From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Collingbourne Subject: [PATCH] arm64: mte: Do not service syscalls after async tag fault Date: Thu, 19 Dec 2019 17:36:39 -0800 Message-ID: <20191220013639.212396-1-pcc@google.com> References: <20191217180152.GO5624@arrakis.emea.arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20191217180152.GO5624@arrakis.emea.arm.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=m.gmane.org@lists.infradead.org To: Catalin Marinas Cc: linux-arch@vger.kernel.org, Richard Earnshaw , Will Deacon , linux-mm@kvack.org, Szabolcs Nagy , Marc Zyngier , Kevin Brodsky , Kostya Serebryany , Evgenii Stepanov , Andrey Konovalov , Vincenzo Frascino , Peter Collingbourne , Linux ARM List-Id: linux-arch.vger.kernel.org V2hlbiBlbnRlcmluZyB0aGUga2VybmVsIGFmdGVyIGFuIGFzeW5jIHRhZyBmYXVsdCBkdWUgdG8g YSBzeXNjYWxsLCByYXRoZXIKdGhhbiBmb3IgYW5vdGhlciByZWFzb24gKGUuZy4gcHJlZW1wdGlv biksIHdlIGRvbid0IHdhbnQgdG8gc2VydmljZSB0aGUKc3lzY2FsbCBhcyBpdCBtYXkgbWFzayB0 aGUgdGFnIGZhdWx0LiBSZXdpbmQgdGhlIFBDIHRvIHRoZSBzdmMgaW5zdHJ1Y3Rpb24KaW4gb3Jk ZXIgdG8gZ2l2ZSBhIHVzZXJzcGFjZSBzaWduYWwgaGFuZGxlciBhbiBvcHBvcnR1bml0eSB0byBo YW5kbGUgdGhlCmZhdWx0IGFuZCByZXN1bWUsIGFuZCBza2lwIGFsbCBvdGhlciBzeXNjYWxsIHBy b2Nlc3NpbmcuCgpTaWduZWQtb2ZmLWJ5OiBQZXRlciBDb2xsaW5nYm91cm5lIDxwY2NAZ29vZ2xl LmNvbT4KLS0tCk9uIFR1ZSwgRGVjIDE3LCAyMDE5IGF0IDEwOjAxIEFNIENhdGFsaW4gTWFyaW5h cyA8Y2F0YWxpbi5tYXJpbmFzQGFybS5jb20+IHdyb3RlOgo+Cj4gT24gRnJpLCBEZWMgMTMsIDIw MTkgYXQgMDU6NDM6MTVQTSAtMDgwMCwgUGV0ZXIgQ29sbGluZ2JvdXJuZSB3cm90ZToKPiA+IE9u IFdlZCwgRGVjIDExLCAyMDE5IGF0IDEwOjQ0IEFNIENhdGFsaW4gTWFyaW5hcwo+ID4gPGNhdGFs aW4ubWFyaW5hc0Bhcm0uY29tPiB3cm90ZToKPiA+ID4gZGlmZiAtLWdpdCBhL2FyY2gvYXJtNjQv a2VybmVsL3NpZ25hbC5jIGIvYXJjaC9hcm02NC9rZXJuZWwvc2lnbmFsLmMKPiA+ID4gaW5kZXgg ZGQyY2RjMGQ1YmUyLi40MWZhZTY0YWY4MmEgMTAwNjQ0Cj4gPiA+IC0tLSBhL2FyY2gvYXJtNjQv a2VybmVsL3NpZ25hbC5jCj4gPiA+ICsrKyBiL2FyY2gvYXJtNjQva2VybmVsL3NpZ25hbC5jCj4g PiA+IEBAIC03MzAsNiArNzMwLDkgQEAgc3RhdGljIHZvaWQgc2V0dXBfcmV0dXJuKHN0cnVjdCBw dF9yZWdzICpyZWdzLCBzdHJ1Y3Qga19zaWdhY3Rpb24gKmthLAo+ID4gPiDCoCDCoCDCoCDCoCBy ZWdzLT5yZWdzWzI5XSA9ICh1bnNpZ25lZCBsb25nKSZ1c2VyLT5uZXh0X2ZyYW1lLT5mcDsKPiA+ ID4gwqAgwqAgwqAgwqAgcmVncy0+cGMgPSAodW5zaWduZWQgbG9uZylrYS0+c2Euc2FfaGFuZGxl cjsKPiA+ID4KPiA+ID4gKyDCoCDCoCDCoCAvKiBUQ08gKFRhZyBDaGVjayBPdmVycmlkZSkgYWx3 YXlzIGNsZWFyZWQgZm9yIHNpZ25hbCBoYW5kbGVycyAqLwo+ID4gPiArIMKgIMKgIMKgIHJlZ3Mt PnBzdGF0ZSAmPSB+UFNSX1RDT19CSVQ7Cj4gPiA+ICsKPiA+ID4gwqAgwqAgwqAgwqAgaWYgKGth LT5zYS5zYV9mbGFncyAmIFNBX1JFU1RPUkVSKQo+ID4gPiDCoCDCoCDCoCDCoCDCoCDCoCDCoCDC