From patchwork Sun Jul 16 21:50:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314933 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CCBEC001E0 for ; Sun, 16 Jul 2023 21:53:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BD2676B0074; Sun, 16 Jul 2023 17:52:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B5B666B0075; Sun, 16 Jul 2023 17:52:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9FC258D0001; Sun, 16 Jul 2023 17:52:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8CA706B0074 for ; Sun, 16 Jul 2023 17:52:59 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 65CBEC01A9 for ; Sun, 16 Jul 2023 21:52:59 +0000 (UTC) X-FDA: 81018825678.14.B04CA86 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id A2251C000A for ; Sun, 16 Jul 2023 21:52:57 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="D6u3/V1M"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544377; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sjpnLXaqItMtpNTEFyIHzeW5xIb7x9XSv/6wNzvGdSU=; b=ftcUfmV20eYLgEU2OnvGTbxcAN5qvG9oLpmLZLa4aT4Rw7Bkb4b4+SNtMWnUyA2XmiwdEN GLIZgijTHLvG1GHcToyIeb0A3R48xiHO2nguB9zyCDvRKPD15L0EFIT7ULbam2KxUUwHPu sIRuJHYuR5krIk6WsbfVYx40Z6oiKDg= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="D6u3/V1M"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544377; a=rsa-sha256; cv=none; b=3ds5U8Jf0LoMvilpynY1u4mGM0VntsVVqshJ+zrN4p4CW6SchZMyXz+p1+RXfI4P1eqeS2 TSZPQIRLSfwGgmHqP8Ne//NZ1oS3E3AJcItkOxgHf7DDGI5WBbOkC3HRHNNa1CyMTG/XGz 3nXsV7Hvbhoi7+PtERfbHGKhyVAvcLU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A611C60D2C; Sun, 16 Jul 2023 21:52:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F0CAC433D9; Sun, 16 Jul 2023 21:52:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544376; bh=pjsLx6b1K0x937g9y/oHkxJKpquxYt6WMLA+SQZbCw0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=D6u3/V1MrlLBNBjRRjCkDs71lTKKLdxk4UVJjERzJR5KtW04sDJdFN6DY4BPTv7r0 aTfNC0/NB9GX79XAFYhU9VdVRzw7MQZB2TF5LJweHmcGzRshXudBtlTD2haZIuC5LP NaMVrAzn6EMq6cEbwRZ7uCadAgG/757FAaXVcG059B2O2THi3ybHajqxcaPXT14ni/ 6NChUcGdOlfnZpMRnwjiRdGcw3nrq4zpyK9Bx75LgEsUYLdTuKOLC/IWjPFQaqy28Z elrpk8hcyukSHOh6r8e7/i+jKu2gyDkRcAfCoKCGTMq/2lOlXbHU4FnmZICc8ziKLS FgyPVP92q+o+A== From: Mark Brown Date: Sun, 16 Jul 2023 22:50:57 +0100 Subject: [PATCH 01/35] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-1-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3582; i=broonie@kernel.org; h=from:subject:message-id; bh=98fSp9zoycOoO4JRBJGcJJdFtBdtqinfhtbljBoqJQI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaPOeEvYK+HaBvmOtGw+GIVwaAEnOI6agwGJ0VT 4ZZsfRKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmjwAKCRAk1otyXVSH0BEJB/ 9TsUZy5D4ijFFo1Dfdcl7QkdIYj1UVRzxptIb9l671dL338Gc6GZhPmT4VkT3f+hyJjVzVSMK0BwQx 7fE6Izud5qO6BfUkfyU51nyNtrLB7yLggC9+jRTraTvq081sRTpALcQTMwAYjiw8BoH1aDx04+TDp5 m9GAxFLqSAzAvANMpV53ulubFEhZCOy172JSzFniKE4JCODuwQFC/Lc1Ze7H5Y8LHJoEx4NnI3FvY5 hCcDa2LqJ6vTvaleevbA95bGiuxuE3DnaUGiWqcw/ZREbyi7SKv2jlGrWefGv7OMxEAHprq0ZEDBHW aTwFGtJ3i24vZYlTquUCFDGTC9O7Iw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 6ffwr584gfnpptj9phyufhjyjayfwqdz X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: A2251C000A X-HE-Tag: 1689544377-580453 X-HE-Meta: U2FsdGVkX1+0jxkPOe+cdyWt2HXhmKXV8QZifEUAmgw89ne4idbhpIIjj7yLeajGxjbVvUeQXiohjNFF6kYW0OSIcLoY1WdbPMpThVg5+oFOGC/d7uloUzCeANdLrzYSvpw9L9tLxCjPuElgtwNgO7DphkLaAismEdBXKqbb4/hQ0Vx6NI4adEwcSrtZsysRaAacE5U0XR337U9ynysgOyV3CBYbXFyeYWICH5Fs/LYe6ZWrVGI1PdVPZBye9odQVXk7qGSdovIPEury8hgRwiimakvFDCSO+ExbcZeAnfK9B/mnZR0Ki6QmsDl9caW0+Z8XAdH+7cFeEszUv5B8GY99R2gEdvJKL3fTFL8KOXIrrT6vycOUoFI1lVHfjMwxZAOJQflo3TMAbFqgWLR6YSxzoVpcTQL317P/SD2nVEsSLrx6tQ6MxDrDI8B3snJBaV2ly+YE5VhoG1rse9dKZUbTYwyjZSbkmYUyvV7YvOfYXVfRQ40AEXN679eiEUdcorZrYB7i88jon462ZEkjnj+rKoduHh37cCg9ogWBmTVZ9CTcsmyWC6JR6NzngqrttmFVLYXrWcuhURDZ2dyADtFjY8ybUsPH60YZs8vmIjttdWRikKy0wFKsj5iaaAwkLO3L8jY1Eylj3cBH0my9uepW8Y3dhAvUAQtgFk2agn1qyxPax2Uw4WTitb9v+9Z1s7qqgRAH0JX9Q5WcI82aefRPhd5ZcGZoN4OI3kvXP0EvER6RIwvnnzOjcrRd296GeHqI2tpuJxv2ztVV4CsvvlmPvgp7uxxO6wxUWk3Mw+ToLJFgkT9L+c0xsUaiCbVOx2e6cSadQ7GJJQNkOnDnjk9d2RSbIp/b+ECJDE5Z9yjnzx/oKEbjBClucMM7j9qrZKkXcMInes0eEhiV4meC83Smi5sg+vpcLvVd8IuLbKotSH4P0aQ+Q4YWo6vRMH5v0LOQZy+az1AUWRup8p5 CI/SCUbX wQwhutIg/DIEDhpZABvSSSWuJipEPLrG2IMYMsbuCOBkBWm9nqmEo5NTWuPvnIGnkCeuIFfnCQcu7pCxjvT7AVYZpiWqy+vE7ttAh+UCgbIR3LF3Sw2ECHARG2fRjsxGmOFbkCYKkZsQIpFPkiIMd5fZ5r/BTw2d5fkkH8/V66SRWkvJK4cZ3jtEotDJOASG7Wzyk6LN7vUNNlffIkrvdLXRP2pfb7ylbFbkyNFw1QMdCMhaLs3gVmfo/d7ZpP62L//MYguJCWxiWf1zlprmhuS2uz9humYWlFbt2FoRJWTS2Yd0VMT7g0/CX6cSzJhszwe5piwRXgeS4DAtyEuWzE8hma1YvdLGXBY13kPpZtLjomqW+4QbG3c8wIjjmPUE9/6yYpHjix/DoZSMrkpxahYg4IZU1UVsmasH8TZJMONyg24f5TiwRNrD60mSz0E1eZ5jSM2+wvMPYpK4JihsG9C8TNQWzf2LSyhRn X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Deepak Gupta Three architectures (x86, aarch64, riscv) have announced support for shadow stack. This patch adds arch-agnostic prtcl support to enable /disable/get/set status of shadow stack and forward control (landing pad) flow cfi statuses. New prctls are - PR_GET_SHADOW_STACK_STATUS, PR_SET_SHADOW_STACK_STATUS Signed-off-by: Deepak Gupta [Rebased onto current kernels, renumbering to track other allocations already upstream, dropping indirect LP, updating to pass arg to set by value, fix missing prototypes for weak functions and update title. -- broonie] Signed-off-by: Mark Brown --- include/linux/mm.h | 3 +++ include/uapi/linux/prctl.h | 17 +++++++++++++++++ kernel/sys.c | 20 ++++++++++++++++++++ 3 files changed, 40 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 97eddc83d19c..bf16edf2fcd9 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3947,4 +3947,7 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..9fdc77fa2bfe 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -305,4 +305,21 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * get shadow stack status for current thread. Assumes shadow stack is min 4 byte aligned. + * Note shadow stack can be 8 byte aligned on 64bit. + * Lower 2 bits can give status of locked and enabled/disabled. + * size and address range can be obtained via /proc/maps. get_shadow_stack_status will + * return base of shadow stack. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 +/* + * set shadow stack status for current thread (including enabling, disabling or locking) + * note that it will only set the status and setup of the shadow stack. Allocating shadow + * stack should be done separately using mmap. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_LOCK (1UL << 0) +# define PR_SHADOW_STACK_ENABLE (1UL << 1) + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 05f838929e72..ebf9ea5f0fae 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2302,6 +2302,16 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2720,6 +2730,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Sun Jul 16 21:50:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314934 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37C85EB64DD for ; Sun, 16 Jul 2023 21:53:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EBFF6B0075; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 874EB8D0001; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6C7E46B007B; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5B3716B0075 for ; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2C9254029F for ; Sun, 16 Jul 2023 21:53:05 +0000 (UTC) X-FDA: 81018825930.01.88D2D35 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 4C97F4000C for ; Sun, 16 Jul 2023 21:53:03 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544383; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HSFo0jEjyBBHqgVk0QUU/F5q47VAzZNq81Kar4v0zXk=; b=LfEJRxIvgirSRdS15FktpEjzQUrG9HEiNF99a/mae2oOmgenv3nB88Gegwn93VYA/6ErXg qTU9xQ/iejnmDsne4XvXUesA2U4tVwmUKb2lBS4H9SuRS6MnDDSWfgeHzmB2iV1GRbnUVd FzpGttNvaoeaNcdGqxtmSXppA0cDsHg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544383; a=rsa-sha256; cv=none; b=itPzXRKAompdCImEzFNu2BIg1yaETcfp5TfrMgRLt4mLIjzlW7+5foQN34hhtiqi14C5Wf ahkOkcAd40ubecS+629jbUnR4eJ6B7QdvLcJG72rvXRwQfbD/QNGybkBa8exi3X4l7tZCi /E5CiYWaENBAMfFXw4648azW3GnH2GI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 73E2260ED2; Sun, 16 Jul 2023 21:53:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 852F6C433C7; Sun, 16 Jul 2023 21:52:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544382; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UgtraBJIty53nrQbpln20X+ZgVVvVELrRtvAd3QMCrhZZLG55JU40/WRKPzyulIdC rdaTs7g0cGf13IEO6plkV5jWgs4u4tUGQRUFb5f/AeXP5SfGfRw0tYRLfzzgSw4dtG KtwongQnS58FCtWJ0962kRMsMbeN2Qn9fsmL5Kkkot6uH6w79KuboVGwU8n+84WVcY eRR3pYAnAajGivQocVIeEN0cuXoC0qluSb/xC6LqxKAIDzD6bRG2MLIR9U8J/EKH0D IJSZ/fzQSra/qECPc29Ob+7i1aufZgNDfzPrEFxMKKU8nRrIHTidvx8ycUaL8qHEWP IpAj+kjOE1FBQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:50:58 +0100 Subject: [PATCH 02/35] prctl: Add flag for shadow stack writeability and push/pop MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-2-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1295; i=broonie@kernel.org; h=from:subject:message-id; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaQrba4c87fXI/DIs9b8uMvYL0mZkMhwI/2a8dl /uECOa+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkAAKCRAk1otyXVSH0Mz2B/ 0Qse7s2seNh0TDAnfYabaiAlsKHmw1NQH/pAIsYkJNq1lwhtVLDvni0GlFFI5Iy4xaXcvNqYLflNIN JB8WxsYfarT9t79wGVEVsXLhN+//YY1W7vIKO7J4qV6OS2zy6xDzLqKUegxjSm1ZzWrLAUmxVvhRTn rdAoifqTz2kttVaBZVk3b2vjudnWDDO1+MV/WXlfbytVw59XLti4le9LkQpNUou/8h3n87mJ3aderr ghHhsnAWYpe/P3JeZi2bHfg9prLFsn0sN6umDfODDRdURGFtk7VPJR/4qEHIpbPDzgcun6Q0ENfn3D fgvdczW1gaU0aCK0NKAnMefJZ1CwOA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 4efrwggn9x8nksktdaou5p54wwqfum5s X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 4C97F4000C X-Rspam-User: X-HE-Tag: 1689544383-740411 X-HE-Meta: U2FsdGVkX1/Z3C+Xsnt+6BLCNkXjDcaOzMlfdICM+GcMUQjTvLhTRm+fpzXviZm0FBFQg9KV0ZhRv3RVL2DKYwiqKH1iZ74t/HNxnvTNygIi7PTqHuIn6Tmaba246tVlQrTSM8bpjyeB2GtnG9QnjVLbwHKis97G/ohBZZTXNrQQP6778SV7kpOmaa85RIdT0816j0GUD2wSsxE5iFSQAlI8eivJr1Dgf0O5Y3x7XTM73J8jidaftHeXEYz8sw/vJQZQuYOtaKTskCe7hUoUos5atfcOrV0ugT9tr4nixyWWkeYaI0PacSrhc40fICVH3lr02QicrY/6vySIKe0C8zwDnsU8M1DwvVGEW3w6LZR36vUdOI4uo78d3vmajnaniokwZ2W6ga09tvlt865Ja9huNiAXflLXyvissiHXuuXYiq1PbF2PI70ZG8AGn4QtNES2sKgPgxii6wdUb60joLXz34Bvo7nwybFkJC95ncQntYzYDmyiM1Gf55YYzy7MxAGuwM17KLUmEr/yDrqzU/+Ssn8wY0Wuj8eiHkWk0/F+zx3BAVu8mxcCmsF+QxC0f9RTL4uGJP3LAA75psibv5O21F1AIABYSObq52jk6Vg2pzeSRX1qKESfpIWnGibS9faJ2PZubjdyqMZSm3qqyJul7/Ebtn522z7DbiklnirBC0zObPdQIq9birbBWTytabEdMfhiYEV4L18SqKpZK8GXqFb56zS9vS9pLV9xEzUr2ejCuptV6mcVREAQHyv/ve2KHlDFSvAhAuUaqsRgdscb6wOvGor+pzgRHCN4Ft4yMlxRJM7UGO7EpcfjK6eKmAJdn2knuppmq+5JRMn0pwEd4yCIo5VVTep5iH5TjnlInh2hBHaGSI9U1v4XFposCGzRheJrLju5aNq5D6hTE+rbIaWFSjZsjauA1V+awgjRTRzsdfA95tre8Lte2QjhCyWZQHMejelAHesJaT8 ecxJrj0D 0HSqrNLDeasgcMs9ASpyrgl4wUknO+TwW0xQsZU8YocylqIyridk+p5PGRm1PHHGsP3wlXg7bFnmqkqSwmaYwyfvzBsu+kAkF1h4uoYS8Esv5OUybjur9/LjIfuo1Oajxi8y4pNZuwtFyF3JmNXci08QOhwGfI+Rii521SamXazqyi/eZPa3koQmYHvvlybVkPu41tueFvkbnPPCG3sB3O96WsIGgP0YpV2cSiveDXbGOXlSVlkLCIoBMhIq8noOsFB8ouoYcMCwuZMZi4JIWSqL23IsrVq7AmrGhTtCZgetJuKezhQPPvr1Rl5/tUgBDzCo6fnSs2gQlhGt/07HnASKdQbM1MQBL4zFJ+t05hqTUEPNvhtu+Ox9VihiYA26lV7hIIl+B7KOZFJUG3dtp5lN/CtABuFMpkZkYLOA7875TP6Q= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On arm64 and x86 the kernel can control if there is write access to the shadow stack via specific instructions defined for the purpose, useful for things like userspace threading at the expense of some security. Add a flag to allow this to be selected when changing the shadow stack status. On arm64 the kernel can separately control if userspace is able to pop and push values directly onto the shadow stack via GCS push and pop instructions, supporting many scenarios where userspace needs to write to the stack with less security exposure than full write access. Add a flag to allow this to be selected when changing the shadow stack status. Signed-off-by: Mark Brown --- include/uapi/linux/prctl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 9fdc77fa2bfe..e88d2ddcdb2d 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -321,5 +321,7 @@ struct prctl_mm_map { #define PR_SET_SHADOW_STACK_STATUS 72 # define PR_SHADOW_STACK_LOCK (1UL << 0) # define PR_SHADOW_STACK_ENABLE (1UL << 1) +# define PR_SHADOW_STACK_WRITE (1UL << 2) +# define PR_SHADOW_STACK_PUSH (1UL << 3) #endif /* _LINUX_PRCTL_H */ From patchwork Sun Jul 16 21:50:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314935 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E0E8C001E0 for ; Sun, 16 Jul 2023 21:53:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 394A86B0078; Sun, 16 Jul 2023 17:53:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 31E046B007B; Sun, 16 Jul 2023 17:53:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 197EF6B007D; Sun, 16 Jul 2023 17:53:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 0B41B6B0078 for ; Sun, 16 Jul 2023 17:53:12 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id ADFFBA027E for ; Sun, 16 Jul 2023 21:53:11 +0000 (UTC) X-FDA: 81018826182.18.DE7C919 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id D3607100015 for ; Sun, 16 Jul 2023 21:53:09 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N+Py4rEK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544389; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9EiokGlVijer87hj8YWJ1OH7aG1LYVUNBq6hLY0xJSc=; b=3hlw9fA3w72rVP84o4LM4VOa7qvGzknx1eZa6ZASoxLaKydUFQB0GaLao36RxfGqvfbQ7f cEpjsrpOny3ENIo7T7r+Lw8T3qCAZ+OnpBY+IoVMOYWEtXOn6rXnHeJj3prgQbiodljfeD 2FwiaoxcHqOt1ed+oemD2pNEuCvt74A= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N+Py4rEK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544389; a=rsa-sha256; cv=none; b=VSgi2DfzrDZxp/GWpDgf45zi5Qu3cFo7SakNTKImEGmPWd7kAikRtcsoljwxzn9jOTKg/Y YBCfLnPkW9r/3tTK7GW/yHn+mV95p786/Eo6ktIWMrhvMt7ex8lh2e5QN0bJdOmDVHyvXH Gb14LXVBv0I4N5DGLpcDULqsSjGpqfc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 10A5160EC9; Sun, 16 Jul 2023 21:53:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4103C433C9; Sun, 16 Jul 2023 21:53:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544388; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=N+Py4rEKJjLcKslfUQhgfO1OLzM2rGuwjpOszMNXo+y2NlpsFHeY3dbTRq/heqKTb wCotmXx42Mh4PFe5yqcrpQXV5HgTXSOOBEZ0RghiFHyfOaEpsg06fHhTe/tHw/6OcC BTi00ukC4eUl1XRMgUsAcmJBP7sjQxXyLeTfrrXdgYTCff4OLLtV6gVZjP8iCXVcKB P6nPf6DSHHfQz0nOcp8DDAG7JTMQcPwLVb6A5VLrHSwjq+I6/Q3R2TD5f/rPdDi8zy 3R8S3ECtvSSDliWtVW2gcieOb6yEb9YfvQqE8rjxrvgADtdRuLMv9zHcIhdhHgr48K TLshLQx2OIL8w== From: Mark Brown Date: Sun, 16 Jul 2023 22:50:59 +0100 Subject: [PATCH 03/35] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-3-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaRKKWoYO6shp83J7bdF2HDjv/deCuL6Bh7YBpr XGGHoyKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkQAKCRAk1otyXVSH0DHnB/ 4m4xAjhCNKrOG833NrlQvIqQ8SUd4K5W5qh5Ps/ZgIVd+0dZkeIAFcRu2fAfuuHQl4Sg+SRkRdWPge eeiRzTVTFyv2RXMEQOPvtv1m5NUn4oCojVB4hywZSC/rE9XrRGNDjGZyEOO2ylprq2nf3mDYWjstJh 9jCBGUEEhqXr1LT17uFMA1zEsO7JJeQ33aTE6kDdjYlBrhTZq43pRfEROGeW7Dhgjx3sd6KCVltGCU WGPGxd+7M83m+GVw87chK92IZYO0+Fe1tKdfMfbfNslHg415niWo8ao4Tm76iYPut036lAZhbttboW zekDSpXoOfhPseiRPDqOQA1eWCZErE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D3607100015 X-Stat-Signature: g4h34jbs5uycw1o43ak4bo3446sdojk7 X-HE-Tag: 1689544389-518497 X-HE-Meta: U2FsdGVkX18e60YPOSF2gaXQqtq8542dYe2CtbPS7e+IdJbN2sUG8fhkZamsyx3mCp019uhGVB5CjaN4cclA/wrT/njAcRFQoRUNRHPnUZCv9FCiiXnPjtQzprCxW8ieZ3JhO0TUskBYcA7ZsVUBZMM9cjfD2cwadxH2uQT/X1YImdAtti1wA6xAeUNsBwa8n2iJ2Sf+CMm9ID3qRhEVTwrYtmyqmTHxPNMVXSRt0171+TUBjyuW5NfZOygjY+WK2e3poLYrQpQNwORJP0+37wtbxAAElm3ocgTnktmUaSwOYFd+4zFguiwVgaM87VN7e2o9GNvzufuoW4M1MPC4rxkKcV1qo6sY/CRtDksZO4WKeNkPEM8GDW3ZWaaJIJDSUYaW7r/VOexF6gXJuzipcYB5suynKmZNwnROPfzXFIRnSxtHUNejUWk+LmDYHa0kLlmRi+0dsejSol6OUe1ONZ+YMw4bqIBULG3n558Rlph2sZ8C/T8ybjWThqbOSVoX+jHCfZRcYGHwB2lJ5a4DVrm/kGOGAVhjHj86swHeQFbV6gQQN0UwLKmWHZLaSN0KdB0jg/r5rEIyGLvAVxP/sDaz6a0BqNljnbzVjwLBDyDamBjLWWgZVPbvwVOeTqo1e1XzHsJvxrKdqWwb4DmzHUYN+4YkcG7MmQCE5HiXsQpmL3oGz6dtCGJukHzdUM0YAW2MkEzJy+Poafa58iPkwIm5/7LDiLXzI/+2oO91fyOtJTXPdeyB/DV9KEwf21BFNTJL6GZdBstfgx1K/JmRskOVmgWAwkLWIgnOBte0AapF8PkUg3CX3gtkpAwO+t8rwTgbqXQr7pLF7jkEXor+fvr3rVbL+jXr2MTdJp8wp2InCbkjbqqMqezeOIKB8r38tbqr8zMjFfD0usKdWPmLauKDhZ3mGAmOJcs6Ywc7XfVSCXSluUTjLLsb28aEXtC5ERx+RVURWB092TNlgip WMrJpUMo PUDsO+SjkHRdP6rA7x9PznlxIOJbgFh5SGAcS2h5DbPtl++IJEdMMTCS6PhARfXQsNn+HHHIA03PW35pAjDt4FrnGLPZpDPSKA6QvBQ5bwPNvNuhczKt4/LEjK8ZXxbLCP0hrzyGCT19Ej9SAPt90YYjISJhmOLMbN/2pV5Bf2KmapClwDdzZJwACnodR5FdRwCN76BwY8U2g+iKRl2+S+c2JltWGHTmW5WkSuyOgrqhKKhV61e2FqbCuIv6zWz0VgwIJPpQRc1ZsN4Muxqrj8wOARx/p6Zw+ys29xoKoqkeeaT3sCKnSPMa5bcx0fLqwqEPQxfGxD1wKm6Kw//Rn71rUpp4w8QpiD20zpCWHXXSL+rKugtuzugbQHAqovjtYrQDP1MdOxedA06GUcYRmmVHGMHMK6XkhE6ptL7S4P347Qzk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Sun Jul 16 21:51:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314936 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CF34EB64DD for ; Sun, 16 Jul 2023 21:53:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 08A376B007B; Sun, 16 Jul 2023 17:53:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 037DD6B007D; Sun, 16 Jul 2023 17:53:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E1B248D0001; Sun, 16 Jul 2023 17:53:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id CFF2F6B007B for ; Sun, 16 Jul 2023 17:53:17 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 920891201DD for ; Sun, 16 Jul 2023 21:53:17 +0000 (UTC) X-FDA: 81018826434.04.C879616 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id A37994001E for ; Sun, 16 Jul 2023 21:53:15 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Pw9nSbj1; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544395; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/J5gml/ZvxPeYzFnar7ZRh22Rpheqf3o6tjd+YpoQ6Y=; b=wUz5btoH+2c0IvNEo2aTJEpPdJNlkYXL2jC29YQthtN2JWQOKxwteY5vXF1Dl9b7w2pR10 sh6j+uC09Ea+dTTspeCON3Y+gMEcZHbqse9+CYcUww98tqDSUuSDkII6tH8tLCY7Stcs6u Ag+PHtm001Mk2xRPT2nTZDoGsBktWs8= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Pw9nSbj1; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544395; a=rsa-sha256; cv=none; b=FjGzbBeHecw1TOMnsL8TDg/YHV++8VuzR7RBn2xC1txrnGPyCjUAaS4V3xHD79Y177K62J F6JB8vd678bz65tMH/Z2zT0ezyj5Gf8IdPX82cioERswepGdP6rtxREnbWaFg1sKFck6mS QLJ5DAApB9AwwpraV+YsHnzJmQvuWGk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CAF5A60ECB; Sun, 16 Jul 2023 21:53:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E395DC433D9; Sun, 16 Jul 2023 21:53:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544394; bh=NwoSrueebyEbURTt6m5toCTRYZrdX6jgyTyrkGE3+ZU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Pw9nSbj1Ol7LPGjSLs98tJZ2ACUWuX7wQQYkilyMpsfCvAB45wovv6V2mzuuIz0uF Ta9n6jqp1qhuzblLgIlKp2vP7Ul52k71KP4cJzkYbD3i+k05japnbgt35ldTDVMe/g pCIKWHuF/Gs3+Sbq8i7OIJBcVxYDVUaW8bXhdtOwtIu/RvNPXfMVM2xQPeYUYBTctJ mQSCw3zgqneH2ozN128Ws1sFq7EvVGjkPDvzbbMaYjIsqv4ny60tqx6djj4hR3OnsS uzzLsoIKqCwVNx0MqfyIh/WawOG/vY90tZPVxETP5zt14KoGdgE90OitpvwvPVacHI Jy1pwbEsiEsOw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:00 +0100 Subject: [PATCH 04/35] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-4-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=9701; i=broonie@kernel.org; h=from:subject:message-id; bh=NwoSrueebyEbURTt6m5toCTRYZrdX6jgyTyrkGE3+ZU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaSuKIlLy3iIp8ZfqhQgcwhUn68HYcvTih8Ur8s CrVsnHSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkgAKCRAk1otyXVSH0D6eB/ 4uDk8zcAj9uslFWZsdWHaI/spnjukr91kjXqhcXwjOBoy5ks8ezHxFq85f88Hjo+ZzlfaOHQE2LM94 EdjqhTEnKU3Zns91S6GxAnVkHmU5COOoKkLCMVdHPz8EOMVX8UUKEBlbUvUuHQ3prpAJ0w/p5HzYmO 7iau5RKuKAeBNB4XVnY4Fb3J4Zo7pnI/uo/Na4onG/qOcXWuVM495JlGub1WFWFG8+D8CrbvaJIWAt c7bDhBK4PsLm1x5xQy7q+7KiJfkT3BHkLt2C/EvsRtVHpASq+5RO1a2n/obgaPyUlIAdDgZSmjpS/D tzXAJHxZPdPsm4kzNDCPAKNY4nW5gv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A37994001E X-Stat-Signature: us533e6kzd6ztuh3f8gty7pg6kudgk5n X-HE-Tag: 1689544395-290876 X-HE-Meta: U2FsdGVkX1/5oeNP/M8nKTOQ9EiLtQXI2MDFn8sekrIe9DjN1m27d5vXrSBQFycvJ9HnucFrKkpXaGlzKZ2ulNJxXq7i216LwVSe+UnPMf30HTo+umBtGn1Qn19L8cvqDCRnBShmWybL7wzL63WQdmVptTwV7aHlBsW3SYaVL8YMfUbSE4lSpTI2OCGJW0gpSHQqcItRhg6KcX4wWLGuHzmIE/9+Z9Qd2s+/aec+s1ETr06AF+Lb2WEYPpAvfctwY92NnWOBHbJBtjK1c9AxSSToLSbDtjEvgISvKlp06g1UFUKZqiqHaSOihfIEed1OLZKrB9IF9adWATXfe67BIFa6GjpRAM0ZVxHlwOXdc1QXfQc0283CiYZe5H3B5AJSxGLy0YF6ZfXd06JNNp1wHt2Wf7KhRom1sqNNIER4knkhv+pDQswWWfiz8bsii1/MzGBE5LeYHL5NUuMU/1CAC6RVgrxTmsZc4lVkBK80rTmrvtqxdLryVbjCN/y1HFAp+2uLEcV3lyBlhRGq5SSMdV/+3IHWh8lIbwxraE8ipLpTBkG/k0/fX6tDocZukzd0hvpYgXZQXEhMfQkgBNPb/tuwN32dXowGAsxvy5S3VoOBMCDR2Bwa7ve0z9xRb4m27f7d9/t9SVa85L53XP9xatcCgQ/HxYFA3LNyhq43PvXYFyAM85oevc30mP5EEkdmWwAyLGTFm1NNZ6OptltWg5Nr6bTPjmtjVknPkrc2g1GB4clhicusyBLdy9qLfVRVGMdiXxI8cOOq+CHgnajqOXYEZ/2kI54XHp64tfmEE4LAbOVV+oAAGC8sQAdheSxyPPGo7ab8fmxjJ8hQLMm95yGXoC2Unt4c9nGFEyQW3Jys3gxbh15C/Z+ErOSHTZqH5BOMj+5F3F7EXdApS4CdR740y37ds/XiJjZrhsDFj+2MO9Myavo3rJvjdKJ/LE33I+HUcwHfzW1pPwidSLe FURtefNO WFvrPNT0NO3z10KDYemJ0fIxfcPJ+F5HSX8JAOfcaqR02XpagqblCrOj9s8wTQHqkIRNCkr4a/X2y7OBaOV/uiMT75F326qqywGUc16zfrHzJB4YFwtRDQ/EGEWie67iRHXSlDsvCo2/48ie5vL3lUinpzNLR6tJMYO2j0oNSzVs//7DdvC+8G8i6FBDPuKCU36EItVg8f5hwxl6a2Ag33V70WbYH3jaQGKAtndxEqExw+GR/NSWjFlEQJE6ZWaj+eoNcOKUVLISKo5b+vef9HuPuyLIlh/TKXrK0/vHsEiY32fx+3MFdJH4ko6XZFmJAiGMLEhG/qW8Z6WmaFa8szViTICs34U8wM34U5dF7Q8dfrWPFH6IBs1LQVaSRLl87hrfFG0PZ6pgBM6zZ3saxhblTp+a+3ZKK7cup6MAgchhgZUk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 216 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 217 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..27ba72d27952 --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,216 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack for + and enables GCS for the thread, enabling the functionality controlled by + GCSPRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS push and pops. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* When set the PR_SHADOW_STACK_LOCK flag prevents any further configuration of + the GCS settings for the thread, further attempts to configure GCS will + return -EBUSY. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_SET_SHADOW_STACK_STATUS affects only the thread the called it, any + other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK / 2 or 2 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() will have the top 8 bytes + set to 0 and the 8 bytes below that initialised with an architecturally + valid GCS cap value, this allows switching to these stacks using the + stack switch instructions provided by the architecture. + +* When GCS is disabled for a thread the Guarded Control Stack initially + allocated for that thread will be freed. Note carefully that if the + stack has been switched this may not be the stack currently in use by + the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set. The GCSPR_EL0 reported in the signal frame will + point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +7. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stakcs and + lack of practical application changes to the GCS configuration via ptrace + are not supported. + + + +8. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +9. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Sun Jul 16 21:51:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314937 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28C8AC001DE for ; Sun, 16 Jul 2023 21:53:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C201F6B007D; Sun, 16 Jul 2023 17:53:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BD0AA6B007E; Sun, 16 Jul 2023 17:53:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A4A438D0001; Sun, 16 Jul 2023 17:53:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 976746B007D for ; Sun, 16 Jul 2023 17:53:24 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 629A01C8428 for ; Sun, 16 Jul 2023 21:53:24 +0000 (UTC) X-FDA: 81018826728.28.649CC89 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 84E82A0013 for ; Sun, 16 Jul 2023 21:53:22 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eEdHee+4; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544402; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=R2NUwjjUT6uQkbAqed6lLCPT14GdQDY95VA9kucWRu8=; b=QPhtn05oxe3TBR7L7TC2B0yNTQnR5vbtjjawBspYX22MHJWzHpiFqbYwaIRxkpWGfs0P26 0+p7XFdlKBT4OywXSOE1AF2hCLyCdgMtppWg3vvGXda+fpcctVqy0hMWH9+xXH/Hf1zOj6 tjEZpGtH+F9naqH3cGNHMvAylwOn+GI= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eEdHee+4; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544402; a=rsa-sha256; cv=none; b=gUfVNpCoNAFofMg445rx7dvFUHgT91HJDSUdAwpbZnrktaOc/XNHkSI3F+gz7esiGahBdI UbjpKk+tgl0jUikSYAHtzCCdnmNQOOFpGFd0VHtiE8E2nMHuMGZ9hOizK8xn7RozWnw2Ps Wdtjl75b0ogB/I2Ai8aOv0bLkNvB/qs= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C0D7860EE1; Sun, 16 Jul 2023 21:53:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17F03C433C7; Sun, 16 Jul 2023 21:53:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544400; bh=Tx3LjQSA+sDYz0sZ8GW+Sw5vLyOCUOW7mMsZCTn9lVc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eEdHee+4OejXaqKGGTBAKgUtvYurZ2DN/zvj2JYBepULBj1SfN08D6cmUVdr1Lc7e efCd/bKR0M3HiJ9JhCTWYiiZn08EiKRsYILAf/QFW9EXwhZHv/AT2lQkwEI9MnV9cN aoH7ellD+w3tSU0lcPGRDmLVQxTZsNmw4cY4F9vyUk1DciDwfbU2+9VxQI/Q6gvUnH N/Jnpkny/gFRQp8aytANV64FRwTcQvhce72xPC7Lp7C/05DCoKABju3EujIU9YI6LV jinykBcxppCGhJQ+Eae7AdPqd66F0fNb1l6j0sO51KLMXe+Tvd8AdHX6xuRWlsSMKM B4JeWoaHNoxxQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:01 +0100 Subject: [PATCH 05/35] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-5-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=Tx3LjQSA+sDYz0sZ8GW+Sw5vLyOCUOW7mMsZCTn9lVc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaT++h/ycbaNVg9yGrZMMuOhkEji0FpV5RaCDct uX2XjOuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkwAKCRAk1otyXVSH0BWlB/ 4+xwQQ1I7UgntUZtWvTMZ/rpoEN/J0ABiuVDrTZbUPRqcOnoM3SWGp7IMIIl50wZLht9C2CCQPPyKz GgLRtFvpro3bi7yMI7Cnn3dwwUW1ZpZX1O/J/d8tutsolIENYYSikuT6oDewTGOuTWDW8sqXXTB8l4 6r8MvuadOX5MCLId+S3tu9lv+iBN3swU9ob1xD4IxTMu++h9tM/v8Log84Yr/6UVdAKAWJXHW2Xn37 sq02h41a5EcmkSnwE9S0ecX9kh11n4M/U6OnylU6Y5gNy1vs9cRU2EX3cNVfEYSltj69IdM7sDDe98 Eb9Yh2DsWANWOuGv+HxDJp0HFTGkJy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 84E82A0013 X-Stat-Signature: izet9mzor53wguje6whqypp6y6ytzwgi X-HE-Tag: 1689544402-541913 X-HE-Meta: U2FsdGVkX1+o+sph+BIsC8uiA3SstRKJg1D05YMSVBe0fC88tYDjUuKmDX7p9LrkOMKh9l7oKWZ0iegRsFhcsl+8omD6KgVLH/8JlFjjZ/Q43SNnq52pjb5ILxtha1fBZwxv3dwL83y0dwfkSh60rV0c9dgX8x7sxo0pDVUVctE61goXFi9uQ4tzjjbmCdROr9sbVzZDlyh4jKUmjOahW/3ftJBF8EA9QOPZtX7T5kimS9NxN584s+c8efv8oIilFXpldPrtP/U9nF4OYDussuGBcbV3sUy/wvt4VGDsZxwNln49QE1sJbuC5W7NhSOLvgcELcL4f2sOhxDJ97dJ417yP50QFXEKTOLuJ6n6Rsa2H1le7YLmkCOnIqxSNNX+Krd0BMB1InzmhYjTNhdsU7986kMuPGKivd4nR+SR7nS5gVaODpC3jQf3rtU9dY50Cdq6stWkry3OWPqkpAOcM55CqlTGJ+ilH03DO/y290qfYDLVThabt8cMN7q8Uwix7J6aARBN1L3yeDsfUP8O9jv0EcCzph1a4Z5ispeUzjm6g9BieSWYFqa8CyJjf8lVu9LlA9itM69XX95cfBwizBAlp2PuPMaUT6BR3/nL0DvxCc/HJ15FHYh2DXZqLH2K+lf2h8uWmUSvKwnqvhMreK2jKRbikuBek+p6ye8Zs/HjxXjv3s5g5BBSso9sqoPGal50xS1aUZdjLU6zKaVdrdNh3hq0EHUH/TCylU3qg36BAV5KM94zbkNdTjYD8gDO1Rdb/8P8kwCWq3aExGQ32qAvC8scrvTBZaU5Rws3wvPHwl8eJbMudfM5dfg9HSw+/Ovrw7ahqhWHAIVVvHNn0XvEjDcJyzP1YlnOUZeWe6penZep7CBJ66NH/M6va6ZkWio4rL6CGpfmv8pekflvcekAb244dFnX8rJ81YupDGxL6o4CnvsIqHdgaXkMtTmBxdT4fjA9Ah+24Ob/Fvs xVeIaLK3 hy4y/6AVtiuvLB2oOSRFuoO1aAkwZzvlAV2/bxCRNqd3RJ70s0fJeojdvECN8yV4C0kONAXPjx9R+6QoDH3KasVn2RN0F5TaNvHyk6LQggr1IbKkXQ2ijtX5qFDvOgDDNUtd0uEEakNtylunSJ7hZ88tfHmQJvxADdpTr8s7SlpM2VnpigGZk/8pMWmhS6ldmBppHQUXOYz5Jm0XcvGCyaUqF7VCyFYn09gLlrULr76XaxBKcCrNZFtzhLLjMxfUIMT3jjYLASTjwYyGz/fgozH0pjb0UuDseevTuZb8JTF5pFzb5Rdd0DE54866SgWlfsXcjrBngGTZoOM/0W1vLR1mT97Ek9QKguIdah7tlv0TXLrl37vGdqgc71XtePJbju1LMKKCA0I3WA6XzdfcMDzsMrIBilf8uoeufjeGDFV+mR+k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 1ea4a3dc68f8..516aef38eab7 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1780,6 +1780,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2010,6 +2045,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2209,6 +2248,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2268,6 +2315,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Sun Jul 16 21:51:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314938 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E80E2C00528 for ; Sun, 16 Jul 2023 21:53:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 89D5A6B007E; Sun, 16 Jul 2023 17:53:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 826FF6B0080; Sun, 16 Jul 2023 17:53:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EFBE6B0081; Sun, 16 Jul 2023 17:53:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 5FD136B007E for ; Sun, 16 Jul 2023 17:53:30 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 32C76C01A9 for ; Sun, 16 Jul 2023 21:53:30 +0000 (UTC) X-FDA: 81018826980.04.8193E87 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 4D9451C000F for ; Sun, 16 Jul 2023 21:53:28 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uzQ1im68; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544408; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=f1Fjfwmv9c20XNlM3MrDH4yBU8vPb3KKbDiNXIhVRLM=; b=P95jx6VJjtjQPNFW3OSQTbIBXVZWpVToO6Agoe+Qm1uGKKU1v7AwsdAmulrAiiDwVOoa4n MOG7Q8AQe6tBsy6T4Lv5800qSp9M4ApWVKs2sc7zuz61scoRxnf+wfbzgjNzbKnH5p195R smE4sDU7WdQvDmLvgwv/5yhQDt/di34= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544408; a=rsa-sha256; cv=none; b=kHkilDc4scx6+EhPQFj/cMPUEVMerOp848wmOeCtDWT4KA/bKJL0ftokUOH889XMVBzXrP s58i1BEE0hqXzloRME9NEvJssxw2iKiIUKKdtHVzimjH7CtCqPfVuzDVkFJsR89R1eWVZa X7dEY9in9m3EEPZ9XEymLGgIFSwqwAw= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uzQ1im68; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8A83B60EC7; Sun, 16 Jul 2023 21:53:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40995C433CA; Sun, 16 Jul 2023 21:53:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544407; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uzQ1im68+uRYQ37l8Y3P5U7a8pIhItxesP5/Ha+GLa0KYNA17P2Sta1FT5WU4v/L6 KvGIaLo1Zf0YNf5AUzcQObikFG+QXtksSN5NaCCbREi2N8a60cRmz7EDDt40xJavJV QzVjeBwSmghoOY24pG+Cyu/XMk1zBQGVjleqyLkSNAWIZ4ttEJE5piLkrmZby4eBbs v2C2rloKFR1t9/PP7O23fZSv6c19/onAYb8xDtkEQ8iNNAZ1GfmHADXH2UqVoMLxhp o2aQy8HsyX9S0YD3U72tJ+wutyVibdlTzK0pnEmYK/6svtAto3cQuUk86mP0GVxoZC JlgDpAPp1FZSQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:02 +0100 Subject: [PATCH 06/35] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-6-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1361; i=broonie@kernel.org; h=from:subject:message-id; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaTmVK0TUI9LTFT/azN8/vjq2wV953BMqK+9snM Pa5vL1yJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkwAKCRAk1otyXVSH0CqmB/ 4436TL/EM1gB8ywH6nr0DbwUHDj9CyTDdqJ2nvvtMQHXypn6q1307YvWxphCq4QKu1CoiR08Yzopui ceroA2JEG6hNuK9ifvwEpIOhmNN2Z1vu98yD1FQ3Pprpva7RxrgZ6JKxg5zFKHwpZViKW8DxxpXIiX iLnEeOd0ypipAGU0VyMjNKhWsQcRvd/uYrYkgUXDXiYhqUQe26jt4yZJwfKJqZuSpNSlTnB1F1ERIf 9LKLi77VcX8jSllnqf2E4me97wzF8b6ygPLDtkalK9GdBfUSUHR2G8VNTKHj2T/VtBzwbT8Gti+SUu Ijul9BpfaBVsABhYmIConTkXBeTtDm X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 4D9451C000F X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: 99x5ufinuk3mjxendirsu7ynhii6qigg X-HE-Tag: 1689544408-903886 X-HE-Meta: U2FsdGVkX1+AyDnCCrEC58ADyDQMFEP0u7pb5H23hQaaD9uJAritvYgkxsp+IaeyQulC2iHsExOnczo1Hp1wt9nFz2J0sdjuM68cqV0mapcigJiZfZcshIC6Qzqw5WhA+hQLUR8nvMZx6fskXfVO1mbhad9NwkRdZ9XqrFaI45Mor03oPfTvO8jRVBH0xcqChVN2FIt9+h9oJxxenIJTagZJWEtH7lFmMX5yMfHaQ4FrfOMMQ2fEfgMb0QXOuJblq/9BAZFCUFfL8+RwHYSXZr9hI29x5JuBJnGBgRERwxDpaE67LdnMdM0p2ub00F3xRa2rlRD+66I2etNgFPBZWIDwRIb4KKFRCJgcO6rUFmqOOzXdUiqZvTBCAKeHuN367LnS0owiGgMS1iQmyRs68MLSWoDZFpKXFO8ANfbh3huPwNnUaz90HMHVVVY3OMCO2AhDdgFiPPuzIO4BwiPpnKVVoqoz+JGK2VlFaZQBu2cu56dFNx6BUwpj89E8hA9cI2IGvih82EdOMTxKvx/5TF33A2Uia74UGJIjzGUiVKgp4SqjBjIa8DFGZFtKNUKtJHxITB9iyYR3SeSPfekNJKINawunkSiOWzbHBz+6dZIK5Hmci4+HNZyO+EpgULCfLemvjT37BiRkpW7eZl5Zh02ej8bWTQ/NnCVz7EXaA86cS8sm3g+KmSyZtZ/dR7s2I2Z+t/yhsS0B6Y2ea1n//VW3AJtkaR3AXAWJdU6Qyc0X2GitTofDqxFs+fmSZ9ZkxG0AieiFzfn1HKBAOQKRTGe9bZ5Fzyn++34dTIDcNsnfHAZroJQx1MeDjCLydd13kGeYXHtYErG5HDsVSpfWvd8T04khqLF6z0CVeVxCKtSPwabIoPCQcFzU0A/RBD12Jf7FvAtI9f02kwxBw+e1qK/B/YTX2vpljOf/u0GhmZSWuKa5g3TVwrSmEyTko0BZOa0VcBTvSrBJ13ToXAn /VnlvrGT wunl7OlhSSXlziZi/Abk+t2EWXjB/R6Bu7Xgwcvi2xu9OTlZXV7f3vfjgp/tyFZ0IDeSWo00EG8lznZMp2PTb19QsrJYKnghBTqKFZXhBw9hw9Ted+2YdF5VJyqfQr0aCKu0JlOoHFCZmTyfJXWXUFzB6NJssKmWfUaDzSXPfNzj7xAuQr7dBushmJ8QyhvSnBY4M3O2aZ4S3vK94DLKpqeR8ISzZWE3im8SNWtl/5Os4oe0X0IWjK7k+JtUkQsFQR1pfjrt3DJ2M9IBvYRX7HVB2o8V1uJHog0k0zZWh2WbaKsYJlsib12Y/tiShiosv9p+vLlmNnT+oYT+JVuOHvzmHHpqJtqO/dpmpsCgHuY/49Bkr1Iy732Q3FpfKgsbzGeysMOIooUaDlDvnmwtK8sQzI+gjCEd7P9TjHrzQL0zHJW8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index b481935e9314..3d7f9b25b8fb 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -730,6 +730,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Sun Jul 16 21:51:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314939 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CBF7EB64DD for ; Sun, 16 Jul 2023 21:53:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE41C6B0080; Sun, 16 Jul 2023 17:53:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C93FC6B0081; Sun, 16 Jul 2023 17:53:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B0D998D0001; Sun, 16 Jul 2023 17:53:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A25C36B0080 for ; Sun, 16 Jul 2023 17:53:36 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6F79FC01B0 for ; Sun, 16 Jul 2023 21:53:36 +0000 (UTC) X-FDA: 81018827232.25.B73D8C3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id A7707140009 for ; Sun, 16 Jul 2023 21:53:34 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EIVXuTuI; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544414; a=rsa-sha256; cv=none; b=1wRKK7D6OAsiImaqxIRUQrzfS8+XU8lFuPbKO+6fuigzjD8SxzomVo1IUzFpK7XaHkd0sJ Q3lDUKUJBKYe/hpR/STnwWXa49m87ealqT0cPHug5CQMrwect/x1oMFymXgWmmaDKYgiNz jjId5bZBvtSyW8O+doAU7G3TLkwi52w= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EIVXuTuI; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544414; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw9uk67+s5HTS/4C+7Hw36JUsrXswdGZ2FWphnKG6DE=; b=LVvf5mCavZmsKyeT2v/8H1VEOfV8Dn6DCOCZFXi3hq/Xv2ZLkdFWwgmHuSN2q8UWtsVj2u CWk2CteM2VcBbpwetddx1vqfRf+jEClSvm9VNrdYGPpb1im1vIuQxqZmSz+NlnX5Q08KtR qi47NPYxMEp3LAKzlgTOVWN83t14vJ0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C229160ED3; Sun, 16 Jul 2023 21:53:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6CD84C433D9; Sun, 16 Jul 2023 21:53:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544413; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EIVXuTuIY+cy+svRx16q095lI8R0qYEdOnkOpM9Dz2Mjyt+JMQ4TIwpAfclZkxmRz ypDoe9p/s18CxofvI37IomTHdfWP/9ysfadVqw7BdoRUwvqSALK67h+oMtcp5OUObP i7YE1uF0gfZhoDqusjcKZB4dpDfY7X5pbL/4062mvPPbIsSmZ3+LpE+J9hCU8p346t 0Ep2VvlDKLO93cmtTkVUdRAZTYLaU0yWF8RnMwbqM/odUvzOgPK5Kn07Ba6ZhIwdML LPjzexYvYaw/o+Td2pL5yWshmxzdAoal7Hmj24SzLJDDdlmginyHcAuMKBerDOqKrY muhKI3h9RlMUQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:03 +0100 Subject: [PATCH 07/35] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-7-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaUN4aeaAwCFkHQflmt2PAnyRNXHtw45Ywz6qxG Xab0kZeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmlAAKCRAk1otyXVSH0BL2B/ 9k5JaZ3viuyrN8msxXAcCE/j7Koesget2VB5E9ovny/d0xhQf2MogVf7/QvYRD9OA/+TfA7lYCEt/A 4aO8Cq2y75rdhJuvFGZwumZPFCnWc5ZKJFGcfsgd4Vf8P/2LIMeNLleBrub3YbxT8svakkp4ty2ZVl +xdMETvjbnSIL+gAtd8JWzrJJPxW8pXhdhHtu9FTBEEaUUW24+yl73iyczpCe+0Ikezyl+uFUcFJJc R1Cl80dOZD87l9pyRbKGpfdOBrlodw/y5gO+kascJmdAkpz8yqOCS8afTERsLU1GMkSF6SYrGweBjK ADoQZ6GrMvuvaX4xnAlSxn3W8iLLwx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: A7707140009 X-Stat-Signature: dpubdwut4xkj9w87gapp8gsc6y6k8mkc X-HE-Tag: 1689544414-199322 X-HE-Meta: U2FsdGVkX1/xf7lxfK+Qu+xFJMsB/U+rgTOQGLiXuxWD45ctZEy17P3OjAnrpi8MWduiRcZKuo9sokM54AvCeBqgoSazlLRcQMpjtOV6VIZFOwO9Kzmknr8Zj9AaInC07mE1QZSvl6183Z5TL+/Dt0AsMTDcqQGe80oyLWK9qVJap3sN6850ZLKUbmPHXuG7mD5bhAGQ1kbdCSjoSLU2veHaN+yGKhs3PRcA4Py0ZXdWvEc4UottABqFca0J5H5YxxahAIIGyCg0Juk/EO1fUpghsgBCc/9krsO42C8qevVkH1Qgc9GC2CN9z3C2DvBheymhvx2i2Ch9l7eRv/mLuiQnaPgVi078PE22xveNpLVMjse/Nnl6hUrXmCVdrcHSkaaeVCFiVFDTbXl/PxbRXBvFrHD65gvdM86ZogFSAQ0XoVCysUWwMzdSXxru43cLT7uvB1ss9x9h1ES/kj/yyW8b0qYycGKLSikS2m8pFhyR533gLNpGB5eqqMs2yGmLp3++AhVq2xuNznDGC36pL4WSBELoO86q3u7f7j/0Tmw5xFBkHQBAxR9EnrbGYzUob0oGmMRAE4z/mCTrbbqhXtYw145npgrrASpYhwOucsKq/PcvxZ50Hp/m4f2GFeTxqV7jdytf3346UKQqxVa6JszAcUaNt1W8DzMyyv0PZzMKzvMBiDxUODuDEjEzNrbubCg7TvDTiqP31UF7lCsn04stgMZa8iOb9A5+tizNeWOrWFp2QF4r1hOWANNEGs3gOtdyKuJQpa6PIRUT+kh2lDzLjDS8lsGbmjDD8VPdghD2XDrYksMcrGYswlDBGphP7fnQOwKSDnq/8oPgz2X27rS95H0uh20C2TiTRzQvj4sFpjEi77UMqADjnv7OY93EYRB+Xc8+OTGPg0cxYAY4eIoNj7m2zrvuTpmRJ0C9UpiF7xfw/UrFQiWT9ICP5Fc6XTkpw+NBy1YVOXlFYLw 3dkkR9r1 VuIz3XOrXaWnuInAqfAKlp/jKxOfLh1M1CHugeQemojJVI174j2JUsxi0T73ihn2d97p5MxUcmjh3DMSFmSVlB/U2XT2jWel8LD7bWdzMPGhSZ0ft+8nUQunItwbSWdNRDqJnUP/esKYVl+Me00fjSCEtHBd/jkivPQ/G2T/pw+NIPqg5le6kW3p0srLgd+HwOGvRyf8JuV+lCcLlplrs3m8TAOQYDwLOEgIEv4PJTLEGilW9ZbuS5pzbCn+so72aDhxUgZK8E1tsCx0FxWkYkZVKugddsUMy6JAngGCR+H74WRhsK3rwhl55j7+3s531uT46v7tcSaFe3cYRWOgo/PhAistPJkKU2hhdxdVY6CLp7S8Tzm6VIFgo7cCSQtDwbAf5TtZ+BUlAjG90qLw8bCSLVm6OfTziKRSV6rhvSyfg8CQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Sun Jul 16 21:51:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314940 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4804DEB64DD for ; Sun, 16 Jul 2023 21:53:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DA70F6B0081; Sun, 16 Jul 2023 17:53:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D304A6B0082; Sun, 16 Jul 2023 17:53:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BAA258D0001; Sun, 16 Jul 2023 17:53:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id AB0366B0081 for ; Sun, 16 Jul 2023 17:53:42 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 83309A0283 for ; Sun, 16 Jul 2023 21:53:42 +0000 (UTC) X-FDA: 81018827484.17.86F4908 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id A54BDA000D for ; Sun, 16 Jul 2023 21:53:40 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N6Pc2CDP; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544420; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; b=dkanibZ062rIeqqeXISxqFblLFzwmTOoHt/TgRjCCgybuba++8J0E1lnWKjkeFUkHbp3tw BERV82KYdhu0fcU9OZQcP3xIBuKCK1fRA93/Y8DVCBy5eLNjFUKKkJW39smv9tgd+vP8jr ggDSyEePDYBjCI5EbNOCojebVNKEkVU= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N6Pc2CDP; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544420; a=rsa-sha256; cv=none; b=042ne+dCHLQsYFBMlvqaSBc74qwsjOHx0wJyrAZDXf8qQN5WjuNvcJY2p8OsfRWVpUBfh7 irY4xF18X66ebgHqY5+ZJ3gmgMLzAi8BswO6GRzVnTev3XaYlMcWJsm0Z5TBIS19+8DxYf YRoB5hYbgRaUSs97WWIwgVHC8FPiyWc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EBE0360EBC; Sun, 16 Jul 2023 21:53:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9AC2FC43142; Sun, 16 Jul 2023 21:53:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544419; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=N6Pc2CDP2Fb/CWuUDjX3L2i0ZPs0IpSy9dO8henIB7I6mnpUje22Hdq7vEkPoDu4g xlUhGW7pGAfAaNvDt/AWVxPC9oVQigNpTWBFs3yT8OmZrnurbVB6ZSH47hJ8kJHGps /CKIzVsFqEyOneTsq1XBiXSubk3NPS/GJ53et7TS5RCXk8P8JPg9TJv7ADl3cE+jMR 2Lv7yqFwLn763rYXqdfJmftd7l7TfWFXs77BEpS4ZRGT1pc7HfxAL+znSFso1IKx1B OWq8cE8ajUxaBeQT9T5L2qJfdtU3Rk+8gE/R1JgbzSnLYpvSNL/Kk+RDrNFzSoSKjD hOnLbmzUYvqMw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:04 +0100 Subject: [PATCH 08/35] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-8-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaVbZOcNR1zm48d/PDpByZZT+P9TDlC/pnz5eN6 pCwzjnmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmlQAKCRAk1otyXVSH0NbvB/ wMIKD7ugV+VGhtSx4GuImqrZE4Tt0v3p8oBLZxXnjjkk1AYFsZ51ITwpSRYveuCeKhGKo5TdlPUqq5 TGV7QEaKfNACSPh5SL7WiaECcFcN2MFP4z0THUL92xm6KgWL8A5oYlnHOIbNrYSp5p+HKE5VzgWCLS Bel51HElY2q2sRqHhDjGaBnNawBEB+529JBmGA4cJrZWRzpq1QDAAlDitHTbFgXJqkPHlYS0HrDocs 7p5w7QGKS/6G7JCZKBJOh6NXwMc697BG+KkqF9GoRnNKL5uLZxWkUHt86kkP+CXzx2r70LhZbSffyb gkXMfL//6nmpK2o0vvxfDTXp2gd7H/ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A54BDA000D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: fd7caco3tysmis3udhm7kmyun6jqfrux X-HE-Tag: 1689544420-889029 X-HE-Meta: U2FsdGVkX18se3v2VOu0clc5zqLwx81FUWlA5dltm4e/QGN9BTkobD1zxcA2VSpYz2b0LFgVZaMNq5dVo5J7IElr5ngXTHiu+0gAeVxzH4g67LAt0+47Vq2TXgbmJ2B6dbOwLKbCwfkUhgyKnjSaaL39s5Q0L2YXpk1zGWn8Z7sOzzELHb8tXBnJVM838NhiW/Rr6wPTf0YevLLYSbrLBZxG8Lnw8vjbichSgJdmIiPSsfF/9Po0SefEQwbWzVpItWDo5F1YhkkdiY4GqDuBrq/JZzPC3N2O03CAnTy3T1dPOGwb7aLxi2LFIDiJ0KuyfGDNs+vCrqDC3tRzGx1Y3fs4UJioD4XWtFTk5BXHnnwximX0Ic92QZUlk+VkwZATaq+lt6/L2T7mU+Rg/p5FyPS7693UXNDv6bp6jl7OJyee20ntTytaftVsVftSvCMMH7kkYhDQ7dd26YgXwN/iIz1OKGjFW1a7LAc7iQIk669mm8YAgDTjD7o1z2gcMeD23b5iyizBy+TERZR6YsKImAMfoVdpl5Wbp60uPtEb4zMCQ5KAKNxU0mgBXstCMpei1x+3wEbvb3UdRPY03+l1WKZPGqPI+Y/bQeSEJPT6IR74LP+StiOObyHOLRnplDz9QH2uerY+RZKhoxvbeJuD4QrtcTCSWkM4PSM4CJnZbH2RJb4achckMpy+JyJ2I31uxVCRDMc+9UO4O3glrWGP9NH74luZmaci7IvivaRvSzCwW07JPy2Tre90aTep2ZzsOBTDFjDd9OpfFGkxiHNupA35ugOZJZAvGTHSJwEAXTFpQa+IyKjHQvd2zMc7En7UQ2g4vD3o7m+OqAi/Wobnnq9+Pdl2EjT+/3NIQ4MXUhP0BaRUkkTURoBvK2y5NPFNK0CvdjRbccgEIDjN9Kb4zzXHQM2NUg1nlBMQhojKVuywXOb0coaozHaAnV2MGrnbHawxPD6dYYG5eWVVREL Xo3x0ikr DpdF8Hd3IyXujCb15VtUiKscsQW9q2NfDUWk91MSjrZBoJVBfJBHuv8K13LwhEWy6GhXlMb8HXCm+LJn4UOS8LiNSnHNk3rroDldN9eTSPK951+O74qdqjF7FlCpQzZ/gGGopkKW8t9+bgE3LGEPnV0O/KRAkk8nYxIujcTual8/cOqShqdfz5KRYcwk5RQSjCq3LcdImFJweKMl7Bw5lkemEELYLsMSDdbl6V9RsXkyWvsrnodf1CLKQHYFEOfjubbyAIcD6syDkoqfjOyeFrkO9kTDMD3FH38+7hSqf9XbKY1+GeQ4e8yHAZWXPlspnadQA1Wq/O3VOsWLwen8GEqC/rJ7qYDiS9CB161OnvlIZK9z0wXHJvKCl+s8XUveJFCo+6/0/Nle380QsX3YnfuI8hNhnmxXwbuTqKZG3iTOHYkXTylqAOKdLq6FYI/kKyNBLWnU8wRYZ+3Yx6EN0MMat9Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Sun Jul 16 21:51:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314941 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 791F7C001DE for ; Sun, 16 Jul 2023 21:53:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 123B86B0082; Sun, 16 Jul 2023 17:53:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0ADA46B0083; Sun, 16 Jul 2023 17:53:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E68D36B0085; Sun, 16 Jul 2023 17:53:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D618A6B0082 for ; Sun, 16 Jul 2023 17:53:48 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id AEC591C84D9 for ; Sun, 16 Jul 2023 21:53:48 +0000 (UTC) X-FDA: 81018827736.07.3FE1BFF Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id CBBF6C0007 for ; Sun, 16 Jul 2023 21:53:46 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B3WvwLPa; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544426; a=rsa-sha256; cv=none; b=27OS3LwTKUumBQ91SKSCuzZGACiDcMzwItEbn8uBjXLIayl3e+pyyG7SnoElx/cVhLcuCR DYOwRS1pzpqTHA1Mw2bWFYmfMxs7e9iLg7YoUDqFnKeWqkATnvSDBDNDRnlLd1e7HCTYKe +598zOMYRfOGtGcbN4sBWl84em4W3dQ= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B3WvwLPa; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544426; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EXXsHxINrrFfFlCoyZXRZf7ruyCOroLGFsUcAXKHD/8=; b=PHLfiW8s++g2zsLGuntTwVexKDJW+h9LXIlRAi4wqgCpS94UDmsr6CHc51t1Enli2n30xP MYHiGI++h9U7f8oYp4kPnzN3rvPwYGoqqh4eAPJNVYRaH6zP0xt3+9Q88XH/gevTYgwBjz PhATQDxg2QLQVgu9sOEtrun9dv8XVdo= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1B67960EC3; Sun, 16 Jul 2023 21:53:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C9FC2C433CD; Sun, 16 Jul 2023 21:53:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544425; bh=5itbN5XsI23hSHpvwvYCaA48pJH6cAkdAvMEghq3bJY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B3WvwLPa0kPZ05606e24d+wKXy8XvpvoWS8YyXrjOnIukFSSQjhJyUhJjQ5PzlGRO 4fopiqdU0YF7x5/huJrF7KQ1A3IiNvr910mVOS+lL0aHGqvThP7j3SBISVrQihTTVN KEK6mooqm4aeC+0i9FAeSvNEzSX6rjL3UmKdWHOUkmvJYeBnz5mEBlDTvMnwRnj+bT f1pEcJrT7JyJS7kWKg3ntcxzSmPf160RwTF7Oe8QMN9pjhEuAmQMG89D/9zH8fjwgd 7YM/JEc3IOzMz8gZQmhtML7z2GKqPNIx+KgdLFhahrmLs+wlctaioJTYMx0LrobbP7 6FKUm+ZYqoDSA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:05 +0100 Subject: [PATCH 09/35] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-9-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3031; i=broonie@kernel.org; h=from:subject:message-id; bh=5itbN5XsI23hSHpvwvYCaA48pJH6cAkdAvMEghq3bJY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaWtHOw3enM4B5g54amxlUgz0T6xDyKMI+X9aWP sDgDapSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmlgAKCRAk1otyXVSH0DjsB/ 0ftgZjkmfkC59iaeyPxrKWG/EPzbWppuZtL8wn2nYjEI3bKdPsmO0+WXETjIu9YHQORgfIW30ICk9U HmPWiGbezKYCwJ/zM3zsqbeXD87zxToeeKUH4htD7F9lMAbpaK9YOLJ596ay8x5+rjIlXdxvxnSv+V WBhYXp4H998g2hwxyzNly3XnI0XFqdKO4B1FhThymySJjhLOLi+08NAoJe+zsNJD4tHL+IF/J2EoHB WL4/ADcAuOeBMtWPKBRFOodh5DaZ9bZu1dUrVcFM1LJIJLtiPEyxaL9oa1AN7vV4WoDQod9H2+4gOB /CLOY7fL0loYFvUKiTy6SeyWF+d9AN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: CBBF6C0007 X-Stat-Signature: 8s61rfwork9fdfw7r1557i4j4kgr5npa X-HE-Tag: 1689544426-652017 X-HE-Meta: U2FsdGVkX19t65pbcfmsspBJa12UyZIxznqZweGMX3cv2GtLp8KIjS3hsqp3Wz2wbguYyiHY2n1j92fUPDiEKGthYZ1cU2kUBYQJRJVhfXeNglRCWwbI1fE9trHyORJ7jnfL48sqbVClgr+fD1E2fcUGXvQjNpoAz/BR4NUiYm1MiJWYtClEsfYcN/vjFDtgXymnIeh4IlNB0c+HiBEjWKPwvaEYAJXOgG5op+caazGy6Sd7ooHCuEtgRkwSYOwvvLvSIpxs89dBG+U8d5qxeOiV8dFRm3rF2O6CbYLckbAWa+Z7CwqC9kQVeO/aHEz8GGuNRbsN94XwiXsDF+5zSZy/+/6r6iPTw9DusN4qPYmU3ARTRCgsrBlH3yWqqZPuZ9MWZTYK5kXVban2KVAnRRxPfntSr5vOMQ/8jWNNGzNiBQrukeVeMGeqAdE6s3qKDjcugD1jLLYWwN5mr9lvKmz5zt9BNp6e5i2RK8hTIl5Flbdxr1GHyAgJKeS7JvEL3U2uY1M80kamddf6a0Dy0uywn7T1WuDP52RlNJnbHZHiEKxtU8TgqL/+WPVgsmNzYyRr04c2EvmeDKcBc6VYpJN3160odaPfENqfKTQrcE78Gj6vzIFl0p8BCsBLLOuvCsH3VMhu+Qe+beKZymeJARuhHvL8aQrV1wCtKMKek8oy7RFZi2RM5nukb0cyq1b+f1yheEXYps1ZmGe8dy8gLE43WOhUWXFbS8V5s+VvAKqPNR+8QeRDz+286CohtaW7BUYllJMmqE4XgMT61rozInDTcmeXqMefy8SbxU9Oyl0Ht4Sb4MoX7PsfxgrxmwF/5G851p6NI5/QNLhjebe9p0Hc8PxuJRoCAgiQqtHFTv1mwt6u8XDmA8mI915lc1N3DrqSy1g5BjECYFOlUq7Obh/Vuxn4C0olTuLguq7IFkV/DfJV+PdH6ZFnWNpRu5uh4cjHCVmzO9RwmY9Nabw VQTQYS2t 2BrdqCqzix42CLaifkCuaJ6IpD5dkfSmL/QOGaf2dUHbyfIPGzCbTQLv2uFso/7rc2k4pSlPlJ0Ra8q6rUGrf7wHIX420bjXoOeHQ82srVy4xFoWHvl91YMnhLH8uRQ/AamJ9JqPoLYCdanIeq7hx0lWc/bQlWfIPRqAmi2cyi57TkM07zkDxL1iseJNEX0Oqml4bk0Jibb2bfRPviDOUGkV0k19JPeCyo+NYQjCZEQjO/80tokLDME8rigHbo6/R+f53NiqmFkKdjHqJFmZ6AWDtHJf8PetJksBr7Ql948BS7ykAoSxjwgfNcbLXNrBZq+G4BgAERLdN1z93lJaG+m2TDxulKNssH7Bra+QfEcYYMVYwXs7CBupnWQ7NUYmfcVavGOiMkOJKNltOf+B0zXECGjwC2yRORogUsp/nCyF7PHE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 20 ++++++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 27 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 96e50227f940..189783142a96 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f9d456fe132d..92e730027d84 