[PATCH 0/5] arm64: ARMv8.7-A: MTE: Add asymm mode support

0 views
Skip to first unread message

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:41 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
This series implements the asymmetric mode support for ARMv8.7-A Memory
Tagging Extension (MTE), which is a debugging feature that allows to
detect with the help of the architecture the C and C++ programmatic
memory errors like buffer overflow, use-after-free, use-after-return, etc.

MTE is built on top of the AArch64 v8.0 virtual address tagging TBI
(Top Byte Ignore) feature and allows a task to set a 4 bit tag on any
subset of its address space that is multiple of a 16 bytes granule. MTE
is based on a lock-key mechanism where the lock is the tag associated to
the physical memory and the key is the tag associated to the virtual
address.

When MTE is enabled and tags are set for ranges of address space of a task,
the PE will compare the tag related to the physical memory with the tag
related to the virtual address (tag check operation). Access to the memory
is granted only if the two tags match. In case of mismatch the PE will raise
an exception.

When asymmetric mode is present, the CPU triggers a fault on a tag mismatch
during a load operation and asynchronously updates a register when a tag
mismatch is detected during a store operation.

The series is based on linux-v5.15-rc1.

To simplify the testing a tree with the new patches on top has been made
available at [1].

[1] https://git.gitlab.arm.com/linux-arm/linux-vf.git mte/v1.asymm

Cc: Andrew Morton <ak...@linux-foundation.org>
Cc: Catalin Marinas <catalin...@arm.com>
Cc: Will Deacon <wi...@kernel.org>
Cc: Dmitry Vyukov <dvy...@google.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Alexander Potapenko <gli...@google.com>
Cc: Marco Elver <el...@google.com>
Cc: Evgenii Stepanov <eug...@google.com>
Cc: Branislav Rankov <Branisla...@arm.com>
Cc: Andrey Konovalov <andre...@gmail.com>
Cc: Lorenzo Pieralisi <lorenzo....@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>

Vincenzo Frascino (5):
kasan: Remove duplicate of kasan_flag_async
arm64: mte: Bitfield definitions for Asymm MTE
arm64: mte: CPU feature detection for Asymm MTE
arm64: mte: Add asymmetric mode support
kasan: Extend KASAN mode kernel parameter

Documentation/dev-tools/kasan.rst | 10 ++++++++--
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/mte-kasan.h | 5 +++++
arch/arm64/include/asm/sysreg.h | 3 +++
arch/arm64/kernel/cpufeature.c | 10 ++++++++++
arch/arm64/kernel/mte.c | 26 ++++++++++++++++++++++++++
arch/arm64/tools/cpucaps | 1 +
mm/kasan/hw_tags.c | 27 ++++++++++++++++++++++-----
mm/kasan/kasan.h | 7 +++++--
9 files changed, 81 insertions(+), 9 deletions(-)

--
2.33.0

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:43 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
After merging async mode for KASAN_HW_TAGS a duplicate of the
kasan_flag_async flag was left erroneously inside the code.

Remove the duplicate.

Note: This change does not bring functional changes to the code
base.

Cc: Dmitry Vyukov <dvy...@google.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Alexander Potapenko <gli...@google.com>
Cc: Marco Elver <el...@google.com>
Cc: Evgenii Stepanov <eug...@google.com>
Cc: Andrey Konovalov <andre...@gmail.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>
---
mm/kasan/kasan.h | 2 --
1 file changed, 2 deletions(-)

diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 8bf568a80eb8..3639e7c8bb98 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -38,8 +38,6 @@ static inline bool kasan_async_mode_enabled(void)

#endif

-extern bool kasan_flag_async __ro_after_init;
-
#if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
#define KASAN_GRANULE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT)
#else
--
2.33.0

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:45 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
Add Asymmetric Memory Tagging Extension bitfield definitions.

