From patchwork Mon Oct 1 17:58:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Salyzyn X-Patchwork-Id: 10622553 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D612215A7 for ; Mon, 1 Oct 2018 18:18:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C58022624C for ; Mon, 1 Oct 2018 18:18:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B8B3B26255; Mon, 1 Oct 2018 18:18:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B870A2624C for ; Mon, 1 Oct 2018 18:18:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=n8+UCWr9C5hbz5ghNa/RNMfFBP+swTtNPCcF+VYzRlA=; b=RN86+SIdp9l9BD s4nfx4+Q60tsuLeD0PFzB7pmts6z+qaWo5UncC6A2XjPPQEcU061so1y2DCSZbKZV8GG5smmZ3DSg 7JPaE4ICrKoZONIzjNA5Wq5VaUGuli93/mRJlikUGMBanr3yW/sif/MTs3wVS4qzp9y4avA+V6Qgc eW8UDox2OZYeI1KxWa6pum/WEWdwe/19iN3X1nAKxdcZYc4+ZcapTMVOaYJzip8/C4qJNTPqhiLbb dOwtN0atp9Wyu8UKceZHljdFMA46g11WiiX9/JP5j+ChyDo7DZQoA/vjt7Nn+V70Zk6tcGQWQhDXr gFNTTWgL/jbU82IYbZAQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g72lt-0000E3-5r; Mon, 01 Oct 2018 18:18:17 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g72jq-0007YH-EH for linux-arm-kernel@bombadil.infradead.org; Mon, 01 Oct 2018 18:16:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ijUdNdbgwzalLKcfY2p5LLIba6a37k6wFwoZbX38RZY=; b=ZPO0/KGI4Hv/4zSxzTS653acNB pxa+YnbovKXo3yakAUtJDTupINYMQ5bI0L10D/+xm/Js31cNzIjDp9XEkVKDMpAyW5W8TriKswOXv +EUEESHp8cADqwIJiPOJ0O4v9XMmwM7Q/ZSAaWhBJY/1GZKdQcupTMLLZ4YzqOl/vBsGxjCEV2Aax lGNUXBS8KJO80m2iEWt5dTxkas5LB82nFoEspdkGY83d7eKD2gi069I3VLmdpRXQeMWbaRVO+9Wew AJdN6/omp4io3IOmlzTYr0r+YKtXDKyt+w+cw+1mmNBpPzA+Z1A3QYcLURVi1iNAMIYGrnelN/Moo JY6bNw3Q==; Received: from mail-pg1-x541.google.com ([2607:f8b0:4864:20::541]) by casper.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g72Xb-00067y-8r for linux-arm-kernel@lists.infradead.org; Mon, 01 Oct 2018 18:03:33 +0000 Received: by mail-pg1-x541.google.com with SMTP id v133-v6so10026126pgb.2 for ; Mon, 01 Oct 2018 11:03:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ijUdNdbgwzalLKcfY2p5LLIba6a37k6wFwoZbX38RZY=; b=GshEb5qYf0a3DJm1Erm6SE3myXILl5hYsKhYDizWVJqBfGqtByl/nM+U7KLYOxVnYl lCIUdffTPGC2rC/EF9WhcW1smqOr49cepA6aI/JtM1zSQBvJHskvV70PoMtYcNkqE99z rdpxFpqKoSUzrN27SE/Rnr7DwUgpliOLdBIDSlDSOuwxECaxCiZnUu1qYA6MMdv4LTtB uaxFSXxEJ7jpgGU59OVvXvH7FX2HxWyXwL1q1uTaAX4Pp7OAdzLzjKLq3mmbfjn1Ra7P TB9DxjGVJeOBbYBgepCLrtxOYSpXy+gNOh/jqNhPEnqnTjjTWE6p6d1RAQDo3jTfTLTs bymg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ijUdNdbgwzalLKcfY2p5LLIba6a37k6wFwoZbX38RZY=; b=VvJBKV7fpyxmL0vIKX0jdB8UV032ZHtu3jYUutf0Mmck4cGtEVrl2KcrE6+vB9m8eb 8gt8UqSo+lgCwSG4MrlpXLuEFNukG2lveYN8SgjNnjZDixR1kylSFpyj4ybKxJiTjsu/ gO+GC8hw8V4C9jwjsugUiFLv8ZD7hc4v7UwuhTpzX7VCwdM6z5rh6z8XnelRSSRkccbH 7XSbazPk2RGX78XxgsKrK+hGO8Ld66JkU8/LhTQw2CeFm7Vc4iQuEubpIYesJuoRr5Uw YRxFmLWMRJFBRV8eWdrH22JdNft8Mg6jnb9LE33fFO9Z07/8VEGO67bS7FrwoAIuXlYf gvDg== X-Gm-Message-State: ABuFfoh+FY/qXzKK2ajNv+eBmfnbMeLJycth5xJPM8Wr8IwyEmq5+4i7 PXaS4ZLX2pg7V4I1PY+v8UxHMQ== X-Google-Smtp-Source: ACcGV625ibJ8slOq/3lsjQXMrnuiIKhRtiQufCv62/Qb4cAhiWmdzcSFVTwxy2dMEVW5PhVqfGtN+A== X-Received: by 2002:a62:db46:: with SMTP id f67-v6mr12503273pfg.1.1538416999547; Mon, 01 Oct 2018 11:03:19 -0700 (PDT) Received: from nebulus.mtv.corp.google.com ([2620:0:1000:1612:b4fb:6752:f21f:3502]) by smtp.gmail.com with ESMTPSA id d186-v6sm24469261pfg.173.2018.10.01.11.03.