From patchwork Mon Jul 24 12:45:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324621 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47E51C0015E for ; Mon, 24 Jul 2023 12:47:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D47066B0074; Mon, 24 Jul 2023 08:47:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF56D6B0075; Mon, 24 Jul 2023 08:47:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BE41A8E0001; Mon, 24 Jul 2023 08:47:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B0CC86B0074 for ; Mon, 24 Jul 2023 08:47:09 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6B96140A1F for ; Mon, 24 Jul 2023 12:47:09 +0000 (UTC) X-FDA: 81046480578.04.AEE5F9D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf04.hostedemail.com (Postfix) with ESMTP id 6BB7840012 for ; Mon, 24 Jul 2023 12:47:07 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XjzuJ4CC; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202827; a=rsa-sha256; cv=none; b=crUzcYJWJ3s5AKaYgWiwEd4wGgUwY7/PmxFutI6Lwq4gRWeTpVcUcRRW2hnrw7a81SVH41 RpitbdZWO2kVI81o2fdjM1SXMCfsrphfqDj7HKR6cpnhcscVVPAW4UbiRh+bZd402fUkmG BtnwqINTMPmIIBfBfmRIm8AIQvQFJdk= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XjzuJ4CC; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202827; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zOOBGuU2lqMR6FP1kWfddXG72xN4mge4QdS1tIq9BEI=; b=J2vuC1TnrAcbwpjoGPg9awq9OnT0jZo7uui4668qz8ZwEce92ukl+G0CNaEZoyRzeKoaF6 He1LWsqwPkNEd03nf75skXt3TcBVi6Xl/iVo0Di+kzkzaKH9rh4+aQ623GOuAg726H7vSJ AmQfuZcpARs55brviFeYuvDTVbuwHtY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 71CA861158; Mon, 24 Jul 2023 12:47:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 10031C433C8; Mon, 24 Jul 2023 12:46:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202825; bh=Ha5XZJGD09gV/heFbQXX/olVVoWkfD4y83jPPv1O1fs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XjzuJ4CCM6ZFYVXQVBnAtl2qFaSJcOnSdBa2YnR2gctCsWr1Kjge1Cr5Hm6hCCL1L lJte51uwrpvFxPHkIi4zmAIjOIQXm2aIxcZztmYzPr0dwlT8N1lA8vnIxeAgbNsFaH NhzgYSQgAulfi7NFvsH4rkHykMGTVXUp53McliPAk5ddgoiKpfWgmgSYi1tSGdGb8j VrymgggOsdKu520q0Nar3Iq/Dar5vXeuRYwMjC48qEX/MJJh9Syc0ko6SRhgtETTSb 8griVt+nzArLfXGI0wOltEET48B1bdL24Nj1CHr5z2+kdGsq6IFK8ZES8TeJoF2iL9 twAcqvgrRi/QA== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:48 +0100 Subject: [PATCH v2 01/35] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-1-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4712; i=broonie@kernel.org; h=from:subject:message-id; bh=Ha5XZJGD09gV/heFbQXX/olVVoWkfD4y83jPPv1O1fs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKGzmJ6bW+XHW3KRIRbKtzN7oIBqPwmzob9MSSu feu/jZyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yhgAKCRAk1otyXVSH0N53B/ 0RCo+v9GuodPKGUUlsCb2m+fzugBVD7KAydw/W8joi4ncLHkFDCfF6a3VR+OdzeVPXXbt5jrPyUUDK wtQtIe1CZpTrqp6ldxUREMtG8Zy9FCESrZUW7nGwiis9h2Ts5sNohIFo1jzK0JP84HQ3KZr8r2hMku +flLsRBhm3GwM888dK1xvk/xWY1UI2+MNcDm5KNa1QKOSYXrVoJaswMr3d4gT1anqYo5W9lDviiZqV PXptSh6/2iwzcXvokTe3DU2QvemUrTTXEm3QKC8HAs2tzSOWejm+DJhzvKg9e5Dx9U5lk/gEmt+McO yU6xnXXrvY6u5N/LXOWS8P5xSIE5mv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 6BB7840012 X-Stat-Signature: r7yx35zeymnqmf8patwyg4u9f7maxgsc X-HE-Tag: 1690202827-267655 X-HE-Meta: U2FsdGVkX18JF0BuBEuKyzP/sQGaHnG75Rte7jEaPmYTi6o9axCbBah1bJXHdDXmITcfa9mzaYu40SNyOMrl0IG6wKio2TAvGB0BqyzBeWHMGBJybeHU9RDraqi2Va95sNQWXZ9U7HZ8hkfm5zRlkAF1y7Ch4c3SJRJdDyi4JHmdOtJqrO/Kk73eG514WdZ8BSBNKDfZNGrTPdEEJ9sAWGC4+WN1emEZ/+ESJV5/YyZt4AGs8ySwZZzJcM10A2KD24hkaCZYVYb5DPNHSStCqzNN6VPSG1HnwAESa6XKExElGoORuKHZGYY+BPQbNus9a9NTq+ObNh9tDoC0l54pIxXZ+cBjA47vI/9xM9U9+xciux5LPqLONPN0Tpps3g0ZQJ77cmAu7nc4CmtQLWR7xwHXI+DjpxfCpvAdquB0LquuNB/yAnzZGGEZgfKdbGKwYMnh7aYDPAc5YXL28wakyZixh+D7T6uXUtQdDmBJxd+qCrOBqEA2gXHbGM8TAi0XlJMBTDocUh7ZvP4S00aOnJ5hcvPSyEPAdBK9yUKk+A0fh6ObTVFhTCqSnen04cIk+WxKUhVQgyapTAxtjXgNSiKQNq6vtRdMKY6RUIiIazmIOYaFs3rjbqY908VpWfaazH7ZAHuVOGJF1awbglN1gLwnnbLsirgq8fk0LY4mZ/HknSJgyqyEVHY07/org0uF7ADoNnE5c5UjxFhSRWZWnBmyZ4pTGlc2ABsup5MAer6TeDlVB3ubvRcaxwCwNHhn8f0MmaiqpzF6zc18YAQS602wc385IZqCOVU3XpPIxaCTpwYFJztBLp5lV+mXNkVsMpfPQ26kZ9RazMCD0Yg7IF6MnYaSaFBDG5zjFhG+t9rucJYY6TE8BG3rj242HWL8G7AtgSaKun1h8V5x0PmbcakdZfu8/v++8lYHsjLH9JXJwSZtuSyuqHXji/9S7CWlEpWY6isMOrHdzyhMF6f IcTkfp0H sXFn3ESTn4Vjdx5Ke7fVnUQ82Px5H8Hbq2zUMAA0w0Xky0G/4LNB91Kr6tN7UzWw7YxuOOCFlk9PoBAAY2pCa+Tm2Fo7ROq0CU9bgZitVfI9KT9sBa3+E4+9BROqjkbZXLumRa970wklEGOw/Swg+no0U8wMdk6KpNBWZOStku1YfJFZfLQMvasj3sDRreh3g0hx7vNUEizK85MR/Sf03osx1E6txplGTtxf0dxUnYFF6wLsZA0n/O0erDmGy9iemm1wpfwcWMQaBvRErwit9dbWxLw1WrSjWTTNEC3fhRqBmUnS+aTq3dO0n5pbzdJXMwJVhhcRcL6d5lmQG3SA1uKXCR6R45KJP7grawRiXF/ZEzUDHVqAPuHTQ64Vp1mSSBMYhKqTXY4vc/LJYc8TUVV3fIi0VG43u1AUwiLBq0T44FSQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 97eddc83d19c..c57c5030ef6c 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3947,4 +3947,8 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..0de3d6ee18e0 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -305,4 +305,26 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 73 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..b26423a614a9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2302,6 +2302,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2720,6 +2735,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Mon Jul 24 12:45:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324622 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E312C0015E for ; Mon, 24 Jul 2023 12:47:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D1E126B0075; Mon, 24 Jul 2023 08:47:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CCE546B0078; Mon, 24 Jul 2023 08:47:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B96CD8E0001; Mon, 24 Jul 2023 08:47:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id AC43A6B0075 for ; Mon, 24 Jul 2023 08:47:15 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 71F7E1407AC for ; Mon, 24 Jul 2023 12:47:15 +0000 (UTC) X-FDA: 81046480830.11.1E705AA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 9C370180004 for ; Mon, 24 Jul 2023 12:47:13 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UsZgLm8N; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202833; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9EiokGlVijer87hj8YWJ1OH7aG1LYVUNBq6hLY0xJSc=; b=CoqbsEcUxmJXiX0o+0hkh/m+ZphIfo29trv2PpnbjS90Ie6DjYT5d6RnjbzeXhMS3qjkRq eDmjzQ0JR3L3OYAFK4CzdcSMZOV+7ts81sFhvzBW9OeQkgR0z9RyCXX+C3tU7FsOT8lc6M J0ZKeUkbKz6ZYGupoN/miyGyn0jC+lI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202833; a=rsa-sha256; cv=none; b=bnQkwQABKCKc9qAgCRlOiac0e36Fjc/qmarKaPw7yFpvgpXoEP6E57t11A3lS6Ry3hL8Sl QqXU0cY8idZMRgt0EaC75Ih4iSTUPMHkESJJymOICcznpQMGhg4uvmRMoznu2GNG+M1DKj AOzhMUdMBX4kpXAnLmwPtZScW7516N0= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UsZgLm8N; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B537A61141; Mon, 24 Jul 2023 12:47:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50B3DC433CA; Mon, 24 Jul 2023 12:47:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202832; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UsZgLm8NdUWGW1yuLTFg4d2z0IF24qUF4q1+KeNH02fBNnDtrN6rxOAe1J7HKvOMx iaFZjxP6jjbIPBksQBtSoJBkVELmsVOvEWNdEeByu0VB0I60fPObqLdoQXfcknpmQp KEC3h6GMHO4lbhGK0ScVnYFqw6GE0pEFaPmGLc97TIuxMsdDobHd/rYKuupmCh37LR TNhKysMlR1lwhEaLyd0R4HO5U99zEJc+WYNUN0lUe5Tb247LeQrnv5r9f3xFP/C5oP XUqrmGMKGItUTjbq0a+QoBWX2CN+oNFT/RozpP9zaHIIBbGUeHxLAOcYDYr4BdllDi VO3XQWlkbyqGg== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:49 +0100 Subject: [PATCH v2 02/35] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-2-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; b=owGbwMvMwMWocq27KDak/QLjabUkhpR9Re1H+AzvfFlc8aNW9m2KzIIncfmbO1Pmhk29GNDSN2WT iPjyTkZjFgZGLgZZMUWWtc8yVqWHS2yd/2j+K5hBrEwgUxi4OAXgImfY/xe7SUWdCuAuK+x0eVtQKM AmNDf336lTl9WnH6nIncoUvvhUxc1JNjFT3WZUtJ7xlnu3bMe/gDfy3/K1A6Y3XRZ5blgzcbbmQ1aJ Jz6OX5JnRa9qmfi2rvjN+ZarKgq7kyP6K1O+rNii+qRck006zUilM4/9mUR6neiszd/ibpwr0NSvWm WQxXZUU/LnjK63jruYQ1/xXpPmf+SZl//de8V36bQ3XVV7J5S+4A0NmrvmNWeYolC5lVC7eTSPReaE PdOs73g2W60WdjA8+1U3rXnljWXSmx0f7Nvx5ZaxhOOUC6v6lBeGpxRJnzMG+nIB9xfP9Zl3Nv1zOO 7m9OuLjdxmL7s7mhteXl5Vq7kZAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 9C370180004 X-Rspam-User: X-Stat-Signature: 67w7zpdokkjyij6uew89bppu5bishadk X-Rspamd-Server: rspam03 X-HE-Tag: 1690202833-562689 X-HE-Meta: U2FsdGVkX1/X3M6OXaAQhXPor7LaUTVuSfKeloXLiDQPV50ngGSadOJEjn/h1IJIhOl34eswZIzkf8krt7V7WiHX2vWF+gDebNSTgwE9ffDT5SwFYnzUS8EaZnybozFFM6WS37MuRG/RC3xmvIm3+sznOYhHs1uqovVQGr38GfSGJlENPvJ8E488tJBJdm9yJZ/mQy3uS5maJlz5EQsZBRzd/T3iUCGhv1KHnkhHtimdAqo166BSKx09UuNnaRhEbcgWiATUym2L3b5GCcG2SL7FvoWAMMtOLI/yKly8Fej2CCBZuG+gIXFKxlg1T+hwZ5rEmp8ynPIwBiYb1aLus58SKDsYbAENFCIjYy41HFNdCaV7xQqUHrwTxLsbW11KcOiyYPu8RkhL+397qvz1hbpV6FAKKWLPkm/Iy8Jnu3k2tZKvnYuMExbI3ZKMyqHVYb68LnoYDvQY8Wl05ecvRCHKKDs3yEN10ueg2xL9HK8EdT0ndEWyHH94XE0hFlqVWtfCB1o/hK1QPoAepzFU+SzcqF+DfspiEA8wDi1r2AyXAB6P9+aU+dgP7l4Az77xQzNjB/3vG+PvKJXkWWS//GvFlkDHzbPyoBcSuY07TRO3YE9cF7DbCOg3RoQEGLU+fXETC57iV0RXubJT6/mxDrZ4QmtKGex1HfTQCSixd63c6EoPgc4Ar+BP0saIGqs7tnbdlwkbKj5ab7YDt3DUXcIaXv/eQnAT2LkYWNDCSmtgMC7N40BzT7LTAAlDDzSKTGr3zuDcqS/B+q0kPkAewVtco3bRE2ATWFS4PH2UEgVyiY2Mvf3WCLclt21Y5XsIjeZH5AyP8zCu6fBd8vkIWtBPDAT045xLK+FvldbDOsC6Nsz7VjangZmLbY5K4beCKT1l7+mM0F0RKdcS0N/I1DNHaEhd+xS1VIoZMYbtpDgJCP5XfkjJ1Sr29kLRJj68jxtLFZYelJS2qJhnLEG lVoNwK38 B9DB8xphm+BrCPfr51EqpM5EwcO7TDSDN0+jPY3YdBiNcaOPbdUiAqmEQabvSRXNz/A9GPmgrCwsqE+Ng5RBrb8QcSPrKPhj7IQdap3AP+LqfAa/vbWaCnY8Aoj+XY/nR6vQ5g6V4r092pS4KJuKaycOp+5d4uXojNfjCgBSe7hfdmWhY2yqxnMGDX5T+a7/YVDoWikVRZPBMpdlGez6YqH+RirJYcy0/glp+1oOKw791tnlh0NwcrRR5+AVPsLsKZwIDB6kX9QcAtXccXxFLZZ+edvK8m3GDP7d1GxsN7o+xG6rsDM5HIn99HB+YtIJi9fk6O5NMCUL/+Uko4T/eZScJo4aGmk5EXEVoGXbX5ayYVSPxVP2HYzqARefVLMlqVkRdrKEHI4Lnj7CE/I2xq43a9ptNZbbL2wyqEn781ONasn8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Mon Jul 24 12:45:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324623 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8389C001DE for ; Mon, 24 Jul 2023 12:47:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 381C26B0078; Mon, 24 Jul 2023 08:47:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 331946B007B; Mon, 24 Jul 2023 08:47:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1D1DB6B007D; Mon, 24 Jul 2023 08:47:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 0CC166B0078 for ; Mon, 24 Jul 2023 08:47:22 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id AA5A6120A75 for ; Mon, 24 Jul 2023 12:47:21 +0000 (UTC) X-FDA: 81046481082.18.D935E66 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id C2CF512000F for ; Mon, 24 Jul 2023 12:47:19 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="ffH/RQ4g"; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202839; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=efWpO6kQZ4NBVvO+VRNIClHcValqnYdNn1UkQ+vSR1Q=; b=7HWK79vMgesn1737LMht7ttnwCzHhWUhwaDuJqKPxsvABuOEj7Xyds0+/0i2i3jOmseiUv MRka4olWhTejywrF0x02Bzx1syIUxizyklT1Ai7M11NFFyifm7qFhW+qix15muMnFDizIy 203mJ3X3rcgGXkRzoY/DePyqwJ/4ZME= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="ffH/RQ4g"; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202839; a=rsa-sha256; cv=none; b=rW4Y0yhqD5lsaYHq3cy0GzAccp0PMryjLb5Qt0rZaeyD3ZNX4yKJka3aEX43gVI1tbiLF2 CBwz8/KnAsP9qa3sznEktygjFoe1JQYWF3cJEGjP1T6M/aox2CoVPWhy+bCqa0+DZMwXy0 mmfNg0L2rm4sL4jYr9a0olGy0VDou1E= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 01B5761150; Mon, 24 Jul 2023 12:47:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96242C433CB; Mon, 24 Jul 2023 12:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202838; bh=JKDtvlLgCbRxcWm9rtPAv0aBzdkLrhP5DYKE0inZ7vs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ffH/RQ4g0IB9tcoBBh1H1ocL2Zba7p2EfMEAR2PTNdPzg50sCvUJ3Qr1K55lAJH3K 0KPyBAlf2ZFdEJofSE0crGwD9pFqrI9NczJdUrrmHKX5ltCxKZe543ZxFVjPwWBWpB kPcztuu1ldDii5yosGe3B2ofk2xJ2O2DFHZ3I/wONLZc+mTHaDXwahHwBmKvPtG+w8 HRQciGT9x9B5h5mQPWjVZ1tmFOW4qFx+9PuIBOdh6C4VQPQOFkLlIoRFxcMwaH+9Im QlZSX45d7O5+UQGdwfODRrKDz0oxQxqqeMD8fgP3X8dqwDdepYfMRleVJ4UQaH1T1+ R8w2kz5utRVHg== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:50 +0100 Subject: [PATCH v2 03/35] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-3-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=10156; i=broonie@kernel.org; h=from:subject:message-id; bh=JKDtvlLgCbRxcWm9rtPAv0aBzdkLrhP5DYKE0inZ7vs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKIkI/z/FRFl2yq+/W4QeCB8aMno8PWhHrRhMUA 59OEymqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yiAAKCRAk1otyXVSH0HQsB/ 0TbA9rgdVcFGKnIhca5/92eJorzzjU+xl30gtzLkaEX0J5ai5El4stEqnoNrAQltV8oR0F84Xy2zlu sUmMHcXMusZUV6BZofpnv1t4AoiWGEBNvmff7JNqhlBf1MCr/jKQuYjqCXjnQMjtMmnZAb0hIUskO4 qoReL+7c7A92pXLI31ZfdNr7efwCWYYZUA149D0K6OtFHlivE/ebBwvtoPzb22Lyr0az9SAQCZKKyn 2ua341gEeJhBMEqGsmaMFI24gUZqZSD3VBs1Fcn0Ou5MxR55YSrqFBY0YuuGmHUg7fIjpOncpxCeqD K/5ejCzx/h9kGzRL++a3Ivv09Fw/KW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: C2CF512000F X-Rspam-User: X-Stat-Signature: y9idthj7swcf9bp8nmz53tsi835ori75 X-Rspamd-Server: rspam01 X-HE-Tag: 1690202839-747441 X-HE-Meta: U2FsdGVkX18iFqD5q3o80si2mCbCeq039m80zuuNjS/4XwVEJ1Mk3Enb5IXy5BFvo38xCKdAxeep0YusWWJAxFT6kNEpyDdObZwuio1gcBW0mUkjUZTmyU55TQPjit/2SEU/z9cu3m+5j/Ztj4hPvee0tPVrW0FV0JnuCNOLTljc4RP5bsedHFh73ecsYS7HOQ0LZspRvwTR7DjyEpZfR2WNkehY4jOp8sqIMbNg2CkjeepoTuS1vb+MOQiCYkQsg8qZmuGkP+8DHBnegAnfLBlViVecFhB5w1AWZVQSdvLifLj5j6wFfUG1fySRqxQKCsVELbMCnMtEeHUjnSGWhNcPFg2AOBpvdwBoqw4TVBPWnadzLQlJg2n7AzyymPB+1eUZWTJjvTy10MlUfK+Cpi2+qUhC7pR+rFYBO3/RwZc2PoMhCK4OVjgkO+yewD81/nl6AZHiwGZUgvQUSlDNU7VrXgYyKuAT0c8PcbhY/Yo16rSKBPjIYFoMODgSYjjEPeE+DaPeya79Odq0PLmVW64QklclVwvDUhjSfu4QgNoiCZcUGhKqUlhyD3WkHqR9toMH9awcYEMVjGpYgUThAe4bg2fC9ljFmtbzPKYNwLWPPwLOtLMRXNajf9T8TiydSM4Pf9OWTSzGlfmXLfKOEfc03exn2DPad4J8A7flvco+Rc1YRMzek5A7QkMlzx77uiURXc9kqryug4bbyfdAV7EtaHHYUQFuXWIGFbRXs+DcuVSuHMu/Dh5BdV4iYx196SnZkKToYjzmmh7J3gd2rdA3Lo/ewz4fH20rvuFON3Ym2liejfvB0FCyZDO+VL7iEI0HuIAY9fYQaRmxzhqOMLqUipyJXBwAfCI9xkz0UL4NOmYGnmHxK35jZetFtfCMs5hyrrmmTCRdU4LwBSiFvaEg3oF2qO7yD0sw7znyoFYrJh3Im8OJRfpnhu6bIi1YFIfD3Ch2lM9nVQsjMVV 2n9nvjev EAIKAECL4uFM5/M7UQ9cHGnnSERgBn1/yGokYFKbXWdrtgggoIbnvsBg8yGwKyrWbzRZhp/zPvFuNxAJywbGKFpg7TmPE2nY7vr/GtdpsoxtoAjZoxYTkMFoHLLzhjduhAOL6UUXk7HUEjOSNXQ9yt7Y9ib/rAOmLkGZ0iMPdxLfUxT1pocaw/bP8E5/AS6LsS5wqq2MdKsSQGXyfdlJuaQSJYn23R3m7R+wqwnYAemVQvF+uxrzLjQLSHX8RmL8wnvVs2X+vUz9QeEhfZc+gHAz37T4KGsjQifaGMdjcWyVPkPQOJULySXhlO2sFaHhpXbIW7VKMnoDu4QS841khgFJZx30zE72Gip9PWeL4eV0KgcAycz+bZmmmqChWtBPo7i1pq2JDySuSKpug+78ozvJt1ouex9iJGgkZYmuaud03EZM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 225 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 226 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..33f21bbcc2d7 --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,225 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack for + and enables GCS for the thread, enabling the functionality controlled by + GCSPRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread the called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK / 2 or 2 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() will have the top 8 bytes + set to 0 and the 8 bytes below that initialised with an architecturally + valid GCS cap value, this allows switching to these stacks using the + stack switch instructions provided by the architecture. + +* Stacks allocated using map_shadow_stack() must be larger than 16 bytes and + must be 16 bytes aligned. + +* When GCS is disabled for a thread the Guarded Control Stack initially + allocated for that thread will be freed. Note carefully that if the + stack has been switched this may not be the stack currently in use by + the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set. The GCSPR_EL0 reported in the signal frame will + point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +7. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +8. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +9. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Mon Jul 24 12:45:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324624 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5243CC001B0 for ; Mon, 24 Jul 2023 12:47:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C0CC16B007B; Mon, 24 Jul 2023 08:47:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BBC756B007D; Mon, 24 Jul 2023 08:47:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A36C86B007E; Mon, 24 Jul 2023 08:47:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 96EA86B007B for ; Mon, 24 Jul 2023 08:47:28 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 78A3F160A95 for ; Mon, 24 Jul 2023 12:47:28 +0000 (UTC) X-FDA: 81046481376.24.4F20D84 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 87F00180017 for ; Mon, 24 Jul 2023 12:47:26 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GPIY2N8z; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202846; a=rsa-sha256; cv=none; b=0JukOkZEWOVQS8IbEvCbFofJ1jnRsVqwHFsMmzjMlIGAkjdh0hm5ZGpP+Xf5ZZQPiF907b iTPKsWCkjcB08aI/7072S58F4M18zFzXb/mIuuhXxUZ8/uhDH+NRb6e9jly449b/mynM07 nVLcL34SZloo78vtG0hKXVUh77HRE1g= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GPIY2N8z; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202846; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZjNg0k5JLv8meVnlQQnkT78Rd0wGAKwtkegHXDEiJaM=; b=aL41AZTyj4HWx+3oFw7wiLO6ngzQO9UY6RWfPx/OSW1FTzvItQizi5zbUuJp1+wFG62c2O QiAd2ZPEFTWYv2V+Fsz7acSKxNoTdReVlCWHwg7kxGL7BoqouLNvxev+KxphhdlyIWpPwp ipiDgfESXLEjcWCBJFtgHHw3mhmiYoM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C1E5E61169; Mon, 24 Jul 2023 12:47:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4635C433C7; Mon, 24 Jul 2023 12:47:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202844; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GPIY2N8zNHNlDz14CAA1jmIFGZmuW9fDHtdOh3MPt3BZdhE461y0GtsoqgDiA/yL7 wothIL4cR3CeLc28m7hxiwJ/LEACOWhXikdf5Jjy5NnRJyjEUP8ChEsXbj6+PymJM2 kias7RMaIAvUUuYLisB8n6RXXlLgff+HiRXCNlxWVCakhD8WNWEmRp4PfIXS/kgyZL DIXe77CDfhB8tdQaYCm2gkgATyP7z28ogKDbM04sIfzJrzlq2uS1Gs4CrLb073La6e DfE4mcqogFCWqf2T7JVUaKESPowAtDd8KROenvXJSry19sxckRQ/WNbGzF7gZhqU/s evFeUzCOWC+2A== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:51 +0100 Subject: [PATCH v2 04/35] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-4-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKJD49WQWF3h6SbcPE9HTobTvo7eUy6CZWyvqg1 A5u6ozqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yiQAKCRAk1otyXVSH0GAmB/ 9DiUj33XT81zMLJ00o87ws7Me4CuZQ9AcGUzuY91P7bsxx2d0xvTJ+364s194OJLQoPbCqA2Bk7Rri 8gTZ69F8JetV3ES2pk/8aOFGg3vWH6xWFFxM0AQxJnRJIu50yHTrNFg3UdzS3xWn7JXnChkQeer/cf C90p11k56xfGbagwcmMcrve5IZ4GhTkkx4wXqgqR3JAyi3xu6/XDoOT9lpc3yvEtYXjfRii24FFJgs NNdtltKpeGbWozWGJ86n6lzoPr+MAqSYwkqTPMz0apwHMlo1CXmcU6WQQifpdf30sH50xnxurgBWAN pwNloweXlU6NL2eDZ3y/SJEfNIcrlY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 87F00180017 X-Stat-Signature: z8gb7u868yi6cs9at6xmxod8o6o1d9n5 X-Rspam-User: X-HE-Tag: 1690202846-227958 X-HE-Meta: U2FsdGVkX1+W2UwAh9d1ZXSCgzonsdmr2CERNYPDH4VcbjvDsYPLxtH1v6E9a7Js6cPIykxPXxwO1hXXtuFR2M1c58DGN/TrWHJ0ppbxJiy3Fe/LfkuPHsLkaHuCnEGXKPR3LeqUciOduBJZBCy/dwoZ1HqVRmM/zuO/Q06Ki/JBj/Mti8x0fXzJEM84FS8FHPEssvUCuRkPCLqPh7ZbCH/tFeRSEHwub7PjTwLAO34ZEq/e9W1rEmcDsjzVCr5qUvsx1zviBV3qn/6ffClczf6Bo57dDPaxaqcoA8+2m5tBbrWuPmWgP3VzQ+bPnlW1MYFWrGr3QqYdawwhQV0LaE7/Lx+vz20xMSzjqH0BZisB97bjyRUlvOabQrAXmwn1MhiGF6bKl+usM3jkjCu/j8Y2MW0jaMqo/bsPpf8Ok58dH/CpxVHvIbZkv5QDKeBO1lsOtTGUgFO1gMShdfFUJDdd2p6G4Eqxow9CJDv4My6AdTXD8KwYNKbXt5sD+QePPzB2KHpKE4m9O6RtzeyO18/xUPGNNYPVrf2WXw66SF+5lF0B58bPbhs8mcjmnEcAD9CcYPLGojJpqkCRH5MrOge/UhXS4TQes5MJoYzYC5abPVwE4ClczYSmRQe5hZCat5w452cBrYCcF9wNoMFidfSUCAj9JRF6SQS+nzgUNfTV/Vu4dSNSf9yp57Ilrk7qoVf1vp4ji4jBBJajgft/wdYYps2b3Qm90VwQ9oSOi1izvm1gzsUznfDYHRxSsrXOG0rRu8STIgIgkpCVB7frnIG7dHM3RJtcDVJABfd0+Av8+hILoZowpSEdkJVAwHSiBJtjkv6nfDa62D/BHn6kdaL6mMoe51vFVXHCSVxJwIsW2JvEmkuoCz70WEaL1QysMHOdWSFt2QqhuAcjh1QcXil2qCYPSOpcik9uBDnvVp7DMseJnYiml9tb0nJNK4vSXcXuvCfJtYbfGxfI038 Zwi3/LKQ Mj6yxqqEezPiQWltcUmjTgdTtjpKrZQC5bTdJR/ld9rWbvLLFZz3EXgGWIdtWRAYQepRxkxz+RJjnX2R2DO1K0NT3ZR+W7quCq8J35sFITqFHR72TmIs8FVGXzyVaCfpKP/fx+gPPhj4e80wpZ2mlyvElUpLwl44anJXMWJRUmMHOPN6sGjZBQkXcpzwur8uObZ6jBNovV4l9zl4qRlb/RyP0xbiwlrn0hUChOQ9TCpULkFNviKFwW+zIxq5L9S7UQmW7CDRZKqTNaVA6+Xy1m8CJUgmcCStGbV3wnN1fF7MgmRznM0edqQRvKZPTQBaIXVXQIyQebjdDNARHBr++VyHD6cATlLgKqzxaOrcNVqqqcDofzNY9AQOE77ujsGkgeBlHinQaLEh2MVSxRwVOuI98sLaYb8MqImDl X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 65866bf819c3..20c12e65a304 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1780,6 +1780,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2010,6 +2045,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2209,6 +2248,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2268,6 +2315,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Mon Jul 24 12:45:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324625 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30E4AC0015E for ; Mon, 24 Jul 2023 12:47:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C5B2A6B007D; Mon, 24 Jul 2023 08:47:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C0B1A6B007E; Mon, 24 Jul 2023 08:47:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AD3178E0001; Mon, 24 Jul 2023 08:47:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A103C6B007D for ; Mon, 24 Jul 2023 08:47:34 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 62ADA1609A8 for ; Mon, 24 Jul 2023 12:47:34 +0000 (UTC) X-FDA: 81046481628.02.B73E29A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id 5FAB4160003 for ; Mon, 24 Jul 2023 12:47:32 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZzFz0xCh; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202852; a=rsa-sha256; cv=none; b=0IQSdsIm/lM6jQlcPqKzOIlZubjKvWm4LndqPMacmCpqY2KnphrJmE220Ya1hifTN9gIBe tSbVBwxoG/vitutkVwH2SOyQIVx1iXqJUBVtNNJYToh2hpOGMaozppqbwfRFicaemMNw7o UJI86orAIalR/YGNRkJ67P6UwdZeKFs= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZzFz0xCh; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202852; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=f1Fjfwmv9c20XNlM3MrDH4yBU8vPb3KKbDiNXIhVRLM=; b=Nf6pqIFz0Kx2VtqEj05i+8gHhABW3yBSmNLusq9eKrXW+LAVefBl63QyAUU+/aBQBz5f+q oSYF/r7GcKizei0x8PjICGQl7OyerHjZOt9Dv9Q/aCRcX0fjuzBCYHUcr4t833ovXAgsUH JjelkF8JzwD7A8m04nHtlM86+371SIw= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8268C61158; Mon, 24 Jul 2023 12:47:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F74BC433CC; Mon, 24 Jul 2023 12:47:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202850; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZzFz0xChocJigRyhckWkiGbMNFfgvUZ2aTY7UJZW67aba143TsIFJnYZGFLRCzhkV p4z1OLlrd2p3/IDbsMvOIuc4G27M5eFFqNUE88mw5fCDw6nCfdOq66e55crV8yHPMD qdXW5aoB/sbGf0Vsv3kEsbdgFZLT3axGgt6mCINcTiUED8LytKlGuFxIURRm2wOuy/ i+0WGPMA/T7XNJNFl/papK8Unr+ROqOxTls7IIv3WfrJp7flvnL0vUJl3UWa9a2VAd DerxdUFxwQ6DvVXiuvvdpOmzGStGtxsFNgfoEr41kZBf8F6KeU3NWDIOqGkGuTvl4z HJdQFug7WKl3Q== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:52 +0100 Subject: [PATCH v2 05/35] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-5-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1361; i=broonie@kernel.org; h=from:subject:message-id; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKK9YFEeNnB2LPFVrbzQw3UpaZONHZ1AlyTlpQc LjIPvO2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yigAKCRAk1otyXVSH0C1jCA CEu8W1gxLJnyqsAHY9nrXFKaQgsN3fIBVjMqPThPyUFGK3JkKj/xjTN4FLtLOcerA0mdaK/IrRrjmq 2SzkrXRwYFqUEgiH7+P6ndrDekxsrL/RkV5zWGwh7trg3vEYRcTxwTmqr0DrWyRocEHlCoNYjobCDp /8L+FUV80oiCeVHDab84OddNNzbe/ftHHu1HuxP8iARBpXIuOXeRBi3q6OS/+uyrVZlt5K9/a6hC7h qDFgoTiBL+EdZPqbu2VswHtcc+52XtaJnVzU5olM0oazxeLuuUghx87z1CVfw0uROEuBWRvmZJBuou tDkrJHz+RhOVB1WooSjah3wTHIK4Zz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 5FAB4160003 X-Stat-Signature: 6mihy9te8787sb3k13aeqw8uhmqzyy9j X-Rspam-User: X-HE-Tag: 1690202852-691618 X-HE-Meta: U2FsdGVkX18oE1YaFi6DSRGOXNkvu9cRJtD7KqGk4UfcVEl+p1jpSwf+jA0LPKmaoZhQkRDKCRwrVWSXtF2YvK+Bm1EqWvgHLJAZDYxTjBY2V7yWTNALJae1WlJVNnSmNkhN26eDhuMbUUJktOstyQbLbzw2cm1ZpQWturuwutSQyIp5qWqBqNRk2DktLaFmzlnCtK+CVJ2A3HixECFqmPFB8S/TTX5Guf7zT8/Ga1WfhJ2Sdu4wUVPMN/AAAyKMgH73C7mdxqD0hGtgp69xZnEqqhaAcJpQLSY56mwCfL+hH6HBwhIYgPc0mtvZw9UZ1y+RngFE+nimpMNoksmLeNKkbgjm1/u+ZGvJ0ZfKQfTNSG6Du6VmRwzF10ksWdjyAVIo7odLwa1S+XbYrxGQeg5XLsbTDRkH55up/od5pDCaU0TxpbBA+0j7148lYq0/S/MnxRYFv4hQ2BQVD0uQBKNJTMzdiBZt6ww7z5hGh9VGw6aZ2lzg1dZMd1GNcRBBPGr+qYnomylSeuzfNCwa1jfxpV/wpMfKIom4RXVbxSlr+z2MIf/UnB6LLLT7CAZWGwZRPJ58qPHHoqaNoFFfj44Vcfu6vEIB2vXDWdW++r4qROJ379IMnKuyPfGMAbwxCt95ES0aUF/FWGgjwKGoy4aGq8tMwSFezYfd5X3vxrww1e0SG/biMz9WFFadOGkO1WktG5txkhrmYr+Du5LZNHNDGZD5tuQbKYExrBOgUIg6ouHsfBXn6DZXZTvi8Wc6X9TIkclINdEP976SnN3fNuTRnRIGc7YUMNENoFYZeT2Ci42FF7AWA3pdAN2hh6cu5KvADKm/wGubr1xrFpCuN9BmFCeM3d0M69kF7F63KGBN3TWls0t5wGui3gmILiQt0GQ9XXCk+JSYbDq4hXGM56/4Cr1sJS14cNdxOL/+9S+feyD8t71DjmrHR0AmAG7sdM7YoyAlDGjSWa/xJaY 0tSC+lyj BlAJHZi6Go/pkHFYPsmxOQ/aArcKgKXsuH1okthu9yR0Z4ei0NX5aafAGhtTkIybr34u5hDf3CSzpnLMcllV2JLsdDbNalD5qzUAbdz5vb7zhXASRssre+jXExmrTRh83sMUTT2gvd8FRXY3qVWZjAUw54QTxMFeV9+BEg/nPT185uDewhLKI6C/cflnNbjM7Vyklm0B2Q1ltfjLlCrsG2yguCYMWSPMPX7eMi5cytl5Lps8CNyCpGsUEp8lc22XSl7o/r5X0dCtaHkO8FZMR6wk5gTs3/yAvQA+I5AMcWXoUE+aWTEtS9bf9WD5lkhoEyU/0UpnO7CqBD0uKFbGWCnQqWvmblsJ7Gz2pzBCgJaeD7oIPuc7Au5Sl9ZDg8TXCSTN3ERl/ei9+dXuIIUMERYNbIIEshoeZdRj6/DjwFGl20YE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index b481935e9314..3d7f9b25b8fb 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -730,6 +730,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Mon Jul 24 12:45:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324626 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5FE8C001DE for ; Mon, 24 Jul 2023 12:47:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3CF926B007E; Mon, 24 Jul 2023 08:47:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 358F48E0001; Mon, 24 Jul 2023 08:47:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 247AE6B0081; Mon, 24 Jul 2023 08:47:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 17F826B007E for ; Mon, 24 Jul 2023 08:47:41 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id E4F3D1606AC for ; Mon, 24 Jul 2023 12:47:40 +0000 (UTC) X-FDA: 81046481880.03.FE14B93 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id F3AD11C0014 for ; Mon, 24 Jul 2023 12:47:38 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=K16sTq9H; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202859; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw9uk67+s5HTS/4C+7Hw36JUsrXswdGZ2FWphnKG6DE=; b=1YOL+KGz+zoaP/FV37glRnda3eJYIvTfC3551HMEwPPu8X0llyZEo2bpJwzTeulgRAXa+L oL/6KtQHa5WwxaN3zovNpqm6aurR+Tb6gCKLMCqccUJT9xVHNvlxyUe1gRD1sbv9QQMDbL fNyEhzzNdn149yVvvYvemgCpdcke45o= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=K16sTq9H; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202859; a=rsa-sha256; cv=none; b=G7WdzsENk1+PLlyON+uO4MPX8FcM0jzRO+CiAvgNGpkbD5d61Qm4qek2NY+W6Wt944WuO8 LHElOITOxGaN0FVPsnjn/H4Bc3yBZQQ0K/BXeEGsAhEAEpMGwtn07B1QYsH1Rt/J9eZUuL Fa6nHeea6IVVpLeN0h9n5r+RW2/Cle8= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C237E6115A; Mon, 24 Jul 2023 12:47:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FE53C433D9; Mon, 24 Jul 2023 12:47:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202857; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=K16sTq9Hn6ycqMora+BBwAk/ozE8SGLAK3z2N3zL60iYgOalkFMztrWQrhEAry0Vj CcVkx2kwQQKjL3HdmJxoAgQpF5yWOmRYxsW+QLgOxd4sWN90UptH+kGz92hZjGt+yN o3Ofa4xS4uCZEZbtOT06PBqw4pFNHzegdgSRDJiKaqOgWuxrjkVArJ4A9CCKPF/UOj xskgy53bAd4PRdXm+neB4s3/4qRwEEfWAq8/GHBgRLVTUw960S6FCEbMd8A+p78ZeJ 7XCeOVFGchbvinttLBXT4aeKvf1mUDuB8SDH1Tcqrv164NBYaUfyXwzmwIMjNzvLhi iVFf9d+YH0Ytw== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:53 +0100 Subject: [PATCH v2 06/35] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-6-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKKVmClDR5NeGhf5MemevHD0L0bH31Lfo0oBRNY y9EJtxuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yigAKCRAk1otyXVSH0HXhB/ 9jWPX3plb44CCP1lSbqRmoTanjOWee0vnZnhI5zu4xXhD9o3fE+5JeyJ0M1zlScNRpISjVxUCw6TZ4 6LotQ99ybyOyzqYR54lPtBV5caae/chJyKMDP+KJ1/vN6CcDTUU07qK8YWvcsr8n/7gEs4muWfCM0e zc01Ds4rOkjBzAVpDQ/wq/NNU+y4lRc5qDm50G0XEnk9CLpasxFGDptY3SJOl5NM7bORjUWH0LdxRL 5Y/1Lc1NnSJIDs/22LBT/PrUJAO4wQABjy4Nyudxnm5Bn4VySTpk+puEtJJEdmwLLH2+Mmv4pTlWJ/ gQD7KMDC7CuxzbVR1B9pG9aDwmfU91 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: F3AD11C0014 X-Stat-Signature: et3g17jiqxpoikxee77ezwjjh1iwwhdn X-HE-Tag: 1690202858-393338 X-HE-Meta: U2FsdGVkX1+3RlqQ/z+tqV1NxXv8/kcJWfle9lkhDlkxcg7MqUIiQGRiBHeDT/u0l18iirw20gjHg99Do906eSpPJvcEXmxdWfxJtDJnnkzV3uWwNpk2iKI0hIazrhQUd5kRv3oNYJbPLmdf4YEOURrGszXw45WaW1YozhcesHXdgRpZn5sI/MebL4Mua7DfZkkVt/+xIEbNXLXJZk7QqR/aduFHjgZUJbQVWLo2MBbMDU5AfdhZJgMJKaKQwMiwphpCJP1c+rlf3jQWVGhM9Q6BWYtZMnB1RSj1UoFRY8WS04+ynUBIHU//5AtanwMNqBF4bpOl+WLQG6Bt9RZ+fQESSD3CrS1kgCzDtI+jJNRkjM9mwALsVCZwhwLtxoV9ydq2fpLdsfeE/PWQOQVu+xrXyqkv7kQYc8tcjsbWUTlc3HNrfNQyl9TCBnVaEv4qHk93La13UAkQMtzPtEYmAs3tZQnZk3KM8zkmRwcsgkNfHJWSljTnm49WAqzn+jQwKbAFgZSO1eeXPTif5WN/lH0QP8QzrIPqh9vkej/z4rTNojjrkhUat/42wmQ3cbMh9PSqdIJAhfx5ek9QRwTNQ0ZRHawHsu7SXy9zMMTrK+WOCx9zIZOKlqQCMt9xa5p0q/t1gNHAkG0tEij95GkJSEG3j1A9HpWghbby2lKPee0GTQ44FmJC+v/91v7p/4np+kEZY1L25WEDPKy1/TgYE3aojxyJ2agkzjN8ZF/zUDHV8Pj55aJ8am3f7mWAb+WHuPkwzipIuoiI+86mcTXklJfCBUiAuj1NChFCtna24bA9xt2xEYXfcMOe3P2Kli7MxXD8cAQiTX4Uj+ikPjrdeH014VGE8rqIEBInpEMeZwVyfmJF0FyGpgLTB1Wfe5Uf/U8RLyYtM2m5mLd+FA6dK6fPu66/ILDSAkkk0fPfPJpOPhbli4z+3AiO5yeMLeG3kWyoE0LnwlyU8O8JG+u Y5d8GmkK uSFNx9aNjOW3CQhlp6DwBjDydNe7jOOvhTiPyyw/xntb33PFrW4SWfwGi9rozd+NT+SLPgSKadm1Zh2mKvLWgO7dvqCPXtPuUNKnha4PRZDBZN5Ks1qTBoZjTWNb5KPSGzUQcb/VUTa0gNraxpR6sqvGXJhntAWYiQf9dPteDvG6SvbtCxQa4q2Xo4BNIiW1Nv6A1WX4VhQQcKQTDGLlEi9g/m4jGvkeiA4ikehSsJ6ecyVeImUnFwgTXb/P5AqqrTEc7RPJyPmf0NPPOdWENw1ggyp6sDtO/lWfLZKKSvq11oxMsAGBzTkV0H+oRHBOl8XoWQ8oIntU9vE//7r9KMkHLwQCEvU4Fx40Iy4AerRx4wxrJpXL41krk8IFRHnCliqMA3A7DXEzLMh+rskawi2TdqL7hytpX0vvFnP79a7xoxTY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Mon Jul 24 12:45:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324627 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BFA3C0015E for ; Mon, 24 Jul 2023 