Cc: Will Deacon <wi...@kernel.org>
Cc: Catalin Marinas <catalin...@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>
---
arch/arm64/include/asm/sysreg.h | 3 +++
1 file changed, 3 insertions(+)

diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index b268082d67ed..f51d5912b41c 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -621,6 +621,7 @@
#define SCTLR_ELx_TCF_NONE (UL(0x0) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_SYNC (UL(0x1) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_ASYNC (UL(0x2) << SCTLR_ELx_TCF_SHIFT)
+#define SCTLR_ELx_TCF_ASYMM (UL(0x3) << SCTLR_ELx_TCF_SHIFT)
#define SCTLR_ELx_TCF_MASK (UL(0x3) << SCTLR_ELx_TCF_SHIFT)

#define SCTLR_ELx_ENIA_SHIFT 31
@@ -666,6 +667,7 @@
#define SCTLR_EL1_TCF0_NONE (UL(0x0) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_SYNC (UL(0x1) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_ASYNC (UL(0x2) << SCTLR_EL1_TCF0_SHIFT)
+#define SCTLR_EL1_TCF0_ASYMM (UL(0x3) << SCTLR_EL1_TCF0_SHIFT)
#define SCTLR_EL1_TCF0_MASK (UL(0x3) << SCTLR_EL1_TCF0_SHIFT)

#define SCTLR_EL1_BT1 (BIT(36))
@@ -807,6 +809,7 @@
#define ID_AA64PFR1_MTE_NI 0x0
#define ID_AA64PFR1_MTE_EL0 0x1
#define ID_AA64PFR1_MTE 0x2
+#define ID_AA64PFR1_MTE_ASYMM 0x3

/* id_aa64zfr0 */
#define ID_AA64ZFR0_F64MM_SHIFT 56
--
2.33.0

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:48 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi, Suzuki K Poulose
Add the cpufeature entries to detect the presence of Asymmetric MTE.

Note: The tag checking mode is initialized via cpu_enable_mte() ->
kasan_init_hw_tags() hence to enable it we require asymmetric mode
to be at least on the boot CPU. If the boot CPU does not have it, it is
fine for late CPUs to have it as long as the feature is not enabled
(ARM64_CPUCAP_BOOT_CPU_FEATURE).

Cc: Will Deacon <wi...@kernel.org>
Cc: Catalin Marinas <catalin...@arm.com>
Cc: Suzuki K Poulose <Suzuki....@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>
---
arch/arm64/kernel/cpufeature.c | 10 ++++++++++
arch/arm64/tools/cpucaps | 1 +
2 files changed, 11 insertions(+)

diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index f8a3067d10c6..a18774071a45 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2317,6 +2317,16 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.sign = FTR_UNSIGNED,
.cpu_enable = cpu_enable_mte,
},
+ {
+ .desc = "Asymmetric Memory Tagging Extension",
+ .capability = ARM64_MTE_ASYMM,
+ .type = ARM64_CPUCAP_BOOT_CPU_FEATURE,
+ .matches = has_cpuid_feature,
+ .sys_reg = SYS_ID_AA64PFR1_EL1,
+ .field_pos = ID_AA64PFR1_MTE_SHIFT,
+ .min_field_value = ID_AA64PFR1_MTE_ASYMM,
+ .sign = FTR_UNSIGNED,
+ },
#endif /* CONFIG_ARM64_MTE */
{
.desc = "RCpc load-acquire (LDAPR)",
diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps
index 49305c2e6dfd..74a569bf52d6 100644
--- a/arch/arm64/tools/cpucaps
+++ b/arch/arm64/tools/cpucaps
@@ -39,6 +39,7 @@ HW_DBM
KVM_PROTECTED_MODE
MISMATCHED_CACHE_TYPE
MTE
+MTE_ASYMM
SPECTRE_V2
SPECTRE_V3A
SPECTRE_V4
--
2.33.0

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:49 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
MTE provides an asymmetric mode for detecting tag exceptions. In
particular, when such a mode is present, the CPU triggers a fault
on a tag mismatch during a load operation and asynchronously updates
a register when a tag mismatch is detected during a store operation.

Add support for MTE asymmetric mode.

Note: If the CPU does not support MTE asymmetric mode the kernel falls
back on synchronous mode which is the default for kasan=on.

Cc: Will Deacon <wi...@kernel.org>
Cc: Catalin Marinas <catalin...@arm.com>
Cc: Andrey Konovalov <andre...@gmail.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>
---
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/include/asm/mte-kasan.h | 5 +++++
arch/arm64/kernel/mte.c | 26 ++++++++++++++++++++++++++
3 files changed, 32 insertions(+)

diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index f1745a843414..1b9a1e242612 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -243,6 +243,7 @@ static inline const void *__tag_set(const void *addr, u8 tag)
#ifdef CONFIG_KASAN_HW_TAGS
#define arch_enable_tagging_sync() mte_enable_kernel_sync()
#define arch_enable_tagging_async() mte_enable_kernel_async()
+#define arch_enable_tagging_asymm() mte_enable_kernel_asymm()
#define arch_force_async_tag_fault() mte_check_tfsr_exit()
#define arch_get_random_tag() mte_get_random_tag()
#define arch_get_mem_tag(addr) mte_get_mem_tag(addr)
diff --git a/arch/arm64/include/asm/mte-kasan.h b/arch/arm64/include/asm/mte-kasan.h
index 22420e1f8c03..478b9bcf69ad 100644
--- a/arch/arm64/include/asm/mte-kasan.h
+++ b/arch/arm64/include/asm/mte-kasan.h
@@ -130,6 +130,7 @@ static inline void mte_set_mem_tag_range(void *addr, size_t size, u8 tag,

void mte_enable_kernel_sync(void);
void mte_enable_kernel_async(void);
+void mte_enable_kernel_asymm(void);

#else /* CONFIG_ARM64_MTE */

@@ -161,6 +162,10 @@ static inline void mte_enable_kernel_async(void)
{
}

+static inline void mte_enable_kernel_asymm(void)
+{
+}
+
#endif /* CONFIG_ARM64_MTE */

#endif /* __ASSEMBLY__ */
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index 9d314a3bad3b..ef5484ecb2da 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -137,6 +137,32 @@ void mte_enable_kernel_async(void)
if (!system_uses_mte_async_mode())
static_branch_enable(&mte_async_mode);
}
+
+void mte_enable_kernel_asymm(void)
+{
+ if (cpus_have_cap(ARM64_MTE_ASYMM)) {
+ __mte_enable_kernel("asymmetric", SCTLR_ELx_TCF_ASYMM);
+
+ /*
+ * MTE asymm mode behaves as async mode for store
+ * operations. The mode is set system wide by the
+ * first PE that executes this function.
+ *
+ * Note: If in future KASAN acquires a runtime switching
+ * mode in between sync and async, this strategy needs
+ * to be reviewed.
+ */
+ if (!system_uses_mte_async_mode())
+ static_branch_enable(&mte_async_mode);
+ } else {
+ /*
+ * If the CPU does not support MTE asymmetric mode the
+ * kernel falls back on synchronous mode which is the
+ * default for kasan=on.
+ */
+ mte_enable_kernel_sync();
+ }
+}
#endif

#ifdef CONFIG_KASAN_HW_TAGS
--
2.33.0

Vincenzo Frascino

unread,
Sep 13, 2021, 4:14:51 AMSep 13
to linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, vincenzo...@arm.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
Architectures supported by KASAN_HW_TAGS can provide an asymmetric mode
of execution. On an MTE enabled arm64 hw for example this can be
identified with the asymmetric tagging mode of execution. In particular,
when such a mode is present, the CPU triggers a fault on a tag mismatch
during a load operation and asynchronously updates a register when a tag
mismatch is detected during a store operation.

Extend the KASAN HW execution mode kernel command line parameter to
support asymmetric mode.

Cc: Dmitry Vyukov <dvy...@google.com>
Cc: Andrey Ryabinin <arya...@virtuozzo.com>
Cc: Alexander Potapenko <gli...@google.com>
Cc: Andrey Konovalov <andre...@gmail.com>
Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>
---
Documentation/dev-tools/kasan.rst | 10 ++++++++--
mm/kasan/hw_tags.c | 27 ++++++++++++++++++++++-----
mm/kasan/kasan.h | 5 +++++
3 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
index 21dc03bc10a4..7f43e603bfbe 100644
--- a/Documentation/dev-tools/kasan.rst
+++ b/Documentation/dev-tools/kasan.rst
@@ -194,14 +194,20 @@ additional boot parameters that allow disabling KASAN or controlling features:

- ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``).

-- ``kasan.mode=sync`` or ``=async`` controls whether KASAN is configured in
- synchronous or asynchronous mode of execution (default: ``sync``).
+- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN
+ is configured in synchronous, asynchronous or asymmetric mode of
+ execution (default: ``sync``).
Synchronous mode: a bad access is detected immediately when a tag
check fault occurs.
Asynchronous mode: a bad access detection is delayed. When a tag check
fault occurs, the information is stored in hardware (in the TFSR_EL1
register for arm64). The kernel periodically checks the hardware and
only reports tag faults during these checks.
+ Asymmetric mode: a bad access is detected immediately when a tag
+ check fault occurs during a load operation and its detection is
+ delayed during a store operation. For the store operations the kernel
+ periodically checks the hardware and only reports tag faults during
+ these checks.