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Oct 2018 11:03:18 -0700 (PDT) From: Mark Salyzyn To: linux-kernel@vger.kernel.org Subject: RESEND [PATCH v3 1/3] arm64: compat: Split the sigreturn trampolines and kuser helpers (C sources) Date: Mon, 1 Oct 2018 10:58:34 -0700 Message-Id: <20181001175845.168430-15-salyzyn@android.com> X-Mailer: git-send-email 2.19.0.605.g01d371f741-goog In-Reply-To: <20181001175845.168430-1-salyzyn@android.com> References: <20181001175845.168430-1-salyzyn@android.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181001_190331_312166_10473BB8 X-CRM114-Status: GOOD ( 30.27 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Catalin Marinas , Will Deacon , Yury Norov , Andy Lutomirski , Russell King , Andy Gross , Laura Abbott , Dave Martin , "Eric W. Biederman" , Kees Cook , Marc Zyngier , Kevin Brodsky , John Stultz , Thomas Gleixner , =?utf-8?q?Alex_Benn=C3=A9e?= , linux-arm-kernel@lists.infradead.org, Ard Biesheuvel , Dmitry Safonov , android-kernel@android.com, Jeremy Linton , Mark Salyzyn , James Morse , Andrew Pinski Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kevin Brodsky AArch32 processes are currently installed a special [vectors] page that contains the sigreturn trampolines and the kuser helpers, at the fixed address mandated by the kuser helpers ABI. Having both functionalities in the same page has become problematic, because: * It makes it impossible to disable the kuser helpers (the sigreturn trampolines cannot be removed), which is possible on arm. * A future 32-bit vDSO would provide the sigreturn trampolines itself, making those in [vectors] redundant. This patch addresses the problem by moving the sigreturn trampolines to a separate [sigpage] page, mirroring [sigpage] on arm. Even though [vectors] has always been a misnomer on arm64/compat, as there is no AArch32 vector there (and now only the kuser helpers), its name has been left unchanged, for compatibility with arm (there are reports of software relying on [vectors] being there as the last mapping in /proc/maps). mm->context.vdso used to point to the [vectors] page, which is unnecessary (as its address is fixed). It now points to the [sigpage] page (whose address is randomized like a vDSO). Signed-off-by: Kevin Brodsky Signed-off-by: Mark Salyzyn Tested-by: Mark Salyzyn Cc: James Morse Cc: Russell King Cc: Catalin Marinas Cc: Will Deacon Cc: Andy Lutomirski Cc: Dmitry Safonov Cc: John Stultz Cc: Mark Rutland Cc: Laura Abbott Cc: Kees Cook Cc: Ard Biesheuvel Cc: Andy Gross Cc: Andrew Pinski Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: Jeremy Linton Cc: android-kernel@android.com v2: - reduce churniness (and defer later to vDSO patches) - vectors_page and compat_vdso_spec as array of 2 - free sigpage if vectors allocation failed v3: - rebase --- arch/arm64/include/asm/processor.h | 4 +- arch/arm64/include/asm/signal32.h | 2 - arch/arm64/kernel/signal32.c | 5 +- arch/arm64/kernel/vdso.c | 82 ++++++++++++++++++++---------- 4 files changed, 60 insertions(+), 33 deletions(-) diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 79657ad91397..bc6bb256ea4c 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -66,9 +66,9 @@ #define STACK_TOP_MAX TASK_SIZE_64 #ifdef CONFIG_COMPAT -#define AARCH32_VECTORS_BASE 0xffff0000 +#define AARCH32_KUSER_HELPERS_BASE 0xffff0000 #define STACK_TOP (test_thread_flag(TIF_32BIT) ? \ - AARCH32_VECTORS_BASE : STACK_TOP_MAX) + AARCH32_KUSER_HELPERS_BASE : STACK_TOP_MAX) #else #define STACK_TOP STACK_TOP_MAX #endif /* CONFIG_COMPAT */ diff --git a/arch/arm64/include/asm/signal32.h b/arch/arm64/include/asm/signal32.h index 81abea0b7650..58e288aaf0ba 100644 --- a/arch/arm64/include/asm/signal32.h +++ b/arch/arm64/include/asm/signal32.h @@ -20,8 +20,6 @@ #ifdef CONFIG_COMPAT #include -#define AARCH32_KERN_SIGRET_CODE_OFFSET 0x500 - int compat_setup_frame(int usig, struct ksignal *ksig, sigset_t *set, struct pt_regs *regs); int compat_setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, diff --git a/arch/arm64/kernel/signal32.c b/arch/arm64/kernel/signal32.c index 24b09003f821..52f0d44417c8 100644 --- a/arch/arm64/kernel/signal32.c +++ b/arch/arm64/kernel/signal32.c @@ -398,14 +398,13 @@ static void compat_setup_return(struct pt_regs *regs, struct k_sigaction *ka, retcode = ptr_to_compat(ka->sa.sa_restorer); } else { /* Set up sigreturn pointer */ + void *sigreturn_base = current->mm->context.vdso; unsigned int idx = thumb << 1; if (ka->sa.sa_flags & SA_SIGINFO) idx += 3; - retcode = AARCH32_VECTORS_BASE + - AARCH32_KERN_SIGRET_CODE_OFFSET + - (idx << 2) + thumb; + retcode = ptr_to_compat(sigreturn_base) + (idx << 2) + thumb; } regs->regs[0] = usig; diff --git a/arch/arm64/kernel/vdso.c b/arch/arm64/kernel/vdso.c index 8dd2ad220a0f..5398f6454ce1 100644 --- a/arch/arm64/kernel/vdso.c +++ b/arch/arm64/kernel/vdso.c @@ -1,5 +1,7 @@ /* - * VDSO implementation for AArch64 and vector page setup for AArch32. + * Additional userspace pages setup for AArch64 and AArch32. + * - AArch64: vDSO pages setup, vDSO data page update. + * - AArch32: sigreturn and kuser helpers pages setup. * * Copyright (C) 2012 ARM Limited * @@ -53,32 +55,51 @@ struct vdso_data *vdso_data = &vdso_data_store.data; /* * Create and map the vectors page for AArch32 tasks. */ -static struct page *vectors_page[1] __ro_after_init; +static struct page *vectors_page[] __ro_after_init; +static const struct vm_special_mapping compat_vdso_spec[] = { + { + /* Must be named [sigpage] for compatibility with arm. */ + .name = "[sigpage]", + .pages = &vectors_page[0], + }, + { + .name = "[kuserhelpers]", + .pages = &vectors_page[1], + }, +}; +static struct page *vectors_page[ARRAY_SIZE(compat_vdso_spec)] __ro_after_init; static int __init alloc_vectors_page(void) { extern char __kuser_helper_start[], __kuser_helper_end[]; - extern char __aarch32_sigret_code_start[], __aarch32_sigret_code_end[]; + size_t kuser_sz = __kuser_helper_end - __kuser_helper_start; + unsigned long kuser_vpage; - int kuser_sz = __kuser_helper_end - __kuser_helper_start; - int sigret_sz = __aarch32_sigret_code_end - __aarch32_sigret_code_start; - unsigned long vpage; - - vpage = get_zeroed_page(GFP_ATOMIC); + extern char __aarch32_sigret_code_start[], __aarch32_sigret_code_end[]; + size_t sigret_sz = + __aarch32_sigret_code_end - __aarch32_sigret_code_start; + unsigned long sigret_vpage; - if (!vpage) + sigret_vpage = get_zeroed_page(GFP_ATOMIC); + if (!sigret_vpage) return -ENOMEM; - /* kuser helpers */ - memcpy((void *)vpage + 0x1000 - kuser_sz, __kuser_helper_start, - kuser_sz); + kuser_vpage = get_zeroed_page(GFP_ATOMIC); + if (!kuser_vpage) { + free_page(sigret_vpage); + return -ENOMEM; + } /* sigreturn code */ - memcpy((void *)vpage + AARCH32_KERN_SIGRET_CODE_OFFSET, - __aarch32_sigret_code_start, sigret_sz); + memcpy((void *)sigret_vpage, __aarch32_sigret_code_start, sigret_sz); + flush_icache_range(sigret_vpage, sigret_vpage + PAGE_SIZE); + vectors_page[0] = virt_to_page(sigret_vpage); - flush_icache_range(vpage, vpage + PAGE_SIZE); - vectors_page[0] = virt_to_page(vpage); + /* kuser helpers */ + memcpy((void *)kuser_vpage + 0x1000 - kuser_sz, __kuser_helper_start, + kuser_sz); + flush_icache_range(kuser_vpage, kuser_vpage + PAGE_SIZE); + vectors_page[1] = virt_to_page(kuser_vpage); return 0; } @@ -87,23 +108,32 @@ arch_initcall(alloc_vectors_page); int aarch32_setup_vectors_page(struct linux_binprm *bprm, int uses_interp) { struct mm_struct *mm = current->mm; - unsigned long addr = AARCH32_VECTORS_BASE; - static const struct vm_special_mapping spec = { - .name = "[vectors]", - .pages = vectors_page, - - }; + unsigned long addr; void *ret; if (down_write_killable(&mm->mmap_sem)) return -EINTR; - current->mm->context.vdso = (void *)addr; + addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); + if (IS_ERR_VALUE(addr)) { + ret = ERR_PTR(addr); + goto out; + } - /* Map vectors page at the high address. */ ret = _install_special_mapping(mm, addr, PAGE_SIZE, - VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC, - &spec); + VM_READ|VM_EXEC| + VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC, + &compat_vdso_spec[0]); + if (IS_ERR(ret)) + goto out; + current->mm->context.vdso = (void *)addr; + + /* Map the kuser helpers at the ABI-defined high address. */ + ret = _install_special_mapping(mm, AARCH32_KUSER_HELPERS_BASE, + PAGE_SIZE, + VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYEXEC, + &compat_vdso_spec[1]); +out: up_write(&mm->mmap_sem); return PTR_ERR_OR_ZERO(ret);