From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E102C77B7E for ; Fri, 28 Apr 2023 16:57:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0A84A6B0071; Fri, 28 Apr 2023 12:57:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 059356B0072; Fri, 28 Apr 2023 12:57:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E63346B0074; Fri, 28 Apr 2023 12:57:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D99016B0071 for ; Fri, 28 Apr 2023 12:57:23 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B07D080200 for ; Fri, 28 Apr 2023 16:57:23 +0000 (UTC) X-FDA: 80731405566.07.731D9BE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 1372A1C001A for ; Fri, 28 Apr 2023 16:57:21 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf21.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682701042; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XcMJhcdwz9SdTlY3hewkIQP7+9SwMXkq+QLdtFEr/GE=; b=7jw0IxZghc30llLqnw487UwNYLXith1K7eiHNkUmWbSKVJFg/QIgRj72rdO0S/zrYuMtlC evQOXpMgYxHIchLWAR+ObeNEWYV9o69KkN0BjiD479wFS9raQMrAFwWm4mUBK6hZxAhuwz rYR2JI19p0sFZT6GepzE7zpvMFPLMxU= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf21.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682701042; a=rsa-sha256; cv=none; b=iyJb85eEao37EYCeI/wCvAW4oAKqyoQL+4bt1EldfNcI2rHJwO4IMJEDbzhh5+xlRVlTih NpCLj7ASDQjGsprleZXE1tanusbow/oNH4vukTch+h5j6Tm06A3NeDmHFnYZ+RGJ5C1ig9 TPMl86dcVhGzJOgOo2cIPKEdGToMaPc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 22B4A6449D; Fri, 28 Apr 2023 16:57:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F523C433EF; Fri, 28 Apr 2023 16:57:18 +0000 (UTC) Date: Fri, 28 Apr 2023 17:57:15 +0100 From: Catalin Marinas To: Peter Collingbourne Cc: andreyknvl@gmail.com, Qun-wei Lin =?utf-8?B?KOael+e+pOW0tCk=?= , Guangye Yang =?utf-8?B?KOadqOWFieS4mik=?= , linux-mm@kvack.org, Chinwen Chang =?utf-8?B?KOW8temMpuaWhyk=?= , kasan-dev@googlegroups.com, ryabinin.a.a@gmail.com, linux-arm-kernel@lists.infradead.org, vincenzo.frascino@arm.com, will@kernel.org, eugenis@google.com, stable@vger.kernel.org Subject: Re: [PATCH] arm64: Also reset KASAN tag if page is not PG_mte_tagged Message-ID: References: <20230420210945.2313627-1-pcc@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230420210945.2313627-1-pcc@google.com> X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 1372A1C001A X-Stat-Signature: 9e49b4zwki9h7ehgnt8oboun3qu3xx65 X-HE-Tag: 1682701041-605983 X-HE-Meta: U2FsdGVkX18Rug/YFDe4sOsPNKHvrub/X6dffbP8Cf5IuStu2fc/4AXPXIk6CcP7t0g7LLXnNXA49r+TvQ13VzcJHALJBysTpiebjVyj+1CS2/DN9uPklLyvlDliqQyCPgTwG51qATPfj7LfwjsuCz00Fx+SjU2gwu3K4oBdFwH7kBWI1JW4G4mzUPimjfXoEkoKeLJ3xYYcQ98SIUQYz/cDB59sDiLS8jJYS6kaJqLK2D9M5C0QTmmLpu72KwNwczuLXYCgkY63suDRo7blBdxorTdfbriaV/pAnPGzAu6KXpbpGtnERWAOOb3/qz/4iBqjM423iwftqG+laHVfIc++USBgeUZfUVj9A79mdYmlk7nCCZ0QpKH+N4lO5wyr2AoxLgdJQg3XErUG3n6GkUcfYbQ98H8kOYZ3PlANLDXCKldNes5bJZHgfGhwdY1n1eozHqBD6+rwxDjI2hEmdf3vbPbgsmE2iSBHJaLNJx82HIypr7r4GDorYaVlUupYMEql5faPhBBtczaOYZjcYWYEP4gNDtgy5nYvtFW0dbQKieQZUags/cyrhv1A5ymJWqzBE5qM6dcUD42VdPLV36zr1BNCNA8UszDnhA10WslG7qU77R2mGjyW27bHphc7wJEyE7Oqw2pR9Ab98jwcKMYBs0ebX/bXTHPcU5LMp2UKGzEWIIzFcoaJFzWMonqiEZix1odSDev5MQtd43iIcPCYdRjfJ5jnaBBFv26lJ4av5SxlQCGmmMcIfhZ+YVJ+1NBVXPJvV2O/6tdqVZETqNRab/cjQeWf6DjgFj1lEes13TPb/aQzIWZSKMpg/nuCQonaaYLAPFdeNnGsSrYVSmXc2SZUI+FO6RpFucPB2v98+KOh/CmFgAdoQs21iH++5/PuetU+4ESnlxXex7e2jvs3lNjHFTJi5uvEXAxvJgE1qOdTXTeniyxbjx82lwYU9nRavRruvMp1UVxfT0c z70TR5Kh r/EQptjM89eF65Y5rhKkmcklBZlwLyvRxh5/tXLhC8nxGgm39j3jG7Su6j+6xUF6JFjk+sLhYp8Q21WqGcRfDfBkhU2s+zJLSQ1Luldtp1qfdW0GZgyi4k6zQIvIka4Rlgk3bsb4eHlZqnHeNvfmXZ9GN6/ZBbl6HwiOyRdYrVmfJKSRSR1hQdK1aJdRgjScgOFA++tup0MOM92Y040UYbK+5MtAHe4Fp3EmKGTZQQMnPsZn6iVki5jd/l07v2h8jJIr35et3Z2WC3Noy7nMKRoSe1dB3f9deCOM1ibG+jGEjF0sdSyZI5SdTMVJkF/t83M5x+eGVCdmdCjjE/tvoHkird8vMDXCowS0cwJTKGCEcTztdm7P01IQpXpDNRZGO7lI7hxzQgxKkWEnrP4NezeFROM7+n1UoLD3P6Ggg+YZ2MKCKdkPMGxU1EjsD6JArINiDQAR7j0lkgHtKOHHqBMdkiZheO4bfG0nhukbTkyM504IVSrB2fbMKQbZGPtuQ1qwDSqGiwOPUre0zYDk3kXmmATDwYYYoOFEybGVV6N2cnqAKWmj+WVR2rXLNet6NEPNkSOMRNNxZnoDLfU5oXiYHUeN6SxgzjUZFhlo4Aps8OkFfn0RDEXvBPWIaJDw+RXJNzonS/5kn2h0yVQCYqJyJ0g3JOL8v/zUXOyxuJD/eWz7iijmItZiesCX3lchdBcKxEFCQSaZ/hc0q9dzsw+LVRA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Apr 20, 2023 at 02:09:45PM -0700, Peter Collingbourne wrote: > Consider the following sequence of events: > > 1) A page in a PROT_READ|PROT_WRITE VMA is faulted. > 2) Page migration allocates a page with the KASAN allocator, > causing it to receive a non-match-all tag, and uses it > to replace the page faulted in 1. > 3) The program uses mprotect() to enable PROT_MTE on the page faulted in 1. > > As a result of step 3, we are left with a non-match-all tag for a page > with tags accessible to userspace, which can lead to the same kind of > tag check faults that commit e74a68468062 ("arm64: Reset KASAN tag in > copy_highpage with HW tags only") intended to fix. > > The general invariant that we have for pages in a VMA with VM_MTE_ALLOWED > is that they cannot have a non-match-all tag. As a result of step 2, the > invariant is broken. This means that the fix in the referenced commit > was incomplete and we also need to reset the tag for pages without > PG_mte_tagged. > > Fixes: e5b8d9218951 ("arm64: mte: reset the page tag in page->flags") > Cc: # 5.15 > Link: https://linux-review.googlesource.com/id/I7409cdd41acbcb215c2a7417c1e50d37b875beff > Signed-off-by: Peter Collingbourne Sorry, forgot to reply: Reviewed-by: Catalin Marinas