- 06 Nov, 2020 6 commits
-
-
Hardware tag-based KASAN uses the memory tagging approach, which requires all allocations to be aligned to the memory granule size. Align the allocations to MTE_GRANULE_SIZE via ARCH_SLAB_MINALIGN when CONFIG_KASAN_HW_TAGS is enabled. Signed-off-by:
Andrey Konovalov <andreyknvl@google.com> Signed-off-by:
Vincenzo Frascino <vincenzo.frascino@arm.com> Reviewed-by:
Catalin Marinas <catalin.marinas@arm.com> --- Change-Id: I51ebd3f9645e6330e5a92973bf7c86b62d632c2b
-
Vincenzo Frascino authored
When MTE is present, the GCR_EL1 register contains the tags mask that allows to exclude tags from the random generation via the IRG instruction. With the introduction of the new Tag-Based KASAN API that provides a mechanism to reserve tags for special reasons, the MTE implementation has to make sure that the GCR_EL1 setting for the kernel does not affect the userspace processes and viceversa. Save and restore the kernel/user mask in GCR_EL1 in kernel entry and exit. Signed-off-by:
-
Vincenzo Frascino authored
The gcr_user mask is a per thread mask that represents the tags that are excluded from random generation when the Memory Tagging Extension is present and an 'irg' instruction is invoked. gcr_user affects the behavior on EL0 only. Currently that mask is an include mask and it is controlled by the user via prctl() while GCR_EL1 accepts an exclude mask. Convert the include mask into an exclude one to make it easier the register setting. Note: This change will affect gcr_kernel (for EL1) introduced with a future patch. Signed-off-by:
-
Vincenzo Frascino authored
Hardware tag-based KASAN relies on Memory Tagging Extension (MTE) feature and requires it to be enabled. MTE supports This patch adds a new mte_init_tags() helper, that enables MTE in Synchronous mode in EL1 and is intended to be called from KASAN runtime during initialization. The Tag Checking operation causes a synchronous data abort as a consequence of a tag check fault when MTE is configured in synchronous mode. As part of this change enable match-all tag for EL1 to allow the kernel to access user pages without faulting. This is required because the kernel does not have knowledge of the tags set by the user in a page. Note: For MTE, the TCF bit field in SCTLR_EL1 affects only EL1 in a similar way as TCF0 affects EL0. MTE that is built on top of the Top Byte Ignore (TBI) feature hence we enable it as part of this patch as well. Signed-off-by:
-
Vincenzo Frascino authored
Add the implementation of the in-kernel fault handler. When a tag fault happens on a kernel address: * MTE is disabled on the current CPU, * the execution continues. When a tag fault happens on a user address: * the kernel executes do_bad_area() and panics. The tag fault handler for kernel addresses is currently empty and will be filled in by a future commit. Signed-off-by:
-
Vincenzo Frascino authored
The hardware tag-based KASAN for compatibility with the other modes stores the tag associated to a page in page->flags. Due to this the kernel faults on access when it allocates a page with an initial tag and the user changes the tags. Reset the tag associated by the kernel to a page in all the meaningful places to prevent kernel faults on access. Note: An alternative to this approach could be to modify page_to_virt(). This though could end up being racy, in fact if a CPU checks the PG_mte_tagged bit and decides that the page is not tagged but another CPU maps the same with PROT_MTE and becomes tagged the subsequent kernel access would fail. Signed-off-by:
-
- 05 Nov, 2020 11 commits
-
-
Vincenzo Frascino authored
Provide helper functions to manipulate allocation and pointer tags for kernel addresses. Low-level helper functions (mte_assign_*, written in assembly) operate tag values from the [0x0, 0xF] range. High-level helper functions (mte_get/set_*) use the [0xF0, 0xFF] range to preserve compatibility with normal kernel pointers that have 0xFF in their top byte. MTE_GRANULE_SIZE and related definitions are moved to mte-def.h header that doesn't have any dependencies and is safe to include into any low-level header. Signed-off-by:
-
Vincenzo Frascino authored
Hardware tag-based KASAN relies on Memory Tagging Extension (MTE) which is an armv8.5-a architecture extension. Enable the correct asm option when the compiler supports it in order to allow the usage of ALTERNATIVE()s with MTE instructions. Signed-off-by:
