From patchwork Mon Oct 21 13:02:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Linus Walleij <linus.walleij@linaro.org>
X-Patchwork-Id: 13844150
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id A1A6CD15D8C
	for <linux-arm-kernel@archiver.kernel.org>;
 Mon, 21 Oct 2024 13:31:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
	:List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References
	:Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=Uffe5hTHXC1N9IpKdOMepaRpviJ24IOWzAUyLrjTbsU=; b=B2/GtfaEgZbZ6h3t9DQ4JpO7bJ
	tkNL/36tqK5KcSdwqHnbBI4Ref2UKdWOHHxA2oqnsMRbFhkgSDgUrQgrIFFc8kVanUWJ9kZEyDu9D
	Bs5Kf0N0QNaFP3Tmq3CKzNALyKsLxA7eGvqrHDVUpOqgg5KqobEwHTk67u2xToTYca1xuALkGz/cT
	aUn0/oKXYeDCUlVxNCPVvzKJFCnrU+cwAeIqveRjENyTFBfFm5zIh7ArBT3V4IpLri1ZOPBDb7BwZ
	Xks0AvANoaPihFa7KpdqK+2jdr12V8++mi6eZdYxi6ku0Me831PyAnN9OJ+l5wLeGZBAy+VtfhhyP
	838zVdew==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1t2sUp-00000007QTy-1M8F;
	Mon, 21 Oct 2024 13:30:55 +0000
Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s3y-00000007MI6-1gOi
	for linux-arm-kernel@bombadil.infradead.org;
	Mon, 21 Oct 2024 13:03:10 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=desiato.20200630; h=Cc:To:In-Reply-To:References:
	Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Sender:Reply-To:Content-ID:Content-Description;
	bh=Uffe5hTHXC1N9IpKdOMepaRpviJ24IOWzAUyLrjTbsU=; b=BcL9c7V1hKUGl+SVcF2Yq99y3O
	i/QvF5nNi1fZwoMGtWh1KTPqS2S7xAT8WGnUet5z4+Wagf8HlQn5W7RxW88/i2to/cT2MVssi8gy1
	T6kWO949dKkkaFajU7hCxhCyOejeALyVnutvN/RGsfajnfLRNW5CLBG1RMYfF/cbm6pZVmtG1aNww
	uoIPeKHAWWC/ZuchRALQZ+klWC7jDL1eyv9S34ntvw3oum5RAfa09H1NDCgHCYJ4ft5nNus+3soQX
	TxqPCyavib25BoyqhWFoERTpVRUpksXNdNS1HRrtWnMyoAC4F2weyKwHfcO6CCJbhYKQoXuo6l3C2
	LdMdRPeQ==;
Received: from mail-lj1-x22f.google.com ([2a00:1450:4864:20::22f])
	by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s3u-00000007wXz-3SG4
	for linux-arm-kernel@lists.infradead.org;
	Mon, 21 Oct 2024 13:03:08 +0000
Received: by mail-lj1-x22f.google.com with SMTP id
 38308e7fff4ca-2f7657f9f62so41751211fa.3
        for <linux-arm-kernel@lists.infradead.org>;
 Mon, 21 Oct 2024 06:03:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1729515784; x=1730120584;
 darn=lists.infradead.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Uffe5hTHXC1N9IpKdOMepaRpviJ24IOWzAUyLrjTbsU=;
        b=VYcIEn4diic/4PAER5Vc5meK6pklTYjNFBIhpOAfagEkR5ZoB1aLldf6OgJKw+Z5UT
         DI0MekpLsFrTd+KgzN3Fy4kSa4qTjVLofeKsiEsVRS0S8rAKyfpAMGzu5fQZHlISuPhK
         B/HzGoaHvmcDRFgVb7DgrgpSd82K2dUmy9U3xryex6HB01n9qrJocnIXahtwScTCXLvo