- ``kasan.stacktrace=off`` or ``=on`` disables or enables alloc and free stack
traces collection (default: ``on``).
diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c
index 05d1e9460e2e..87eb7aa13918 100644
--- a/mm/kasan/hw_tags.c
+++ b/mm/kasan/hw_tags.c
@@ -29,6 +29,7 @@ enum kasan_arg_mode {
KASAN_ARG_MODE_DEFAULT,
KASAN_ARG_MODE_SYNC,
KASAN_ARG_MODE_ASYNC,
+ KASAN_ARG_MODE_ASYMM,
};

enum kasan_arg_stacktrace {
@@ -49,6 +50,10 @@ EXPORT_SYMBOL(kasan_flag_enabled);
bool kasan_flag_async __ro_after_init;
EXPORT_SYMBOL_GPL(kasan_flag_async);

+/* Whether the asymmetric mode is enabled. */
+bool kasan_flag_asymm __ro_after_init;
+EXPORT_SYMBOL_GPL(kasan_flag_asymm);
+
/* Whether to collect alloc/free stack traces. */
DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace);

@@ -69,7 +74,7 @@ static int __init early_kasan_flag(char *arg)
}
early_param("kasan", early_kasan_flag);

-/* kasan.mode=sync/async */
+/* kasan.mode=sync/async/asymm */
static int __init early_kasan_mode(char *arg)
{
if (!arg)
@@ -79,6 +84,8 @@ static int __init early_kasan_mode(char *arg)
kasan_arg_mode = KASAN_ARG_MODE_SYNC;
else if (!strcmp(arg, "async"))
kasan_arg_mode = KASAN_ARG_MODE_ASYNC;
+ else if (!strcmp(arg, "asymm"))
+ kasan_arg_mode = KASAN_ARG_MODE_ASYMM;
else
return -EINVAL;

@@ -116,11 +123,13 @@ void kasan_init_hw_tags_cpu(void)
return;

/*
- * Enable async mode only when explicitly requested through
- * the command line.
+ * Enable async or asymm modes only when explicitly requested
+ * through the command line.
*/
if (kasan_arg_mode == KASAN_ARG_MODE_ASYNC)
hw_enable_tagging_async();
+ else if (kasan_arg_mode == KASAN_ARG_MODE_ASYMM)
+ hw_enable_tagging_asymm();
else
hw_enable_tagging_sync();
}
@@ -143,16 +152,24 @@ void __init kasan_init_hw_tags(void)
case KASAN_ARG_MODE_DEFAULT:
/*
* Default to sync mode.
- * Do nothing, kasan_flag_async keeps its default value.
+ * Do nothing, kasan_flag_async and kasan_flag_asymm keep
+ * their default values.
*/
break;
case KASAN_ARG_MODE_SYNC:
- /* Do nothing, kasan_flag_async keeps its default value. */
+ /*
+ * Do nothing, kasan_flag_async and kasan_flag_asymm keep
+ * their default values.
+ */
break;
case KASAN_ARG_MODE_ASYNC:
/* Async mode enabled. */
kasan_flag_async = true;
break;
+ case KASAN_ARG_MODE_ASYMM:
+ /* Asymm mode enabled. */
+ kasan_flag_asymm = true;
+ break;
}

switch (kasan_arg_stacktrace) {
diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
index 3639e7c8bb98..a8be62058d32 100644
--- a/mm/kasan/kasan.h
+++ b/mm/kasan/kasan.h
@@ -287,6 +287,9 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)
#ifndef arch_enable_tagging_async
#define arch_enable_tagging_async()
#endif
+#ifndef arch_enable_tagging_asymm
+#define arch_enable_tagging_asymm()
+#endif
#ifndef arch_force_async_tag_fault
#define arch_force_async_tag_fault()
#endif
@@ -302,6 +305,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)

#define hw_enable_tagging_sync() arch_enable_tagging_sync()
#define hw_enable_tagging_async() arch_enable_tagging_async()
+#define hw_enable_tagging_asymm() arch_enable_tagging_asymm()
#define hw_force_async_tag_fault() arch_force_async_tag_fault()
#define hw_get_random_tag() arch_get_random_tag()
#define hw_get_mem_tag(addr) arch_get_mem_tag(addr)
@@ -312,6 +316,7 @@ static inline const void *arch_kasan_set_tag(const void *addr, u8 tag)

