From: Mike Rapoport <rppt@kernel.org>
To: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Cc: nathan@kernel.org, arnd@arndb.de, broonie@kernel.org,
Liam.Howlett@oracle.com, urezki@gmail.com, will@kernel.org,
kaleshsingh@google.com, leitao@debian.org, coxu@redhat.com,
surenb@google.com, akpm@linux-foundation.org, luto@kernel.org,
jpoimboe@kernel.org, changyuanl@google.com, hpa@zytor.com,
dvyukov@google.com, kas@kernel.org, corbet@lwn.net,
vincenzo.frascino@arm.com, smostafa@google.com,
nick.desaulniers+lkml@gmail.com, morbo@google.com,
andreyknvl@gmail.com, alexander.shishkin@linux.intel.com,
thiago.bauermann@linaro.org, catalin.marinas@arm.com,
ryabinin.a.a@gmail.com, jan.kiszka@siemens.com, jbohac@suse.cz,
dan.j.williams@intel.com, joel.granados@kernel.org,
baohua@kernel.org, kevin.brodsky@arm.com,
nicolas.schier@linux.dev, pcc@google.com,
andriy.shevchenko@linux.intel.com, wei.liu@kernel.org,
bp@alien8.de, ada.coupriediaz@arm.com, xin@zytor.com,
pankaj.gupta@amd.com, vbabka@suse.cz, glider@google.com,
jgross@suse.com, kees@kernel.org, jhubbard@nvidia.com,
joey.gouly@arm.com, ardb@kernel.org, thuth@redhat.com,
pasha.tatashin@soleen.com, kristina.martsenko@arm.com,
bigeasy@linutronix.de, lorenzo.stoakes@oracle.com,
jason.andryuk@amd.com, david@redhat.com, graf@amazon.com,
wangkefeng.wang@huawei.com, ziy@nvidia.com, mark.rutland@arm.com,
dave.hansen@linux.intel.com, samuel.holland@sifive.com,
kbingham@kernel.org, trintaeoitogc@gmail.com,
scott@os.amperecomputing.com, justinstitt@google.com,
kuan-ying.lee@canonical.com, maz@kernel.org, tglx@linutronix.de,
samitolvanen@google.com, mhocko@suse.com,
nunodasneves@linux.microsoft.com, brgerst@gmail.com,
willy@infradead.org, ubizjak@gmail.com, peterz@infradead.org,
mingo@redhat.com, sohil.mehta@intel.com, linux-mm@kvack.org,
linux-kbuild@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, x86@kernel.org,
llvm@lists.linux.dev, kasan-dev@googlegroups.com,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 06/18] x86: Reset tag for virtual to physical address conversions
Date: Thu, 14 Aug 2025 10:15:09 +0300 [thread overview]
Message-ID: <aJ2M_eKPvBluyLKJ@kernel.org> (raw)
In-Reply-To: <01e62233dcc39aeb8d640eb3ee794f5da533f2a3.1755004923.git.maciej.wieczor-retman@intel.com>
On Tue, Aug 12, 2025 at 03:23:42PM +0200, Maciej Wieczor-Retman wrote:
> Any place where pointer arithmetic is used to convert a virtual address
> into a physical one can raise errors if the virtual address is tagged.
>
> Reset the pointer's tag by sign extending the tag bits in macros that do
> pointer arithmetic in address conversions. There will be no change in
> compiled code with KASAN disabled since the compiler will optimize the
> __tag_reset() out.
>
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
> ---
> Changelog v4:
> - Simplify page_to_virt() by removing pointless casts.
> - Remove change in __is_canonical_address() because it's taken care of
> in a later patch due to a LAM compatible definition of canonical.
