Commit 637ec831 authored by Vincenzo Frascino's avatar Vincenzo Frascino Committed by Catalin Marinas
Browse files

arm64: mte: Handle synchronous and asynchronous tag check faults 



The Memory Tagging Extension has two modes of notifying a tag check
fault at EL0, configurable through the SCTLR_EL1.TCF0 field:

1. Synchronous raising of a Data Abort exception with DFSC 17.
2. Asynchronous setting of a cumulative bit in TFSRE0_EL1.

Add the exception handler for the synchronous exception and handling of
the asynchronous TFSRE0_EL1.TF0 bit setting via a new TIF flag in
do_notify_resume().

On a tag check failure in user-space, whether synchronous or
asynchronous, a SIGSEGV will be raised on the faulting thread.

Signed-off-by: default avatarVincenzo Frascino <vincenzo.frascino@arm.com>
Co-developed-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
parent 74f10824

arch/arm64/include/asm/mte.h

0 → 100644
+23 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * Copyright (C) 2020 ARM Ltd.

 */

#ifndef __ASM_MTE_H

#define __ASM_MTE_H



#ifndef __ASSEMBLY__



#ifdef CONFIG_ARM64_MTE



void flush_mte_state(void);



#else



static inline void flush_mte_state(void)

{

}



#endif



#endif /* __ASSEMBLY__ */

#endif /* __ASM_MTE_H  */

arch/arm64/include/asm/thread_info.h

+3 −1
Original line number Diff line number Diff line
@@ -67,6 +67,7 @@ void arch_release_task_struct(struct task_struct *tsk); 
#define TIF_FOREIGN_FPSTATE	3	/* CPU's FP state is not current's */

#define TIF_UPROBE		4	/* uprobe breakpoint or singlestep */

#define TIF_FSCHECK		5	/* Check FS is USER_DS on return */

#define TIF_MTE_ASYNC_FAULT	6	/* MTE Asynchronous Tag Check Fault */

#define TIF_SYSCALL_TRACE	8	/* syscall trace active */

#define TIF_SYSCALL_AUDIT	9	/* syscall auditing */

#define TIF_SYSCALL_TRACEPOINT	10	/* syscall tracepoint for ftrace */
@@ -96,10 +97,11 @@ void arch_release_task_struct(struct task_struct *tsk); 
#define _TIF_SINGLESTEP		(1 << TIF_SINGLESTEP)

#define _TIF_32BIT		(1 << TIF_32BIT)

#define _TIF_SVE		(1 << TIF_SVE)

#define _TIF_MTE_ASYNC_FAULT	(1 << TIF_MTE_ASYNC_FAULT)



#define _TIF_WORK_MASK		(_TIF_NEED_RESCHED | _TIF_SIGPENDING | \

				 _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \

				 _TIF_UPROBE | _TIF_FSCHECK)

				 _TIF_UPROBE | _TIF_FSCHECK | _TIF_MTE_ASYNC_FAULT)



#define _TIF_SYSCALL_WORK	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \

				 _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \

arch/arm64/kernel/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o 
obj-$(CONFIG_ARM64_SSBD)		+= ssbd.o

obj-$(CONFIG_ARM64_PTR_AUTH)		+= pointer_auth.o

obj-$(CONFIG_SHADOW_CALL_STACK)		+= scs.o

obj-$(CONFIG_ARM64_MTE)			+= mte.o



obj-y					+= vdso/ probes/

obj-$(CONFIG_COMPAT_VDSO)		+= vdso32/

arch/arm64/kernel/entry.S

+37 −0
Original line number Diff line number Diff line
@@ -149,6 +149,32 @@ alternative_cb_end 
#endif

	.endm



	/* Check for MTE asynchronous tag check faults */

	.macro check_mte_async_tcf, flgs, tmp

#ifdef CONFIG_ARM64_MTE

alternative_if_not ARM64_MTE

	b	1f

alternative_else_nop_endif

	mrs_s	\tmp, SYS_TFSRE0_EL1

	tbz	\tmp, #SYS_TFSR_EL1_TF0_SHIFT, 1f

	/* Asynchronous TCF occurred for TTBR0 access, set the TI flag */

	orr	\flgs, \flgs, #_TIF_MTE_ASYNC_FAULT

	str	\flgs, [tsk, #TSK_TI_FLAGS]

	msr_s	SYS_TFSRE0_EL1, xzr

1:

#endif

	.endm



	/* Clear the MTE asynchronous tag check faults */

	.macro clear_mte_async_tcf

#ifdef CONFIG_ARM64_MTE

alternative_if ARM64_MTE

	dsb	ish

	msr_s	SYS_TFSRE0_EL1, xzr

alternative_else_nop_endif

#endif

	.endm



	.macro	kernel_entry, el, regsize = 64

	.if	\regsize == 32

	mov	w0, w0				// zero upper 32 bits of x0
@@ -182,6 +208,8 @@ alternative_cb_end 
	ldr	x19, [tsk, #TSK_TI_FLAGS]

	disable_step_tsk x19, x20



	/* Check for asynchronous tag check faults in user space */

	check_mte_async_tcf x19, x22

	apply_ssbd 1, x22, x23



	ptrauth_keys_install_kernel tsk, x20, x22, x23
@@ -233,6 +261,13 @@ alternative_if ARM64_HAS_IRQ_PRIO_MASKING 
	str	x20, [sp, #S_PMR_SAVE]

alternative_else_nop_endif



	/* Re-enable tag checking (TCO set on exception entry) */

#ifdef CONFIG_ARM64_MTE

alternative_if ARM64_MTE

	SET_PSTATE_TCO(0)

alternative_else_nop_endif

#endif



	/*

	 * Registers that may be useful after this macro is invoked:

	 *
@@ -744,6 +779,8 @@ SYM_CODE_START_LOCAL(ret_to_user) 
	and	x2, x1, #_TIF_WORK_MASK

	cbnz	x2, work_pending

finish_ret_to_user:

	/* Ignore asynchronous tag check faults in the uaccess routines */

	clear_mte_async_tcf

	enable_step_tsk x1, x2

#ifdef CONFIG_GCC_PLUGIN_STACKLEAK

	bl	stackleak_erase

arch/arm64/kernel/mte.c

0 → 100644
+21 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0-only

/*

 * Copyright (C) 2020 ARM Ltd.

 */



#include <linux/thread_info.h>



#include <asm/cpufeature.h>

#include <asm/mte.h>

#include <asm/sysreg.h>



void flush_mte_state(void)

{

	if (!system_supports_mte())

		return;



	/* clear any pending asynchronous tag fault */

	dsb(ish);

	write_sysreg_s(0, SYS_TFSRE0_EL1);

	clear_thread_flag(TIF_MTE_ASYNC_FAULT);

}