         ZFx8YHQnimjLNyJAAWtI0BlTxud5TS+NG4jKq5pKtEmh62VWJsnIQJlJNlPPXK9ClOWe
         QNRRiccSmS0//fjfBaNpYWCgff281J/sG7bN3J1s0tQxYq5Ekboi8veNeQMLkOCbSMiH
         pP4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729515784; x=1730120584;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Uffe5hTHXC1N9IpKdOMepaRpviJ24IOWzAUyLrjTbsU=;
        b=KSpxyqOUygJ6DXSV6160jZ7aUm4cyCP5Sl4DpoEdtrCs6NVGgLtMtPei027uM1STV5
         Bn8tiIXpDATYzDU1MZtgDhYrwtsLMECjfYDazoMGa7X47uhYdhBqcE7tcIZ90aKhYO6i
         xhyWk7lg5Bhi/78jpqFAJnqQG5FlFdzKhJcRPYbSfvBmV5M0ipKq+L3ZV/m4SaZ6CKsv
         EcqrCE4kg0NL1EORZ5tpJTMZ0PqfbeWcE6/4E7EUxPTHKTcvO/zC9onEsR4dLNeC8Nhi
         lUFaPfR/Mb0Z5RctymCsx9clv1pHTTcY47djsnPsqCJNG6dRnk69/YQnZosShUtug5Wt
         2oeg==
X-Forwarded-Encrypted: i=1;
 AJvYcCXA+K7GYRwgMV/IML5/ilbuLZXu4Oy2NzRFJ0cTNjFIj00tmIXneOrrDGgaqZPJHqyNmLN9b9F+g08BrHPG3At3@lists.infradead.org
X-Gm-Message-State: AOJu0Yzowgdj45Y/2/LzgKf98VeLp4DHPleqk0WcQRr6t0E15AzIdS87
	H/IfLtSr0rNnEEXiTaKv8xD/QSKfIVHdJKS7ppmLylG2F6lu2tLBGkNaLhqwk2g=
X-Google-Smtp-Source: 
 AGHT+IGO/4EX5avkuvXfScYCvhLu3iZRJMQg3BFD3nkjwgwkjHvopwRBrppx6dTV4/UAHlINPapBpQ==
X-Received: by 2002:a2e:4a11:0:b0:2fb:599a:a8e9 with SMTP id
 38308e7fff4ca-2fb82ea2942mr40762811fa.15.1729515783475;
        Mon, 21 Oct 2024 06:03:03 -0700 (PDT)
Received: from lino.lan ([85.235.12.238])
        by smtp.gmail.com with ESMTPSA id
 38308e7fff4ca-2fb9ae24d51sm4808351fa.130.2024.10.21.06.03.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 21 Oct 2024 06:03:03 -0700 (PDT)
From: Linus Walleij <linus.walleij@linaro.org>
Date: Mon, 21 Oct 2024 15:02:58 +0200
Subject: [PATCH v4 1/3] ARM: ioremap: Sync PGDs for VMALLOC shadow
MIME-Version: 1.0
Message-Id: <20241021-arm-kasan-vmalloc-crash-v4-1-837d1294344f@linaro.org>
References: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
In-Reply-To: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
To: Clement LE GOFFIC <clement.legoffic@foss.st.com>,
 Russell King <linux@armlinux.org.uk>, Melon Liu <melon1335@163.com>,
 Kees Cook <kees@kernel.org>,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
 Mark Brown <broonie@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ardb@kernel.org>
Cc: Antonio Borneo <antonio.borneo@foss.st.com>,
 linux-stm32@st-md-mailman.stormreply.com,
 linux-arm-kernel@lists.infradead.org,
 Linus Walleij <linus.walleij@linaro.org>, stable@vger.kernel.org
X-Mailer: b4 0.14.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20241021_140307_077672_ED265C47 
X-CRM114-Status: GOOD (  16.02  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