oCBzaWd0cmFtcCA9IGthLT5zYS5zYV9yZXN0b3JlcjsKPiA+ID4gwqAgwqAgwqAgwqAgZWxzZQo+ ID4gPiBAQCAtOTIxLDYgKzkyNCwxMSBAQCBhc21saW5rYWdlIHZvaWQgZG9fbm90aWZ5X3Jlc3Vt ZShzdHJ1Y3QgcHRfcmVncyAqcmVncywKPiA+ID4gwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAgwqAg wqAgwqAgwqAgaWYgKHRocmVhZF9mbGFncyAmIF9USUZfVVBST0JFKQo+ID4gPiDCoCDCoCDCoCDC oCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCB1cHJvYmVfbm90aWZ5X3Jlc3Vt ZShyZWdzKTsKPiA+ID4KPiA+ID4gKyDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCBp ZiAodGhyZWFkX2ZsYWdzICYgX1RJRl9NVEVfQVNZTkNfRkFVTFQpIHsKPiA+ID4gKyDCoCDCoCDC oCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCBjbGVhcl90aHJlYWRfZmxhZyhU SUZfTVRFX0FTWU5DX0ZBVUxUKTsKPiA+ID4gKyDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDCoCDC oCDCoCDCoCDCoCDCoCDCoCBmb3JjZV9zaWduYWxfaW5qZWN0KFNJR1NFR1YsIFNFR1ZfTVRFQUVS UiwgMCk7Cj4gPgo+ID4gSW4gdGhlIGNhc2Ugd2hlcmUgdGhlIGtlcm5lbCBpcyBlbnRlcmVkIGR1 ZSB0byBhIHN5c2NhbGwsIHRoaXMgd2lsbAo+ID4gaW5qZWN0IGEgc2lnbmFsLCBidXQgb25seSBh ZnRlciBzZXJ2aWNpbmcgdGhlIHN5c2NhbGwuIFRoaXMgbWVhbnMKPiA+IHRoYXQsIGZvciBleGFt cGxlLCBpZiB0aGUgc3lzY2FsbCBpcyBleGl0KCksIHRoZSBhc3luYyB0YWcgY2hlY2sKPiA+IGZh aWx1cmUgd2lsbCBiZSBzaWxlbnRseSBpZ25vcmVkLiBJIGNhbiByZXByb2R1Y2UgdGhlIHByb2Js ZW0gd2l0aCB0aGUKPiA+IHByb2dyYW0gYmVsb3c6Cj4gWy4uLl0KPiA+IFRoaXMgcGF0Y2ggZml4 ZXMgdGhlIHByb2JsZW0gZm9yIG1lOgo+ID4KPiA+IGRpZmYgLS1naXQgYS9hcmNoL2FybTY0L2tl cm5lbC9zeXNjYWxsLmMgYi9hcmNoL2FybTY0L2tlcm5lbC9zeXNjYWxsLmMKPiA+IGluZGV4IDlh OWQ5OGE0NDNmYy4uZDBjODkxOGRlZTAwIDEwMDY0NAo+ID4gLS0tIGEvYXJjaC9hcm02NC9rZXJu ZWwvc3lzY2FsbC5jCj4gPiArKysgYi9hcmNoL2FybTY0L2tlcm5lbC9zeXNjYWxsLmMKPiA+IEBA IC05NCw2ICs5NCw4IEBAIHN0YXRpYyB2b2lkIGVsMF9zdmNfY29tbW9uKHN0cnVjdCBwdF9yZWdz ICpyZWdzLCBpbnQKPiA+IHNjbm8sIGludCBzY19uciwKPiA+IMKgIMKgIMKgIMKgIMKgIMKgIMKg IMKgIMKgIMKgIMKgIMKgIMKgIMKgY29uc3Qgc3lzY2FsbF9mbl90IHN5c2NhbGxfdGFibGVbXSkK PiA+IMKgewo+ID4gwqAgwqAgwqAgwqAgdW5zaWduZWQgbG9uZyBmbGFncyA9IGN1cnJlbnRfdGhy ZWFkX2luZm8oKS0+ZmxhZ3M7Cj4gPiArIMKgIMKgIMKgIGlmIChmbGFncyAmIF9USUZfTVRFX0FT WU5DX0ZBVUxUKQo+ID4gKyDCoCDCoCDCoCDCoCDCoCDCoCDCoCByZXR1cm47Cj4KPiBJdCBuZWVk cyBhIGJpdCBvZiB0aGlua2luZy4gVGhpcyBvbmUgd291bGRuJ3Qgd29yayBpZiB5b3Ugd2FudCB0 byBoYW5kbGUKPiB0aGUgc2lnbmFsIGFuZCByZXN1bWUgc2luY2UgaXQgd291bGQgc2tpcCB0aGUg U1ZDIGluc3RydWN0aW9uLiBXZSdkIG5lZWQKPiBhdCBsZWFzdCB0byBkbyBhIHJlZ3MtPnBjIC09 IDQgYW5kIHByb2JhYmx5IG1vdmUgaXQgZnVydGhlciBkb3duIGluIHRoaXMKPiBmdW5jdGlvbi4K Ck9rYXksIGhvdyBkb2VzIHRoaXMgbG9vaz8KClBldGVyCgogYXJjaC9hcm02NC9rZXJuZWwvc3lz