• Vincenzo Frascino's avatar
    kselftest/arm64: Verify that TCO is enabled in load_unaligned_zeropad() · 15bfd167
    Vincenzo Frascino authored
    load_unaligned_zeropad() and __get/put_kernel_nofault() functions can
    read passed some buffer limits which may include some MTE granule with a
    different tag.
    
    When MTE async mode is enable, the load operation crosses the boundaries
    and the next granule has a different tag the PE sets the TFSR_EL1.TF1
    bit as if an asynchronous tag fault is happened:
    
     ==================================================================
     BUG: KASAN: invalid-access
     Asynchronous mode enabled: no access details available
    
     CPU: 0 PID: 1 Comm: init Not tainted 5.12.0-rc1-ge1045c86
    
    -dirty #8
     Hardware name: FVP Base RevC (DT)
     Call trace:
       dump_backtrace+0x0/0x1c0
       show_stack+0x18/0x24
       dump_stack+0xcc/0x14c
       kasan_report_async+0x54/0x70
       mte_check_tfsr_el1+0x48/0x4c
       exit_to_user_mode+0x18/0x38
       finish_ret_to_user+0x4/0x15c
     ==================================================================
    
    Verify that Tag Check Override (TCO) is enabled in these functions before
    the load and disable it afterwards to prevent this to happen.
    
    Note: The issue has been observed only with an MTE enabled userspace.
    
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: Will Deacon <will@kernel.org>
    Reported-by: default avatarBranislav Rankov <Branislav.Rankov@arm.com>
    Signed-off-by: Vincenzo Frascino's avatarVincenzo Frascino <vincenzo.frascino@arm.com>
    15bfd167