12:47:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E0B5A6B0080; Mon, 24 Jul 2023 08:47:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DE00E6B0074; Mon, 24 Jul 2023 08:47:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C80D96B0082; Mon, 24 Jul 2023 08:47:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id BADFA6B0080 for ; Mon, 24 Jul 2023 08:47:46 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 99DCC80A33 for ; Mon, 24 Jul 2023 12:47:46 +0000 (UTC) X-FDA: 81046482132.13.439CEFA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id C495D100011 for ; Mon, 24 Jul 2023 12:47:44 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Jc4/plLJ"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202864; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; b=GufuhwPLIIWS6g4shadERirdVZgPtgxk93xiy9LWyWKMBM3PdJOb96PojLp5yFtHCdGI1C ILkFa/q2zO3gIy9sgF99dA/QatsjEL3IDfBiQZBHf05PgQYxG0BTDEtVL7fq0DqRMDm95m sXPXBAeEiIqOd0a2daAFbf7O73pOJko= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Jc4/plLJ"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202864; a=rsa-sha256; cv=none; b=ojGKaKLDEEFoFcEtJ6tWmI7Zf0use7DZKkjVorwC3HEBAkvk/+kQLWkefJrskT/ggDxk0t avTr5j4009iY+w1nLCOMys16MoDEJAIM89EplGLlBhxvetOFrASlTknS+dM4+GzumWW4Me KYZhZwNZueDVq/HZ+L7u6yZUnQ9iy2A= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 07D5E61155; Mon, 24 Jul 2023 12:47:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9CDFAC433C9; Mon, 24 Jul 2023 12:47:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202863; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Jc4/plLJv7KYhQYVKckcQWOhhYiujYOQTa41utc9aW4Cpr99u0i4Rk90wl8V28aqY 4vB0Ip/vhexWo/OnchyZc/oJQDlGKty8KiYoskIPPFsirPZ/W7ArTF+IfcY3BV+QhF lLqGWKC3cLAyPfIpmGz/0P5RjeQHmc/NKaTEjz289ovvafHa9DRC4p1aQojxO+It6y 1u5IPnbo+1Ir+8+5FoOK0iuccBV7tCljK/ncbi1C5j6ooQa6A8lMqn41g1Kx7t5clW 1rOiiESlmTRz6HUfJS3lZFKUbgO8NSo+bILf/ipUUnrDraHP1HMxMjGggwGxb5Ch/C QV/1AO/rbKb3w== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:54 +0100 Subject: [PATCH v2 07/35] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-7-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owGbwMvMwMWocq27KDak/QLjabUkhpR9Rd195ox7IqUD6pIltzCHNsX+jjS5e0s2dtPkAMYPWaKN wa6djMYsDIxcDLJiiixrn2WsSg+X2Dr/0fxXMINYmUCmMHBxCsBEvp7kYGitcf/AXWglHldUWygtdT y4cWNmh7OzfP6Dhoff5QUK7Oc1yH2Y9u6HB+exNJ0bOVxV1/V+XXeX2z7NclNxZ+S1l6waK1cWqktx eXx+d05N0J+n80exesCnPwKtpWzLnDx10j5zuF+3KZ/fnH8g7K/h8yTB5/uWJSgKWIR2sCiXbX/IP/ VKUtKzA5o9cxj2hF0IfrfWc9Oq327mhTxPMo/f1naICZtmk8wqe6Z4qZjGlO8t+3+IrpsWcPSV/ltJ ze/3jmqK6P9fP6lCevXZhMfTH9/un3Ts454nqlq9kVoSLvmfjGWTFq4Jy3Z+tsuP/8iKDdV2NV8v9T 5x9fwXo2wYINbppXcvcPbjA9eiAQ== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: C495D100011 X-Stat-Signature: 6k7r77xgz6eenc9c83q4wxowrcjk31ji X-Rspam-User: X-HE-Tag: 1690202864-193089 X-HE-Meta: U2FsdGVkX18mqcpU8HHufRkPPgHwgXDY6DdyLlAO1TunB5NMHuGEPRFH/IdrcJs24TiRLIjIO2iqxlHdy5ePeKvjdmyHEUga1IIBffnbmttjm/yNgLNkkvmpSH/cdMpbktnW+crffWD2Gh1iCaHYcT8mj3CeIVAas65nhw8gXo+FG+obIzHJv4KyHbpDtr97FqP1K9sWyMNBO1sgo4uEiUm6kOIcmXgDR8KMBb3Z7dmx7jQtySrC1snjh/YKsm54zJnuTeUmis3kslN7qPrmxbg2bV/05jkqdTu/0Wd4O1dJf1wTmeYcuvNLh2I3+1oxryxJPD0XP5Cybo9BfHl0H3mgncYrm4S52++LR7Hl1B9j+BxRUvzO0DDN9pKHRToJwVD/+GO+ZeJISnrRPkMLXZvfA0qLLSExpowGqw0HJSlRaQKkIKwmfDXzC9Lw7i/zCTt5c7/Yy+WZtzeeeEpGT8V6w/7oa8LSl4gOqk2DcvWrPEMpfidBQymvCNPsLMwCk32YWPfP7H8hVMI8T5a5vtAs45XGgvct9qz7TfSKKZNlTIx6u75A8BJu0vHoMFr7ES4V6Dn6kBLkRI3U7NCxTe2ItRw5ZzDgQW7Ya8g3kPbwf4Y2hvs8BoagjrOJSt+aPUbyh0bDi6jcpVli3b5NEOrjtHge33C9syM1ZYgFpHYKStn2N9TyzajZvXTQWF3VrLSM4RdjfzOfwmQ8a+o9DpD3tgmY7JbPXfO/Dh57iKVUoB0AXSI/8EIeoPN2GaqJ8slIWzaAIgZtvohSaeX8/r/SEGtT/ih1tg3uf6K2bPgXM4dYycApXW0DN+m1mlQcqPjXJ9iSuu6SEKL8OYtdwRq1NeZWDmV33iNLJmnx3TnKk54fkhXfE9aoB25cJ9tKP3YuWZpYMHvCpe7Mduyz0nhYNd8iN+1hs+gOZOfibMjQRWFT4wOZBE7lFtKpnSzNA+JzT7m8SPjRHqCRoVz UIwaCSxD 0kGnpZDdUFidA1TiUUiV+EN0XQcyVndfjArq80IvzzWud4oWHzXvhHlUZivTrTaZk+3wxemSc6eWlLHzz9kSNCEIqDvXWDfi5AJuWnIe4zdbDK6wmkKAoWR5Ord1OMTBAf3RM6+rNRpR3Pag0NQgxUW24g6jVfpqO3Ndb5As7NuBaXeynJUc1U8zcMe+IlreQoxOjnCxXjup4UCgidK62+z08kNqtIzQp0bmpl+QHp/5hjvmulw2g29/cqxeXpppHHWnfzMsQcJQbTKxLZ5Db4zmiUsF7lsEzOPzx8+HCX5hQ87K/o/PLf2y1yJUztDIYbACNlyufUB8zuP9nhnMTCdERNyZXeOB8y7K9TPEMi+7//FgyDaI78II7DnLsEmhOe+6H99oZnYm8IOUaWPtV7iE4aSwtWRhSx15eIdcQMGS5L1MAz0xNBiU7JaN+mtBNTDxi6LxoUNWSZnG+WOmL1E9vRg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Mon Jul 24 12:45:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324628 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6E79C0015E for ; Mon, 24 Jul 2023 12:47:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 496776B0074; Mon, 24 Jul 2023 08:47:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 443426B007B; Mon, 24 Jul 2023 08:47:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 30B218E0001; Mon, 24 Jul 2023 08:47:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 23CC96B0074 for ; Mon, 24 Jul 2023 08:47:53 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id D604B140A18 for ; Mon, 24 Jul 2023 12:47:52 +0000 (UTC) X-FDA: 81046482384.24.A1ED9C2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id F381AC000F for ; Mon, 24 Jul 2023 12:47:50 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="roLKCU/n"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202871; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UsQ4evMiiAYwQjdayZkqlkQ8Zju2zsq0zDtbSV9Oikk=; b=6W+D29t0Hj+Fwn8mgL7+b/JYboN3yMPwX8OzBbpe62VrRokklRyPvePwtmTRehULey359M 7LOnxXpO+h8HThtOCDXLrpA6JwCcbBbhy1RrRt9DvtyhO8rcbw1BbdFfvImME8PARHylAD eMR5p8u+dGTfLfY2aw27Sf9pfZ8P/Nw= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="roLKCU/n"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202871; a=rsa-sha256; cv=none; b=LUJbDrr1hWL2ijDLaWMLs+XnouuH7lewyVDIltueaXXtbcmObRgPcbeKuL/DiIvYMBoaE4 ZbPkgwtlSjRvt2/5mB0gpYWOK9foDK5w+KElVZhZTwpouD1GihP2YUZe3vOUHmIV6Ro4Q/ c2zGCGG9adf6MgYNOI9FBhbanvOqV1g= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3B70761154; Mon, 24 Jul 2023 12:47:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D91DAC433C7; Mon, 24 Jul 2023 12:47:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202869; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=roLKCU/nig+Wr8FSAnbyj1Qfb5WOmrgj54jhTmP4s8NTkOtvPBeKBq5AP5n6MZlNB /RJV0f3W2+O79WHzUO7TQcnlqhmazNoIDm0+PXqdaDaYJ3FDouNDAIhrPYDE76dOub il5fMobhu8o4MqkwyuvgryB9cJxaCOvhzSJfp+IfPz9U2JJApY5ubdSb0IE2b2gGKR WjsxOl/vXp9wVu0/Cb254sT0EHOJdfLwHkzzea+8ofkk9mdhXSHULpuSaEMo+qznxI 4fpDQrRzroR+xM8OOqJMON+Tfg7gSiE7TNow/9spoogNyhQmfRVzmisClN2Qo/4wxd ByT110pS4uD1A== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:55 +0100 Subject: [PATCH v2 08/35] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-8-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2901; i=broonie@kernel.org; h=from:subject:message-id; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKM0ntsqhQlyItbsE9KCQyzVEsk14yJdyo3XXNn /8FzugKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yjAAKCRAk1otyXVSH0GaVB/ 9UUHjlxPTDBbkqU5gxTM/JJKvJfwnYISvQfl5zWVSNmIkdl8TuoRIiKzyqjoGOYhqTl/pEclvkWek0 +Y5GkXo6H0m5yqilwRTmPjCD+RGM8bcr1Vt0IU7egTQAa6QeBzBSKNTJKlbEgtdnu27UVmxTejXxit coCXRLERvhQVsfsbahzvGoJ4EKCSQ8iqXZzirH2MQeovUtgPXYLOqM5RNB+bNzM176Xic+NjjQNS4V 2nYK9Jy6iAnrBzcpTWNQST9W1N7Cmytvgngfp56nO8NThzZ4o/MTXG2aF45D3fF09IuC7tQyL5He0U ++yagyae7B9uInndr+CMFQHYEX8zFX X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: y877ykkfmwb4ajssrndwssxp7oeawgdw X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: F381AC000F X-HE-Tag: 1690202870-213667 X-HE-Meta: U2FsdGVkX18fbyW/RLPO9y479SqDXHHp3gqHIai9TedCXOP8tlTGTBNzAyS2NQ6Lb2rC+BstRb8xUqaWPdbd0GiwPLW0oeuEHmgj44Xoc0KSdWmaPmol5iuj/kebKCQX8ANg9AymqG+eXdTDM1kUJ5k2jdaR8C32xJsR7NAHUrt33B2k9JNXFZoWcrl1FDYkEy49TSQ7rOrpXmrSYEyN1pHJuzrcZaAGXaDtJbLSw6V5l0cwBhrddlJ7eSknQt7yARfIqttmf7B1zWkf6xHbwOoSHgHYnK3kran/RA7k8J1D4Xs5NiKVXG/zKhyDROL71zl25RaOS5r1hT7EQh72LdmpYvLTfa/ZGcvuHOrtU+zWP49PTuXTYchhD07BT87BsyNq0zccgl2u+DbVXfmHazQ3SRFyM2WClIR+ofrlFyHl/vUlkzOYEMljhWgV5aXyuRAT7mdGRYZIN9f7ydI6hSeIlH2qjGaq0mBzdCXE0tFf8ucNDZt3R7T1EqVN7Gof/u7j5Fswicz9JWKYtjYCD4qWu/nk+b5U2Z3AvfeFLnoon1wqyhOozfymdhdouAATVmuJPYdQ0PI39uHLF9+3XlygISNh89kr/fxWTS3kqtfV7R3BSk7dqzWOfYS4pvaVQCNpE/2pDpRSMDr5eK0+mNk0LaOgwsh1xE+a3TnCqlRlogBpGJ9cf3puSHFoqQ1SyPCoIv9/uC725xivCUHDaAnyEeuHS5tzTKyHzLMI2smz2liqVXsfJGac8KtiuN+rYoxl9c8l9lP1u+/fUYw4rgfsVFCF5Kgka4Vm5QwR5fQBd/hujAjd2N6T/bYIYhDwEKOUacbqsPpZyVvznW1t4/8JL6BXc8r1FPEwGOwI3X06QyVYy7fDeZbJHBCWWi8JSCtTmPohUIf1MMcvqq4rtcbUs2XrixRnNe1kJ2sSpKjKSnoPnRYKB5vj97u/+dUeMexmn13zktZ4aC7Vg1X pKCz2IB9 D4LEfzJ1y9+mzk2HqvEn1he+hdC8EwmoJZ9Q2XHdAhGy6+z7KMPkVIT2q89L537kbzns2Ea4iO3mR5tRegwNt9MF2dlyXAWt7oIz8tSMvnRcQ2rzYst1lN0IzCMszLoMYiLuADDGHfEs6KIiMvVP2Irg/p0SR5100seA8z5XT3AK9aU79dttfpS7ZpvLL5ZzhRzOXrNyAiJ3oApB1IpwXhvS5Despstk/1cCoZeKCEzbIvn6WmWMMMxmZEcAkWaGAt6izHTSxgMyh3GwppuB6MnjtqQurpYho/wMjuZzLapt8/05sDgHBSemlByQF1x4haigHlS8VZA9iwBEVOu1Tx8oZ8cBVPyL59Fe2y7UDbndSloR6Y/JoYXP0eCkCa61ScnO3wIVtLLjdzDdvjs4Pdg4hrmE01ML41wJ+7Ho6pVOZn8w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 96e50227f940..189783142a96 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f9d456fe132d..91a14a6ccb04 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -254,6 +254,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2219,6 +2221,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2715,6 +2723,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = ID_AA64MMFR2_EL1_EVT_IMP, .matches = has_cpuid_feature, }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c80ed4f3cbce..ab582f592131 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -26,6 +26,7 @@ HAS_ECV HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Mon Jul 24 12:45:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324629 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5E9DC001B0 for ; Mon, 24 Jul 2023 12:47:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 72AC86B007B; Mon, 24 Jul 2023 08:47:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 703198E0001; Mon, 24 Jul 2023 08:47:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F2356B0082; Mon, 24 Jul 2023 08:47:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 519C46B007B for ; Mon, 24 Jul 2023 08:47:59 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 1CA441C9833 for ; Mon, 24 Jul 2023 12:47:59 +0000 (UTC) X-FDA: 81046482678.21.12F6631 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id 4D7321A0003 for ; Mon, 24 Jul 2023 12:47:57 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Tb9j/Jj5"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202877; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Dnc2nP1HVaiEDoBVg12zB7TbohL1GVCNMw7SaItQG9I=; b=o4/p2ewdyES7P41iu32PZFTwlwAxgMpy6p92Qaxj9+EAvJEuG5wLOpjB+bszmEqf3FxWqT UAKttB2v+8H5z4vXpEvQYSuKkfvZUtPgFXN0uOk2TJ+3QozhlH1qFap68HrtVjJ7ZM9Fk/ JygXN5Z4vG8IqzGGAt2NXxH2obLjHMs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202877; a=rsa-sha256; cv=none; b=ZkeRHkDVq/S0Pjojtt82J0ONqGod4P8HDeUzJT8umFeZqyckRyYhVGGY7R7JMY2lhAPgPG m8dnQJ8lYKQVGjnImGPC2PmqLNAGm1RqiYGcLRNmrUzDPunfuT9R2CpFFNQ0GmXCCsGaS2 GYyfNwcfMeK4pUqJd9ZRmKHW9fJU040= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Tb9j/Jj5"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7D41061152; Mon, 24 Jul 2023 12:47:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1DDE7C433CA; Mon, 24 Jul 2023 12:47:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202875; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Tb9j/Jj5rPQCjvSn0gaUWtwDW3EBIpvcGBN9Pe3o/9saIHXilhlDsAeduwr8ixRQM x4ADvWKIaqzbNzuscUC4n/2R1a0DBV4EF02ZPoQuvqVkmrVJ3kX3bUUqv8v06Eb7YJ PR+SSRGBhd8/uRUIRqyMUy3hcHWedZyHeTjCpJRdO1kp1X8hdNT/9zl7utYbynsBIs 1Hs+unNe1/LEgXKEAW3wy50z2FXcAp2gBrypSaXP4WIdJGLKqgEs08oOMxsmwyBr/q rv5nNIZ3iAtEpDLwYxjX6st/0TfzWHcfrMzL9H6QlZeRJ0rOEeBGajh08eqhAZe+hy n2RKNfQzQ+oow== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:56 +0100 Subject: [PATCH v2 09/35] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-9-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2919; i=broonie@kernel.org; h=from:subject:message-id; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKNRqHj19qqWalRG5r1e01L3PAODzfgk8FJkSTr mcTvG1OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yjQAKCRAk1otyXVSH0B/nB/ 9I/rzkSJaVIXiDNm4gfTSFFmK2oAtp4ZlnYCwdB3+jtXW/mq3l4mjlTCwA4o5lfdPv/KPB21bLB84Y 4FGI0w7PLTiEOok8PSRvdd0iJHI/c1IChQHKvYQUlYvFmpEdqWx49ha538ZrVqjOWMUFc8Y4A9m4Kw ynpdNUSJ8jppML7kfernk+/8d9j6IXjFZVQ9KymZT0XDRWb3tKKdsWV9osBDJPS+MjhLYT/K7+taeh uCCIbu8pRHQKHhjW3UGldnKNzgKtcuO2yQt9iy9oynWdNtLJJSLcjFOLU+hPjtUJikg925dTQzMGub Q5ZjBqhdffoiJAJ1pkMHuIApMG+RkS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 4D7321A0003 X-Rspam-User: X-Stat-Signature: xc8oehsx6szrmm7tno7twa95bfebt7rk X-Rspamd-Server: rspam03 X-HE-Tag: 1690202877-613780 X-HE-Meta: U2FsdGVkX1+oMkMCrzUlaM1U06u3ZTYc5+4PwfK3Qgu34d1ZbaAeEWt4zy70WLgu2zK1RQK8NIOj5RnMNAsbQKCbvdtuGGyqNvEE+hpB/92dNasyuls7X9vaiztvd1/0KZc0fdYY75SYUA9t/wQ2J+4ds5EoPxzUh3lyR0y5SDaC1Xidw1kkaBFdiZHi1SRIb8LU1OZa6mEXEErYDFv5G+TpVT3UWHcILEH+IUxl/kZeNZzOyBvO86o0axVH0nERpcnYrE67W71NCaNeO43eZFoAId/h4lebuZZbLc/Cz+eMNz/IWPqkwS20TMwI2neAOogkO8LOS2uhyyHsHHfsw7xhLh5cgGnOMH96ljjd3aNvHvo3DSpnBc+XMjSo3/TnRjWTBnv1xSZBw3vHVpsI1XwbK6ifZprGoUrOjgGwe1OUPAiDIXHdF6N8q//sECF+q/+mB6ASQuZa/u4/mKqHkgKQCYYVgVbfzRvNlrqJNnJtVLLZxB5h6ddBtvnpTXCzRC4j5U6/3lMXAlP39fJmP8RY+AAY+WmPzKvs5ls+ZTPqJCYGtPnwvYOznrAIOfYIcqwN1p4IdhjSNdM4H5btmq8pxDGFKBoSnd7anYFU++SnrsAe42cWr/a0Puyqp9MaZXXwpBJpSn5rw9rkpEgQzD7fraicYpLL0uuUZaOzGzpeF1KuqMUQsL1kgPswdtf+IMjdBfTQq+LGqRjqR3QOQAweHrd4DBhYwRmN+qhIAjrtO5+oYRO8cg0joNz82LTmqEukPS6jB4qtVq0eDyRLr3cTQFpGZ6y8+VjmJbaMwsYo7sGwUBf1YdEx8zSGuDHjX/1zRSEqlPUitkjmJUGFYUKtkcdA7510aVMeK+rfotW5HXVrp3FjYPz0CTr+ONV/P2Lnv9BdtnUaObCfUhzVmvv+TkU7KIPWUN9xBwfgTwe1KM4vOaiuIsGbTAX4fuNd8ddjdH6mQTTBDBsqtHU nNtTpagT dBDaQ/keMIDgI1uWurIdrkA1Bw/icKCJTK/LiFCkyKgmiOUNUTxfKuA8imOmME+OBbvvRnkGhQJh9ks05oDsLeFy4B4jsCDTRTvg79i6bnRfIbR4eYDRtopRB313mB5grbXGrtO306INX8OwKmkRuWP+rbfeGnQFke3oJ3HZVt7fhLqzfNBbLLSX7ri32BubmQM+qrMBMEbD8+y1klhmfb1RVNzGmdqAPuOk5lBeK5vqlRoSHHpw2fpxgQHmc0AnGP7jf1LGL5qTWKLOdKXs0JEY9ogG3NUdBidl4F+BG6FVdcmdXQg9TPcHdmY20unXo4f75NfbRHgkl4v+9FA0roFU+fEeTnIfmm50umOgc3mM+y14fMrOH9R+Xk9FRQej4qwkcqhKdbk3qxD54MVSmRl72+4ZQw6tcJBR8NXIrYK8wF4Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index eed814b00a38..b157ae0420ed 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -131,15 +131,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -147,6 +155,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_RW) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Mon Jul 24 12:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324630 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BF2BC0015E for ; Mon, 24 Jul 2023 12:48:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DE1676B0081; Mon, 24 Jul 2023 08:48:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D91D96B0082; Mon, 24 Jul 2023 08:48:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C59AA6B0083; Mon, 24 Jul 2023 08:48:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id B7D596B0081 for ; Mon, 24 Jul 2023 08:48:05 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 