| Message ID | 20240829010151.2813377-5-samuel.holland@sifive.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | riscv: Userspace pointer masking and tagged address ABI | expand |
| Context | Check | Description |
|---|---|---|
| conchuod/vmtest-fixes-PR | fail | merge-conflict |
On Wed, Aug 28, 2024 at 06:01:26PM -0700, Samuel Holland wrote: > RISC-V supports pointer masking with a variable number of tag bits > (which is called "PMLEN" in the specification) and which is configured > at the next higher privilege level. > > Wire up the PR_SET_TAGGED_ADDR_CTRL and PR_GET_TAGGED_ADDR_CTRL prctls > so userspace can request a lower bound on the number of tag bits and > determine the actual number of tag bits. As with arm64's > PR_TAGGED_ADDR_ENABLE, the pointer masking configuration is > thread-scoped, inherited on clone() and fork() and cleared on execve(). > > Signed-off-by: Samuel Holland <samuel.holland@sifive.com> Reviewed-by: Charlie Jenkins <charlie@rivosinc.com> Tested-by: Charlie Jenkins <charlie@rivosinc.com> > --- > > Changes in v4: > - Switch IS_ENABLED back to #ifdef to fix riscv32 build > > Changes in v3: > - Rename CONFIG_RISCV_ISA_POINTER_MASKING to CONFIG_RISCV_ISA_SUPM, > since it only controls the userspace part of pointer masking > - Use IS_ENABLED instead of #ifdef when possible > - Use an enum for the supported PMLEN values > - Simplify the logic in set_tagged_addr_ctrl() > > Changes in v2: > - Rebase on riscv/linux.git for-next > - Add and use the envcfg_update_bits() helper function > - Inline flush_tagged_addr_state() > > arch/riscv/Kconfig | 11 ++++ > arch/riscv/include/asm/processor.h | 8 +++ > arch/riscv/include/asm/switch_to.h | 11 ++++ > arch/riscv/kernel/process.c | 91 ++++++++++++++++++++++++++++++ > include/uapi/linux/prctl.h | 3 + > 5 files changed, 124 insertions(+) > > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig > index 0f3cd7c3a436..817437157138 100644 > --- a/arch/riscv/Kconfig > +++ b/arch/riscv/Kconfig > @@ -512,6 +512,17 @@ config RISCV_ISA_C > > If you don't know what to do here, say Y. > > +config RISCV_ISA_SUPM > + bool "Supm extension for userspace pointer masking" > + depends on 64BIT > + default y > + help > + Add support for pointer masking in userspace (Supm) when the > + underlying hardware extension (Smnpm or Ssnpm) is detected at boot. > + > + If this option is disabled, userspace will be unable to use > + the prctl(PR_{SET,GET}_TAGGED_ADDR_CTRL) API. > + > config RISCV_ISA_SVNAPOT > bool "Svnapot extension support for supervisor mode NAPOT pages" > depends on 64BIT && MMU > diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h > index 586e4ab701c4..5c4d4fb97314 100644 > --- a/arch/riscv/include/asm/processor.h > +++ b/arch/riscv/include/asm/processor.h > @@ -200,6 +200,14 @@ extern int set_unalign_ctl(struct task_struct *tsk, unsigned int val); > #define RISCV_SET_ICACHE_FLUSH_CTX(arg1, arg2) riscv_set_icache_flush_ctx(arg1, arg2) > extern int riscv_set_icache_flush_ctx(unsigned long ctx, unsigned long per_thread); > > +#ifdef CONFIG_RISCV_ISA_SUPM > +/* PR_{SET,GET}_TAGGED_ADDR_CTRL prctl */ > +long set_tagged_addr_ctrl(struct task_struct *task, unsigned long arg); > +long get_tagged_addr_ctrl(struct task_struct *task); > +#define SET_TAGGED_ADDR_CTRL(arg) set_tagged_addr_ctrl(current, arg) > +#define GET_TAGGED_ADDR_CTRL() get_tagged_addr_ctrl(current) > +#endif > + > #endif /* __ASSEMBLY__ */ > > #endif /* _ASM_RISCV_PROCESSOR_H */ > diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h > index 9685cd85e57c..94e33216b2d9 100644 > --- a/arch/riscv/include/asm/switch_to.h > +++ b/arch/riscv/include/asm/switch_to.h > @@ -70,6 +70,17 @@ static __always_inline bool has_fpu(void) { return