| Message ID | 20250308023314.3981455-1-pcc@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | string: Disable read_word_at_a_time() optimizations if kernel MTE is enabled | expand |
On Fri, Mar 07, 2025 at 06:33:13PM -0800, Peter Collingbourne wrote: > The optimized strscpy() and dentry_string_cmp() routines will read 8 > unaligned bytes at a time via the function read_word_at_a_time(), but > this is incompatible with MTE which will fault on a partially invalid > read. The attributes on read_word_at_a_time() that disable KASAN are > invisible to the CPU so they have no effect on MTE. Let's fix the > bug for now by disabling the optimizations if the kernel is built > with HW tag-based KASAN and consider improvements for followup changes. Why is faulting on a partially invalid read a problem? It's still invalid, so ... it should fault, yes? What am I missing? > > Signed-off-by: Peter Collingbourne <pcc@google.com> > Link: https://linux-review.googlesource.com/id/If4b22e43b5a4ca49726b4bf98ada827fdf755548 > Fixes: 94ab5b61ee16 ("kasan, arm64: enable CONFIG_KASAN_HW_TAGS") > Cc: stable@vger.kernel.org > --- > fs/dcache.c | 2 +- > lib/string.c | 3 ++- > 2 files changed, 3 insertions(+), 2 deletions(-) Why are DCACHE_WORD_ACCESS and HAVE_EFFICIENT_UNALIGNED_ACCESS separate things? I can see at least one place where it's directly tied: arch/arm/Kconfig:58: select DCACHE_WORD_ACCESS if HAVE_EFFICIENT_UNALIGNED_ACCESS Would it make sense to sort this out so that KASAN_HW_TAGS can be taken into account at the Kconfig level instead? > diff --git a/fs/dcache.c b/fs/dcache.c > index e3634916ffb93..71f0830ac5e69 100644 > --- a/fs/dcache.c > +++ b/fs/dcache.c > @@ -223,7 +223,7 @@ fs_initcall(init_fs_dcache_sysctls); > * Compare 2 name strings, return 0 if they match, otherwise non-zero. > * The strings are both count bytes long, and count is non-zero. > */ > -#ifdef CONFIG_DCACHE_WORD_ACCESS > +#if defined(CONFIG_DCACHE_WORD_ACCESS) && !defined(CONFIG_KASAN_HW_TAGS) Why not also the word_at_a_time use in fs/namei.c and lib/siphash.c? For reference, here are the DCACHE_WORD_ACCESS places: arch/arm/Kconfig:58: select DCACHE_WORD_ACCESS if HAVE_EFFICIENT_UNALIGNED_ACCESS arch/arm64/Kconfig:137: select DCACHE_WORD_ACCESS arch/powerpc/Kconfig:192: select DCACHE_WORD_ACCESS if PPC64 && CPU_LITTLE_ENDIAN arch/riscv/Kconfig:934: select DCACHE_WORD_ACCESS if MMU arch/s390/Kconfig:154: select DCACHE_WORD_ACCESS if !KMSAN arch/x86/Kconfig:160: select DCACHE_WORD_ACCESS if !KMSAN arch/x86/um/Kconfig:12: select DCACHE_WORD_ACCESS > > #include <asm/word-at-a-time.h> > /* > diff --git a/lib/string.c b/lib/string.c > index eb4486ed40d25..9a43a3824d0d7 100644 > --- a/lib/string.c > +++ b/lib/string.c > @@ -119,7 +119,8 @@ ssize_t sized_strscpy(char *dest, const char *src, size_t count) > if (count == 0 || WARN_ON_ONCE(count > INT_MAX)) > return -E2BIG; > > -#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS > +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && \ > + !defined(CONFIG_KASAN_HW_TAGS) There are lots more places checking CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS... Why only here? And the Kconfigs since I was comparing these against DCACHE_WORD_ACCESS arch/arc/Kconfig:352: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/arm/Kconfig:107: select HAVE_EFFICIENT_UNALIGNED_ACCESS if (CPU_V6 || CPU_V6K || CPU_V7) && MMU arch/arm64/Kconfig:222: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/loongarch/Kconfig:140: select HAVE_EFFICIENT_UNALIGNED_ACCESS if !ARCH_STRICT_ALIGN arch/m68k/Kconfig:33: select HAVE_EFFICIENT_UNALIGNED_ACCESS if !CPU_HAS_NO_UNALIGNED arch/powerpc/Kconfig:246: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/riscv/Kconfig:935: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/s390/Kconfig:197: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/x86/Kconfig:238: select HAVE_EFFICIENT_UNALIGNED_ACCESS arch/x86/um/Kconfig:13: select HAVE_EFFICIENT_UNALIGNED_ACCESS > /* > * If src is unaligned, don't cross a page boundary, > * since we don't know if the next page is mapped. > -- > 2.49.0.rc0.332.g42c0ae87b1-goog > -Kees
diff --git a/fs/dcache.c b/fs/dcache.c index e3634916ffb93..71f0830ac5e69 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -223,7 +223,7 @@ fs_initcall(init_fs_dcache_sysctls); * Compare 2 name strings, return 0 if they match, otherwise non-zero. * The strings are both count bytes long, and count is non-zero. */ -#ifdef CONFIG_DCACHE_WORD_ACCESS +#if defined(CONFIG_DCACHE_WORD_ACCESS) && !defined(CONFIG_KASAN_HW_TAGS) #include <asm/word-at-a-time.h> /* diff --git a/lib/string.c b/lib/string.c index eb4486ed40d25..9a43a3824d0d7 100644 --- a/lib/string.c +++ b/lib/string.c @@ -119,7 +119,8 @@ ssize_t sized_strscpy(char *dest, const char *src, size_t count) if (count == 0 || WARN_ON_ONCE(count > INT_MAX)) return -E2BIG; -#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS +#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && \ + !defined(CONFIG_KASAN_HW_TAGS) /* * If src is unaligned, don't cross a page boundary, * since we don't know if the next page is mapped.
The optimized strscpy() and dentry_string_cmp() routines will read 8 unaligned bytes at a time via the function read_word_at_a_time(), but this is incompatible with MTE which will fault on a partially invalid read. The attributes on read_word_at_a_time() that disable KASAN are invisible to the CPU so they have no effect on MTE. Let's fix the bug for now by disabling the optimizations if the kernel is built with HW tag-based KASAN and consider improvements for followup changes. Signed-off-by: Peter Collingbourne <pcc@google.com> Link: https://linux-review.googlesource.com/id/If4b22e43b5a4ca49726b4bf98ada827fdf755548 Fixes: 94ab5b61ee16 ("kasan, arm64: enable CONFIG_KASAN_HW_TAGS") Cc: stable@vger.kernel.org --- fs/dcache.c | 2 +- lib/string.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)