From patchwork Fri May 13 10:08:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 12848623 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E561C433F5 for ; Fri, 13 May 2022 10:09:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=tf2LyU23d4xJSw2hQ6N1Qr10Vrbs8hR4CRlgbYrDocA=; b=OvhQt1RKB4YIM/ UK2CkRh9UKuWSML0URB22fdfYZRQ1Ayi7R0mlu2dvD2821bd+PVTn83s6RjkGkZ8usLCFYaeJY3IV UtRWzz9qb1CjP2uuBkliUWforRzWow5LmCYTXorpXZLdb1kezNiosqEhgiASIVbjRtRd91Xmu7NrZ ZHM+Ulp69lSZBL717+R8i3Ss8zfO7NdouxWZo11GyaxtlngskWrcsOxl2kPDoXVGXLp92G6DnC2f8 ey3OVWxLJiuH/S30xDaQIWIgo5cOOfQkDdPhIiRu0wFN8U/d0Kkg849Ojzrsll7Rx4ns7wmRdOQ1G P6tcnZbxJ6iSDRj4Zl2Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npSDa-00FUMT-7A; Fri, 13 May 2022 10:08:18 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npSDW-00FULr-Aj for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 10:08:15 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8BADE62230; Fri, 13 May 2022 10:08:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D18B1C34100; Fri, 13 May 2022 10:08:11 +0000 (UTC) From: Catalin Marinas To: Will Deacon Cc: linux-arm-kernel@lists.infradead.org, Steven Price , Vincenzo Frascino , Vladimir Murzin Subject: [PATCH] arm64: mte: Ensure the cleared tags are visible before setting the PTE Date: Fri, 13 May 2022 11:08:09 +0100 Message-Id: <20220513100809.2324920-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_030814_450981_60FD5F5F X-CRM114-Status: GOOD ( 16.10 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org As an optimisation, only pages mapped with PROT_MTE in user space have the MTE tags zeroed. This is done lazily at the set_pte_at() time via mte_sync_tags(). However, this function is missing a barrier and another CPU may see the PTE updated before the zeroed tags are visible. Add an smp_wmb() barrier if the page tags have been updated. Signed-off-by: Catalin Marinas Fixes: 34bfeea4a9e9 ("arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE") Cc: # 5.10.x Reported-by: Vladimir Murzin Cc: Will Deacon Reviewed-by: Steven Price Reviewed-by: Vincenzo Frascino Tested-by: Vladimir Murzin Tested-by: Vladimir Murzin --- arch/arm64/kernel/mte.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c index 78b3e0f8e997..07dabd52377d 100644 --- a/arch/arm64/kernel/mte.c +++ b/arch/arm64/kernel/mte.c @@ -34,18 +34,18 @@ DEFINE_STATIC_KEY_FALSE(mte_async_or_asymm_mode); EXPORT_SYMBOL_GPL(mte_async_or_asymm_mode); #endif -static void mte_sync_page_tags(struct page *page, pte_t old_pte, +static bool mte_sync_page_tags(struct page *page, pte_t old_pte, bool check_swap, bool pte_is_tagged) { if (check_swap && is_swap_pte(old_pte)) { swp_entry_t entry = pte_to_swp_entry(old_pte); if (!non_swap_entry(entry) && mte_restore_tags(entry, page)) - return; + return true; } if (!pte_is_tagged) - return; + return false; page_kasan_tag_reset(page); /* @@ -57,6 +57,7 @@ static void mte_sync_page_tags(struct page *page, pte_t old_pte, */ smp_wmb(); mte_clear_page_tags(page_address(page)); + return true; } void mte_sync_tags(pte_t old_pte, pte_t pte) @@ -65,6 +66,7 @@ void mte_sync_tags(pte_t old_pte, pte_t pte) long i, nr_pages = compound_nr(page); bool check_swap = nr_pages == 1; bool pte_is_tagged = pte_tagged(pte); + bool updated = false; /* Early out if there's nothing to do */ if (!check_swap && !pte_is_tagged) @@ -72,10 +74,15 @@ void mte_sync_tags(pte_t old_pte, pte_t pte) /* if PG_mte_tagged is set, tags have already been initialised */ for (i = 0; i < nr_pages; i++, page++) { - if (!test_and_set_bit(PG_mte_tagged, &page->flags)) - mte_sync_page_tags(page, old_pte, check_swap, - pte_is_tagged); + if (!test_and_set_bit(PG_mte_tagged, &page->flags) && + mte_sync_page_tags(page, old_pte, check_swap, + pte_is_tagged)) + updated = true; } + + /* ensure the tags are visible before the PTE is set */ + if (updated) + smp_wmb(); } int memcmp_pages(struct page *page1, struct page *page2)