-
Andrey Konovalov authored
This patch adds a configuration option for a new KASAN mode called hardware tag-based KASAN. This mode uses the memory tagging approach like the software tag-based mode, but relies on arm64 Memory Tagging Extension feature for tag management and access checking. Signed-off-by:
Marco Elver <elver@google.com> --- Change-Id: I246c2def9fffa6563278db1bddfbe742ca7bdefe
-
Andrey Konovalov authored
Software tag-based KASAN provides its own tag checking machinery that can conflict with MTE. Don't allow enabling software tag-based KASAN when MTE is enabled. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Rework print_memory_metadata() to make it agnostic with regard to the way metadata is stored. Allow providing a separate metadata_fetch_row() implementation for each KASAN mode. Hardware tag-based KASAN will provide its own implementation that doesn't use shadow memory. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Hardware tag-based KASAN won't be using shadow memory, but will reuse these macros. Rename "SHADOW" to implementation-neutral "META". No functional changes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. kasan_non_canonical_hook() is only applicable to KASAN modes that use shadow memory, and won't be needed for hardware tag-based KASAN. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Hardware tag-based KASAN won't be using shadow memory, but will reuse this function. Rename "shadow" to implementation-neutral "metadata". No functional changes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Hardware tag-based KASAN won't be using shadow memory, but will reuse this function. Rename "shadow" to implementation-neutral "metadata". No functional changes. Signed-off-by:
-
Andrey Konovalov authored
Rename kasan_init_tags() to kasan_init_sw_tags() as the upcoming hardware tag-based KASAN mode will have its own initialization routine. Also similarly to kasan_init() mark kasan_init_tags() as __init. Signed-off-by:
-
Andrey Konovalov authored
Software tag-based KASAN mode is fully initialized with kasan_init_tags(), while the generic mode only requires kasan_init(). Move the initialization message for tag-based mode into kasan_init_tags(). Also fix pr_fmt() usage for KASAN code: generic.c doesn't need it as it doesn't use any printing functions; tag-based mode should use "kasan:" instead of KBUILD_MODNAME (which stands for file name). Signed-off-by:
-
- 04 Nov, 2020 16 commits
-
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Hardware tag-based KASAN won't use kasan_depth. Only define and use it when one of the software KASAN modes are enabled. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Hardware tag-based KASAN won't be using shadow memory. Only initialize it when one of the software KASAN modes are enabled. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
Decoding routines aren't needed when CONFIG_KASAN_STACK_ENABLE is not enabled. Currently only generic KASAN mode implements stack error reporting. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. For software KASAN modes the check is based on the value in the shadow memory. Hardware tag-based KASAN won't be using shadow, so hide the implementation of the check in check_invalid_free(). Also simplify the code for software tag-based mode. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
Both KASAN_GENERIC and KASAN_SW_TAGS have common dependencies, move those to KASAN. Signed-off-by:
-
Andrey Konovalov authored
Rename generic_report.c to report_generic.c and tags_report.c to report_sw_tags.c, as their content is more relevant to report.c file. Also rename tags.c to sw_tags.c to better reflect that this file contains code for software tag-based mode. No functional changes. Signed-off-by:
-
Andrey Konovalov authored