#define hw_enable_tagging_sync()
#define hw_enable_tagging_async()
+#define hw_enable_tagging_asymm()

#endif /* CONFIG_KASAN_HW_TAGS */

--
2.33.0

Marco Elver

unread,
Sep 16, 2021, 6:43:51 AMSep 16
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, 13 Sept 2021 at 10:14, Vincenzo Frascino
Shouldn't kasan.h also define kasan_asymm_mode_enabled() similar to
kasan_async_mode_enabled()?

And based on that, also use it where kasan_async_mode_enabled() is
used in tests to ensure the tests do not fail. Otherwise, there is no
purpose for kasan_flag_asymm.

Thanks,
-- Marco

Vincenzo Frascino

unread,
Sep 20, 2021, 3:46:19 AMSep 20
to Marco Elver, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
Hi Marco,

On 9/16/21 12:43 PM, Marco Elver wrote:
>> + case KASAN_ARG_MODE_ASYMM:
>> + /* Asymm mode enabled. */
>> + kasan_flag_asymm = true;
>> + break;
>> }
>>
>> switch (kasan_arg_stacktrace) {
>> diff --git a/mm/kasan/kasan.h b/mm/kasan/kasan.h
>> index 3639e7c8bb98..a8be62058d32 100644
>> --- a/mm/kasan/kasan.h
>> +++ b/mm/kasan/kasan.h
> Shouldn't kasan.h also define kasan_asymm_mode_enabled() similar to
> kasan_async_mode_enabled()?
>
> And based on that, also use it where kasan_async_mode_enabled() is
> used in tests to ensure the tests do not fail. Otherwise, there is no
> purpose for kasan_flag_asymm.
>

I was not planning to have the tests shipped as part of this series, they will
come in a future one.

For what concerns kasan_flag_asymm, I agree with you it is meaningful only if
the tests are implemented hence I will remove it in v2.

Thanks for pointing this out.

> Thanks,
> -- Marco
>

--
Regards,
Vincenzo

Catalin Marinas

unread,
Sep 20, 2021, 11:31:10 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 09:14:20AM +0100, Vincenzo Frascino wrote:
> After merging async mode for KASAN_HW_TAGS a duplicate of the
> kasan_flag_async flag was left erroneously inside the code.
>
> Remove the duplicate.
>
> Note: This change does not bring functional changes to the code
> base.
>
> Cc: Dmitry Vyukov <dvy...@google.com>
> Cc: Andrey Ryabinin <arya...@virtuozzo.com>
> Cc: Alexander Potapenko <gli...@google.com>
> Cc: Marco Elver <el...@google.com>
> Cc: Evgenii Stepanov <eug...@google.com>
> Cc: Andrey Konovalov <andre...@gmail.com>
> Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>

Acked-by: Catalin Marinas <catalin...@arm.com>

Catalin Marinas

unread,
Sep 20, 2021, 11:31:22 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 09:14:21AM +0100, Vincenzo Frascino wrote:
> Add Asymmetric Memory Tagging Extension bitfield definitions.
>
> Cc: Will Deacon <wi...@kernel.org>
> Cc: Catalin Marinas <catalin...@arm.com>
> Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>

Acked-by: Catalin Marinas <catalin...@arm.com>

Catalin Marinas

unread,
Sep 20, 2021, 11:31:40 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi, Suzuki K Poulose
On Mon, Sep 13, 2021 at 09:14:22AM +0100, Vincenzo Frascino wrote:
> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> index f8a3067d10c6..a18774071a45 100644
> --- a/arch/arm64/kernel/cpufeature.c
> +++ b/arch/arm64/kernel/cpufeature.c
> @@ -2317,6 +2317,16 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
> .sign = FTR_UNSIGNED,
> .cpu_enable = cpu_enable_mte,
> },
> + {
> + .desc = "Asymmetric Memory Tagging Extension",

I'd give this a better name as it's not entirely clear what it does. In
the ARM ARM this is described as "asymmetric Tag Check Fault handling".
Maybe just rename it to "Asymmetric MTE Tag Check Fault". Similarly in
the Kconfig if you added one.