false; } > #define __switch_to_fpu(__prev, __next) do { } while (0) > #endif > > +static inline void envcfg_update_bits(struct task_struct *task, > + unsigned long mask, unsigned long val) > +{ > + unsigned long envcfg; > + > + envcfg = (task->thread.envcfg & ~mask) | val; > + task->thread.envcfg = envcfg; > + if (task == current) > + csr_write(CSR_ENVCFG, envcfg); > +} > + > static inline void __switch_to_envcfg(struct task_struct *next) > { > asm volatile (ALTERNATIVE("nop", "csrw " __stringify(CSR_ENVCFG) ", %0", > diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c > index e4bc61c4e58a..f39221ab5ddd 100644 > --- a/arch/riscv/kernel/process.c > +++ b/arch/riscv/kernel/process.c > @@ -7,6 +7,7 @@ > * Copyright (C) 2017 SiFive > */ > > +#include <linux/bitfield.h> > #include <linux/cpu.h> > #include <linux/kernel.h> > #include <linux/sched.h> > @@ -171,6 +172,10 @@ void flush_thread(void) > memset(¤t->thread.vstate, 0, sizeof(struct __riscv_v_ext_state)); > clear_tsk_thread_flag(current, TIF_RISCV_V_DEFER_RESTORE); > #endif > +#ifdef CONFIG_RISCV_ISA_SUPM > + if (riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) > + envcfg_update_bits(current, ENVCFG_PMM, ENVCFG_PMM_PMLEN_0); > +#endif > } > > void arch_release_task_struct(struct task_struct *tsk) > @@ -233,3 +238,89 @@ void __init arch_task_cache_init(void) > { > riscv_v_setup_ctx_cache(); > } > + > +#ifdef CONFIG_RISCV_ISA_SUPM > +enum { > + PMLEN_0 = 0, > + PMLEN_7 = 7, > + PMLEN_16 = 16, > +}; > + > +static bool have_user_pmlen_7; > +static bool have_user_pmlen_16; > + > +long set_tagged_addr_ctrl(struct task_struct *task, unsigned long arg) > +{ > + unsigned long valid_mask = PR_PMLEN_MASK; > + struct thread_info *ti = task_thread_info(task); > + unsigned long pmm; > + u8 pmlen; > + > + if (is_compat_thread(ti)) > + return -EINVAL; > + > + if (arg & ~valid_mask) > + return -EINVAL; > + > + /* > + * Prefer the smallest PMLEN that satisfies the user's request, > + * in case choosing a larger PMLEN has a performance impact. > + */ > + pmlen = FIELD_GET(PR_PMLEN_MASK, arg); > + if (pmlen == PMLEN_0) > + pmm = ENVCFG_PMM_PMLEN_0; > + else if (pmlen <= PMLEN_7 && have_user_pmlen_7) > + pmm = ENVCFG_PMM_PMLEN_7; > + else if (pmlen <= PMLEN_16 && have_user_pmlen_16) > + pmm = ENVCFG_PMM_PMLEN_16; > + else > + return -EINVAL; > + > + envcfg_update_bits(task, ENVCFG_PMM, pmm); > + > + return 0; > +} > + > +long get_tagged_addr_ctrl(struct task_struct *task) > +{ > + struct thread_info *ti = task_thread_info(task); > + long ret = 0; > + > + if (is_compat_thread(ti)) > + return -EINVAL; > + > + switch (task->thread.envcfg & ENVCFG_PMM) { > + case ENVCFG_PMM_PMLEN_7: > + ret = FIELD_PREP(PR_PMLEN_MASK, PMLEN_7); > + break; > + case ENVCFG_PMM_PMLEN_16: > + ret = FIELD_PREP(PR_PMLEN_MASK, PMLEN_16); > + break; > + } > + > + return ret; > +} > + > +static bool try_to_set_pmm(unsigned long value) > +{ > + csr_set(CSR_ENVCFG, value); > + return (csr_read_clear(CSR_ENVCFG, ENVCFG_PMM) & ENVCFG_PMM) == value; > +} > + > +static int __init tagged_addr_init(void) > +{ > + if (!riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) > + return 0; > + > + /* > + * envcfg.PMM is a WARL field. Detect which values are supported. > + * Assume the supported PMLEN values are the same on all harts. > + */ > + csr_clear(CSR_ENVCFG, ENVCFG_PMM); > + have_user_pmlen_7 = try_to_set_pmm(ENVCFG_PMM_PMLEN_7); > + have_user_pmlen_16 = try_to_set_pmm(ENVCFG_PMM_PMLEN_16); > + > + return 0; > +} > +core_initcall(tagged_addr_init); > +#endif /* CONFIG_RISCV_ISA_SUPM */ > diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h > index 35791791a879..6e84c827869b 100644 > --- a/include/uapi/linux/prctl.h > +++ b/include/uapi/linux/prctl.h > @@ -244,6 +244,9 @@ struct prctl_mm_map { > # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) > /* Unused; kept only for source compatibility */ > # define PR_MTE_TCF_SHIFT 1 > +/* RISC-V pointer masking tag length */ > +# define PR_PMLEN_SHIFT 24 > +# define PR_PMLEN_MASK (0x7fUL << PR_PMLEN_SHIFT) > > /* Control reclaim behavior when allocating memory */ > #define PR_SET_IO_FLUSHER 57 > -- > 2.45.1 > > > _______________________________________________ > linux-riscv mailing list > linux-riscv@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 0f3cd7c3a436..817437157138 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -512,6 +512,17 @@ config RISCV_ISA_C If you don't know what to do here, say Y. +config RISCV_ISA_SUPM + bool "Supm extension for userspace pointer masking" + depends on 64BIT + default y + help + Add support for pointer masking in userspace (Supm) when the + underlying hardware extension (Smnpm or Ssnpm) is detected at boot. + + If this option is disabled, userspace will be unable to use + the prctl(PR_{SET,GET}_TAGGED_ADDR_CTRL) API. + config RISCV_ISA_SVNAPOT bool "Svnapot extension support for supervisor mode NAPOT pages" depends on 64BIT && MMU diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h index 586e4ab701c4..5c4d4fb97314 100644 --- a/arch/riscv/include/asm/processor.h +++ b/arch/riscv/include/asm/processor.h @@ -200,6 +200,14 @@ extern int set_unalign_ctl(struct task_struct *tsk, unsigned int val); #define RISCV_SET_ICACHE_FLUSH_CTX(arg1, arg2) riscv_set_icache_flush_ctx(arg1, arg2) extern int riscv_set_icache_flush_ctx(unsigned long ctx, unsigned long per_thread); +#ifdef CONFIG_RISCV_ISA_SUPM +/* PR_{SET,GET}_TAGGED_ADDR_CTRL prctl */ +long set_tagged_addr_ctrl(struct task_struct *task, unsigned long arg); +long get_tagged_addr_ctrl(struct task_struct *task); +#define SET_TAGGED_ADDR_CTRL(arg) set_tagged_addr_ctrl(current, arg) +#define GET_TAGGED_ADDR_CTRL() get_tagged_addr_ctrl(current) +#endif + #endif /* __ASSEMBLY__ */ #endif /* _ASM_RISCV_PROCESSOR_H */ diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h index 9685cd85e57c..94e33216b2d9 100644 --- a/arch/riscv/include/asm/switch_to.h +++ b/arch/riscv/include/asm/switch_to.h @@ -70,6 +70,17 @@ static __always_inline bool has_fpu(void) { return false; } #define __switch_to_fpu(__prev, __next) do { } while (0) #endif +static inline void envcfg_update_bits(struct task_struct *task, + unsigned long mask, unsigned long val) +{ + unsigned long envcfg; + + envcfg = (task->thread.envcfg & ~mask) | val; + task->thread.envcfg = envcfg; + if (task == current) + csr_write(CSR_ENVCFG, envcfg); +} + static inline void __switch_to_envcfg(struct task_struct *next) { asm volatile (ALTERNATIVE("nop", "csrw " __stringify(CSR_ENVCFG) ", %0", diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index e4bc61c4e58a..f39221ab5ddd 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -7,6 +7,7 @@ * Copyright (C) 2017 SiFive */ +#include <linux/bitfield.h> #include <linux/cpu.h> #include <linux/kernel.h> #include <linux/sched.h> @@ -171,6 +172,10 @@ void flush_thread(void) memset(¤t->thread.vstate, 0, sizeof(struct __riscv_v_ext_state)); clear_tsk_thread_flag(current, TIF_RISCV_V_DEFER_RESTORE); #endif +#ifdef CONFIG_RISCV_ISA_SUPM + if (riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) + envcfg_update_bits(current, ENVCFG_PMM, ENVCFG_PMM_PMLEN_0); +#endif } void arch_release_task_struct(struct task_struct *tsk) @@ -233,3 +238,89 @@ void __init arch_task_cache_init(void) { riscv_v_setup_ctx_cache(); } + +#ifdef CONFIG_RISCV_ISA_SUPM +enum { + PMLEN_0 = 0, + PMLEN_7 = 7, + PMLEN_16 = 16, +}; + +static bool have_user_pmlen_7; +static