When sync:ing the VMALLOC area to other CPUs, make sure to also
sync the KASAN shadow memory for the VMALLOC area, so that we
don't get stale entries for the shadow memory in the top level PGD.

Since we are now copying PGDs in two instances, create a helper
function named memcpy_pgd() to do the actual copying, and
create a helper to map the addresses of VMALLOC_START and
VMALLOC_END into the corresponding shadow memory.

Cc: stable@vger.kernel.org
Fixes: 565cbaad83d8 ("ARM: 9202/1: kasan: support CONFIG_KASAN_VMALLOC")
Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/
Reported-by: Clement LE GOFFIC <clement.legoffic@foss.st.com>
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Suggested-by: Russell King (Oracle) <linux@armlinux.org.uk>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Co-developed-by: Melon Liu <melon1335@163.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 arch/arm/mm/ioremap.c | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
index 794cfea9f9d4..ff555823cceb 100644
--- a/arch/arm/mm/ioremap.c
+++ b/arch/arm/mm/ioremap.c
@@ -23,6 +23,7 @@
  */
 #include <linux/module.h>
 #include <linux/errno.h>
+#include <linux/kasan.h>
 #include <linux/mm.h>
 #include <linux/vmalloc.h>
 #include <linux/io.h>
@@ -115,16 +116,40 @@ int ioremap_page(unsigned long virt, unsigned long phys,
 }
 EXPORT_SYMBOL(ioremap_page);
 
+#ifdef CONFIG_KASAN
+static unsigned long arm_kasan_mem_to_shadow(unsigned long addr)
+{
+	return (unsigned long)kasan_mem_to_shadow((void *)addr);
+}
+#else
+static unsigned long arm_kasan_mem_to_shadow(unsigned long addr)
+{
+	return 0;
+}
+#endif
+
+static void memcpy_pgd(struct mm_struct *mm, unsigned long start,
+		       unsigned long end)
+{
+	end = ALIGN(end, PGDIR_SIZE);
+	memcpy(pgd_offset(mm, start), pgd_offset_k(start),
+	       sizeof(pgd_t) * (pgd_index(end) - pgd_index(start)));
+}
+
 void __check_vmalloc_seq(struct mm_struct *mm)
 {
 	int seq;
 
 	do {
 		seq = atomic_read(&init_mm.context.vmalloc_seq);
-		memcpy(pgd_offset(mm, VMALLOC_START),
-		       pgd_offset_k(VMALLOC_START),
-		       sizeof(pgd_t) * (pgd_index(VMALLOC_END) -
-					pgd_index(VMALLOC_START)));
+		memcpy_pgd(mm, VMALLOC_START, VMALLOC_END);
+		if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) {
+			unsigned long start =
+				arm_kasan_mem_to_shadow(VMALLOC_START);
+			unsigned long end =
+				arm_kasan_mem_to_shadow(VMALLOC_END);
+			memcpy_pgd(mm, start, end);
+		}
 		/*
 		 * Use a store-release so that other CPUs that observe the
 		 * counter's new value are guaranteed to see the results of the

