From patchwork Tue Oct 15 21:37:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13837374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5137AD20683 for ; Tue, 15 Oct 2024 23:00:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=c2pXRgO8fhNg4XGW5m2nJjv5HrSsOwaVBlg5djifbog=; b=F85UylLCZx7gVsblKCkFM90As3 Bvn6e5drn7uofqThW1lLAxGOC2EI9+BZY4V0rgpK3daH4kBlUhuAi9YRoRLlac0y0Pt2jD8j170/I Z7y17hWjG5jfvEXImYkRLYvU789+g8q0d71QPXh/P071BnAqJ7075tvttGPMRct/RhQ5WcZNhJ9fL oHDNAl6gwxQFvh8rR3ON48ImSJX1evQE0W/bB5qPVcLyt/pdXW8PA9mn7tXjMF4+vGA+U64jp+OcD 2KLaiHB0PQof8ExSIdT0zQtCmX37Gx22PMPYtY3QBnw3hdTUf10CeZ2Telp8t+Fi3qEmNhK2ldhan c2OjBecA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t0qWr-00000009rWZ-110P; Tue, 15 Oct 2024 23:00:37 +0000 Received: from mail-lf1-x136.google.com ([2a00:1450:4864:20::136]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t0pEU-00000009g9i-3Kjk for linux-arm-kernel@lists.infradead.org; Tue, 15 Oct 2024 21:37:39 +0000 Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-539e63c8678so3710491e87.0 for ; Tue, 15 Oct 2024 14:37:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729028251; x=1729633051; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=c2pXRgO8fhNg4XGW5m2nJjv5HrSsOwaVBlg5djifbog=; b=B5gcoBsGVjkSos1aunATmN0jtEuh3Atr9C7pTvRskAGE9rMSTG1z5efbSIO6xMZ9wb uTtRaGX9MEMk2llq0YVITi4S97F0atiYKZ+d/unOEAiPdigFLtTNkju/V3tTKaswPZG5 QbHBu6qQyWyHmuSp2WY0W3vUVNv7JM8OYdxWbIusylkvo5i8fcWif6OoJvwIkniREZj7 BxCBYwyFS0OpRnkoRhXqu3LKSBP2KBaM0hIn9+9PzW2BRo9ZqqJ6+KoH5r614dispFi/ B28pj1yAk7ni0Yat2ca7XTvw2nBCP2IN9phXVAlRqpZsAKqy7iSX9B3N4yssEC4A6yGF YWQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729028251; x=1729633051; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c2pXRgO8fhNg4XGW5m2nJjv5HrSsOwaVBlg5djifbog=; b=jz7/UzZCVQSzBNemV/ec8QrdBYy+lHAA/JadwRp3N79KkSvUSbI3gp59mi6alHcDbz UHcpz57MORhrpuFwfeXJrHAQof3GRpfPgDaWJqB8Mu+zlyLxcvcBI7tNQb1bYPiSXHTr REMWLUf2dLdogxncfbjXDucHkMEQT3F7SEb1yvYDQU/ATTpLIb/YYhp14CYaXNZl9TH1 6QtFtWqY35T2FpasVsSDhpVoxEDDYmmg3qBZvtZacJru/WxYDWTCHdhYgx1KUtoj1jkf pMneEHuDuZmg5Cvuv1gsoub8xKWJO1k9pKCdE9khQoDLQEzY9MRqAyH+z+/OtUmuGRMd EqqA== X-Forwarded-Encrypted: i=1; AJvYcCWXFPBaJFjiOPVtEEertUcXxoZQfxx+mTXSuIUnuS7Wm83+x2CkH22/cQsSd0BsTwbmR3uTAT+QOsNPdb5nbnSt@lists.infradead.org X-Gm-Message-State: AOJu0YxOpFE2YgzD5B1ZVt3yR5H8bFVDZj9vQdiyw9MUv0eZ4Att2w+r MMFj55/1Qjr3r63hwQDYgEosvxhBTcgV27WA9zYbUULIumzc3+BljCZ5ISECt5abTsykoi5NkF2 G X-Google-Smtp-Source: AGHT+IEWIT/h1YDLyXIK/uWAg+XHk5SwWVG2mIHyvZZnZ6PuVu/Ke0dGl4gM0oL/AKlYmONEWEBKVg== X-Received: by 2002:a05:6512:3402:b0:536:a68e:86f0 with SMTP id 2adb3069b0e04-539e55142c8mr5922358e87.27.1729028251515; Tue, 15 Oct 2024 14:37:31 -0700 (PDT) Received: from lino.lan ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-539ffff39a7sm258959e87.164.2024.10.15.14.37.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Oct 2024 14:37:31 -0700 (PDT) From: Linus Walleij Date: Tue, 15 Oct 2024 23:37:14 +0200 Subject: [PATCH 1/2] ARM: ioremap: Flush PGDs for VMALLOC shadow MIME-Version: 1.0 Message-Id: <20241015-arm-kasan-vmalloc-crash-v1-1-dbb23592ca83@linaro.org> References: <20241015-arm-kasan-vmalloc-crash-v1-0-dbb23592ca83@linaro.org> In-Reply-To: <20241015-arm-kasan-vmalloc-crash-v1-0-dbb23592ca83@linaro.org> To: Clement LE GOFFIC , Russell King , Kees Cook , AngeloGioacchino Del Regno , Mark Brown , Mark Rutland , Ard Biesheuvel Cc: Antonio Borneo , linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Linus Walleij , stable@vger.kernel.org X-Mailer: b4 0.14.