int esr, > > struct pt_regs *regs) > > { > > - do_bad_area(addr, esr, regs); > > + /* The tag check fault (TCF) is per TTBR */ > > + if (is_ttbr0_addr(addr)) > > + do_bad_area(addr, esr, regs); > > + else > > + do_tag_recovery(addr, esr, regs); > > So we never invoke __do_kernel_fault() for a synchronous tag check in > the kernel. What's with all the is_el1_mte_sync_tag_check_fault() check > above? > > -- > Catalin > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20200827095429.GC29264%40gaia.