[v9,28/44] arm64: mte: Reset the page tag in page->flags

Message ID	4a7819f8942922451e8075d7003f7df357919dfc.1605046192.git.andreyknvl@google.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=ew8G=EQ=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4671D20637 Date: Tue, 10 Nov 2020 23:10:25 +0100 In-Reply-To: <cover.1605046192.git.andreyknvl@google.com> Message-Id: <4a7819f8942922451e8075d7003f7df357919dfc.1605046192.git.andreyknvl@google.com> Mime-Version: 1.0 References: <cover.1605046192.git.andreyknvl@google.com> Subject: [PATCH v9 28/44] arm64: mte: Reset the page tag in page->flags From: Andrey Konovalov <andreyknvl@google.com> To: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Dmitry Vyukov <dvyukov@google.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>, Evgenii Stepanov <eugenis@google.com>, Branislav Rankov <Branislav.Rankov@arm.com>, Kevin Brodsky <kevin.brodsky@arm.com>, Andrew Morton <akpm@linux-foundation.org>, kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Content-Type: text/plain; charset="UTF-8" Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	kasan: add hardware tag-based mode for arm64 \| expand [v9,00/44] kasan: add hardware tag-based mode for arm64 [v9,01/44] kasan: drop unnecessary GPL text from comment headers [v9,02/44] kasan: KASAN_VMALLOC depends on KASAN_GENERIC [v9,03/44] kasan: group vmalloc code [v9,04/44] s390/kasan: include asm/page.h from asm/kasan.h [v9,05/44] kasan: shadow declarations only for software modes [v9,06/44] kasan: rename (un)poison_shadow to (un)poison_memory [v9,07/44] kasan: rename KASAN_SHADOW_* to KASAN_GRANULE_* [v9,08/44] kasan: only build init.c for software modes [v9,09/44] kasan: split out shadow.c from common.c [v9,10/44] kasan: define KASAN_GRANULE_PAGE [v9,11/44] kasan: rename report and tags files [v9,12/44] kasan: don't duplicate config dependencies [v9,13/44] kasan: hide invalid free check implementation [v9,14/44] kasan: decode stack frame only with KASAN_STACK_ENABLE [v9,15/44] kasan, arm64: only init shadow for software modes [v9,16/44] kasan, arm64: only use kasan_depth for software modes [v9,17/44] kasan, arm64: move initialization message [v9,18/44] kasan, arm64: rename kasan_init_tags and mark as __init [v9,19/44] kasan: rename addr_has_shadow to addr_has_metadata [v9,20/44] kasan: rename print_shadow_for_address to print_memory_metadata [v9,21/44] kasan: kasan_non_canonical_hook only for software modes [v9,22/44] kasan: rename SHADOW layout macros to META [v9,23/44] kasan: separate metadata_fetch_row for each mode [v9,24/44] kasan, arm64: don't allow SW_TAGS with ARM64_MTE [v9,25/44] kasan: introduce CONFIG_KASAN_HW_TAGS [v9,26/44] arm64: Enable armv8.5-a asm-arch option [v9,27/44] arm64: mte: Add in-kernel MTE helpers [v9,28/44] arm64: mte: Reset the page tag in page->flags [v9,29/44] arm64: mte: Add in-kernel tag fault handler [v9,30/44] arm64: kasan: Allow enabling in-kernel MTE [v9,31/44] arm64: mte: Convert gcr_user into an exclude mask [v9,32/44] arm64: mte: Switch GCR_EL1 in kernel entry and exit [v9,33/44] kasan, mm: untag page address in free_reserved_area [v9,34/44] arm64: kasan: Align allocations for HW_TAGS [v9,35/44] arm64: kasan: Add arch layer for memory tagging helpers [v9,36/44] kasan: define KASAN_GRANULE_SIZE for HW_TAGS [v9,37/44] kasan, x86, s390: update undef CONFIG_KASAN [v9,38/44] kasan, arm64: expand CONFIG_KASAN checks [v9,39/44] kasan, arm64: implement HW_TAGS runtime [v9,40/44] kasan, arm64: print report from tag fault handler [v9,41/44] kasan, mm: reset tags when accessing metadata [v9,42/44] kasan, arm64: enable CONFIG_KASAN_HW_TAGS [v9,43/44] kasan: add documentation for hardware tag-based mode [v9,44/44] kselftest/arm64: Check GCR_EL1 after context switch

