diff for duplicates of <87y2dttalb.fsf@linaro.org> diff --git a/a/content_digest b/N1/content_digest index 82ae000..9d72785 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,9 +6,9 @@ "Subject\0Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" "Date\0Thu, 08 Apr 2021 09:36:17 +0100\0" "To\0Richard Henderson <richard.henderson@linaro.org>\0" - "Cc\0qemu-arm@nongnu.org" - qemu-devel@nongnu.org - " 1921948@bugs.launchpad.net\0" + "Cc\01921948@bugs.launchpad.net" + qemu-arm@nongnu.org + " qemu-devel@nongnu.org\0" "\00:1\0" "b\0" "\n" @@ -90,4 +90,4 @@ "-- \n" "Alex Benn\303\251e" -9f0d6d65353386a4bdb5dac8ec784dbdee9369799e8ab04a3aac8486886bd315 +4b6809925926e84a989e7fc472ed2ff97b30d82e9c46f50064a5191413082794
diff --git a/a/1.txt b/N2/1.txt index 4eca57d..27b22d0 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -1,4 +1,3 @@ - Richard Henderson <richard.henderson@linaro.org> writes: > On 4/7/21 11:39 AM, Alex Bennée wrote: @@ -76,3 +75,64 @@ Reviewed-by: Alex Bennée <alex.bennee@linaro.org> -- Alex Bennée + +-- +You received this bug notification because you are a member of qemu- +devel-ml, which is subscribed to QEMU. +https://bugs.launchpad.net/bugs/1921948 + +Title: + MTE tags not checked properly for unaligned accesses at EL1 + +Status in QEMU: + In Progress + +Bug description: + For kernel memory accesses that span across two memory granules, + QEMU's MTE implementation only checks the tag of the first granule but + not of the second one. + + To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS + enabled, apply the patch below, and boot the kernel: + + diff --git a/sound/last.c b/sound/last.c + index f0bb98780e70..04745cb30b74 100644 + --- a/sound/last.c + +++ b/sound/last.c + @@ -5,12 +5,18 @@ + */ + + #include <linux/init.h> + +#include <linux/slab.h> + #include <sound/core.h> + + static int __init alsa_sound_last_init(void) + { + struct snd_card *card; + int idx, ok = 0; + + + + char *ptr = kmalloc(128, GFP_KERNEL); + + pr_err("KASAN report should follow:\n"); + + *(volatile unsigned long *)(ptr + 124); + + kfree(ptr); + + printk(KERN_INFO "ALSA device list:\n"); + for (idx = 0; idx < SNDRV_CARDS; idx++) { + + KASAN tags the 128 allocated bytes with the same tag as the returned + pointer. The memory granule that follows the 128 allocated bytes has a + different tag (with 1/15 probability). + + Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130). + Observed result: no tag fault is detected and no KASAN report is printed. + + Here are the flags that I use to run QEMU if they matter: + + qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net + user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic + -nographic -kernel ./Image -append "console=ttyAMA0 root=/dev/vda + earlyprintk=serial" -drive file=./fs.img,format=raw,if=virtio -no- + shutdown -no-reboot + +To manage notifications about this bug go to: +https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions diff --git a/a/content_digest b/N2/content_digest index 82ae000..6516b37 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,17 +1,10 @@ - "ref\020210406174031.64299-1-richard.henderson@linaro.org\0" - "ref\020210406174031.64299-4-richard.henderson@linaro.org\0" - "ref\0877dleuds3.fsf@linaro.org\0" - "ref\0ade8e2d3-e1a6-3b84-7850-ceb4bcd59758@linaro.org\0" - "From\0Alex Benn\303\251e <alex.bennee@linaro.org>\0" - "Subject\0Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" - "Date\0Thu, 08 Apr 2021 09:36:17 +0100\0" - "To\0Richard Henderson <richard.henderson@linaro.org>\0" - "Cc\0qemu-arm@nongnu.org" - qemu-devel@nongnu.org - " 1921948@bugs.launchpad.net\0" + "ref\0161713286145.25906.15042270704525675392.malonedeb@wampee.canonical.com\0" + "From\0Alex Benn\303\251e <1921948@bugs.launchpad.net>\0" + "Subject\0[Bug 1921948] Re: [PATCH v4 03/12] target/arm: Fix mte_checkN\0" + "Date\0Thu, 08 Apr 2021 08:36:17 -0000\0" + "To\0qemu-devel@nongnu.org\0" "\00:1\0" "b\0" - "\n" "Richard Henderson <richard.henderson@linaro.org> writes:\n" "\n" "> On 4/7/21 11:39 AM, Alex Benn\303\251e wrote:\n" @@ -88,6 +81,67 @@ "Reviewed-by: Alex Benn\303\251e <alex.bennee@linaro.org>\n" "\n" "-- \n" - "Alex Benn\303\251e" + "Alex Benn\303\251e\n" + "\n" + "-- \n" + "You received this bug notification because you are a member of qemu-\n" + "devel-ml, which is subscribed to QEMU.\n" + "https://bugs.launchpad.net/bugs/1921948\n" + "\n" + "Title:\n" + " MTE tags not checked properly for unaligned accesses at EL1\n" + "\n" + "Status in QEMU:\n" + " In Progress\n" + "\n" + "Bug description:\n" + " For kernel memory accesses that span across two memory granules,\n" + " QEMU's MTE implementation only checks the tag of the first granule but\n" + " not of the second one.\n" + "\n" + " To reproduce this, build the Linux kernel with CONFIG_KASAN_HW_TAGS\n" + " enabled, apply the patch below, and boot the kernel:\n" + "\n" + " diff --git a/sound/last.c b/sound/last.c\n" + " index f0bb98780e70..04745cb30b74 100644\n" + " --- a/sound/last.c\n" + " +++ b/sound/last.c\n" + " @@ -5,12 +5,18 @@\n" + " */\n" + " \n" + " #include <linux/init.h>\n" + " +#include <linux/slab.h>\n" + " #include <sound/core.h>\n" + " \n" + " static int __init alsa_sound_last_init(void)\n" + " {\n" + " struct snd_card *card;\n" + " int idx, ok = 0;\n" + " +\n" + " + char *ptr = kmalloc(128, GFP_KERNEL);\n" + " + pr_err(\"KASAN report should follow:\\n\");\n" + " + *(volatile unsigned long *)(ptr + 124);\n" + " + kfree(ptr);\n" + " \n" + " printk(KERN_INFO \"ALSA device list:\\n\");\n" + " for (idx = 0; idx < SNDRV_CARDS; idx++) {\n" + "\n" + " KASAN tags the 128 allocated bytes with the same tag as the returned\n" + " pointer. The memory granule that follows the 128 allocated bytes has a\n" + " different tag (with 1/15 probability).\n" + "\n" + " Expected result: a tag fault is detected and a KASAN report is printed when accessing bytes [124, 130).\n" + " Observed result: no tag fault is detected and no KASAN report is printed.\n" + "\n" + " Here are the flags that I use to run QEMU if they matter:\n" + "\n" + " qemu-system-aarch64 -s -machine virt,mte=on -cpu max -m 2G -smp 2 -net\n" + " user,host=10.0.2.10,hostfwd=tcp:127.0.0.1:10021-:22 -net nic\n" + " -nographic -kernel ./Image -append \"console=ttyAMA0 root=/dev/vda\n" + " earlyprintk=serial\" -drive file=./fs.img,format=raw,if=virtio -no-\n" + " shutdown -no-reboot\n" + "\n" + "To manage notifications about this bug go to:\n" + https://bugs.launchpad.net/qemu/+bug/1921948/+subscriptions -9f0d6d65353386a4bdb5dac8ec784dbdee9369799e8ab04a3aac8486886bd315 +c272b5b878ba5b3e2f9be97052fb0ef46bc8895d5d3d6301fbd27ce9033264cb
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.