From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B11AEC636CD for ; Fri, 10 Feb 2023 06:19:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 446F86B0108; Fri, 10 Feb 2023 01:19:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3F62F6B0109; Fri, 10 Feb 2023 01:19:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 296FC6B010A; Fri, 10 Feb 2023 01:19:31 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 153F96B0108 for ; Fri, 10 Feb 2023 01:19:31 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DDF5DC1385 for ; Fri, 10 Feb 2023 06:19:30 +0000 (UTC) X-FDA: 80450380500.23.DF4EA3F Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) by imf10.hostedemail.com (Postfix) with ESMTP id 0CCA1C0004 for ; Fri, 10 Feb 2023 06:19:28 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=LDs6u0nY; spf=pass (imf10.hostedemail.com: domain of pcc@google.com designates 209.85.216.54 as permitted sender) smtp.mailfrom=pcc@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676009969; a=rsa-sha256; cv=none; b=brdabDz/Jbvs9R6ZN1R6Ugj4+/qLymK72oBmygRxC6zFEcBXpWWTnjsUdPIBUCl6o8/CU0 yCl+qNWwxZJ8zVOtWYueDy8VCEPSYwJt5HRv2SU456o0zYanA+McGgXJ9vgrcmh/zyMXR5 hYagOoF0XzFdV2DoQwioDeAS6ADxBjA= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=LDs6u0nY; spf=pass (imf10.hostedemail.com: domain of pcc@google.com designates 209.85.216.54 as permitted sender) smtp.mailfrom=pcc@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676009969; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/Dla9NFpkg9I5+DoaafZ7yizNZzus0cnFIKPt3aRDXE=; b=x56ArVdJKsRx8swtX/8TTFMu5WMxieEMSbPrvttwlWMD/ZbDKuSOv5gyPGKt3rxnCzHQby 3SlLfDB/6rvrBz5SwKKNEIO/SIEiIXGDxm1DBxhCMoPxvOdHwL39DHwjpHZlujz03Q9z8o ydbgeo1Q5JtD9ztnpH73qOx2MqQ+x3U= Received: by mail-pj1-f54.google.com with SMTP id d13-20020a17090ad3cd00b0023127b2d602so4594718pjw.2 for ; Thu, 09 Feb 2023 22:19:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=/Dla9NFpkg9I5+DoaafZ7yizNZzus0cnFIKPt3aRDXE=; b=LDs6u0nYrlwpH6k4XlIayHpnFFzfk98avFz7st/AKJ/uGGBc4vFmh4B0+ktSi4AUni l+BKPKmTnBSZYuqWF+3d7/f7+EeW9j04aJv0EVlQ2KflxconOu1OzYFAx3j2A1eY7g3V CEGh9Z7QOugDEIMorCWNKw9kuPJ01Wq86FZoxtARQAzXF/kybbEw01ZPsoUHAbEAjrpM OepjojiFmxdznqxS85MXcf78UE9ajRh4qu4TcmXF0ccmobZ9JGzH50Z1OCSBuTIcNHG/ YkRah9BnIlkaApP/E7wu3ENEd+r5L/4oKd4ZUAFnp+SRh5VvXHlUNidI7JUAOmQXJgDS Clfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/Dla9NFpkg9I5+DoaafZ7yizNZzus0cnFIKPt3aRDXE=; b=iv91tf+bq5B1eva7qhCoK53q8oYIFM67X3WYuedfVMaRtcFwZ0p9g9kuzLVAho8QqP HM+V1sQPdbXXfHtQGENsyMQ7M+mbh81VlmBRCT3WcEf/iRGr1O2suxCFY389Ahke+wfZ t0Uc8bf59qcf2PJGmxOTe5y5Buhp9kQ18Zlj6i/xPt/kFxk+Y32W9Vj73bL9+aWlDqq4 0Url+Z0XuZ8A6OFHPzirHp7vmQGOqe1paAFGLWl9bHHxpBgIWPhjKDYm3PYmj/zdIlUP DUK7sL2hS6NdyeubjrUhyH4tb0O0lN185K6200u1+DJ1r+RVYsP+4sQ8mkok7XBuGgj2 ZAEA== X-Gm-Message-State: