• Catalin Marinas's avatar
    arm64: mte: Fix/clarify the PG_mte_tagged semantics · e059853d
    Catalin Marinas authored
    Currently the PG_mte_tagged page flag mostly means the page contains
    valid tags and it should be set after the tags have been cleared or
    restored. However, in mte_sync_tags() it is set before setting the tags
    to avoid, in theory, a race with concurrent mprotect(PROT_MTE) for
    shared pages. However, a concurrent mprotect(PROT_MTE) with a copy on
    write in another thread can cause the new page to have stale tags.
    Similarly, tag reading via ptrace() can read stale tags if the
    PG_mte_tagged flag is set before actually clearing/restoring the tags.
    
    Fix the PG_mte_tagged semantics so that it is only set after the tags
    have been cleared or restored. This is safe for swap restoring into a
    MAP_SHARED or CoW page since the core code takes the page lock. Add two
    functions to test and set the PG_mte_tagged flag with acquire and
    release semantics. The downside is that concurrent mprotect(PROT_MTE) on
    a MAP_SHARED page may cause tag loss. This is already the case for KVM
    guests if a VMM changes the page protection while the guest triggers a
    user_mem_abort().
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    [pcc@google.com: fix build with CONFIG_ARM64_MTE disabled]
    Signed-off-by: default avatarPeter Collingbourne <pcc@google.com>
    Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
    Reviewed-by: default avatarSteven Price <steven.price@arm.com>
    Cc: Will Deacon <will@kernel.org>
    Cc: Marc Zyngier <maz@kernel.org>
    Cc: Peter Collingbourne <pcc@google.com>
    Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
    Link: https://lore.kernel.org/r/20221104011041.290951-3-pcc@google.com
    e059853d
mte.c 15.6 KB