From patchwork Thu Oct 17 12:59:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13839979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 68447D37485 for ; Thu, 17 Oct 2024 13:07:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=6BFCDJ7qVhDMxaXJRJGY9SIIhLehUaVssxlnvsh+LOk=; b=blE1xRmhVXRblxPW7NW6/ddqjH h6UGu44qiyfIImu5LerEZTqGvvfUiUUEAqVn3NzkXXwOLGZjPDAJpy7HdTbaIWi53TTMYPJ0ktXAH hci+HNGApaU5FfanFRy9kVP1gbe5quJ7YoPSI2NL59ujjmxRKMqgolCabu2SlCB90W+yj1YHvEbO4 +zBM1EssR2Smedf2EQRruITEruJEvA7UoDlzPjax/w9lm+d651SlctXFurlW/EEf/y9iNKfhAqKPz OD7Sh7XXu3IwtbsiygUEcKmG+nGt1JkasapSzEgSwtooiPQ+es8ixmuDEXR9j9pWpxth+F4ql0e5d 1Qhorxsg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t1QDL-0000000ErtK-48sG; Thu, 17 Oct 2024 13:06:52 +0000 Received: from mail-lf1-x132.google.com ([2a00:1450:4864:20::132]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1Q5v-0000000Eqp5-0NHc for linux-arm-kernel@lists.infradead.org; Thu, 17 Oct 2024 12:59:15 +0000 Received: by mail-lf1-x132.google.com with SMTP id 2adb3069b0e04-539e1543ab8so1618415e87.2 for ; Thu, 17 Oct 2024 05:59:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729169949; x=1729774749; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=6BFCDJ7qVhDMxaXJRJGY9SIIhLehUaVssxlnvsh+LOk=; b=PVIhtj00NaD7VJXYdg5fHS1IjL8nb3Ha11jgI4nHb7hMgoGpzvHH9IhTkqf677OcTR obKLKXdfhc8vvFEVrd89qjLH/l1T08vx2tMSbAJLSwsorqPLpjQbXgdgvVgD5TqezHBh ac+dKemXrlXynerlAwtPucLb6yIaXwTJGs311HDXxjR4O+j+/CGQJYWAo6IzJGmSwFg/ MWCcxzxa1UclFnp5kENe+JU8XWPIb5m3FWbrrvOhUTZ+YAi/lTLGYh+MYVngIkXz76y/ TuI5fF7R+jGK/JO1GXCQXAQSA8f4ZcgybKJnKi8vht/szvegspg1cSxig2OzauoiRTyU gSAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729169949; x=1729774749; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6BFCDJ7qVhDMxaXJRJGY9SIIhLehUaVssxlnvsh+LOk=; b=LMU/A/wr0WTmFNQE3ArTKc1RW4GgCmpGYA6/Ca0UNkNnvT5qoZ6nlHD6oL4A3iWPOk ZnpsLVPnP4rB8bFkAGucv9eV3dPHcywc/MdHRhfHy2hlXvhJ1B0Vcl4XRIDbL1fwZW0X lEOuOTFtRJZIvwWWaHD4NZx1jr+FCrnQO3uf3rQjQnsD/KouTBbxTyejV1Avv4jACAJI O+k9Lc598LWsaBmaZ1EUD4dniA4nFT/0ZHhS41YxP2+2XTCQ2cq+NyuZnBrPFg18t4J/ 4ecN+CPYODwxcPILWyq4IQG2E3Kv0YmBMKObqlt4ol7eKiD8L4QE6aYAAVrkEJyxOrR2 4JaQ== X-Forwarded-Encrypted: i=1; AJvYcCXQTbbZd+DaMd2041m3Y8YtIvXdVBhqYKg+skGBh8T7vZ4f4FCXHcg+gHEhmkdeTsGQKYnn20b7oKnol8Vt3a6L@lists.infradead.org X-Gm-Message-State: AOJu0Yxwt2C6ss+rJ0SEnp7xkT/6kMPeM2q8OZtXwATn5XAdB3XcmEKb JKQAyem9QEl0VhrI1vWsWR+iolxsduoipfj24o8RpCftJ5ecu52YbOsCImeDVHo= X-Google-Smtp-Source: AGHT+IF0wuz7DTtzD28aNSx7raxRcYA1A8KJuM3dHXxpuquyQIHiAKRrTmrvQ2MEJoBWVhM3GQONJw== X-Received: by 2002:ac2:4e07:0:b0:539:9767:903d with SMTP id 2adb3069b0e04-539e572fbdcmr10356406e87.60.1729169948899; Thu, 17 Oct 2024 05:59:08 -0700 (PDT) Received: from lino.lan ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53a00013c21sm763349e87.270.2024.10.17.05.59.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Oct 2024 05:59:08 -0700 (PDT) From: Linus Walleij Date: Thu, 17 Oct 2024 14:59:05 +0200 Subject: [PATCH v3 1/2] ARM: ioremap: Sync PGDs for VMALLOC shadow MIME-Version: 1.0 Message-Id: <20241017-arm-kasan-vmalloc-crash-v3-1-d2a34cd5b663@linaro.org> References: <20241017-arm-kasan-vmalloc-crash-v3-0-d2a34cd5b663@linaro.org> In-Reply-To: <20241017-arm-kasan-vmalloc-crash-v3-0-d2a34cd5b663@linaro.org> To: Clement LE GOFFIC , Russell King , Kees Cook , AngeloGioacchino Del Regno , Mark Brown , Mark Rutland , Ard Biesheuvel Cc: Antonio Borneo , linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Linus Walleij , stable@vger.kernel.org X-Mailer: b4 0.14.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241017_055911_197638_2E06BCA0 X-CRM114-Status: GOOD ( 15.05 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When sync:ing the VMALLOC area to other CPUs, make sure to also sync the KASAN shadow memory for the VMALLOC area, so that we don't get stale entries for the shadow memory in the top level PGD. Since we are now copying PGDs in two instances, create a helper function named memcpy_pgd() to do the actual copying, and create a helper to map the addresses of VMALLOC_START and VMALLOC_END into the corresponding shadow memory. Cc: stable@vger.kernel.org Fixes: 565cbaad83d8 ("ARM: 9202/1: kasan: support CONFIG_KASAN_VMALLOC") Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ Reported-by: Clement LE GOFFIC Suggested-by: Mark Rutland Suggested-by: Russell King (Oracle) Acked-by: Mark Rutland Signed-off-by: Linus Walleij --- arch/arm/mm/ioremap.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c index 794cfea9f9d4..94586015feed 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c @@ -23,6 +23,7 @@ */ #include #include +#include #include #include #include @@ -115,16 +116,32 @@ int ioremap_page(unsigned long virt, unsigned long phys, } EXPORT_SYMBOL(ioremap_page); +static unsigned long arm_kasan_mem_to_shadow(unsigned long addr) +{ + return (unsigned long)kasan_mem_to_shadow((void *)addr); +} + +static void memcpy_pgd(struct mm_struct *mm, unsigned long start, + unsigned long end) +{ + memcpy(pgd_offset(mm, start), pgd_offset_k(start), + sizeof(pgd_t) * (pgd_index(end) - pgd_index(start))); +} + void __check_vmalloc_seq(struct mm_struct *mm) { int seq; do { seq = atomic_read(&init_mm.context.vmalloc_seq); - memcpy(pgd_offset(mm, VMALLOC_START), - pgd_offset_k(VMALLOC_START), - sizeof(pgd_t) * (pgd_index(VMALLOC_END) - - pgd_index(VMALLOC_START))); + memcpy_pgd(mm, VMALLOC_START, VMALLOC_END); + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) { + unsigned long start = + arm_kasan_mem_to_shadow(VMALLOC_START); + unsigned long end = + arm_kasan_mem_to_shadow(VMALLOC_END); + memcpy_pgd(mm, start, end); + } /* * Use a store-release so that other CPUs that observe the * counter's new value are guaranteed to see the results of the From patchwork Thu Oct 17 12:59:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13840006 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A9D05D37485 for ; Thu, 17 Oct 2024 13:08:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References :Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=; b=g0zGiRWZIckb4J/mFptf5ofDVf NuKeIGyilKy5HZbjUWWMZtHqPD4vSv/FYPkYjeWOJQaVAp39Oe4LAAhfR319nv1V2fQsIvy1FhHiA L0Ym9H2pDQeRXc3DsL3LI0+QutnyB03A23puxuJlq4uJxQ54DIauo5DY5Xj+CF6ciYlB7MZvCy/z/ ItHKAavLvkDICp0y7AVzpV74RJcObvTb1ZTxieU+vZfZ83lyMbQ7nzPsEU5056HCxoCoPufjZGlWu /Jyccx2Ak/Cpx3hFNFSEarrgzeoeoQ3Is05TFvKU+KEF84n3BEvGka0LcSm/OBI3tXvOs+lx3RyIT AiWP8ztA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t1QEo-0000000Es9F-04Sp; Thu, 17 Oct 2024 13:08:22 +0000 Received: from mail-lf1-x12c.google.com ([2a00:1450:4864:20::12c]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1Q5w-0000000Eqpa-47jm for linux-arm-kernel@lists.infradead.org; Thu, 17 Oct 2024 12:59:19 +0000 Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-539f72c8fc1so1040226e87.1 for ; Thu, 17 Oct 2024 05:59:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1729169951; x=1729774751; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=; b=AyoM3RbedpRC8RolV99ZV6FbdZnKuzHnLhxn4fjFmkxMqM167cX2VdlofUJFhETemE BG2gwZpp9pu4lQm8e+v4Ttg21xGa/03Rj4u0FF8hsvheJZCXgFGChdkIE/XdCjKZFa3j s8AYpfT0yMd9CORZBzRR/mzm4okBbcDIKoIcnxJLpI318UTQQhl6n7itzp1hm+PqUgsZ b7AGepZ/IDo8sDfSMzHO5r0P91k9Dn1g5EoCco1kJ34JDWXbv2kqDRCDCE+znemSfaw0 eBL5++uyJv0RujxxVK580A51BoxXrlCOoFHyfVt/NG8IzzMCbEBKMmhLbFap4SN3KQIE WWQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729169951; x=1729774751; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=o4FvxagpzjxZSStnbXoR4/Vp7sTpyCwQgUO0IG3vegk=; b=jXvVkF9iulTVAd/WWeZkmoAVqqvTweIhrpHs/gBSCvnkQe1g2MbGhIqHYv6jIbzg4u LxPnG6Ufe7wJ+bFrCJ5f/LTLhUsHFhIDanmRJ/bpSN2ww5cF/GRB4rzl8RhNZDe3ymra 6ZqqsX2pS7DjwXpRDrhegm0Staa3xO17Vy9hzy8d3qVhdgV6bMbrtjSiSEX+RCMuwtP6 DMuOkYJdM2OGj+16OZnIWygMtcz/W0cjXk9AMLsTQgrSEDmvem4f9b6X1Ar+B39T+7aE x7CLE/+hztw3TWlghahE2KgBQYRj91L8Eo4DO7c4dYnCouzSsX0XCjUTm6K93Tiw6a4q 57MA== X-Forwarded-Encrypted: i=1; AJvYcCX73FITs7TMu0op9WkHipMOrhAv8WgSs6KP8aKy65aaeMGZstFElreTFdS1G09X3Zs8nxSaa2V00AI2mwCwtG6i@lists.infradead.org X-Gm-Message-State: AOJu0YwouKvKmoXUxXcOpz27HolCG+UBtLFadHlQwo+kyMedSkL5GiPO 2kEfc+Uta6EyUh9nv+BU0W7TcrK16Y86d25bXcXgTmbj26y68r099xSMW3hlRzc= X-Google-Smtp-Source: AGHT+IHksrS7dvOIDDGppfbJwtTEWzde9JRlEqQc3/BUDREnjrOEyYKmsLetBYGEXTlb5TlTBzfCXg== X-Received: by 2002:a05:6512:31cb:b0:539:fbf7:38d1 with SMTP id 2adb3069b0e04-539fbf73b9emr7534245e87.2.1729169951111; Thu, 17 Oct 2024 05:59:11 -0700 (PDT) Received: from lino.lan ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-53a00013c21sm763349e87.270.2024.10.17.05.59.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Oct 2024 05:59:09 -0700 (PDT) From: Linus Walleij Date: Thu, 17 Oct 2024 14:59:06 +0200 Subject: [PATCH v3 2/2] ARM: entry: Do a dummy read from VMAP shadow MIME-Version: 1.0 Message-Id: <20241017-arm-kasan-vmalloc-crash-v3-2-d2a34cd5b663@linaro.org> References: <20241017-arm-kasan-vmalloc-crash-v3-0-d2a34cd5b663@linaro.org> In-Reply-To: <20241017-arm-kasan-vmalloc-crash-v3-0-d2a34cd5b663@linaro.org> To: Clement LE GOFFIC , Russell King , Kees Cook , AngeloGioacchino Del Regno , Mark Brown , Mark Rutland , Ard Biesheuvel Cc: Antonio Borneo , linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, Linus Walleij , stable@vger.kernel.org X-Mailer: b4 0.14.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241017_055913_057922_458915B7 X-CRM114-Status: GOOD ( 12.67 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When switching task, in addition to a dummy read from the new VMAP stack, also do a dummy read from the VMAP stack's corresponding KASAN shadow memory to sync things up in the new MM context. Cc: stable@vger.kernel.org Fixes: a1c510d0adc6 ("ARM: implement support for vmap'ed stacks") Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ Reported-by: Clement LE GOFFIC Suggested-by: Ard Biesheuvel Signed-off-by: Linus Walleij --- arch/arm/kernel/entry-armv.S | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 1dfae1af8e31..ef6a657c8d13 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -25,6 +25,7 @@ #include #include #include +#include #include "entry-header.S" #include @@ -561,6 +562,13 @@ ENTRY(__switch_to) @ entries covering the vmalloc region. @ ldr r2, [ip] +#ifdef CONFIG_KASAN_VMALLOC + @ Also dummy read from the KASAN shadow memory for the new stack if we + @ are using KASAN + mov_l r2, KASAN_SHADOW_OFFSET + add r2, r2, ip, lsr #KASAN_SHADOW_SCALE_SHIFT + ldr r2, [r2] +#endif #endif @ When CONFIG_THREAD_INFO_IN_TASK=n, the update of SP itself is what