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -254,6 +254,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2219,6 +2221,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2715,6 +2723,18 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = ID_AA64MMFR2_EL1_EVT_IMP, .matches = has_cpuid_feature, }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .sys_reg = SYS_ID_AA64PFR1_EL1, + .sign = FTR_UNSIGNED, + .field_pos = ID_AA64PFR1_EL1_GCS_SHIFT, + .field_width = 4, + .min_field_value = ID_AA64PFR1_EL1_GCS_IMP, + .matches = has_cpuid_feature, + .cpu_enable = cpu_enable_gcs, + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c80ed4f3cbce..ab582f592131 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -26,6 +26,7 @@ HAS_ECV HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Sun Jul 16 21:51:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314942 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF835EB64DD for ; Sun, 16 Jul 2023 21:53:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 235D06B0083; Sun, 16 Jul 2023 17:53:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1BEB16B0085; Sun, 16 Jul 2023 17:53:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05F7E8D0001; Sun, 16 Jul 2023 17:53:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id EC4A36B0083 for ; Sun, 16 Jul 2023 17:53:56 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id C9D1EA0275 for ; Sun, 16 Jul 2023 21:53:56 +0000 (UTC) X-FDA: 81018828072.17.1AF329F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 036B72000C for ; Sun, 16 Jul 2023 21:53:54 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fE04IcJ7; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544435; a=rsa-sha256; cv=none; b=CkYQ0ifuGLxwLKBMJJevIWYw05Fgl0LONSglnhVpwT2M9ec1BAdsfPuiiZii/UsH9+LQT9 vRTpYi6atGWVzi2F36W6wLteSiTnxqmoiC9VuGmCilOyTi0O1SbEtTxSoGLBpBeZB8RxZ7 luYr5zaViCuMSn+ZqMmdoS8sEkG7aes= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fE04IcJ7; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544435; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Dnc2nP1HVaiEDoBVg12zB7TbohL1GVCNMw7SaItQG9I=; b=mYrQIB2OiwFMslTIIG7pcyW3srti2mDavk2LSuJ2rIEZBrzRVfQiO6u8DhAh4TFLDBuNfk mNAjdxZZGNodvlj7ZtcgghdpN41kt4DkdQHDKmD1tL3q26X3rKgeoMPq9s8iqNvY2o+WgA qrHjaR9N3XXDx3vzHlMTR08LvbRZCMo= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4085760EC4; Sun, 16 Jul 2023 21:53:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1959C433C8; Sun, 16 Jul 2023 21:53:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544431; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fE04IcJ78ZQnPaQ3Ay8Qv97lmyNvNGnu+scPqJDRUrC+f2FW8HVBB+nAVXt6SuF4n wEiNofxMv5RUBs+gGJ/29J74O/wLqMmDNeroBCueNjPZFvW8Fb4xFf/WF9B28jb6qi MmU+IdVfnXmbpses4PIle04Js9RHO2NYTDJIWnyjzG7O79o5Ms4XJR498cuPq5PFPY Hj9tTGfKREuZbiaZp0GshqhBO42hw8caAkGtRit75FB8FZaQZcN9zrLiDnID+dqhJO 5es9YsMc/nZVOHMisUM1s65ZHso3ph6f0J2f9enn1dSpHEHw9yrdsWeurL/k1UKuk1 BghW7jueDS0vA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:06 +0100 Subject: [PATCH 10/35] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-10-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2919; i=broonie@kernel.org; h=from:subject:message-id; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaX/DeynJM1AQTo4tiA9qsSX7bFYQTdZophim53 cpiZhmKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmlwAKCRAk1otyXVSH0FLNB/ 9VWyeSNh/ecavajLIFERLxhuP1AWliN0iMrCdq6gbiMcwO9CmD0XAbdiwUralUNgcM711Andu7rY0f YbGUReF+DooPBhY6noc45rkzMNqY2e/SwVlE0kxA3Iskf3B0dCiWSrHJwHxZ6twNdxZbeE9jsv2d29 oNXFtEEVPhRsG4ruMWG/CNdDlDwKLjCIXMc9nEA2wGjCS/nC7jvQklbYrTaTvAZhPeiI1Xs6vS7Zqb U+m0c+b/vGCsIglBljirMn5knwBxnvmKJjgaT+iBrMDZITNVDzMhc27c41jt1Pe2qcdcIVbljYjp+n d4WkF+gceF3YUsH3fRoFS/HBTDDW53 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 036B72000C X-Stat-Signature: op7biehcqws7nwn7nci9ca395fzth9uu X-Rspam-User: X-HE-Tag: 1689544434-163095 X-HE-Meta: U2FsdGVkX1+pJ6n2n6zgyAbcdbdmeT/Ht7c1l/Sw2T5UOWoNJ0z3qIE0wKYaFNzbX7x5TktH1UdM3T5yK6IYAgkmhwLcW5rvBLYLQabEgGwpd9XqcwbUCfK5EdPDcQyAVJUeWga4BiodtImn/BxcRxxnyBwt9BS/M5GB+7Ul564Nm6LroMVZ39eIbKDMtm9in9Ltkv2X6gvkUYEpR3PypDklzeDU9vdkcW8wx/sn3lTQa7+gisHPA1cv4xkvQ0Z5A7DzPzB6R0YumuUd+auOMnyUVNQtw2mwGEK0Ygn+ohzWoyRTCUaC/7LO+l6uKvg6o5kCGcQBj3zT+oLsXuWjWRM/gnI1+aUdmW4L5rE3V7WODBVlAALZBggfISFOQvKLXI0bd2W2jGmf0HvOnPWPCXF0LvFv3LmHjbvQOi/weIwFJ/dhvWI1nXEK48bzNoX1ue2XCE1ffpWQjUYWGY7tbPbtQcZFsmfnjDlEmMCS6uvy8obtPQAHscotBgZedsioekbi7Ww5RhD61Og1EEX5CV3sMORV+UGnb3mfsIH8pYha1NxsLunejbopQwY2vpU4PVXENGKNDFZ2UNWQ21gXoSxHLcgbcK31g5M1nluNaNHRBnHuH+eqVdN6/Wkk7Xfcl+wxNp1Lb7nWLw50fFvlFrkfljzTc7rEfbXQsrs3F0t5/UcrF2EHLCWJDmFrDRYYHQ9xpmxRk+OGxNoYlw3/QLEJBDMPhfpSHwee3LXEAaqjDhUPslqElwFRRBtEnmkhTkJ5Hj//Fl8bn78L82PLvjZyIRk0vWb9jgsKN6VTUO9TXZvpzaJGz+rlbLIorrHYd5ZmaSyGwrp9HFqbymgmjdGBYdXg9ZGAhB6ND9dDHNzVLzn0UUFtXLQfe3iDe1b7zXxgyNzokHeVedQRawkUgAjOuFuExyhgGAlX0RH5E/8kNMWoPcU82+C/hDF6fuIju1d6MhKkUvlwCSiuiYH vWOrXEsM Sj6C4ICCx3D7FQ2hUJUR54dVc7Uw9/doLQrTeaNl+5Bwo/VRawIlHYR6on3yEyRaEqqLho1k12qWNXohoOpguS86G/Z9CP7pyrPju9JxS9BXbsRaObVwcnF0lQW7veXBSB8u8S4RjwyUifF/sulMEaIYIWAgbRSj9shw8BWZt9YQk4Y0R7LQe7w9xCPCATH9ULH7axUZBku5+Fgu6beY33fvVqvg8eb7+8O8U3BN4W0f40Euy6sQGI3QbJQ9mGIkw3uZ7Tf0zzEl4ZoTYka+upywLPcEoLOAjaUG8Yf8sjG4RtH/BOlA30zQA+YGEO4eVk3UaV09j2zmdew7dXVuJb/IsUsae7BsFDno0RIaQGRmkBzklJl/0yVP/CQsmoyC1RRKj6Ca/VeTZLJXoTwSQs/r+bqo/5pEdjamGHxPBkdcaOGM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index eed814b00a38..b157ae0420ed 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -131,15 +131,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -147,6 +155,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_RW) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Sun Jul 16 21:51:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314943 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0037C001B0 for ; Sun, 16 Jul 2023 21:54:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5692A6B0085; Sun, 16 Jul 2023 17:54:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4F2C16B0087; Sun, 16 Jul 2023 17:54:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3938F8D0001; Sun, 16 Jul 2023 17:54:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 2AAFF6B0085 for ; Sun, 16 Jul 2023 17:54:01 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id F183F801B3 for ; Sun, 16 Jul 2023 21:54:00 +0000 (UTC) X-FDA: 81018828240.16.29AF0D7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf04.hostedemail.com (Postfix) with ESMTP id 3370840002 for ; Sun, 16 Jul 2023 21:53:58 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lzRdJXTo; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544439; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9oP5Pazd7TlcajI7NsoJz20oI/r+RHjp/+lMKDPhvw4=; b=8H3f0DwRo4wjFz2v38QQ/k+e5OHOkyeAN6/u5xJm0ZJMQZPnO6VjfbNjUxUY2ZF8O2FLQq WoUXJs4XECK0U8goZ7mAoPcTvWktvFJLXt729Qfn+9s1f6lAt4ewx9G+b/9G3XuYjGN+P3 uFjuqAsBxEvapf6K61PEMYYNRTsk5pE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544439; a=rsa-sha256; cv=none; b=HKMOGChKAuBbV2QvIzaBBP4fZrmIBki58jrtnCNQZdPh8bEOk1G1l9ClNuApbhX2LgZxYI d0JacvZieGciPnlgxy4qEMKKM6hhB1rQBdXfOUJxKAPjH0FMTYCaQpHXfgQ3zZAJVSrKv9 Ji3V0rCg63AWz/nZJ4vI7f4YbrybdTc= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lzRdJXTo; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6C02E60EBC; Sun, 16 Jul 2023 21:53:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 228C0C43391; Sun, 16 Jul 2023 21:53:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544437; bh=ufPJWcWWu+6JM5PZqp1IxvkydElVfjSFTlywESeiyGo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lzRdJXTo9N1xMkzBJ4HfAyjULGlOFa/mVmdLxxy9olUV7hXENG9iy0FUWWgh32cvA EZLnaY7YkBNlhe1OFL1pFzQufrumuzamHF7cqIAYugdds0nWfewqnKRz+5K0LVyxxD 3GaBOMnd8NBl9yhSfvgP2iCwV36Pbw8qj0Opl/vleSeS27Ry/xFnSzEDC9mOZ87KEv /D+uxFghuLK60yFGUtY/zWigdDPc65NQe0SylrU0s+SGFnhxE+RLp3xysvUMe3vxz3 qLBZbumD11u7bV2iO5NYDzt/sej57EhLQ8rVg+I/mfOHcfR47V+h2a0f3bAH72nCz6 l/vAFhoQFM2XQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:07 +0100 Subject: [PATCH 11/35] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-11-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2027; i=broonie@kernel.org; h=from:subject:message-id; bh=ufPJWcWWu+6JM5PZqp1IxvkydElVfjSFTlywESeiyGo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaXF2oYYZQdYSl/hcMDijqHILEl2w8VSBPWp4zr LQDC8xCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmlwAKCRAk1otyXVSH0JBHB/ 0UMsUIVGuhNOpmEycSG+UXYN2beXnLM5L8SfuikOrBSp/GQvhGB4w7gh/BPFR8+CexF6Qe+/ELvupM bJNv7jA+8nrgUJnWTVu0NTJ/V+FwH2trT8qp8qfvb2z/7enJaZn0nfz4DXZaeagQMX6hom7CBEzzVW /Bj5Nft1u7JkLIUyzRJ/lUdfHkv3WcyIe9NVisS8JrhANKeQ5NSYrf4BDtcjSzPVp5XG5zZQ/OCAz5 FrsHtOE9d1BW96V4j6dbESpJexmGOJrMycPmff4yo6kMNDeqlfetekL7TWS8bTxcHFbRXVqMDs1EI8 wYdNjyJyRwRg0C3CqrERuwxLeS24k1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 3370840002 X-Rspam-User: X-Stat-Signature: 5p5u5psiuca5dxmor7cxphippo98ihzb X-Rspamd-Server: rspam03 X-HE-Tag: 1689544438-662439 X-HE-Meta: U2FsdGVkX19TKcKrcw11IHybnNC3SdAMXN6k34QqINcfViu7nxYWEXssXF5C0b6Dt7Huv4ec7uRFWbGedNp7RWmHCVFNvgvWVqyAY3tXyd0mb4vM4klJwPNGwhqcrO+eED1Nu8yGeXan6r6UK3976pTaqJdi5bT6uysVtMhz0Bbc+UCKWhv8DrNZhHy489l8YVVknMOWHgVNr1u49u31nm5Eb7so9BcszsTTnIP1le4+WRAQFcBOIU6kGolCoAwAfzsZ3kinT4Ilt1sK1tndvMCzS/zymY3DJaUVbzZ7vcYiifCHDyrIttqdYD6QKcWqpQnPWm6m0FrF27+bClnFBEMUCZbe/GddHqx8RojMNpXfG1fG1la1rdGUFazGI7zUcEoHsGa721ceWz5RdvjJKWBcvLpxklEPKJJp2ivLN4jbRYeva3jgaW206NT+pPZqx9z3xlufCCD1ODsKWV+GQmK0eHPpBOIKIjzrwMDOU1Egw/IrHeG5EZ0KxdqD9/hsJq8hdUDj/UXh0TMWdGupeGWTuHkmNREnC0b9hwwBVfOIL++rD7uL3NAD0fDniBSYMn4f3WERKzYyflimubEK3V965aRid8VzOCAHlr8uYUak3iZoLxwB4YfA4tD2E/W86prOWfziZ3l1TZpi85EizFDnEDc45OhSRgDuJjk7UpBb9vK6tvEhi6lQKI1UvRMofCVe0XzojgQiK4wGf4uuXcidBmkXMmsVlnj0JXhni3F3Kl0iF5gnH5wBBWMk9babazkCPI2MB/oXQM8hKoNXlCJPL5B18A97tzf8u8Bt1aY8EHIgomFg9az9yTOMRFRzvDIAec+9APed+XybuDoIK0OO7sHpdBwulFfJNiIf39uopa5qD2PnVZgYzi4p54ddQhSD6r5J5W6EADgMFvD5msyCsz8ghfofNF8y7R60+ZbA2gvi16RT2fiYd2y/DC4YtJ/gKWaLPMvuZ3NOOdh /mHleuRS mBYvR99W9H70zZR/Y8rbry+tt1SWrnk+qVMJSgSaaOmya3NZIxaxQv9FlrxqcWHXC6U+7h/wHNFGe9fBLiWJGnueTFA+ldO+OQIP+Y8JXHuZrRBUUaTXcS8RTqYpAIFqvBs5qyHBUbdV6lu3WMojos/WojQHzj+t8PgvdFttN2wQSAnGWrhXjPXLd9xcFb5T97mg6AjJ47lSsbTZovuyVolcWtVve33LLE1mCZDIMrNP5POUnbcJ6G2fR6bqOfvFtIHsKDvbfYPDAJ4p9yLTeHLKcWZOKJQRJ5XWXN2RJW6FVOIlfcSSi67MUy72AdMBDilVCUmMP8fM4n7vQjewoO3+P01XOF9t8ZlHoJufOD+/9s+saVYC7D6nsjJPTUe/Lruc/56ps4mPvom9tOiS+28tws0hCh5joSj5Mr0tAEN9u+r7HWONspQU55BoPK/ergkuVIAFJerw38YbSohgaWZpbYg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 6ccb57089a06..086a0408a4d7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -566,7 +566,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index cfab855fe7e9..e8c50848bb16 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_X86_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index bf16edf2fcd9..f526032c4dc6 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -372,7 +372,17 @@ extern unsigned int kobjsize(const void *objp); * having a PAGE_SIZE guard gap. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Sun Jul 16 21:51:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314944 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04260C001DE for ; Sun, 16 Jul 2023 21:54:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8C5646B0087; Sun, 16 Jul 2023 17:54:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 84E268D0001; Sun, 16 Jul 2023 17:54:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EED46B0089; Sun, 16 Jul 2023 17:54:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5D9E16B0087 for ; Sun, 16 Jul 2023 17:54:07 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 276BAB0769 for ; Sun, 16 Jul 2023 21:54:07 +0000 (UTC) X-FDA: 81018828534.11.880B604 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id 6654E1A0006 for ; Sun, 16 Jul 2023 21:54:05 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="SwCpkJ/r"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544445; a=rsa-sha256; cv=none; b=E9rpHBRy+15feyJXHIc+bqevzuV9ysL2jHfEe6g5lcaETkq0Z8WwEQBPVb1ubPiQLQCL15 Ep6UR5TtT42mbf1EeJ+5vHBHQQvBghza+CgMH4bVmYjSFy4XPal3uHhMfZX9LOM151h3ic UzNkzzZ7r0N37BRqvDiescgX4/+q/50= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="SwCpkJ/r"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544445; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RiRra371vnC/K7aW/lS3yxDUYWSr5hTseY8nLXePyV0=; b=2YXEFunuxJocjxqTxuiWO8ZPw03JP9QH3szEd3nK4Z/vw+ciMFs+D4vnE/5IW/3533P6W6 sP7QNlzn4dqDUlScfQSHgBescyy4oE+P+Bx1JPK0Sql0yRHrVp3/NtDA5uGokc4CrH+OGZ u+fL3pu6Gh5TfLy3LUmIFI5D3/HE5kY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ADD0760ECB; Sun, 16 Jul 2023 21:54:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A8C6C433D9; Sun, 16 Jul 2023 21:53:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544444; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SwCpkJ/re/3QSPdOxaSvPmTUXqWyUYkc1452Z6mBhqiKzmB5dXQ/cYeSPFblePc64 8UJ+5qbsQHPqRV7eXlUH7stZtlnPKB7kI/LWN+cxruPahvww4EdxtsoO+sI/tTn0EQ qdNtuuJbES2trN5efTE+qv0nM1D/yG/Mim3jkmKJBLAwtXhWWtlmWthlc0A6bh9gXk 1C90UGVaHBe+F4P9Vy1v1jg6i6o58elJ5GmZlNCIB7YvkT5iri0JFOIA4f+OSbnjdJ 0x5z42vjeE3UCul3EOX6ZIBcyARUKPaIH7UVQriq9uQIjqWyf47XOUcN6EnZKBxx/p gjk/S9RqX2LpA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:08 +0100 Subject: [PATCH 12/35] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-12-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1225; i=broonie@kernel.org; h=from:subject:message-id; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaYY8P9SxztwbReqsOD4EXSgrju2yjwCdYsxO7X ObL/CRyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmmAAKCRAk1otyXVSH0CFjB/ wITNeqHx2A9A/AJ1DNYpxUDzTwZ9+T8pd3XOVneuYwaTzi2MZZye6tNiKR7wiNv5QIUneXtkSg4tPn zzsu4E2T4EZd/99PiJr0CIU7iav1s9FW8s4SW7VitRAsaErFQQp+sBM6u7MnHrNS3iH+u4UBvtt9sl CKKObd7jfjgeFS+kmjiFsZSP9GjUQBkPW9DjXWJ8XNw7DkEK5KnmRY5yS5djZpGtZ7CGCkktenGhaQ 5DQjV/3Lb+1ksoB7g/SRlkIZCrnv5us2Evkh/UXqNufRoWbsJa4du5YWevpf0T/TfT1TXYEmXm+NJ6 PpE6d0otsGkuF72xIz5WxGxqAtuw7y X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 6654E1A0006 X-Stat-Signature: uexbufoi346a8wq3xo1ptt4tsbmsafp6 X-Rspam-User: X-HE-Tag: 1689544445-199995 X-HE-Meta: U2FsdGVkX1/69IJA8QI09ABzxXIb26tITFKfmCPlLRZkOzbwYup+AOs9aQGtLDE54dED98CTnUfi2NOfMxmVVzGioegVhb1hCfeI06o3TZ1N14/N6LLEBlBHDQHzjJ6S2VFU7mlucsWCYF6nQgpP1p4a4aPrnWk95JBe8NFv2yiz9lxsLqYXhHtgpJ4pSDhv+4ew8XUU5VhrravX0jiGejkzfBUZPwlPj1RQr+F78YVLhjwOTPJwPUdM0HHNOeimGCKtO4n8UdDNW1k9QUKLK8Xbtxa5aCU+IsssWa5mfasdKokCUBAX3uCdHkrnVXIMzjlFYsIQWouwR0TxYPcZV/wYeQxqBeoSO6Nf1/EbABmm3wh1T6RNP9y3ym7IcZ7H7dif8dBOP9XyjVnTMKO7xiwh6HNs5M1tHpvTWM6RVPcxQsMxFxbla6y9WezDcK4VHJlqUGdiRPq9juH4+mfgqFsc4fbB2q6+avPrWb11HXtCqYS4rTgz1fgEk5txhKDb41+6aiso0ncwDTQ1SjwtSvommemr1ovA2KP9RdCLih3xlEZWXx6sQZrKAtsOBinozHYOAOFdiVIVopXwFKE0075iAvO+LrLTPC0sOEcbLqTijYRdswhuoHJkbQvbgtg++dbdZZZzRt2UAjtP2AaGZ7ejRTigPsDTYQX7/Ffc/6v+mPoaCkh5XPTtvTYAUrO6v2liwWE/Y1i5YUb/yOIwWXnVcaWjVHA8SBDIUuGmD9jFeGRCxzF0VBWNrHsWavxL6cmcM6ZEy6GTGPQ9vyv/25D1Oz1Xs3MRW7AtLR3FBPARjatxzwMWkYZQG/G1KXfXNsB2KL9jycDdMbITgK05a42MYW+wtFP5y9hv5ze7jW6gvcJt4oGe74NwiAF6GYxChLmX4soy30gEYnTW6GLnOmnqemCJJR3YDXkBD7C7noeUHLtdRK3wiNY/coBCQJrn5gvCZFyCDVXh+oJN9bP ZzGdQCVV gL0zinZSHV4LXVI6GiJblj5I1w2wslIn0buw6rQBwskhpeICeo7I4PYUfxLwieqaC45SXZAMthPK0IiD/xGh3B6RMrvdj1Y2cT8Qmd6oR/THPad8xzgQLuBgPz+RVjG95cFkCTVRsKiFuXuZIdOLbsB96hWVDngIMEFsmeZf9dLkSSGgEJu6V3W5maGM1dVEnVUNf5plDeES9LWI+1o2YXZkToHoOVRbCTkRZCJ68wjA7s/TKQidnkoLJ3q5F1DNXlDgRaSq5cu8pcf7OTmKb0EblV1b5ND8Qzs4Nq5znkUuub6eCAZw3QoTQFqpRdUqVWCjouo6ecAcdG5zfKXG3zO2LpUG1x4gfqi2ApUC0P7RhH0YbrowGiEfJF7kFH5kd4W3hlse0GCclUs4znhJDu/NQcVWOcA5HI6PNdkY2LILqL9Q= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/mm/mmap.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e2ca770920ed 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* + * If this is a GCS then only interpret VM_WRITE. + * + * TODO: Just make protection_map[] bigger? Nothing seems + * ideal here. + */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Sun Jul 16 21:51:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314945 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A0BFEB64DD for ; Sun, 16 Jul 2023 21:54:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AE9068D0002; Sun, 16 Jul 2023 17:54:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A71198D0001; Sun, 16 Jul 2023 17:54:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 911AF8D0002; Sun, 16 Jul 2023 17:54:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 800268D0001 for ; Sun, 16 Jul 2023 17:54:14 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 50FED401BD for ; Sun, 16 Jul 2023 21:54:14 +0000 (UTC) X-FDA: 81018828828.19.0A4A9CD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 7C0891C000C for ; Sun, 16 Jul 2023 21:54:12 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=St80ihEN; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544452; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=B999s6g/ipLtJ/XGBQqngHGg0XyqvuBFMFqFXjAGRfk=; b=nFSexuAfYzSf64T9a0WeIVR5Vex7ogsaCO0Uhz5dxOdsLIh9v/NnVjDPYyemfcy7SFLT1A sblLhvnSgxNqG6Ck6IIO2nHmzQfUxuUtSmGwWeErVCIeVgEVDaHeXH6m0EhQxWi4ByAJ+j JWjg7aXsU/jMdYqpKbI6xEi9Hdt14do= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544452; a=rsa-sha256; cv=none; b=1DcJcy7GhMSqUQ3sZS/yvtGTxDkzxYckri3lGi8b7HtKRUeD2Kq5marcTNzhcnFWggNAvy ND2o/awPcBEx/080E7wy1hNzC/xO9N62iyP0aMNbnEEj2N7VewF5n6dNH5RWuFJE4YRrb+ /UwJgOCJxa3Hhhu354KlsH2iOpAUx3w= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=St80ihEN; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C5D4960EC6; Sun, 16 Jul 2023 21:54:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90C06C433CD; Sun, 16 Jul 2023 21:54:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544451; bh=5smHZ4W7RhTfanvJnpNO7WAAfTjfLDVmUyZjClF1Lpo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=St80ihENKA8tqKHUDgDDetHM4Me6OmsIO/5Kn1rfjFdHzdqn+d1BJ1qC9HN0DJUsk +BxcVbDyNgsj7+8D8XWaG/Lbxbw29b97isJaTqrueBr8Up2qDSSZgjuFcpS4g3wygO 9pZeO1qzn4To0m1js+m4UY6ewJLnjQW5KpAaa2MCbo7BZqGP82p0Eev6FX13P0cIVH esE9YJ73uwhE4BBkgUZOBurhg0y4LPEZHk8YCnYCH1/r/XgYkVLmt12aKTeyZpFr0w B0A632JEz+QvGZVAhqZS9usCc3iWddyHWNt3b4nZMJIwUP1rRcHRtdMmSTqfHmPmgD 1rNQxl4K/7sZQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:09 +0100 Subject: [PATCH 13/35] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-13-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5347; i=broonie@kernel.org; h=from:subject:message-id; bh=5smHZ4W7RhTfanvJnpNO7WAAfTjfLDVmUyZjClF1Lpo=; b=owEBbAGT/pANAwAKASTWi3JdVIfQAcsmYgBktGaZrbq4+idLyXtYDjhxjU47zM2RQq1sPBxgQzNl ETBuuliJATIEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmmQAKCRAk1otyXVSH0PE+B/ dxrMXJjspzTj1qyUJx7pswmVIH+n2f8NOk00cAJH8JgQ+1q4H2wzSSyMLJOOSvHeWyXW1ufVEJFuvX R1wHxj1FovQtGg9xTrab9n9Rv6v+6lpuZtjsCmNBZ782xRidxw0ejwuDuwDBfrXrfg1h7E4kUmXDNE fQ1EwrKFs9N+FuhI8dV0yJQ8lZtf+9zOWRAELNey/2NLhpNXDJPN5MC+CbkrHku46dIEPMbpfxObi8 0WGMquDYQTOkyI8CC0I/Mh6ICXrB2RYpjAOo8O2aWV2SYtQ1JrS3xCuxxrZwSG3HM2bHeoedXu5QY1 WnK5CzNyIcIcUGj8Ru05WdNOkJnhM= X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 7C0891C000C X-Rspam-User: X-Stat-Signature: xop5zbeacb7h6uj9hed88rqye5e5mozf X-Rspamd-Server: rspam03 X-HE-Tag: 1689544452-191409 X-HE-Meta: U2FsdGVkX1+jcl7NWq2q1w3UWr2cExjiNUW5JPiuxMtWyI8YbBXgp1+lkRC7lE28tLNNpqhYCZktoe139X2zm4zcg5eFTAo3s08VedyIJt0nY9/Xdg1yg1McxTUEL53PARU3uQ+b44s6eayoEnrNAv/LffcFUjT2Q/01QLRQItFV+7xngl9eCrYisWs9aCPxuI6NJbGH6TmMRlI7DraBkqwBEeWoe8si42rytRucjVmcx5U8RZUhsK5tu7WcXZCmtWGDvs1hw+DSmUbAvPJ99I0h+rxCfNG7COjywKsiKgEYzumIyq9ec1Umn+0/iv9fT/0v97y73uwz4CmlQ8LH+vVQ6leRDIJTu8wXsgnfY3cuWbZ3l/oOgxx0Tkaiy4YkV4kwkWRpxz50qkRZ6H3JxExChdvWNlreVqMqt+drjfaNFyZIbovq6m21vQE5wbN4AWt8pfb+6IcvwjAV7C8I11lPE7uAPp/VuCW1lHOnsXvnG8yF/xXj2/GS9qL3/Sq/g8Nogcn1zRbS/dbecBlye3MFWxAq3j3nxyCCoU0T10F+3hdGplEb1c2D/0NgQta0tiJnWaZhZowRIAGQzYXQuY3FwpEjW4pfJ7U2o6r5oTlX/EFqQJPBGn7ViVkqDAKe+FGGRIMGFQf7f5YG+fNpYy6hT3hnZBbuFl+ODf0x5mToNcGxsp5yU6qq/DB4OVlz7q8/8+IugaNuVH1J5Ek3x6ji2vc576RnYR+qxmnMEcgrG4GJzWgxjo4QhGUYvlY8dBepX6t3pjx5wGi35mWIVEIaJsaBc0+LYcdVXP1bveNNMC9vqAIGLyNVFthvwEPoJjcE3u5FOXbCn/hjBmmVWeoTNT1rDRhDi2LvYWhMNRDCuU6qKomU2AN2ELZbzP/NhpoR7Dd/YOyT2CLMyLAynP32PGk/tuW3pXkcN5wuUCQbhEs1Srpm7vUFPpOLAQ3sA2Y1Xc4j9gMB4IBRNa+ oseXjXUr iNk0RNP6ae+pS2LdaFbDOqGHVm6DNQGA8J/kbjvHsrmOy9Ce+s6VOGyzUDKV+JcLqUg69v3Rw7lMGQGofWI8+M5/BrYhRf6gYDoOn9A+KPTYR6wDYtfSyFyG20/lwyo3W8fyaCueSCrQ+0+OLiaPScXNMjFj1QYNki4H3NkhxngUl9TkOTwrUggmaaqj+jwrlgDyHNYFRLClK3Ab4tT6bAdti3FITNmWDWLXYYJTRqKCuJFimag0tNiZVZqr4PZIL4pwT0Ny2GcPrCuSjwRzGzGD/vlX2HLXyaz0OfgC+PqgixYwOs4wySy1Qf9rR25WnAkvBkmSQZI8FinpewuCP7fUq7yLeTA2IdOxX5dUeEUdDPdhbUyA3ArKwqwW83HAQ/kaJ26Oit5xkYGufzioHmnTlsMDy3vBS7xQPWHjxIU49i1Q= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 8b6096753740..67f3894a86f1 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -364,6 +364,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1134,6 +1140,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index bd3431823ec5..e829400aa911 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2162,6 +2183,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(SYS_PMCR_EL0), .access = access_pmcr, From patchwork Sun Jul 16 21:51:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314946 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3BC10EB64DD for ; Sun, 16 Jul 2023 21:54:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D313F8D0003; Sun, 16 Jul 2023 17:54:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CE17B8D0001; Sun, 16 Jul 2023 17:54:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B5B628D0003; Sun, 16 Jul 2023 17:54:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A6B698D0001 for ; Sun, 16 Jul 2023 17:54:22 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 6B0A2A0284 for ; Sun, 16 Jul 2023 21:54:22 +0000 (UTC) X-FDA: 81018829164.30.D724609 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id A762940012 for ; Sun, 16 Jul 2023 21:54:20 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fvPQBMMW; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544460; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=h52GOrK/sRBbgOPaVxd+oDjQT5aVbGzFMVq3ggd7cac=; b=bv2R/cZVp/tNxlIYpLc4UXd03wm+1fAPJ2+UHdAqggHv3tpPlCK9F2NeJBpAjB01i/o1YB b7L1xfarn0dq0j191i+q5ma/tTSCBiKhp1U7oa+nHwUCbAzmx5kpN5spDEWyUkhg/+K17I pITnaJW0eHT19SbjQ4V27ESVTECcSwY= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fvPQBMMW; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544460; a=rsa-sha256; cv=none; b=PxhJbZunIw8rXdbd79auRK9KVHtGakc71D88aPXPwTncAHruSrNxWBDFGzDcIR+Zj+z7Bd fjtDQJY298KHbxLtHHZfEtfiDKGwQ4dJIPdOq7sSQdWwGeay2CXBiFW9/NHb4D1NYu8l/I bXbB/2twvuHx6+qpoygHWUU6TvjBIug= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E21F660EC3; Sun, 16 Jul 2023 21:54:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 43320C433C7; Sun, 16 Jul 2023 21:54:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544459; bh=i1aix1RgS5IjaF2Iu7kd7fJ3f4OLUgmDQiT+LzoziAY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fvPQBMMWH9k8MbsAJ75YhRiyBnh+6Q0GrlLAJ7eGzs7w/uFOuAIcfnqkOSfP20LmG +HgPumkAowZQjPL8Mx5KEm2Yv5Gc5tgCKV40LLyL82A7kicWtzjL0P+hASzf6159YP Iulj1O//Xgu6j54+YX+tXw65hF2ZTIPYzin7QYB+yIz3xLAN2QnYwBtk6NGoCam9e0 VLmLA5z9GeTjpDRa7XLfAd2c2gA4W0PQv08qM0pt0l4oOg+b5nfcuyNjpkyP04haqD zShFhq46QEJd+F2JYS0p4zdPuYHLkCkvrGV+azYKpkAztbbL1d5j94+r/xRApDGly3 FIUjvEBoKQGCQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:10 +0100 Subject: [PATCH 14/35] arm64: Disable traps for GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-14-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=974; i=broonie@kernel.org; h=from:subject:message-id; bh=i1aix1RgS5IjaF2Iu7kd7fJ3f4OLUgmDQiT+LzoziAY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaaEQ2gp7NUvT3HihHDuCJYw1+FmyE2XJwsCAaM X+Nw3PaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmmgAKCRAk1otyXVSH0PMHB/ 9Ai5dAPLpndzrBw51n3UEuG8S1soNZTX9cdiHVHYXTcDMPDxp4WDhfARumAWnIENr0mcN8Fwez24jU Oc5FnBr/1k7xbpcbeddwJjm9cHainWKSRb0TIr2RfdXm09pcZBnmv/TUs9BsYK4wE3DVFJLTLVZ9AD cg9NUvQYl0RGt/C9ND3wBLLeGB0yPHwzuRXybnqPMon0AXinX7JpIPWueGyJU/YfCxM0o5oTcgUils asocd22uXfISjsFVqQPkpyEDJPsreaMqFzy0vuZ9Vd0SF3WKnQ7JZdTbYWKv8bZ70S1jBOQuYxdgHX 4uARjcF8Rx+0EQFIEqKj+e7wjz0CpS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A762940012 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: gt3nb4yagh3hebbbgwb6nmpojhwcj714 X-HE-Tag: 1689544460-942323 X-HE-Meta: U2FsdGVkX19qPfQroVHmjuAkC+MMPOAsLS+iTKYO5ih+MHW7NH74zQURcRvMfW46ZizRM+F0IBL6ZREp/vxrnAduzKOcxHs7BD2PjhrTzUT27jUabGlBloPxCeQfkEmXykx/fmkJPcoGhOdsEEDnPzVSXhUeKY5YuNWWKd0SQrsSQT/+Htlk0vIXxaktxhYMHwqv5850F83bW6DJLVwgib+QNinLq8vMCLFqbXzEyHZpAdiu3QIWaTzTi7vLz4dZsInTpRvNW3gO7iEXJFaKtjaSDoOvwION6XFT0hQUxPiWMfu5fwnS7RVRnYm4pmqcseI2FCzFYNTc/GCieJOlWuooay3hGjv6F64LHRMTUeTUEhMOXGsz1vIeymfCzDiusPwpAyy3NG5C9gnirZqmAqP/rTre1XJvI/xVZam6OV3v/eo+meJauRUHHZPLn/dPEHDThkd7tA4Ow5UB/XKxlklRKcn2UuUbpbWM7B3Bsq9hS6IClueAgH+rGi6JejQTZmX+rbdJcKNVT41sXyF9HndhAgVnOPeLoG0JCQprdDoIfukryeTdKyVhRbZn+JtsFKgyshxrz7zyfFBok86MGQSRr2RSQdBGoEVFb8w9keyh+3Q/qVG0VYhsHSfyUDR2iG2j4hYxmaa10kPRGEul2DTv5F9PhrH9b+il6lNr6KFEqnOpnZvs2c/s69uXZy8/7NKccW8lbiAnK9eo1/wfYMwetu7Kl9xpSD3lhNj46Xq5vfE6KC5GEnvAdLsbum/Pb1VhadhdpakcbIkJrPDHDXWQuEJ74QvQfrOJrhu9dUzn9fb8V8GNDdoiqd6ZjVN1sMUswAlCzvJRonEAhUvKYuHSHTxPjz6GLHg1G8NLF0zrIvSHk0cExsJ5UTbDczNscy57dLRCmr9ERp9lBSS/VV5K+ZAh3SFiBtCSTeMtul33c0RiSs3ZEaVIXl0M2x77ie0H0AOllV28kXowE1x s4ASljPg iNwXLlVmsxlhbPS7NE/gaVgCCYUBpvrtIFTEyMD5QdiTJ0pHOAuH3ocNonGC4oZq6aC8oJXscGxEPyJIs5kxsmRnpDDWRGoouT22j6Cubk9pwYzdI0b4edKrIZ09cp/YoWLe/NqXtRGaRW/VTncPbl2RvDGLnVliy/vElG2ciW+aNk6dLQLYwQQjDxbDRRjc001y5MWwOmlvWSDqlqAhwEYQ+9TzK6USPCM9Un0KaoXZNnQDV9170W8KWZCOIB5nkBGx3938uzMqnb1CQNn8EfZzkJ/z8rhDb4UNiuGhkQH2djybwuE55UC8smOCAfCZQsTGnETFQWMsrgmjHSyBgY8/zeQdPjc/VvKcm2iojsppv7pKj50oGuR4kLWLTrQA+ZkPh4+OQaAQ955u4UU5rrcESEfuvDo9drvwo6rsech5fvPPgJZoEZkXBNWtGKm9AJT5u X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are fine grained traps for GCS usage at EL0 and EL1, disable them for the host kernel if we detect GCS. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 8e5ffb58f83e..c941b0dc0418 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -186,6 +186,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 From patchwork Sun Jul 16 21:51:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314947 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36F7FEB64DD for ; Sun, 16 Jul 2023 21:54:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE2F28D0005; Sun, 16 Jul 2023 17:54:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C6C388D0001; Sun, 16 Jul 2023 17:54:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AE6558D0005; Sun, 16 Jul 2023 17:54:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id A0FBF8D0001 for ; Sun, 16 Jul 2023 17:54:28 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6FB49C027D for ; Sun, 16 Jul 2023 21:54:28 +0000 (UTC) X-FDA: 81018829416.17.CC40A89 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id A173D40008 for ; Sun, 16 Jul 2023 21:54:26 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FMeXWEV5; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544466; a=rsa-sha256; cv=none; b=Oe3mHNrqHqMqqW7eGf6FTAzYIs7Q6zUNjG+S/oPViWEA6Fi4Y8xEOi5oXoH5OYybb4SGRB wNPmfn7q4KjoRwNjVEr7nrK67y0hATwXKuWRX6fr7JUTKREPFzAEw5BlX/JKtSQ5Ov2jHv qdzAta4zV5EWCbaXjNlJobGxJ/hfhys= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FMeXWEV5; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544466; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cBzGeOagmqKjhuaJYBJWsgv97GCqd8TKwDh2bth9VlY=; b=xaQUKP6O+NZVCEoOAwXGPHXIKhR/v9yHvYsgjl4ngxy6x4sio32gcnxM1xAc1P40vu2R8Z GX+h5+Dki7iuVigEO3x+mw6pHh/2heex4jzB8+xwWWluE+ndM/I8PrSCOU1bBPphHTO2yv PYP3nm9TJk0sI7Jeh+OfoHylEqKm+e4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DAC7B60EC7; Sun, 16 Jul 2023 21:54:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90095C433C8; Sun, 16 Jul 2023 21:54:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544465; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FMeXWEV5yAyaEPLEB992tOXVK+vCLSYIXTyxB0U3l3Ds2WewZFDlaW5jJxBCaVCoi Iwcbr/i9r6VG9Bfs0Y3NmDiCOmAybluOct/NF3PaAaINoc0aofOLacRKfmt5KC0diX 6TfuqKGMtLci9Opdw9SfAnYEKd2ZICBHWlybTnT9vidq6qDCmRr67INpP0Sw3C8riw 3LPAdcdOGGKsdPkDOXQVdoTzbEdov/q8ArWNeO6SpadhKqPOfolVUbVV17Qp5IWVrJ Zsi9qOHqgknSatY1+djSbenrFq1SvZjGgL38hMXQ5SpRqUD78R89DeIB7kCOgarOeZ n/7VAOkIkGabQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:11 +0100 Subject: [PATCH 15/35] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-15-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1796; i=broonie@kernel.org; h=from:subject:message-id; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGab91+EJ26x8iY5lDhEOYmtfPq6vkb7yCYAcdWx xSRoj+yJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmmwAKCRAk1otyXVSH0DJPB/ 4vzo6JR5dFTOQf1R5DmSVjR/1p7iMTVE2SYJ7qxBP2WIWk87yKna1gbFBNta87Jmu3LDdMy0aguATt 9HOxJlWpEXCmYfj4025r6F8mKq3XG6N41FTUMqSN6POsRapXiQgzzqhxE1dnP4rKOGX6u8kpx1+AjV llL15xPO9cgJXspmXN1ezfMhVgm10GY+pepXqZ/KxiWDgDRIN7JAj2Wa3f8gyKOJX/muBNjCG2m8NQ Mw74OiaLgdv6fENZKXo71ddUmc8XaWT1IySfM/F+6iLSoOyHN6MG2PLcVZtja8MQegU6tGYEdTdPGq M/bCxQHA14o+o1Tewj8tiNUrFRtOrN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: A173D40008 X-Stat-Signature: wjpgf6yieo11w76o7z8ium9qr18p163h X-Rspam-User: X-HE-Tag: 1689544466-242338 X-HE-Meta: U2FsdGVkX1/APjpZI/lHjK/MJGpu3nTpaszJdMT8UOFjmN1y3RoY3Q7rMZIEA4mAj799NTg/BovoUKN5kQQGKCkrpyXumM7t0nAhgAtHsxqBdS8e727EYVpba4P7OCewJoZvHQk7g6cLbq4pXOO1MZSkF/JquwRCj9+Qhk5gTCrYKP77z27sOdzekz5AMY/BjA7qGoNEq+wC4oJjcHkXEsoyY1ImLd0M3exPrTpHHS6+C9Qm2JVTxPpBGpgIeBG0cs4vQbuYC12Holjt1VKlKyrb1Oc+1E4s0amiuO3bIquM6WeobRdIAyGryQlZDiWg5CGAEQgXtJmDCsKabKVHxQMCnQbFj8odjAsr2wEdKZ6L+yEzq5yquAS6kO8I1gPVAWx5nJEml5YDS+GF7Aks89wBMjfRh/JDMO/UArtq8TYk5QwmHcnmZTMFszN2CGpDQiYnbJ6+LrrtQSyZUa4mKocoyxTaITbma4WJdvWHeq0F/WWxcQfvv9Rrip5BDAMsLxWeOU1rmZ27axI5qZLxEzL3JLI2ip9e+nrKkFbyAf+9cYIbLFTGo5eLQNu3E4+Ud/aVQ6h9h/f/WzHC9BOvl3i/pHUh+rUXDg9l7aU2qyTxEdydm4D7NbpbJ0X4H6TO66PU5XA+Tod3fg8qM0u87s6YlsUw70wfZdh7cBK4rlIIiFs5agEuE547xmMrY6+ON1eqPK8QqPwoMnWG1u2mKURZVtFjGQgpi0A3cHiwKoc3Musj8PyhN8/8lqHRauHK8T9xvIckZOY0ESrhuI4MRTJLDooDCeANrRTwH76NkIeAValypgQZHu6obe2HrlpoxYPlw+bpRqDZrDgHbp81Zpb3M3DN/uESxgTM2Vfu/Du/KdNnYeLZwBWxP+D9LHsVu1X4yTnsEKPZolCljVHO/KatvysOfdK3FE6W8dFSrU1e9DQY74a+pS6C38KdUEUf+Ls/J6OsBhJETvIFnmm xHVMmO+H ZLe3gclftlDFn8ztIiRFCtqHXkXZ9wxTySJAHmrx/RLRK0DExWyZPOtUtOO9cJ+z40MHP7wj8nCo9jYlmY4novycqVPV1sre/n+g7OfjLMs9BSaBH+jfviMciJ4sabNFWWXr86ngGO8fNw00nQ07KYGrWosfb/W+/rEFo902nQOEvpa/s6F6WOIkf+LVgF5peecYp1+tdirHmmY66gY0vTC14rvzTEu0/LgGF4SyShSYr1+o07FXIWtkmUn4PthY9wXA/OKqTteW63AOHB8lSeeF9uuCsiblgGrsL5tv/uSxR5Up5P5rujtPnJUKSaul4lt0tPMaYYL/HjPAmCCx+r5eAlDzEykafcnHYKlv1UeDy6uoh+nh68xRNinfRRyodstme7875f6U+lF6GWgyBcJgj/RRyaCXeTEzXUnVDv7zmlPI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a1457995fd41..86662eed3003 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,6 +418,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 2fe2491b692c..49269a5cff10 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Sun Jul 16 21:51:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314948 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 413C8C001B0 for ; Sun, 16 Jul 2023 21:54:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D58B68D0006; Sun, 16 Jul 2023 17:54:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CE2678D0001; Sun, 16 Jul 2023 17:54:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B5B8F8D0006; Sun, 16 Jul 2023 17:54:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id A5EBF8D0001 for ; Sun, 16 Jul 2023 17:54:34 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 80DE71401BA for ; Sun, 16 Jul 2023 21:54:34 +0000 (UTC) X-FDA: 81018829668.29.798FE48 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id BA3A740013 for ; Sun, 16 Jul 2023 21:54:32 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HaS0Ipjm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544472; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AGpizhtwKUKVcnEI/BS1INr09d6prHxTdsA1/xBppHs=; b=lrWB+PiARmVmZgEudmQkhb9rq99/lqn9DdKgrD7lxN0+9z4k75hhnCGPuGvbQPFtnmKlCr 9JFljZQWID3mITBv2VU2x8frNuOkcGdlcHr0/6uoikf7bEFfkzaPtbM23tRxNOzCCh6Xm3 CeFvvQIKAB+OPVOIw3pPPbobg9AFkCc= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HaS0Ipjm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544472; a=rsa-sha256; cv=none; b=TZ1FJAV+VU9rdSGXGAejXMMqI1GEEuFQ375GSlae4z/8ui3mdvoXZ1E5poJ1s2Q58lW2tI pGSUBjVt6R4pcHVe2zRDM2+YDUT6VUvuFhQC9PWjpLXsRwT29g9/RkKvaNGERPmlR+tDVc fkRZnOugtMV1BaIl0gLwCI0kODd0awQ= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 147A260ED2; Sun, 16 Jul 2023 21:54:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF73BC433D9; Sun, 16 Jul 2023 21:54:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544471; bh=hfdAD1hF5pjiY4NJJFhXM0iAxOU8x83qlxrDKcBZRfc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HaS0IpjmWc7RPdKflzvR1m92xmlx4Q8R38l3zv555IEEKl1Sjbcjbo74vGft4cyDl 85YpHVz3Xkga5vWN+S3NW8xHnU0aKLuMtZWHE4VTG7JBvX4CYrgg+MUKB5a46h0vR0 hX7wuIhSDKTiHw9oZ8g9O1XzOXaREYDMJG0BTZ8ap3PBBN8W2tZTxXALCHDdlPl/xK 2kViAzcZE0p+hJfkI7bQv8MV6guzdMpwn0ObIdk6EeAAw9aFQNchU6RAl73fSHxioz pY42awU118ZP1LX6NNPrHug5T0K/0M2wL6PmQnk7t3Cuiwt8u41VH6MuysUXzKZ7Sr 5fOKx+PHuDJuA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:12 +0100 Subject: [PATCH 16/35] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-16-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3001; i=broonie@kernel.org; h=from:subject:message-id; bh=hfdAD1hF5pjiY4NJJFhXM0iAxOU8x83qlxrDKcBZRfc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGabmyvRWwR7jBN9hFP4F4YEd2MA0AE9Q82rXU01 WsmY2omJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmmwAKCRAk1otyXVSH0LVuB/ 0cU20/Th92ATrYv1n5jnDaGdyTa6egcd9nv5x6xxxdWV6a+sInGonGP2/AcJ7yNu18ocOVGtISh/d+ cs4/IuhwTrpJh8H/hb4bk2R41zt3Pil2OUQDB9tzGJvDeOL6Jfac7Z/MLba+3i9rmQs6OV/2nTy5m6 UALjGybScIJVg2fCpBnfKGWYkaCcfz60ercYSS+14VHIxlO6U1IxRCtb5ojVEDda5l3uKvNCHyB0KU NuLzPx3+4eU4sBq5GmyP0Hv2+rGR4LnG1RtCO21jBNXa0arsG4IfR+8w2LFr07EVwQAuAX28YxNc18 wWaY5Q+/0LK++T87TLW6t1tfrwz/8j X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: BA3A740013 X-Stat-Signature: 3ocobnb6r8x1brjw71ad6nz3ro7caphc X-Rspam-User: X-HE-Tag: 1689544472-827577 X-HE-Meta: U2FsdGVkX194iY1k00wrG9YX8QaeHpHOwyiMDmbu/HrSkK3w9QXXH1iHw4/qwn76XYBWYa7LzNlJ5m7QAXaVpt26H85UDDEv+6Ws2tQ8928Po4ePvLa//jbLN/zX/gxxwjtsqMtYySYgAGoWNC0iAVN4L+Ei1nnqvbUamNqkrIl+8PlHxY14IExWfy/bA2eeGc3DlX6LJjpS8ywz4Bykf1t93R3WgH4sVxTSiNpZxY8g9lhXWdWuOR1zNFdjNveSauCX/suQDg3/C9DGJbLWPlbcgzy65plkm6p0ztAkPKUUujXD+G7QpLAa+z/6UlDjb8Oi3QOwf9IQ0UscZRCZMMKST6omYMhlQwhnSc8ZSqj4fKakw9aXxWEeuC/ZPFvqzU6Pzq+FBuKUpIU12+pgg3TdPSkHLuRrtcGKfxFBE+gKl83T+rYAcKVPJDFplJKfbIEnqmHeyhirfgKOMNqXHfK1w3Gb9cX3498J7FLRJwR6NSNUjm4MBLF3ODuVkg/9YVUuP9L+qAEiFeGU7RKXCzUBadxMXQ6Qqy+JZ2mRofJLpagD/Of1VsjWFdkvM+IMQOirHBW0FYmmEkFpJYlFcvEGzrmPMiDhWMYTmA8fAxJL2WOcrn64s6fVpzyUXefNUigwinS9k9g0G0FvN5LmxbAT3CGn/9X5paiL2GTNdjjgye+TwdqAejn0scpfc4e3ABkIZojMih9hN4gzD7zA0W3FPpqd6PWDcMRlQTFtUQU9dNHGKa+2IBa0ALMK1rjkmZWtbMTmM6BQm5/4lbexsf/+T+wYZnXtepnSjSlbbv4Bh266ojgBOiiYTEV47EQCR3UKrs6CHpHA83yVAWWDnRwON0P1JLf2QCyFMm/TG189xbdbabeQw3A/W0joPgMVgRk0LEHFminS6Pk4EOx3otDs9sSutaq457i4XZRfULD9mzVFHtY6IMdtRekvORLOlgT1vLGZdt7+2TR2YmY i7Myoo1G pzK41aSQpkyURtKaRC2q3W63faK8OgLWIUsXm1FKx2UubzYyJdcOPPtM/DFkspPXtI7Sq6WeJvI1KMG9BV/U6iNtzCTBjV+TE2PFAMPfOhVZFZaIU2g4ckwSGNVb93K+PMqgwKqi0hRUMNBQdnPhgD5rJAp41vUoYaU3dvx4o+YawgHIPVePfeI0Lw/e5SOPpa5myWMu18/NjDvp4A08txAW+92wPYD/W2Kq7OBqoAg+vEj9RAQZ/usG7AObyGsF4aOxYNchBkeNTnm+zhxAWXlV2PrVbk/Wz3v2/zp4RsvbUZ3YdTaI3kqjho94Z4H/4zjY5zD6tzgAmvr641cyT0Avzc7yq7pziTxHefErMveuumSohMTQ8xGcibVljEG31lQf7ctBJTRmYZGdc8+rijaWflivLIiWjDvGkV0pE6+uSB2g= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 8c8addb4194c..75f3960cad39 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -305,6 +305,9 @@ HWCAP2_SMEF16F16 HWCAP2_MOPS Functionality implied by ID_AA64ISAR2_EL1.MOPS == 0b0001. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 692b1ec663b2..39f397a2b5b2 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -138,6 +138,7 @@ #define KERNEL_HWCAP_SME_B16B16 __khwcap2_feature(SME_B16B16) #define KERNEL_HWCAP_SME_F16F16 __khwcap2_feature(SME_F16F16) #define KERNEL_HWCAP_MOPS __khwcap2_feature(MOPS) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a2cac4305b1e..7510c35e6864 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -103,5 +103,6 @@ #define HWCAP2_SME_B16B16 (1UL << 41) #define HWCAP2_SME_F16F16 (1UL << 42) #define HWCAP2_MOPS (1UL << 43) +#define HWCAP2_GCS (1UL << 44) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 92e730027d84..595d982d318f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2844,6 +2844,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 58622dc85917..451fbbeffa39 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -126,6 +126,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_B16B16] = "smeb16b16", [KERNEL_HWCAP_SME_F16F16] = "smef16f16", [KERNEL_HWCAP_MOPS] = "mops", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Sun Jul 16 21:51:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314949 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7751AEB64DD for ; Sun, 16 Jul 2023 21:54:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 14A598D0003; Sun, 16 Jul 2023 17:54:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0FAB58D0001; Sun, 16 Jul 2023 17:54:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB6C28D0003; Sun, 16 Jul 2023 17:54:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id DA2808D0001 for ; Sun, 16 Jul 2023 17:54:40 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B9C44A027A for ; Sun, 16 Jul 2023 21:54:40 +0000 (UTC) X-FDA: 81018829920.24.EB2C6B3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 0402B2000A for ; Sun, 16 Jul 2023 21:54:38 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oLsGeLaX; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544479; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9MQtL/ArwNwDX/YLjygs6IywyThB7memAqPD3uhDop4=; b=B2tza/nRT15ioTwPDbT2oBKp6aCMJJ5+U0EU12mY3usJSzLYEIavxmiJgTSvmL5hQPnWqE oOLHalPDTo/8QRTB8Nh2rGtagVJi+hvvAKHvpXiXvnPDmZ3wW7uhWzTuln8iAQOl77vywk LKLgxvL1AqGuvSRLWnzyn4ZZ89K5G98= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544479; a=rsa-sha256; cv=none; b=wFKGhAQ1y/idMXNsdsGMmyN0qmIDoAlDVw2js6pIeqCr5siVnMENnCIFz3Wo6vkK4Y34HT SGBRP49Y0T8Of+gGTsSg7jAeyHIPaloVNsADwfAlqWGAJahjur8o8jNLu0xykh6S/hPlqa A6HC8I/t7nGfWzfK6LOAFAP1uIqU/uo= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oLsGeLaX; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 43EE760EC4; Sun, 16 Jul 2023 21:54:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EC4B4C433B7; Sun, 16 Jul 2023 21:54:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544477; bh=mWrkqBd1ZgdAaq7HlnR+KThCHQngel188UeYQ4P+8oo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oLsGeLaXn9rNUWq+QEOnVq1apik1w2+pWGG2yEtG6Qw4gJ30HUvNkahBZNucXuNrK 9oriVmqQBiX9JN/UGN8JWoEWRWJfyfAoMh0KhYzDnTokKKOkqH6S46GTa4252fTZ35 EqVaoaWxqQUvrza3FuAT5yAS6Z52O+2w7dZmH1dVRdMgGfJ2ZFwJ6ypb9HUwFuWQ31 pBDYdGjcDHamHKurMTtbhU4aa22cE2uEkTKLxXdi29QZEKQFoJ9gEM1c5o70ugoRJc jcQw+bhsxOTFmhqN4g51JOaYtH1MTPgTcFlPu8y+J48SAoIWQUrud4HSwOW+I8stE/ t2q/Npyg6smTQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:13 +0100 Subject: [PATCH 17/35] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-17-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5938; i=broonie@kernel.org; h=from:subject:message-id; bh=mWrkqBd1ZgdAaq7HlnR+KThCHQngel188UeYQ4P+8oo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGacNH7rwm/sgg2oUyKcu3FXhI9wferBx7OZxD+E Zl2t0v6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmnAAKCRAk1otyXVSH0JbDB/ 0XEcEA/n7jpeN/DwBQPdDt2h2LFRvNJa7fuxLxIcR5oGh2yuD34aFj2tCFi4KLSSpwehv3blN02kFr 86QHafz3emOLMwDqivCev1MhVzfA3HRKaBItgRDs313MBio+xTZaBWclEOGt8sToEMSrW8KpqFnuDl nda3+ZsUhYUByk8XHt+8QOq61BIxDyXlOsKy1K8PdcAcQ1TQtyBqBS9iskVDETnsTDLFJE5EYNYt4M KylTT0qj8rerF9RhTE4iyWm7zSj280XYK8pFJGAocTesUMmwVd4Mza03sKTSNaQvf6PWOWYwaW8uxh v4QfjIVB0Zb18Wfeg746J4WGsR1gJg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 0402B2000A X-Rspam-User: X-Stat-Signature: mrrhpsigmsnj66mt1iafew4wws3ar9tt X-Rspamd-Server: rspam03 X-HE-Tag: 1689544478-746075 X-HE-Meta: U2FsdGVkX19GC56o4/3voAALFlCpx9IeFif0q+IAfcD+D9+6vwj9JwwUNfB0OX0iXM/R6pan3OWRusC8ywDWl1W3jmEPxRTBO+LuIqfZofY+fW3g4HlhxHnV4Z1TvTGLrEsd8p6wsBbwgpCMaPerJSipwqybGBCTa1GFspjCePS7Uru0Xf5/KF3Q5COCZCMRDdQoZWiZe2tiyv3sYWZ+TvjoQxgdx6v+nJOYP9V/X79NKz8I5dKgE/QJ0+129H5UXDDRjNzSuDf98kwfsUS62M/9jjU2/0c7BXNrPVxiEodC6M7d7ndn/oGVVQA2t+5B4XbfpT6dNIk3saITT9DmUrU1evgMhzgpLu3ZqePzv24+nCCUj+mHk8BooxO5tuym0KYVW52k7Y+k0VIprT17U4QXZQd+2wuAvk5CwlZbAQ/PbDt0saziBguukasYDpaMTDq5FJwm14GQymAMZc2Vk9CKF2m1COuSSAwkZGOYATVV/kW0I1xyG8wNKmIno9fhUFhxfCNv4+0opqge+5+M5Dkf0DPcUcNR+IR83IIwMaCgzozZZj/3VL08O73AJEymYZWqb5aVhVYtSKcXFJPBLjiN8P14Cg41GIDXHoxliw/Mc3Nqy3F+pOYqB29+KviNDjqT91WxNFMbViW/+fz7Q5qeIulgQwLmgptQDcUJ/AVG+uXDHs6v7v7ZqmKpRiYBlZ8dfTo3Sf4Lo8aueDfhvpF2araoD5/u/AD2IHxSHM/FaEct/X+JlSu3b+LdFVIOZ5ze1HbrMsCCmTycIZBRJoE12WHlVF71xVdNEaWlHJ92WSekXbMl6w7fbnMl213Kx853xyEbn+B103Q+kxv3lKV8wClELAQEyG9f8IPT/NJ44uPYrcBxEkB7mogm9W5+dZqI6KRo/4vCZTfZttZS30iae9HzqHr8Y0/6Q8XvP5Bvo0fPqnFOcCQvcKv5cY9eStWIrRIED7SZ9s6uxGF 61iQ1Jvm sS0LJ61jYMeycqA5oeaS0zTCtRIpVXe0eakS5N+X9UYBkn8IpfxaL4HqyoT3Pwt5VLyjJyl3T45C45UmQUU9lquE2jbfwKs0YP+WbArv136mYZQCN2EUxzsHI5lOQ6LODzhKLPRHZwFwBYw5BiM3hmD6yagH3gq4yIM0kpPajvr9RIVTAGtjOwB0jv/t16sUWbccC4tnsTEauT1H/9G7hJPZoUyxvs4GhE+uzhSUCgQMC5SO0PjvfoKR/d1X4Um8yhPUH1Oj8tamDF3cLNtvIwlbt2OSBLvlmO2GjJboqp7miITA10FWAVWGmDtI2eLZ9sheaqxMwv7UmtjeBSDrT14vHNaZz6QJAGrS//QwgS7bF5NJNlsrxw1QURcZWznKY0BA49zag/8oVDhQLpsyD4SGly7y1X6JzF46eY3XCMyERQ6M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 26 +++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..c5a72172fcf1 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,29 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (14) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 6b2e0c367702..4d86216962e5 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -400,6 +400,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -442,6 +451,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -621,6 +633,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -701,6 +721,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Sun Jul 16 21:51:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314950 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB6F7C001B0 for ; Sun, 16 Jul 2023 21:54:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8C49D8D0007; Sun, 16 Jul 2023 17:54:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 84D768D0001; Sun, 16 Jul 2023 17:54:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EED28D0007; Sun, 16 Jul 2023 17:54:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 5BD2E8D0001 for ; Sun, 16 Jul 2023 17:54:47 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 2E5C7B0126 for ; Sun, 16 Jul 2023 21:54:47 +0000 (UTC) X-FDA: 81018830214.15.13579D8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 41F92A0018 for ; Sun, 16 Jul 2023 21:54:45 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RelYncrn; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544485; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sA1hwR19vt1bPLADmhgLsEiqPvO7MpkYVVEM/zo9Rns=; b=C4YsuZOnMCd0zKVEmIKv+jfi75dK3T3oqmRNje8Jo/5JoLYvvsDbrCAkkQyxiiIOkSb3y0 3Cl94aftYNUa6u2sM/8SXr7LYQv9lMCK3kSuzGriHc7MN5mjmCkL3+JTYyAlGdXXTBKQXK 4rLBclU+qQQnY2qxtWcnvwJoPejhKAQ= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RelYncrn; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544485; a=rsa-sha256; cv=none; b=lspNPsRUhhdlahjaUGFbPVND1UGKobWp/ZDk2Xz1xIORdgrjMrCI0Ya5ChntyQi3tDsS/N ccSHTlZ9+9KN5QAlCnim5dq2kWXdUNtdHaaZeMxkUCED5hXjjzPrGxs7NGeMohM8kQE0av BL3/5UdyMMWe1bMf67eHMCVu6SgwkoI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7312560EC6; Sun, 16 Jul 2023 21:54:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27304C433CD; Sun, 16 Jul 2023 21:54:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544483; bh=Ic5184HtLjp7BRJp2h4YHI8S+wCBGgxplC9dANJy2o0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RelYncrnGny+EAIlfhvuL2ShmSOMTtQz9t2jp4p0osbukgPqBuUZYVANDMaD8K74z bYSe6oyv9RfNlLF9wz9y7pqkyTDLJP9kscdXHnI5m5Xrn64tgu8wukMhliN8npSrjV BWXz1aweiGD4JBLEouYmkqMQJff4w9YknUECZ6bHn/AoQ0TZOW2n2N6+12vwWB/1D/ OfXu6akRY27HEUpErilhIpLqIUIaX+gJ4PwoS433nwRFGIg+SwdzyjKOs/IQIVJXh/ ALASiXAB7eJzX8QGDEET2oFy2GpWZJpLTN+DDDQE9w7MKMU++Nhk3l3xKBCgYHJt6v bS+aWM3JZxT6w== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:14 +0100 Subject: [PATCH 18/35] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-18-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5561; i=broonie@kernel.org; h=from:subject:message-id; bh=Ic5184HtLjp7BRJp2h4YHI8S+wCBGgxplC9dANJy2o0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGadjCcwsj3WTxSZ76WapUXTwRGVNGO3X5o1MiEr UcRBdd6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmnQAKCRAk1otyXVSH0EUsB/ 0Y2q2IvD26b2AqosjuYfhXApUyZKIxrJGf5qPB9eQjeURpZjoVTQowhU4IE6kQbT4thl/xF8yO0K2c aC2sWmWA+cTNsD38B1GCLo4NG6DPxbzsMcMyrTgV7sxHT2V0LxyJXff2xzdJ+JMCan/00Fuw+YB1A0 gHLIqHbzExbVwdBpDJ/47KeR32ti3bHPFPL9zO4+3qmnVBEzKbHcOnmpkNuuoVfMO3hVGiAHarBjcV Dbd5Mg8tYgg4VuE7ih68Tu+7ebUKIHriLwZljkBYHMHhUNlcoz0rx/Lbp4anYXnv1culJCySnMUY+D V5l28lm3yjxrMkwHTtiMzOuVPj9dIz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 41F92A0018 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: djpyg545uqkmntzgpzu4f7kcakaw5nkk X-HE-Tag: 1689544485-751819 X-HE-Meta: U2FsdGVkX19YgKDKGnmZ3W1Z9sOc7F7wcVFeDh6EYIXeSXCsTVoLyRK9nKyVo6Rt/MiVpvSFhz5JdQJiNHbTwykdAbv/JeEfsO/gYAYG3HZSZ488wpJtM/nW7yaD1Yhy3aPYVR0AGQ86MrNBEC9rR5VKb/KL7ggGyaPOfWhuRgsSFAYsRDgmKIXscZfbQLH7LZuIA4Ak6Ly/hyvLPvmDV4uRQ5jhoQm17kyNxU4SxGP7hJp4bas3rEACbNPQ/7/0ZvmLgZs7ehMK/BFFQjqHlGKyQDlIxh9Fmq1XWRR9vbjH03dEhsc5j+SuAT2vZYhHB1SOm+Z2DQuHOeMc1AUTMpXzbNgQX6xlOoINwvxzlpudX6E6PSt4D2eZM80E9PduJJOXmo3hNqJ3qQ138CgOMPFWY5fusv454x3sKG7LfiT1fh9CMjqYGQSlVYU6xI490OQu3TC57yjWeWh4tvFxfsnsGLTVS5sMCjqdT3QyPdF7M0PR3f48AME9r6f6bmgw3I4X8EXLTYlYtXLBHFMlZ/j+9dMrgQfSdZaiHNRy67egqKrAdh58rEP27kfTspCPzxkiwMquGvyLBFwPqe2vE32FLU9Uxm/QmUU+1u5HPVmldXFZKHY2IdAXMrJ4hKBqaSTCdcVF1QAa90OeBjETRe9sDbdJAJZAgjemuZXoa6IhF7kfSGUG1cDXKDgprDKrm0uU0yVFrGlLeVQyUZPgd6qpuEm954Rxb3CJRnxR+5oGwKGbKAdphJGCI8/wwhTPbjYZqMZCesxw+K/ke0yGJBcxdg/YGgiy6Nen/J4RSasXGxemOZ476kZi48n/W1I7IYAnemjVVIccuNLOjYd13Du0efbnH0I2hSBNq2/Y3pXOhUvPnBUzT7qoZZKMae6SZMRO+GlBiq+UEwddtg2Ynh+KY1sVR7eP3Qa/jXZizP7r3JSiSF6DxLdkBkD+jFQdhY2fFxVuAasVXY+WJaX sZSR80aQ 9Bwt6FzUFz7t5jy0TMdRY5fkojr2f1gCtZyk5ydPGqRY2/f6x7FV1XRVaLQEFOeUrN/TGLOpNFbgo9q+15cv+xgErA/jp2WXbVdKW0kwu5NbkAoTAjbsUKaz8x7CCeJRYElsCHQ8dBi6CeHqEDsf3wjZ67oauGfNd0rqZPAtZKfqgxuR9KZhLyo034WJFXE0HUyIucIp5vmLUFxGRGHUmPMr7W57+6QQaSrQUDl05B/1fUiJyrQ/4v4x6jrPOXNVvRiquYDBXNryuxQj1UhVJcHS86sVB0NK9mcVzBn6hy/ZlxI+6fm7r8L3cK1OpdJR7YsitQHBDpRYFWhgFeqW4crMLOuJ2l52nbfv638hJkBw0+HS2LaoaRGLpgrJC6V2IIrKFTI6AZQvpmOgza/UolQIjYoNGuHWMnjDjbjyRiE16JX0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 75 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 3fe516b32577..facade819abb 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,15 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) + return false; + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +612,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!cpus_have_const_cap(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -595,6 +641,19 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations and from EL1 writes to EL0 pages but just plain + * EL0 writes are invalid. Specifically check for this since + * as a result of upgrading read faults to write faults for + * CoW the mm core isn't able to distinguish these invalid + * writes. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -624,7 +683,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Sun Jul 16 21:51:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314951 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 182AAEB64DD for ; Sun, 16 Jul 2023 21:54:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A99A88D0008; Sun, 16 Jul 2023 17:54:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A49908D0001; Sun, 16 Jul 2023 17:54:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8EAA58D0008; Sun, 16 Jul 2023 17:54:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 810F68D0001 for ; Sun, 16 Jul 2023 17:54:53 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 59394C01B6 for ; Sun, 16 Jul 2023 21:54:53 +0000 (UTC) X-FDA: 81018830466.11.DAEB3B2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id 7B37F80004 for ; Sun, 16 Jul 2023 21:54:51 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=L0LM1PnP; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544491; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=S0krulvTlHeBCtOvigAhi/E1Ia4NHfHhs9pjSmvF2yY=; b=tKO+cgZ/BFt3XFnn4EahWB4B+p3p9735gBaGowM+4G2OpLQSeMRTuUq3WU8dcMZTYJ3TsP Kbd1CGOrxcDwy5Xxx9cwsrZfVbc7Yhx55d1zh5kpFl7afdN9//Y98plEbtJB+fwiZcyGqj lAavbEpi3QvOkUOkWw9AHraAsFMuWhQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544491; a=rsa-sha256; cv=none; b=Xv9SZhza6rvY0DAcm6c/5p3j7XedFmcN3OX6Bh7H7o0bUMXvi6Dqnb2VydRYXtjPegEx/f 5a6clVd0NxQh9G6LLhEQcw9IrfL3X5qC54QrmPZXMiJQIUtHlw96wssOif8LnqaKKW1Y55 e6zhfg0kIaBVGE80mf/5b1WNFSdOIZk= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=L0LM1PnP; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B32F760D2C; Sun, 16 Jul 2023 21:54:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54D98C433D9; Sun, 16 Jul 2023 21:54:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544490; bh=Rgc5Qgd3MxiPmSczNumLpnYq/5VM+tdWkyCFPClJUpc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=L0LM1PnPVqRj0EvQTmf9UWM0fykN7tpZjSVQRf7i/zGpPKsE/+6hSVAdvRbJbsQqW SNFiz09CLphfKRjxe1rnHXa6BD3W+2rQH/4aKqz49P5PNOFSomrsH9z2MasbpaNjkY HiGzvE6YSZwRel3WWmbrhkNSzrNgbxXENJTgwQmZa+Hh9Ou9PU+WLwFtmqgUtMVbEi J37vhncJ8izUqQvagozEUcvWDJNKa0z7rF7UnNp+IK++ys4fX63SiBJJlARbfFuCp6 cixT0o3KAKRnUfW7y6N6BwjmnfuU5sA7jxylnHvIjQBWFkdmmIxPYzRjnCV9hv3BwW PO1hnzw5bUioA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:15 +0100 Subject: [PATCH 19/35] arm64/gcs: Context switch GCS registers for EL0 MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-19-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6274; i=broonie@kernel.org; h=from:subject:message-id; bh=Rgc5Qgd3MxiPmSczNumLpnYq/5VM+tdWkyCFPClJUpc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaeVpFJs5nBnOgOtGTa05DxettjuHoqUtmvd9PY CfYG0NaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmngAKCRAk1otyXVSH0M9gB/ 4/JP0lf//e3wM7Ga3dNyAUezn7ZksBtTvGPYrDTMhI6s/mD33X/PVDthOLZzGPzMYPkYqqe6OCZgLt qd98HEz6WAxXxgKild0ELIVQ4Vd2I5iBVcchc94h3GE3M1DPNZ7zJIEg9u71pkUkzf+jSbLzspGuHj tcIGt8nI+xGu82AEC3YniPbsv53R7H9vw74JNW/RpH8ymupodgpMicoGapDNhIJWPVflml8fkSSOL3 CW08JkIiazPE+koHIyTDOBEQpaZspeknYAfO6/Jvo4yO0QIYSyme5nMB3eNUqk62nsBjzGy8WL+bUO UgEysdhG3TRK4BlrNp4zfhDnsQjc0N X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 7B37F80004 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: tebhfip4ueywfbgpnebtkiy98jm7zeq7 X-HE-Tag: 1689544491-753435 X-HE-Meta: U2FsdGVkX18Rdlw5M7Ex53Zbtto8qYArr+0lU/OkwCltUwKlqohwEtLlMMLDDw1sVFoAUP2X2/qGyZKn1HVuztcPLfQGq4THv0etyz8Om8eDDFe9ZEjHuQSzW/Gpy7vu2/0f3eX71A66rLWhW0lY+Kqbxu54II5TQNVtm6XWV7cmZzXDCoOS1WOjpZ6N4lF5CQuE1T1Ox4ucKn/OJSKatzkhccZyHTNsni+3VwSzdpdcbX55Qg1HanGZfZW/7U5btVMALTOqe+JlNjFlsmjWiXnYKTxrtCu1BpuD3ESahEzQMj1LSnX1ajmcfh9dv73oJz+WziKQFOdTEO4P1UTntRpkSNAL0mqVetvG+ycbdVXVa2Jz33wUiWsYlZ+GgbKhQQdozDPAX2i1+koj5MzjQbmBCNcgd1BGWKE+HWuoE4SGMqEVwC5OwGyEtnuyQfCuhDoAMT9couMS/uAqig8qchz8oaZSiV1DpiJJrr/6rjJ5a+Vlm0n3ZTNVB85vkFs0k51r7eYZIL73i0gisHlhX1xyqlgOzGYN66vYpiVppumdKATFRct+F66FCZTDlhee16oufYpjkk9YrGo+LMIgvGmNUgqRvWZyymKHucWF3jgb+ttni41wAfAeO8oivprEYVsOUSAtzQR6xvjJAHz5LtfLOL8aBQGwiBlNz2JgEjG4j73KbppvpdQ0HqujO0907J8Zx2+aPMm+0O1oNLK+EHXFJFZ+JgV+nT8/TRDtvIX1uFLjAEQGx8AN32b2JQlwrIcdD1FZ74/X6xs+KyBvLxgqiWEbqRTyDykRpnFxqAimy4y8mAqn18yrOQAiFbuparrc9tkUy4KpPoiETHYy9rT8BhIVvjtuX5s7OMiD15/+ta8GvcbIcGk095nWuEkUDEjVLSQPaadKFXlthj0DMSDkYGIVB9ZMQ15gci4moqEnTA5ZNEAJGOcOenxxuIgdsR+Ff4IguhH+iYXgYQS nN8u8Vml 2nZOCkqKTUi3MxmgGmN3QM3ciPkEf/wCZDpe0lln8bKWDNO1SxLeguGyBh222VO1Ssqh8L0XCUurN+zPAAiM3neb6Kf8Xma1MfOoQWrLw8RmqBuIhVt6sdPdBZ427XINNKdN2NwuUMFXq/NOWlxuaXLsjFp7TYfYi6hUso6U1wa2fYxRmSew6D7SWKA00ATEV95Z5JUSfq8RC5EI09KhX3nhbPJOX7kiFEGyHSVU8bEyQpDQU9iQK9LlRRQrVygHMzl2LJzTUfHvvyFByw0r65dKqbUy+Gj4IKTmrbZwsDuAcq5pri5XD5OY4hyYs2zhEWboE01h6MlQZhM7ZaMtxBiu9QsfjZEnF+xfUK1wmTVOJN6VtkbwuSl3xzabjWtjSyJl2ghMxiogXgbhvfGUX8YvFLak5i5NlvalvGp4jgVdtn6hxoLaGAFy228haAtepcJBrPNpZHvPUivI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++++++ arch/arm64/include/asm/processor.h | 6 +++++ arch/arm64/kernel/process.c | 47 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 +++++++++++++++++++++++++++++++ 5 files changed, 117 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 3918f2a67970..f1551228a143 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0fcc4eb1a7ab..0d07f78b6c85 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,30 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (system_supports_gcs()) { + gcs_free(current); + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); + } +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +493,33 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +579,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Sun Jul 16 21:51:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314952 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 306C1C001B0 for ; Sun, 16 Jul 2023 21:55:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C95148D0006; Sun, 16 Jul 2023 17:54:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C45508D0001; Sun, 16 Jul 2023 17:54:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AC03B8D0006; Sun, 16 Jul 2023 17:54:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 9C7FC8D0001 for ; Sun, 16 Jul 2023 17:54:59 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 6CC871A0278 for ; Sun, 16 Jul 2023 21:54:59 +0000 (UTC) X-FDA: 81018830718.11.BC9D54C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 8D657C001B for ; Sun, 16 Jul 2023 21:54:57 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FOr4Ap81; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544497; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FSF3DuCFDXOq5LOT929SHCNGEoSwNokFS3P1JKyWjwA=; b=VfQ/ev9DYaHgnFC2/I5xZ5+dYoYETx1+oHjaAz6zxN48BeJIOYNG0aUrUnkYwM83gBud2R jY7FPifk6jxuUM8sfskpclC6EUkIN45X9OeRne0mgjooCIP31wdLx7we6vP9ek1wJx3a0F +I7Qsr2kd+5bb85y0UjQJyHvuP6JTis= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544497; a=rsa-sha256; cv=none; b=wdmz84YBg/k8mDMAkK5apx0oPlJDgGHhJ0W7uxrp7C0Mhhu5k+PdpmxgU83boJHP8GOh9W PARe/UysfxSl0P9O+/lMqlrKeZR2Udwtrjm7oDu39VhK1PPLgLka187cvLAyQAVbG83KG6 NASN5YplRw6dvuGl/YkKhIf6fUoJXkQ= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FOr4Ap81; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D3DF060EDC; Sun, 16 Jul 2023 21:54:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DF96C43391; Sun, 16 Jul 2023 21:54:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544496; bh=Cnsh8f14hL4HHiPU9pphPTWTCxuBQLcwEk99smdJn9U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FOr4Ap814IFvMAcXBqvqpZeKpNRa7sR8U6pRRrun8Ds045X2N0Q3rcVZ6nUS7jxtY nZpF2TFOkjcHjcw1Y9z4umesRbtQxkIf+pp0D2y8re8czkEk1pTmkUoEc7PrDTgnFK W4pUxBIUghyp5O/oZdly3N6LOPl4p6SI7IPkCQHUI/kAVsQFWIku7lg+6ZUBZsJVCW 8iLWcexPJthBCOCv36NO6oaDVK0o4iqyxXIiKNc8/SCzvRHZcnlS1f80tidSWLATch 94+iCMNIZz4iMCvQ3CJpQMiOBCI7trp/wwQlEHH6NhhThXFQqJC/4WzTg384V8uisZ VwFMk/pZqTMQw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:16 +0100 Subject: [PATCH 20/35] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-20-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5142; i=broonie@kernel.org; h=from:subject:message-id; bh=Cnsh8f14hL4HHiPU9pphPTWTCxuBQLcwEk99smdJn9U=; b=owEBbAGT/pANAwAKASTWi3JdVIfQAcsmYgBktGafY+WmRdG3BvjbI32odNe3p2cT4DVS2GaVY1g+ oK3bAxqJATIEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmnwAKCRAk1otyXVSH0HsEB/ iRBALKK6VDtratV+JSI+yIW8agu+rGC5qGc+htITQAExK+N4/5qlQ9hg5snyS/qLQzid9PQoP4miyx tlozcDXGlDEUhcMiAiQc/Gfa9OWLhjnx7nqCrB2A6KfeyLJ4oMqMOPkdUkG8uISSaKnl8ixGP9QIs4 U+E7Dp0vA1CEQNyf6+8AWRt34yCNkxQUWlFAn1xDC7XPNeDyXv7olBuyTNOgCQqaECt4T7EmNBEsoZ ey0ZRitkrQfOi4UAGobfb6r/o3kESMH0t47HxaRrhDMQ5G0vlATe3pDE819rUx3Obd18tlT7yXBML9 29GwoxoWamHlKdOl5GPCqxKTcDyzk= X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 93pqk1dc7gxosau14bta3noksrt4873d X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 8D657C001B X-Rspam-User: X-HE-Tag: 1689544497-177755 X-HE-Meta: U2FsdGVkX19HvM44gWb4uGqe/nPyLASa0jgZsNNav20od+D9TPmQC1glFeQvqdAZ/ddYtuzuiwHrqe69Ts5b6olCXvyNJ9PeM8cyv8mW5WOugXXFJELBeccfYutJDVngaU2Hp5YI8+xAldlyL7mgcpqcSXnT3rNbBi7wZvf1XNLpAwRIcEziC+pjxFN6o0D/3tCscRyZP5R84v8jJx0JVwc5E7WyfaxTUwu9zVBAcbtTOwK/CM7ml3ISMQ9dRjDJOAp3LJ/+OiCcw3VnVLJb4VqUKSyzbfI8Pfz2in4GTu0lhbqdt1y3fLP9AWyZIkvD+d5L4ShOrmw4dFX3uvxOavI88hRXDQZihQMcKA5qd6nYHD9wTfZOxJXl3iyA3FaLua84dcorc7ATWhSine14kql76Z7UNcXhcs6JPUfB7mwfKjMSMOw85Ev7+D4kE6hxdg3R2QNDlXVa/LO7+Gl0TAPcSLbZnqcKzPIciec4YOU3Tf1PQVGfNBb/Gc2UtrRPB3P9IpgB5ltC8JzF2Xe3JiBiUP87pajEyntJkrijZOucrb9Qe6v2U5b2pPQfffeep9gHIamggxkvWLtkdNYpYSMkl+ADDg1tGcLJwM3CLtNo2D/mKDtCh0zweMqgHGM+JHDlzkumltAd/TmInojp93uQrOPaivf+XjIXC3w/mvS8PPAQDYA4gdHIbzvwL2K5c/Z1MfDbVT/cXJ+rKkYwUwyJxVitXsbyQb3SeO15eaLhG/EHVNjqQxhsLpW6gdhgW7FjB1Hs2FumTSBqKNRKlDI0SpgJPYHmX4JU7FQdRPdngfgb241txb0VwTbLnftTkUQO5XgrIjNsCnMa8HVCHylZ2KUuhtxUVHjVX0E4j6aP7hLWybwgPqVNxlg3YFsUbbAwkCC4ViYo4QRM+qx+unitmz87l8YJnYu2lFFYbKvJJvGcvlHp0ANMIS8wKvPeDVF0QiAjhjCMdI1LZum MRSnjMcT dbDyg21n50KgUFdb1BkH46Fp7nY4DJdBU2pQxOOHf+CD/wo2joAQUiEEAliS9VxzB9nOvYuOyu/vaPt56jJUrlpfEIOiVoPtAG62qm2/71YZiFUCfLtx16oahQX/EG+QptiuNIl+YDNlASaX+Es1wfgLcY9lCeyBJzeeEONN/y1QEVDF2hK9kuWmMDBdgCwOXfvIFmfH+Z38vrtXYKsxPRU16nNtkxstGVlfWQy79zuXKrgBgB94bcLHsAjgDK8Aw3+bzohUYYJA/N0Q/F893ZYYEUd11PabUojOFh1fFUINh4/e+4lNCAFsylvUKCwc1WYzjcgYk5sGRUY4bbgqRroXXFUIINwgJswxtHrwKghEZzysFNrfS96Hq96o+hNH20WePMOXG0LxLj95KI9uzY9Vd9EkwyO6NtpRBbAmyIkDQyD8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We do not currently have a mechanism to specify a new GCS for a new thread so when a thread is created which has GCS enabled allocate one for it. Since there is no current API for specifying the size of the GCS we follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. When allocating the stack we initialise GCSPR_EL0 to point to one entry below the end of the region allocated, this keeps the top entry of the stack 0 so software walking the GCS can easily detect the end of the region. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 7 ++++++ arch/arm64/kernel/process.c | 30 ++++++++++++++++++++++++ arch/arm64/mm/gcs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..4371a2f99b4a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -58,6 +58,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size); #else @@ -69,6 +71,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0d07f78b6c85..ce0a68d3539f 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -283,9 +283,34 @@ static void flush_gcs(void) } } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(p)) + return 0; + + p->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + gcs = gcs_alloc_thread_stack(p, clone_flags, stack_size); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + return 0; +} #endif @@ -367,6 +392,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -408,6 +434,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, clone_flags, args->stack_size); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..1e059c37088d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,62 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK with limits of PAGE_SIZE..4G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK), SZ_4G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + unsigned long addr; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) + return 0; + + size = gcs_size(size); + + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Sun Jul 16 21:51:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314953 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64527EB64DD for ; Sun, 16 Jul 2023 21:55:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0ADE98D0009; Sun, 16 Jul 2023 17:55:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 05E8E8D0001; Sun, 16 Jul 2023 17:55:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E41658D0009; Sun, 16 Jul 2023 17:55:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D5F868D0001 for ; Sun, 16 Jul 2023 17:55:05 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id AC8191C8428 for ; Sun, 16 Jul 2023 21:55:05 +0000 (UTC) X-FDA: 81018830970.29.91D3C25 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id D927B20003 for ; Sun, 16 Jul 2023 21:55:03 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="KjXrfm/w"; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544504; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZDD/m+ln1j2SzQvwWsNWbTmVAJagg9C+GBom307Aznc=; b=1OFHKjzKAa2SVJd0ABYTGxZKUnrIcb7YWdXYr5tguPlAn67xN4ovfOhSnGxQweNfFQ51HF uTyl9iyq3gaG25+EoEGRzMRlt9watDyZ6nJjRJ2iU8z5Ur2gN+0MT11HcBTRxhwunSnQxo gW5qxxt48rvFAfs7AX67IH9ZYWmtxrs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544504; a=rsa-sha256; cv=none; b=7t6DKpF+ETuQHBJEMvEbuVQVBY6urbyjHSjeWSFJCOQFz07BwYJu56Ls12qgvX0dFVnDQ+ 5p1gibA/z1mSpD6Pjrybe2MhyDMC0W65qYaV8fdtAtQpN4twc+XY0oXOuMsud8mcGWR9Z6 9JECEIRgbTuS1HF4xPHshyw6iWFPBwM= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="KjXrfm/w"; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0A8BF60ECB; Sun, 16 Jul 2023 21:55:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1AC9C433CD; Sun, 16 Jul 2023 21:54:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544502; bh=sCynytFiMn0HVRaCw9wATO/MQrUseepmFl+nT2jYk/s=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KjXrfm/wSRDdF+7YCpEGZEO+lSs+OqgoSQgrfDj9DVQZpExsCZkfUKQnOJVXYoE7P PfkNIr2tSuxKaaNcHBG9NeHHpfhOSd2atGj6izLAif7Q+YYeuwfnFSG7gum7gDbZm2 QvxxHFaPdAYDUz3qiI2hZjYHGtBlt8SlAmXMu5nNgnYb2/cFvBWgDeYOyq9l/rOaRW N/g9cHAlpOjVSh6Bu0aNvQcLdlrK24PA5KHq9XuSuyaueqlrPX8b/yQw8c+JgGhSwo thBNYortK6za79ujqUOGOXut8DgdfS+5pXkJhCNIN8IqcACV9BWSmLG6W468TAJ/lf en3TjwAu0bUJQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:17 +0100 Subject: [PATCH 21/35] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-21-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4126; i=broonie@kernel.org; h=from:subject:message-id; bh=sCynytFiMn0HVRaCw9wATO/MQrUseepmFl+nT2jYk/s=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGafpYt4RHzf+znR2MMO8WH/q7lZQApjc5kZAGv8 bxNTw/6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmnwAKCRAk1otyXVSH0IvWB/ 0eBO46ZWbi3FkEnPnLnNDUJL2rLooaAWsLABOPnXo+GV5miqbDIJqOX2yx7A4yvqRY1vX5rppQvQou UunGCboCgcdlOHMc1YkJgbMIZu+8uvqCzs78QLUdI5SVQLMX/Oek6Qfdnv/K+pg1GnJoxoDJuBg84L BGOrkPGtB2/EIXhAhWPzi/rWeJDPBNkE8bBb8BmcWPY1zBXQC+uV/VQKDsSRyukIHE1w5z8ED9+nnv ols7/RmacQ5LnVCzH6YJVy+STu1EWtNuoScWdMP5ZHVfYs2/kzZGmIOw9POUPAkiqDXia5RGkEjBaE nV1BQO10tqr9If6MxXuD60AdR2bAUx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: cao8jkorz5g1dwubxt4detbf7z56d6j5 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: D927B20003 X-Rspam-User: X-HE-Tag: 1689544503-872389 X-HE-Meta: U2FsdGVkX18AsKoZYKcUJ4t7uBH1Lk6XzVg4EcPvgPBgnIpADlQvWlQ5xbAQfCF/h0Md8YtHaDZeCDBvpEzCdHthoEmDL8Qz9Z57Y48RxerXX6kDZLdhg6j8N8+77Tg0aeLpralkXzA9IIGYjTeFWhj0JZfe7uj7WwYKF6EQu+6hEF9Tq+88AhEPZzrsBVZl1fxn4FcT1exXJgkkzdIpGjL+541mcitdz3QWtnT/l2ybDNZZL5Tds3JQ4gsKo+C00p13MFjQ8LBZ6ElXk8W3rG4AhlcdI4wnNBl91k6LYBPwf9eTUTrSS+hVvhinTsaMlcAv7v/kmoxt1NZG6FPlIfTCnsPHOuRlwQvdKwbQPe03F1eBK1f4EcGDiHmPgecr5RRS+Ie1jHxNJAqwcW7SZzPNA2IS2UpXKgUbCy7RtADNYKzhbnBQcBxVenppzxUw6pPw9sb8guNSHzE7PNRSn0ldjcCFYysNI1BxDaipvN2fc/+/H3ceYG2gAwUcdHKaKVDvVfM6pDV1V7uVu+Vtelu195WwnNdBuHceAJVSI5XF4E8AaMonHLql86lEsVwKwG6Kj78VpbH+Xe/0oZMIYBcviwCEr6DPyJVggM+1bcEBxcYJNJn2y9GoKOkPOEApdhYwFLtnnjTga/FrXu5DmNRoecW3ySgh/fWH1l70lb90hOOMqLURIWe4PvJCx1b8SALImHU5ltYWjHudEA5LqOYu03p+V1nrrj8ryH6/KVZ07lfIP+4H/j5bz/pnsDlhfXx/jFh5e1QFAGU7gRmyBGtq9X1Jjo1q4PfHdnhbTlJRBaalZI6ymmSXhhSjYQUxVb9EIGdo1bTGwYAd1DJE0Ym/UtgsL+mDOu+7Gxvuo9bD3gl0b0el+e4xA3qySsbSK7Za9Y2Um77+vldWHJH9X3FwKR0/bDz4PwOxZcf9iYC+Shs6bwK2CuxI/V2YNBBCq9bVg3QbxsnaebDEf9v /aADXpZQ A+zSV6ZibNRL4emf3lY6bJ7PQD9T9lsRP/QneI7J8lfAeO7S8nf83W7nQiU2pux3baRl8Kk/TucypMVKYGFQH2Grc0Qnk+PvB6QbQSYqJBYevQzlED+7Q2qhxHALePyTW7LPfn04/TgzTs4a9IVVCNwufqkhsHPdO1OA6s1hvuUgg8PP49t3ey/Y/51DUVMjyxefIgt2BOklK3614D6BM5vpXNAUQm7JRPVGMIcgQnePWTvG487Sd/sHoV7N0ym2yuWytsIVCgX7EkNTPQ2SDBI0KTYdIgGZ7y1Ps/kGgmIa851laZoVPmBcziDG3fdvPXV2vjfoPNmkhlIhE65qM7FDCeg/uW63sE06nDDzj9COe5jF/vjvBBa5dCBcABQqT6TBf/aEocKmHT9guedLxtYQs5t272XSRjYm+WszLEH1MKdY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 4 +++ arch/arm64/mm/gcs.c | 64 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..8655ba8054c7 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,10 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_LOCK | PR_SHADOW_STACK_ENABLE | \ + PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 1e059c37088d..b137493c594d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -93,3 +93,67 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* If the task has been locked block any attempted changes */ + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_LOCK) + return -EBUSY; + + /* Drop flags other than lock if disabling */ + if (!(arg & PR_SHADOW_STACK_ENABLE)) + arg &= ~PR_SHADOW_STACK_LOCK; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} From patchwork Sun Jul 16 21:51:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314954 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E116EB64DD for ; Sun, 16 Jul 2023 21:55:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0FD658D000A; Sun, 16 Jul 2023 17:55:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0860C8D0001; Sun, 16 Jul 2023 17:55:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E69C48D000A; Sun, 16 Jul 2023 17:55:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D7E4E8D0001 for ; Sun, 16 Jul 2023 17:55:11 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id AFA9E1401C5 for ; Sun, 16 Jul 2023 21:55:11 +0000 (UTC) X-FDA: 81018831222.19.129CBF8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id E4F90100015 for ; Sun, 16 Jul 2023 21:55:09 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GzegXUhY; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544510; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=p5lnLnXkQdHSr86cPV6qGqcqr6YjU6RZRds4XNbuL2E=; b=hFbcQp62zVwSv4qVr+9sPwt9iOfdhygNRm0mRU4kJ9cBkWMi2QwUJMzPXCRv0m+EquP/K4 PELNrpt1XiGvVMcqxucNsgS+6dbwfbtZBmqlgiyUBMvqmDFYTOjcPz3IfanlY4jx2F1qHf F7LxOudn/oeJg3uiClX6WbocUiTibdQ= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GzegXUhY; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544510; a=rsa-sha256; cv=none; b=t9573hU79gBsRm+0ZH1E/QHRcgIDvEzjY8EmcCPhSqK44OJB8WDcvetXAjczyhPLEzpOkI HNaueqP+UPYZ3TfPoOL2PxN6lFrmJiHjLo25FxDHyGIjY4j1JQCLka+CR63j6kFIQynvFL Ybm5L0okCfbILWRn4RR6yWNXVXXCW+w= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2EF0460ECD; Sun, 16 Jul 2023 21:55:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D92A0C433D9; Sun, 16 Jul 2023 21:55:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544508; bh=Qo7VEeq35SIQJBwY5tGh8MK5qJhh/DcNObXLhMO8UqU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GzegXUhYlkdZAQDz17YKUhLLyzootwSLonFAjsX9Zc+ZSjteNmOCmvJJ884p4d3hu qIS4BEzrJGPTwFVnVdZAKKeX0MzlCMgWgH0ehM0M61t5vijMMiRlRW1ObmbRzmkCqL CTX+eVqknGKA5xZFRpb7pcMfVoiPDqBRLL7UUj0m3JjpH5CAUYMuu4SQcQ6K4lcEp5 w0vWBWcT5F46HmaVKX1o9DU5niE01RjGoY7FAgxODqldWt3x/z8MkB959NgqqViyhP t971vTB/91Nk3bOQ43QvhBAR10mwh8Ivjw950T21xaLsWHWE1hk0jwt+X5JlkkEku4 VrFLlda7C+CKw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:18 +0100 Subject: [PATCH 22/35] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-22-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4421; i=broonie@kernel.org; h=from:subject:message-id; bh=Qo7VEeq35SIQJBwY5tGh8MK5qJhh/DcNObXLhMO8UqU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGagvpwQV4XAkoRVhZdCmWBlzCHbZlMBfrgD+NYq bRpNHx2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmoAAKCRAk1otyXVSH0EWoB/ 9XAB49ipxqD8pTqi39SsA0KNzDNrBqckpW5K9QoMb12JtitNbyGeiaGrOPwn0ACjVR141Br7EUPih6 gPjGmAcuimOQ9HAU2vvEWLFOcXDEKd4yEFQJXLcRpLeiFxmnkEo+AuNpfpHZEJJ9R9Tb70KPD0Q/7S N9SLSNPr+UoE5B7AP/sTeTcek9UkA2s95d9gPfbYtjO1KIkLlyb0/WTEGfsdwJuYjnl0S4aE9RshsF TuRR563zyw25tegN6qsR0JCuRyvKEXGKTTFsiydbE9LBvJ1NEe4eut5QC/Gue2AP85cH81UUzbN7ph v6+CWf070I1sThmu6TF5TkeoScNblM X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: E4F90100015 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: rtqcc4kusmzujppspj8ii95ytfu77oie X-HE-Tag: 1689544509-701013 X-HE-Meta: U2FsdGVkX1/il+YEpgnSGYQ58Qk7l77hqMO059TG/rSYJDJkn+Xxp40KeFFQXTlNF+KhRJKq6qJR/F1q+UKu4vGGLNaGbB5Odd4coC72k1hPh1mq7Xwn1rlxdyBusSEM4jQo5kNvNr4FuMJdDArAAD8dvg9Zc4m2papp0XSodrHA2vw55FJYXqCHZy1F8Ci1XBvzPQqNuYNFoIEkbEcVpiVJA7JTxAwMjbyC1suuGQ5+w92tkiF/LXt2kLw7gkPLcQhuAPYUsrzHL2MJdSwHbgOhho3vhiauRk7kCllpIPHWURbpNdWNCiM+0GXyxHO1kI/QjoA1GU9+5WwROf3I+zlNE3NSjpj0tM4/kzGqylJLifKhhollVoax8aSwoQqYhI0PFVpqDnuAz79eonJnOt1zcDMZ34BnoPJuYoRl9Qk2/PwOYXzTJCQWB+7kZg5B6LdnpD5K5+F4kbzdSS4GhLLXZfgDTnBbJs3ynFLBaAbpxrOpcwsBFqhNJG5DCkpq6j0UQQbJJakDQXjWnt5dTKtw12506P9DqQ5oEDcWCQfwD/n1rT3REoIZvDas7xMciZk8BSQy+57NlaBI+0ggqxeW+pWiibwgAn5v4Dxt9lIC7gSEScnKFN0iEbPdNFQujc2ofFqoW64DFVWF+XSBWct2WGQ5ptzPVM6+WEPJLv+tCYj/OhEj/I7ris2uZugu9GqELJiPIfQg/y+w323651gGZBF4j27MtKd6gw0du/tYvCQWFmOEImg5qiEBazUwObZzq65dvuX22E2b/v7HPUZzJmjE6E66lZmD7wJCaycsUSw6YKJrdfVhVD/hDyePDtV5oqJ8T3iu+eixTBimaiqt1w7kxs34ae7pOy4OXuqcqrjQ3Pu9tbMK3LGa3CU9nlekCp+Dq9DS8rx3ZzF+56G2kXCzQmw1TRF6Aw6kskyt3a1GOg5dwQrfPt/YrT1CYQwG8e0LJNNqRip04Yi 1AXis3XA gk4+E71+YMSSYwmYlYarIrmq8DsJug6TeAOgxLEQmHCf7sHKylcFfRj6Pr9aIccFBclB+JPDP9dPS1P5er5+VedvUqPIH5F8EDnr/90u5M2+He+PNm+VVHVfxvWtt1v/3HUOQzaDXzOAV5+Oz/E56EnTXPhY5k8Ecuhn83kkWf0idTypuF8JEGQEy5OXrXyBxCEOAEd8LK8FVSa9oHD1i4tymENJrrNfsWxE1653BokewVD3ysPJzrIo+/JQ6WJPMn48N1q2gVYZ7OwUPaAkwWfHaokSXr7cvRRoqDQXQ2ANiCtbLSl/0xJPpj6T/Ws4IZaYFmN2vVGCVLKfvPm3Zx0GaugSngpnHHwWxCnAuO9488FcyNuCCee9gZO5+XOh5SGCfT9H6+Xbjq0pl2VR19RIyzTBSsWToRNe+phsFAhbAi8ZpyOqAt+ue7pVLqgGUZsAf3As6Ok7IhtTFLk9fy7jNZw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64, initialising memory allocated this way with the top two entries in the stack being 0 (to allow detection of the end of the GCS) and a GCS cap token (to allow switching to the newly allocated GCS via the GCS switch instructions). Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 44 ++++++++++++++++++++++++++++++++++++++- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 5 ++++- kernel/sys_ni.c | 1 + 4 files changed, 49 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b137493c594d..4a0a736800c0 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -52,7 +52,6 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return 0; size = gcs_size(size); - addr = alloc_gcs(0, size, 0, 0); if (IS_ERR_VALUE(addr)) return addr; @@ -64,6 +63,49 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long aligned_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + aligned_size = PAGE_ALIGN(size); + if (aligned_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, aligned_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + cap_ptr = (unsigned long __user *)(addr + aligned_size - + (2 * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + ret = copy_to_user_gcs(cap_ptr, &cap_val, 1); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 03e3d0121d5e..7f6dc0988197 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -953,6 +953,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_cachestat(unsigned int fd, struct cachestat_range __user *cstat_range, struct cachestat __user *cstat, unsigned int flags); +asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index fd6c1cb585db..38885a795ea6 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) #define __NR_cachestat 451 __SYSCALL(__NR_cachestat, sys_cachestat) +#define __NR_map_shadow_stack 452 +__SYSCALL(__NR_map_shadow_stack, sys_map_shadow_stack) + #undef __NR_syscalls -#define __NR_syscalls 452 +#define __NR_syscalls 453 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 781de7cc6a4e..e137c1385c56 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -274,6 +274,7 @@ COND_SYSCALL(vm86old); COND_SYSCALL(modify_ldt); COND_SYSCALL(vm86); COND_SYSCALL(kexec_file_load); +COND_SYSCALL(map_shadow_stack); /* s390 */ COND_SYSCALL(s390_pci_mmio_read); From patchwork Sun Jul 16 21:51:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314955 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2A2FC001B0 for ; Sun, 16 Jul 2023 21:55:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 62C668D000B; Sun, 16 Jul 2023 17:55:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5DC688D0001; Sun, 16 Jul 2023 17:55:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 47D628D000B; Sun, 16 Jul 2023 17:55:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 3823D8D0001 for ; Sun, 16 Jul 2023 17:55:18 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 0A9AE1201C8 for ; Sun, 16 Jul 2023 21:55:18 +0000 (UTC) X-FDA: 81018831516.15.CCAC2AC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 39851A000E for ; Sun, 16 Jul 2023 21:55:15 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=X8fGlXBV; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544516; a=rsa-sha256; cv=none; b=AfM1U78r9UFObjlFwtBdq+123gs6VDsWGCf35/SXuyt4iRuoRGVIXg7FDF0JpSpopJ0uq/ rIaz57ZuSiTdZxZXi+Ajlo7cQgIavSvjspjLqBwaU3v8tgdxtTnqgDZzlQBvRYIGlxcgPV /Vx+rZIkWwLWT69hLQoiOL1Ofd/kMTA= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=X8fGlXBV; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544516; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KdrWdT1BNFmemPgq8OOMUj31iavOffNAJQCzRAr4kaA=; b=8Xdl1as5AbBPCz/KqFxefeZYhRrDM/Ej073+FlYYMxISkYHaf59wMxRtiNuFGEirVNBa9R ZLiXMWhbRHmB3wyTe1v4nH3poprtTdCuLXJPD69MDvD/qwsAT1EBGk74bdXJck/KndQLzu 8Pg8y74/K7Q6uGkoFJUem+ZiMk1cLno= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5CB9160ED1; Sun, 16 Jul 2023 21:55:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0F1A5C433CD; Sun, 16 Jul 2023 21:55:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544514; bh=IRPiROrkNB3kUOdwWZbwXaWKwQj52u2NCwJOGF2R4Sc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=X8fGlXBVOw7r4yAprIZ+kiw/ryd0Wh+6+SFQCEGf04EUbvmqymRi1oissq6NTtnoy QIxLK6tH4vVhbHFdeEh0suZnVNifPkxRXB6pJ8lQs/j4RE1cK14RE+awKQjUzrOT98 qylgjPz+lmesBs9r3rxXffkTR+qC9Dum9D74IdD6knMbYUaHO787Bf0yEX74TDGlfw joVPK7K/qnwAnsNHMDUt91HxyULkAMbvByEr3eO6VNX4c9+boHflmcxPZwxdvtUqgy 00hw51azDroLt6dk7f3fF9kFLPEGgGYcWmslH4+e6rzGH6YaexDDuGP9Gxpx9eq3mc C/4vJ67cJaiEg== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:19 +0100 Subject: [PATCH 23/35] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-23-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7379; i=broonie@kernel.org; h=from:subject:message-id; bh=IRPiROrkNB3kUOdwWZbwXaWKwQj52u2NCwJOGF2R4Sc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGahg7DotblkjcSfwUFC6Isjt/jiQVo6t4WibWEe C8U2ix+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmoQAKCRAk1otyXVSH0OOWB/ wIeZomcMZ8MKKejsyZrDUdGTnJMN7Y0qlopScHT/rNeF51V1OYlw4155l7F8rqdIi1ioJXzxTgGX6G BJmCIYRHjlOqmTaoPjYUCPkxJfDHM80qMVVt8P/F1f9kWc14QIjs2KpXuubfSuikckqQ5vlYJz9/bI Xg9unXrwZZ7PgOwdm0xUZ/0Jfvc9umK2vqHPXmpAmhQDd+p9DcjVhgVrffU+YEDJc9EkQHyIjEhgpN owoBmjwlMoiOV9zWSzWtte0E+Sn2tUKJpEQgFLO5UqJbSWYTeQUO7z7kpJjYc9DmotnL4NKr/7FlhH mXmUpjWM+STovTTDaSv+WYg/sbTD1H X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 39851A000E X-Stat-Signature: 96cr96spz5btfsos3gqo49k3941u7ys3 X-HE-Tag: 1689544515-411947 X-HE-Meta: U2FsdGVkX1+DKBhd4jZ5BSZwZthAGdNE0dCZXjBHQSK8Sh1iPZB96GVWPgAQDJksxfVusAtb5tQ2Jf7X5ESAnP68wR4Ia8/O8Xh1KOX6h8z09ordzLFT4FLcWNq9PsKHRbAQbjCSAYRrqTSRfmTj0nSyE+tkao78dk/otqg7qqYR0g89Yf7Ck5o28l/0Cz5b8IylE2WGlDAdTf9QlOpOcuVrMvpTJ7mK0397yU6aXVYutcXqAoo9JfpD4bdFPWatb1ZOS1QBxK9Z5hSfnYyv1JdUIROHFQCyz4cjd4q+tPflceErzVo2jaJbM4pb8BGZhwFWKg79vGg+OUiYdEUujEVF0dXu77xCIvCNJ13hW7Iofr/C6feHHXaIU42oYFgBxTjvr3izvTOU4xpFpiid8KrEDFLJVaLVUmR4UbM3FAbxsseQkPhXt8H0Dk4Vh/+bFdA1OaKaF8JfvNbE3BeeThtDBUwugpyAXTntaqxZvIS0XfzsADRj7WEFDLUoetDQZjwMnM1puf6bRA8R4A35bbDxwZBZvgiZt8lBPa4Q8Ntwv/+DX7tDWtoZ7L8yqHmE8TyAfShA1KVgjc0R2vpgtB4qzgyuNpBFHkHPl6cBPh9gnHtmwc+B4FO/5vyYcRe5xGl2Pau13gEnGNLod+bQkzEM3NMWTsSJ0YaVenOnEa20srrNfkkqEGGVKuZW1bX3axnT2sXr+09wINnuB8vU7utzkyCTWfGniVPOxNrkj4vrzu/K5htJ5OhOl87afyjfMq9p2uXqDQtjEB3FXss3CIGWpyisOXY+fXweKJkE85cSKaKkyodCiiS93SWCELFf2mdxzWIApuY3MBt9yl6P/Wvi92pCJ5x7cCBzwAjfm8Kbx4RxXI28IV32ogDMj5JlluSnkxuV1GTkrChte76AfgcR+rcCylDFG+V90KlMmTFiwjNAoZebk4hUxtU0Rztna2XxZr7EGYRgMMhq3vm Rcq+DDfZ KfoceB0hbD6YiaB0hGVLg6FXjQ0anxcJvPHVM/+yGF1m4/Gs61l5fMmPBGAGRNBexFi5mVLMGb7B3xIVs401411XCbt3Zmz3ZZPUMCzw2o/iJRFVCKL1HNoJfpiOQhU80r68I7tbECPJXnyJWQYZ6Y5ZF2IcIKY/Xt9fW57NuzFwKDDWSi2LLCLXCy3dBs29sHfQ4ZqlWqdND3Q4lUjXWwaKisgiRao9iSivo+Q4jSV2vW/FTkmA+L+scdtQAFZ70qU/io4xCmrD561Kcx96Ej7lsszKfZ5tDOfNmsNw3WLjbcx3j/lniPaMzS7fE/yi2VNzHHiXM7nDkvKGG+VyY58eGZPk30wFFi6vqAZlKDqDIjdQD/GFP98pZ8MT85UCouFfM9PHGWMGR1ZDefaLx+4YkEHIvJ5+ouaNGvwuMDLqUJ50= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set which we add on signal entry and validate and pop off on signal return. Since the top bit is set address validation for the token will fail if an attempt is made to use it with the stack switch instructions. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 2 + arch/arm64/kernel/signal.c | 134 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 132 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 8655ba8054c7..8ef2313522b4 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct ksignal; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0df8cc295ea5..922b694fa0aa 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,36 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) (GCS_CAP(addr) | GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != GCS_CAP_VALID_TOKEN) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +846,49 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + /* + * We are exiting from a signal, the in memory state will be the + * most up to date value. + */ + gcspr_el0 = current->thread.gcspr_el0; + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +915,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1148,52 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + unsigned long cap[2]; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + cap[1] = GCS_SIGNAL_CAP(gcspr_el0 - 1); + cap[0] = (unsigned long)sigtramp; + ret = copy_to_user_gcs(gcspr_el0 - 2, cap, ARRAY_SIZE(cap)); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1201,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1241,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1271,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 4a0a736800c0..ac7013fb05f3 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Sun Jul 16 21:51:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314956 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE0E3C001DE for ; Sun, 16 Jul 2023 21:55:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9127C8D000A; Sun, 16 Jul 2023 17:55:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89BD28D0001; Sun, 16 Jul 2023 17:55:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73C998D000C; Sun, 16 Jul 2023 17:55:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 5DCC28D0001 for ; Sun, 16 Jul 2023 17:55:24 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3660F14029A for ; Sun, 16 Jul 2023 21:55:24 +0000 (UTC) X-FDA: 81018831768.04.8E54ED3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id 5BDBA1A0003 for ; Sun, 16 Jul 2023 21:55:22 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="uR2B/hb5"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544522; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Hoij89FgHlSln2qbJnF8Kw1b0bB5hfBrEMirwwZ3bdo=; b=7gcyF9nxql3geD6oWttRuBrbhAXg1qZojnx7bbljeJYMsFkxvsyS/fJhrPFS0yUbL53ZDV eI89sSk6TPC/68UqtdZDRaCEnGc1RIVCuXzcg1SpEhW1a4FIQcjkmZGtxP3I/3eTBwu1iT oTCYKkgZbn1L9311FDlZ5mtVi/vu5h4= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="uR2B/hb5"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544522; a=rsa-sha256; cv=none; b=RGPOxod0/HlcSxd+j9s6/3PaeGAHyr31iqrkhi8X1TP/xPvfhiOUV3cwv3+LXwWw9tGo/W bJf/zDs1ody0+7HDARnaJe+mRL+P0d6mQgA19E6JlgBIvnqQmdBOn1AOloaKvHtyBqPvSB Rba9b3mbewK+ibWQd9Tt2osAKuhL+zU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 87C2960EDC; Sun, 16 Jul 2023 21:55:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3AFCBC43391; Sun, 16 Jul 2023 21:55:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544521; bh=0tWa6clX9JCLVAZLmK0c47eeS2V3fEjvfHYYtUy53CI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uR2B/hb5xMaeh2V17pUEhLNgvFKUy+QXEMdvrraqQYL9WYYLYK8JgSR/PEnt0Ruoq d2UFUUU4YatQh8P8TtewRPN8WzWQ1jQhxfZDqDYT9F5muRo1Vf5I797vGJ8ZD825rH xAm1WbwC/89ioYzvN/ngofllxRFMR2u+zzY/LDVPh6j6rc9659eEIzdzBdK30rnMSe XnImRbFsL6nTKViFcFerDgj2NJ861TSi/IeifhlJfE6Hi+FKYG1mft7tP2JmJfb5zI VPGQLjk2JlwYfOwuLblDUDXavXuRloXNClTIfojJQ3/MPhNCBfLD7Gs6mlVrM+6y6z 2t1K/TMTtL24g== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:20 +0100 Subject: [PATCH 24/35] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-24-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6047; i=broonie@kernel.org; h=from:subject:message-id; bh=0tWa6clX9JCLVAZLmK0c47eeS2V3fEjvfHYYtUy53CI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaiqEP/1t7St0+8Rv67UUUoUPQi6wMzzlC/PBSI Qqbg6k+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmogAKCRAk1otyXVSH0AtbB/ 9/pVA7++KnWfyO2DMPgqEfSb1NgHGU+bL0q7auMzFHTxMaTFqDF30zmebRfg8biQbdPtwoVAcbte/o Xh2j7B2pmNZrxbQtJO563zMh8PzeXCDRvYquYN4dR8MPZDgtgF8hknjx27aCwteI/0N2EO0AtcUA/X B+9LIyP5eopYZKx0ieNK+N//T1+VaboLWX8NdldfhhxrXF128z1MFvbBu1tMB6rY9s64DLcBcqUl/f X2gKf5hMaIALnGjqj4RXSq2F1nh+ngXFvVT5c2V4dcMU5HjfJkyWE7HS3/4GUFsY5XJoL5O9TNB5EJ JqhnaaeTaey/rtT2pN1T0kaa0PDU5G X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 5BDBA1A0003 X-Rspam-User: X-Stat-Signature: 6oihrjiy5jhuuuugqn9ne35jt6ey16gs X-Rspamd-Server: rspam01 X-HE-Tag: 1689544522-339932 X-HE-Meta: U2FsdGVkX18+TvZiYLRitQr0uDnQYo5Fg9zFpyDk40hg4GhkiJkdLDrLP+HRh6nBReZfQsa7ujdkiZWHtnSuUHIUamROwEBCwEEkwPUMGQ2ewp6Iu6opC674/4NecOMRtftt972x+IM8GvagqIa1MWt0yVLTn+2xhMT2lZXpZKCDeuRLqLDlFu+ibORXPYc7/pjS6pA1YAy5PE8mWEzByDIcmhHmtUIhowhN7ZaPbh3kSevwW8NuUlfHwc0U6aUGWzupRMJ5d8X8SLLs+XIsGl9M15ae/FfvibchGZfZ6lzKv3fPgUMRuGQ5gOZfvpt1pJ64FedhxlNIFur7KmKdz8UZrQNbtu20atXOHr3yilqptldok+FrsmoWZsD8djC7NH7FIeSWnbfdqqZU7Mj7llJWdCY/U5sEL+9GMSAhHb7BuX6GJ4ve2W9YrhTHU+WmhXxskFz0DqbyAWLxAsKda5/c8p//bpwwt7+WQOz1lDE6DorFzDJGqftPNipuBva/nZ1jtFzti/R2T9Km8sln9nBXVHrdZB2kiMQqO0GSTpjxn3KGflaULZI4EUjurFeoy8wvv8LiKoZ/SenV56kLNIjBETm4STwE9bse3FYVOwFXlbMlIjV45M63243x3Su/+hI2TXiPqxATNCtmCAWVtZIFGI5VWixWEobPD/FCXePFBNmn1OiBkCkrjlb43RzyQg0mneeiHpKZR9fx+3EQEV259WLnfGFvBDRCuaMIxHNECmF5aoTmTU4mS14i5ZW2zkCA+i6ZsWLb5tEk3QGs5B8zmtJ4Rbo9gx+ifKkqvPf4pg4fk+w8AMo8pY5uQLXf8JlHBDdenk7hQMLzLoMwlX20yM8GSqZ7jICbAYcCBZq4dL4X8i5E+b060+sL1ozx4qxQggJ1bMeH0ztzsXM4kIV4RTBqNvrPgCDYZs1Tj1fJ3Qf83TuZ5ZaTFEP1qtdNsggPq+TKvvPHkCeFU2w KKlj1ckr 5nUxst8dYBc64AjKA2wH97seP2ihoerBQb6cnnsDrgPYWI9VXZljo8zHV9LAU7+eBTE3wn0DgtWP9A3tnY5Rn3IyMqzmrIQr/AJPjT+Kc/pldAq2blryH5VRdM6dfJd+o4QtjtxXR8Rmu9r/uRCgS4Kg9ZoyBQryUdQIxX6lv8I3I6aFzjErad7D5chgldYIjFucH1stvudsmyjk2GvRa9J34tUSsQDy2yO2W04IKa3slMrycx02DlMwggASIGpUsJS6xvDpU+i6E3LeXoKBoKrvLDtSgc9+cakO7xMDUOwUmAzrbNELFQsZoD3zoaaF0/IilkEbtJVx0HOuyeQJ3DI1J16F1GWedd3DghJBWfdkze8GzoytOSccfoLtMy8OSquDq9nlD2Q/mUApMsKEABVbP7Jc3iZ21Co+Vkr83P4NlTBI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 106 +++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 922b694fa0aa..83b464774cc0 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,81 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + unsigned long gcspr = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Don't allow mode changes if the state has been locked */ + if ((current->thread.gcs_el0_mode & PR_SHADOW_STACK_LOCK) && + (current->thread.gcs_el0_mode != enabled)) + return -EINVAL; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + if (enabled & PR_SHADOW_STACK_ENABLE) + current->thread.gcspr_el0 = gcspr; + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +699,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +794,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +924,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -952,6 +1045,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1045,6 +1145,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Sun Jul 16 21:51:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05C5AC001B0 for ; Sun, 16 Jul 2023 21:55:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 912CD8D000C; Sun, 16 Jul 2023 17:55:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C3F08D0001; Sun, 16 Jul 2023 17:55:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 763848D000C; Sun, 16 Jul 2023 17:55:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 658528D0001 for ; Sun, 16 Jul 2023 17:55:30 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 40F8A140298 for ; Sun, 16 Jul 2023 21:55:30 +0000 (UTC) X-FDA: 81018832020.11.BA78F49 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id 7438840013 for ; Sun, 16 Jul 2023 21:55:28 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="iLUlGpB/"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544528; a=rsa-sha256; cv=none; b=vh1rQ2sqYBJHtgYP7qFmq4u0vpI5ITEyKteIjnZ4eL+cOgbDW3eHrC8N8bLfi1b7OIHy1g k95FgzVS6mlHpCltqDT3wTIWzsLZM+LJKV6dQPwuL8Tn8+ljySy618AZlXCTYuA5r2AI0I CfYSENhKi6Up01yqptITIbr2uENG81s= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="iLUlGpB/"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544528; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a8OpN6WvfhFaYCYoCoPiCRq/VMO123JDorm84pNsgTY=; b=vq+mChIBKb7bOclhmjwSdYSEMlu09YszKIKshf5yFWc4vB8S22VWjgrmKSqMwSnphjcfo2 s8Y/G8OCgKDQsUSbuoHOICeWRP3G0K3evpO9/USzwhmkfxvlqdN5FQGWbzrf793SOxZuI5 hjSuOeFRqMaVWxd0gA8Zfg5llzk+LG8= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B855560ECD; Sun, 16 Jul 2023 21:55:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6BA9CC433C7; Sun, 16 Jul 2023 21:55:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544527; bh=to6PBtVZ1GuKCQwlsV7jSkIuR15BYJZoBASRv52qqIg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iLUlGpB/43PkqwyawZGMnBIGR4Dblqhrh5Ec6oN21Irp690oBB7SuaGei4k8Bwf2P TZZrPK9gfV5hckCt3eW9/a7wdoW8cemKlL07uvjh3BRCgQwpmVNtGCE8KeVXckS0lb YBpUOj/BXcj1SNbSrKWEbb228G9VFaPz+C6Zw/1eRzLLKWCgGJ3EAXWM+fzIherLXT 2oW3d/U5J6dTw1F5lDaDO0+76DbxZ7b8f4jPg/ahNKunSI3k3PD99RXofd8lWzLEU0 4KsdClS0i6CyCkQP88/G9Nox1jngSwyJdnzMdbsFlf5lrM+ij4hkoW/eY+u7Mne6jz wx7wx9/fihXWw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:21 +0100 Subject: [PATCH 25/35] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-25-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3847; i=broonie@kernel.org; h=from:subject:message-id; bh=to6PBtVZ1GuKCQwlsV7jSkIuR15BYJZoBASRv52qqIg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGajwKY7OUs4EjMbqN+4gyPU5kEBbDNcshocU2e5 aOA4FPiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmowAKCRAk1otyXVSH0L9kCA CE3JGhO06qpWQKcxj7CzN/00f5pvQz+LX3j1E2y1Xu9qykfLtM64OSS01+oD5Oxz0wG95CPzo1slly Zjt8LEVT07+/emAitoazYW9VbE07UivsLVgbJxgTCLN4KyF5i9knKQawTJ05Rr9A11uetfLF+VCKDW 8E+ACCTpgT8FtTvkz4b6xqt4klgau06ND5CAab1jWKL3ammg5DfoU3DVph4jJsHNFRBD0NenmB8HfJ aYqHzQGFAjSSzc9CnB/hwZFU8ouaddVweOQT+/Bvt/s/N6QT/RNAps2WzD4XJ/4cobLvghHAW5h1qc tfJ1X7YKfBAruCbDGW/mAQ2sr5uI4k X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 7438840013 X-Stat-Signature: mmc9ts4tgq61s4qfcijxbfuu4w6bqxfy X-HE-Tag: 1689544528-180868 X-HE-Meta: U2FsdGVkX1/xK0lOqHqEbU3Wy/hxNxcjXIEagnhDDI4GRqkkg0MHKz6TitbpX6Gg04dBQpI2FW+mubeJGl3mR9sxFor7tQi26aTwjIp3didh+lcVWcRlQ/tox3M7MrCAC/fkP2zHoKrSBlpIW3g2+r013eGZQsnHQFBHsbYiGrNxsPITLq6bB/UU9ZoHFOt4+EWp1W6wz0AUx1a2HNI9TFLJ4ePV8ckg+gYqLWTFVNaWFWJfsEPizhmpzGOR+1fkzRfoL6ezgWYYS0O00Fxsyavq+CAfN5hnTumwiHYve4vj+v//1zxtfEP/X2YncTDIAic5BCksz3Ia0HqD18W+F75XRMtvTiaDRqsT4NBg7b8zc5OU8tsJW+hVBLIW5JtuxpiBYC2A/W7GQ02WHJGhJQ3entnolomZENr4oZG/cmHZYHzGfg6Zwh7Cwd4j/jmOzmKGkeG5avpUUIg8Uoll2gSF973Ce5f6sNfDDG+S7zcl2/cBYD15jXpLY/x8Tp0JjxaGRB2PpJ+gLn7ua94nvjnAVTcWO6JbXaf8xmE1Yu8owZeYt2tNM+EvFdfmk0vTqgKVL4Yn/C88Gg/Guv50sK1GtHroca/ga2Edxg0kZEiZFqdUCvZGgzBot1QhZhGRQigryjACMX4/zF8j01ccbcW0MxoinkwgHGwm2iWGb/jWqNr9ZSsELvMaRLZAH69nwdJ9XYLWQODYBVuSwYTNlWqCS+XhIbqw5SktOLE1EdhkbE1lVxCbNZLqpFmfgZVJzL+WsxFgacDQC0ERI5/QZx6zlaIinKElg7XPgYmYPYsZq5qzM5APUHDQSrgB89ajFxY416/eT/E1jx+U0w+qIcSWpb6HcdP/VxgOiONhzv/HFz5WoPUpSWam0S3dGyXcdmsYEXoL2vzYdADOA67ApqmKa++SF2FDxCDLm7ObXQb9YimnrjzadQCSz+YCdVGFqrroGOYKoMVbJjwG8Tx u1NAJ8km k+ttP7FOcIMwnHLf9KAraRU37gKOG/9SWk8ZwIF43/rIudczdS26wwzUW3Hj5FcYRAErgtz6noov6Ictdcu+FlT6Vpy+HyhO+3UghB3sDAtJWAljzjOercArwK+O9GnOqaoHIz5Th6WK49dPAkfzjhUXIJi/xDnvrilhAmtYgKyZc9EM7c//5ESvkPmP1MpUEo27NfG4yigmzRGdbh/qegOmvnNgBRl/P2zc/FNyxaqzdx5nK6FDOg2ge5zLQ2btvU39GxdGzjMz4BQpgasLHNnt3vVQgdXJ0qT7tUP96fIr6pIyTCgcfRsv+dcM9/2dQIqR6yzyCsn71A54wVDbA0ck6oNCW3ecOg8WawR1L5pEd2jzd1ydWcqq8fK3JiXrcOSyBUaptUZRDOoxbdr/pTOo0SWw+JyniERcvqmEzO+p/qVDlWR7Wc17e237zXi12f7cBVC4geWx3BpgyHRf6osgGtA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 7 +++++ arch/arm64/kernel/ptrace.c | 50 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 58 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..342d5abaca87 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,13 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index d7f4f0d1ae12..09f671b8f188 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1390,6 +1391,42 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled != target->thread.gcs_el0_mode) + return -EBUSY; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1418,6 +1455,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1568,6 +1608,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 0c8cf359ea5b..00f698a2ab17 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -438,6 +438,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Sun Jul 16 21:51:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314958 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29A3CC001DE for ; Sun, 16 Jul 2023 21:55:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BAA708D0003; Sun, 16 Jul 2023 17:55:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B33EE8D0001; Sun, 16 Jul 2023 17:55:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9D4AD8D0003; Sun, 16 Jul 2023 17:55:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 8E9858D0001 for ; Sun, 16 Jul 2023 17:55:36 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 5D7C94029E for ; Sun, 16 Jul 2023 21:55:36 +0000 (UTC) X-FDA: 81018832272.24.6007CCC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id 9A51480009 for ; Sun, 16 Jul 2023 21:55:34 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rWGbpHGp; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544534; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MglPxYtF8VH0OzN6SjKXbUmwgOaK8a7gZBblFNfxeS8=; b=V9RhbFOYHy5yBX+p8SkOBPzmOyBY+otBMy4rLgQ2cHOWtQNm9UCWc9d8GMYPWsOLDx52zE Xqu5u3w9lXMlcXrfJ1BXCqqJKhADZLI0g1UXDqOMnAOu8eoqbLMra+Xr/EdNeXqasQl33w KLC0KpUB+cm9jl/Jtgiqc1EqL3jO4FQ= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rWGbpHGp; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544534; a=rsa-sha256; cv=none; b=MdXWeIQuqNQ9huVFAkUzk38KiP165nHe1Fq1gM0RcvkMd4IUW7mHp/pcBEnOYtdCAh/rm7 hFmA7ga+YUklmM1GiY239MkVmloONUqRXEA4Jx1I9EgGz+cFVJl/Slrhx7W25ej90FUsgn GSMKaZwE9lkmoClx/irhUZlsRbfZL6w= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DDAFA60EC9; Sun, 16 Jul 2023 21:55:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 94855C433CA; Sun, 16 Jul 2023 21:55:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544533; bh=pU/Cpaxis09XYO6pS+Tm9irl4OV1fzcTdHAFs+JXaiE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rWGbpHGpAPUGRkeHBlxB3u7YFF02VUBqBH3DDfi/zq+uR3bo5c9/02qDMlbROcq1a TOxZq+swTzl/Cn9rsFrq0fkp5SOMZ9rQdBdNmFqBC1WAmool8nFYx21GlscpJIPaX5 Hj4VHZuaIdAexXk06rf4SIr9g7kTQlHiAqUekjYGnvRjB0F6hrvpboYOjI/7sNGzH6 vO0/Sk0ndEyBZ5Xb7JXIentYaOHaqbRU2SiE/17mQ8tYAWW9MdndQvzgrHI+Gte1+R I25r1VajxxALbkW5eIIXj+twrpfKo9XBumj5mL0llLHJuRgO6RoUYB0fbwIFe2mCnI xdT5wxQd/9Vww== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:22 +0100 Subject: [PATCH 26/35] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-26-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1333; i=broonie@kernel.org; h=from:subject:message-id; bh=pU/Cpaxis09XYO6pS+Tm9irl4OV1fzcTdHAFs+JXaiE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGajNEQmje9r0OAkZ6IXOyAN5ruAxFmeetfHxjAC LDyTfAyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmowAKCRAk1otyXVSH0JhGB/ 4uEom4k4x+430HQzhyHP2BDhwiv0Xo2K1mTO20ue7Lk8Wti2gS+bFt3j5ucEpMEwtZzUpbv9aFHg8g yVDFSa62TJm4VnlCyDGJgQ8tJrySIzQDdUWaW4NsZkCYMvzaHn7Io9BSwTN7Zseo4HDAFXeuVN+KcI 6W/YOWtqN+FpSOZSkAOtNDCCtHC+Bnwr5v6a6FDSO91/wXPICZ9z5JG71wr/l8ddWrbzhdD+2lp/5O sqSoPHL3zXgrAcCHuCXDKtfj+XAC/YXjHy8TdZgS0bh4tp9AbE5iob7yXE/SpJfC8W3JOO8pyrZA3r LZHn0cmojWthyoDyKu+QYIQJkyHsLU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 9A51480009 X-Rspam-User: X-Stat-Signature: cpcng35gn3g31sdbmn4kmepdeqx3bxtr X-Rspamd-Server: rspam01 X-HE-Tag: 1689544534-391672 X-HE-Meta: U2FsdGVkX1+YfNnh0uLJYOzqYTEox73Ix7Safurb0iRDEyrSbZ3LkjREwm3jBIFhHVsMJjoG5ZM++zCPmZBzC2QR2AZF5SYBI5c9KTmf6UHCYeTVK/WGzXayersxyrn8VBhuV1jYu+YKluk8IY5mt55ciMwpeqCJvezq7Ol8/PeoubSfaNjz1T3CVOLbmm74WVVL2sp56vdfTcvJPH6lOMcLxvAt1Ry8ViWqlngbb0qY0/daKntOZB1yquOJ6TLc2Y5JBVnwRTjuVGm+uzr7zYP7YLHRP9BuiRwvfYX1aICfrE8fYUwdNqknVL3bGt26PjKNrS7hk3FPjlRkemVmFWm6zHirJQsKaS3cOEgAsr5FIJf/erVwoNI+o280FOeDNrpwMHzetMNCTHCcb/ByNgG21CkfVgdQVvDVktuzIdtR4ePOLUmfjcWW+VR7bNSutMObMwuOuKwpVnGT9GP0pMsfpnWEO7jcd5F95QEFu0mVPtr9w9awFt8QkdXhRCENCjjOevDsFxOC/kkJHx45Umld5YM+w1DKBxl+uX2kbY3U9wGTSDEEenv/96HepmIYxgLnUmQMrC3Dj3NxJVqPP+gPdjY3AsKTWsWd9gyR39XcRfVihVH0JNWSSbPAO1pGSl25qegLK2PfncJ2B7rLzwd4VWPk4jl0gGlj18vt1uDTKd67lqIBcBnvV6n/i6yY/BUiq3c+JMslGyNQ4dfoLwGBy+8K41+UnzMDNxkvtallTbJ5GiXcC6zUUFu7g2nZ9kFURRA1RECjg7gAEfWbL73nKES089NZ7X4gga3y/LAkeBg0ThTkAkuVKywsHr459jYH0Yh72gsfmV7+jPMLclMuJlHMcItlf41Au2eWSPhO5B4LjGV8n8GAn7UffBDNE4tYHTnCPNbiP63Brqnb8sLIoXBtulWp1oU8bGhwzmExqBUtzrmaYifv6O46bfCcn8QsJaMXrvGvUxwkpYx