Message ID

4a7819f8942922451e8075d7003f7df357919dfc.1605046192.git.andreyknvl@google.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4671D20637
Date: Tue, 10 Nov 2020 23:10:25 +0100
In-Reply-To: <cover.1605046192.git.andreyknvl@google.com>
Message-Id: 
 <4a7819f8942922451e8075d7003f7df357919dfc.1605046192.git.andreyknvl@google.com>
Mime-Version: 1.0
References: <cover.1605046192.git.andreyknvl@google.com>
Subject: [PATCH v9 28/44] arm64: mte: Reset the page tag in page->flags
From: Andrey Konovalov <andreyknvl@google.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>,
 Vincenzo Frascino <vincenzo.frascino@arm.com>,
	Dmitry Vyukov <dvyukov@google.com>,
 Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>,
	Evgenii Stepanov <eugenis@google.com>,
 Branislav Rankov <Branislav.Rankov@arm.com>,
	Kevin Brodsky <kevin.brodsky@arm.com>,
 Andrew Morton <akpm@linux-foundation.org>,
	kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Andrey Konovalov <andreyknvl@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

kasan: add hardware tag-based mode for arm64 | expand

Commit Message

Andrey Konovalov Nov. 10, 2020, 10:10 p.m. UTC

From: Vincenzo Frascino <vincenzo.frascino@arm.com>

The hardware tag-based KASAN for compatibility with the other modes
stores the tag associated to a page in page->flags.
Due to this the kernel faults on access when it allocates a page with an
initial tag and the user changes the tags.

Reset the tag associated by the kernel to a page in all the meaningful
places to prevent kernel faults on access.

Note: An alternative to this approach could be to modify page_to_virt().
This though could end up being racy, in fact if a CPU checks the
PG_mte_tagged bit and decides that the page is not tagged but another
CPU maps the same with PROT_MTE and becomes tagged the subsequent kernel
access would fail.

Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
Change-Id: I8451d438bb63364de2a3e68041e3a27866921d4e
---
 arch/arm64/kernel/hibernate.c | 5 +++++
 arch/arm64/kernel/mte.c       | 9 +++++++++
 arch/arm64/mm/copypage.c      | 1 +
 arch/arm64/mm/mteswap.c       | 9 +++++++++
 4 files changed, 24 insertions(+)

Comments

Catalin Marinas Nov. 12, 2020, 9:31 a.m. UTC | #1

On Tue, Nov 10, 2020 at 11:10:25PM +0100, Andrey Konovalov wrote:
> diff --git a/arch/arm64/mm/copypage.c b/arch/arm64/mm/copypage.c
> index 70a71f38b6a9..f0efa4847e2f 100644
> --- a/arch/arm64/mm/copypage.c
> +++ b/arch/arm64/mm/copypage.c
> @@ -23,6 +23,7 @@ void copy_highpage(struct page *to, struct page *from)
>  
>  	if (system_supports_mte() && test_bit(PG_mte_tagged, &from->flags)) {
>  		set_bit(PG_mte_tagged, &to->flags);
> +		page_kasan_tag_reset(to);
>  		mte_copy_page_tags(kto, kfrom);

Any reason why this doesn't have an smp_wmb() between resetting the tags
and copying them into kto?