Otherwise:

Reviewed-by: Catalin Marinas <catalin...@arm.com>

Catalin Marinas

unread,
Sep 20, 2021, 11:31:53 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 09:14:23AM +0100, Vincenzo Frascino wrote:
> MTE provides an asymmetric mode for detecting tag exceptions. In
> particular, when such a mode is present, the CPU triggers a fault
> on a tag mismatch during a load operation and asynchronously updates
> a register when a tag mismatch is detected during a store operation.
>
> Add support for MTE asymmetric mode.
>
> Note: If the CPU does not support MTE asymmetric mode the kernel falls
> back on synchronous mode which is the default for kasan=on.
>
> Cc: Will Deacon <wi...@kernel.org>
> Cc: Catalin Marinas <catalin...@arm.com>
> Cc: Andrey Konovalov <andre...@gmail.com>
> Signed-off-by: Vincenzo Frascino <vincenzo...@arm.com>

Reviewed-by: Catalin Marinas <catalin...@arm.com>

Catalin Marinas

unread,
Sep 20, 2021, 11:32:07 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 09:14:24AM +0100, Vincenzo Frascino wrote:
> diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst
> index 21dc03bc10a4..7f43e603bfbe 100644
> --- a/Documentation/dev-tools/kasan.rst
> +++ b/Documentation/dev-tools/kasan.rst
> @@ -194,14 +194,20 @@ additional boot parameters that allow disabling KASAN or controlling features:
>
> - ``kasan=off`` or ``=on`` controls whether KASAN is enabled (default: ``on``).
>
> -- ``kasan.mode=sync`` or ``=async`` controls whether KASAN is configured in
> - synchronous or asynchronous mode of execution (default: ``sync``).
> +- ``kasan.mode=sync``, ``=async`` or ``=asymm`` controls whether KASAN
> + is configured in synchronous, asynchronous or asymmetric mode of
> + execution (default: ``sync``).
> Synchronous mode: a bad access is detected immediately when a tag
> check fault occurs.
> Asynchronous mode: a bad access detection is delayed. When a tag check
> fault occurs, the information is stored in hardware (in the TFSR_EL1
> register for arm64). The kernel periodically checks the hardware and
> only reports tag faults during these checks.
> + Asymmetric mode: a bad access is detected immediately when a tag
> + check fault occurs during a load operation and its detection is
> + delayed during a store operation. For the store operations the kernel
> + periodically checks the hardware and only reports tag faults during
> + these checks.

Nitpick: I'd simply refer to the sync/async which already describe what
the kernel and hardware does, something like the tag checks synchronous
on reads and asynchronous on writes.

Suzuki K Poulose

unread,
Sep 20, 2021, 11:42:02 AMSep 20
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
FWIW, the selected type works for the described use case.

Reviewed-by: Suzuki K Poulose <suzuki....@arm.com>

Peter Collingbourne

unread,
Sep 20, 2021, 5:29:58 PMSep 20
to Vincenzo Frascino, Linux ARM, Linux Kernel Mailing List, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 1:21 AM Vincenzo Frascino
<vincenzo...@arm.com> wrote:
>
> This series implements the asymmetric mode support for ARMv8.7-A Memory
> Tagging Extension (MTE), which is a debugging feature that allows to
> detect with the help of the architecture the C and C++ programmatic
> memory errors like buffer overflow, use-after-free, use-after-return, etc.

Unless I'm missing something, it looks like this only includes KASAN
support and not userspace support. Is userspace support coming in a
separate patch?

The fact that this only includes KASAN support should probably be in
the commit messages as well.

Peter

Vincenzo Frascino

unread,
Sep 21, 2021, 3:02:59 AMSep 21
to Peter Collingbourne, Linux ARM, Linux Kernel Mailing List, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
Good catch, I forgot to mention that this series is meant only for in-kernel
support. I will update the cover in the next iteration.

Thanks!

> Peter
>

--
Regards,
Vincenzo

Will Deacon

unread,
Sep 29, 2021, 11:49:14 AMSep 29
to Vincenzo Frascino, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Catalin Marinas, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
I'm surprised not to see any update to:

Documentation/arm64/memory-tagging-extension.rst

particularly regarding the per-cpu preferred tag checking modes. Is
asymmetric mode not supported there?