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241015_143735_002828_38F40F92 X-CRM114-Status: GOOD ( 13.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When sync:ing the VMALLOC area to other CPUs, make sure to also sync the KASAN shadow memory for the VMALLOC area, so that we don't get stale entries for the shadow memory in the top level PGD. Cc: stable@vger.kernel.org Fixes: 565cbaad83d8 ("ARM: 9202/1: kasan: support CONFIG_KASAN_VMALLOC") Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ Reported-by: Clement LE GOFFIC Suggested-by: Mark Rutland Signed-off-by: Linus Walleij --- arch/arm/mm/ioremap.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 794cfea9f9d4..449f1f04814c 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -23,6 +23,7 @@ */ #include #include +#include #include #include #include @@ -125,6 +126,12 @@ void __check_vmalloc_seq(struct mm_struct *mm) pgd_offset_k(VMALLOC_START), sizeof(pgd_t) * (pgd_index(VMALLOC_END) - pgd_index(VMALLOC_START))); + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) { + memcpy(pgd_offset(mm, (unsigned long)kasan_mem_to_shadow((void *)VMALLOC_START)), + pgd_offset_k((unsigned long)kasan_mem_to_shadow((void *)VMALLOC_START)), + sizeof(pgd_t) * (pgd_index((unsigned long)kasan_mem_to_shadow((void *)VMALLOC_END)) - + pgd_index((unsigned long)kasan_mem_to_shadow((void *)VMALLOC_START)))); + } /* * Use a store-release so that other CPUs that observe the * counter's new value are guaranteed to see the results of the From patchwork Tue Oct 15 21:37:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13837306 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1827DD1F9DA for ; Tue, 15 Oct 2024 21:47:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=TASGgpeqvDoWRp9bCNSBz84rkKz0n7oKXi0ntrW73xw=; b=hjBY8iSLSTtIFekrOEJFTIEMAz rhRVjcc7sSvW1X9BbyGvXb5FyHCTTjz/Qf86qy3mtrMBCh6Qa2vh/HV1jHNqVuQg7C3yBREjldXlf eY1vzQBXVm0SBMoGX5vwRXvHOXBSht5r4SrEBCApm0vWFrhS1lTcvLDCm8T1TJM0Q/uOIwG9eNv5E Fvkc91HCBhxpkYTBQnzuqtfrba7TcEPn8Hx3pCFMD1xAOYEP1oDTFF0QT+4bvmM3HIIRmLuYelaQZ 5ab9o5d49PyPUAabPrRq0M5tAUsn+IeiTavmEGHKLjFryPyGm6OlGtA5O9FajR519jbb53yqrPW6t QEC8x7FA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t0pO1-00000009ijt-0VkY; Tue, 15 Oct 2024 21:47:25 +0000 Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t0pEV-00000009gBN-489M for linux-arm-kernel@lists.infradead.org; Tue, 15 Oct 2024 21:37:40 +0000 Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-539f6e1f756so3033933e87.0 for ; Tue, 15 Oct 2024 14:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729028254; x=1729633054; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=TASGgpeqvDoWRp9bCNSBz84rkKz0n7oKXi0ntrW73xw=; b=q6qEn2qqRElqtJLd0RlXcxFKllNF9qEzsh84jkRpXyK6lPMfmzcPD0Ik9QS1DIpZi6 lIYSnFqfvoMZFEHBNfKC4oROQWSRJ4xlAGPzZ3zX+GtRPn/rTVb2RJZ92Lo/VzN/No0H GXX2BjLlxtmwlX/dBVMlZ4a9OHeG6Zl/0+VapBypngOUDC+gHy9RXfdJNSjVn/GQ8kfF qdiimlaU7hF+TGSEClTdhWXA7usfNg7lTk0fii0vSMztloH94rgI+gYbujewAQiRBnai