From patchwork Fri Jun 10 15:21:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 12877702 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B3FBC433EF for ; Fri, 10 Jun 2022 15:21:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 679D66B00FE; Fri, 10 Jun 2022 11:21:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 628FC8D00C0; Fri, 10 Jun 2022 11:21:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 517938D00B3; Fri, 10 Jun 2022 11:21:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 43C966B00FE for ; Fri, 10 Jun 2022 11:21:48 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 147B834C47 for ; Fri, 10 Jun 2022 15:21:48 +0000 (UTC) X-FDA: 79562691096.05.C48418E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 9140514007D for ; Fri, 10 Jun 2022 15:21:47 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 662DE61F18; Fri, 10 Jun 2022 15:21:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3BE8C34114; Fri, 10 Jun 2022 15:21:43 +0000 (UTC) From: Catalin Marinas To: Andrey Ryabinin , Andrey Konovalov Cc: Will Deacon , Vincenzo Frascino , Peter Collingbourne , kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 0/4] kasan: Fix ordering between MTE tag colouring and page->flags Date: Fri, 10 Jun 2022 16:21:37 +0100 Message-Id: <20220610152141.2148929-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1654874507; a=rsa-sha256; cv=none; b=mpuvkEeoV+DaZqeNbKTd+TEmrYA7/t6a3Ng94OoqtvRH9cSKyDufR3aku3BLFVpwHHHFZ1 6SRAinueiwOeHfrPrV0HRclGSP8gQpUOAf7rgANW3lgICHiUTfL+qUURUrOQBpDD+ZM/1+ ug1WQlbLDJNwCLlycqKJnUzBQvi4AIo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1654874507; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=vYiGl4x+g5MzRl+C860KyvPiF4ftEEAJjboNUqqcGL0=; b=VamiuCxXSpNGzs12QxGdXJc6fAJYMtOqmq4D/m8eo1I26+hCIxvXneOBGYjV/XGSojABLU DWKYjbZx1WhrgR0537oC6dzbk6gmoThT0yhn11iEw5GxSqBQqRFmGtPh/0QMBMlG/n4BZ3 ugTq70pvWeO8K96kN1gPz2sdGn4aQYk= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf26.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org Authentication-Results: imf26.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf26.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org X-Stat-Signature: 4jsbz7ziy7f6db3cpbre159we5iot5qy X-Rspamd-Queue-Id: 9140514007D X-Rspamd-Server: rspam12 X-Rspam-User: X-HE-Tag: 1654874507-568944 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, That's a second attempt on fixing the race race between setting the allocation (in-memory) tags in a page and the corresponding logical tag in page->flags. Initial version here: https://lore.kernel.org/r/20220517180945.756303-1-catalin.marinas@arm.com This new series does not introduce any new GFP flags but instead always skips unpoisoning of the user pages (we already skip the poisoning on free). Any unpoisoned page will have the page->flags tag reset. For the background: On a system with MTE and KASAN_HW_TAGS enabled, when a page is allocated kasan_unpoison_pages() sets a random tag and saves it in page->flags so that page_to_virt() re-creates the correct tagged pointer. We need to ensure that the in-memory tags are visible before setting the page->flags: P0 (__kasan_unpoison_range): P1 (access via virt_to_page): Wtags=x Rflags=x | | | DMB | address dependency V V Wflags=x Rtags=x The first patch changes the order of page unpoisoning with the tag storing in page->flags. page_kasan_tag_set() has the right barriers through try_cmpxchg(). If a page is mapped in user-space with PROT_MTE, the architecture code will set the allocation tag to 0 and a subsequent page_to_virt() dereference will fault. We currently try to fix this by resetting the tag in page->flags so that it is 0xff (match-all, not faulting). However, setting the tags and flags can race with another CPU reading the flags (page_to_virt()) and barriers can't help, e.g.: P0 (mte_sync_page_tags): P1 (memcpy from virt_to_page): Rflags!=0xff Wflags=0xff DMB (doesn't help) Wtags=0 Rtags=0 // fault Since clearing the flags in the arch code doesn't work, to do this at page allocation time when __GFP_SKIP_KASAN_UNPOISON is passed. Thanks. Catalin Marinas (4): mm: kasan: Ensure the tags are visible before the tag in page->flags mm: kasan: Skip unpoisoning of user pages mm: kasan: Skip page unpoisoning only if __GFP_SKIP_KASAN_UNPOISON arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" arch/arm64/kernel/hibernate.c | 5 ----- arch/arm64/kernel/mte.c | 9 --------- arch/arm64/mm/copypage.c | 9 --------- arch/arm64/mm/fault.c | 1 - arch/arm64/mm/mteswap.c | 9 --------- include/linux/gfp.h | 2 +- mm/kasan/common.c | 3 ++- mm/page_alloc.c | 19 ++++++++++--------- 8 files changed, 13 insertions(+), 44 deletions(-)