Will

Andrey Konovalov

unread,
Oct 3, 2021, 1:13:07 PMOct 3
to Vincenzo Frascino, Linux ARM, LKML, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Lorenzo Pieralisi
Reviewed-by: Andrey Konovalov <andre...@gmail.com>

Andrey Konovalov

unread,
Oct 3, 2021, 1:15:48 PMOct 3
to Vincenzo Frascino, Linux ARM, LKML, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Lorenzo Pieralisi
On Mon, Sep 13, 2021 at 10:14 AM Vincenzo Frascino
<vincenzo...@arm.com> wrote:
>
This part is confusing: mte_async_mode gets enabled for the asymm
mode, which contradicts the comment next to the mte_async_mode
definition.

Andrey Konovalov

unread,
Oct 3, 2021, 1:16:16 PMOct 3
to Vincenzo Frascino, Marco Elver, Linux ARM, LKML, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Evgenii Stepanov, Branislav Rankov, Lorenzo Pieralisi
Hi Vincenzo,

Up till now, the code assumes that not having the async mode enabled
means that the sync mode is enabled. There are two callers to
kasan_async_mode_enabled(): lib/test_kasan.c and mm/kasan/report.c.
Assuming tests support will be added later, at least the second one
should be adjusted.

Maybe we should rename kasan_async_mode_enabled() to
kasan_async_fault_possible(), make it return true for both async and
asymm modes, and use that in mm/kasan/report.c. And also add
kasan_sync_fault_possible() returning true for sync and asymm, and use
that in lib/test_kasan.c. (However, it seems that the tests don't work
with async faults right now.)

Thanks!

Vincenzo Frascino

unread,
Oct 4, 2021, 11:16:52 AMOct 4
to Will Deacon, linux-ar...@lists.infradead.org, linux-...@vger.kernel.org, kasa...@googlegroups.com, Andrew Morton, Catalin Marinas, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Andrey Konovalov, Lorenzo Pieralisi
Hi Will,

sorry for the late reply but I am on sabbatical :)

On 9/29/21 5:49 PM, Will Deacon wrote:
> I'm surprised not to see any update to:
>
> Documentation/arm64/memory-tagging-extension.rst
>
> particularly regarding the per-cpu preferred tag checking modes. Is
> asymmetric mode not supported there?
>

The document that you are pointing out covers the userspace support, this series
introduces the in-kernel support only for asymmetric MTE. The userspace bits for
asymm will be added with a future series.

The confusion comes from the fact, as Peter correctly pointed already, that I
forgot to mention this vital info in the cover letter. Sorry about that I will
make sure that this is addressed in v2.

Thanks!

> Will

--
Regards,
Vincenzo

Vincenzo Frascino

unread,
Oct 4, 2021, 11:39:04 AMOct 4
to Andrey Konovalov, Linux ARM, LKML, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Marco Elver, Evgenii Stepanov, Branislav Rankov, Lorenzo Pieralisi
Hi Andrey,

On 10/3/21 7:15 PM, Andrey Konovalov wrote:
> This part is confusing: mte_async_mode gets enabled for the asymm
> mode, which contradicts the comment next to the mte_async_mode
> definition.

Good point I will fix the comment near by the mte_async_mode definition.

Thanks!

--
Regards,
Vincenzo

Vincenzo Frascino

unread,
Oct 4, 2021, 11:45:28 AMOct 4
to Andrey Konovalov, Marco Elver, Linux ARM, LKML, kasan-dev, Andrew Morton, Catalin Marinas, Will Deacon, Dmitry Vyukov, Andrey Ryabinin, Alexander Potapenko, Evgenii Stepanov, Branislav Rankov, Lorenzo Pieralisi
Hi Andrey,

On 10/3/21 7:16 PM, Andrey Konovalov wrote:
> Hi Vincenzo,
>
> Up till now, the code assumes that not having the async mode enabled
> means that the sync mode is enabled. There are two callers to
> kasan_async_mode_enabled(): lib/test_kasan.c and mm/kasan/report.c.
> Assuming tests support will be added later, at least the second one
> should be adjusted.
>
> Maybe we should rename kasan_async_mode_enabled() to
> kasan_async_fault_possible(), make it return true for both async and
> asymm modes, and use that in mm/kasan/report.c. And also add
> kasan_sync_fault_possible() returning true for sync and asymm, and use
> that in lib/test_kasan.c. (However, it seems that the tests don't work
> with async faults right now.)
>

It is ok by me, I will add the changes you are mentioning in v2.

> Thanks!

--
Regards,
Vincenzo
Reply all
Reply to author
Forward
0 new messages