87D691604CA for ; Mon, 24 Jul 2023 12:48:05 +0000 (UTC) X-FDA: 81046482930.27.94A4280 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 7E7A6140006 for ; Mon, 24 Jul 2023 12:48:03 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QGcM4fnx; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202883; a=rsa-sha256; cv=none; b=FoFUw/fF7BHAww30AzvDH/FkyvbW4jhHGDdFBfx3eHxeR1aiAcKsNQApv9Aec+yAZFi4CR 1ZZ7fMn9PkX3O/762OAA+eQ+u8txzmgTL1UssbJhl73VPE38Eg7G8NSbjw2dp/iceYl1rB sC73bG5+M3J7uI3Zo1jwcRJM8otTBo8= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QGcM4fnx; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202883; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=d+vTIo5qykSMa62JenYx5CYU48wBq1Xp8+RkjRKKvjw=; b=t3n7NW8UVXjsKBFNfc7+3BoeO3oxw1p8oJ4dLWRTkKLsr1aTJV72GvUx+jA4raIfBZqTGR wRe5sT+u+vPn6WyBRKVxNB4WT8LrNJm4qn9lZr5lh/F7OcqwvUWdL/sYJWUBcjUmFCn79Q u1RQazjw/U+WdS6SPKdcxxzWmufRGzI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B33C061155; Mon, 24 Jul 2023 12:48:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5AE72C433C8; Mon, 24 Jul 2023 12:47:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202882; bh=XgAXaxiI+LNUcKtRlH2zykI6sDdksLTFFqJ3d2DlV6Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QGcM4fnx8swpQgYlAoCdgwpYJMLiVk400mojxwsQVLI9u7WmzRJGtjcGmpf1rONDi Xtl0CNWv/G1fjwhLgbOmsjdZGuyrmwVKXp/5dm+/vQL9JmjprgmAxj1w9oVlZOaTTX ofd0nIM5qeZ3BWWsFtmVr8FT6ONga/FRlNL+mdbnCRYlQGpV05t1flnZD1i4BKnzO+ nuShnz44zVYhXhF38ilgLT0jabJMYVYktsFVB4G3zxi1wzrt5470MePGh4sNQ8PIs1 ck/eqVSuihlN6lGd64GLZFrREDPRbgtoDzTm5R3dJtKyDCT2EkNa1yntyc8ts7GnJs +XXpha8iGolAg== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:57 +0100 Subject: [PATCH v2 10/35] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-10-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2027; i=broonie@kernel.org; h=from:subject:message-id; bh=XgAXaxiI+LNUcKtRlH2zykI6sDdksLTFFqJ3d2DlV6Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKOdTEcLahkBp5IvWyRhmcZw9T/1AqgLdEteVGJ Q6Hg5S2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yjgAKCRAk1otyXVSH0J4CB/ 9rhqw0udDoYi8sudj/nInZ2l8ch9RyA2y9LlyMnS5EK2PCPsTlwwDG8zCkzr2Jf//EF5g3JIkU3F+J XthObw2KIyQ0tYX6oE97ECWKXNidZz8FppyIjF+x/kMI9CeBzOqWvEPh8t2unhLhgWVMqR8NmNMypi pnXvc7tLLYYFLfJFYfdsQvaEhlRbAwtAxBJi3WlKEUh8fGTnLU004p6Csd8bW3V2rkU3ApTPpkp51M asuqbjt59yH0eTxwGOfrL1qj8Lui/gvJDdjlwnzphEwC/rwfKQhcy8Chgg/9rRm/hQrcawBHad4rWx dfQezidZRepEyWt91teiL0228x6T8k X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 7E7A6140006 X-Stat-Signature: nfcqj66cxrwms1dse3i1o18mqje5umep X-Rspam-User: X-HE-Tag: 1690202883-112832 X-HE-Meta: U2FsdGVkX1+mg2hv8MCMJaY7rlzcCBtmW4BDzz7HmGkXJ6xfh/HhQyMmFHG8ytEtwI+AT/f9mo9OWiELBvyK6aG1pgwXs79Jl/tgAtMZl59NEmjrfX6AByDQe9eJXyoy7dvq3A6ZRopLQF/XIs7CsuWaPTJP2tDnq1OUwxyjqUHot+mIstn/H19h9+N+ERcFTIe3XJ0xlIOSIoJmSZbs5AgkzYNP2op1OmeseZVrv1dYP3qZkwKGv8RGNJHykxq6rQc5XBgnj1c+6GSd7X290KE7efSe178N1SOMg8kdR8e302aA4QmRfNG+9nlItbMuEIZjPl9AUb3ZiX31U/gjnqFPcvOsVcDzTK7lzISaLBHtb9MdZZVIwWmuxDPXhrD+if4Ckch6qwTZ2XqnZQYBN+1UI18Lql4SVLt8CF1INp2PDsGNDxeuMFsdXI09Tzvli5AvVRgFZdvCrFOiIbWaBnRlltbGva7Ya5gQVDV1nBOqICbB1+fi0ZcmCx8ue+sD7rIWI31nXJsuqX9wp2NkMrcBNm3lqLvkYEQUCskqtQLIyVD6BrmhkUgGVpZRJTWkeBoQdSXjDVTCC/jHGTsul1fsC9r1X/1Vgn/TSAYt0xhQGtdTdoCGJXuA6NPuARAmRSBLGtG1ZXwjGV8pByfaJZV8waDjERlMpwDwd9mMt+qgBvWtHFDp310DHadiDaWdBtry1wGxOCm4F868zm3pJ9ip8EoyuvamOTfhJQaP+PQOCmxPiL/+OKZDIpL7hrVU8BxK/HhfOyq02eilIWm8bS5jaokEzUtuTJoTfq6qnLKCpXfdTjhhUWJQNs6uNUjmNGG6cI2+yKdnRiybY/nCpI+05s0JeDLDTceFSOCBgYSjm9M4LUSeNNNTFNiB728t7tTclWFoyE2oDfuP3wTUBWlentCp9wnk87WWIYp6t+hTaHeNag67/hmHza/aYqCWC5s80CA4X9kPUJdtWhi wkLG6UO+ acCQcDi1EwKBwfZcCzFWBBK5t+tZB4M7JFNWI0GTrP5slT4lkyJY6CsoOdO+Gh1KxZrrPRR2MBjVyooeZAYXynAqbteklZWCxJbmID1qAgr6lsJtRt3LIDL9NMUGTDDqbvidFH6C3NXfS1kGYEhdKHuPZyU4tlbl6XDGkDH1E7RK9XMGUVj9KfZxtDsJ5esvx3MRme+Gm0K8L/O/HFNdPlRIQPJmqLDMAONv5adL0ooF5UN0jwZQBO2XvqHA7TYxr0d3QYI59zzQ72ohJaiMDyLrLgevkgcEvQQ6boRqCdXO002WeUQxzEHl9iVu0MaCHfLjcmRiB5qprRoemKmlbm7JLrSuLpn9ZXSPIWr7t5iQf01KHTm1cRW9b5h3H1skKB8oZwZrh8WkhqQoh4JJ6SrVZt84v3d9Ok9UPjir88n3H2Awlo0VXNB8NClRC2nIBcZilQ1kBg25pPmnp5MCbEpnFWw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 6ccb57089a06..086a0408a4d7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -566,7 +566,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index cfab855fe7e9..e8c50848bb16 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_X86_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index c57c5030ef6c..c6af8daceb56 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -372,7 +372,17 @@ extern unsigned int kobjsize(const void *objp); * having a PAGE_SIZE guard gap. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Mon Jul 24 12:45:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324631 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 681EFC05051 for ; Mon, 24 Jul 2023 12:48:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F413A6B0075; Mon, 24 Jul 2023 08:48:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EF1906B007D; Mon, 24 Jul 2023 08:48:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB9DA6B0082; Mon, 24 Jul 2023 08:48:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id CDC036B0075 for ; Mon, 24 Jul 2023 08:48:12 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 97F9040B03 for ; Mon, 24 Jul 2023 12:48:12 +0000 (UTC) X-FDA: 81046483224.26.DF8975C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id B2D2A140014 for ; Mon, 24 Jul 2023 12:48:10 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eAHFD3Vk; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202890; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RiRra371vnC/K7aW/lS3yxDUYWSr5hTseY8nLXePyV0=; b=jmA8RAUdWzOH7n1O7V0x+QtJeM9mMnlne+a3+Ks3nUb1msYMRjkKl36XJRZxrorGeAoEuI 9Ypn8qSDNaLeRzzVvA2mwo378VXXQ2P1nCSYPupkbFfuHiLXoVIbs3rj0b3wp62pwWt64v nOrB7jo7Ib6Wnr71LSC+D1JWEE885RY= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eAHFD3Vk; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202890; a=rsa-sha256; cv=none; b=Hf8HZhWXatO2sN4DqU/v3MfXmxWsb9dUPlb4pjyuPwn+O8OF1ps2X6UUM8ecKPIxhAWe+j 8OslLoinfASXKet2LEqtvUkhOUs2+4bdbA158HS4DuNLA9JPbH273J+LGZATJVhJ308Mp7 RM/cQTqTpmTCBm+anM+hvBSzgYzT5cE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DCC1861150; Mon, 24 Jul 2023 12:48:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9852CC433C7; Mon, 24 Jul 2023 12:48:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202889; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eAHFD3VkLN/8hYIgqRqDjQ6LYTYEEBqeysndIBpWyaqChnJimQhI2SWLffN0KZPuj lIir4tYMNSE/l0Imtt32k/Aq1wucbaZFpvPA0Q76Ftk5Q2jz6gyNgoMwvHITgWPKzz TU1gqXlVS9FVW1MNqWsf8w8XXunp1vTJmuOtK7yhaklMl6nMB+HxiZaZqRJBEHgEhy byqtJUMFFWC+9RJqhZIgnfP2BJDR0dx5Qq4KNXqCldfDulWjLtbVzSdsihRjnfTEh2 DrOZ3c8YOFjiKv0FrziAZlTVf/nMRKDSfIxMJVdP9+jOkJpXRB+Lop3XzdQmgwvwPe uq0oKZomv4thg== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:58 +0100 Subject: [PATCH v2 11/35] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-11-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1225; i=broonie@kernel.org; h=from:subject:message-id; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKRaZSoY2+MaaD6WZiUULr2xdVlp7ZPrzrnZmLl EHOK+gKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ykQAKCRAk1otyXVSH0Mg7B/ 9+4k2ZXisvhnKjAsSHTUw1WHN7uidVpsJ/tQIxcwlf/sL96Wr7p6Dt3WpcFegBwJyWipn6L5XmrDzp TLd6eWFsOwxF6bMxL71UbwQ929Lih6fQ5r2sUQxNEwTKYmrIzhvm3paIYNtGe/17bHGmT5+fxtxHG4 7o5KhB1DsaTLY9ECCB38jAMstQ7+Lv/on3xMjPHnXrR7+U52NdveoIDKePI9eiQ01sF+Ylw/EEmzIJ KCqoCbYhFOAwUVuppI/P3fHgbq9mkLk+K8CPa3KY+fZEMQz6DsApbzkl1+HcynR3gRKzR6YGMA227w dorur6W9UQcXxTVIfPt+VAxzu2iB5Q X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B2D2A140014 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: nytzm8tu93r3e783gj86sorxhzr86wwd X-HE-Tag: 1690202890-824787 X-HE-Meta: U2FsdGVkX1+N+uDXfVDxHRrLf+3BRwisZrh6qmN9Pw3SzAEmlPUrexove3BWxveQHWkjlgWETGu/A7XIn8HBuxjp/2TgjdiUc8GaygDAcvW5RW0M2gs0WuFHTzpPnGfarmvHX22e8gVcSMv7SutP6D3REQmO/eaDDaAhlXJUrKyxSIWzmKofrYnXR524oVI7qQyzCI2VvoDCRL2eyKnSWrJO5fNDY4CUj9voyT0mQVnS8twZ4ga381iCpVSioVbOSty3JChs3jvvWaxbDR3sbgk/xWVp9jKQ9x5kL9lxwlMXUPbLiS+QDsly2mb2nGPO8wAAJtPl/05cqLfOkggl3G7mG5NgH0ufwOdQW8HO1Na22I60lhsug1lggMQ5vRK9/f7//vqDArt2qpCIyZ16ZKa0Tn3yYcMO5aErgqbeSZDA5GGnLzO/9UL2gTg5Z1bQwDlBYYVDpCzSHDIaZPNtbZVK8mEk9tLJfDlSEM9qi7zkWDw3QpUqtva7k0nBjpYCcXsLFfaZH5oiKGKlgigBwlzKfbSWFoWMyJM+0XC9AFgx5tARxI9Xp21RLTtFnaoRupEcyWMe9SZ6tkumBkdruig0FyOiPFuTFrQzqeWkuWKvWykV5pacG11XZEbvEGxkxLwYQAsYHArXolpp0qtzfeGHHneG32dyepzd7OH88GbUF/r1LQOjKn6Q3BZpaNTztbNEadDWKXD+ipwMjxPJv76yYXsUjBtWmG3lhSvXqkusPW/57zUywz2HRKzf+F7UWSJ40PsyLnAXCXQdU63WFBYkutl3zGjlA88sJ5yiqw43Ij0qQYIuTBddE1iRsZHk+lQ4cPx4TvLUwKdJ1y/XTA1RnZi3IYL8fNkl29Qje9GcfxkvrTSEoPoSPbZ9WvkP0drtsKuHMdbYq9VKV0TTyhUUG1wKzCD5VoWiSaUtYfoftPY6qGmOTEARr3azr7z0A5lebl9HVmpXzHLoK3k /CPULfxi Vb6ZiZnAXgpg507rQCZuoM7ktM6WoGZ8QAiaeR6JPLyAK2KB/wGCg7n5btkMt4yqW6AhcB6K5eqvhXZTKiuc2033UlRBRRG3RN+/w0JpWltbpXLSQxy7VQXbdcNrJOkIsNV2C74Y7tzN3ImwB6UQUuHHQFg4RC4qs8rm8UA8Md1qF2JLwnO3s6/MvTMHTTXRyvo/fzRUorQwVHOAbU03D7cycjGkU18VJZkmWvl2ytQrQaoVcySg/a4UKBB5gMKuYVWysTnGoxsWQN6rx6kHba9SasbnRl+OIiN0RGzFFe4MtUF8Dllfxgz6FmnydzQa+XO+6larxULQ4D77iDQJf65s6p2Bx9fEUBzHN6oAb1MLhhvQbiCE38uHv27q+BzxWpeqzFLhJltt7KXV2w2zbbCN7aoeQNaEpiVyUlsDJJ+Qfd4I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/mm/mmap.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e2ca770920ed 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* + * If this is a GCS then only interpret VM_WRITE. + * + * TODO: Just make protection_map[] bigger? Nothing seems + * ideal here. + */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Mon Jul 24 12:45:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324632 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F63CC001DE for ; Mon, 24 Jul 2023 12:48:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3345B6B0071; Mon, 24 Jul 2023 08:48:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2E4306B0078; Mon, 24 Jul 2023 08:48:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1AC568E0001; Mon, 24 Jul 2023 08:48:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0C5866B0071 for ; Mon, 24 Jul 2023 08:48:21 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id A973AB20E4 for ; Mon, 24 Jul 2023 12:48:20 +0000 (UTC) X-FDA: 81046483560.11.CF6F8E9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id B67DC140007 for ; Mon, 24 Jul 2023 12:48:18 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="ADxRF/rP"; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202898; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qn2wictEWB8wzi6RrERix0h5HYhcy7w/c2/srM6xMb4=; b=fTIz8ZHeHiHxUDYZpn3u+ZbDQSAeBGerv5ZpAmZfctDnFKmS39Ae2WJWbV7ncjagwW+O4J 9g5mZk1J+o7olw6uY+fHsZK6cvQceqAS/ucyVOYur7NFDQF8LOZs1E/b20ohsr5b7QZnpQ SqTzFoktdhwt7z4JxsSrT2ZUGakoJQA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202898; a=rsa-sha256; cv=none; b=w6/0WrAsd5bdXAf642nXo7ebsgrJVRN2kTC1jlqs0XT9VYfRQr6rvxf2uIxAGFcbHZ4fwz Juf/xND/1w/I+3wB44I4gs0a7Sg+ec+f57l2SrEkd+i9Dgeav4KLvq+YK+AR8KX5UuATOa LvfmF8bkKoyht3DigRgX8A8ivJ8vxGc= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="ADxRF/rP"; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F108861157; Mon, 24 Jul 2023 12:48:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BCB6CC433C8; Mon, 24 Jul 2023 12:48:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202897; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ADxRF/rPadsVQZC+i6BqotmFLVNKg076CcFfLhOBO8/KXuFISllZyQm+ZLlPLRMh1 3A79q+cxaE+hzhoQwwnkUcTElR79/APwv2RhDVkBZIEC/NbKFNFGKYDv4Nkwo5TWhY f2BXeoa+KRoEfk95MzM8mpVnNzyzQ1a/4G5vTVoxyZweh7xEBjpiJatLgjChZ7gtex qoaXatmAK/9UoNIvy34ASKuO1BGkIaXMUWLWXbk7y70VhSb4ETmsomItbv6LOpZOwW okB9ShLTyeUu3dvoM4zm/AENtnyDifyekbqCfO/r0DSUUM1HhQn80MUaK9nkFe7ZQU a0G+Z5YalyCxQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:45:59 +0100 Subject: [PATCH v2 12/35] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-12-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5343; i=broonie@kernel.org; h=from:subject:message-id; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKSv10GbqCkJKl0MIgaPzbU+3ins2JfIR4qxdNq VBMr5EeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ykgAKCRAk1otyXVSH0HYkB/ oD+/iKQHx+kc51iDU03jw2wlz1limfx2oHjsDk7t3Mr9lcTphYTMe06qVIXhlQAYhNPh77cMXu1tMm BUdtEbelf2oNNO+lQMqtmtbGzBeJsalvCoNCYP5P9dlTf1Z5PiyvP1Te1hLpz7Lmf7ZSu3CeSnjzGx G4Fc5l3dyqyjV3aZuvZGqc81w7Oc/LmERqgQgpDRxnuoK8mqlSn4ZPuiZOHu1vTEw5GuYKl2y5pxlr 0zS+UoZ5FYLGltgMGqCwFXTaA2Jzwhqolu5rLSk7WJHQAs7Sxma8rPR1B7a+8Z/TaN9Q4p5z7Xy11q e0ZPRYnRBPrd9EGdjqoNyVfx7CzbUe X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: yfuqc7q53oyeo7xwqjepxxj41gudirid X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: B67DC140007 X-Rspam-User: X-HE-Tag: 1690202898-175629 X-HE-Meta: U2FsdGVkX1/XJzQBDruH90YBhLlfC4SJgFfhBbjFp9wgKyrhhigeN/F5svq9YznkEO9GgIgXdOIpiltPxMjR4gUnewDp2MAsPSHDIjxREKQ9tsWNNj1fsi4K7JNhYBQwx/iZj4Q9m4vwU4ffdRBYXLrfGeVsitwcUXoxMeXsz5MBvI59cjdI5bov2FFVWOzp8KLQCl6NH66N13t2p8zGq/GMyokA5ocA3fcyPzwnYEUUNOW5O50U+26Fg36YUOBGKekfXKJbcciCFm14lkal4Cm/6Lgu7PEl4dSMldMLFnYNeNUJRN7Y7jRnDU9BVtembjKVYyub0e0OdcfD8mp8n3PE9VfetE0F72YMkJ7C2CeZTmt5twOKk26SBg5wr76ZrycK2kmrmbEEjxrrkOi/t8isnLy8DVZSaIFXTtjT07z/C7bO6b4eyBJ0kzpIXXTYnMdR+An35yysMDVCwmOvLSid4uCy6VJPMHDYwZzG3NrknZgIKZeCEXhxE5F9vdbhsruc/2uCNG4myRkU6+62qfNbrF24oiehgbiy8cVTmqDJWo743CUBSTY8dj+iOjtGcEn57xMAz9JpiBLfIcnHCM9OdpWdB26rzt95g7YMJIZ42XfDDt7UoPAljVF7pGDAkfdjoL6dmgCk50FbvjyQ0+rSTvrrOqkzobT52VYisjJ1WGHnjI/j9+1Q4esDQ5b7bQc4zrA8Nv13MevtKD/HVknlx4Kt1flV+ZM5rkLFAf/zu15K6AovTvrTVZV2lGxmG9vYsr2IF4TbVUh6cMZAa14Gq5lRcW0P5Im8tjPwH/nnZizSb7WiCRw8cy03tGBrXei2gouQUwYP0nph0AvwrLgOqXjMT0oJI2din13ehCcZHDwkT8QEN4djAqOolHg1IzOXawLRcAMwlnwNB4fLv7rMPSRmxmbQ9GrmWEqi6Gw9yZRDfqleJUhGhKWtl7pL8WLt52TiGFNQ2HwslLr vPsi7z5C GSFg957lX6pL9qlScI7K2PC3MVzU4RiB0KRTszs67s4iBcOg55ROhvh6pb2ZC5bXMUrCNdqxCPkHo1TyUZb+qBaQZvJsxJioOImTKVTDcYEzg/g+5jZSkKKHluly1lKLNeoT+cciEALw0jEHxezjLeLpsjylFeWfegh8/veTzkGzkLXw64l9Xh871/lKAU5Bjo/zEGcbxOs0mAfscmM+hHT3kCDAX/VcVPUP/lgKDwxT8VT1eMn0xt5J3akU5VVx4slLCKc1T3He93eqxi29iCrps3HlhqaByWCP2lBkspZXAVnBRImdpA3OJqDWlCoDTNQq5U3DP2waIqrbV/FgZmfOdsrlWpLFVY0x71eBwp6jmJx2unt3BfQJ8+dizBbOi4pI8d9f87zljb7YUGFYSMU2FaAjtsEAcj1NFpHC0luI8/ko= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index d3dd05bbfe23..a5bb00f58108 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -364,6 +364,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1136,6 +1142,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 2ca2973abe66..5b2f238d33be 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2162,6 +2183,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, From patchwork Mon Jul 24 12:46:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324633 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB508C001DE for ; Mon, 24 Jul 2023 12:48:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 779A16B007B; Mon, 24 Jul 2023 08:48:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72A2C6B007D; Mon, 24 Jul 2023 08:48:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F1BD8E0001; Mon, 24 Jul 2023 08:48:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 515586B007B for ; Mon, 24 Jul 2023 08:48:27 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 118AE160A8D for ; Mon, 24 Jul 2023 12:48:27 +0000 (UTC) X-FDA: 81046483854.20.5C0C3A4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id 345FF10000A for ; Mon, 24 Jul 2023 12:48:25 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=g5luj1Fm; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202905; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QbD+I2FiqWE6OZCarLKcEYnIQcZlwzWBXVRzSm8kJ2c=; b=4glO4zEMN2+bLJiurkrxpO4v1FYz3AaYLatR5hRsjHnQi4AzD/reTaCEyoLvkjXUaFdHGY SKugRfX9Bu0reWK5mbX4h6tDBAfRc2V/LTxUMan2ddoaXVIfPhVHCRJnY4WQ5xdoJmHUge Gs55CUp/GY4tV68ZjFBvwyeXcXe3Vls= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202905; a=rsa-sha256; cv=none; b=jOaIHN3Q5a/l5iIhBat/PCnPpQJSYAKqJyrrpLu4ZGYjZtVYQ6hE8KA5Vg2r5GtG35WV9h ZpHCjJSGs8KEnzwlzm9wqJLJL88k73rWK9CbpRZGScTp0ED9sBDvQTABwXY0BO02/7iynW m1IG80wLGZOSzBDQ9FvUnG7x9CxceTE= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=g5luj1Fm; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6EEAE6115A; Mon, 24 Jul 2023 12:48:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8046C43215; Mon, 24 Jul 2023 12:48:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202903; bh=9XX9E5bnVFdIImff20pSxEMqbLIiek/DMAIXfYv+R4o=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=g5luj1FmydDH077cQIwSyyoHieIwMfmKCK/e93g5iEwilx9smr8BVk1w6xeaL+6mA Q1GRl3c4ApcUsR4GkPHzK7b5whWMHkhcaoBr9sjiEt0zR6k8EsWy15b6rqPOq6LW1q EzNSZgSqvyPU9yuwVH/92zLXDowX8R5WCYIDRtybva1+73HnIBMj0sbWg8Ix+4ND7L tWubSRJhCfudxBLr+mvqx6KQWFxA0XX0TyMnnSn7Pjic+phNSmcJr6AP5y3Dtom/66 XofRC+1mVVQIFKX3T7AsWQletZUCN5ZP8uQsu/3w+mBciZlIcp96AQ9JvJt4yvzC0o WXYL5cpKvNHSg== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:00 +0100 Subject: [PATCH v2 13/35] arm64/el2_setup: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-13-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1466; i=broonie@kernel.org; h=from:subject:message-id; bh=9XX9E5bnVFdIImff20pSxEMqbLIiek/DMAIXfYv+R4o=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKTRmQLErEFRBBYg+Wbp1aqvIROIrxg58PycEEj 0Ca8O2uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ykwAKCRAk1otyXVSH0PeWB/ 43JSGiLX6LknAkLSD0zagOZzi4Y1yVo7nGNH51v7xJ7whHCsfvpoJNdIpvQGPh45crFz//2hx4t1fC BYKaQhm3AjI7TftskMYTu7Zp0PomNd9+8vxQ40d4MXiN0n4s/3EenpAm0P+dHOhzbsvlgftw0G/snF F/BkDxmVhH9JwOsIzECiA/+/WlS3QCsQHozivU2FJcJMbp1+1b5YIAKbqOjudCE7TiYTn/67OYXX10 7Znmss95RUIGq5jrXZqJrlETZfMgTOyqrm2yCaqz/+elkAV+/9+H52fF264XY2aV0HYdKAU09IUDz/ 7rT8PWTrrne0LMXoQ/8PvFeFVSRFKK X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 9gp9imk6d65s68cox4bohayre11n46z6 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 345FF10000A X-Rspam-User: X-HE-Tag: 1690202905-331525 X-HE-Meta: U2FsdGVkX1/Jj/UJTTeyLdSrHjpScpdrP8zgSgkZVh6yK03toECvaORT2Jl2IIfVqsTBJKAwD7uPzVIimKAq4kM0HmmkW0j+o/pmLNZSkeB9WcdQ7Lq8apkkIreSbyRtw4C6avrDysp4ls2eImXV2bY8V0R6jPzhrbx6WmfhpLixE6V5idPDdZ7FQaobTdmHf/GuGOZMpfXIbN1Ba5NZw8U2XRcWvZaNi1hR381hfFXPVu8/OhzF7ZQHexXKe00pLiqBS6oxxDhjjUVzZ4HsJfeE7dHZ7Sl/7mopJP+tzGHFisGcCPOF/vv1XT+Vs9+h40rJ4ldG8EdWN6m8WVWRuowZEwlGU7FEcIzx8S7mYJv0cbIqjee7cePrHPChO5CbFFvoH5uuJ0JwgDBJPnCgdZoHDLQMe4efgtC3pyJP9q0/UM0pA9KHoeU9sCFmZsUMayxahrLIGCvP+mRRkkf+gJQ7WsQc9R8bxKzpOIwt1vMdomIjBuMHRycumvQ8N9AkqkuTczSp8WqdLX4lk/kJP15wAuAcz8LctNQBgKCWobdVsF1lfciY/NVCsEvtUFpbB8OmJHAfVRpzKXjjcytSjPa55bM69Op1VaCPoHKflAoCaRqbBh+Vw5N0CmN4p6il4EwDmjXcfIBcHDAm4uuDDSEFIzd631BV2/HWjDulUIH3yXftErPnIWqLLP15WzpLfV28/houoYbzwGNXYz3WwypquCo2vB1ySfyg3Tj6AEiBMOPp772VdJLTz9K/L13rRif3iq884vXYBXTk9jK8gq052K57uq+ScrK62mHG/cEp4cvehikrFC9WWQLMh3atxWbDuwBfyYEWc4zu2kPV8dKED1n7oEvGwI0QoDQ9uDkJvzljOC2lyMhYakPpHEatAd+6ozQHVm0nBwM90crVqUFOlbmeWslMLgwP2CCQsnpe56gA3+bSfTj+JbPewuONhn0gyKPY2OESIzocrNt CcI98f9q 9boJarn4e64+37HnJOvGTmB/U/PItvkqEQ2XWgLhNvac3X8XiAd06v/OPn73fhQgSvcUi4UkHWy3YsO8XyAWPJ38P3+jLbOmxpjkWgYF4xKBOE6vIQ8RSqV4hwBcZuT/mvDuisR76Dsb56qibIt2E8ndR+H/eQphWT53Fw3dr9zrxQaZRVzHEl4ncarK8AcpXhoxhpZT6uN5IsqDtYSqDNpAA1G/OSblpH+ckPshc6ICd+5yC9wWEqU1z0nK206fgnxTIMsaXiExRapTSvzcGx3XlWTBTWX/EBK4vfUgxtetZkiAYx9G2VBdUzmQAypd33AMrBvHfFQSHPRWLQyczhBG6UhUjLv8z9TYEDDOC+hOEeK7gyn7lljsfPO2GQXnTqzWcfNLYuxDRVFuKGDIjfmJ/HqLbk+BPaa2so2vE4fM00XyUO/0g1ima8/iCzW8ahD5vEjq/c0adpdQ30TYJJctXKQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 8e5ffb58f83e..45f3a7dcfd95 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -186,6 +194,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 From patchwork Mon Jul 24 12:46:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324634 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7553C001B0 for ; Mon, 24 Jul 2023 12:48:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F33F6B007D; Mon, 24 Jul 2023 08:48:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A3166B0080; Mon, 24 Jul 2023 08:48:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 46B5C6B0082; Mon, 24 Jul 2023 08:48:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 38EA96B007D for ; Mon, 24 Jul 2023 08:48:33 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 0D7781C98E9 for ; Mon, 24 Jul 2023 12:48:32 +0000 (UTC) X-FDA: 81046484106.04.DE0D9C8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 0A2CDC0020 for ; Mon, 24 Jul 2023 12:48:30 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=giuhfGtT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202911; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cBzGeOagmqKjhuaJYBJWsgv97GCqd8TKwDh2bth9VlY=; b=WFyOIzDy1PNeWSy4j/+FpQFMQqZIgeSnp6uQ6udvehgP5aYzZWZJ5Wjmtvtv6KO22Lps+a Kjb8BLvwqX1HCYQf6hEWIHlk2wt/fk1YMc1Dj3Dn6ojhQKlWLz4ziNY+UF1i7F6QJv15Hs 9HEzteEu3DK2ZXrq4EnizK8JUV6WnDU= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=giuhfGtT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202911; a=rsa-sha256; cv=none; b=UqWAa3Y2fiatJWja8byeUlPmulbfPG1ZO96PgqGB9XK7/Ovaf09CMq6xHp+NrwbkWp4256 x1nc9YM2C4HQU+Th68ziAMPvFYqLMaJE7z8FAtrpSYkIYfIgNXb7z5EmSXEYyfd9zyHcTu R824QzdBAL6KBApcbqkZyCqE1JJpquM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 485DA61150; Mon, 24 Jul 2023 12:48:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4DCD3C43391; Mon, 24 Jul 2023 12:48:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202910; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=giuhfGtTPG0MOomEevxhotfg8wlauxtR9gyPrLU6e5/NzOyb6ForplAHWdYl00/he CKr1enrMhwHVwHWi3HU/hR7mGrP8NBfok1v2sHJUkNSZ5IIi5ldwdN5hNA6+sxiisM 6R4APr5a8OOQWu1UtHSHhvrsGsniifPUxi5pp87nFJcwpcNZy3x2QUnF3N8+Kxlb4s cd+P3dtimdv2l8gNyyRDzx4oM4ucz8Smd2ReEoNR0R5noGN1u6vJBQPgnQ4g0p6Ra8 UEYJU4OBnzWP2QzPerL279F3hl2Yt0OXLv89s/ymkHvOA9UtDGCN9bNeC3Gg8p+zMM xBBItdsS3mLJA== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:01 +0100 Subject: [PATCH v2 14/35] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-14-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1796; i=broonie@kernel.org; h=from:subject:message-id; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKU81Pk2edCICz2OW5guwGvRbaa0LykvA7B57zE 9f8cZ1WJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ylAAKCRAk1otyXVSH0DpMB/ 44QJS1fhFSBn6QCa10Pi5llBAjbCj5l+DxLBybjlXmZIVF9/Xxvlp/lvRw861TcivaJG9o7rw2HKuO T1W3aOoMeDss1ZfzbGMq1uKQCDI3IwhlgYpv+wvLH9Zf7NEZGTh5dHwnaUD86hiaD15PGLj92be/1r UxlK6RgWcTn3W1ESGqWcuffQFfcSL9nGqb5BTJJtN5CWoI1b188aMmZ5gSZJxOt9ZmQYSptKCzS8K5 /DxdxR47IhqcL96zOjX2ST3lAQK6b2UWBZXulZlYoEFJRdwRlnsOpIVbdt4RZWzQtcMAj1CC0VGXEz 33J0SQWPhy4JgPLaLHttjqP/Enp8qw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 0A2CDC0020 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: 64je7scxp5me9tm84krqiq4qo91f8ete X-HE-Tag: 1690202910-801652 X-HE-Meta: U2FsdGVkX1+dzeQzZvzyWkbVckntGS949/46Uv8sXQtn9Dwi3zImsiBLYwz1rQo5bb5YFnJ/R1OA95glZdZnU8KnvnbC3NoqtQxI+qVKaqSmxaMMJl5tbkMaw+4IFAHmWLGyToqpa25IS6JpIzq8rva1PZZR3/SmtddWBqQ7rRJNHkCznbZONz0CUPjbADU5EDIZzzqZGvjzbolzaYCTvGS1KgHk/Gy2I7qnN88nDjYjdAA2epo6OJq5/KlN4U7IyWHN0SW/eGad8zowhrlXJU9SQCN+rIituEX6/FomwUwHkTEbkw+ieU7ssC2ysT5Sg4Eek+rBSlmRtO6BA1rfRrQjkkJRzZ28D/bzCvbPpddCjuC8DkXAlOxFJ5OJ7OKvKqsKeDdq83BgOCvcvXpOBRCWESHDTapYD0q3NstYm9kljllOH1VZMDwMvH7mmvbp8Ru3V1J/3UfPCPHG2JsPUx+IotjqrswcG/shjdOXQMjUWJUHtyv1jaTUHfqNaWrZNiECs4U9HumokIt+RkUOCoGDjiJO5uXsUVvLg/ZKAHCjIMZrZh4QdL+zPWJoq7k7jX+KltJDJ4w/hyCtzF6Tx4uBqxYjb4KlgTEEyArC5eDtX7agHXIGdc3sPWtUtMJ1pc0l0r2JW1mP/phzj09UONGAhdgBlYtCpcoY84bYBBmECBF4Nu6og6kTcwRD5fC0nyTffCdadKuBYP8qn4gBv9fb8Ru8ndl26yxwUzic6z8pCWnaxAwaSFforMRz0d9pL/lu/GTTTCLuVYVajLyckpCH9x10BWiq2QDeHHo3r7e932FJQjlBbAdCTJRP+YW8f5I6tGhz97C5H0/Ah7yojbq6KjWwXgDgHy0ewWz3NHW5AoJg5Z3uWsJDZlCnNYddbCMMGL1t6ALWcBcHj1ondgcSZw3D551A+PgUsC9gtg5H3ULWi89mhdQTITRL+kSX5T/sBfuaxmoC4iUQiyS k/vufne6 WSq4xvoSvmjFkyyHDdU1fLS1ppB/xDdS+EemydMkH05uiYZBpGXgFsxgYrn0Y27q2bFKWlZ8msvcrooRU93p1WOPZWoaiQ+YqIpxE5vws/zwwlSlUzufnEwjZOK3KBPldfGLKQm7T0dUGlXHcHkaeJWO1pV5Omc6SMyVAK+h9yEVV0D+pjmJCfqqRFnQlzL5PnW+vAUIXO5sFYUW226xeeAq/oo1qyQHYDr3URQzOChpks7MOsvYL0rQSc5g1FMvLoptnRjDtnobsSBrmcSssP9rFkdBLSdkvVa/S7Kh9vQSkRiWcnMaezvUaopHXkz2bYzQmgwVFrBsS4mtHYfmY3nYPwnISt3gt6wBXw8hkIL3omzc87ZgXy5WXJYd0acZu8T6qTrK+dz5vPoWrftz8zz7H+6o3MMhRS6I+I5aTH3ORyDg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a1457995fd41..86662eed3003 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,6 +418,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 2fe2491b692c..49269a5cff10 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Mon Jul 24 12:46:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324635 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EE3BC001DE for ; Mon, 24 Jul 2023 12:48:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D4116B0080; Mon, 24 Jul 2023 08:48:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 184986B0082; Mon, 24 Jul 2023 08:48:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 026196B0083; Mon, 24 Jul 2023 08:48:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E83286B0080 for ; Mon, 24 Jul 2023 08:48:39 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B8313C08C8 for ; Mon, 24 Jul 2023 12:48:39 +0000 (UTC) X-FDA: 81046484358.06.A96F076 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id C673B80016 for ; Mon, 24 Jul 2023 12:48:37 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZlYyKGx5; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202917; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UdUe/7o7abJT5BqbT0XR+lhA0UzLWbJEWS7DcJ5Gy0c=; b=vWaGz7K83pwhBwU8O+5QzzuDJ8Bpp/b5resCJKCfpkA/xzP0i/o/IW6Nb9z/79F/oWzT9p rWfTj9qAtxlPeDXyfF7L2RCFW6teWcb3QNS7WSNHxh/zT7Ey+PpX2Ob8619JpgDHkZcRSu itDpfYtOWN1QocbVlq14woj5C/BCPaU= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZlYyKGx5; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202917; a=rsa-sha256; cv=none; b=3dLnx1TCEKumGrsEJBkOeGYtEYkWwFBC/ZeByrFZ/fnK5lOY8PYiu5PfBLM8k4yhAJ012h 7iO2W3WPLAxXNkKnj9gjK351Mn6tzHTnLflS+ERMMstjSO7Cgt1GWgwXOuUkIzAA3At/8G 2ngmqTuDFCIHcJywOE2z+++a2RCq4VY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E67A66113D; Mon, 24 Jul 2023 12:48:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 877F2C433C7; Mon, 24 Jul 2023 12:48:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202916; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZlYyKGx5oVvOMCsNxuqZ4HRF3rvaY0YwGG/oWgFTRzMKYrJMGtgwu7klWTg/EK2OE V+/0x7bthpwL6TZG1IMfBvVdYiFaEV30QTzmWrxcjYn3siUcHaSDiKkiFhafOqS5kF KoInIffQYumzNVhO706WkQSEXJmNPwh4BhncyG0CzIl4dGOcCu7mtPzJNRHdzwM8b5 BbTQ3rNcw+mGsmVl6Q5KHJw0s/435ijNB+0xM6dH3UnyLUCP5fA6LusN2Zxv+CEMRI YSFb+SNJDDbU/0qkGLO5CYwAV8V41dUFmpoUcqULYew038wwhOQp5ontiNxuhh18tE Z+Z0FQcxKgWmQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:02 +0100 Subject: [PATCH v2 15/35] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-15-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3001; i=broonie@kernel.org; h=from:subject:message-id; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKcknfKTRZzzz9LbJqgRRYQvQPCXo2LJwyJ51fr V9bqvnyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ynAAKCRAk1otyXVSH0FxjB/ 9s5qbeKLsQo6cJg7CW6iKQsH0m1MonkUJ29aRZgGkImNaZqMPwNq2aDasRT9454sPPGfQ+G/Ygvzf1 S1QuaQjU5/GeTtiG2vHwVUPCzlbr8nVVSyjQDRMaTJCXI8BaVrrtIdPwuNyIKnVw4z8W8Z8GBenp84 jF72SJGd1juVuSEimlfH/nM9iNkZaGToXORIeQxqIjLBvmszrlgTD0NQ9YvnGDCrd36rmFTXUUq0ke m3HYgcLS3kSgZ5RTJ+hlrvMovehLpCDaPmVKV6T0KUMptoJ8603pXErRs8N4yHdel5aNMcBHcgLiV0 utMsK9B0MA0Eq6XGMZGJQyyk7JTwjO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: C673B80016 X-Stat-Signature: 6e7uhoakbqts7mqyzqz8jefnn531r5p5 X-HE-Tag: 1690202917-641659 X-HE-Meta: U2FsdGVkX18lqUkg1nfINlBgsFB4ovg6eyy8DFApEhRo3pbcIyPx8K+tmjpDTdUi4JUEai2zhkcEUuNHz3s66/+0oWZAWmpe8xafZGkfhGcSseI/nqkKZfcDyuOb7WzIPrdkxejSYpahij5uJxmcrorM3B0XiG66msVBJDSuKh/8gZ22IWP0yeedObhaRV4xi6isclsJlKqknD/QA0HNhjAvQRAi7NJnuJG1NZVZqvcrqaqixy6qvEUuF4n0nHwG2F1Re2pKE4b8/FFR+3Jck8APj4kVpOtZ+irJ3u+Fg3VOWTh4x/Iat+0Ix+70SMaVe6UyfUzgEdVN+hXTzUggc6JF9yzZoFOQbhCTVRggPeI+nDwBXpmtFcJ0spw+Kz8kQ23CREV2F6ZWnyqAzOOXElv8/zEeHx8VL0y+0Rcwvml0UM97SRh/pZyB+Lvoss8knf3js1e4VbgFeCERwT4nzhnjwUSmdTEHKRyXp/NQwWsNjNByof/aXMLt8UGBR0w3PYmKQ+SiJ/DWE4c2aixkEdfGjVCi4d3+iom82rJddC/nnaLR7RBJySGZqT75uIw7Y4WFGalCOyZvGmo1mJnLPcJSmsae+F8ZbrcgqZcys1Et6vbdZZavQNTFs6YEgkv/kcVyetwrGGzf+ZuxnVl8tTmp1lbqV4yd1rMenOAq+wKE6Ghqh12V0uBgB1SU6/e7Uzlb7cDlremcihOuApJCNZAwUHmrGjRI5LRxep8//tGKx5lopQd99SmnPGUfKnZIe1jFxGZ9CNxeEEdxdIcSEXqkxDVXVlhyxw54H84IhRTjw/K15N5Ld4uSLleuCOX9/IxjjXcFI9lSqQu+4eKcHHTy29Da3kHj43JSZN1SFQrNtgkTA7OuTaAWL1Gfa7iiTdXvYkrAQDsWw/n4etsWKHMWcFh1X2ERpg+l65hy1Y4yaHL5eEAyKjIJBrFYaF9qWvsLlW7p4wnNl1FU6Tj eT0WO+oK s3SLFkrNDeT3ASDFCRuVmPPys/1qxqwnhP5u9oycx3gprfqug7S6A3GjpxS1TOsEuZFH/u/Y8wgVUG7bLqe4PjkUp6Z6GQ2BJ4/4cSGzpqyZKSqELoIY0nd4LONtpBr7iQD0MK04W4pzzFfvAjQPR1F5jY5bYp+VMtPR6CGCrwommck/gTPLsO56OpdNZKnkYAOw6IoXuEOeG48A2ncIVxQNuccE7ryCtAasui2VvegAhva3k96uMsRoUFk+WTOEP+y3HevwI4b12H73Ih4DW1G0j/fznI2+DTZIT+8aOk5c496dFhpls6bclO6lWvvPfomoXSezWA/AsKwU9d3C3I3b5FLvnBo1YAj+fCj1ezEfjwTjHIuXoIsu1SaU9LX19NN4opipPEunNo3MH3oikigv7Bml1fp/GMexghCH1KG4jmAE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 8c8addb4194c..75f3960cad39 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -305,6 +305,9 @@ HWCAP2_SMEF16F16 HWCAP2_MOPS Functionality implied by ID_AA64ISAR2_EL1.MOPS == 0b0001. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 692b1ec663b2..39f397a2b5b2 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -138,6 +138,7 @@ #define KERNEL_HWCAP_SME_B16B16 __khwcap2_feature(SME_B16B16) #define KERNEL_HWCAP_SME_F16F16 __khwcap2_feature(SME_F16F16) #define KERNEL_HWCAP_MOPS __khwcap2_feature(MOPS) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a2cac4305b1e..7510c35e6864 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -103,5 +103,6 @@ #define HWCAP2_SME_B16B16 (1UL << 41) #define HWCAP2_SME_F16F16 (1UL << 42) #define HWCAP2_MOPS (1UL << 43) +#define HWCAP2_GCS (1UL << 44) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 91a14a6ccb04..7b46e01140c4 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2840,6 +2840,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 58622dc85917..451fbbeffa39 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -126,6 +126,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_B16B16] = "smeb16b16", [KERNEL_HWCAP_SME_F16F16] = "smef16f16", [KERNEL_HWCAP_MOPS] = "mops", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Mon Jul 24 12:46:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324636 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 98CA0C001B0 for ; Mon, 24 Jul 2023 12:48:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 382956B0083; Mon, 24 Jul 2023 08:48:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3325E6B0085; Mon, 24 Jul 2023 08:48:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1FA4A6B0087; Mon, 24 Jul 2023 08:48:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1105C6B0083 for ; Mon, 24 Jul 2023 08:48:46 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D84C4160987 for ; Mon, 24 Jul 2023 12:48:45 +0000 (UTC) X-FDA: 81046484610.19.A625E21 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id 141E51C0003 for ; Mon, 24 Jul 2023 12:48:43 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=r7HOQ9Rh; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202924; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GVW/Wb+UQgRbZFsiBWrQq9WDN9Jw1tFXrIhcblQEjIs=; b=0BprrWPTtdYfMkSUvpsUyyNdllb3V0vJPsKqWmBqyijDQgRwnhmRs7rQjQwn5kpqwDrsOG 7qjBSC5U/T6tVbXidRyHCKy4CsYRfFDrxm3nnx+LH7slNVrQ0LEc28sysFtnNfd/PXDptQ ih1tfuTtLXMj3WoIRlVOvkdSxvRpRmU= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=r7HOQ9Rh; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202924; a=rsa-sha256; cv=none; b=dy1ZPdgrlzLkv9V2EbgANvpYqtow6b/BRPRkp2gdzz+vkdwxXTSMkdaHITHLZbIMtQU2JJ 205Qgm6QQW3oBlCD+byFIatpZsKI9Oq3ndXlcbtuUYmJGPVuOaOiIC34lMbBn8fjUrWmnZ EY0BoH98O/jra9EcCtEZM+KK/UZDqqM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3675B6115A; Mon, 24 Jul 2023 12:48:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C5E8DC433C8; Mon, 24 Jul 2023 12:48:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202922; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=r7HOQ9Rh8UynMvFI/bPplPgBqdUDaYNqyAQEhBPj1HgLWRTSHXvaiXUNCmGS+L0PI 63oWdWdCtHcJ0Wg8CiYAF057zrhuXB4p6asxCYlJ4fpPy3q00KE3MqYVJBotQCkDAY 8SLA98IUZyEgqtd+shDVrWx3QSk3fMrumxPOMO3aPpCHEXYjjymtZZV7CiDgP351RE aVXc58tE48ZXmbuXLjwUKX0QbhbDqSWAAdB/dWzEZO8Ohtw825jHOnd7CuHzF3iDU/ D8u4nbwsp1XgIlzPZoZ7vtG3MsER7zsqUAAtT8FzL9UFaydlMubbPro61t7F/Fx3+S iOToctsnJN0IQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:03 +0100 Subject: [PATCH v2 16/35] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-16-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKdFLOnO1lFOz6ssZ+ApC0f+pTPPIjb/1RkSS5L PckvS96JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ynQAKCRAk1otyXVSH0Jy8B/ 9oZ94IxvkzNCo7/Q1+XIbcKJMfaYEkVTNjT3TJ98fgdLpiLMUgf7ahslODb+SYX+nqOYZyBsKzAqas rrFaoS6BJUNYOpcvEWRYvGcgBM0HDY2s22q/TqWQ5PnGJxZYhsQGPwUVzuiRSw07+mPRt/YuyiWzVf VIkvlf/P0WvECMs4DUsijibnJgloq7USAiHkoEPps4BsSczcigeeJrOlLnnByQ+BwDmNnv4S/+WNzm 2Q5UrTYim+ud4gLNQ9T1apZGzrEe4tFbHmn6AOcwCeDks2VorgXUOg1VxVDNqX7cPgyME+dOICWSii udNbiRcb3gVl71CfyXcRrX6cJsTcRh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 141E51C0003 X-Stat-Signature: nisnfyj7xpahbsc7s6ehb43n86ecxnst X-HE-Tag: 1690202923-528299 X-HE-Meta: U2FsdGVkX18Srmdz2ke/CEkvsZW36+VVzjxM2OZB3eQY4gPvLKLCvmyXsJjqGTjBrort/i1mUeRe2XZda4EewIS3tBtEgxCkPzxy4/FIUYe2nhKMMGJ0GLAoN4om25EvAN5GirGYbtz2Ht8rovKy2xOzJvbgiewhM5b5cuRU27vCWB/1S159ONCxrFUBHLxlmz8ZJZlb3+t4Ck5iGfAFIzke1DZClXoZ/dH3ZgjsEzPwG4pLSiOSZBkEIK0jLCqShJFGx+Cexitkr/Se9ttGaoXwyy+EMZWtVUl324idlJFP29X7JeSDrTs3nWlUvKj38/rtGNKF6ogawQ+E0Evb5xcmTSdLlJuNSNaCsPgK5aFFsdSgaAyT3PVeg6IAZskYMsSqodjbCRcqJEv73F681Ise9dVv0UMWaq+gCIODkKL3asjj+TxeaKAQbc5mZhnKfjuFoHJ3lA2UVD8YkxhE3AlO883vegZzwNK95pd9ff1iIHo+g2UGK+sK6PAEp4adxVDpf7LBHIQWOWsQXfQ4BHHAP0kUG29F2coCJKZ/yrxHvWm9e4uZa+/0cy1FvxqMrB9/exbTWZSHDbjWBmG5IypiKTYb5mdBupYWy8BoDX8CYkab2mtbez0/aaz6el0cLCO1vazjN7XE3psONxj/d+sqw/0UMEEpYpeDqWhKn8fhZQQc6e3QY3myv1OiPb117X0oTvqBPJ1Leq/APbjI90mZnlYBrwu5xk6dmzVPqBajvA4MZXBIo2n9xJwKI3ADbQrpgs8zoUkduzmug8YmPdBRAfJsaiMG1NeHYgB7YGHb4+h1LN9BL9nt9ob7/20f5mpZII7QsCMb53h3RfUUtPQu10jRitCIq+SP+2tnQ95sYFtWOLVx0cmp+2bsIcg1W4bsB5lKy5YldnHpZqpVFQsUAZnWDJO2FD5nUgFpe/GL048PjhVs8BLx1WLPpHe0z+BSpCEe7VPIRFfH5n5 R/5EVgzY 1ug7Xn3MX7NSHShGRSAc4k7MnYtHzrVPHRANfRPLXWdVTP6+3tewsWQMcz3WjMbhru0rCKTHxeN1oUt3IEmlyntKzPL7CCGi6jNs/lT3JpEsnvEWeilI0zsthB64OOiRVXsdjj49R9Q3Vzpc/unmzosQXK7xklUuE0kKSkV8ikQoijva/EUaCNk8V+nJ5MunSjQtzb/ZGgFNkABj2x6hq1wak0UGgusPvffVN6Agp4GkNJ305PSMrTwsugEbuqXP/70fqgGJsPWdR/Ic685arf0UTGAKR6TRRLn4SPKHz7Z4W32chpRolsUNqm9KCRrFyoi6Xb1Fm58QU8Tm2MMG/MWikCQkoEIabMamZKfHsLPh6Jiqld1QtfMwoMIDPuoyFI50cP1YGzvLV0GTj8RUWaykuxvA4e1jp1puke9dNJTMA2AA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 6b2e0c367702..4d86216962e5 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -400,6 +400,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -442,6 +451,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -621,6 +633,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -701,6 +721,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Mon Jul 24 12:46:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324637 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6405BC0015E for ; Mon, 24 Jul 2023 12:48:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 075776B0085; Mon, 24 Jul 2023 08:48:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 024856B0087; Mon, 24 Jul 2023 08:48:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2F518E0001; Mon, 24 Jul 2023 08:48:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D2E7B6B0085 for ; Mon, 24 Jul 2023 08:48:52 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A241A1A0A94 for ; Mon, 24 Jul 2023 12:48:52 +0000 (UTC) X-FDA: 81046484904.21.5B9DA5C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 7268AC000F for ; Mon, 24 Jul 2023 12:48:50 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GA7d9sNT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202930; a=rsa-sha256; cv=none; b=I/8I0udeuqbyg/mbdEFTMk5SSwfvvybklSxjm/aC3Dl8yGwAtNWbfK8YnviMR8wNQ73DO7 y07Puo9upReQ4WfGl4RLApL384IuLYvxc7iKif4wJmU/ljouawnjQAOd2bTFQR2QXCiatz e4TlmY7b4yrOL63bq4Kygrrq3FMilyg= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GA7d9sNT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202930; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DhriSxQor3DCGKL2zl7My1a/kfJpgsRjjKwA8agrULg=; b=Sx6QtbNLECO/x8JEuosDOcLh2R8+vDR98+cvUNkTYy2l4hJ+uBzVI6nYRwRonm5sj3mTZO uU9u9wkZfOTdVvIGeu4rfYABT5VLKgib/8y/D5FNlHB/1RvXY1cpcRIN/aAUYa3hPi4QSi e3Sx7HxxZA7cgvnpFk6gG1kQyjtuUi0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7B96E61150; Mon, 24 Jul 2023 12:48:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 139E7C433C7; Mon, 24 Jul 2023 12:48:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202928; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GA7d9sNT/rJ0WJ+xEL1kedzmwFpOvzkvWpWRRSXDefPpF0h7Z3LoT3il5uE0/jaGL L6aLEJLHytNQA3WxKZLSH6zh8Ow1I0Sn6BDkVTKcQtowTsnxfbvl8xAWfXIBC43yNa gEuVty8LRHrHffr0mz/NHq9wuN5cxiRR+uZ0kCpgifaMxeY4L1cEPV1cDAt8Uw0LjM ZkAdqcq7fwA52dr5Nft0H2gFnqGTWJxohX1c7MFcual5CLTH0ItrzoHs2zGqDqt+32 qB+MJmtKIkbPeklyMwx3GGljV2KcajFETid9doKwrM3Xrz5jn8emTI7Aa/1hh1Wkzb cZC8+Lx9lXWJw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:04 +0100 Subject: [PATCH v2 17/35] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-17-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5613; i=broonie@kernel.org; h=from:subject:message-id; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKe3zPPjWT4b5WmOZ3LAhxzwLz4yNXLUgcttsYr ud3QVBKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yngAKCRAk1otyXVSH0CvEB/ 4jJiJu+LxDMxSGM2XECjRZURDqgeoOVcHxDefJs3PqcXqoU78dy0rTwv9nHdWMNe+DxcP2JfpG4vEb k9vfD4lKa5yBhhGMdAlXIkCXPuwQUuzai8rSnHIT/cdu+2ZVa6Hojaz9I5uQVc0pyJeOkZtFnCqtHB 77pPbY8SwUtKgnD5M77EcPmScDx3sKQBKkzWB3KLbTeMZDA8yfqMYK4CpIFEDwig1tpVD2vQfmE3NB q2o7Gyg5xJ2kaaV981T3GAAMlM9XFNkEzmfBPLjurRO3/0LXeRE0v0wNUaOdhK0nmUK36u9mja0sU1 6MZAvqkH9o6DodF4d0KyhqXs9hG9k8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 7268AC000F X-Stat-Signature: 7z9p4sk6hikcewoofymjfbg7un9hgud1 X-HE-Tag: 1690202930-882638 X-HE-Meta: U2FsdGVkX1/mIjckuF7AfBewRJ5diUcw+Nkx+QohWaUbeR3FUKbwvNA+mG5EAEGnsOH9YrfRhlYdFC6FtUi4wGt5xG32ine7ySO0XqH3sxWJao3elUb4z9XkGvW2PAsjVSw6LR1MWuPzYkWOMAqWcAIzXwKIgSqKIPmUNzjxH1VclbXSAs8qe8PdacmNP6roEIkrbEXvXBf/BUteMldrNA+SbY5Iq/BG6iAuH9Uy1cEhb8TQIttX0zrKQvYlmsgI5vmPaLcZ/oKbifiYvW9w1ds+2QOBl3KBVW47M6XNiQw+SPXODfFDYyle4GUW/i8L/FYVxfbgsHKjp+qKhLJ4FOjS2575DTFKgscEy+azxdPtQzGEK+LDq491tIW+rHbWrOQ+mrPjLUrO0H7inSWjL4EbiCGa+L3bo0883FrWXay9h4ND0PQVJjDxBbUgM1EDHe+YMBRT/bnsKLU1W2GcJQyz+cel7zinbUKBArsLx6tt1HoLTTyi9INErrAKNVkGmPKjz7qoBsem2euiGEoqDOlrsIE2QN9HuQNa5Gg7s5XCVHO36h44BYMEzgKefbkSy0Y2nBwuVUKkIRtEN1bdhjD+4YwZmBZY+Qlr3wBJaRkfLACh9drpmiIP84bVZvDVDR8nbKw8jLQ76d9E6THAR5IREwFXEndBw7vbXKEwMbOMO/w9sEjwADWDoImCnYdLrLyfyq0pxV19KlHU94vDxC7EZoWx1K7ZJFq6d+n3L77n22OQEfWhebR8kQQPXq620AWFR+DtqNTJsNXgaGSohTD9XukKo0dhgKg9ecGnga8cFJumpFsroyG+HpoABH1MoS6XhMlP5ijb0knlN+B7GPFVjt06hQBDcI/TdBRXDB1VRKErHX/BjGP0i3rw9MA4YQcRfE0xARQNPiBJ+Y887yPhkNFaT/+ljXcNQGCii0nFgD1hLkAbi7oLt+crZC/3JZAiWbkWct8mCTKneyf 6ckgjTX5 v8wuiW0W3hUWFNI7jqwEwtt2xBdgAxos66lVsDs5Gwe2Ket3nz/6OHG6XLFReavgfwI+l0Hg9kK5g5msTj1pb+N2svKCjWIq5aEGOX1riH31HQBpb6wSOYf71GO8rO9cpguZZaLTwrs+AYdQd8loSGJ9DouucJvhnyanKvLXS/GxEbwff0W2qKKZJZ8ovVC0K8VFhWTMf2bW2KmZixcZrylxW5+9OsmTEneI6BO53RB0/5bQ9RIa1/MSTciLFdkhLc9IwjKaAmiOl/1EbxNGlhhxtlqZqOQY/0TB07GGxgeV5i2dfHVTOE6OJCWjF9wuUBvg0wjale2vKmJGp1GWwEl8Gq9g8Qs1z0zVsLKBx1dswy4Iz0jDJaaYIzgg7FC88uGOApY6Z1Qh2lmSqpIl8oM2W5iOW+a2VlJZOfhDp8GwYTGQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 78 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 3fe516b32577..ec392207a475 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,18 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) { + if (is_gcs_fault(esr)) + return true; + return false; + } + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +615,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!cpus_have_const_cap(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -595,6 +644,19 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations and from EL1 writes to EL0 pages but just plain + * EL0 writes are invalid. Specifically check for this since + * as a result of upgrading read faults to write faults for + * CoW the mm core isn't able to distinguish these invalid + * writes. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -624,7 +686,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Mon Jul 24 12:46:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324638 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BA51C001DE for ; Mon, 24 Jul 2023 12:48:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A88098E0002; Mon, 24 Jul 2023 08:48:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A5E998E0001; Mon, 24 Jul 2023 08:48:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 926536B008A; Mon, 24 Jul 2023 08:48:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 83EB36B0088 for ; Mon, 24 Jul 2023 08:48:58 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 640D81606AC for ; Mon, 24 Jul 2023 12:48:58 +0000 (UTC) X-FDA: 81046485156.28.AD94A98 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 8A9A040022 for ; Mon, 24 Jul 2023 12:48:56 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JDHRUDtY; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202936; a=rsa-sha256; cv=none; b=E5Jj6WC2Pn1u+v9yh1ZQ4vzx5H7oy0o1IfbkuS7iLNquntlTGTu6I4ssU2md0M0ejX8vJF rYRN/FilNiNF4DwgkVMcOn+vIA5j5xH7MWwPrA9V8u3gOayeBXcT7spp9lVcv0ZH2HecNr RyazBEv7hkafW7idG9sETjvoMKmF9Os= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JDHRUDtY; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202936; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OBYEPFjzw2uNUlP/XNTvaE+SFBx3CcL5jhsQy8sMKWo=; b=whzODPweY8Pl8pRoi5raDCT4E1r2bgdCCZ8NiH8E2WzgNOpm3MJuxKTvyQ/56mAx8Xrn+d l1ytiDuq2bHz94j/SmafoT8Pu9eNRcqbijDAyOq94zJytJrvL/W1S3BuvYg58CtahgGyvV pP48DW+XD2T+1EzBEB4vVgc9Y6LnX20= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BDAE361149; Mon, 24 Jul 2023 12:48:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5BBF4C43391; Mon, 24 Jul 2023 12:48:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202935; bh=6QqMyDxHFpRk7piX0sH9x3sCd3niNs7tTxayGqDSjTA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=JDHRUDtY2Z+qUhq2rLqT/f/quFPTRU4lor6uHd/Pw+Zk0RyYmE9f5yvBpEnpfiRoy B32i/N2yv89N6AUcageILDwN+5rSKah0LaP7ASWAKz8bjieeX5aJ3Kz8iWPj5L5Xgu 8p1R9JJK0LvZctwhJU9jD2dbbvGXxwMaQY8R0K9gN90pSqGRb13167/JwqZlYevRN7 Z3gqWN8AazdprIEEiAkoWvDfFcMI3+7Dr7OonwJbRJJ45a4/YIsbPNm/MjkJz5y6de ZGYxQnKHdH/amakOvh2iH+3Ol8MSHv7v+bmIDP17qX7o8/6lPmO/Vjv4rlIBKFHQ8q Fyb/a6ccl7VGg== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:05 +0100 Subject: [PATCH v2 18/35] arm64/gcs: Context switch GCS registers for EL0 MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-18-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6312; i=broonie@kernel.org; h=from:subject:message-id; bh=6QqMyDxHFpRk7piX0sH9x3sCd3niNs7tTxayGqDSjTA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKiRP2lywkklCSQI8XEIOl7QuJw7+/qdoFcwTSu 313hkEqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yogAKCRAk1otyXVSH0FjfB/ 0ZdBCtYXBNEahRBCXMqHmxDV1UVf9IjQAv0UBG8u7CCb1xKbh1ormrTI/N0tpk+rKgy3v6RV585jLM +kbDu821D9yAjtsGiVXJOpjSeCLpbEoaZp2OFlpZI7JvR2ngl20dCleUntUa4nnNaf/3lCvdKs1GvB BbPINOXnD8SZj31tX6pw0Ozv2PdypA8L52ugtxVUqvQHPpafIAmtO3aIbVtD5Iu6DuCp3AtppaEOWs jgFn0Xu29cMWgIIbU1vxM5wk3isac8BCdW6PsTS6iMQeqTOPeyU+tcPsXVei0J0M5uIqoCgSzC51CU n98I/Ew9JolbIBBrJ9s3iPyuvlz4S1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 8A9A040022 X-Stat-Signature: znq9jyqh7r467gceas9uepag6zew37d1 X-Rspam-User: X-HE-Tag: 1690202936-936141 X-HE-Meta: U2FsdGVkX1+rLq7xHdNj7Y7VDE2LwrwVXsLUZPpSCx4RqeKz7URK+KjiD0s/G+wTsPVyEGGTZcNKNnB/6IZ4tR54YWTNpESU3L16h+06HInj1bbwA5RNlQmkbKG/KoNoybEfNgvNkmMa86M5RgyAjBAKi3HAhw/L0/JJ05X/Cmi+ugba0nfzyF0XBcuX8SbKx5k1lKOBnW1qnMY2u+x4KG35oOwrhw6PkJhuJen//AoKlIkWvGIFfSJjS28wy9DBK5fAhGfYb2UMWFaEtwc3z9O80Fyfejzxi85HtGyoGY4osnFyAI76VUJHghXnkwOA4pq2Y2G03C7KOyJKFWScc+nqZfDjPttbTBopy7WU0ZROmqYsVbK0mHFV8cP1ohoZBvT5hAk81qCzuhQNOIJ8+FPkg2ORdc91CStDbwpbveMZXX0l86aPLMpKzrc7RBXDzS/rMuQni+mUnqdlPiorUZ3JO9gEeltJSuSuzYNUFyszv2EZkrBQMxJIW+AJ1SxcZy/AnSJ0fgxYr1wq9SBkkAYLvdD9o6nMYclPq90sHRNxO9jfpLOPGj8rRuB4BbjSMfp20xscLjX1LU7lsPFfxdUwWalVc2MUdB16OOxLRjc1jw2SJ2eg0u+J2tEkW2bU8zqEgW44NV0RJ1eJ6LhtFTP4CJD91qheJBeJQRiCsQR/qZm9mFL4q4UbCzvIWrnAHlIaQXYylyM3032u1pbwCiJNeOCWKquikAEkTZPmOVoGYXd1nY5K7NvF2ZuoMzK7xvE6+CJ/7B6oeizecWoVGLy1JYqCJHLR3dokaPtHLFeZT9/e5iXTvghfhWVOvacTee5yc3lrbIXUx2KRsVy4FqMqT9g7f5CxCkAHIHbiLb4JKVlQf30dNImqytY4jsJLSnLjpXbXYl6/tEZkonorMeMMls8cSGkvzAxKnpISSz2u+ltyGy26Fp0UjpnftWWlxy7f9v9B6r/yjLjXqPI jHfkt396 b8z3RaZyGH3GI2rkqcwHO6QIOuVaNNyv1Go2/UiInuQBKDaQwofL/Kul7jbxxtrmlfvQMRbiwmG0hWM/B4JCoxGrKLOFJD0H2acI20jOnHk8DAHtRB2XSK5Oo2RopwdNI0mXo2Dd9TUaZKPG93Y3j+jhRcyBmYPQO43b15x3IaEDzNtCXIXTqgzFzQr8GQ06vL9Nfdk+4l0QqdWE2aeOhkfXrI9LWfmTL7lxgOgk6epeeJgeitaXU5KXyWbJ2PrWcvzb//lPBZUgQoYHpX6V0UWnQ3SnOw37uV4EZaGesPKyFH92LhzwNcngEtBHR7cLX19C8eFiX6I6pkzCfp9ixwN+b1OzmNqEqi+cWanlLkb0M7R0Ou5FSj6A4385/tzE/IoN4UqJEtXIG/R02Mif0HpROuymZyX2IrNva9taWRGaJcg5yY03a/40CAR0+HO+mdRM6+2nliiIQWi0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++++++ arch/arm64/include/asm/processor.h | 6 +++++ arch/arm64/kernel/process.c | 48 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 +++++++++++++++++++++++++++++++ 5 files changed, 118 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 3918f2a67970..f1551228a143 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0fcc4eb1a7ab..b78f60d4a1e4 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,31 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (system_supports_gcs()) { + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); + } +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +494,33 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +580,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Mon Jul 24 12:46:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324639 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7DD32C0015E for ; Mon, 24 Jul 2023 12:49:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D4B38E0001; Mon, 24 Jul 2023 08:49:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 185A66B0089; Mon, 24 Jul 2023 08:49:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 025D18E0001; Mon, 24 Jul 2023 08:49:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E63926B0088 for ; Mon, 24 Jul 2023 08:49:04 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id AF4A612081A for ; Mon, 24 Jul 2023 12:49:04 +0000 (UTC) X-FDA: 81046485408.05.5D2C3F2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id CE02E12000E for ; Mon, 24 Jul 2023 12:49:02 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AlxmpCLE; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202942; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7iJ4dgVicZNifnDHvtoRD9FhBnSqLfUIycKF4sNGALw=; b=Ak/qpX3H+YhJbJzfRATrwvJq3fnZebAgt53NnTTzfyhA+4egv8TwG1rpIVeA70zjfEtLwM POzH4YOnvHmtR+BamFPEVlb1IY0E0XmtctnTdDj2ffe9be433K1NerVud28A/TgVjFqQDQ PbNm1i0E17zNo4Ki2yxnhAuiDRgGQPw= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AlxmpCLE; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202942; a=rsa-sha256; cv=none; b=PV3MYHM0pcwYH9aRRX+GpuTTzFh7/KuDnNip2L1nzn45H5mmPzwMPJxkmW7mkAJfEHWIOq JImAYnvSZW7r/qGu9FL9HSuKUtD9AoQtpLprhXnG6fEocS1mdwgiHKpj94PU2LYcanLQPc PEsiZ2g3hpB2MWBNicWgDe1ZdmKDrPA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0FEC961148; Mon, 24 Jul 2023 12:49:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DF04C433CC; Mon, 24 Jul 2023 12:48:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202941; bh=QNLQ8kMMswSwDNNNdkC4JMSh/ccvZNRY7O5oRui945g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AlxmpCLETBmLqddSMK51fZ32WDvxGLvxDmnSYcRk7WdS9TC4Qhnxzw6V16gWpnSR6 r1jEsSzd718jMWwVDyLdCBdberKTExz/7IGv653VnmbLwLG7TxxWLHLpaRkqzyeTh7 rFKkDcJrScG+G4hyLQtRcjhEId4/m/ztZzFlzxQjQMEJkXGnMCJ0VlJ17e9603h3bx 732VzGlxNlU/U7E+V4yJQkh+4lG6+tDoWu4VhRtB/jAzCfe1XEzaxRfnfNxHqGuAEj /jPcX0zrOZgFSy3TtZfFyNG761KDQpHk68yOVckYs9L82CyEe4PTn2UV4y6x7cplCh zrveLkGtqZ5zw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:06 +0100 Subject: [PATCH v2 19/35] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-19-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5142; i=broonie@kernel.org; h=from:subject:message-id; bh=QNLQ8kMMswSwDNNNdkC4JMSh/ccvZNRY7O5oRui945g=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKjd5H4T7HVGGGvCV4nQfR+bRm0kpxekGX3nuqx YMIaxVeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yowAKCRAk1otyXVSH0N04B/ wNA+KKlovm9aHcWE4LguyaxlEw37PNfiCmNG3bV4WWtfSlphw1b9Td8f7QLubjaD7a2g3zEybvkLhW y5yxBPyH5PCleDM87YgHkVStgryUbU+z/x7gN4Bz0mNoaoddrxVeyNFfJi0Ao9VePvkSGOzZx/AK4v dJKB94ZJ+XndzypqJpDS4v/ETYh6WSUOgsySRju4Ew62J3jkSroWU2E8OJcYsBV9PFwxjga7LGZTjL ingXJAt8UvFrmIk83HqCCtAp+MSbX39oayG4Ak+NAiz+nSUFeWACASb/2oqHWB7LJcCuIyhV/jksq/ 9Lscn001s44mlUqgjQm2EkfbuZ33cc X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: dqno4w881zuw7unmwy1jssaw184nnf95 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: CE02E12000E X-HE-Tag: 1690202942-394718 X-HE-Meta: U2FsdGVkX18FuZw6Y56481PesSbjvRLHpFHpBPBzh2aiKuiWAhWOJAXwcIH8200wXiuf7xwCrPBVpZ+R8frM4ImPxwkFA9Ci/bzmORyG5gIwezWjtEK7+dh+vOZjeQXVR7B5aHjAluUh5wXffNeZK9W92a+rD3az32yIr719CuVEpl+Voyo7IWCb6EAGq/Q7eCLosU6ZphvakkuVLCy1wV3JPlnvgwITYLpFv/daO7IsU82rZgdGPwvmVdftSuZTu8GoYjLjEg+W5rI99nSW51xCP7ozGT9iqES8CRQdTWMLYq/bVHEvlbzS8VHOuU6+PrmF2I/eUAuyVKPAKQME/4IcLwLSEyu7MHYqJbGPfTFNT7u+7k3U7ACFlxNvTDyHA2JXAPDQje1rQuKIbaOsfFmX71MGyUBV1Dud3LOKwQp+7XuXnynjY12kwd/PgtXjqLltb3cgJnX8peXzcobE9mnQYyU+4kB+OnsmZ71Ld2jDlxKlnIse7DU+79Hyk4piNFtTj2vGL+VZmBD1xClCE2X7k1UBT0qPg/yhC+cnhtog00yqnZD3PQjpRmPU0mTDP4ZIqFO35HmDR+98mKc58KR6H1ubv8q0o0ga03Fyp21mZGO43a2maIKoc09pmUpSMy9StJtPNs7bCbCe6/hCkAsatouXsXYr9uPSgCDYeAEArXoKG0N3Lor0Lb4s1EomkBYqYX9l186OOATna2NxDuQIGQ+vBELt9oBuN8i9/bamVVMdO+aoH2SB6jkJ4wjkMUPfE8hgOzWjpEhOV31Y80FatAMpLyYD5yCAbBmVQcws02k4OMwslNN1cqTc0r3UvDnK8tYwOhiWdpS1sO1Ny6MGWRsYGVBByItV7G23wzpvrBiYMxdyV52w9GCksNKVnZ7DJ7quzWNQVuuvIHAk7m61WYQ2DjjYZFXwNGzNKwAjxiOKuOAO9DwW8Zuka2ukhvarUR+aT0UpYU1QACi weyCCauj cMZJQo2drJ8dhwWE1PuBYrRBmmed2v4sADZ/du2wX1UDmErxVbxNPoq6T2E4j2ze9EPKFbZ0IjnnVrK0Gtp5ZvrPybSU1q9sk7DaDm5f8G33YJ/N/MdjjDEuZgT5IjDKQsqRy/uTvQDbvNCTbcu/RtMCMJygZ8W228cWe6Gvv5p5HrR8NBEI1LD7MMS1+n9dbpH8Gf8sJB1go6WC9q4KtahIqKZr3R91nLunARTpNVd6befMSZd+bg9qo5tB3nYEveCDXgIPbLbjnetIMRmajWFzCUXQojx5EUwjRk0UwAGBqjVF7YW1o3AkRBiAkoKDV5ZQjENlaPWCM8bwgAJvrW+nsUXMQ/PjDrw1MeRKrwQghNwI49QbBF2ZUN6XxroYzjXnDFy8NZnIFXgfytig+hrEWZD2g9ylK55S6+HVoqfAuVsg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We do not currently have a mechanism to specify a new GCS for a new thread so when a thread is created which has GCS enabled allocate one for it. Since there is no current API for specifying the size of the GCS we follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. When allocating the stack we initialise GCSPR_EL0 to point to one entry below the end of the region allocated, this keeps the top entry of the stack 0 so software walking the GCS can easily detect the end of the region. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 7 ++++++ arch/arm64/kernel/process.c | 30 ++++++++++++++++++++++++ arch/arm64/mm/gcs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..4371a2f99b4a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -58,6 +58,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size); #else @@ -69,6 +71,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index b78f60d4a1e4..8589818166d7 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -284,9 +284,34 @@ static void flush_gcs(void) } } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(p)) + return 0; + + p->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + gcs = gcs_alloc_thread_stack(p, clone_flags, stack_size); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + return 0; +} #endif @@ -368,6 +393,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -409,6 +435,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, clone_flags, args->stack_size); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..1e059c37088d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,62 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK with limits of PAGE_SIZE..4G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK), SZ_4G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + unsigned long addr; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) + return 0; + + size = gcs_size(size); + + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Mon Jul 24 12:46:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324640 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E37FDC001B0 for ; Mon, 24 Jul 2023 12:49:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 88B338E0003; Mon, 24 Jul 2023 08:49:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 83B8E6B008A; Mon, 24 Jul 2023 08:49:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 703F48E0003; Mon, 24 Jul 2023 08:49:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6231D6B0089 for ; Mon, 24 Jul 2023 08:49:11 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 1E2DCA0A4D for ; Mon, 24 Jul 2023 12:49:11 +0000 (UTC) X-FDA: 81046485702.17.F51EA25 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 1FE87C0006 for ; Mon, 24 Jul 2023 12:49:08 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="h4MiWG/1"; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202949; a=rsa-sha256; cv=none; b=N0WAwOauD9ZfNFSNXA+c1glX0QNY6Sk2m2val8fBCJoBFhJIQnpFIOEV512hpI2rY0I2n7 2waxwliAaAeK42DssQblGHPY+gqzqAlOr49w2R2O+RZfzeovaoUElUfOw1KPbA2UP/vOkf ozFc8ltpgK3KuBLaLt8iu+XFk/ATsUc= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="h4MiWG/1"; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202949; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CkR4LcFi/Apf+N3CqhDJhcfTx9Wd0mE1G4u6yDFXxCY=; b=gFQxCVEaTsw7PU9baBgDOMSRSLx2UrjutM5pegShTYiGz3/57FQURgK2zVxCKPRiCCBuA2 SZnFl4zXHGOeV+BUxBwcJdA195Glxv62yPGiRZmsNOjsboJ+ncCpEnFTWB230x+ShDPHaL W1NQ5lvjC2oeQOQrjx1zarOn4VzoH7Y= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5836961157; Mon, 24 Jul 2023 12:49:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E4BE1C433C7; Mon, 24 Jul 2023 12:49:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202947; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=h4MiWG/1sIFoIspyO2WVZRg2EbDLJmWhXTUSuSbvDLR/pOit1Zn76FYgCN8c0cd1Z YdfSis31bz4LW9AuOpijUGengzNFDDLBwIBGkFXVwlXKw8FXWvokOKBiXfqy0X9Z8w X7cdJ/PiET/I/XdkDB2UTN89Y50wgkUegTG5mtuUiVm+NdVGNsF3TNI026SVOx7/kK CrS/uwtdpmxvWOWeFa7vVjuzioBTKmlbP7HAPqxP7P6TyAjSmGeXsPJVs0g1HfTO5+ pc0ZgaMY/XAxSvMd9smLqK5Ep5K1FlEX3Iu2cSzfvT/jRdPqVWuVy8nSg9QAEoQa/r mDFlexwZd7nUQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:07 +0100 Subject: [PATCH v2 20/35] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-20-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5673; i=broonie@kernel.org; h=from:subject:message-id; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKjsWMyjDHT6nsc5ASBE3kr1s3jQrX0pSd6V5/B NRK1rHSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yowAKCRAk1otyXVSH0Mh/B/ 96RYg4yf06IdtEDKJRAWQGZq+kX/mYRpStm3p+QIzWxx9Fny7LIxlzpAhiXVykRzvxlyT2zBIQTXyf bZtMJWwmAUzcFp17ry9TWxSCzyFZGYMy6aiTWVvS9joxmlOGd/y2HhpiJx9U450OSJKtU9regGZXtj PBlL/KdoHa34I5u8yL2As+RUsUmnYYRZVtVYUfSeKLQ+ZYem/3v3GM+Rv3WBPxS+kyCZ3E+zXtzlhe bHSHP5vW5ynIQmBRo/W0146dxlMufC3D4VDTTVtrfgbXNwF/Ly6pmQFbV9quECKuZTUw/9NR10iMF3 TYPGLU1PDNcfyXMkrNgu5E2D/tnp+3 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 1FE87C0006 X-Stat-Signature: 8bmm635ecnbfidb77hyraj5jti6138sz X-Rspam-User: X-HE-Tag: 1690202948-679125 X-HE-Meta: U2FsdGVkX1+USIteXcpBCHUiybL6zMVBgMKTH+JPlwOidOIjRgO8iSMyjQj35NcoiIDlv7p0mORlHQFgozDfwIa5Y1AFc4mxNnXz4ZoZn00WinsIcvCjh7vNBJ6yJYBNB020HJvuibbGncvgqtToRUunL/jkNZsg9dEm6IpnPH5arP+joFKjYZ1jiPkT/7sUAyrWRWexUCFwS9D+ISNHlTW/rUxQaq4SCDIcUqA1TEXJazVQZXc0SpUpCl3iPrygLaRS+HmLlE1uJCQ7+r/h9Y1ZFWwwYC8TPT/FflX3VknYMsKtgKG/1Fe6Y4uL/vZvO9kXiwYgCK83Y5glC0Zh29NyB87hI78AoUSXeaTwVu/zrtLOzt4ZD1enKWl+2+hETSpIMW0KrHA28ScfTt5VK9YFNnM/p9wcRLUoh2X3ZLuv2RldbExYsdo9s4+dLiBryspuTKcBj0cCeJFWpfBELd+doKsAfs/LZNQ4CF2lCv2Y2ToZeUatTC9MoKIMsfOJRFh7QvWs131E0vcem+e+d3Ygy/b+vvsyrAeWeQHVGgdI2kuog2IpwVrWAD6nrqlhnfTmgOSIDOaPxLUCdv467Q8q8BpRAc4D8cfgCb0TKbXzojOerZKhBl8I1rULyjQ8hGYGiljHwhvjya/6ORYoh6/W4UtaKWqDbtLeH6T713Z5mST1Hf1aeEDDIh6vvXr46FkSsRbUbuotVS+0tWmC+eLfvV5zgiO+s4qqHzeHshEfqc3LMBcDfab8uvvXkyuCetoDc2NaPrBGtuhyva1iAf8odRRCAdOeTeELMBm6sLesZr6BHl/KI33aVCIhRDfp2eHKrg/5FPkha0Gf8HQKZkw3D1pYu+qWKAFSc9GtJ+sIg7xqSJFUaBGeVdRrBc9O1iBKTmKWITy4rhncQvvcFRuXr5Kms0WKI5skl8wY3IeR8CT2NHv3pbIahunB7LANMwHa46JO9sn+iZgT3Ph NurZdR/3 o4NuMr+D5PN/EAxDMTJQGQqEKbwcrrJ1b1E4Qilv+cxmuTgkAJzjh7u683sHnpslzAeyYKMRZzg9jTMt8IpLVpYAhZi7JHbCPxjnIMbuS4L19+O03O8lv6Bvmq1yTNskGh+aH7cIsv5GL1UYTBBcl0ifNXMpxZfhi+IYgRkR9zJrE6Ke//DLPHajPSOFJmDxdz1hHthdBzmJXccRjQzHEn1aYYQEgaqB/TQBcDzUuDB3a5TWpaQc06HxlaBqFUXYwQ2Lr9wLUyex9Gz6Z8mPdEf2OY2iqGAyl+nyVP0wfcLAzKOAQJdxqo8uVFDFYyoRIQ5P5LPUE9wPLXtYx4t6sKNdyksgdo1PjoHnYSkHSqkKppvtltnmcvpcdfQnTcsxV5/d+FckhG2Kg10u/hkvyW7xGgUmtYFX2cQUP6uxvTogf7X4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..c150e76869a1 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -61,6 +64,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags, size_t size); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -76,6 +93,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f1551228a143..e4255749844a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 1e059c37088d..64c9f9a85925 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -93,3 +93,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Mon Jul 24 12:46:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324641 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0CEFC04E69 for ; Mon, 24 Jul 2023 12:49:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8DAB26B0083; Mon, 24 Jul 2023 08:49:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 863548E0006; Mon, 24 Jul 2023 08:49:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 751FE8E0005; Mon, 24 Jul 2023 08:49:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 667416B0083 for ; Mon, 24 Jul 2023 08:49:17 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 3FB17A0A4C for ; Mon, 24 Jul 2023 12:49:17 +0000 (UTC) X-FDA: 81046485954.24.2E83E89 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 6350B140005 for ; Mon, 24 Jul 2023 12:49:15 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="iW4c/cKl"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202955; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aGcCrhfnO1dSCRAUs2DXmf66G0/RvuP8oXDk+bGaZoU=; b=Ohz39JPswTtCIghdwkBdKE0Fuqe7o1HZjaHeGKlU+iIKOrkiwwU6t+q86Dg+UbiGxb9o2P lzw+kUenmsoylikZ5X7CHQsqFt+NAnQLqlxjYrsEzQSL7JWshoCdK4I8DYmy+3EugUOJ6G LbmGB8rvmgza7w6nra1TWqQtopdG9yQ= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="iW4c/cKl"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202955; a=rsa-sha256; cv=none; b=8LF4QcYsTfQvXlE+PRtifOsVAhwgn7s841Rqhdvcup86q5/Mo/oGcyPpWStciyeh9QNjLU jpUPZq3IOScdXtB6poXSXOJ/hbDvUI+Eoqf5fzuZtluhNNTh2GnvqnSCTYl0Y2Lcy5Xzqn lS6BMh9GHMzNGj6Zcd61Hf1ofiaUKjU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 968746115A; Mon, 24 Jul 2023 12:49:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 326E7C433CB; Mon, 24 Jul 2023 12:49:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202954; bh=oiakJxhCl2ggQgHDbaP+YYLLswWzPu+vDfVc2y5agDo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iW4c/cKlMkXGakJEmv5ZwTIxvq878gnNDj+1oSPH1KFmgWa6wBDpZxSUhj7nvUg0R C7EX0V38YzWq4SHlqfCI/khHXiWAYgGihlh5r0pD3fSIOgJLNmHqrVVQc90LoUiYV2 78UomftH4dyLkiXIShFrg03qx0augPdJW5PvzhQYlbrdlVazVDdixcrfac6GMQaPOH psokPim4W/YjQvcX/EiPPgtL4JOiu9KUKxZMyBelYO9nJHA3UCs1i3KuzVjoznhZ4x BnQckU+EdV+0GilnY0gysLZXiNFw62zJxnzQuAJbSwrSSfz/hJ1Mjfob3plWceCAWu Ie1I6yA9wwfdg== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:08 +0100 Subject: [PATCH v2 21/35] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-21-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4500; i=broonie@kernel.org; h=from:subject:message-id; bh=oiakJxhCl2ggQgHDbaP+YYLLswWzPu+vDfVc2y5agDo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKktMiW5/GsUPeWzIjvMe318oOP15ClcHBNUp4G