Define KASAN_GRANULE_PAGE as (KASAN_GRANULE_SIZE << PAGE_SHIFT), which is the same as (KASAN_GRANULE_SIZE * PAGE_SIZE), and use it across KASAN code to simplify it. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. The new mode won't be using shadow memory. Move all shadow-related code to shadow.c, which is only enabled for software KASAN modes that use shadow memory. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. The new mode won't be using shadow memory, so only build init.c that contains shadow initialization code for software modes. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. The new mode won't be using shadow memory, but will still use the concept of memory granules. Each memory granule maps to a single metadata entry: 8 bytes per one shadow byte for generic mode, 16 bytes per one shadow byte for software tag-based mode, and 16 bytes per one allocation tag for hardware tag-based mode. Rename KASAN_SHADOW_SCALE_SIZE to KASAN_GRANULE_SIZE, and KASAN_SHADOW_MASK to KASAN_GRANULE_MASK. Also use MASK when used as a mask, otherwise use SIZE. No functional changes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. The new mode won't be using shadow memory, but will reuse the same functions. Rename kasan_unpoison_shadow to kasan_unpoison_memory, and kasan_poison_shadow to kasan_poison_memory. No functional changes. Signed-off-by:
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Group shadow-related KASAN function declarations and only define them for the two existing software modes. No functional changes for software modes. Signed-off-by:
-
Andrey Konovalov authored
asm/kasan.h relies on pgd_t and _REGION1_SHIFT definitions and therefore requires asm/pgtable.h include. Include asm/pgtable.h from asm/kasan.h. Signed-off-by:
Vasily Gorbik <gor@linux.ibm.com> --- Change-Id: I369a8f9beb442b9d05733892232345c3f4120e0a
-
Andrey Konovalov authored
This is a preparatory commit for the upcoming addition of a new hardware tag-based (MTE-based) KASAN mode. Group all vmalloc-related function declarations in include/linux/kasan.h, and their implementations in mm/kasan/common.c. No functional changes. Signed-off-by:
-
Andrey Konovalov authored
Currently only generic KASAN mode supports vmalloc, reflect that in the config. Signed-off-by:
-
Andrey Konovalov authored
Don't mention "GNU General Public License version 2" text explicitly, as it's already covered by the SPDX-License-Identifier. Signed-off-by:
-
- 03 Nov, 2020 7 commits
-
-
Linus Torvalds authored
Merge tag 'perf-tools-for-v5.10-2020-11-03' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux Pull perf tools fixes from Arnaldo Carvalho de Melo: "Only fixes and a sync of the headers so that the perf build is silent: - Fix visibility attribute in python module init code with newer gcc - Fix DRAM_BW_Use 0 issue for CLX/SKX in intel JSON vendor event files - Fix the build on new fedora by removing LTO compiler options when building perl support - Remove broken __no_tail_call attribute - Fix segfault when trying to trace events by cgroup - Fix crash with non-jited BPF progs - Increase buffer size in TUI browser, fixing format truncation - Fix printing of build-id for objects lacking one - Fix byte swapping for ino_generation field in MMAP2 perf.data records - Fix byte swapping for CGROUP perf.data records, for cross arch analysis of perf.data files - Fix the fast path of feature detection - Update kernel header copies" * tag 'perf-tools-for-v5.10-2020-11-03' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (23 commits) tools feature: Fixup fast path feature detection perf tools: Add missing swap for cgroup events perf tools: Add missing swap for ino_generation perf tools: Initialize output buffer in build_id__sprintf perf hists browser: Increase size of 'buf' in perf_evsel__hists_browse() tools include UAPI: Update linux/mount.h copy tools headers UAPI: Update tools's copy of linux/perf_event.h tools kvm headers: Update KVM headers from the kernel sources tools UAPI: Update copy of linux/mman.h from the kernel sources tools arch x86: Sync the msr-index.h copy with the kernel sources tools x86 headers: Update required-features.h header from the kernel tools x86 headers: Update cpufeatures.h headers copies tools headers UAPI: Update fscrypt.h copy tools headers UAPI: Sync drm/i915_drm.h with the kernel sources tools headers UAPI: Sync prctl.h with the kernel sources perf scripting python: Avoid declaring function pointers with a visibility attribute perf tools: Remove broken __no_tail_call attribute perf vendor events: Fix DRAM_BW_Use 0 issue for CLX/SKX perf trace: Fix segfault when trying to trace events by cgroup perf tools: Fix crash with non-jited bpf progs ...