bool have_user_pmlen_16; + +long set_tagged_addr_ctrl(struct task_struct *task, unsigned long arg) +{ + unsigned long valid_mask = PR_PMLEN_MASK; + struct thread_info *ti = task_thread_info(task); + unsigned long pmm; + u8 pmlen; + + if (is_compat_thread(ti)) + return -EINVAL; + + if (arg & ~valid_mask) + return -EINVAL; + + /* + * Prefer the smallest PMLEN that satisfies the user's request, + * in case choosing a larger PMLEN has a performance impact. + */ + pmlen = FIELD_GET(PR_PMLEN_MASK, arg); + if (pmlen == PMLEN_0) + pmm = ENVCFG_PMM_PMLEN_0; + else if (pmlen <= PMLEN_7 && have_user_pmlen_7) + pmm = ENVCFG_PMM_PMLEN_7; + else if (pmlen <= PMLEN_16 && have_user_pmlen_16) + pmm = ENVCFG_PMM_PMLEN_16; + else + return -EINVAL; + + envcfg_update_bits(task, ENVCFG_PMM, pmm); + + return 0; +} + +long get_tagged_addr_ctrl(struct task_struct *task) +{ + struct thread_info *ti = task_thread_info(task); + long ret = 0; + + if (is_compat_thread(ti)) + return -EINVAL; + + switch (task->thread.envcfg & ENVCFG_PMM) { + case ENVCFG_PMM_PMLEN_7: + ret = FIELD_PREP(PR_PMLEN_MASK, PMLEN_7); + break; + case ENVCFG_PMM_PMLEN_16: + ret = FIELD_PREP(PR_PMLEN_MASK, PMLEN_16); + break; + } + + return ret; +} + +static bool try_to_set_pmm(unsigned long value) +{ + csr_set(CSR_ENVCFG, value); + return (csr_read_clear(CSR_ENVCFG, ENVCFG_PMM) & ENVCFG_PMM) == value; +} + +static int __init tagged_addr_init(void) +{ + if (!riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) + return 0; + + /* + * envcfg.PMM is a WARL field. Detect which values are supported. + * Assume the supported PMLEN values are the same on all harts. + */ + csr_clear(CSR_ENVCFG, ENVCFG_PMM); + have_user_pmlen_7 = try_to_set_pmm(ENVCFG_PMM_PMLEN_7); + have_user_pmlen_16 = try_to_set_pmm(ENVCFG_PMM_PMLEN_16); + + return 0; +} +core_initcall(tagged_addr_init); +#endif /* CONFIG_RISCV_ISA_SUPM */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 35791791a879..6e84c827869b 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -244,6 +244,9 @@ struct prctl_mm_map { # define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT) /* Unused; kept only for source compatibility */ # define PR_MTE_TCF_SHIFT 1 +/* RISC-V pointer masking tag length */ +# define PR_PMLEN_SHIFT 24 +# define PR_PMLEN_MASK (0x7fUL << PR_PMLEN_SHIFT) /* Control reclaim behavior when allocating memory */ #define PR_SET_IO_FLUSHER 57
RISC-V supports pointer masking with a variable number of tag bits (which is called "PMLEN" in the specification) and which is configured at the next higher privilege level. Wire up the PR_SET_TAGGED_ADDR_CTRL and PR_GET_TAGGED_ADDR_CTRL prctls so userspace can request a lower bound on the number of tag bits and determine the actual number of tag bits. As with arm64's PR_TAGGED_ADDR_ENABLE, the pointer masking configuration is thread-scoped, inherited on clone() and fork() and cleared on execve(). Signed-off-by: Samuel Holland <samuel.holland@sifive.com> --- Changes in v4: - Switch IS_ENABLED back to #ifdef to fix riscv32 build Changes in v3: - Rename CONFIG_RISCV_ISA_POINTER_MASKING to CONFIG_RISCV_ISA_SUPM, since it only controls the userspace part of pointer masking - Use IS_ENABLED instead of #ifdef when possible - Use an enum for the supported PMLEN values - Simplify the logic in set_tagged_addr_ctrl() Changes in v2: - Rebase on riscv/linux.git for-next - Add and use the envcfg_update_bits() helper function - Inline flush_tagged_addr_state() arch/riscv/Kconfig | 11 ++++ arch/riscv/include/asm/processor.h | 8 +++ arch/riscv/include/asm/switch_to.h | 11 ++++ arch/riscv/kernel/process.c | 91 ++++++++++++++++++++++++++++++ include/uapi/linux/prctl.h | 3 + 5 files changed, 124 insertions(+)