From: Vincenzo Frascino <vincenzo.frascino@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>,
Marco Elver <elver@google.com>,
Andrey Konovalov <andreyknvl@google.com>,
Evgenii Stepanov <eugenis@google.com>,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
Alexander Potapenko <glider@google.com>,
linux-arm-kernel@lists.infradead.org,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Will Deacon <will@kernel.org>, Dmitry Vyukov <dvyukov@google.com>
Subject: Re: [PATCH v2 3/4] arm64: mte: Enable async tag check fault
Date: Thu, 14 Jan 2021 10:24:25 +0000 [thread overview]
Message-ID: <efbb0722-eb4e-7be2-b929-77ec91cc0ae0@arm.com> (raw)
In-Reply-To: <20210113181121.GF27045@gaia>
On 1/13/21 6:11 PM, Catalin Marinas wrote:
> On Thu, Jan 07, 2021 at 05:29:07PM +0000, Vincenzo Frascino wrote:
>> diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
>> index d02aff9f493d..a60d3718baae 100644
>> --- a/arch/arm64/include/asm/mte.h
>> +++ b/arch/arm64/include/asm/mte.h
>> @@ -39,6 +39,7 @@ void mte_free_tag_storage(char *storage);
>> /* track which pages have valid allocation tags */
>> #define PG_mte_tagged PG_arch_2
>>
>> +void mte_check_tfsr_el1(void);
>> void mte_sync_tags(pte_t *ptep, pte_t pte);
>> void mte_copy_page_tags(void *kto, const void *kfrom);
>> void flush_mte_state(void);
>> @@ -56,6 +57,9 @@ void mte_assign_mem_tag_range(void *addr, size_t size);
>> /* unused if !CONFIG_ARM64_MTE, silence the compiler */
>> #define PG_mte_tagged 0
>>
>> +static inline void mte_check_tfsr_el1(void)
>> +{
>> +}
>
> I think we should enable this dummy function when !CONFIG_KASAN_HW_TAGS.
> It saves us an unnecessary function call in a few places.
>
Ok, I will add it in v3.
>> static inline void mte_sync_tags(pte_t *ptep, pte_t pte)
>> {
>> }
>> diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c
>> index 5346953e4382..74b020ce72d7 100644
>> --- a/arch/arm64/kernel/entry-common.c
>> +++ b/arch/arm64/kernel/entry-common.c
>> @@ -37,6 +37,8 @@ static void noinstr enter_from_kernel_mode(struct pt_regs *regs)
>> lockdep_hardirqs_off(CALLER_ADDR0);
>> rcu_irq_enter_check_tick();
>> trace_hardirqs_off_finish();
>> +
>> + mte_check_tfsr_el1();
>> }
>>
>> /*
>> @@ -47,6 +49,8 @@ static void noinstr exit_to_kernel_mode(struct pt_regs *regs)
>> {
>> lockdep_assert_irqs_disabled();
>>
>> + mte_check_tfsr_el1();
>> +
>> if (interrupts_enabled(regs)) {
>> if (regs->exit_rcu) {
>> trace_hardirqs_on_prepare();
>> @@ -243,6 +247,8 @@ asmlinkage void noinstr enter_from_user_mode(void)
>>
>> asmlinkage void noinstr exit_to_user_mode(void)
>> {
>> + mte_check_tfsr_el1();
>
> While for kernel entry the asynchronous faults are sync'ed automatically
> with TFSR_EL1, we don't have this for exit, so we'd need an explicit
> DSB. But rather than placing it here, it's better if we add a bool sync
> argument to mte_check_tfsr_el1() which issues a dsb() before checking
> the register. I think that's the only place where such argument would be
> true (for now).
>
Good point, I will add the dsb() in mte_check_tfsr_el1() but instead of a bool
parameter I will add something more explicit.
>> +
>> trace_hardirqs_on_prepare();
>> lockdep_hardirqs_on_prepare(CALLER_ADDR0);
>> user_enter_irqoff();
>> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
>> index 5d992e16b420..26030f0b79fe 100644
>> --- a/arch/arm64/kernel/mte.c
>> +++ b/arch/arm64/kernel/mte.c
>> @@ -185,6 +185,34 @@ void mte_enable_kernel(enum kasan_arg_mode mode)
>> isb();
>> }
>>
>> +void mte_check_tfsr_el1(void)
>> +{
>> + u64 tfsr_el1;
>> +
>> + if (!IS_ENABLED(CONFIG_KASAN_HW_TAGS))
>> + return;
>
> If we define the static inline when !CONFIG_KASAN_HW_TAGS, we could add
> the #ifdef here around the whole function.
>
Ok. I will add it in v3.
>> + if (!system_supports_mte())
>> + return;
>> +
>> + tfsr_el1 = read_sysreg_s(SYS_TFSR_EL1);
>> +
>> + /*
>> + * The kernel should never hit the condition TF0 == 1
>> + * at this point because for the futex code we set
>> + * PSTATE.TCO.
>> + */
>> + WARN_ON(tfsr_el1 & SYS_TFSR_EL1_TF0);
>> +
>> + if (tfsr_el1 & SYS_TFSR_EL1_TF1) {
>> + write_sysreg_s(0, SYS_TFSR_EL1);
>> + isb();
>> +
>> + pr_err("MTE: Asynchronous tag exception detected!");
>> + }
>> +}
>> +NOKPROBE_SYMBOL(mte_check_tfsr_el1);
>
> Do we need this to be NOKPROBE_SYMBOL? It's not that low level.
>
It is an inheritance from when I had this code called very early. I will remove
it in the next version.
>> +
>> static void update_sctlr_el1_tcf0(u64 tcf0)
>> {
>> /* ISB required for the kernel uaccess routines */
>> @@ -250,6 +278,15 @@ void mte_thread_switch(struct task_struct *next)
>> /* avoid expensive SCTLR_EL1 accesses if no change */
>> if (current->thread.sctlr_tcf0 != next->thread.sctlr_tcf0)
>> update_sctlr_el1_tcf0(next->thread.sctlr_tcf0);
>> +
>> + /*
>> + * Check if an async tag exception occurred at EL1.
>> + *
>> + * Note: On the context switch patch we rely on the dsb() present
>
> s/patch/path/
>
>> + * in __switch_to() to guaranty that the indirect writes to TFSR_EL1
>
> s/guaranty/guarantee/ (well, still valid though I think rarely used).
>
>> + * are synchronized before this point.
>> + */
>> + mte_check_tfsr_el1();
>> }
>>
>> void mte_suspend_exit(void)
>> --
>> 2.30.0
>
--
Regards,
Vincenzo
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Vincenzo Frascino <vincenzo.frascino@arm.com>
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
Will Deacon <will@kernel.org>, Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
Marco Elver <elver@google.com>,
Evgenii Stepanov <eugenis@google.com>,
Branislav Rankov <Branislav.Rankov@arm.com>,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH v2 3/4] arm64: mte: Enable async tag check fault
Date: Thu, 14 Jan 2021 10:24:25 +0000 [thread overview]
Message-ID: <efbb0722-eb4e-7be2-b929-77ec91cc0ae0@arm.com> (raw)
In-Reply-To: <20210113181121.GF27045@gaia>
On 1/13/21 6:11 PM, Catalin Marinas wrote:
> On Thu, Jan 07, 2021 at 05:29:07PM +0000, Vincenzo Frascino wrote:
>> diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
>> index d02aff9f493d..a60d3718baae 100644
>> --- a/arch/arm64/include/asm/mte.h
>> +++ b/arch/arm64/include/asm/mte.h
>> @@ -39,6 +39,7 @@ void mte_free_tag_storage(char *storage);
>> /* track which pages have valid allocation tags */
>> #define PG_mte_tagged PG_arch_2
>>
>> +void mte_check_tfsr_el1(void);
>> void mte_sync_tags(pte_t *ptep, pte_t pte);
>> void mte_copy_page_tags(void *kto, const void *kfrom);
>> void flush_mte_state(void);
>> @@ -56,6 +57,9 @@ void mte_assign_mem_tag_range(void *addr, size_t size);
>> /* unused if !CONFIG_ARM64_MTE, silence the compiler */
>> #define PG_mte_tagged 0
>>
>> +static inline void mte_check_tfsr_el1(void)
>> +{
>> +}
>
> I think we should enable this dummy function when !CONFIG_KASAN_HW_TAGS.
> It saves us an unnecessary function call in a few places.
>
Ok, I will add it in v3.
>> static inline void mte_sync_tags(pte_t *ptep, pte_t pte)
>> {
>> }
>> diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c
>> index 5346953e4382..74b020ce72d7 100644
>> --- a/arch/arm64/kernel/entry-common.c
>> +++ b/arch/arm64/kernel/entry-common.c
>> @@ -37,6 +37,8 @@ static void noinstr enter_from_kernel_mode(struct pt_regs *regs)
>> lockdep_hardirqs_off(CALLER_ADDR0);
>> rcu_irq_enter_check_tick();
>> trace_hardirqs_off_finish();
>> +
>> + mte_check_tfsr_el1();
>> }
>>
>> /*
>> @@ -47,6 +49,8 @@ static void noinstr exit_to_kernel_mode(struct pt_regs *regs)
>> {
>> lockdep_assert_irqs_disabled();
>>
>> + mte_check_tfsr_el1();
>> +
>> if (interrupts_enabled(regs)) {
>> if (regs->exit_rcu) {
>> trace_hardirqs_on_prepare();
>> @@ -243,6 +247,8 @@ asmlinkage void noinstr enter_from_user_mode(void)
>>
>> asmlinkage void noinstr exit_to_user_mode(void)
>> {
>> + mte_check_tfsr_el1();
>
> While for kernel entry the asynchronous faults are sync'ed automatically
> with TFSR_EL1, we don't have this for exit, so we'd need an explicit
> DSB. But rather than placing it here, it's better if we add a bool sync
> argument to mte_check_tfsr_el1() which issues a dsb() before checking
> the register. I think that's the only place where such argument would be
> true (for now).
>
Good point, I will add the dsb() in mte_check_tfsr_el1() but instead of a bool
parameter I will add something more explicit.
