| Message ID | 34dc4d12eec0adae49b0ac927df642ed10089d40.1631890770.git.robin.murphy@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: Mitigate MTE issues with str{n}cmp() | expand |
On Fri, Sep 17, 2021 at 03:59:30PM +0100, Robin Murphy wrote: > As with strlen(), the patches importing the updated str{n}cmp() > implementations were originally developed and tested before the > advent of CONFIG_KASAN_HW_TAGS, and have subsequently revealed > not to be MTE-safe. Since in-kernel MTE is still a rather niche > case, let it temporarily fall back to the generic C versions for > correctness until we can figure out the best fix. > > Reported-by: Branislav Rankov <branislav.rankov@arm.com> > Signed-off-by: Robin Murphy <robin.murphy@arm.com> > --- > arch/arm64/include/asm/assembler.h | 5 +++++ > arch/arm64/include/asm/string.h | 2 ++ > arch/arm64/lib/strcmp.S | 2 +- > arch/arm64/lib/strncmp.S | 2 +- > 4 files changed, 9 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h > index 89faca0e740d..bfa58409a4d4 100644 > --- a/arch/arm64/include/asm/assembler.h > +++ b/arch/arm64/include/asm/assembler.h > @@ -525,6 +525,11 @@ alternative_endif > #define EXPORT_SYMBOL_NOKASAN(name) EXPORT_SYMBOL(name) > #endif > > +#ifdef CONFIG_KASAN_HW_TAGS > +#define EXPORT_SYMBOL_NOHWKASAN(name) > +#else > +#define EXPORT_SYMBOL_NOHWKASAN(name) EXPORT_SYMBOL_NOKASAN(name) > +#endif I think that depending on how we solve this in future, we might want to have: * EXPORT_SYMBOL_NOSWKASAN for generic/sw-tags (this would be a rename of the existing EXPORT_SYMBOL_NOKASAN) * EXPORT_SYMBOL_NOHWKASAN for hw tags * EXPORT_SYMBOL_NOKASAN for generic/sw-tags/hw-tags ... so then it's a bit clearer what's handled in each case. Regardless, for now this is certainly good enough. FWIW: Acked-by: Mark Rutland <mark.rutland@arm.com> Thanks, Mark. > /* > * Emit a 64-bit absolute little endian symbol reference in a way that > * ensures that it will be resolved at build time, even when building a > diff --git a/arch/arm64/include/asm/string.h b/arch/arm64/include/asm/string.h > index 3a3264ff47b9..95f7686b728d 100644 > --- a/arch/arm64/include/asm/string.h > +++ b/arch/arm64/include/asm/string.h > @@ -12,11 +12,13 @@ extern char *strrchr(const char *, int c); > #define __HAVE_ARCH_STRCHR > extern char *strchr(const char *, int c); > > +#ifndef CONFIG_KASAN_HW_TAGS > #define __HAVE_ARCH_STRCMP > extern int strcmp(const char *, const char *); > > #define __HAVE_ARCH_STRNCMP > extern int strncmp(const char *, const char *, __kernel_size_t); > +#endif > > #define __HAVE_ARCH_STRLEN > extern __kernel_size_t strlen(const char *); > diff --git a/arch/arm64/lib/strcmp.S b/arch/arm64/lib/strcmp.S > index d7bee210a798..83bcad72ec97 100644 > --- a/arch/arm64/lib/strcmp.S > +++ b/arch/arm64/lib/strcmp.S > @@ -173,4 +173,4 @@ L(done): > ret > > SYM_FUNC_END_PI(strcmp) > -EXPORT_SYMBOL_NOKASAN(strcmp) > +EXPORT_SYMBOL_NOHWKASAN(strcmp) > diff --git a/arch/arm64/lib/strncmp.S b/arch/arm64/lib/strncmp.S > index 48d44f7fddb1..e42bcfcd37e6 100644 > --- a/arch/arm64/lib/strncmp.S > +++ b/arch/arm64/lib/strncmp.S > @@ -258,4 +258,4 @@ L(ret0): > ret > > SYM_FUNC_END_PI(strncmp) > -EXPORT_SYMBOL_NOKASAN(strncmp) > +EXPORT_SYMBOL_NOHWKASAN(strncmp) > -- > 2.21.0.dirty >
On Fri, 17 Sep 2021 15:59:30 +0100, Robin Murphy wrote: > As with strlen(), the patches importing the updated str{n}cmp() > implementations were originally developed and tested before the > advent of CONFIG_KASAN_HW_TAGS, and have subsequently revealed > not to be MTE-safe. Since in-kernel MTE is still a rather niche > case, let it temporarily fall back to the generic C versions for > correctness until we can figure out the best fix. Applied to arm64 (for-next/fixes), thanks! [1/1] arm64: Mitigate MTE issues with str{n}cmp() https://git.kernel.org/arm64/c/59a68d413808
diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 89faca0e740d..bfa58409a4d4 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -525,6 +525,11 @@ alternative_endif #define EXPORT_SYMBOL_NOKASAN(name) EXPORT_SYMBOL(name) #endif +#ifdef CONFIG_KASAN_HW_TAGS +#define EXPORT_SYMBOL_NOHWKASAN(name) +#else +#define EXPORT_SYMBOL_NOHWKASAN(name) EXPORT_SYMBOL_NOKASAN(name) +#endif /* * Emit a 64-bit absolute little endian symbol reference in a way that * ensures that it will be resolved at build time, even when building a diff --git a/arch/arm64/include/asm/string.h b/arch/arm64/include/asm/string.h index 3a3264ff47b9..95f7686b728d 100644 --- a/arch/arm64/include/asm/string.h +++ b/arch/arm64/include/asm/string.h @@ -12,11 +12,13 @@ extern char *strrchr(const char *, int c); #define __HAVE_ARCH_STRCHR extern char *strchr(const char *, int c); +#ifndef CONFIG_KASAN_HW_TAGS #define __HAVE_ARCH_STRCMP extern int strcmp(const char *, const char *); #define __HAVE_ARCH_STRNCMP extern int strncmp(const char *, const char *, __kernel_size_t); +#endif #define __HAVE_ARCH_STRLEN extern __kernel_size_t strlen(const char *); diff --git a/arch/arm64/lib/strcmp.S b/arch/arm64/lib/strcmp.S index d7bee210a798..83bcad72ec97 100644 --- a/arch/arm64/lib/strcmp.S +++ b/arch/arm64/lib/strcmp.S @@ -173,4 +173,4 @@ L(done): ret SYM_FUNC_END_PI(strcmp) -EXPORT_SYMBOL_NOKASAN(strcmp) +EXPORT_SYMBOL_NOHWKASAN(strcmp) diff --git a/arch/arm64/lib/strncmp.S b/arch/arm64/lib/strncmp.S index 48d44f7fddb1..e42bcfcd37e6 100644 --- a/arch/arm64/lib/strncmp.S +++ b/arch/arm64/lib/strncmp.S @@ -258,4 +258,4 @@ L(ret0): ret SYM_FUNC_END_PI(strncmp) -EXPORT_SYMBOL_NOKASAN(strncmp) +EXPORT_SYMBOL_NOHWKASAN(strncmp)
As with strlen(), the patches importing the updated str{n}cmp() implementations were originally developed and tested before the advent of CONFIG_KASAN_HW_TAGS, and have subsequently revealed not to be MTE-safe. Since in-kernel MTE is still a rather niche case, let it temporarily fall back to the generic C versions for correctness until we can figure out the best fix. Reported-by: Branislav Rankov <branislav.rankov@arm.com> Signed-off-by: Robin Murphy <robin.murphy@arm.com> --- arch/arm64/include/asm/assembler.h | 5 +++++ arch/arm64/include/asm/string.h | 2 ++ arch/arm64/lib/strcmp.S | 2 +- arch/arm64/lib/strncmp.S | 2 +- 4 files changed, 9 insertions(+), 2 deletions(-)