From patchwork Mon Oct 21 13:02:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Linus Walleij <linus.walleij@linaro.org>
X-Patchwork-Id: 13844287
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 4E791D15DA5
	for <linux-arm-kernel@archiver.kernel.org>;
 Mon, 21 Oct 2024 14:54:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
	:List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References
	:Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=; b=ZCvnaKcEfrZBvtQ6oYug+W/8aA
	3L95jT80Y3AUqQZoXmcidr1fBczTYu1b3RklI6rR9KMtIlMY84luBLxWh/DjayBbsxG0Nid82V+hJ
	FMggyAG7AcPkBg4t0VZJ/9MsOUpa4+GqeUnHeTVhatDpxK/CJGLxkMa+mF4Yh2QUCuV0BktIvlbee
	x95ZyC2V9x/48SmYhZFuWn5Qkl9ObkMWscu9lt348S+45gW8G312HP+LaeNaIZDpoAvZ59ePKhjnF
	iw17B7o2Ralg2cYk9EMq7sk049464O6YEcAyIsnMcT4mZcLMDwP4FzhWjMGDktiWVv3GpO8bzCt3a
	VwvFcFcQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1t2tna-00000007gO1-1TQI;
	Mon, 21 Oct 2024 14:54:22 +0000
Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s40-00000007MIU-0RdY
	for linux-arm-kernel@bombadil.infradead.org;
	Mon, 21 Oct 2024 13:03:12 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=desiato.20200630; h=Cc:To:In-Reply-To:References:
	Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Sender:Reply-To:Content-ID:Content-Description;
	bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=; b=nx+hHptQPWKayPQwixp6i2tMzL
	0SkSlwiYaIHI7dYQ0q+9kC/oyw0di9bT/7rYbDqOV+ZC2Y5stH4xAA10Q7bg2TSo6y8WX/PKBl8jM
	A3KXto+Q74kMVTzp2u2r86EWiOUwMF+aCTjI8+q6uYeZt8UlD1v+VJOL5xJN8ZaHS76MyuIgakeEv
	nXs91+PlywYqcP4WJFC1CJLEJ1P1j6x1NpvD+lsDENoyGDQW49Iri4PtXGtJ5O987svyj9YUEqqqM
	DfIIfckkq30IuWxCSc+TAtqFISAg1MHX/1J5e7UsL1/FMnMlNdGUftsg3DqVVn+YJFTg2Ua7wA6ZO
	CPJm1XWg==;
Received: from mail-lj1-x22a.google.com ([2a00:1450:4864:20::22a])
	by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s3v-00000007wY1-2p3Y
	for linux-arm-kernel@lists.infradead.org;
	Mon, 21 Oct 2024 13:03:10 +0000
Received: by mail-lj1-x22a.google.com with SMTP id
 38308e7fff4ca-2fb49510250so40974611fa.0
        for <linux-arm-kernel@lists.infradead.org>;
 Mon, 21 Oct 2024 06:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1729515784; x=1730120584;
 darn=lists.infradead.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=;
        b=naCrwlfEAwFSKBvpov9HnbTub8ozHtLXSzmjc8i/u8nbGbsglZ+KaKAflTGJfr3ul+
         3HwYYEF2bx27SsxMeMg8ATl07mBNZhp2XpIjEOu50KRg4lFacpXgNkGdJ39F99D5iJG2
         2JpT/BOWkz0tdl9nmyCOD7RnBjcGdjGcKDGaMbXgYlw24KAqdjIsXjtU4C3C27ONKUJ4
         z1y7sVrO7xHwiC1ITm7SOJFrqaXSa1clVYO6W3IWkImfA+Tb93PQ3OJC95CymY3B7QLL
         wdSMa/zubBV0T3hlLiLgKFep25pujXtgAJ8I4LYg/VrWMsts85mQNHvASXhXSd4Po7b+
         /d9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729515784; x=1730120584;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=;
        b=g74nMANu/wFG77sBYmcmkJ7vdI0J4TlCv2/W4ZuXF1lOihoowWSh0eiHdxbIATV4fi
         dKBJ+7vqOdH8lxsVYKD0ae6cU4w3luyDS63ziyj8Ge73CLoItYAoAQw/Fvftc41qTxCo
         nfp+IiaogbIFjjdVbblJuD4zS8hltN1dgRk4Vgbo8BxhbftbSxD3L2EJp4FosDz5DSi2
         D6Jgo+tSMs3owqKOlCJtMAnI8OliUldUX503Wuq0oD//ySzmYUPqZ/OC2HmGUmKRc7SA
         S31hhPl/FvaNt+jGbhNdFEqY7iru0ZjPi8b91GJPY6YCY1WPgLiWv4bcyQT/i+SurBCN
         xdxg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUAF1Fe/54AZ3pLsVXYu4jC1PPT9sUJqqpb59pkE6vWZVkREXDdH4sbyHVphtN8Ak5tvIytXIs/8LjRDxQwqIJY@lists.infradead.org
X-Gm-Message-State: AOJu0YyJLDXrSG7iaSd4RXBL27MaRbRXh6SEbMgv8Xta2j0lzdTD/dlL
	gprfsab2c4szz7I9G4bO91M1wib0k5/olaVCbbR9TGfTlr+/GsmEjo4jeXnCJRw=
X-Google-Smtp-Source: 
 AGHT+IFl2tqDkCWdClLbm+iio4vewFwLEcLXVPL3QhXNtJlFjMyJiepzyeePilHFMrPomCUvBO3Mgw==
X-Received: by 2002:a2e:a585:0:b0:2fb:5014:f093 with SMTP id
 38308e7fff4ca-2fb83226829mr47866501fa.44.1729515784392;
        Mon, 21 Oct 2024 06:03:04 -0700 (PDT)
Received: from lino.lan ([85.235.12.238])
        by smtp.gmail.com with ESMTPSA id
 38308e7fff4ca-2fb9ae24d51sm4808351fa.130.2024.10.21.06.03.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 21 Oct 2024 06:03:03 -0700 (PDT)
From: Linus Walleij <linus.walleij@linaro.org>
Date: Mon, 21 Oct 2024 15:02:59 +0200
Subject: [PATCH v4 2/3] ARM: entry: Do a dummy read from VMAP shadow
MIME-Version: 1.0
Message-Id: <20241021-arm-kasan-vmalloc-crash-v4-2-837d1294344f@linaro.org>
References: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
In-Reply-To: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
To: Clement LE GOFFIC <clement.legoffic@foss.st.com>,
 Russell King <linux@armlinux.org.uk>, Melon Liu <melon1335@163.com>,
 Kees Cook <kees@kernel.org>,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
 Mark Brown <broonie@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ardb@kernel.org>
Cc: Antonio Borneo <antonio.borneo@foss.st.com>,
 linux-stm32@st-md-mailman.stormreply.com,
 linux-arm-kernel@lists.infradead.org,
 Linus Walleij <linus.walleij@linaro.org>, stable@vger.kernel.org
X-Mailer: b4 0.14.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20241021_140307_865385_86CB5A1F 
X-CRM114-Status: GOOD (  13.24  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