Y2FsbC5jIHwgMjIgKysrKysrKysrKysrKysrKysrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDE5IGlu c2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvYXJjaC9hcm02NC9rZXJu ZWwvc3lzY2FsbC5jIGIvYXJjaC9hcm02NC9rZXJuZWwvc3lzY2FsbC5jCmluZGV4IDlhOWQ5OGE0 NDNmYy4uNDllYTliYjQ3MTkwIDEwMDY0NAotLS0gYS9hcmNoL2FybTY0L2tlcm5lbC9zeXNjYWxs LmMKKysrIGIvYXJjaC9hcm02NC9rZXJuZWwvc3lzY2FsbC5jCkBAIC05NSwxMyArOTUsMjkgQEAg c3RhdGljIHZvaWQgZWwwX3N2Y19jb21tb24oc3RydWN0IHB0X3JlZ3MgKnJlZ3MsIGludCBzY25v LCBpbnQgc2NfbnIsCiB7CiAJdW5zaWduZWQgbG9uZyBmbGFncyA9IGN1cnJlbnRfdGhyZWFkX2lu Zm8oKS0+ZmxhZ3M7CiAKLQlyZWdzLT5vcmlnX3gwID0gcmVncy0+cmVnc1swXTsKLQlyZWdzLT5z eXNjYWxsbm8gPSBzY25vOwotCiAJY29ydGV4X2E3Nl9lcnJhdHVtXzE0NjMyMjVfc3ZjX2hhbmRs ZXIoKTsKIAlsb2NhbF9kYWlmX3Jlc3RvcmUoREFJRl9QUk9DQ1RYKTsKIAl1c2VyX2V4aXQoKTsK IAorI2lmZGVmIENPTkZJR19BUk02NF9NVEUKKwlpZiAoZmxhZ3MgJiBfVElGX01URV9BU1lOQ19G QVVMVCkgeworCQkvKgorCQkgKiBXZSBlbnRlcmVkIHRoZSBrZXJuZWwgYWZ0ZXIgYW4gYXN5bmMg dGFnIGZhdWx0IGR1ZSB0byBhCisJCSAqIHN5c2NhbGwsIHJhdGhlciB0aGFuIGZvciBhbm90aGVy IHJlYXNvbiAoZS5nLiBwcmVlbXB0aW9uKS4KKwkJICogSW4gdGhpcyBjYXNlLCB3ZSBkb24ndCB3 YW50IHRvIHNlcnZpY2UgdGhlIHN5c2NhbGwgYXMgaXQgbWF5CisJCSAqIG1hc2sgdGhlIHRhZyBm YXVsdC4gUmV3aW5kIHRoZSBQQyB0byB0aGUgc3ZjIGluc3RydWN0aW9uIGluCisJCSAqIG9yZGVy IHRvIGdpdmUgYSB1c2Vyc3BhY2Ugc2lnbmFsIGhhbmRsZXIgYW4gb3Bwb3J0dW5pdHkgdG8KKwkJ ICogaGFuZGxlIHRoZSBmYXVsdCBhbmQgcmVzdW1lLCBhbmQgc2tpcCBhbGwgb3RoZXIgc3lzY2Fs bAorCQkgKiBwcm9jZXNzaW5nLgorCQkgKi8KKwkJcmVncy0+cGMgLT0gNDsKKwkJcmV0dXJuOwor CX0KKyNlbmRpZgorCisJcmVncy0+b3JpZ194MCA9IHJlZ3MtPnJlZ3NbMF07CisJcmVncy0+c3lz Y2FsbG5vID0gc2NubzsKKwogCWlmIChoYXNfc3lzY2FsbF93b3JrKGZsYWdzKSkgewogCQkvKiBz ZXQgZGVmYXVsdCBlcnJubyBmb3IgdXNlci1pc3N1ZWQgc3lzY2FsbCgtMSkgKi8KIAkJaWYgKHNj bm8gPT0gTk9fU1lTQ0FMTCkKLS0gCjIuMjQuMS43MzUuZzAzZjRlNzI4MTctZ29vZwoKCl9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmxpbnV4LWFybS1rZXJu ZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxAbGlzdHMuaW5mcmFkZWFkLm9yZwpodHRw Oi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-f202.google.com ([209.85.214.202]:41740 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727006AbfLTBhY (ORCPT ); Thu, 19 Dec 2019 20:37:24 -0500 Received: by mail-pl1-f202.google.com with SMTP id q6so2340675pls.8 for ; Thu, 19 Dec 2019 17:37:23 -0800 (PST) Date: Thu, 19 Dec 2019 17:36:39 -0800 In-Reply-To: <20191217180152.GO5624@arrakis.emea.arm.com> Message-ID: <20191220013639.212396-1-pcc@google.com> Mime-Version: 1.0 References: <20191217180152.GO5624@arrakis.emea.arm.com> Subject: [PATCH] arm64: mte: Do