Commit f05842cf authored by Andrey Konovalov's avatar Andrey Konovalov Committed by Linus Torvalds
Browse files

kasan, arm64: allow using KUnit tests with HW_TAGS mode 

On a high level, this patch allows running KUnit KASAN tests with the
hardware tag-based KASAN mode.

Internally, this change reenables tag checking at the end of each KASAN
test that triggers a tag fault and leads to tag checking being disabled.

Also simplify is_write calculation in report_tag_fault.

With this patch KASAN tests are still failing for the hardware tag-based
mode; fixes come in the next few patches.

[andreyknvl@google.com: export HW_TAGS symbols for KUnit tests]
  Link: https://lkml.kernel.org/r/e7eeb252da408b08f0c81b950a55fb852f92000b.1613155970.git.andreyknvl@google.com

Link: https://linux-review.googlesource.com/id/Id94dc9eccd33b23cda4950be408c27f879e474c8
Link: https://lkml.kernel.org/r/51b23112cf3fd62b8f8e9df81026fa2b15870501.1610733117.git.andreyknvl@google.com


Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Reviewed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Reviewed-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Branislav Rankov <Branislav.Rankov@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Evgenii Stepanov <eugenis@google.com>
Cc: Kevin Brodsky <kevin.brodsky@arm.com>
Cc: Marco Elver <elver@google.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 573a4809

arch/arm64/include/asm/memory.h

+1 −0
Original line number Diff line number Diff line
@@ -244,6 +244,7 @@ static inline const void *__tag_set(const void *addr, u8 tag) 


#ifdef CONFIG_KASAN_HW_TAGS

#define arch_enable_tagging()			mte_enable_kernel()

#define arch_set_tagging_report_once(state)	mte_set_report_once(state)

#define arch_init_tags(max_tag)			mte_init_tags(max_tag)

#define arch_get_random_tag()			mte_get_random_tag()

#define arch_get_mem_tag(addr)			mte_get_mem_tag(addr)

arch/arm64/include/asm/mte-kasan.h

+12 −0
Original line number Diff line number Diff line
@@ -32,6 +32,9 @@ void *mte_set_mem_tag_range(void *addr, size_t size, u8 tag); 
void mte_enable_kernel(void);

void mte_init_tags(u64 max_tag);



void mte_set_report_once(bool state);

bool mte_report_once(void);



#else /* CONFIG_ARM64_MTE */



static inline u8 mte_get_ptr_tag(void *ptr)
@@ -60,6 +63,15 @@ static inline void mte_init_tags(u64 max_tag) 
{

}



static inline void mte_set_report_once(bool state)

{

}



static inline bool mte_report_once(void)

{

	return false;

}



#endif /* CONFIG_ARM64_MTE */



#endif /* __ASSEMBLY__ */

arch/arm64/kernel/mte.c

+12 −0
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ 


u64 gcr_kernel_excl __ro_after_init;



static bool report_fault_once = true;



static void mte_sync_page_tags(struct page *page, pte_t *ptep, bool check_swap)

{

	pte_t old_pte = READ_ONCE(*ptep);
@@ -158,6 +160,16 @@ void mte_enable_kernel(void) 
	isb();

}



void mte_set_report_once(bool state)

{

	WRITE_ONCE(report_fault_once, state);

}



bool mte_report_once(void)

{

	return READ_ONCE(report_fault_once);

}



static void update_sctlr_el1_tcf0(u64 tcf0)

{

	/* ISB required for the kernel uaccess routines */

arch/arm64/mm/fault.c

+14 −6
Original line number Diff line number Diff line
@@ -302,12 +302,24 @@ static void die_kernel_fault(const char *msg, unsigned long addr, 
static void report_tag_fault(unsigned long addr, unsigned int esr,

			     struct pt_regs *regs)

{

	bool is_write  = ((esr & ESR_ELx_WNR) >> ESR_ELx_WNR_SHIFT) != 0;

	static bool reported;

	bool is_write;



	if (READ_ONCE(reported))

		return;



	/*

	 * This is used for KASAN tests and assumes that no MTE faults

	 * happened before running the tests.

	 */

	if (mte_report_once())

		WRITE_ONCE(reported, true);



	/*

	 * SAS bits aren't set for all faults reported in EL1, so we can't

	 * find out access size.

	 */

	is_write = !!(esr & ESR_ELx_WNR);

	kasan_report(addr, 0, is_write, regs->pc);

}

#else
@@ -319,12 +331,8 @@ static inline void report_tag_fault(unsigned long addr, unsigned int esr, 
static void do_tag_recovery(unsigned long addr, unsigned int esr,

			   struct pt_regs *regs)

{

	static bool reported;



	if (!READ_ONCE(reported)) {

	report_tag_fault(addr, esr, regs);

		WRITE_ONCE(reported, true);

	}



	/*

	 * Disable MTE Tag Checking on the local CPU for the current EL.

lib/Kconfig.kasan

+2 −2
Original line number Diff line number Diff line
@@ -190,11 +190,11 @@ config KASAN_KUNIT_TEST 
	  kernel debugging features like KASAN.



	  For more information on KUnit and unit tests in general, please refer

	  to the KUnit documentation in Documentation/dev-tools/kunit

	  to the KUnit documentation in Documentation/dev-tools/kunit.



config TEST_KASAN_MODULE

	tristate "KUnit-incompatible tests of KASAN bug detection capabilities"

	depends on m && KASAN

	depends on m && KASAN && !KASAN_HW_TAGS

	help

	  This is a part of the KASAN test suite that is incompatible with

	  KUnit. Currently includes tests that do bad copy_from/to_user