MoDG/RKF IBO3De5YgT4ayd/Io96IYqDYjKj+xr9ZAq9g9Z+tys/pKxOERifjRB4NMCVw3fSz981DcPmc+sHvpRN4VUe9yhs5Qd3ymGRdBrGQCyH9gu/c9lQOpjG8bDebOUxclaQ3hOikTPVSUzrrj0s/eRCzME6KINFBXSm5CKsOC2HOgjEIAQnf1a0RwKdndgSZHqgbDiItebh5gpgIz2D4IUfRMUlMj/ehohp+DxHG8krEwNMcMNL5f03j5Il0igJcXyI0RoxUh9sHE58Tnh2pBkJYO+RAcBpb3gJgQXwI0NHO/tiH1Bv7VJiEg3xKVYy//2lxKUV/q7uByyMmj6Q3mV7f7rp5IySmzTsMfLKqRLYdFw6yhNl8UATNxr9+BszYFbLYaUmJo8e9kbh8rNlmeuWyPCI/ahVIAyuKymgBGMCoGEJHScQ8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7856c3a3e35a..e1aeeda13c52 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2091,6 +2091,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "2022 archiectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Sun Jul 16 21:51:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F4C9C001B0 for ; Sun, 16 Jul 2023 21:55:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 457DF8D000A; Sun, 16 Jul 2023 17:55:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3E12B8D0001; Sun, 16 Jul 2023 17:55:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A8B18D000A; Sun, 16 Jul 2023 17:55:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 180438D0001 for ; Sun, 16 Jul 2023 17:55:43 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D8F9A1201DE for ; Sun, 16 Jul 2023 21:55:42 +0000 (UTC) X-FDA: 81018832524.03.F86E526 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf05.hostedemail.com (Postfix) with ESMTP id D0156100026 for ; Sun, 16 Jul 2023 21:55:40 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qRa+YtE7; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544540; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6f2sHhBx1jepR/YNA5SyNc7wOpOk2HW/TCkILD2DXmg=; b=ZnVlkLXtCBmKvr/IFshv60WuJnIoLb+VfXLq1yHhRkpdLau4fBBmvgGkF+LducsB1Kc7KP FrR7qHCfwFGaDHM2YvhhAKuhs7A3z3duJPhjf/l4VGAi9PbcFTNQ1N+CUbzOIitAjuTF2K TyooiFjynqwmg+t/18RHCCaWIf0PTo4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544540; a=rsa-sha256; cv=none; b=6rKS4rEXJ3kowYmE34g8++508ac8d20ghwkMXaD2QNKXC2/WemtjKAmYfX6nSvXeGcdIlH qXv+6lV0KgR191F94/RMg0GfLk5Miel+ZSXfLeDuRC7E0u28dwIqoAZXfUI+g0HHXjQrXU Ux74yTwoe/giHNRxBucjj7H4su+HWA8= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qRa+YtE7; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0D0B460EFB; Sun, 16 Jul 2023 21:55:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB808C43391; Sun, 16 Jul 2023 21:55:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544539; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qRa+YtE7yvYvcODmiwXlBSh4F1vfSwmQsxOYCCQHdyb7+9c2QZaWomxYvuS8kAIhp 714G1h1smywg2+5j2TZEfjSY4jKrv7pSFsPmWoRlS0zeS6ohrJTmnPvVIi14ff21D8 JDffHX6QBQP9aOIkracyewUb01/PrSGXzH4WmI+M4og6H7vnCvlW8GNZs+SChNn2N3 CFO4IYgetGBzac0xoAbaU0lbR8qvrMLJ3zH0bVfQcPnzspiFpfFuWqBx87Ho0dw9Vh P14G/ouU2IXhzfq4tdx9JGoiCtFadeEMcbJpJfckv7oSDxvR+DrHoPw2gwKEtpbUZO WD42Obeggb7Jg== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:23 +0100 Subject: [PATCH 27/35] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-27-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1205; i=broonie@kernel.org; h=from:subject:message-id; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGakI2DafnLEN0xPOYtS8rBwoQOkhbNIa3aIl3+T kLXsS3CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmpAAKCRAk1otyXVSH0C6mB/ wOqidQ+86Oz6oompV7K5g7vr0TQDYT17lne0KPFqCuXH52UJc3v5g1bWEBZCf72AIeUyxqIlXL1eo+ fCOPXyV5gx9kIxzNL5ZchfzMMppq9l2z8iGxIDidnZ6Rwu88A8zTi11YTTgcJawGzWSHPi5x0M4tYS kmZDonpfdL3p2LhjP7t0nhltgDjNqnE0LdDpgk1M6KoClhQX7tBC0Y++yuKtA8RVSwE87k+oaTYNUW ieQNE9JyTJnXTC1B5QfO3otl1F+D47QHyh9/+ktlmXTv5gfNRDIydVmDscZmRd4N7GYcn9T2SDLx4b kNoA3+dO/UVfdsAY+7oBJuc+B6wbTC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: D0156100026 X-Rspam-User: X-Stat-Signature: xri9wu18faqwawrqnqaawnzdn6kno1bh X-Rspamd-Server: rspam03 X-HE-Tag: 1689544540-318926 X-HE-Meta: U2FsdGVkX1+dnBVK16b00qyNjbcaCyaixmxwAAFM8XfjXBR286TKurWp1H47890EXrypVghIGZNHFEvSyNBdVwINnlHrQNA9UmBoFz5rZGDbn9yrLnRdbBJR8Vin6KElyOM8VaehD4qA0vIk1GffvUDae/fEId4cqWCctjG0qFJHHCXbTGu8TioVfoHMzNN129yjWsa5HUQdQUMNtIWg9OLPBXf3cY9jqp6v/FquxOzEP5b5mEMxraUU65h6JWy40XV7ccP1lTfIeumzhZay2ea1E7NHX7ZVfy1wuWvtviyRABazExhNN164g/3ZtZ1IitYaYOX9XOMSINWc0qcshXEVKoGYwBS1wcHdSWU7lkeauZ0Egegl1XHdipsRYwArUFX3aXXD4asQxp/1YSAmRbwOPy2t9AXKEUmqBboMgdkx/G0lqJ4XjQBLnJx3lL4QIOtHJ1u2hX7P7pFPs6YkBbFQhE2xEZuitfncBVeOCKLXaHDyGv98eJ3PYMCOFKyO9SVv4tD3qzL1n0Uh1gGmpEBSVaFfbFqjw7f5CvX94QMHS1Ho0GXl3VjZ3CeeYSVQIokmoz+mlW0Jjh1Gmpl9xMLNs05vPpeUic23nO1RFTxW/Utgwk6LwSOsGu5sLAOZnqhMlYSdoCenAj1xOc8Xo9xfXO430Dpzq6wCZpcXZbCt8SL6PIaYbt0xY45WYhUW6dN0D8qx8je3qudLj3r19RvKEPRAvvLv6Fxw32yiLcB5TWLzRE0k1FAUiIHvqzxruP3AigW+o+bYTKKLAYK5aVfgIzZNObSED1PGfHFegqktpPmVbK3RAwxih1Il3+T/YSN6umNs3k718CpiboA2JJyycLIypDpOj9Rkgfq1vA3zz1zTPdp89ZBukwd8nZ8qJAYU9bLa6kjYxh/0QtfQKulWYsnclsWdU6J+BaTiu5gUVXtsnG44PJNVBumejiHH9Qr0H53hWW212zuk8lx 9AgMAU7K zJQHwtHJ1BWbzgr9dYoW0YZ2o8pC4XEGCvPBHBALfdDGcex+5fc15kSElNC/AJy3iEdXL62DVClcYyw59soprjix54Lb9wcSlGSNI5tnMT+bRkioyq+yjCZVf/Endbo6xMdwNVmtlQwCuZvsrhVS6rUE26GGq0xsdzK0SItmTs79DXVXo+RipzVv79GT38sbKO3DMU4CXp05cAbnIGnpO71poPWZONqnYr30rwswVsKW9XNfpiIhvT7ZCZD39X3v/pmJbiUPsezkVte9rfPAfo+Zppfj766pmJiSwcEILnUBJVXJEZUaHl7eH7TNpr3dz5G/lEupZzLUN1nQIbzP7MyhyCfTNnBoi5b2MK3BhHXC6kHn7BPF67dGJToBrOSoV6fAMyuFx/Q5R+zKsMAyp7lKUhVQFAa/pTJBcBQhC0gnI8/MKy4KmjyWhq1twIppNVvxoVlw3g1xLwZ3KOJYC577/rQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d4ad813fed10..38844e4c5aae 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -39,6 +39,17 @@ static void cssc_sigill(void) asm volatile(".inst 0xdac01c00" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void mops_sigill(void) { char dst[1], src[1]; @@ -223,6 +234,14 @@ static const struct hwcap_data { .cpuinfo = "cssc", .sigill_fn = cssc_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "MOPS", .at_hwcap = AT_HWCAP2, From patchwork Sun Jul 16 21:51:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314960 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF1CC001E0 for ; Sun, 16 Jul 2023 21:55:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 060888D000D; Sun, 16 Jul 2023 17:55:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 037168D0001; Sun, 16 Jul 2023 17:55:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E1AC28D000D; Sun, 16 Jul 2023 17:55:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id D2A4F8D0001 for ; Sun, 16 Jul 2023 17:55:48 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id B33DF12028F for ; Sun, 16 Jul 2023 21:55:48 +0000 (UTC) X-FDA: 81018832776.26.C0738E3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id E4026A000D for ; Sun, 16 Jul 2023 21:55:46 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ECT5d5di; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544547; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; b=b22ZHiHIqaxZx1tucpWC/9+ra38FYFHUqDPCg5g9jpS08GX2PO90tFjIuykMFVKTDquesv KRsJIJ1Q2nG5QFJfzRWoJ0O3eHXfxYUR+IDq3YqzhTbnNrgw+EusY0U8g2zvey7gW+rRDw Ds/VoR/tPLuAgTeZhKTw6mA2CC/DtYY= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ECT5d5di; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544547; a=rsa-sha256; cv=none; b=zFksQN/nn+zMxWGrtwE70i25E+0JVc2VdkmZR+59bO8oGYFV2sRkAmVKhR8IlWAVE7gSL1 /kstfOKbB/aXerBNxzqapJnZFqEykf59AhntlGwvpRZDXAKCIO4ACN3ExlK5qCQAiXfBeI KPtIDsiNt1q6eH3mIcSyQievWHUQ0OA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3B19060D41; Sun, 16 Jul 2023 21:55:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E35E3C433CA; Sun, 16 Jul 2023 21:55:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544545; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ECT5d5diCXHo8bURXVIe57IrwH3LVPYaT55I2eb0E/Np71GzQcUGWtEUntEplKCwC fSmOAVmBorLnsgdHECB59B6DWbXGccZoyiGERfCXmTdxh7yjb1uTsifR2DxSsYeO2g U59ZQuj5PrDb+/agN7Dl9Qr1uBqTthk1hxAJleZaJ4gtKJsKCutWsOB4+ssCclqi5/ H9dWxEzsXwaori9qPClLzwpRbupwk9Ahieh4tVmZfRl24pHmhdyqWIGn9qVn3eme22 Pf5Swp61Fy74Mc9DWDxTGwXq9nrTn7ONg7lOy18b9YDt4vbk8A7gQZNsWJcUnRxvOG XtfE91WRSD4iA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:24 +0100 Subject: [PATCH 28/35] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-28-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGalnGeU3K7oX3kc7kc1vOCWlIGVrULEZrhSEdLZ vws1w6CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmpQAKCRAk1otyXVSH0AFnB/ 9US05dk0B/KCfZYMHoYXXScr7LLlbQV9vVecVF7KEFOCMc4EuaMKkGy1uQfpsJ0o9xGpwumm9m1qG8 p9K1kLmFInC+9t6XitfcPIRPnKUxan5FQ3yiLuUWWVu+tmyJX2kWaffOTAuKj7zO25Pwt2c9YW5oEa f9VjL6uJP9BDwSSRNbN7mBs9zRr+yc9wX4u0gvytmfyGkk0jEWoHm8dF/xwK5qyFYXm4giL26Q8iFG 354GpQCiMKtFPNDO8A4H9GdYiNecTC7cDsCOSsa7a/giwNB848wAuQmV6vpgDwXDhUhupaTLe9yjoB yXFF55Ml7rxGBuJJFbC4EDNdyHgRPd X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E4026A000D X-Stat-Signature: 1ermgpmxi8bmpadjzc6j8fukzdnayk6h X-Rspam-User: X-HE-Tag: 1689544546-453644 X-HE-Meta: U2FsdGVkX18ybCIxRHSpkYFxI/RMSguTXAV+bl1dfomudu4g9UC48t6VBC24oQqEhtWNuEey4cXs8NOBCinynIwWIP8itaNR3pWWKyveKiN7bX5v3RjYY+1h6LfXr+cO6YNdhNwjHQeJEkCkkkXfqy+YocnqLz/iTXuHeHHFn5du2Crvdyhc0LSk9xOG5FUPW3zpenQdWhdjoyRta+GDp/SfMYjs2wS6Q8gUgIX9ePqN1CWGplWMFJydoSt3LQirOMn2dIVgcoceFeX6Z/Gh75qaLQibU7OzSHOnjyv+eFHW6roT91Z9DsMbxd2Ff+MYhmy4+99mnXzLtBXhHUHBSRUcj3gWipRZP3cVRRvM5dyaWngkyRy4rQbaC8zM/1Rl1x176RPOzEBYOaVt1Mu30ZV5Gj66AW8jqN88hxWXKjgZgeP/YYnTbwX06rjz8++zZRaR2pR1ziAxNw3rjgxTEOlNDOo+2DqAcztojxiTS6+GyJ3qjDBTzQr7sAolJP/CmoD6rPHb02A/QQMllATZRYkHYjX4nD9WPVZdJKoUSH53lGRdNV+oFZx+2qp0NXHDTWlzu7vsGez0t27+UwCighX9mlEmS1OQaG7XwdKmy2qhLngFIR3Dw3HYnPciCAdmONFEE5/5pUKE/YA1KtVxu64y2ri3yzft+aTIHyX0UCieAmh807nP+qRAV2Ys7xVxAm5Y5CcwpAKBjcXXn+62Z/I4If5uppk31I2v3ElifP4vbIMBwvd86ft0n8uW8CxXH/nx6YwutQkQWCHxmzLveo77C/Av0O5EwUo41N7KQKd3/bYr86ir3o1tKQ6JuEZrSFLPrctihRgJjhKN+AwGx/XaEybBq8s9OwKLTk0U+5fRwojsH+ux9qAKakJmjylF3j93Z2peHuXvp/zrlRxjuAiKuWmByxDDU2r9FS+tW3SJ4fWdmGmGyy3JPMzjQa7WrPvfp7stj/FKstKXu8M bzQ5xrqC s9fk1lOIuHp8Ula2g0iDQSbel3oxvGeHIXrQecAWnTfKqBzG0IM/02Yt7r0vcZTOeb65VScitO8o0Bvr4j8CpyZJK6h6Py8Co/hrrf35edDw2eOwimOLvgabIF73dUAXLoCtR4QV/8pGyF7u+iyMpO1iRXjE6GtIPavMzNH4+zaQ6g+ccXcPK7d5yq+GwVQyzb8pvpAv+7mx2uT7HevveYLO4c3cBU1NVbLH+3+JU8eanYYxDbHaXo7I7CUVOOlz3i+WPSqtFeQ7gushkGLCI++DT5zc9x8baVhjKzqACsd1DjtmT4+4/SiHnzYF4FsmKjNguiofJkQcik1INBN++ZipE6k99jbY7ZhGeUIRhiLrADvg6omFk4cp75+ffjzgp097XN2yhijQPVLxpiNBlx48SVyNRIDRvox93rsGze8AWp9I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Sun Jul 16 21:51:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0CD3C001B0 for ; Sun, 16 Jul 2023 21:55:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 827A68D000E; Sun, 16 Jul 2023 17:55:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7D8618D0001; Sun, 16 Jul 2023 17:55:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 678E68D000E; Sun, 16 Jul 2023 17:55:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 588698D0001 for ; Sun, 16 Jul 2023 17:55:55 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 197F41C84F6 for ; Sun, 16 Jul 2023 21:55:55 +0000 (UTC) X-FDA: 81018833070.11.7BD648B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 3CFB740005 for ; Sun, 16 Jul 2023 21:55:53 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HLJp1Pds; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544553; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dq+jcN5GMg5Lle2kiMLPNS24YEsjylZTVcQUjBnRNs0=; b=vxMuvds3eGpSyU9TVnAD2MzWATdqr8uuCDmjXeJCfTRIAvhjV/+yLVnnel6RUqsFOUYMzK /71NQ6fiumtSzAOpiMdlvWKEN+6hwD1+JGXvW/W2RrF/2fROwYfgeA9p6rGcnwT6/FZUPU fujxX9j0Wa+uT3B4mmRpHzgpdq3++VY= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HLJp1Pds; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544553; a=rsa-sha256; cv=none; b=ZprPCvCN5eWNgeTvEG3yoSsTmLQRNKfqkAGFxFzJg3392IaxkY1YOXLLcIdA19CNloEtob EthvM3QERkAYlPRkoE9xAvliDKCS/3fnN2aR6gzJlEdh8cFP1gJA6WRIq5TVCp3HY1zGK0 PlMGdJgyVJSQl9/KVqaBA1xGrw5qTYI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 714B960EC3; Sun, 16 Jul 2023 21:55:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1D3FCC43391; Sun, 16 Jul 2023 21:55:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544551; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HLJp1PdswqCNq1wYjWtV7kdpQQdsIF6PbOAs1DdxVIDUr271ZtsXaw0pT7n6EHg/J PNQDKSMHKSTQ7l583T9geSPx7pEC/hj2TLSc1ki5Mb54YgxQBOl1d/8b/DC6NImHRk kkxTHOsVXqT15aIa3ZZQPpziQKm2CwXl5+TryO3DUfmOgKg3/OzvOCi+Oyi8DBNdtL BZ3y0Hir5JQnmrqWN8msRZL+OE/yTvlBl3LWhMOzrjbQ38GZZWTgflCc9nKBUifQnC mdyW05hvnN9rDr4Ly6ZqRAXa5EZcVUddACiZ9mNql6HiT1COKlFZt/JGxXzOnvNJqG oxTY+e9f1GO5Q== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:25 +0100 Subject: [PATCH 29/35] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-29-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGams/1o2FBpw3AOTccDx7xYDuhWhJAAlqli+qBI f+Cr23WJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmpgAKCRAk1otyXVSH0H9IB/ 9uVI86Wh0m+jKCdZsMXDL5z5tGDQtNodAMlpbSInG2EefWBm2jNMaiInXFEKrPSyMmZ0EutT+Di8GG pmbMZvDpJvK/9haASKmdxQoyhAUfggLS2KLtHnHOb18PbwikLGlwpd3aXqj7Z6PkbOSpaDcFLYNhv4 5sx8SB4VD0ueTKVRP/8R+IABokYM2HTK+wORDfwd7MTZPeyaSjagIL8LCuZQoIGQbfmLP36rA2eJXh JOl2YmzMhTJF1dcOFUaJvLvKtEUtm+BNQskId0JiVQAA9up7GB38IsAYmJEnBx1hzGEVlZEzZICvBv X7+qWQKaz0ozYAZC60ObOtkiQ9CT8l X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 3CFB740005 X-Stat-Signature: 8zko56iaxj6gusyfzbyca7383ny8mikq X-Rspam-User: X-HE-Tag: 1689544553-210126 X-HE-Meta: U2FsdGVkX19m/LZm+bn6bBLkU5fdk1GyRy93DSrCwQkSihy06Sa1m+JK3HzwMiV+cCHHt7aaizAy0f31wxquZ8t9lp1JDuB5ZsR/xFIvBaBRN2pwA6tJgT3A/cZhjaiPj4Am5S6m9gl+7g1/nUqJ2W0DRJE5FiUdiSmRcAM8ZNlRf5C2sRN8PAiM9hw+GdNgFxtzDKs2wH5yCzROeQgwcxZygAurLxahnQZftROAdYhuBKQtlRfXHF6VRdxE5UhhhVR6eQfiCWlyD+7hMqkV0E2XoCIQEGCkaOehU9jW3qI+cU+h4znMcn0TyO7oWexeqYT200sjYtPctCHSC1qZYLptUlYpY0Tf4iRBEKcggeI9Mq66rXIvEWUgbTLgcWnFI4Ls/ubpyC8Ib5QTLX+WCo0+x3CngBOnUCUCd0iFmAiz3SBFp6rjDW02CqYTyv6i89FW/2RXF7N2B+u0DFhowr/VvuV+QTa7txVX7KpBcuikEQ6IWfr2ac0p8CulTBIdXVbDGaDKaDUXcflEXkhG0FMW47uWvhvGyZu2rhCi8up6fQQy9qQcYIG1WGls/0v20EMPupbD8jTY9MVxwds78+eoBhhnm7ooZrGpSsghDBjiyCndkyd21A2J8QE7Sim+F7Tdu7jg4OivrPK53FHI05tEdKmGa2pycY6An7V36EqZZjwLFDuVwKptZWHrmIHGvG30nWoK0rTGqq6Vgn5cyb59X8rCqd2FdLd3wC0bBepgWIXowukxbET1+xBSwKyDFgyE0oBRnN7ALsrUaENhrV+RphcB1A+1hZMIj2uYz0xnBQiynR+aWUA++oRjsV8d9qQdJyAvIPDEBqfW9ddC1pyTSMM6tT5vtwk8t+ekIWl5vZfahRYzOklGxq8a7c6xJGfaYZNAmPJthsz3cwwsAyEVNtVIF/spu0sH72A/NUmff2KH8l2aqWFoDKI21trrbTRUugwgtGTzVQSzKSg PCcjMnYm bDdPtVM/9PuBLw2gkhfK5EblB9QWVyYx0A4fHokl+mqamgsjT1ormnmgv3rOOcWg9vWmRh9jNCAyLh5I2eQUh0+43a2p+EbdYJWEOk/aIAdclZmFlkMwrKTik5DhbPTmDECmMqN+a1YTVIYNB8O1b/jGAOtbNWMpShXIR/M72KfC1jDutdOOy7owAEgy1EgYtouNM9VREXfZG+5q6blyBjRZgqp1cF+6ktz978ppjJKfu2XZ7dkLnlP5B5oH3GdVPXOI29ZJiBZrqzY0H0CGdGSsAq85KmSXiwyXbyhGQ2NrqSYLWfp6Sbmh9/QNwfJIMO4whU6DIFL1eUyyS3knsu6EieYIksQXX9bbkIa6cpEC2zQhz3o8R9hb73BOwLaeig/OZHZ6GtNroAJKveXsfU6VmAxr9ZfUkEpGTUuyLPZWPHBE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Sun Jul 16 21:51:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314962 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F06F7EB64DD for ; Sun, 16 Jul 2023 21:56:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 913438E0001; Sun, 16 Jul 2023 17:56:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C2608D0001; Sun, 16 Jul 2023 17:56:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 78A428E0001; Sun, 16 Jul 2023 17:56:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 68C4A8D0001 for ; Sun, 16 Jul 2023 17:56:01 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 3E2541201C8 for ; Sun, 16 Jul 2023 21:56:01 +0000 (UTC) X-FDA: 81018833322.24.81DCF23 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 6BC01C000C for ; Sun, 16 Jul 2023 21:55:59 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mvLNywoq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544559; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; b=66sO/+JxVDlKQ9fFpN0cuDmlschCEsuFk2Ew8m2BgzyOXHRdxWXUeYO992mS7dCwI41NiF gt1AqsVwXHU2oWISOdRqyVIFFTrg78fNHzTnb0fE1Lt/O7KvYKsMNdcNKFjRq0pPBj7EBi WEBfVyRVVMtfOdGKbkgjADIGMtHdaxo= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mvLNywoq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544559; a=rsa-sha256; cv=none; b=YBw8/G+boi1ezeCnBOdjUbkhQo1ZojRH+y7WcsV0ZyMVff5ymw9Gle2OagqveSt1e2Vcsr a1BXXNV89pyUj6OkF6iq7NkxmYPznsFJZgOif3xb9efX8GDd5ZyLP5R9zKGOlwap+iTOlR rx3Ne3t6tONZhIhdQuZ3A9/37fxFVTk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 981BF60EC6; Sun, 16 Jul 2023 21:55:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F00BC433C8; Sun, 16 Jul 2023 21:55:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544558; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mvLNywoqXfGXI/ctEdvYGrd7JRs9EWxGSMKyuk+ykhRpKRZKRHZiuir9Q9MtcqXbC fEDViBWIBTD3WdXcBR+p9Ec3fV+G3xrCCRLNQTh8hliPPF8DCfmZXR2tQdwhfj5Nju cVZzR6x6/YvhJKwrG2JkrAHfmpSPyy605CxrUmupnYZ14nJejGr5QQpdl1F4cfaQnU pxS/P5sabCOHPzeIRzZgRF97QJrQoRb8BRNWHLrYHC2RX7iLzCjA/UsOzgFk7sQJy/ gz/NWGnQhC26q4r1DlznLrPEOFsp7ht2HKCx9LrZXJ4Iq5qqfzB/0FzVZ9IcHEsZfX KSjHG/vW1nIwA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:26 +0100 Subject: [PATCH 30/35] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-30-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGamoMzx7ez+FWeWsoKQdHkx722W3rsAxNs+L88l G76W02CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmpgAKCRAk1otyXVSH0BNIB/ 9X8d1OXFKpFp54/4hJike2qyV3vCa/nH/EGswkOhAAbGKZtvqRmPJFzUPACplmPpWM1LBcBPHDfWQm 8xKycW/5sZo0DIodflYaBfFvLx/BSv+DAqiRAeabhAU6rcjWSZvvzMmsOwnZ0wTZlGUS6QGvwb9rL2 AYopbAqh/ButTuvZnnni44xOYAA6WKJFY9H5grcDVZfGZSx2OWqy1fGNWzSHAJxTAYN6ETJQq8FsXA 0UJd9Us5VlKCsMqlSyFZVlvO5XvOoNnMrSGVrNFgwvsO+RLoyu/Pg6vg8iCO81fNQbbtYDQx7PAEXP K/tIBHvCVN3HIaFqgJokRX8X3DXQZ5 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 6BC01C000C X-Stat-Signature: 5nwrbiezaf6sw9jornx8km9mm145n99e X-HE-Tag: 1689544559-79044 X-HE-Meta: U2FsdGVkX18jxxWe+JwMRKmdz8U43ife+oSbe8SWxrqfGxYWa9tRBpRTRPDiCIJd5eIETl9L1+Vm1e9t8Qx1BnGWW4YgHDHW484jYQYutoQq29xTHFdtRc5H4Lk9hzmDmLyo0ucrlT8tHsz9ghf6VO+pT4W70FX3Isz+T5c2Ku/gbS46Iss+qYLP/xF4ixZpXHT8GYDs9JWsz1feKQ5eYpMswePYKVl5tZyY3q2Rcd2y+Jy8d2QxuC3SmL9lwbSsctoKq0d0uEDBoaftUTzo/Mc3Ph33HH8wuH3APQrs98CUigc/tUFtwjQ3kdOVbD2AcgBBhuobAaCVSnBxM+8Fv/mDWoQFQ7lAkpy3q+DUNDhVfNrTXB1fEs56jFgK7OQqGj8RBJMIsveoNUcEUvA6d4MZ25kgE17Rx1a+nCnwVmwv32ShwTGxRcLxvSiOp1yMfAgvuQL1SKh1jPB7ZAaK19XosXwfktyN1CvEVrVyb/3TS9w6gmzNZLBGf8qDAMW/ydI6gRuvXb75n7okx4wW0OFzHUEtZCckhezq/fwQo7VhTdllbxD2plv8+4SJjZfwgY5Bb4QVypsS3/+WlqlwS9h086rJcbpq9Mh7PhaGGPNtQLyseinbRoyn7UdO2sc/og44bbigY6yt808RYIjGqfzhK45dMQvKWgZmwNXb4JT0PUZwovXO4nWmA3wR7qVJc40WUOFgbErhPfjUtiR76HyGuuMHHaTjfXRR2opYaAfqteT2W0KqIpiT6t2Thwjbc1TofjbLZhdSPT18rCvwxLQc79j/XS1IdlP06fTytq31TYnYI2MrX+2SytEtft/n1knigAYZsYT1Zx/6/f6l31U4tXBICwe5BLb30tPtGk+wLQ0EYdI+LVzz/Lw5rsp6LlFQ2tkUa3nnwp0drZSDYAVXxMICYN40XsicUiOVwQCoFU6BmJrXXOaCGpA/wJOdbV45XEONqdhp0GfJLQ4 aeDQuPM6 0tYB2RpSAEFVOjeSH50AekDoUz1zAif0xBRwgwfajVkgpEwvgdRQIJR1juGApnCcBc/y89GNCLwp8l6bCrVpS+oaBdySWRSmPNhsw2majijZAKOrvfKm8XU6SrpKH/FOaAoREWCTpp4HfWe2RS++HPjNYJfl91s9mA6+vt9o909s83o1rhwqAG6JZCOwMlruTtgxs63ZcTQCh/n+XZrpXpnqSZpCnCOzL3z46fzb8Pb5WQHGXgHbthi8JTXqa9mKAmmPMJDDKylpBhzHJRFFy18PrCU0KlIfSBdeigGSgr1zuJfjaS/zrCUjBJNPgIBnV13cfJpp1SWuZq8keoJtuRntNZ89a65ElAmS+9iqNwBcDrSHcFmhALHSkVC+nRVI97zHNs5Ex3L9UI+rTnHK5K1ai9LH2lWP2dNrZme1e6KVSiYztbM4Pb4UugyrDbA0zW4kWbrL2B+Jkbwjm6CCLQf5AFA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Sun Jul 16 21:51:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314963 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66427EB64DD for ; Sun, 16 Jul 2023 21:56:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 08691900002; Sun, 16 Jul 2023 17:56:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 036F38D0001; Sun, 16 Jul 2023 17:56:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E246F900002; Sun, 16 Jul 2023 17:56:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D2AF08D0001 for ; Sun, 16 Jul 2023 17:56:07 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id A5C561201C6 for ; Sun, 16 Jul 2023 21:56:07 +0000 (UTC) X-FDA: 81018833574.08.7757B24 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id CE7271C000C for ; Sun, 16 Jul 2023 21:56:05 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=P1h9KVdb; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544565; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nDVR3fn2xd0MNSzIh34zJUX6KbyaSvUYB+1ILixlbyQ=; b=5fKvTR30+kBocDnQCuHv6iRKXuE2Q+RLSKo4YTyljuEMD0ry9n0rhPOy7SY0+L5ws54tqP OACgN3dsqF4FhA8ELgtS5gCzJRS1IYMTfdFqB7X66WXPNj1KmLfSJVdGWUVE9/p71ekdUy GfL8ImVBYgEephXxg1JSx3aIZZH92y0= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=P1h9KVdb; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544565; a=rsa-sha256; cv=none; b=mLX9mR1WLAMOVWT8mW7aR5rXeRDMVzLSNJwgkKyYu9EMLjM3VhE8UJEAn84TUU2qdhgWzZ AoVGfhcWkjsc3ZmpusJCh8YT/sxt+R9q7Ov8VgsJT8Xy14+LgpePPT2znAeVxMl5jZd6MV r/pxe9hHxnQtclKqdgjNIe/75BSwXZA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BFDD160EDC; Sun, 16 Jul 2023 21:56:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79391C433D9; Sun, 16 Jul 2023 21:55:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544564; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=P1h9KVdbbAprE9cGnSst8fVG40lH+zlIEa0ULjrrdOGPLgDW4ZLLFEN5ZvPGWvuMa gwFumvj9BBOTlWawxnw/4K3oU/Lx7yaLI8jpeumEkP1wRajuWGl4CNn0PcnQ4fCbKV CN8DSHDH2z1aSTnQsbqAKpaQjDfLYXvHO4x5r+odKnwAdtD5L8GlPXto7ze09j0d7/ facbXKzFyqhBddfWjNd/+oUmRRXmprqLZavow9m1hLr1dACcQuJQmZgJzl0K6Ti/XD KCGb2Ik4YuAZH6f4OVAXQ9VVA9bJtItttNHqhR/A7QU8GcLnra6YSP0t1K5xfmQ2+/ Eyj0qahxmHYwQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:27 +0100 Subject: [PATCH 31/35] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-31-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGan2iFZRR56liRBNgBrNa8Q9jM0eX1IYZHjq6q7 hHCAKcaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmpwAKCRAk1otyXVSH0NcQB/ 9J49ekWpVX8qtcugCCDHGBMz9he4/VOu9aJ5NstPp1veTJmUV3yzY3JsDEPe24a923q6CqdQgcnzA6 RomVBFbK42eFR/gYU4dXyyGnrtStUF9uj09jC/gDfRgkT/PD/PR9hFgn4oTwlVX6hwWJyeKFTicWKU VOqcNSm+8D3R4cdhbVMqYWEOW7Vok3SwbcBa6X3UEVoqSed9j2MPxW+iYYyZfF8HiggQErBUqMKk7e 9Cf8LbFP6DgjzMI5DTg4Qc5zcRTZ+IxsBv8KNdFJOhxdymzByoF05oqQXaf+xJ/IdpkWIeCqWhWYqd 6tR4dDTM9BacjC7TIEH5zv3ob5DiSp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: CE7271C000C X-Stat-Signature: bjme3agiykb9oh3jfq6pix7ywkr5oykh X-HE-Tag: 1689544565-290135 X-HE-Meta: U2FsdGVkX1/XlBka+vt9Gs41Y/z8NrcRSw/Dk0fJwDnGE0LxibHmNSHR6rT6q4ET7KWv+NRiLtm/hrk7y/OtHjv+c+eGIZNLy2InERNz0s9etsdZOu+DmDTPrBEOjukKgA7jFzqIfJpCccIik65RB/ypvA1PicBTjqBVJ/k6fo5WX/zD+QHzonDL1ay/NayIV6FJJWGA+wT39gvhwOnpdnWiJT7sLDKY++xAoPSd5XAj44XKa8OLZENUGfPcAhTnuVGvin1ThYZivMR1W2p/UcNBQU89mpQ/yWNRCtnxPuQBQ43ML+0yila3FbhlISWIDctzibdRsHwWG86EEM9u4+Nu+mjm5heRM6rDqKp8T+l0/e7PUwPuKmE0sgZUNUUJpR5m82spfR0HBLdaXTykjt6gAHvkmWJg9alLEQlqULsAxEbgw/0YCBk5pis4GFtWvsVUW8WYXCdUBgIHDQwokqzqqv80LWNkNiH6bJVt0en/Tdxbro8Cc+0E1E00fcT5b+7/XFBzWJUgU5hZDaafPnquxZsokA1oJAQa4eIyVHc+QntrmVsob/rbtipBM7d2yc1TtCD1wrDXL5tbOdWHUUacOccJzVnCHNttn53D4PV6hB2jgT7VD8glfnpKQBDKW1tJmpySUorwjvaUQMH/iQOssZVwk/MtQpExM6xLa+tNbpeNQgSnwMaDLfufs/QvM6rw9dHsEGVnXhsSZayL2h6WTmQqwe8/V79tmz5Ri4am/U2J2mlg7mfJF+LCPp87nOEsniVRb99Kl62TgXqd/UAokI5TQSFpd+QitHd4tRnpOHI70X7M8KXu3xot/UyuxnCe+sX4s1O3LxGjdWeHzGOeIuXekQzqIkbJDznCp8xpF+S2nHkf5i1+cRt7eHqWebkXb4mvnbwS9ZFWdToO+sbreVSIk84nhoAcdHG1pcEzfwfAVvf+kHolEi1TIipLwUGrgsOSI8Hjeha8n0h