When switching task, in addition to a dummy read from the new
VMAP stack, also do a dummy read from the VMAP stack's
corresponding KASAN shadow memory to sync things up in
the new MM context.

Cc: stable@vger.kernel.org
Fixes: a1c510d0adc6 ("ARM: implement support for vmap'ed stacks")
Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/
Reported-by: Clement LE GOFFIC <clement.legoffic@foss.st.com>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 arch/arm/kernel/entry-armv.S | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index 1dfae1af8e31..ef6a657c8d13 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -25,6 +25,7 @@
 #include <asm/tls.h>
 #include <asm/system_info.h>
 #include <asm/uaccess-asm.h>
+#include <asm/kasan_def.h>
 
 #include "entry-header.S"
 #include <asm/probes.h>
@@ -561,6 +562,13 @@ ENTRY(__switch_to)
 	@ entries covering the vmalloc region.
 	@
 	ldr	r2, [ip]
+#ifdef CONFIG_KASAN_VMALLOC
+	@ Also dummy read from the KASAN shadow memory for the new stack if we
+	@ are using KASAN
+	mov_l	r2, KASAN_SHADOW_OFFSET
+	add	r2, r2, ip, lsr #KASAN_SHADOW_SCALE_SHIFT
+	ldr	r2, [r2]
+#endif
 #endif
 