-
git://git.lwn.net/linuxLinus Torvalds authored
Pull documentation build warning fixes from Jonathan Corbet: "This contains a series of warning fixes from Mauro; once applied, the number of warnings from the once-noisy docs build process is nearly zero. Getting to this point has required a lot of work; once there, hopefully we can keep things that way. I have packaged this as a separate pull because it does a fair amount of reaching outside of Documentation/. The changes are all in comments and in code placement. It's all been in linux-next since last week" * tag 'docs-5.10-warnings' of git://git.lwn.net/linux: (24 commits) docs: SafeSetID: fix a warning amdgpu: fix a few kernel-doc markup issues selftests: kselftest_harness.h: fix kernel-doc markups drm: amdgpu_dm: fix a typo gpu: docs: amdgpu.rst: get rid of wrong kernel-doc markups drm: amdgpu: kernel-doc: update some adev parameters docs: fs: api-summary.rst: get rid of kernel-doc include IB/srpt: docs: add a description for cq_size member locking/refcount: move kernel-doc markups to the proper place docs: lockdep-design: fix some warning issues MAINTAINERS: fix broken doc refs due to yaml conversion ice: docs fix a devlink info that broke a table crypto: sun8x-ce*: update entries to its documentation net: phy: remove kernel-doc duplication mm: pagemap.h: fix two kernel-doc markups blk-mq: docs: add kernel-doc description for a new struct member docs: userspace-api: add iommu.rst to the index file docs: hwmon: mp2975.rst: address some html build warnings docs: net: statistics.rst: remove a duplicated kernel-doc docs: kasan.rst: add two missing blank lines ...
-
git://git.lwn.net/linuxLinus Torvalds authored
Pull documentation fixes from Jonathan Corbet: "A small number of fixes, plus a build tweak to respect the desire for silence in V=0 builds" * tag 'docs-5.10-3' of git://git.lwn.net/linux: docs: fix automarkup regression on Python 2 documentation: arm: sunxi: add Allwinner H6 documents scripts: kernel-doc: split typedef complex regex scripts: kernel-doc: fix typedef parsing docs: Makefile: honor V=0 for docs building
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 SEV-ES fixes from Borislav Petkov: "A couple of changes to the SEV-ES code to perform more stringent hypervisor checks before enabling encryption (Joerg Roedel)" * tag 'x86_seves_for_v5.10_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/sev-es: Do not support MMIO to/from encrypted memory x86/head/64: Check SEV encryption before switching to kernel page-table x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path x86/boot/compressed/64: Sanity-check CPUID results in the early #VC handler x86/boot/compressed/64: Introduce sev_status
-
David Howells authored
The cleanup for the yfs_store_opaque_acl2_operation calls the wrong function to destroy the ACL content buffer. It's an afs_acl struct, not a yfs_acl struct - and the free function for latter may pass invalid pointers to kfree(). Fix this by using the afs_acl_put() function. The yfs_acl_put() function is then no longer used and can be removed. general protection fault, probably for non-canonical address 0x7ebde00000000: 0000 [#1] SMP PTI ... RIP: 0010:compound_head+0x0/0x11 ... Call Trace: virt_to_cache+0x8/0x51 kfree+0x5d/0x79 yfs_free_opaque_acl+0x16/0x29 afs_put_operation+0x60/0x114 __vfs_setxattr+0x67/0x72 __vfs_setxattr_noperm+0x66/0xe9 vfs_setxattr+0x67/0xce setxattr+0x14e/0x184 __do_sys_fsetxattr+0x66/0x8f do_syscall_64+0x2d/0x3a entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: e49c7b2f ("afs: Build an abstraction around an "operation" concept") Signed-off-by:
David Howells <dhowells@redhat.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
David Howells authored
When using the afs.yfs.acl xattr to change an AuriStor ACL, a warning can be generated when the request is marshalled because the buffer pointer isn't increased after adding the last element, thereby triggering the check at the end if the ACL wasn't empty. This just causes something like the following warning, but doesn't stop the call from happening successfully: kAFS: YFS.StoreOpaqueACL2: Request buffer underflow (36<108) Fix this simply by increasing the count prior to the check. Fixes: f5e45463 ("afs: Implement YFS ACL setting") Signed-off-by: -
Jonathan Corbet authored
It turns out that the Python 2 re module lacks the ASCII flag, so don't try to use it there. Fixes: f66e47f9 ("docs: automarkup.py: Fix regexes to solve sphinx 3 warnings") Reported-by:
Dafna Hirschfeld <dafna.hirschfeld@collabora.com> Signed-off-by:
Jonathan Corbet <corbet@lwn.net>
-