Hi28XOCRVfwSi4ZraKONZ22lsncfas7w6rREhe7KgPKBX4+MIWQRwDSXQPcWZ9AArN27 C0Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729028254; x=1729633054; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TASGgpeqvDoWRp9bCNSBz84rkKz0n7oKXi0ntrW73xw=; b=h2b/BbfH9TH0gULmtlFVPkVTkR2+IC2uNEVvTxPVg1wyUS4yHX5nqyZISB0C7i9yGq j61K1wfJcnMUXeqeHCVLY57pxfccMcroMQ8mJlaNp120Dtex3K93UhQUFvyJ1hDzHRRU toigEUhP8pdctbzjJPgDoWiZoIu0JLOPWhtbol81puZU/DK+2irG0t0YrcAte3apf/eD 1IIQ7004Ro5UGYSoYbzs0YDWSIEJ/dfyBYLt6/ZwW7saHm5TjvoDgM7cQ2/i2OE1rfeo kqutpS6Eu+gXKLotDhPddUu8HcZcIGJ1o3YRW7177/OpYH2sYtLrzefrPuPb4XbK/yZZ nb4w== X-Forwarded-Encrypted: i=1; AJvYcCVmnIMSKCEPtyilOPleKPWAbM61OHOtkQPlPG4XkiRZMGEIuERK0TSZldihXt6SDxZMCxiDng2pERp4Ea4QL/Qy@lists.infradead.org X-Gm-Message-State: AOJu0YzClidxIhoHcnyz22F7bO4xj6J8Rqqe3CcxIVUgBJ//UkOEJQ5N DRNi1D/LDuacew9MS7hsFCQc1Ap1c95o8Rjg4Fdj/hC/N1gEQbeVUdVjnOzEqFg= X-Google-Smtp-Source: AGHT+IF341ab+sZLcMDbnxZTwN4quvfyU4PR7oSIdCyM9Ps18PkqToqxvjilXFBFRaDjIYv2qHNpnw== X-Received: by 2002:a05:6512:3e14:b0:539:f26f:d280 with SMTP id 2adb3069b0e04-53a03f0bdc9mr1252333e87.5.1729028253987; Tue, 15 Oct 2024 14:37:33 -0700 (PDT) Received: from lino.lan ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-539ffff39a7sm258959e87.164.2024.10.15.14.37.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Oct 2024 14:37:31 -0700 (PDT) From: Linus Walleij Date: Tue, 15 Oct 2024 23:37:15 +0200 Subject: [PATCH 2/2] ARM: entry: Do a dummy read from VMAP shadow MIME-Version: 1.0 Message-Id: <20241015-arm-kasan-vmalloc-crash-v1-2-dbb23592ca83@linaro.org> References: <20241015-arm-kasan-vmalloc-crash-v1-0-dbb23592ca83@linaro.org> In-Reply-To: <20241015-arm-kasan-vmalloc-crash-v1-0-dbb23592ca83@linaro.org> To: Clement LE GOFFIC , Russell King , Kees Cook , AngeloGioacchino Del Regno , Mark Brown , Mark Rutland , Ard Biesheuvel Cc: Antonio Borneo , linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Linus Walleij , stable@vger.kernel.org X-Mailer: b4 0.14.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241015_143736_145829_7F044DCD X-CRM114-Status: GOOD ( 13.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When switching task, in addition to a dummy read from the new VMAP stack, also do a dummy read from the VMAP stack's corresponding KASAN shadow memory to sync things up in the new MM context. Cc: stable@vger.kernel.org Fixes: a1c510d0adc6 ("ARM: implement support for vmap'ed stacks") Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ Reported-by: Clement LE GOFFIC Suggested-by: Ard Biesheuvel Signed-off-by: Linus Walleij --- arch/arm/kernel/entry-armv.S | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 1dfae1af8e31..12a4040a04ff 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -25,6 +25,7 @@ #include #include #include +#include #include "entry-header.S" #include @@ -561,6 +562,13 @@ ENTRY(__switch_to) @ entries covering the vmalloc region. @ ldr r2, [ip] +#ifdef CONFIG_KASAN_VMALLOC + @ Also dummy read from the KASAN shadow memory for the new stack if we + @ are using KASAN + mov_l r2, KASAN_SHADOW_OFFSET + add r2, ip, lsr #KASAN_SHADOW_SCALE_SHIFT + ldr r2, [r2] +#endif #endif @ When CONFIG_THREAD_INFO_IN_TASK=n, the update of SP itself is what