Re: [PATCH v14 8/8] kselftest/arm64: Verify that TCO is enabled in load_unaligned_zeropad()
From: Catalin Marinas <catalin.marinas@arm.com>
Date: 2021-03-11 16:29:02
Also in:
lkml
On Thu, Mar 11, 2021 at 03:00:26PM +0000, Vincenzo Frascino wrote:
On 3/11/21 1:25 PM, Catalin Marinas wrote:quoted
On Mon, Mar 08, 2021 at 04:14:34PM +0000, Vincenzo Frascino wrote:quoted
load_unaligned_zeropad() and __get/put_kernel_nofault() functions can read passed some buffer limits which may include some MTE granule with a different tag. When MTE async mode is enable, the load operation crosses the boundaries and the next granule has a different tag the PE sets the TFSR_EL1.TF1 bit as if an asynchronous tag fault is happened: ================================================================== BUG: KASAN: invalid-access Asynchronous mode enabled: no access details available CPU: 0 PID: 1 Comm: init Not tainted 5.12.0-rc1-ge1045c86620d-dirty #8 Hardware name: FVP Base RevC (DT) Call trace: dump_backtrace+0x0/0x1c0 show_stack+0x18/0x24 dump_stack+0xcc/0x14c kasan_report_async+0x54/0x70 mte_check_tfsr_el1+0x48/0x4c exit_to_user_mode+0x18/0x38 finish_ret_to_user+0x4/0x15c ================================================================== Verify that Tag Check Override (TCO) is enabled in these functions before the load and disable it afterwards to prevent this to happen. Note: The issue has been observed only with an MTE enabled userspace.The above bug is all about kernel buffers. While userspace can trigger the relevant code paths, it should not matter whether the user has MTE enabled or not. Can you please confirm that you can still triggered the fault with kernel-mode MTE but non-MTE user-space? If not, we may have a bug somewhere as the two are unrelated: load_unaligned_zeropad() only acts on kernel buffers and are subject to the kernel MTE tag check fault mode.I retried and you are right, it does not matter if it is a MTE or non-MTE user-space. The issue seems to be that this test does not trigger the problem all the times which probably lead me to the wrong conclusions.
Keep the test around for some quick checks before you get the kasan test support.
quoted
I don't think we should have a user-space selftest for this. The bug is not about a user-kernel interface, so an in-kernel test is more appropriate. Could we instead add this to the kasan tests and calling load_unaligned_zeropad() and other functions directly?I agree with you we should abandon this strategy of triggering the issue due to my comment above. I will investigate the option of having a kasan test and try to come up with one that calls the relevant functions directly. I would prefer though, since the rest of the series is almost ready, to post it in a future series. What do you think?
That's fine by me. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel