diff for duplicates of <87k0pdt6yq.fsf@linaro.org> diff --git a/a/content_digest b/N1/content_digest index ea16abd..52b2731 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,9 +6,9 @@ "Subject\0Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" "Date\0Thu, 08 Apr 2021 11:02:57 +0100\0" "To\0Peter Maydell <peter.maydell@linaro.org>\0" - "Cc\0Richard Henderson <richard.henderson@linaro.org>" - 1921948@bugs.launchpad.net + "Cc\01921948@bugs.launchpad.net" qemu-arm <qemu-arm@nongnu.org> + Richard Henderson <richard.henderson@linaro.org> " QEMU Developers <qemu-devel@nongnu.org>\0" "\00:1\0" "b\0" @@ -50,4 +50,4 @@ "-- \n" "Alex Benn\303\251e" -36b62b11d1e422a120e28b3624df134fc750842b8f82bc6ca8ead7b81d62a936 +966cf01a8081c34ce0cf83766aba7aa5b290f5289ece416658e1caf30d91a4be
diff --git a/a/1.txt b/N2/1.txt index 9373402..a106f19 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,4 +1,3 @@ - Peter Maydell <peter.maydell@linaro.org> writes: > On Wed, 7 Apr 2021 at 19:54, Alex Bennée <alex.bennee@linaro.org> wrote: @@ -35,3 +34,64 @@ now they know about the iteration they have tested it ;-) -- Alex Bennée + +-- +You received this bug notification because you are a member of qemu- +devel-ml, which is subscribed to QEMU. +https://bugs.launchpad.net/bugs/1921948 + +Title: + MTE tags not checked properly for unaligned accesses at EL1 + +Status in QEMU: + In Progress + +Bug description: + For kernel memory accesses that span across two memory granules, + QEMU's MTE implementation only checks the tag of the first granule but + not of the second one. + + To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS + enabled, apply the patch below, and boot the kernel: + + diff --git a/sound/last.c b/sound/last.c + index f0bb98780e70..04745cb30b74 100644 + --- a/sound/last.c + +++ b/sound/last.c + @@ -5,12 +5,18 @@ + */ + + #include <linux/init.h> + +#include <linux/slab.h> + #include <sound/core.h> + + static int __init alsa_sound_last_init(void) + { + struct snd_card *card; + int idx, ok = 0; + + + + char *ptr = kmalloc(128, GFP_KERNEL); + + pr_err("KASAN report should follow:\n"); + + *(volatile unsigned long *)(ptr + 124); + + kfree(ptr); + + printk(KERN_INFO "ALSA device list:\n"); + for (idx = 0; idx < SNDRV_CARDS; idx++) { + + KASAN tags the 128 allocated bytes with the same tag as the returned + pointer. The memory granule that follows the 128 allocated bytes has a + different tag (with 1/15 probability). + + Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130). + Observed result: no tag fault is detected and no KASAN report is printed. + + Here are the flags that I use to run QEMU if they matter: + + qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net + user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic + -nographic -kernel ./Image -append "console=ttyAMA0 root=/dev/vda + earlyprintk=serial" -drive file=./fs.img,format=raw,if=virtio -no- + shutdown -no-reboot + +To manage notifications about this bug go to: +https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions diff --git a/a/content_digest b/N2/content_digest index ea16abd..7c801f3 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,18 +1,12 @@ - "ref\020210406174031.64299-1-richard.henderson@linaro.org\0" - "ref\020210406174031.64299-4-richard.henderson@linaro.org\0" + "ref\0161713286145.25906.15042270704525675392.malonedeb@wampee.canonical.com\0" "ref\0877dleuds3.fsf@linaro.org\0" "ref\0CAFEAcA9Vc=w9d-3DkwuyY8Vzrj4d=f2zHn4OXauQRc-Vr=oQzQ@mail.gmail.com\0" - "From\0Alex Benn\303\251e <alex.bennee@linaro.org>\0" - "Subject\0Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" - "Date\0Thu, 08 Apr 2021 11:02:57 +0100\0" - "To\0Peter Maydell <peter.maydell@linaro.org>\0" - "Cc\0Richard Henderson <richard.henderson@linaro.org>" - 1921948@bugs.launchpad.net - qemu-arm <qemu-arm@nongnu.org> - " QEMU Developers <qemu-devel@nongnu.org>\0" + "From\0Alex Benn\303\251e <1921948@bugs.launchpad.net>\0" + "Subject\0[Bug 1921948] Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" + "Date\0Thu, 08 Apr 2021 10:02:57 -0000\0" + "To\0qemu-devel@nongnu.org\0" "\00:1\0" "b\0" - "\n" "Peter Maydell <peter.maydell@linaro.org> writes:\n" "\n" "> On Wed, 7 Apr 2021 at 19:54, Alex Benn\303\251e <alex.bennee@linaro.org> wrote:\n" @@ -48,6 +42,67 @@ "now they know about the iteration they have tested it ;-)\n" "\n" "-- \n" - "Alex Benn\303\251e" + "Alex Benn\303\251e\n" + "\n" + "-- \n" + "You received this bug notification because you are a member of qemu-\n" + "devel-ml, which is subscribed to QEMU.\n" + "https://bugs.launchpad.net/bugs/1921948\n" + "\n" + "Title:\n" + " MTE tags not checked properly for unaligned accesses at EL1\n" + "\n" + "Status in QEMU:\n" + " In Progress\n" + "\n" + "Bug description:\n" + " For kernel memory accesses that span across two memory granules,\n" + " QEMU's MTE implementation only checks the tag of the first granule but\n" + " not of the second one.\n" + "\n" + " To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS\n" + " enabled, apply the patch below, and boot the kernel:\n" + "\n" + " diff --git a/sound/last.c b/sound/last.c\n" + " index f0bb98780e70..04745cb30b74 100644\n" + " --- a/sound/last.c\n" + " +++ b/sound/last.c\n" + " @@ -5,12 +5,18 @@\n" + " */\n" + " \n" + " #include <linux/init.h>\n" + " +#include <linux/slab.h>\n" + " #include <sound/core.h>\n" + " \n" + " static int __init alsa_sound_last_init(void)\n" + " {\n" + " struct snd_card *card;\n" + " int idx, ok = 0;\n" + " +\n" + " + char *ptr = kmalloc(128, GFP_KERNEL);\n" + " + pr_err(\"KASAN report should follow:\\n\");\n" + " + *(volatile unsigned long *)(ptr + 124);\n" + " + kfree(ptr);\n" + " \n" + " printk(KERN_INFO \"ALSA device list:\\n\");\n" + " for (idx = 0; idx < SNDRV_CARDS; idx++) {\n" + "\n" + " KASAN tags the 128 allocated bytes with the same tag as the returned\n" + " pointer. The memory granule that follows the 128 allocated bytes has a\n" + " different tag (with 1/15 probability).\n" + "\n" + " Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130).\n" + " Observed result: no tag fault is detected and no KASAN report is printed.\n" + "\n" + " Here are the flags that I use to run QEMU if they matter:\n" + "\n" + " qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net\n" + " user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic\n" + " -nographic -kernel ./Image -append \"console=ttyAMA0 root=/dev/vda\n" + " earlyprintk=serial\" -drive file=./fs.img,format=raw,if=virtio -no-\n" + " shutdown -no-reboot\n" + "\n" + "To manage notifications about this bug go to:\n" + https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions -36b62b11d1e422a120e28b3624df134fc750842b8f82bc6ca8ead7b81d62a936 +a389a852e63fa8ce2f4425a85db7d7c53f59805e90a6f2f15bf0194b565c146e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.