AO0yUKUo320jNfzoXvHtLxgnTNzIRCVrvbPFz4/cRDglbNEhcjWlYomU Y6tXPmreOdt0+l9Pf315APmD/Q== X-Google-Smtp-Source: AK7set96WxNwAUpyIZShmub+WaGyXB2qFdNeTD6MB5B4WvNyD148mb9Gy7Il29HI6jEjejmaBPJGhg== X-Received: by 2002:a17:903:48a:b0:198:af4f:de0f with SMTP id jj10-20020a170903048a00b00198af4fde0fmr94142plb.15.1676009967534; Thu, 09 Feb 2023 22:19:27 -0800 (PST) Received: from google.com ([2620:15c:2d3:205:de7e:1ef:cb76:d198]) by smtp.gmail.com with ESMTPSA id z5-20020a633305000000b00499bc49fb9csm2241572pgz.41.2023.02.09.22.19.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Feb 2023 22:19:26 -0800 (PST) Date: Thu, 9 Feb 2023 22:19:20 -0800 From: Peter Collingbourne To: Qun-wei Lin =?utf-8?B?KOael+e+pOW0tCk=?= Cc: "andreyknvl@gmail.com" , Kuan-Ying Lee =?utf-8?B?KOadjuWGoOepjik=?= , Guangye Yang =?utf-8?B?KOadqOWFieS4mik=?= , "linux-mm@kvack.org" , Chinwen Chang =?utf-8?B?KOW8temMpuaWhyk=?= , "kasan-dev@googlegroups.com" , "catalin.marinas@arm.com" , "ryabinin.a.a@gmail.com" , "linux-arm-kernel@lists.infradead.org" , "vincenzo.frascino@arm.com" , "will@kernel.org" Subject: Re: [PATCH v2 0/4] kasan: Fix ordering between MTE tag colouring and page->flags Message-ID: References: <20220610152141.2148929-1-catalin.marinas@arm.com> <66cc7277b0e9778ba33e8b22a4a51c19a50fe6f0.camel@mediatek.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspam-User: X-Rspamd-Queue-Id: 0CCA1C0004 X-Rspamd-Server: rspam01 X-Stat-Signature: mku1pgy8bo3p3qphknwbzgxbuhxi3eqi X-HE-Tag: 1676009968-840278 X-HE-Meta: U2FsdGVkX18GYBoqniqGxZhBi5H0Kse36jFpQhw0f0bLWREpHedKO3BTgCOJqBYdmZj08D0tVm18pr/WL0rA15O+c/IotCgFjzRnNt0TYgP32xUFdO3kdYb5pQzj42DMMZELkfao3huIfWcgyIEN8+QRkH2EfYAYIXNwAYKQuk06Vabry6muL1EjmAmEIZfk/yJBQfLJzN1H03Nxb/qZaWr9yNFbecoYkpqc/huWV3OfFvRtZKlY8AFNLNQFwbRh1jyq9aTC3LaHFMYsvNAyoObAZ/x0OsVDqhur+rDRbJBmaLpmGMvnZ8UklS1sw+D6mvU/Cs3Ei8YJ4ISLb+t58FkOEodjYV6pUhWQSo8GEsGcjGTn/l86ta4LsQ3lQDfFc4K6t9L/kxLYoixtZkWX6HV/oF7dIJ8i+CVeQCUy1SbO1/Bhay7I8SIpSJOwzjIZrtldC9kmLLexO5kjYS+CX0kDNL9cX67WSBlStTeG2bhPRtFi/Df4MegiEyMI9W62JjMsBvkLSfm8nDVBx3J6rSDbMRxCE4gWv92n8yjVXpJ/mt3z9hPXwQ6KCtmJCjCnczXVYBY79GjE+FtqCxdOqHbqHWtkfqnZoggG0C1GmIQE+mVmGnPrXlK2Ui0xhl7EKkraj8/A9KFBiO1urWQR9MajyTNOHmvnxa//kJAqWvYPRQbXzJlOG5CAHpFYPu3RkNzzDI2heKLagye67ASukQsdPhJBKHGqZPS9ncP+H6NpPF32Ul11z86OR+hJPOo2UxZW15R3jdSgq6nofXoWrz5SpK5VTzu1c7T7HJU3UvGxv68s0eAC0TmnCghTlbUzRiwVsxRUnBx+1vZAKpAn4X6lYNhgoea4Lx2tppgSi4qx9OoH1mwGnBGRsL5m62y8HFZWBoyjHRSMoimfyq674tSlViVpXz2uyvVryshYP2Ie2P+rgEs0Tw4/jLeGqwCS9LEE99rYmIWg7pkS1KT +S+cgeOG