All of lore.kernel.org
 help / color / mirror / Atom feed
From: Catalin Marinas <catalin.marinas@arm.com>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: linux-arm-kernel@lists.infradead.org,
	Vincenzo Frascino <vincenzo.frascino@arm.com>,
	kasan-dev@googlegroups.com, Will Deacon <will@kernel.org>
Subject: arm64 KASAN_HW_TAGS panic on non-MTE hardware on 5.12-rc1
Date: Fri, 5 Mar 2021 17:11:08 +0000	[thread overview]
Message-ID: <20210305171108.GD23855@arm.com> (raw)

Hi Andrey,

Enabling CONFIG_KASAN_HW_TAGS and running the resulting kernel on
non-MTE hardware panics with an undefined STG instruction from
mte_set_mem_tag_range():

./scripts/faddr2line vmlinux kasan_unpoison_task_stack+0x18/0x40
kasan_unpoison_task_stack+0x18/0x40:
mte_set_mem_tag_range at arch/arm64/include/asm/mte-kasan.h:71
(inlined by) mte_set_mem_tag_range at arch/arm64/include/asm/mte-kasan.h:56
(inlined by) kasan_unpoison at mm/kasan/kasan.h:363
(inlined by) kasan_unpoison_task_stack at mm/kasan/common.c:72

The full trace:

------------[ cut here ]------------
kernel BUG at arch/arm64/kernel/traps.c:406!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 5.12.0-rc1-00002-ge76afd1d69f3-dirty #2
pstate: 00000085 (nzcv daIf -PAN -UAO -TCO BTYPE=--)
pc : do_undefinstr+0x2c8/0x2e8
lr : do_undefinstr+0x2d4/0x2e8
sp : ffffc07baeaa3cf0
x29: ffffc07baeaa3cf0 x28: ffffc07baeab3280 
x27: ffffc07baeaa9a00 x26: ffffc07baeaa7000 
x25: ffffc07baeab3964 x24: ffffc07baeaa9c00 
x23: 0000000040000085 x22: ffffc07baed7f0e0 
x21: 00000000d9200800 x20: ffffc07baeab3280 
x19: ffffc07baeaa3d80 x18: 0000000000000200 
x17: 000000000000000b x16: 0000000000007fff 
x15: 00000000ffffffff x14: 0000000000000000 
x13: 0000000000000048 x12: ffffc07baeab3280 
x11: ffff64d0ffc00294 x10: 0000000000000000 
x9 : 0000000000000000 x8 : 00000000389fd980 
x7 : ffff64d0ffbde5b8 x6 : 0000000000000000 
x5 : ffff64d0ffb99880 x4 : ffffc07baeab5710 
x3 : ffffc07baed7f0f0 x2 : 0000000000000000 
x1 : ffffc07baeab3280 x0 : 0000000040000085 
Call trace:
 do_undefinstr+0x2c8/0x2e8
 el1_undef+0x30/0x50
 el1_sync_handler+0x8c/0xc8
 el1_sync+0x70/0x100
 kasan_unpoison_task_stack+0x18/0x40
 sched_init+0x390/0x3f0
 start_kernel+0x2cc/0x540
 0x0
Code: 17ffff8a f9401bf7 17ffffc8 f9001bf7 (d4210000) 
random: get_random_bytes called from print_oops_end_marker+0x2c/0x68 with crng_init=0
---[ end trace c881f708bdfe36c8 ]---

If MTE is not available, I thought we should not end up calling the MTE
backend but it seems that kasan expects the backend to skip the
undefined instructions.

Does kasan fall back to sw_tags if hw_tags are not available or it just
disables kasan altogether?

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

             reply	other threads:[~2021-03-05 17:13 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-05 17:11 Catalin Marinas [this message]
2021-03-05 17:27 ` arm64 KASAN_HW_TAGS panic on non-MTE hardware on 5.12-rc1 Andrey Konovalov
     [not found]   ` <20210305175124.GG23855@arm.com>
2021-03-05 17:52     ` Catalin Marinas
2021-03-05 18:36       ` Andrey Konovalov
2021-03-06 12:01         ` Catalin Marinas
2021-03-08 14:56           ` Andrey Konovalov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210305171108.GD23855@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=andreyknvl@google.com \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=vincenzo.frascino@arm.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.