From patchwork Mon Dec 10 14:30:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10721345 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A429715A6 for ; Mon, 10 Dec 2018 14:31:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 96D8C2AA40 for ; Mon, 10 Dec 2018 14:31:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94C8A2AA41; Mon, 10 Dec 2018 14:31:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 340122AA73 for ; Mon, 10 Dec 2018 14:31:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727938AbeLJObZ (ORCPT ); Mon, 10 Dec 2018 09:31:25 -0500 Received: from foss.arm.com ([217.140.101.70]:55182 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726791AbeLJObZ (ORCPT ); Mon, 10 Dec 2018 09:31:25 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 99A5615AD; Mon, 10 Dec 2018 06:31:24 -0800 (PST) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 33CC13F575; Mon, 10 Dec 2018 06:31:20 -0800 (PST) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Chintan Pandya , Jacob Bramley , Ruben Ayrapetyan , Andrey Konovalov , Lee Smith , Kostya Serebryany , Dmitry Vyukov , Ramana Radhakrishnan , Luc Van Oostenryck , Evgeniy Stepanov , Alexander Viro Subject: [RFC][PATCH 1/3] elf: Make AT_FLAGS arch configurable Date: Mon, 10 Dec 2018 14:30:42 +0000 Message-Id: <20181210143044.12714-2-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181210143044.12714-1-vincenzo.frascino@arm.com> References: <20181210143044.12714-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently, the AT_FLAGS in the elf auxiliary vector are set to 0 by default by the kernel. Some architectures might need to expose to the userspace a non-zero value to advertise some platform specific ABI functionalities. This patch makes AT_FLAGS configurable by the architectures that require it. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov CC: Alexander Viro Signed-off-by: Vincenzo Frascino --- fs/binfmt_elf.c | 6 +++++- fs/binfmt_elf_fdpic.c | 6 +++++- fs/compat_binfmt_elf.c | 5 +++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 54207327f98f..9fa20cc4a437 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -86,6 +86,10 @@ static int elf_core_dump(struct coredump_params *cprm); #define ELF_CORE_EFLAGS 0 #endif +#ifndef ELF_AT_FLAGS +#define ELF_AT_FLAGS 0 +#endif + #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1)) #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) @@ -251,7 +255,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); NEW_AUX_ENT(AT_BASE, interp_load_addr); - NEW_AUX_ENT(AT_FLAGS, 0); + NEW_AUX_ENT(AT_FLAGS, ELF_AT_FLAGS); NEW_AUX_ENT(AT_ENTRY, exec->e_entry); NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index b53bb3729ac1..cf1e680a6b88 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -82,6 +82,10 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *, static int elf_fdpic_core_dump(struct coredump_params *cprm); #endif +#ifndef ELF_AT_FLAGS +#define ELF_AT_FLAGS 0 +#endif + static struct linux_binfmt elf_fdpic_format = { .module = THIS_MODULE, .load_binary = load_elf_fdpic_binary, @@ -651,7 +655,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); NEW_AUX_ENT(AT_PHNUM, exec_params->hdr.e_phnum); NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); - NEW_AUX_ENT(AT_FLAGS, 0); + NEW_AUX_ENT(AT_FLAGS, ELF_AT_FLAGS); NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid)); NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid)); diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index 15f6e96b3bd9..a21cf99701ae 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -79,6 +79,11 @@ #define ELF_HWCAP2 COMPAT_ELF_HWCAP2 #endif +#ifdef COMPAT_ELF_AT_FLAGS +#undef ELF_AT_FLAGS +#define ELF_AT_FLAGS COMPAT_ELF_AT_FLAGS +#endif + #ifdef COMPAT_ARCH_DLINFO #undef ARCH_DLINFO #define ARCH_DLINFO COMPAT_ARCH_DLINFO From patchwork Mon Dec 10 14:30:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10721347 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28BA415A6 for ; Mon, 10 Dec 2018 14:31:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 18F0A2AA40 for ; Mon, 10 Dec 2018 14:31:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 162222AA07; Mon, 10 Dec 2018 14:31:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48B562AACA for ; Mon, 10 Dec 2018 14:31:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727958AbeLJOba (ORCPT ); Mon, 10 Dec 2018 09:31:30 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:55210 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726791AbeLJOba (ORCPT ); Mon, 10 Dec 2018 09:31:30 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4A14D165C; Mon, 10 Dec 2018 06:31:29 -0800 (PST) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DA3393F575; Mon, 10 Dec 2018 06:31:24 -0800 (PST) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Chintan Pandya , Jacob Bramley , Ruben Ayrapetyan , Andrey Konovalov , Lee Smith , Kostya Serebryany , Dmitry Vyukov , Ramana Radhakrishnan , Luc Van Oostenryck , Evgeniy Stepanov , Alexander Viro Subject: [RFC][PATCH 2/3] arm64: Define Documentation/arm64/elf_at_flags.txt Date: Mon, 10 Dec 2018 14:30:43 +0000 Message-Id: <20181210143044.12714-3-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181210143044.12714-1-vincenzo.frascino@arm.com> References: <20181210143044.12714-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. With the relaxed ABI proposed through this document, it is now possible to pass tagged pointers to the syscalls, when these pointers are in memory ranges obtained by an anonymous (MAP_ANONYMOUS) mmap() or brk(). This change in the ABI requires a mechanism to inform the userspace that such an option is available. This patch specifies and documents the way on which AT_FLAGS can be used to advertise this feature to the userspace. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov Signed-off-by: Vincenzo Frascino --- Documentation/arm64/elf_at_flags.txt | 111 +++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 Documentation/arm64/elf_at_flags.txt diff --git a/Documentation/arm64/elf_at_flags.txt b/Documentation/arm64/elf_at_flags.txt new file mode 100644 index 000000000000..153e657c058a --- /dev/null +++ b/Documentation/arm64/elf_at_flags.txt @@ -0,0 +1,111 @@ +ARM64 ELF AT_FLAGS +================== + +This document describes the usage and semantics of AT_FLAGS on arm64. + +1. Introduction +--------------- + +AT_FLAGS is part of the Auxiliary Vector, contains the flags and it +is currently set to zero by the kernel on arm64. + +The auxiliary vector can be accessed by the userspace using the +getauxval() API provided by the C library. +getauxval() returns an unsigned long and when a flag is present in +the AT_FLAGS, the corresponding bit in the returned value is set to 1. + +The AT_FLAGS with a "defined semantic" on arm64 are exposed to the +userspace via user API (uapi/asm/atflags.h). +The AT_FLAGS bits with "undefined semantics" are set to zero by default. +This means that the AT_FLAGS bits to which this document does not assign +an explicit meaning are to be intended reserved for future use. +The kernel will populate all such bits with zero until meanings are +assigned to them. If and when meanings are assigned, it is guaranteed +that they will not impact the functional operation of existing userspace +software. Userspace software should ignore any AT_FLAGS bit whose meaning +is not defined when the software is written. + +The userspace software can test for features by acquiring the AT_FLAGS +entry of the auxiliary vector, and testing whether a relevant flag +is set. + +Example of a userspace test function: + +bool feature_x_is_present(void) +{ + unsigned long at_flags = getauxval(AT_FLAGS); + if (at_flags & FEATURE_X) + return true; + + return false; +} + +Where the software relies on a feature advertised by AT_FLAGS, it +should check that the feature is present before attempting to +use it. + +2. Features exposed via AT_FLAGS +-------------------------------- + +bit[0]: ARM64_AT_FLAGS_SYSCALL_TBI + + On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence + the userspace (EL0) is allowed to set a non-zero value in the top + byte but the resulting pointers are not allowed at the user-kernel + syscall ABI boundary. + When bit[0] is set to 1 the kernel is advertising to the userspace + that a relaxed ABI is supported hence this type of pointers are now + allowed to be passed to the syscalls, when these pointers are in + memory ranges obtained by anonymous (MAP_ANONYMOUS) mmap() or brk(). + In these cases the tag is preserved as the pointer goes through the + kernel. Only when the kernel needs to check if a pointer is coming + from userspace (i.e. access_ok()) an untag operation is required. + +3. ARM64_AT_FLAGS_SYSCALL_TBI +----------------------------- + +When ARM64_AT_FLAGS_SYSCALL_TBI is enabled every syscalls can accept tagged +pointers, when these pointers are in memory ranges obtained by an anonymous +(MAP_ANONYMOUS) mmap() or brk(). + +A definition of the meaning of tagged pointers on arm64 can be found in: +Documentation/arm64/tagged-pointers.txt. + +When a pointer does not are in a memory range obtained by an anonymous mmap() +or brk(), this can not be passed to a syscall if it is tagged. + +To be more explicit: a syscall can accept pointers whose memory range is +obtained by a non-anonymous mmap() or brk() if and only if the tag encoded in +the top-byte is 0x00. + +When a new syscall is added, this can accept tagged pointers if and only if +these pointers are in memory ranges obtained by an anonymous (MAP_ANONYMOUS) +mmap() or brk(). In all the other cases, the tag encoded in the top-byte is +expected to be 0x00. + +Example of correct usage (pseudo-code) for a userspace application: + +bool arm64_syscall_tbi_is_present(void) +{ + unsigned long at_flags = getauxval(AT_FLAGS); + if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) + return true; + + return false; +} + +void main(void) +{ + char *addr = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS, -1, 0); + + /* Check if the relaxed ABI is supported */ + if (arm64_syscall_tbi_is_present()) { + /* Add a tag to the pointer and to the memory */ + addr = tag_pointer_and_memory(addr); + } + + /* Write to memory */ + strcpy("Hello World\n", addr); +} + From patchwork Mon Dec 10 14:30:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10721355 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0D60E13BF for ; Mon, 10 Dec 2018 14:31:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0090C2AA66 for ; Mon, 10 Dec 2018 14:31:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F209D2AA9F; Mon, 10 Dec 2018 14:31:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 99E812AA66 for ; Mon, 10 Dec 2018 14:31:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727973AbeLJObf (ORCPT ); Mon, 10 Dec 2018 09:31:35 -0500 Received: from foss.arm.com ([217.140.101.70]:55240 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726791AbeLJObe (ORCPT ); Mon, 10 Dec 2018 09:31:34 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ED6FB15AD; Mon, 10 Dec 2018 06:31:33 -0800 (PST) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 89F883F575; Mon, 10 Dec 2018 06:31:29 -0800 (PST) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Chintan Pandya , Jacob Bramley , Ruben Ayrapetyan , Andrey Konovalov , Lee Smith , Kostya Serebryany , Dmitry Vyukov , Ramana Radhakrishnan , Luc Van Oostenryck , Evgeniy Stepanov , Alexander Viro Subject: [RFC][PATCH 3/3] arm64: elf: Advertise relaxed ABI Date: Mon, 10 Dec 2018 14:30:44 +0000 Message-Id: <20181210143044.12714-4-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181210143044.12714-1-vincenzo.frascino@arm.com> References: <20181210143044.12714-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On arm64 the TCR_EL1.TBI0 bit has been set since Linux 3.x hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patch sets ARM64_AT_FLAGS_SYSCALL_TBI (bit[0]) in the AT_FLAGS to advertise the relaxation of the ABI to the userspace. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov Signed-off-by: Vincenzo Frascino --- arch/arm64/include/asm/atflags.h | 7 +++++++ arch/arm64/include/asm/elf.h | 5 +++++ arch/arm64/include/uapi/asm/atflags.h | 8 ++++++++ 3 files changed, 20 insertions(+) create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h diff --git a/arch/arm64/include/asm/atflags.h b/arch/arm64/include/asm/atflags.h new file mode 100644 index 000000000000..b20093d61bf2 --- /dev/null +++ b/arch/arm64/include/asm/atflags.h @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_ATFLAGS_H +#define __ASM_ATFLAGS_H + +#include + +#endif diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index 433b9554c6a1..da5a6d310ff4 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -16,6 +16,7 @@ #ifndef __ASM_ELF_H #define __ASM_ELF_H +#include #include /* @@ -163,6 +164,10 @@ do { \ NEW_AUX_ENT(AT_IGNORE, 0); \ } while (0) +/* Platform specific AT_FLAGS */ +#define ELF_AT_FLAGS ARM64_AT_FLAGS_SYSCALL_TBI +#define COMPAT_ELF_AT_FLAGS 0 + #define ARCH_HAS_SETUP_ADDITIONAL_PAGES struct linux_binprm; extern int arch_setup_additional_pages(struct linux_binprm *bprm, diff --git a/arch/arm64/include/uapi/asm/atflags.h b/arch/arm64/include/uapi/asm/atflags.h new file mode 100644 index 000000000000..1cf25692ffd6 --- /dev/null +++ b/arch/arm64/include/uapi/asm/atflags.h @@ -0,0 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __UAPI_ASM_ATFLAGS_H +#define __UAPI_ASM_ATFLAGS_H + +/* Platform specific AT_FLAGS */ +#define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) + +#endif