Vincenzo Frascino Nov. 12, 2020, 9:39 a.m. UTC | #2

On 11/12/20 9:31 AM, Catalin Marinas wrote:
> On Tue, Nov 10, 2020 at 11:10:25PM +0100, Andrey Konovalov wrote:
>> diff --git a/arch/arm64/mm/copypage.c b/arch/arm64/mm/copypage.c
>> index 70a71f38b6a9..f0efa4847e2f 100644
>> --- a/arch/arm64/mm/copypage.c
>> +++ b/arch/arm64/mm/copypage.c
>> @@ -23,6 +23,7 @@ void copy_highpage(struct page *to, struct page *from)
>>  
>>  	if (system_supports_mte() && test_bit(PG_mte_tagged, &from->flags)) {
>>  		set_bit(PG_mte_tagged, &to->flags);
>> +		page_kasan_tag_reset(to);
>>  		mte_copy_page_tags(kto, kfrom);
> 
> Any reason why this doesn't have an smp_wmb() between resetting the tags
> and copying them into kto?
> 

Yes, the reason is I am not sure why it disappeared from the submitted patch ;)
I am going to respin the patch.

diff --git a/arch/arm64/kernel/hibernate.c b/arch/arm64/kernel/hibernate.c
index 42003774d261..9c9f47e9f7f4 100644
--- a/arch/arm64/kernel/hibernate.c
+++ b/arch/arm64/kernel/hibernate.c
@@ -371,6 +371,11 @@  static void swsusp_mte_restore_tags(void)
 		unsigned long pfn = xa_state.xa_index;
 		struct page *page = pfn_to_online_page(pfn);
 
+		/*
+		 * It is not required to invoke page_kasan_tag_reset(page)
+		 * at this point since the tags stored in page->flags are
+		 * already restored.
+		 */
 		mte_restore_page_tags(page_address(page), tags);
 
 		mte_free_tag_storage(tags);
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index 8f99c65837fd..600b26d65b41 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -34,6 +34,15 @@  static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool check_swap)
 			return;
 	}
 
+	page_kasan_tag_reset(page);
+	/*
+	 * We need smp_wmb() in between setting the flags and clearing the
+	 * tags because if another thread reads page->flags and builds a
+	 * tagged address out of it, there is an actual dependency to the
+	 * memory access, but on the current thread we do not guarantee that
+	 * the new new page->flags are visible before the tags were updated.
+	 */
+	smp_wmb();
 	mte_clear_page_tags(page_address(page));
 }
 
diff --git a/arch/arm64/mm/copypage.c b/arch/arm64/mm/copypage.c
index 70a71f38b6a9..f0efa4847e2f 100644
--- a/arch/arm64/mm/copypage.c
+++ b/arch/arm64/mm/copypage.c
@@ -23,6 +23,7 @@  void copy_highpage(struct page *to, struct page *from)
 
 	if (system_supports_mte() && test_bit(PG_mte_tagged, &from->flags)) {
 		set_bit(PG_mte_tagged, &to->flags);
+		page_kasan_tag_reset(to);
 		mte_copy_page_tags(kto, kfrom);
 	}
 }
diff --git a/arch/arm64/mm/mteswap.c b/arch/arm64/mm/mteswap.c
index c52c1847079c..9cc59696489c 100644
--- a/arch/arm64/mm/mteswap.c
+++ b/arch/arm64/mm/mteswap.c
@@ -53,6 +53,15 @@  bool mte_restore_tags(swp_entry_t entry, struct page *page)
 	if (!tags)
 		return false;
 
+	page_kasan_tag_reset(page);
+	/*
+	 * We need smp_wmb() in between setting the flags and clearing the
+	 * tags because if another thread reads page->flags and builds a
+	 * tagged address out of it, there is an actual dependency to the
+	 * memory access, but on the current thread we do not guarantee that
+	 * the new new page->flags are visible before the tags were updated.
+	 */
+	smp_wmb();
 	mte_restore_page_tags(page_address(page), tags);
 
 	return true;

[v9,28/44] arm64: mte: Reset the page tag in page->flags

Commit Message

Comments

Patch