not service syscalls after async tag fault From: Peter Collingbourne Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-arch-owner@vger.kernel.org List-ID: To: Catalin Marinas Cc: Peter Collingbourne , Evgenii Stepanov , Kostya Serebryany , Linux ARM , linux-arch@vger.kernel.org, Richard Earnshaw , Szabolcs Nagy , Marc Zyngier , Kevin Brodsky , linux-mm@kvack.org, Andrey Konovalov , Vincenzo Frascino , Will Deacon Message-ID: <20191220013639.03UcL6Oj8onX6gSPqvs8fvlBnuWp9oF4jGzGBh1rPg0@z> When entering the kernel after an async tag fault due to a syscall, rather than for another reason (e.g. preemption), we don't want to service the syscall as it may mask the tag fault. Rewind the PC to the svc instruction in order to give a userspace signal handler an opportunity to handle the fault and resume, and skip all other syscall processing. Signed-off-by: Peter Collingbourne --- On Tue, Dec 17, 2019 at 10:01 AM Catalin Marinas = wrote: > > On Fri, Dec 13, 2019 at 05:43:15PM -0800, Peter Collingbourne wrote: > > On Wed, Dec 11, 2019 at 10:44 AM Catalin Marinas > > wrote: > > > diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c > > > index dd2cdc0d5be2..41fae64af82a 100644 > > > --- a/arch/arm64/kernel/signal.c > > > +++ b/arch/arm64/kernel/signal.c > > > @@ -730,6 +730,9 @@ static void setup_return(struct pt_regs *regs, st= ruct k_sigaction *ka, > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 regs->regs[29] =3D (unsigned long)&user->= next_frame->fp; > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 regs->pc =3D (unsigned long)ka->sa.sa_han= dler; > > > > > > + =C2=A0 =C2=A0 =C2=A0 /* TCO (Tag Check Override) always cleared for= signal handlers */ > > > + =C2=A0 =C2=A0 =C2=A0 regs->pstate &=3D ~PSR_TCO_BIT; > > > + > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (ka->sa.sa_flags & SA_RESTORER) > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sigtramp =3D = ka->sa.sa_restorer; > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 else > > > @@ -921,6 +924,11 @@ asmlinkage void do_notify_resume(struct pt_regs = *regs, > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 if (thread_flags & _TIF_UPROBE) > > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 uprobe_notify_resume(regs); > > > > > > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 if (thread_flags & _TIF_MTE_ASYNC_FAULT) { > > > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 clear_thread_flag(TIF_MTE_ASYNC_FAUL= T); > > > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 force_signal_inject(SIGSEGV, SEGV_MT= EAERR, 0); > > > > In the case where the kernel is entered due to a syscall, this will > > inject a signal, but only after servicing the syscall. This means > > that, for example, if the syscall is exit(), the async tag check > > failure will be silently ignored. I can reproduce the problem with the > > program below: > [...] > > This patch fixes the problem for me: > > > > diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c > > index 9a9d98a443fc..d0c8918dee00 100644 > > --- a/arch/arm64/kernel/syscall.c > > +++ b/arch/arm64/kernel/syscall.c > > @@ -94,6 +94,8 @@ static void el0_svc_common(struct pt_regs *regs, int > > scno, int sc_nr, > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0const syscall_fn_t syscall_table[]) > > =C2=A0{ > > =C2=A0 =C2=A0 =C2=A0 =C2=A0 unsigned long flags =3D current_thread_info= ()->flags; > > + =C2=A0 =C2=A0 =C2=A0 if (flags & _TIF_MTE_ASYNC_FAULT) > > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 return; > > It needs a bit of thinking. This one wouldn't work if you want to handle > the signal and resume since it would skip the SVC instruction. We'd need > at least to do a regs->pc -=3D 4 and probably move it further down in thi= s > function. Okay, how does this look? Peter arch/arm64/kernel/syscall.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c index 9a9d98a443fc..49ea9bb47190 100644 --- a/arch/arm64/kernel/syscall.c +++ b/arch/arm64/kernel/syscall.c @@ -95,13 +95,29 @@ static void el0_svc_common(struct pt_regs *regs, int sc= no, int sc_nr, { unsigned long flags =3D current_thread_info()->flags; =20 - regs->orig_x0 =3D regs->regs[0]; - regs->syscallno =3D scno; - cortex_a76_erratum_1463225_svc_handler(); local_daif_restore(DAIF_PROCCTX); user_exit(); =20 +#ifdef CONFIG_ARM64_MTE + if (flags & _TIF_MTE_ASYNC_FAULT) { + /* + * We entered the kernel after an async tag fault due to a + * syscall, rather than for another reason (e.g. preemption). + * In this case, we don't want to service the syscall as it may + * mask the tag fault. Rewind the PC to the svc instruction in + * order to give a userspace signal handler an opportunity to + * handle the fault and resume, and skip all other syscall + * processing. + */ + regs->pc -=3D 4; + return; + } +#endif + + regs->orig_x0 =3D regs->regs[0]; + regs->syscallno =3D scno; + if (has_syscall_work(flags)) { /* set default errno for user-issued syscall(-1) */ if (scno =3D=3D NO_SYSCALL) --=20 2.24.1.735.g03f4e72817-goog