>
> arch/x86/include/asm/page.h | 14 +++++++++++---
> arch/x86/include/asm/page_64.h | 2 +-
> arch/x86/mm/physaddr.c | 1 +
> 3 files changed, 13 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h
> index 9265f2fca99a..15c95e96fd15 100644
> --- a/arch/x86/include/asm/page.h
> +++ b/arch/x86/include/asm/page.h
> @@ -7,6 +7,7 @@
> #ifdef __KERNEL__
>
> #include <asm/page_types.h>
> +#include <asm/kasan.h>
>
> #ifdef CONFIG_X86_64
> #include <asm/page_64.h>
> @@ -41,7 +42,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
> #define __pa(x) __phys_addr((unsigned long)(x))
> #endif
>
> -#define __pa_nodebug(x) __phys_addr_nodebug((unsigned long)(x))
> +#define __pa_nodebug(x) __phys_addr_nodebug((unsigned long)(__tag_reset(x)))
Why not reset the tag inside __phys_addr_nodebug() and __phys_addr()?
> /* __pa_symbol should be used for C visible symbols.
> This seems to be the official gcc blessed way to do such arithmetic. */
> /*
> @@ -65,9 +66,16 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
> * virt_to_page(kaddr) returns a valid pointer if and only if
> * virt_addr_valid(kaddr) returns true.
> */
> -#define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT)
> +
> +#ifdef CONFIG_KASAN_SW_TAGS
> +#define page_to_virt(x) ({ \
> + void *__addr = __va(page_to_pfn((struct page *)x) << PAGE_SHIFT); \
> + __tag_set(__addr, page_kasan_tag(x)); \
> +})
> +#endif
> +#define virt_to_page(kaddr) pfn_to_page(__pa((void *)__tag_reset(kaddr)) >> PAGE_SHIFT)
then virt_to_page() will remain the same, no?
> extern bool __virt_addr_valid(unsigned long kaddr);
> -#define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long) (kaddr))
> +#define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long)(__tag_reset(kaddr)))
The same here, I think tag_reset() should be inside __virt_addr_valid()
> static __always_inline void *pfn_to_kaddr(unsigned long pfn)
> {
> diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h
> index 015d23f3e01f..de68ac40dba2 100644
> --- a/arch/x86/include/asm/page_64.h
> +++ b/arch/x86/include/asm/page_64.h
> @@ -33,7 +33,7 @@ static __always_inline unsigned long __phys_addr_nodebug(unsigned long x)
> extern unsigned long __phys_addr(unsigned long);
> extern unsigned long __phys_addr_symbol(unsigned long);
> #else
> -#define __phys_addr(x) __phys_addr_nodebug(x)
> +#define __phys_addr(x) __phys_addr_nodebug(__tag_reset(x))
> #define __phys_addr_symbol(x) \
> ((unsigned long)(x) - __START_KERNEL_map + phys_base)
> #endif
> diff --git a/arch/x86/mm/physaddr.c b/arch/x86/mm/physaddr.c
> index fc3f3d3e2ef2..7f2b11308245 100644
> --- a/arch/x86/mm/physaddr.c
> +++ b/arch/x86/mm/physaddr.c
> @@ -14,6 +14,7 @@
> #ifdef CONFIG_DEBUG_VIRTUAL
> unsigned long __phys_addr(unsigned long x)
> {
> + x = __tag_reset(x);
> unsigned long y = x - __START_KERNEL_map;
>
> /* use the carry flag to determine if x was < __START_KERNEL_map */
> --
> 2.50.1
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2025-08-14 7:15 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-12 13:23 [PATCH v4 00/18] kasan: x86: arm64: KASAN tag-based mode for x86 Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 01/18] kasan: sw_tags: Use arithmetic shift for shadow computation Maciej Wieczor-Retman
2025-08-12 17:35 ` kernel test robot
2025-08-12 13:23 ` [PATCH v4 02/18] kasan: sw_tags: Support tag widths less than 8 bits Maciej Wieczor-Retman
2025-08-13 14:48 ` Ada Couprie Diaz
2025-08-18 4:24 ` Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 03/18] kasan: Fix inline mode for x86 tag-based mode Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 04/18] x86: Add arch specific kasan functions Maciej Wieczor-Retman
2025-08-12 19:18 ` kernel test robot
2025-08-12 13:23 ` [PATCH v4 05/18] kasan: arm64: x86: Make special tags arch specific Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 06/18] x86: Reset tag for virtual to physical address conversions Maciej Wieczor-Retman