bv9Z83jC vKWwNx70QYMpH2Jn5A67OtMAsVDDN8WNzlSLflB39LJw1rg6rhCSfY7lQjy+idWnhrI6Hh2f3+Q1ncEb/mtW+fqlwOv4VsaWNwRbgbo8LrdCAjX9/5TtUDxu0pctN14HPJWCFyufj93vDy+rqlDmqsYuemb8bcP534A/5d+JKziVv4ObTs9UXogEsL8IIzdgJ0Uee9saxqFwCdpWDGkY/J5JhXgTPqSCYfqe6bRhOUnUTnHeqVGMEdElQw/h1M+iOHKsVmyFj9dYesqNzT13/q18JdaaYm+BYd7K1e4j+iPkN5cysQBwqWZmaWxDJGvsd6vKgZzXCLY+eSmW8/cjxyeIBFZjgISJyZe864xqOc/It/ks29XoFT5J0VnU43Z7jZgGGYhxQXoSY72EOZiOQ6GRBMcZI0zi3P7V+GWWbiJkq9ZU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 222093f51b67..1cea64986baa 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -16,6 +16,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Sun Jul 16 21:51:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314964 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CEC5C04A6A for ; Sun, 16 Jul 2023 21:56:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F2CC0900003; Sun, 16 Jul 2023 17:56:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EDC7D8D0001; Sun, 16 Jul 2023 17:56:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D7D58900003; Sun, 16 Jul 2023 17:56:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id C7EB68D0001 for ; Sun, 16 Jul 2023 17:56:13 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A5E3DC027C for ; Sun, 16 Jul 2023 21:56:13 +0000 (UTC) X-FDA: 81018833826.29.ED92256 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id C06C240013 for ; Sun, 16 Jul 2023 21:56:11 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AMzRbq6o; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544571; a=rsa-sha256; cv=none; b=7uiw+32uHg8EvDLyznGelKKqsN7GNLt/AQfbTfyd12o8Aj0L4Hzcpg1e8SZDj31OXSdW4y YInEyKXs9+B/35/h2dLZQw0uSS2CBamObr8pzQhR/qcFNqxjPXOP3W71M4XMaqj7t0Endp Q8fsKfImteB5P2L2yYVMEHGoA7vSFrE= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AMzRbq6o; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544571; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0oDZea/s6DM2iSY80XyMmWJsQort1NR9O+cA04snXJY=; b=1/IU/NTNhebKY8hON2xjTuOM/9PnbleV9/tXcNcY1oMZnABNxDdW+lw7qnSeGng30emzjT lRQQ6ybLwoyjchn8pUe0YbiLbHw8uJyL1GdVTK6gy5Jz5xA5FA/7pCv5m0Vu1vnkK7OrVv xiRAKlm680CBsDuWpcAEG2mxO/zHXDY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EFBEF60EDD; Sun, 16 Jul 2023 21:56:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9E3CEC433CD; Sun, 16 Jul 2023 21:56:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544570; bh=RTvQiyYaALSIsEUZJKd+lBpOIJefmcl5QuvCsaWIcUk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AMzRbq6o4/PnmKM/kZVNH9k0TgCZsiI3956Tra4DsadCSevsk9X7kngWaVe3uI8WM FeayhODMy3TxEb9Or7//S2MS9UeMrVws3IlJXIsnv9jyEPgHdOaUOogY9oQGp/PTB2 n+t/kFTX6rgg6eXgP+3KxY1DHgBj2qVCnnqpYptFBWt8CHVoZlC503gDE+EjUSt/NW nQB76otA3UIalgPqnXUpn95C6CsGRO4mWmUAh1V8llv1zoNP1dijlLv0SFvvBOBP66 MI/czGr2DrkSnE/8VWX8yjD/vsEKgoVR7tPFyOWdZwBaX4Q/Pi2x1SoDElTjTT3Z9W ucMSPI2CpPq0Q== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:28 +0100 Subject: [PATCH 32/35] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-32-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=12261; i=broonie@kernel.org; h=from:subject:message-id; bh=RTvQiyYaALSIsEUZJKd+lBpOIJefmcl5QuvCsaWIcUk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaoESQOw6KJgLqK5PTJmRftsh+bkxJxgywOPaTL A36E9QiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmqAAKCRAk1otyXVSH0FvyB/ 43XV9r6R/br+w6DqoxjE/lQztrR83Puotu/rHpI278r+LgKup4CScZYJll0xrs/9RYe43pN2SL2xbv mh+rP81DzwF20DeY+/0hwr1p47T1hwXUjwzvbGJYacH4XqRqpFobr9akpoX9zUXtFzFumhVw6SMI5Y LNU3/1isu62Pam79YS2nC/K+D/fAH50FxjzMCCrpW3v1tBhEfeAwxTvS37h3mbar9ingkeABPwnijI DQQIOUUazszGbILbF5qR1orIvYNqI518OFgXDEXrQDbic0+nLra++WBY6ndUWjXfzIwucK5ILxjh+K wl3nJQtWXe53JnF5GDeNYTE/toDZak X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: C06C240013 X-Stat-Signature: y4on4o9kwoyho8chpyyfez88hczatdg1 X-HE-Tag: 1689544571-940351 X-HE-Meta: U2FsdGVkX19Wlgflzw1jD4vcgJtPCMZjsdZ3fAJxRXufGCchWgaaLrKZEHexxlPK3o7mzGFE9Pr2MgK1+m7UXDLdTdYW8Mro+RvaN1S7d7dmtqbNXHAjCTv9qCYxu8aRejKHRpds2RLCea5D+JXcAxNzikXFU/racYuwRvANIjAHFyHqarCsM9J4TCARm90neEScViXialFJ5/R9RAbj8CrFZCTbnl7ZrW9vMJsRgqV7TFU4NFUw+XSMz5UNI936v4bBqT5Rc2SzmtQJ1VBbv9Uq9Kkg/z6QYVzWP2o/n1MyjXd7QNgw9zw1jppIpYsWSzSpw9J2noa3n/Sqzrh9d5E0wE8K+58QeE6T60c37KwB9eNZh0Js/dgvMvaNgZAaq4CoeKYtkEzQA4DxnxZxwsREQIqede/yy6bWHr8g5kNjx5V31Ac/emz2fO7PcxBKcu/y3sdJ5J3LEaLrREFKfEq+cRcEqdznGgmlZTuGk5MLOWk5jKFep8bwrH26MRRzNl4OQ69w5+sUFM0OZnN2V2tgBhsb/1w8dPfXZ1engxbPqCKdTH+TDlsYpbhvRc2iC0sn1Ohgflres4/yHY4+9cQaZx8ZK4e5O/JtPI6j9SoffrSr+tD/9vMgFj9Piz8FDlDrkXT8M+UA7bWWXZqIGzD5EQRTmAJkEcRlNMsKx3NZUKtOztqDyRJgM4+jAMHHyqBCDlcn60SDZadG2ttkfQpM8AE4ipaoQdBO6a/LsvB9Jul1NZ07sUKHt4gTBrPbqYKqSWv5aiQt0C7orDfiK698W4rVRmvOygXb2kJZFxtFbWL08jKnfafuZvLT6FzONcBvleGtW4tuUZA+VEDZaxLrthxoFsxIvnNZbssctqt/TOEn3t+LX9GzOqxddEpMjNHkUhdngkGleynIsWXfNyFr/ojjxS5lyWuS+a1uf9jfkLW9XI7C0kSAU1WuyzBVTL4RAvkxc1YBpzeKGKK Z85Dk9pn pPG7lhNozfXrjpKf73eIlOTTFQ1MJP5eVcM6iylstNUQI/0GaQczFl64rJ+kGj0NJVRS//KMGJ5GvA9iaD3Xej4zDceBVcG6JU4BtuS9rz2bC9COuxVrKk0DH8s7stUsLplUQ4cztWBqAsyDUvFx4fre+8pIlS5kM3SNFSDOV0Qws5Df7V5M69lhrkpa7eaqtgI1ydnxRfnVWhNIGkY9wTXjJfdmXqi+aSWTgjKO4LIQ5L9YGk6TqOTa/x3tko4wSlvkxFIqLIkC224CIOPV51bkOA0UebYIA4YNdNDyynqC7xfgy+rRn65PAE+HcdH+f4bu2K4+B7q90rqe5auB4JFEEZdzEKBZ8EKtalavHxPoLN635QidMeWis1Ge0xG9M3G3WmJxDcBDR0f69Rg5WjjSG4zUA2NUgluYSbMZyvVpepeo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 17 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 350 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 65 +++++ 5 files changed, 434 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 9460cbe81bcc..fd5d8d85aecb 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..322c40d25f2e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..1cc14836c991 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,350 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, 0); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + bool gcs_locked; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + gcs_locked = gcs_mode & PR_SHADOW_STACK_LOCK; + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + if (gcs_locked && tests[i].needs_enable) + ksft_test_result_skip("%s\n", tests[i].name); + else + ksft_test_result((*tests[i].test)(), "%s\n", + tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..90130c77463e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_LOCK (1UL << 0) +# define PR_SHADOW_STACK_ENABLE (1UL << 1) +# define PR_SHADOW_STACK_WRITE (1UL << 2) +# define PR_SHADOW_STACK_PUSH (1UL << 3) + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_VALID_TOKEN 1 + +static unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) gcsss2(void) +{ + unsigned long Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif From patchwork Sun Jul 16 21:51:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314965 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23216C001DE for ; Sun, 16 Jul 2023 21:56:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B0E1A8D000B; Sun, 16 Jul 2023 17:56:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id ABE6C8D0001; Sun, 16 Jul 2023 17:56:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 95EE28D000B; Sun, 16 Jul 2023 17:56:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 86DDA8D0001 for ; Sun, 16 Jul 2023 17:56:19 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5E05F1A01B1 for ; Sun, 16 Jul 2023 21:56:19 +0000 (UTC) X-FDA: 81018834078.30.A59A228 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 7705EC000E for ; Sun, 16 Jul 2023 21:56:17 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OGFccAln; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544577; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yOKu/8lDcTLOtIpWAKP9YRxTYZJtKZhwO6Lv+R5SvSU=; b=GC3ZrWHncgT8xffWzFqp4yc8Tuaxcutc1B3A7GEve1C+/vEF82eWBgRe7KIXkoz6IbtaeK 4le4ADG6ao8Pve9xfHgd5fE7F+uvrUuFskxuNHCcoGHMHN72TU9kyxwhu7AuViJwR80DRN VJud36x3xEOnYcZO/JqLn9KLAH0XoZo= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OGFccAln; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544577; a=rsa-sha256; cv=none; b=8bMHbd29DbERHJfkIu8wOonctAwiq11G3THvJHEx65B1P0XhZEdx/bXEMDBFxOTsIQvuaT k5UO/GAY+zlDC3xzSJ6a75tLi0B+3fgiSKqRPrDcaLXpUeRTvgmKuAV6c3boqblt2ipoI7 oS+6U/7ZHF1DhqVm9VFvY6b9Yj8UXkA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B861E60EDF; Sun, 16 Jul 2023 21:56:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CA02DC433D9; Sun, 16 Jul 2023 21:56:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544576; bh=SiXcnz4ZnwfGze7/qmS4licirSO3Q/5KRYcvbUHs5Eg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=OGFccAlnpu1fa6ZC9OGpFv8Zc4wgt8MoQn5TPY6tsVQqf1E3zZjXnDjkNJnXBJSIz lowuW2Fl8zvSqX6M9e4+37BqGMM+sKdLxZMDJ/aN7Z3WDc6Lt6FMEc4rcSXBEG3MIg boRyPeWz6NH5sxXf7z6Uabh+gz9H99WovpKcGGCvM1aDsMzTa4vJ0RDboNT+RVxWx1 W6XayBcZAjFPXnIjGF+9Jqk/X71sGpLqVj6XyYkcktym+HXvmzybfjf1JB7tn8BDSR tlgRs2A+hywcKDhYSvWuvY5OoshQulnvr/dG53s95hHW19Akml6hNXDThYqXQvKoXm 9G2o6gvStPQKQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:29 +0100 Subject: [PATCH 33/35] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-33-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7954; i=broonie@kernel.org; h=from:subject:message-id; bh=SiXcnz4ZnwfGze7/qmS4licirSO3Q/5KRYcvbUHs5Eg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGapA4B+X8ht2nuBrVxjpIflYhHilWMB/OcQuIWG t40RyyaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmqQAKCRAk1otyXVSH0FLiB/ 9E1U6uxsV0M6HJ/gTLErPHXG2euepXEA+By7UhFpjSnNkfZ5ypUK331CG/JqOa4CnRV8en6z/eB6xt IhLU+ZbUzW/Vele2XRVXBdRzzlN+8k+82+vnZ/HPV0b9XphWLfpjzjA1V+PX7SAG5JGGhQseQhhuKn WzjvCDgnv5dZlJ9yG6eXeQUS8/UYZKn6ILOI332XNT9Je7jXDFGjc+dzxcuyI/o6tOqF16TujCBgww lz1hAFA+5Ppra9Ax6ij0A6I4XOrUP4XIQtt6IYJNSMEE+DpcA+4RUn1DHptv/JmThUaGpQtCw84GGU BiI0pY7pvplp60AOdb9qImv0XEsGOZ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 7705EC000E X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: pjg7mrure6ja1ugr7jhy3694t8hh9jku X-HE-Tag: 1689544577-606805 X-HE-Meta: U2FsdGVkX1/epcJmgXNI4rKUiXCpfoggqfOM6X6RQrlwJQm7fkpHc13SDpIR/6J9gO7qn7cD1n304AG3/QuWKRAf7/5pV96UqOO+N4VFNjr9lkNuIKRI1fdcUEbNGlnWKssF1MSKCs3+YnEM1ghkNFCFEbAbY5oeOWOjbCNLcA7/PBaXKp04wFWk81S6DnyOpWR2/HWjdcV7WKqTqli6MtUtuFE7PzyPlePO/dSWtH2PKw6qX53Luntfs3SzyfrqSglfPeLB42tsoqFLS1oZkLLOOdm34ak20JsK4mfymWRcUtx5PGNnOZslOZv0D8VZti0X+RnQLmAvDWx0SxQLliotn0hpPumN7jXVV3DPfhAFSuFGEDUFazNope3UJ0c8DYHpE2S4MduYH8b7Bv7JEvBqPXdT8x+zWEnMGQS/M0dP4TecKUNDIUymcWs2CFRKRyzJ+yJZQw81dSgp/n0Mssb1WFnZnL8t66qpY5XwFpNU+g3FoQ7DP9ipSPvmgoD1ocImQ5Tm5z2VNqh++PFaUBX57rabCu3qLQBZONHtlYXkZcsyV5uVeYE+XmOXeCwgxt7aCJhAW0TC5Qm+qeQid4daO2FV35LISFf/NljSJqpebkbxCo5vWjyc79yRZSsUoTnAXgbAggDaW1EtFleeE4H8DUf+1HjcEM4S+p6ap6BLnOq7uVBX1VAt+xqUBYoxICLshykAMOiaZPnQTu5Nd9r9fJHflUT6L5ecbM+ooRBOKIgT/tF7ZcHcNO11sfcdU9QRwrRmSSQBCcAm00Lzr3arxCOBqbZlRWoxlUL9L7C+0Lp8HPKB7JDVmrv4T0z8c8/0bGwmiw6VDoz1rF4mEFK0m2ly/4NqNXUXvXjPkABn9h2im0skViN2G8LEO19QTn/sgphob5yohRe9nEzDiRovnf/m9FMDgBAHFHc+ubIrtO9yU3k2ojUxg3cW0RaTnOejWsKs9W7aln6hkQF MbREbEQk 2/YMLODPblW/JLHKW7r5kFNeXRGef9MQfJOBdmvRON22ccBRni4cUn+TH6yp+KmV2mt5+3M2LMLvwKUIyhtRofBJGgbuL47r25juauO5hFQs6ypdkew30bJgDdow/Rn9KUt9+wNVGWa0sWP5NSVaV7Ty87MVh7SUruqqTec9nDqK/AregkvvZ2M2ygtvu1lIvfOoMGcaKJERCnDn0owUUSFJ+kyCNxOLyhqlDzXhUEbDTfRYwHq9nfGRhQmdm7AkjW1tBW7019VLGrFWKTmRAB+5fQbJYaeOP+o4cRcFisQujkA6CLSvhlrANsa8Yi0fyp3vtJqvuG0lwesq3vjEy/ppk5KSvpynbO9DTGSX7y3eRgGlgVq62zQuXq3MwdWFYojrt/owSTHiLgSd1JDVYI4ZZA3zEbjs9669WyrGkYU8u6K0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/libc-gcs.c | 217 +++++++++++++++++++++++++++ 3 files changed, 221 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 322c40d25f2e..31fbd3a6bf27 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..7ac3c3a2da52 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,217 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + prctl(PR_SVE_GET_VL); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + valid_gcs_function(); +} + +/* Smoke test that GCS is enabled in the current thread */ +TEST(gcs_locked) +{ + unsigned long gcs_mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + ASSERT_EQ(ret, 0); + if (ret != 0) + return; + + /* We are locked, even a noop reconfiguration should fail */ + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, gcs_mode); + ASSERT_NE(0, ret); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + valid_gcs_function(); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + uint64_t *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* We can switch between stacks */ +TEST(switch_stacks) +{ + unsigned long orig_gcspr_el0, pivot_gcspr_el0; + unsigned long buf_base, buf_end; + int ret; + void *buf; + + buf = (void *)syscall(__NR_map_shadow_stack, 0, + sysconf(_SC_PAGE_SIZE), 0); + ASSERT_FALSE(buf == MAP_FAILED); + buf_base = (unsigned long)buf; + buf_end = buf_base + sysconf(_SC_PAGE_SIZE); + + /* Skip over the stack terminator and point at the cap */ + pivot_gcspr_el0 = buf_end - 16; + + ksft_print_msg("Mapped GCS at %p-%p\n", buf, buf_end); + + /* Pivot to the new GCS */ + ksft_print_msg("pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *((unsigned long *)pivot_gcspr_el0)); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *((uint64_t *)pivot_gcspr_el0)); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() < buf_base); + ASSERT_TRUE((unsigned long)get_gcspr() > buf_end); + + /* Make sure we can still do calls */ + valid_gcs_function(); + ksft_print_msg("Pivoted to %p\n", get_gcspr()); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + valid_gcs_function(); + ksft_print_msg("Pivoted back to 0x%lx\n", get_gcspr()); + + ret = munmap(buf, sysconf(_SC_PAGE_SIZE)); + ASSERT_EQ(ret, 0); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + /* If we are already locked we can't configure */ + if (!(gcs_mode & PR_SHADOW_STACK_LOCK)) { + gcs_mode |= PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_LOCK; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Sun Jul 16 21:51:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314966 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2094BEB64DD for ; Sun, 16 Jul 2023 21:56:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B0FE38D000E; Sun, 16 Jul 2023 17:56:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id ABE4B8D0001; Sun, 16 Jul 2023 17:56:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 95F6D8D000E; Sun, 16 Jul 2023 17:56:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 88CF18D0001 for ; Sun, 16 Jul 2023 17:56:26 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 4C565801B3 for ; Sun, 16 Jul 2023 21:56:26 +0000 (UTC) X-FDA: 81018834372.15.0523516 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 778FCA0013 for ; Sun, 16 Jul 2023 21:56:24 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vHcl+3UZ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544584; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jIwMC/bqbkUcFEJdr7ERJSD27N7UwacVww2kxw5A5eE=; b=j6ScdKsC9iO2e9noZR5FOgKkic8xK9ewXA6SKbnQfSf/WYvosiSluQOPTgJzFMSdD/p2FG 3ckiDEYAxJGk4MrE6G5Nn4wMGd0uAzEHEN+gdUObbhsKi1C1MHtsoEdIC40DRc0xChPdQU ZxdTHD3YuVs3saAdBpCRWCIqHcUw+AI= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vHcl+3UZ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544584; a=rsa-sha256; cv=none; b=gd3NwsTnaCSLIvR4bhUxQFseAzRI+Hmuwpan3K0EEOAOCj8PrwlUoAwLJleT7i/SawNL73 Q6+ZmNJNyeZ1eC62UtbDC7n3WAevb/xGbYyeh7CHPsxAKduZz7r8nR0I0LDHHWUFmEsjBo BSqAKNWvrkbo9F/d/hO1Jg5PXYZzMMk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BA77460EC6; Sun, 16 Jul 2023 21:56:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0449CC433C7; Sun, 16 Jul 2023 21:56:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544583; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=vHcl+3UZ5+EufNEpmpaNY+wgCGzWpD+fjkLn97LjIFzLS4ri4KTTwpdJ64OZQ6DKI T4c7QDDCGFMLEyPXxctoD2VWSKBgU+mBySHQ4sD0jxa6VbWxWcSOI1Tkor2nGFLygL tQ4kis9C54L/bY6A+VoVQBlkdzKxGPD+1XludlGq6Js3wSWuqYyUqh+B7zN3Gs+u2X OPIVhvBpfQDh5z0gvr9wzhbanMsWGiDmMWkRWg2KSjYDyQcljBpFbzZ7lg/kfEnG4f FEaHhQ7BrvXFuKMHH00KdC5XrRzJPG0pBikEBVKdBuqnz2DjHIDdPCXzWfHi7MTkd8 91sTfGTDmpFgw== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:30 +0100 Subject: [PATCH 34/35] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-34-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7313; i=broonie@kernel.org; h=from:subject:message-id; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaqLkMmXIGAJ+Ng3YaG+eVmVdCUjVT2X598CYM9 0eOxExWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmqgAKCRAk1otyXVSH0DhAB/ 9FvTDvFoFbFiIdG4cBJuQhAUnkafpnVKYC+t6hY8pSGgkOv7vgM6Fm7y3cWme0lIYaJFEe8fnFMaNh PdHKG27ACjUz0qayzMrn99cyF0Dc1tRpUL/Yvkat/UXJKcX1sJRib5GCWJFiT1hYXM7CEBRxGtGKz4 g4sfNV+BccrXNwUiYYghqEWSqcnwAnV3azmKYQPYCpICs3e5jfr5W8uyacoCtAujGLZ4EqMimHPMdF 2FsjybplNF6aaCGptFAYgINULijfwRbujSI1QonXNeoCIvZkZwmr7pt9iPDXBOc5YfmL8NdTZSriB2 LKF3Gtbkdt8j9isz/XtJuYDjS8U3Kj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 778FCA0013 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: ieesmp9pfy7sbipsgcpwd7ctboetj77b X-HE-Tag: 1689544584-2167 X-HE-Meta: U2FsdGVkX1/eR7kVu1dtUb0DLn+QI1Xn8PWFs9r2jyRnd8BUp2bisn3Vboi7GFnoR8177Bwcln6DjRBUV9g5gaPOxFeznSBlPi90kiphUP6myzVSg4uBT3NdkUPyp+AW5qBFawZkGt+VerMY2fHVBEQdxBhHvv8hsMTyFwDHWNMo7hOPTNckn3ivgfYTG9h2LQ2oVcLlylRpzCADJxkLk0w+4z2YAgP81J0EVZhnYS3TBe1kZbT5NwdQPH0rrpvjoluE2qbxGnUJi0OZBPw7dr6vcafP2mAHyfZq3nSQRr8xIQHGJT8TiP40dlT6zDs8xrnVV/JsjmqIENY4IUIXQMUgvr77mm0CQUX6ZqNSSiCNULew3JBEZ3zBPLFZwlk5Y8ylbMBD7yjWEdAWsqxzdQ8JxJoTI30MZMGUhk8u+nDF1ZZfCCYmyrPfQc1mv92Wqqisw8KpasUF90UdrebBnOQVC22uI+TCd93EKnV3RB5gd5rj+eIT14NNn1RBYXxrc2JRcLVFKhZQ8xH8DXKs7i3hHRZ6guCQdhHR120k90woPzWizrCSTYgfmmuAnhE+Cn9WNBJ088UW9fQTKDtY0FMzPfTqMupk1tpW011Zjn30nk8fvVQ7FDsL6nB03jeBSWjpthMKE3CpYhO3QJGjpgL+hGsDKWm/FGctp4D0nZXfA/lN1nNJBjJ7eCuWuvXQlEle5kGCIeFDg4ALdOjEOYhAk9/uwI5HttFFd2dRNzIDXRFgfgFSz1LAbW2c64XH2VMDOcfr+1FWt91l41CnQqeWwZzIbp18vL4ENI4V4INRAcPokk9grRFvXwMU6j0jlbVcrS/A/qOqVr/92t73kN/L7MCCaeTBdWK3yXK/P3BseGn86LoYRcnkYfWZB11ihrwm6yXdm3l4VLhb0ACedC4T3PRJ3M3i8spwV73ItSpmGlyprt7DcGfIK87r4HwvAxd/Q3jOjRC6/am9zPw SglHp3Ru GooaraBj8o0xyvde73IQFigaxUrFbfYs+/ImA1qdSxTKOrpEoDK00v91uSb0xoncOwUs7XkPuzcop/1I64C19enIIwd+xESBKABmyyMHvFZEvAgP+eN3b8F4GgIwiQmgkW1bep/2Yp9EIwwVFkTe+TD/gXWGkC0FVkqPqqPyQ1lSr2NZnji3zIAr++fjm/8kzprEiy8gw9bgScULIi1bUrxf9l8e2p3MuUHWVgzNmOEkYAdewSzSe3nHtNo754HrBH+ZMVjYcZqatMumSBH11BLdw/fPlZg6z50Kl4jZSfDDQ47gRAl0FPy+rl+VmVuMXjOR89650vSKS8sXwtWypoc+9D1jjNeMN+vEptOEAlxrLz04S2PczhJiJBj/7nyxFrLGJp1y5cU2fjWTTimXenbBxW+wAFvU2g1UYPFA3s/A3t1NkecXlEzSDZfn1M7UPrgG6ORmPXo7TrINOmc9aWNuE9Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1cea64986baa..d41f237db28d 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include "test_signals.h" @@ -45,6 +46,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Sun Jul 16 21:51:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314967 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65A9CC00528 for ; Sun, 16 Jul 2023 21:56:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 011068D000B; Sun, 16 Jul 2023 17:56:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F037A8D0001; Sun, 16 Jul 2023 17:56:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DF33E8D000B; Sun, 16 Jul 2023 17:56:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CDBA18D0001 for ; Sun, 16 Jul 2023 17:56:34 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id ADD371201C6 for ; Sun, 16 Jul 2023 21:56:34 +0000 (UTC) X-FDA: 81018834708.11.6AEB9DE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id D9038140009 for ; Sun, 16 Jul 2023 21:56:32 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HYCi+HJc; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544593; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KkQq4SYxSbn7mo2Pa303lnYINoFf2IRKvoizFykjONA=; b=3g03eJnV9ESpKh7BPf3CHyPSdw5//zQ9DNkof1wSH8uvn5d9NcbbJWWyWMGm4JzDXS6rFN DbPEuF3LIwf8cNvZEYkb3r2xeVyhXkXKho05e8vsfHQklFkjuq4UGytBM/p+YZmuGINvwh ZDLpCE1niEbq1siYCCp8P2wZUTfdn9s= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544593; a=rsa-sha256; cv=none; b=PxgHNz7Xc9q5alDttUhT0AAuFz7B4f/SJ1AtBzrr00EsKp9hKK7LsplDj9KBWSSeMyEi+V ag08c7MMn9GomVfV5M6IAP4h2Uq31gj7lo+Hch5Oa857Myd7/ZPLtQ/eTSxt+opkIS/oiS HLx2eHeDcWVgql4uXlHvmryWTU9LiCg= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HYCi+HJc; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2422960EC3; Sun, 16 Jul 2023 21:56:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CFA34C433C9; Sun, 16 Jul 2023 21:56:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544591; bh=1uknQQAJm7Zcgtc49DMW82pswMUU7bOoBBe2xNDqskk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HYCi+HJcMYksgMlSsz5SeJKHMIPo9eezjQ6k/dwWnPejxrCUitkbJm0rPO7Z6jYLu o8aVLkRa1vPbCbt14ue/98nFQ/+kf/rFZHt/pvr0DSCwuOHZm87O/V3suA+YyjfeDq 7l1WRJrAqsEeQUl4rwvoMbwDPkCb7+DOyk3Jy5u4qUAj++g3JdBxG2LdxExndUaRlR X0HuUzoy3RiYRj8uvjK+ECln4B8fvBvH1JH0VQl7Y9K45Y+1zqZx6MBmz2fh3RmOWr Qh0CAowHOVjL3xPH7QcUq2qx4+7MJXCNBEXNSAw5Oy/W5lIykrgPLNOvg5QHo1QKRd wA/S1uejub5jA== From: Mark Brown Date: Sun, 16 Jul 2023 22:51:31 +0100 Subject: [PATCH 35/35] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-35-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=1uknQQAJm7Zcgtc49DMW82pswMUU7bOoBBe2xNDqskk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaqmYOxTQGWh9HskLim53vCootcqf2/ddkPhC00 Odm1DY2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmqgAKCRAk1otyXVSH0PDXB/ 90DyWLWRjEtd7nn3ZQR7fbY40YyGkh8XYKiRwLIDVIydAzHvcByMZWD+a4Uv6Xdeu1w89et6R4V/X9 H/3ZhsDt7CJzpTn13Xgt0BsZOcX8oegAiBb+nJR6UUb4SMzZ8xERXst50kf9UXPUhcRdUk8hiuiqjg qO7tQMbP8v14LaNXegZqEN5YlcXPMVBNKVwojwyXuZhvtp09OZl1ngcUtMsl5JxIAGJSEVka+duVfb y8ir6M5SA8HNklCb4Ff1y9JEFJPwQpAtSgZ9G0iU4DH9Dk8qTEAupS2NE1jgwTTni47nCYc5Gs6KFX 2lymhms33vgR5jCsHTYDBT33smrX8x X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: D9038140009 X-Rspam-User: X-Stat-Signature: enm58scxdywzsp535onz1o8iw5amwqf3 X-Rspamd-Server: rspam03 X-HE-Tag: 1689544592-812422 X-HE-Meta: U2FsdGVkX1+9vi/OsWWIead1jleLkWsmE6+s1xmA4ALZPY+acGg4w90WyuW+uhNd0WUXxqeIoWorNfP9jqcoIHX0nXSLslPpKBlb4HPyU/ZnMHYOu1DknhIME/6kHBBTLR8q5D6sWFWGASUKs39HhhF6wBscHgEcKwefFQgYSja6pbedoPYaZw0UVBuC3pDL8NOOKC5GJq0axpv62kJSdMV5NmDqG1ekNGsgK1XpHMfmfc58YMDUaZD3GDDMRvbaTuqya+NEwMgFjAu439rnxKJ7vusninkQX35f8kyr8Nz/kmcNDKOhmgjAJvB4kK7XbmSyu8MggZpgHx0h534BvOKYp+tdd34ngQwEs0F8E8yojlQxZfLKBCzvOpiEyW0Pypi+r91cgc4RtRzqv+hGaUI52bzH1oixbMZTPlNAyHBOJ24zuvJlFY5U/Pbz6Uvvo08VZiKv3ZjnK/kLAWvMd/cWCdDyN0mhlRDL0LBp8OD+UMOCrlKm831ANR7xg5ZgwaB/soUzfWrbKAUqtwRyh5txyELBcOV1dacKIqQEENBYTQBaQ/X9JTVloM2PGm2DfdX14u0Qr6x197WiPH+rLc80+GW+Hwy2vFDFTqcXBGvnUWF/w25x2MNgOqp7NPpImUIRR1Od7dV8Tk/j/wFpFCY7swGNDhUwLd5y4LhET3C+ELXnW9TJcGyEcw9xior/eYIu+712DcPPqlVW8F3+oLIWfY70mzcP8TXJTvceKmuf/mvJ5hL4Jx+NiG83R63CBoK4TJTOUxeHtwFU4hmEf5Xa3ikqsvmRp5owzaukHaU1kOpiESFHwoFgl1x8bWwIelJoASD00qlz02+9jkJL2HLdywCudeHy8W14E5uxIqPkmNMumTs8jSI7E2vHhws25hT3DZxTf7vF1v285BQnbR12iLs6LcWkhDVpHBAtwyfiBj+UM+siDMSuXt0L7gNlniXc+6Ktdpty1LYlaxL PzcgN5+p lKRRjHMzotUlHXpgWDzSN9GlEZqoAtjRbt4DoQblHmXwJ52fvGDSFFRYiRKTpjjoA8Xn6W+3+UGclJgO7mbraS3ROwgyLQAw3ZoBsd1k3h5R+yExPnKFjN8kumIX3wKLtTvdS6TLCPwpWwoVNLJ9jCrpS+/37d9OyH7+OTj4hfPlS1IrpfIkaGLANeq0zbQVb/od/2saeXko5oUQmKrROYpqaF7eeGKc92XmhrBAG2uTa95Ds+Ur+ZhK7aKk5wOzsixftslsEUSlt3xBshDDttItGUBkzW5+Dw5u5ondWPkRY5S0zpGk8w3dxDhTp51Lv1SsO3LSi+XzVP5D+IHsCjfcNFHYzOqqxST8L90TogIewPLI0RzK4KBWFMp2cQFQ8WQ1kn5s6HRQXjgF5MQKDg9nFsUYCk4NakGNRQOXZsb6cZ3k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..d01b61947f56 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 1) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT