On Tue, Sep 15, 2020 at 11:16:06PM +0200, Andrey Konovalov wrote:
> static int do_tag_check_fault(unsigned long addr, unsigned int esr,
> struct pt_regs *regs)
> {
> - do_bad_area(addr, esr, regs);
> + /* The tag check fault (TCF) is per TTBR */
> + if (is_ttbr0_addr(addr))
> + do_bad_area(addr, esr, regs);
> + else
> + do_tag_recovery(addr, esr, regs);
> +
> return 0;
> }
I had forgotten the details here. The TCF mode is per EL, so TCF0
affects EL0, TCF affects EL1 irrespective of which TTBR is used. Now, we
know the kernel accesses TTBR0 usually with LDTR/STTR instructions if
UAO is available (soon to get rid of), so these would act as EL0
accesses using TCF0. However, we have the futex.h code which uses
exclusives and they'd be executed as EL1, so you can potentially get a
tag check fault for such uaccess even if the user disabled it in TCF0.
The solution here I think is for uaccess_enable() to set PSTATE.TCO,
restore it in uaccess_disable().
We get away with not toggling PSTATE.TCO in the user MTE patches since
the TCF is always 0 for the kernel.
The do_tag_check_fault() above is still correct, apart from the comment
which needs a better explanation on why we do a is_ttbr0_addr() check.
--
Catalin