2025-08-14 7:15 ` Mike Rapoport [this message]
2025-08-18 5:29 ` Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 07/18] mm: x86: Untag addresses in EXECMEM_ROX related pointer arithmetic Maciej Wieczor-Retman
2025-08-12 15:19 ` kernel test robot
2025-08-14 7:26 ` Mike Rapoport
2025-08-18 5:47 ` Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 08/18] x86: Physical address comparisons in fill_p*d/pte Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 09/18] x86: KASAN raw shadow memory PTE init Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 10/18] x86: LAM compatible non-canonical definition Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 11/18] x86: LAM initialization Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 12/18] x86: Minimal SLAB alignment Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 13/18] kasan: arm64: x86: Handle int3 for inline KASAN reports Maciej Wieczor-Retman
2025-08-13 14:49 ` Ada Couprie Diaz
2025-08-18 5:57 ` Maciej Wieczor-Retman
2025-08-13 15:17 ` Peter Zijlstra
2025-08-18 6:26 ` Maciej Wieczor-Retman
2025-09-08 15:40 ` Peter Zijlstra
2025-09-09 8:47 ` Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 14/18] kasan: x86: Apply multishot to the inline report handler Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 15/18] kasan: x86: Logical bit shift for kasan_mem_to_shadow Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 16/18] mm: Unpoison pcpu chunks with base address tag Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 17/18] mm: Unpoison vms[area] addresses with a common tag Maciej Wieczor-Retman
2025-08-12 13:23 ` [PATCH v4 18/18] x86: Make software tag-based kasan available Maciej Wieczor-Retman
2025-08-13 8:16 ` [PATCH v4 00/18] kasan: x86: arm64: KASAN tag-based mode for x86 Kiryl Shutsemau
2025-08-13 10:39 ` Maciej Wieczor-Retman
2025-08-13 11:05 ` Kiryl Shutsemau
2025-08-13 11:44 ` Maciej Wieczor-Retman
2025-08-21 12:30 ` Ada Couprie Diaz
2025-08-22 7:36 ` Maciej Wieczor-Retman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJ2M_eKPvBluyLKJ@kernel.org \
--to=rppt@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=ada.coupriediaz@arm.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=andreyknvl@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=baohua@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=changyuanl@google.com \
--cc=corbet@lwn.net \
--cc=coxu@redhat.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=graf@amazon.com \
--cc=hpa@zytor.com \
--cc=jan.kiszka@siemens.com \
--cc=jason.andryuk@amd.com \
--cc=jbohac@suse.cz \
--cc=jgross@suse.com \
--cc=jhubbard@nvidia.com \
--cc=joel.granados@kernel.org \
--cc=joey.gouly@arm.com \
--cc=jpoimboe@kernel.org \
--cc=justinstitt@google.com \
--cc=kaleshsingh@google.com \
--cc=kas@kernel.org \
--cc=kasan-dev@googlegroups.com \
--cc=kbingham@kernel.org \
--cc=kees@kernel.org \
--cc=kevin.brodsky@arm.com \
--cc=kristina.martsenko@arm.com \
--cc=kuan-ying.lee@canonical.com \
--cc=leitao@debian.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=maciej.wieczor-retman@intel.com \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=nick.desaulniers+lkml@gmail.com \
--cc=nicolas.schier@linux.dev \
--cc=nunodasneves@linux.microsoft.com \
--cc=pankaj.gupta@amd.com \
--cc=pasha.tatashin@soleen.com \
--cc=pcc@google.com \
--cc=peterz@infradead.org \
--cc=ryabinin.a.a@gmail.com \
--cc=samitolvanen@google.com \
--cc=samuel.holland@sifive.com \
--cc=scott@os.amperecomputing.com \
--cc=smostafa@google.com \
--cc=sohil.mehta@intel.com \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=thiago.bauermann@linaro.org \
--cc=thuth@redhat.com \
--cc=trintaeoitogc@gmail.com \
--cc=ubizjak@gmail.com \
--cc=urezki@gmail.com \
--cc=vbabka@suse.cz \
--cc=vincenzo.frascino@arm.com \
--cc=wangkefeng.wang@huawei.com \
--cc=wei.liu@kernel.org \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.