arm64 fixes:

- Correctly mask out bits 63:60 in a kernel tag check fault address (specified as unknown by the architecture). Previously they were just zeroed but for kernel pointers they need to be all ones. - Fix a panic (unexpected kernel BRK exception) caused by kprobes being reentered due to an interrupt. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmALIhIACgkQa9axLQDI XvGnLxAAsesFE4W3Kc9CSTv9cWBK3uQobR4j58iQtnQwXQiuOnxnwnFdEswDVI9L u1hDCD9u0D2AsJLdjh61sxlsks/Jr8LfKbICL0jFC2tjdqfOgy/JUXjOxN3eRL5z 5Iy41s+3HlfdZXmK7cq2zN/1QfVrvpjM0GH2FPd2tZCR8OOtK6IneFXCOj824m8S gZqrvTbem07mmNWS3MjjZUiL8FKNancCDrcE0CQ0CXZh/19kDzWxXf0lktYEH/Ax KWz2de8nqBuUnbib7ZQUf9caeaV6duUYFZGmQxb4eyWaU0ZhPCenOQeVbEs2Xu0w Nef131jJ0k7bZRBRpD2wlaOWDG5cu29Cr7cT/qYPs20RM8mR6SiAHBZAitvdlxRi VN8GQVDTgf+dt9TvnoywcuvH358cLBR35ewPrcQrMDc21d8KSfisjUZ5hnmK/0dW ZzNdmET7Ntdwew3zrKjRouEpA9yFgU/d54A2QaSx/oNNqQ/Gy8x5y/4Dcbub0k3t qki8R7AtznWWjLtMD5Q2v6pD9NyjtIkst17pwaUtVW/6tlWMgo2YqSipqiE6hAaF We84d2qb2vqiIaIW82SuORTixj1Ow26B2+x4+PZ8u6gZiMOUqjCBCYHm5tPDw5hS 7e46RsYoNj71jW+T0fTHsZ4HAvjXz/sWFHKsndwUDQYcWu2IYfE= =7H6e -----END PGP SIGNATURE----- Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Correctly mask out bits 63:60 in a kernel tag check fault address (specified as unknown by the architecture). Previously they were just zeroed but for kernel pointers they need to be all ones. - Fix a panic (unexpected kernel BRK exception) caused by kprobes being reentered due to an interrupt. * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: kprobes: Fix Uexpected kernel BRK exception at EL1 kasan, arm64: fix pointer tags in KASAN reports
2021-01-22 13:51:17 -08:00 · 2021-01-22 13:51:17 -08:00 · 1c304c77f7
commit 1c304c77f7
parent a9034304ff 75bd4bff30
2 changed files with 6 additions and 5 deletions
--- a/arch/arm64/kernel/probes/kprobes.c
+++ b/arch/arm64/kernel/probes/kprobes.c
@ -352,8 +352,8 @@ kprobe_breakpoint_ss_handler(struct pt_regs *regs, unsigned int esr)
 	unsigned long addr = instruction_pointer(regs);
 	struct kprobe *cur = kprobe_running();

-	if (cur && (kcb->kprobe_status == KPROBE_HIT_SS)
-	    && ((unsigned long)&cur->ainsn.api.insn[1] == addr)) {
+	if (cur && (kcb->kprobe_status & (KPROBE_HIT_SS | KPROBE_REENTER)) &&
+	    ((unsigned long)&cur->ainsn.api.insn[1] == addr)) {
 		kprobes_restore_local_irqflag(kcb, regs);
 		post_kprobe_handler(cur, kcb, regs);

--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@ -709,10 +709,11 @@ static int do_tag_check_fault(unsigned long far, unsigned int esr,
 			      struct pt_regs *regs)
 {
 	/*
-	 * The architecture specifies that bits 63:60 of FAR_EL1 are UNKNOWN for tag
-	 * check faults. Mask them out now so that userspace doesn't see them.
+	 * The architecture specifies that bits 63:60 of FAR_EL1 are UNKNOWN
+	 * for tag check faults. Set them to corresponding bits in the untagged
+	 * address.
 	 */
-	far &= (1UL << 60) - 1;
+	far = (__untagged_addr(far) & ~MTE_TAG_MASK) | (far & MTE_TAG_MASK);
 	do_bad_area(far, esr, regs);
 	return 0;
 }