 	@ When CONFIG_THREAD_INFO_IN_TASK=n, the update of SP itself is what

From patchwork Mon Oct 21 13:03:00 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Linus Walleij <linus.walleij@linaro.org>
X-Patchwork-Id: 13844162
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 67789D15D90
	for <linux-arm-kernel@archiver.kernel.org>;
 Mon, 21 Oct 2024 13:34:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help
	:List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References
	:Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=EPZW3o9O8KMd2l9bsdly639M9ayrVvVJPmPDhVzCI64=; b=xMMBcLONBQ0gHE73wVPFCW97j6
	FVnH86xiOSm7gCD+R+CKWJgj/Ntgl7ZBv8tyxi22BRgjR6BslxYzQDqXz3gZNEpPJVjACOmAI3qRV
	59nbVUMHCCnJQB37bwfwSXLHulLLwF33JAfcuTDvEPoeabl5ZVtt5l/X7+gNejRNKKjaGjuIY0i/Q
	DV0pw2ntwVhPro8uyc+uPnIerKxS/6G7+yUEs4FPCRlWuiyuG8py0rAD1hkEdif2DO4qqyvJs6Geg
	MzpzMFsdwQZpjj5zIPoA3iAZESkIzaRHldDy9zYtoCqhTwdTiQtui8LGyBeTByrzWSWMkhmSShmMa
	kiQ3fl6A==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1t2sXj-00000007QmV-12d3;
	Mon, 21 Oct 2024 13:33:55 +0000
Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s41-00000007MIi-1b4H
	for linux-arm-kernel@bombadil.infradead.org;
	Mon, 21 Oct 2024 13:03:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=desiato.20200630; h=Cc:To:In-Reply-To:References:
	Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date:
	From:Sender:Reply-To:Content-ID:Content-Description;
	bh=EPZW3o9O8KMd2l9bsdly639M9ayrVvVJPmPDhVzCI64=; b=lAocx7Mcr2QCN89/vagm1jFIs7
	OGFH8omMXPzh08DzaeGebDkPAA/iuuuaos6kueGdS7SMNaNzThASQeTZoYlA6FkIVMD0I/vEKeNnc
	INtkyTZ9mAs9UxtjSZq0I6UxtRTWU2G5XnTUqsrP15Y16k/0WjZwSm1P9iRy28NYfLk5V3o344kM1
	8bhg4Ow/qnZy0brdmAGOVsq4P3wxi3tHJnZ5n70cmwpO+HQvkAjsNL9AnqxDsHs68zyxHic/eeSA+
	y2eWgyMGkhyG7OVeeZxpHE2FXRI4rqM+u5KoTV8ZjzKAJ55Rur2wkX0NKXaoAF08T7v3M4ei/Yee5
	IwCIE24g==;
Received: from mail-lj1-x234.google.com ([2a00:1450:4864:20::234])
	by desiato.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1t2s3y-00000007wZ0-20K1
	for linux-arm-kernel@lists.infradead.org;
	Mon, 21 Oct 2024 13:03:12 +0000
Received: by mail-lj1-x234.google.com with SMTP id
 38308e7fff4ca-2fb561f273eso43246301fa.2
        for <linux-arm-kernel@lists.infradead.org>;
 Mon, 21 Oct 2024 06:03:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1729515787; x=1730120587;
 darn=lists.infradead.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EPZW3o9O8KMd2l9bsdly639M9ayrVvVJPmPDhVzCI64=;
        b=oIF9dZBPNgjqfhKzt7YCJmJdAo6IZ2vh6KItmF7F44DUudSQLkE0L76SXqa5GHIC6K
         sIeXRTKYkD3fXh9+az9w+CF9O4H3D5FcP8O+YglEvHqB6Fp5GUiZNYHnaI0hKe+uIMsm
         GgWCfzWnVvS5oreKvISImUSRkg6hyxvodT2zwrl5ffpbVm/9vK5700zO4spUXkdDFwu6
         ISkeB5bs/Nd52NNZqrhec2xMc+btW/7Zk+5aAivnE9ELKySc5rsmM0/aDC2bOkxoC/QE
         wwDtgyju4smiLEy+qiHYw1avQVMNddC57ReGUoL7KwCd0U52xTo7R6iq/5E5y8S1/qUC
         9RXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1729515787; x=1730120587;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EPZW3o9O8KMd2l9bsdly639M9ayrVvVJPmPDhVzCI64=;
        b=dnzLnyqwRfkZHLGgfSiTUg3yJyfK0tLmjWrMDkee+uUslIcIjxdaq0wjFzniQhciGR
         +tHd7Pr81q+eROFsp+5ITFLZsY3PezsqQsMit2de2/AHlF0GObXSPikn97ntsGWCdNb0
         +aTIobQEYFiGwKMshTbC4ciHVaRpKNhoPgQuoawwaGFun7WVsMbnQjtJRZoLaYWIGR2/
         V5hIUntFF/wFlrzqnJ6ZoI4z7umtqS0ROZlUEwnotWG8wm/yd4kU9IQTGI8sUOOeLKTE
         SJ8BiLHrw1JOBef14ywQuK5ZglMlMvoxrrr4VFI3fujRUs3ufTDfZfuTl9djEb1huQfQ
         RXuw==
X-Forwarded-Encrypted: i=1;
 AJvYcCUhehSfFsWIaRgVKeyGjXXmB/gMqjCUuDOScHie+fCN+NLGSkj78qLdkirsh9kEJVVoGMUBkw+enxWqo1d4fvRg@lists.infradead.org
X-Gm-Message-State: AOJu0Yxi2NWMILIOZOkw1VwTs1D0CulQQGE0BXm/kcgVha2dAYDk8gxG
	rxpDlRX8t9AmggctR5KdU26z2Hh/PIMYjnIKVaL5x8EcmtdEuiLvdqLXR3w/Rus=
X-Google-Smtp-Source: 
 AGHT+IE4bNxBuZiSo/LWHqIIi8XGiP3WfZqN2gNbTogSdqcLj7y34HS7yjaWiYcbIZDL3xkyYyjdIw==
X-Received: by 2002:a2e:e0a:0:b0:2fa:cdac:8723 with SMTP id
 38308e7fff4ca-2fb83208b7cmr38383041fa.29.1729515787337;
        Mon, 21 Oct 2024 06:03:07 -0700 (PDT)
Received: from lino.lan ([85.235.12.238])
        by smtp.gmail.com with ESMTPSA id
 38308e7fff4ca-2fb9ae24d51sm4808351fa.130.2024.10.21.06.03.04
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 21 Oct 2024 06:03:06 -0700 (PDT)
From: Linus Walleij <linus.walleij@linaro.org>
Date: Mon, 21 Oct 2024 15:03:00 +0200
Subject: [PATCH v4 3/3] mm: Pair atomic_set_release() with _read_acquire()
MIME-Version: 1.0
Message-Id: <20241021-arm-kasan-vmalloc-crash-v4-3-837d1294344f@linaro.org>
References: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
In-Reply-To: <20241021-arm-kasan-vmalloc-crash-v4-0-837d1294344f@linaro.org>
To: Clement LE GOFFIC <clement.legoffic@foss.st.com>,
 Russell King <linux@armlinux.org.uk>, Melon Liu <melon1335@163.com>,
 Kees Cook <kees@kernel.org>,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>,
 Mark Brown <broonie@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
 Ard Biesheuvel <ardb@kernel.org>
Cc: Antonio Borneo <antonio.borneo@foss.st.com>,
 linux-stm32@st-md-mailman.stormreply.com,
 linux-arm-kernel@lists.infradead.org,
 Linus Walleij <linus.walleij@linaro.org>, stable@vger.kernel.org
X-Mailer: b4 0.14.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20241021_140310_752849_5CA99B10 
X-CRM114-Status: GOOD (  15.32  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

The code for syncing vmalloc memory PGD pointers is using
atomic_read() in pair with atomic_set_release() but the
proper pairing is atomic_read_acquire() paired with
atomic_set_release().

This is done to clearly instruct the compiler to not
reorder the memcpy() or similar calls inside the section
so that we do not observe changes to init_mm. memcpy()
calls should be identified by the compiler as having
unpredictable side effects, but let's try to be on the
safe side.

Cc: stable@vger.kernel.org
Fixes: d31e23aff011 ("ARM: mm: make vmalloc_seq handling SMP safe")
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 arch/arm/mm/ioremap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
index ff555823cceb..89f1c97f3079 100644
--- a/arch/arm/mm/ioremap.c
+++ b/arch/arm/mm/ioremap.c
@@ -141,7 +141,7 @@ void __check_vmalloc_seq(struct mm_struct *mm)
 	int seq;
 
 	do {
-		seq = atomic_read(&init_mm.context.vmalloc_seq);
+		seq = atomic_read_acquire(&init_mm.context.vmalloc_seq);
 		memcpy_pgd(mm, VMALLOC_START, VMALLOC_END);
 		if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) {
 			unsigned long start =