>> +
>> trace_hardirqs_on_prepare();
>> lockdep_hardirqs_on_prepare(CALLER_ADDR0);
>> user_enter_irqoff();
>> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
>> index 5d992e16b420..26030f0b79fe 100644
>> --- a/arch/arm64/kernel/mte.c
>> +++ b/arch/arm64/kernel/mte.c
>> @@ -185,6 +185,34 @@ void mte_enable_kernel(enum kasan_arg_mode mode)
>> isb();
>> }
>>
>> +void mte_check_tfsr_el1(void)
>> +{
>> + u64 tfsr_el1;
>> +
>> + if (!IS_ENABLED(CONFIG_KASAN_HW_TAGS))
>> + return;
>
> If we define the static inline when !CONFIG_KASAN_HW_TAGS, we could add
> the #ifdef here around the whole function.
>
Ok. I will add it in v3.
>> + if (!system_supports_mte())
>> + return;
>> +
>> + tfsr_el1 = read_sysreg_s(SYS_TFSR_EL1);
>> +
>> + /*
>> + * The kernel should never hit the condition TF0 == 1
>> + * at this point because for the futex code we set
>> + * PSTATE.TCO.
>> + */
>> + WARN_ON(tfsr_el1 & SYS_TFSR_EL1_TF0);
>> +
>> + if (tfsr_el1 & SYS_TFSR_EL1_TF1) {
>> + write_sysreg_s(0, SYS_TFSR_EL1);
>> + isb();
>> +
>> + pr_err("MTE: Asynchronous tag exception detected!");
>> + }
>> +}
>> +NOKPROBE_SYMBOL(mte_check_tfsr_el1);
>
> Do we need this to be NOKPROBE_SYMBOL? It's not that low level.
>
It is an inheritance from when I had this code called very early. I will remove
it in the next version.
>> +
>> static void update_sctlr_el1_tcf0(u64 tcf0)
>> {
>> /* ISB required for the kernel uaccess routines */
>> @@ -250,6 +278,15 @@ void mte_thread_switch(struct task_struct *next)
>> /* avoid expensive SCTLR_EL1 accesses if no change */
>> if (current->thread.sctlr_tcf0 != next->thread.sctlr_tcf0)
>> update_sctlr_el1_tcf0(next->thread.sctlr_tcf0);
>> +
>> + /*
>> + * Check if an async tag exception occurred at EL1.
>> + *
>> + * Note: On the context switch patch we rely on the dsb() present
>
> s/patch/path/
>
>> + * in __switch_to() to guaranty that the indirect writes to TFSR_EL1
>
> s/guaranty/guarantee/ (well, still valid though I think rarely used).
>
>> + * are synchronized before this point.
>> + */
>> + mte_check_tfsr_el1();
>> }
>>
>> void mte_suspend_exit(void)
>> --
>> 2.30.0
>
--
Regards,
Vincenzo
next prev parent reply other threads:[~2021-01-14 10:22 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 17:29 [PATCH v2 0/4] arm64: ARMv8.5-A: MTE: Add async mode support Vincenzo Frascino
2021-01-07 17:29 ` Vincenzo Frascino
2021-01-07 17:29 ` [PATCH v2 1/4] kasan, arm64: Add KASAN light mode Vincenzo Frascino
2021-01-07 17:29 ` Vincenzo Frascino
2021-01-13 17:16 ` Catalin Marinas
2021-01-13 17:16 ` Catalin Marinas
2021-01-14 9:40 ` Vincenzo Frascino
2021-01-14 9:40 ` Vincenzo Frascino
2021-01-07 17:29 ` [PATCH v2 2/4] arm64: mte: Add asynchronous mode support Vincenzo Frascino
2021-01-07 17:29 ` Vincenzo Frascino
2021-01-13 17:22 ` Catalin Marinas
2021-01-13 17:22 ` Catalin Marinas
2021-01-14 9:43 ` Vincenzo Frascino
2021-01-14 9:43 ` Vincenzo Frascino
2021-01-07 17:29 ` [PATCH v2 3/4] arm64: mte: Enable async tag check fault Vincenzo Frascino
2021-01-07 17:29 ` Vincenzo Frascino
2021-01-13 18:11 ` Catalin Marinas
2021-01-13 18:11 ` Catalin Marinas
2021-01-14 10:24 ` Vincenzo Frascino [this message]
2021-01-14 10:24 ` Vincenzo Frascino
2021-01-14 14:25 ` Catalin Marinas
2021-01-14 14:25 ` Catalin Marinas
2021-01-14 14:57 ` Vincenzo Frascino
2021-01-14 14:57 ` Vincenzo Frascino
2021-01-07 17:29 ` [PATCH v2 4/4] arm64: mte: Optimize mte_assign_mem_tag_range() Vincenzo Frascino
2021-01-07 17:29 ` Vincenzo Frascino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=efbb0722-eb4e-7be2-b929-77ec91cc0ae0@arm.com \
--to=vincenzo.frascino@arm.com \
--cc=Branislav.Rankov@arm.com \
--cc=andreyknvl@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.