uG6V721vf5K6zq+tTTYf0c66bcaSvoek0JRUWMsYxGXXYpqXVxxW1F0ftQAmDtC7JKz2b2Ti8OPu8Y7KUMu1XpOyLhzShLO8EdEqyXBtQeB7xhKXDdVOQ5ISdS+09sJraLNV2jpRP26NE29DSPK0yQeE55MvrXOB9BjVSW5Kd1yCb25gebDt+DRfWZwi4oVf2WKaafe8F0MIENLeoIOv3LzjhzbU2RXghfbKm/Yf7Y2kYTAK13LD4Nv+g6v7hvqwrkwI+S7b2h84aM3xKFqW880oFXy3LRP8epRUF0WPoJu01e3kjUF84zGk3egZWai2qVFKpBnEAp4Htg1NuO7kEw7U05zKMBDS4wDa7+Iw12xCidV9sEYy4KtXop+jHYfOtg8WlNxCH4AlaED8uLXA1qMpsZdTY48pKvTgJtC3B2tVbkFOvOa8AhHY6FCu1QPV+hYwg5x01jODPpL5YcsEya/cL8gjGsROU1o7q09Z9FTvuPcSadY5UY/16sGoFffaVf/eA9OKUcP7f+Ht4M7sWPxeYvH/6JiWGVkShFWv0n6ty2crGm59qjx+iI24GbnSjBl8td8zwSzF6/88R/bSTR43pY/WX9ncAbmwcltQu64JP41TzPzr7FPu2i1G2Mx/VpKq80LjTk/TyHQQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Feb 08, 2023 at 05:41:45AM +0000, Qun-wei Lin (林群崴) wrote: > On Fri, 2023-02-03 at 18:51 +0100, Andrey Konovalov wrote: > > On Fri, Feb 3, 2023 at 4:41 AM Kuan-Ying Lee (李冠穎) > > wrote: > > > > > > > Hi Kuan-Ying, > > > > > > > > There recently was a similar crash due to incorrectly implemented > > > > sampling. > > > > > > > > Do you have the following patch in your tree? > > > > > > > > > > > > > > > https://urldefense.com/v3/__https://android.googlesource.com/kernel/common/*/9f7f5a25f335e6e1484695da9180281a728db7e2__;Kw!!CTRNKA9wMg0ARbw!hUjRlXirPMSusdIWe0RIPt0PNqIHYDCJyd7GSd4o-TgLMP0CKRUkjElH-jcvtaz42-sgE2U58964rCCbuNTJE5Jx$ > > > > > > > > > > > > If not, please sync your 6.1 tree with the Android common kernel. > > > > Hopefully this will fix the issue. > > > > > > > > Thanks! > > > > > > Hi Andrey, > > > > > > Thanks for your advice. > > > > > > I saw this patch is to fix ("kasan: allow sampling page_alloc > > > allocations for HW_TAGS"). > > > > > > But our 6.1 tree doesn't have following two commits now. > > > ("FROMGIT: kasan: allow sampling page_alloc allocations for > > > HW_TAGS") > > > (FROMLIST: kasan: reset page tags properly with sampling) > > > > Hi Kuan-Ying, > > > > Hi Andrey, > I'll stand in for Kuan-Ying as he's out of office. > Thanks for your help! > > > Just to clarify: these two patches were applied twice: once here on > > Jan 13: > > > > > https://urldefense.com/v3/__https://android.googlesource.com/kernel/common/*/a2a9e34d164e90fc08d35fd097a164b9101d72ef__;Kw!!CTRNKA9wMg0ARbw!kE1XiSmunRcQb9rTpKGkFc1EFJA57qr1cj7v9EZAjUBzXcSzMl-ofCI2mdtEQsxn3J4n7Lkgxb0_G745_3oO-3k$  > > > > > https://urldefense.com/v3/__https://android.googlesource.com/kernel/common/*/435e2a6a6c8ba8d0eb55f9aaade53e7a3957322b__;Kw!!CTRNKA9wMg0ARbw!kE1XiSmunRcQb9rTpKGkFc1EFJA57qr1cj7v9EZAjUBzXcSzMl-ofCI2mdtEQsxn3J4n7Lkgxb0_G745sDEOYWY$  > > > > > > Our codebase does not contain these two patches. > > > but then reverted here on Jan 20: > > > > > https://urldefense.com/v3/__https://android.googlesource.com/kernel/common/*/5503dbe454478fe54b9cac3fc52d4477f52efdc9__;Kw!!CTRNKA9wMg0ARbw!kE1XiSmunRcQb9rTpKGkFc1EFJA57qr1cj7v9EZAjUBzXcSzMl-ofCI2mdtEQsxn3J4n7Lkgxb0_G745Bl77dFY$  > > > > > https://urldefense.com/v3/__https://android.googlesource.com/kernel/common/*/4573a3cf7e18735a477845426238d46d96426bb6__;Kw!!CTRNKA9wMg0ARbw!kE1XiSmunRcQb9rTpKGkFc1EFJA57qr1cj7v9EZAjUBzXcSzMl-ofCI2mdtEQsxn3J4n7Lkgxb0_G745K-J8O-w$  > > > > > > And then once again via the link I sent before together with a fix on > > Jan 25. > > > > It might be that you still have to former two patches in your tree if > > you synced it before the revert. > > > > However, if this is not the case: > > > > Which 6.1 commit is your tree based on? > > > https://android.googlesource.com/kernel/common/+/53b3a7721b7aec74d8fa2ee55c2480044cc7c1b8 > (53b3a77 Merge 6.1.1 into android14-6.1) is the latest commit in our > tree. > > > Do you have any private MTE-related changes in the kernel? > > No, all the MTE-related code is the same as Android Common Kernel. > > > Do you have userspace MTE enabled? > > Yes, we have enabled MTE for both EL1 and EL0. Hi Qun-wei, Thanks for the information. We encountered a similar issue internally with the Android 5.15 common kernel. We tracked it down to an issue with page migration, where the source page was a userspace page with MTE tags, and the target page was allocated using KASAN (i.e. having a non-zero KASAN tag). This caused tag check faults when the page was subsequently accessed by the kernel as a result of the mismatching tags from userspace. Given the number of different ways that page migration target pages can be allocated, the simplest fix that we could think of was to synchronize the KASAN tag in copy_highpage(). Can you try the patch below and let us know whether it fixes the issue? diff --git a/arch/arm64/mm/copypage.c b/arch/arm64/mm/copypage.c index 24913271e898c..87ed38e9747bd 100644 --- a/arch/arm64/mm/copypage.c +++ b/arch/arm64/mm/copypage.c @@ -23,6 +23,8 @@ void copy_highpage(struct page *to, struct page *from) if (system_supports_mte() && test_bit(PG_mte_tagged, &from->flags)) { set_bit(PG_mte_tagged, &to->flags); + if (kasan_hw_tags_enabled()) + page_kasan_tag_set(to, page_kasan_tag(from)); mte_copy_page_tags(kto, kfrom); } } Catalin, please let us know what you think of the patch above. It effectively partially undoes commit 20794545c146 ("arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags""), but this seems okay to me because the mentioned race condition shouldn't affect "new" pages such as those being used as migration targets. The smp_wmb() that was there before doesn't seem necessary for the same reason. If the patch is okay, we should apply it to the 6.1 stable kernel. The problem appears to be "fixed" in the mainline kernel because of a bad merge conflict resolution on my part; when I rebased commit e059853d14ca ("arm64: mte: Fix/clarify the PG_mte_tagged semantics") past commit 20794545c146, it looks like I accidentally brought back the page_kasan_tag_reset() line removed in the latter. But we should align the mainline kernel with whatever we decide to do on 6.1. Peter