| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200918093656.GB6335@gaia>
Date: Fri, 18 Sep 2020 10:36:57 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Vincenzo Frascino <vincenzo.frascino@....com>
Cc: Andrey Konovalov <andreyknvl@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>, kasan-dev@...glegroups.com,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Marco Elver <elver@...gle.com>,
Evgenii Stepanov <eugenis@...gle.com>,
Elena Petrova <lenaptr@...gle.com>,
Branislav Rankov <Branislav.Rankov@....com>,
Kevin Brodsky <kevin.brodsky@....com>,
Will Deacon <will.deacon@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 22/37] arm64: mte: Add in-kernel MTE helpers
On Thu, Sep 17, 2020 at 03:21:41PM +0100, Vincenzo Frascino wrote:
> On 9/17/20 2:46 PM, Catalin Marinas wrote:
> > On Tue, Sep 15, 2020 at 11:16:04PM +0200, Andrey Konovalov wrote:
> >> diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
> >> index 52a0638ed967..e238ffde2679 100644
> >> --- a/arch/arm64/kernel/mte.c
> >> +++ b/arch/arm64/kernel/mte.c
> >> @@ -72,6 +74,52 @@ int memcmp_pages(struct page *page1, struct page *page2)
> >> return ret;
> >> }
> >>
> >> +u8 mte_get_mem_tag(void *addr)
> >> +{
> >> + if (system_supports_mte())
> >> + asm volatile(ALTERNATIVE("ldr %0, [%0]",
> >> + __MTE_PREAMBLE "ldg %0, [%0]",
> >> + ARM64_MTE)
> >> + : "+r" (addr));
> >
> > This doesn't do what you think it does. LDG indeed reads the tag from
> > memory but LDR loads the actual data at that address. Instead of the
> > first LDR, you may want something like "mov %0, #0xf << 56" (and use
> > some macros to avoid the hard-coded 56).
>
> The result of the load should never be used since it is meaningful only if
> system_supports_mte(). It should be only required for compilation purposes.
>
> Said that, I think I like more your solution hence I am going to adopt it.
Forgot to mention, please remove the system_supports_mte() if you use
ALTERNATIVE, we don't need both. I think the first asm instruction can
be a NOP since the kernel addresses without KASAN_HW or ARM64_MTE have
the top byte 0xff.
> >> +
> >> + return 0xF0 | mte_get_ptr_tag(addr);
> >> +}
> >> +
> >> +u8 mte_get_random_tag(void)
> >> +{
> >> + u8 tag = 0xF;
> >> + u64 addr = 0;
> >> +
> >> + if (system_supports_mte()) {
> >> + asm volatile(ALTERNATIVE("add %0, %0, %0",
> >> + __MTE_PREAMBLE "irg %0, %0",
> >> + ARM64_MTE)
> >> + : "+r" (addr));
> >
> > What was the intention here? The first ADD doubles the pointer value and
> > gets a tag out of it (possibly doubled as well, depends on the carry
> > from bit 55). Better use something like "orr %0, %0, #0xf << 56".
>
> Same as above but I will use the orr in the next version.
I wonder whether system_supports_mte() makes more sense here than the
alternative:
if (!system_supports_mte())
return 0xff;
... mte irg stuff ...
(you could do the same for the mte_get_mem_tag() function)
> >> +
> >> + tag = mte_get_ptr_tag(addr);
> >> + }
> >> +
> >> + return 0xF0 | tag;
> >
> > This function return seems inconsistent with the previous one. I'd
> > prefer the return line to be the same in both.
>
> The reason why it is different is that in this function extracting the tag from
> the address makes sense only if irg is executed.
>
> I can initialize addr to 0xf << 56 and make them the same.
I think you are right, they can be different. But see my comment above
about not doing the unnecessary shifting when all you want is to return
0xff with !MTE.
--
Catalin
Powered by blists - more mailing lists