MyFwT8yJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ypAAKCRAk1otyXVSH0PNoB/ 9zFHT1nbXDtnhngqR1FqjYTuHzb8PFLjwSV3lGPDApwGMZUbIiH07S2VAlsQBAKasLM8PVd9fz280e cMzuJUk31R6C/icE3L4wa5pjg43SqaF/ViWBiD1gfXsqb67Q4D/eizuJy8uSsDCSUT295YUVhsWqvx I/DggO8L0BTSmd1MeKgyqhYr+1cbQ9VuewlaI3JYErjhqxxNDo1dn6Ete7+Zyhf6IbxnHo/bI9z6Jo MKQyU0WANNLBpdu2O9cdoKBa59xw7dolesWpa419qwAQ3eNv1C2CKkEBXnF9ARkGRXA0ysA7CJQOJ7 sfqPYQo9jxN0xvTRaxLXDO3AaoYW+j X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 6350B140005 X-Stat-Signature: qt9dw98sf4tm7yoq1fij7ns9j1srb8yj X-Rspam-User: X-HE-Tag: 1690202955-790779 X-HE-Meta: U2FsdGVkX1/oNUqYLcfjVAzjj3tcdcNVxjvMKeFhjuXSX7Y2OkMQ9EV8JqlWDTUXZgS66uugthIKv6muX11Zjm96JIPYg0hdvmijwSX3zANpiM4vvGOJ5FbzDNaCxx2gJUPpWZEd2ThkeLs7LIJ092rzLnI0VqXhDgZi2zh1AV6FrK1wLiDYe9vlVwfJFI0FKmwJadhQCSzsWY/4C8pU6WsCFCgUw5xTynhIqscRDc+IzyYH8nLYcRsRYusr0sfV0ai5YjWcBXNI+PTH3gmacD+gUfNx7v4pw5V5qF+AgFma/AjYBxl3KX/JLSgLaaFdxekC1yfi4s36suxUfIF62Js2a1iuAtuGGbSbFrjHjXxxktEHvVSWMHXva9M04Yc/FR31H82WIRX4MTpHlpNYIGjj0vKELYeHW7AF4qUUcCZTTzy3qlR3fnCtAOdTEcY+RBETd3M1lNZcBTkQ2PsF7kPf5l6YrwTUCem5bjcex4dzApmFjxru8vb+GUdeVgoWhsxYXvjjP2wvnkY0w4iyxmt5d04GwO9HZjruwWp3EKLLbaPF1eYqAu4yhAuVJuJXScdYLSRP9v/jeBYkmf0ufVVO5J3+O/TD0gh5UL7EpMIVF18SwXSpbpVZXcYM9mRlQKgTOs5SUciFCfamVKPqZgYcEmDpBDEqlQfewczIfUO6+AjgCPl9Tlod1HEba4m0kVt9y+fkd+2s8SfK6tQIjf/n5QtVrB6lUjk/bSMsym8azFaIMpt5tnL6n4ZbUlCQiQh9L3PidLaX/SmXeoY89SSn5MzI3J26NH9OrzSfHsMuF+kIcf3OuxoMD9/ao7ziSrpBhdggrbyz9ReKti17a9i46pYGk2CfNhWlUbi5MP2pr9ykUsrKGKO2X6ycuOnlB5w+Htby7NGYXCrdzbEg2BJ7eBhlI2aLFxrEijVY7OuY9ONlYGNmaPOFly8k8t7bbKLyxV+vHnR0D8eYPf9 O1jWCWWV GZcoFyybvpbPAZHd2yb1Z3GoOkmgyf0Vs7uSY6ADypez0ZJi2HwBGp/xaRvN0YQs7cuPlb4BuoJ9Plc+Us/DIGSvqJJaisQASADPstT1glRW/qIQXp398EYt8u70qqPVoD7WHJbtQTFLg/Sn8ErIrPOrxhAPLxoPc73/goM1IKcLOTBY6D8MBSjQYO0DA6GHq10XOsWwGp7bJBW/ymgbisMv5f8rYjxPsGTvHRY10vAQmzD86YBaoSTxSE+GJjgnMt1dUHx6jDQotaO2oJjhw/EG2SltsGXmfB0u30iVLylRWb22+BCPLocMjJtxo6xSpk3TM0A5s32qdVEuEh/8oLGC5LbNWVTMd+kRewQvQ6uXHfVxPRndzT/bMQkyfxJ0nI8+rlTTWJBDWZ2X11qcEY4DGoofAI0YnqUy124zRyXRK4dT2I5PzQdd93RxVEQk25xXdNHDRLPh2fshYupgxQLrSgA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64, initialising memory allocated this way with the top two entries in the stack being 0 (to allow detection of the end of the GCS) and a GCS cap token (to allow switching to the newly allocated GCS via the GCS switch instructions). Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 50 ++++++++++++++++++++++++++++++++++++++- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 5 +++- kernel/sys_ni.c | 1 + 4 files changed, 55 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 64c9f9a85925..c24fe367e15a 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -52,7 +52,6 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return 0; size = gcs_size(size); - addr = alloc_gcs(0, size, 0, 0); if (IS_ERR_VALUE(addr)) return addr; @@ -64,6 +63,55 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags) + return -EINVAL; + + if (addr % 16) + return -EINVAL; + + if (size == 16 || size % 16) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + cap_ptr = (unsigned long __user *)(addr + size - + (2 * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + ret = copy_to_user_gcs(cap_ptr, &cap_val, 1); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 03e3d0121d5e..7f6dc0988197 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -953,6 +953,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_cachestat(unsigned int fd, struct cachestat_range __user *cstat_range, struct cachestat __user *cstat, unsigned int flags); +asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index fd6c1cb585db..38885a795ea6 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) #define __NR_cachestat 451 __SYSCALL(__NR_cachestat, sys_cachestat) +#define __NR_map_shadow_stack 452 +__SYSCALL(__NR_map_shadow_stack, sys_map_shadow_stack) + #undef __NR_syscalls -#define __NR_syscalls 452 +#define __NR_syscalls 453 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 781de7cc6a4e..e137c1385c56 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -274,6 +274,7 @@ COND_SYSCALL(vm86old); COND_SYSCALL(modify_ldt); COND_SYSCALL(vm86); COND_SYSCALL(kexec_file_load); +COND_SYSCALL(map_shadow_stack); /* s390 */ COND_SYSCALL(s390_pci_mmio_read); From patchwork Mon Jul 24 12:46:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324642 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50B90C0015E for ; Mon, 24 Jul 2023 12:49:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C5C2A6B008A; Mon, 24 Jul 2023 08:49:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C0CF48E0006; Mon, 24 Jul 2023 08:49:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AADCD8E0005; Mon, 24 Jul 2023 08:49:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 9C6FF6B0089 for ; Mon, 24 Jul 2023 08:49:23 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4241940AF7 for ; Mon, 24 Jul 2023 12:49:23 +0000 (UTC) X-FDA: 81046486206.30.742AB3C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 5396240012 for ; Mon, 24 Jul 2023 12:49:21 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MkyzOjCu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202961; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=avf8c6NriBeIYSdGAjlnwqo3ghTBk5MRIK9toslm/jw=; b=UeeN+0fhoyeYxZZT5RhSipKN16fvON6IY6QsNGpao3sqRMIghQ7VfhVlqgvk0G6Jgt/4Hu 4Kk6AflXGvGYxYgRFY9D3G9kXwpJLKEgXglhnU19Z7i9wO1YoY31ALQkbON6q2XEKde3rc fogr0CjEltZPafXbm4VuAaZ+Xb+s6Oo= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MkyzOjCu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202961; a=rsa-sha256; cv=none; b=FNsANtOSkeMK0O+As1TSdYJ1hEvbGiw5vraR7R4R7JvrrIMp83shKr5tjqIPXb/rsqIkEF eSY2omJI3/R7JdVNN3MnItrLV/qChDsO5JJDpspeLAIqd9YiS/YM9c5GF23hzBGXoQHbBX dP4R4n/Bq9g8sphajUcxAeVxSHW06w0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7141A6114F; Mon, 24 Jul 2023 12:49:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73C2FC433C8; Mon, 24 Jul 2023 12:49:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202960; bh=vU3mFonZ9R73efM5GL7daAlkx0Z/33akBDEmJa7xPQU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=MkyzOjCuu8Deocuhrvvi1inGIBilu0vgZXSrGfWRx7fL9FPIiCokKHlXzSkhlF/1z Sc0YOvrCp005XGyrMjAlSy7rWPbEPZYL6pZySBGJs2Huiyp1mpnzPlbf74ii+ZILU8 wwyqhFvGLedrc3Iae+JqpR53aksmEiyQ2/ovirrleqC4I6BCM5ULaIvabVxy5QgnMO Zwx5PVQhu6Y/V8imXAbmX1Dh0RrNc/nlCYE7A8wW68ggPqn9KusBixfaeO9swLHA3I QeanlqrjflVXjG+BuJL11IBiHbQOXzSa2M3hRYo7pbE0Vx2HC5cIaHYmx5Sxk1PbBU QN3nXQK0FdDsw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:09 +0100 Subject: [PATCH v2 22/35] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-22-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7272; i=broonie@kernel.org; h=from:subject:message-id; bh=vU3mFonZ9R73efM5GL7daAlkx0Z/33akBDEmJa7xPQU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKlYDZ8a3yDxfXt70JJ6VJkCPZcotroEw+3xNzP z6OF5QiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ypQAKCRAk1otyXVSH0G8EB/ 9+FXhHXwaGsvGEnnpV8czCv6vmpgaTlktYLsA9YDpa1sFtseHoS1w8XJ05hBDmrbJVQyVbMgj5JcdK OCjXnwmrd4147zGJ1JXzfvsU9Tuj+KAOp/6P7ln79JRc5iPrdYqrfgfUW+kb5D623XPn9fH0VDxt5Z /7WA0z1HSjsGdBrszWw2gvTzY1iNaYpbP5np2oE1hYbvkGQo+rm0nFYwJavCwMpeHWit/P2j94sQ40 g3ymMwL7ILxoL9EAV51R6MCN166GdsrECmXOJBL0gLiyk+p32gaSZwvEI7AAz8zQS9o/wWrzBvlJo5 +e5DYkEkG9UEUyljqjFSM0FgrjFvVB X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 5396240012 X-Stat-Signature: 7crcut6j6zws6quxgwn1jtzxjmr41qe9 X-Rspam-User: X-HE-Tag: 1690202961-952008 X-HE-Meta: U2FsdGVkX1+CFTnkP3ZTkkSddXI+Nf9ZaX9GLcfqgG3fgdbjhRJ/FojkNGSv+uYvktpGe6HUUhX2RmMeaFoC3mUoK8LJJILLvyaR767KeW6zJPzrIhWOdeiZdxNDnqEqlPoB1wLcblvh1OMdHwpq6mCdUmhnkV3o+cUQH6cmDjOp2R1tp7QKfyoooY2wz1chk6eWOCRw2mU6PQ7Wl0NGALk+Pvxzk+SS+dbnr6YtLK81JGIbVkjBYN4hdZAT2iHv/D5ufAkjAhJwrvJBDarQBT7Bd04cayBX/SZ3pU0k/ty3KaH6FVxD9hZ7EouQ0svBDxHXF7RYCKDljAL1brm6cfR3BKfR3Phul6Ua4SAKmj9nDmy026fqh5A40yPvt+ofFkvz6J48O9FmP5+nG2GrKpVCbOAn9xvtMizR5AWgA5I7jXUI52ASfv8yDLhPwOJLKCTGppWXs0DJr7ylPj1O6CuzwvNvIBrN0ALnkx6cTo2U1rMiYDFn+4E+UUCbiucZLDufWa1447xkmrntKUJB8+gleIs/c1W+dK6BUTZBowbCahZXRqNMw8xDWPm9IiCqVoP8/1Ic6KHv4cviwyV61O4wjPSjFAHzg81mr04NY47IOE4ajYEx4oCq+uTpeI1jQ5tRNlaCImWK/mvpuI8DpCkSzG5rf1BhTL6VnNSHxZY1QrErlMbO5iPSXDrAWbyuWZkQigL7w2ru0FRJtSt2zTssPjKhvXS1Dl+L2dwz6sxFd6YdfqxY0UIMchDzS0U4onyDOWuYHSc9GnXp1AhFaabpuLsswncbP2qBAfWLl6XvVN8ytM2RR5Qjn3jx9wcDCkcxt7lVPUcCe4V0rVUs0QWDa7EmZTQtxmLscWw0zEQx3dy6ay5nDhc1CJ35GJq+8dxFRfDNhETdQMbVsEPkFU2TS2YVGQX/EhB2HLbw8SVdGS6IiSObPn72hHjSb2plrtb8hMt/dehRMWaMnYO LMlMyiD4 NCwqB8tquIpISIIQwUheiIwE2vCJYoEUv9Oi1UUrmWGYDYKu+9xBdNepsf5Co1wGrS73ClmeF56tmIwD+uyuKfYZ9L1/+w47IhDPR7kii8c49Sz3YIVyX4SDS6rrLhNg9WVCwPpbaQqnjSktAw044wbtDs5h1KAiHLcxIRaJmXu1ph95uiUKssh45lkrJlaX/WA4ryVIdCU63KwW7T8lWwatZeDjlzdChgsWrgQtsue441S0Y0giK5FaMwbMxswnyJ+68wjiJw5wdKH3RLP5AcGZwB6C35WjiY6O8IYgrqOWpBs9Ie9RxuOIZHaHOaJIIWd8vrAfUXEimoazwlss8KNFUlobzVe2AxmgyzTyA0ZYWfrjb1ZRhHB6eV4iL+NkaAQ3EAAL/mxEIHWOQCm+k/O4mHLV/a3WebE2X7E2kKRE7lGE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set which we add on signal entry and validate and pop off on signal return. Since the top bit is set address validation for the token will fail if an attempt is made to use it with the stack switch instructions. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 2 + arch/arm64/kernel/signal.c | 130 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 128 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c150e76869a1..65496103d462 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct ksignal; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0df8cc295ea5..1c31be0f373e 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,36 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) (GCS_CAP(addr) | GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != GCS_CAP_VALID_TOKEN) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +846,45 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +911,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1144,52 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + unsigned long cap[2]; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + cap[1] = GCS_SIGNAL_CAP(gcspr_el0 - 1); + cap[0] = (unsigned long)sigtramp; + ret = copy_to_user_gcs(gcspr_el0 - 2, cap, ARRAY_SIZE(cap)); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1197,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1237,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1267,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index c24fe367e15a..2aa31a3891d0 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Mon Jul 24 12:46:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324643 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 907AEC04E69 for ; Mon, 24 Jul 2023 12:49:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 30CF38E0005; Mon, 24 Jul 2023 08:49:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2BD746B0092; Mon, 24 Jul 2023 08:49:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1858B8E0005; Mon, 24 Jul 2023 08:49:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 099546B008C for ; Mon, 24 Jul 2023 08:49:30 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D479512083F for ; Mon, 24 Jul 2023 12:49:29 +0000 (UTC) X-FDA: 81046486458.30.7697433 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id DA067180022 for ; Mon, 24 Jul 2023 12:49:27 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GHEEhSCj; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202967; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Tv3ZQTe1vq0gXi/ckLnsUDbjI3sqm8avbDnc9Ul9ahA=; b=28THKwXRJ4PFpl/iEmiCwTTnBWtolz6/znHJ6SlKRkpyq1yjrqJpZzmiagzZSvi+pMPDHm Q9H5fDP8us1a/T5tR1kPkVnsxBs5UJbxkhXQHbkYazSJFnfBVOYxo5GdfWW7927B3BIuaq 24J/fC1o4qsLcRfLAz8dRmUwO9dNT5Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202968; a=rsa-sha256; cv=none; b=kmT2uem+3hDJZqrxfFw0nSVBS+r7rWSLXMr0GzCrkrGg8wSRG6v+61qvPAKy6oU9eEZL6I FhTed5YIglx0Vzvj7OgokxrXmDcxid75pkb9JiF2K2ZD3Hdj4c+1325CwJRl5aWddj825f 5VCRbCiutxfY1AkGHSTK7XY+iWPcCAA= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GHEEhSCj; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 19EFD61167; Mon, 24 Jul 2023 12:49:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B1EE2C433C7; Mon, 24 Jul 2023 12:49:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202966; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GHEEhSCjOiAopV0Dt0XrAzErX7cYYm3/SLNrI0NOL1hy+S7ZNKS9y0AxiMl8m4dXP +UjRxSbJpHdeDkYQW5gBc7xoHHqBIhMJ4XrmErqCXuA0MnlgNHJtMvrsSn5z3lCle2 8jNZRV9DvZMIWO+1AArfU+HmcQ43E+1gh6aZoIDeGzYsgYqgfEM3naeK8fSSOdFtjB Qjou0WRgxa6rSjNf+FQO56QQnOgZcGhg6Yccpaf5Kkdgr5wOIYu1Hb1JNas+t+lolh bdfhRq/ZF2YAbeK2b2kYfwWI//Pu5e98Evmhfi4Fhg3ch5SxRRc/qwIELpWLve0Jhr DZYadUqoaOlCw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:10 +0100 Subject: [PATCH v2 23/35] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-23-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKmegY3qr/fRcdQfvYRD0xDqu+y/7Y/sF1GauAD 7RYXiruJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ypgAKCRAk1otyXVSH0P72B/ wLF4CRNWKc0HpvKocLcXV3VbYeXJNlhHhIfH/NEaswS6/xq4YOQOpQ0ETsQPFd97Huh3S3vSfC9PEs WS0wxeyVO3J+x9vZZtXaQXVdI4gXHBKNT+JuaSDSiIEqvNyLqDaMgiz9PKLudvlkN6QDU+LTdIcULt lQnbZSvjG0VyRBSDd01Udu4PTVyrFVlbeqJ3TfCulCiCi8UZImIpmE2ia0CK+XHHf209y7rEbjqZfg bSulNjUCeWn2U+/mOF721HihqpGwb2h4+8m/Yy4bruobhz6HplXcXe7STAujFnl86ZfOAVWtdmWBfS NA61lQOkfFNupqB04eeDDWjus0LJ5M X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: meexapcd59k3n6yjw5bdx8pm9in8o33a X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: DA067180022 X-Rspam-User: X-HE-Tag: 1690202967-58820 X-HE-Meta: U2FsdGVkX18oMqM0iyC1DDj8Jf39yfKjTFqs1el9AqA/VmWiHAWcSCJi9RDPkleCQAO5U0dib3i/Q3xvlGh0ZwTd7kk1nDanuIqHVvvYHmyVFxztnOikjN6fHX7Edv+dAT1skMB0qpnPAo0aZXu3dYuUaRAPfsLdBfNE9PCvytSvBqZnOuvwF4uvQf1UTBqZXGP4GTV4Vkyvu3SdlclZPIYAJd+AMsMkSAUiJ6QeNyLfMAzn5S8So5BV6D+IwuGLWaq/NtSxn6dI+DqVcNc5rDZf7q4aksAdS83lsXmsGQSWian9PSpFQgyLZmGL4iAe8eUP/hwzTJ2mu9VNnqDbuDjU8dZVio2+vZ0Wcnr7R1Lkm8GcYeAkNvvE41xzvka6MgE+ucGptlWuSQTD58Ew3tfCk68LhnO6IvUvgjPozzqBx1GDDFJ3YemCquQDkbo8JWw3PjwVb7A4B+jIBPSoYQf6ZYp3nZwQz3qGJbcL6ipzeg1MgXFd/hPapApA64ltUyNMXMOmVnSSTyto6vgbP3EQRgEHHhSsyEOTMW2qrbXCHovn3rI3TM+Rb8bgNupWlfTOKTMLNPYeUKW/fFbLzlnvy5fiYxvFzJHYTh6onAn4PlM7QZ/9q6Era8j57kpjyn2Z7B2vXPxGmhKRqB9E/96NYs5sx/ieecFkP8lCpJ/zgLe0h5C/mSyT75L097tHhT3F3AfjJpsLMIEEVWvFVnuX9qKkB2Y6X7yVgUHobJQ2qrZuBK/B36zgLuo8jlwF9nfksu/C7crzz78YMhcn1EuUFp1C9YvYBFTM79bzm058zp2wJDH//Stnj3N7W0JxIy844MiNXYBcJaWK/9pt3wvKRxddpWV2BsJBs3A84+q3Dqf9E/FUq2ePkYfOhOGO/zpd2hp6amEDD8A+Sm/IjuZjX/cu92a/UcCWKwFuEGKJaGtxIX5ofXSUHgPDTGN9gwIBS9kvqUKVvk3inmL 1sUvY5Bj EimFITcL9zbh7CFvdCoKY6HPBuquVD849lhM65r3U1S8W2KhdbG8pVwbumhBLTC/MfW2jwsgDy2tftnslrCbVH2PiOpFBl/rXDF8HrqOleiKlfpoIb40Y3LlLDMnotNSp2ze/AohovDIiJtSE2DXqoIxGjOzELtP3lcnPKMEwhkT1ChJA5BN1IdZRTiiZPpIrh/I9Ghi6SyoW0jVJJqfBuPM7rnQSeG2ZulAeeUomteaYaedJqASCkQ34j27K3VfEJkFhTU6qcamMEtfyaDjtZknO6uKuuwBgu9DJ07xqDXJael9/k/bYComNE1NPZxIa8iM79R2uWQ9vmkubuMC4EXghL5gGp+QbZqrQeD/l8rWdYCq97g/WDcWHZ/Bcgl7MC4uoF4yfjsE7vtPFzM5msQiyUj3TOWkY1eTl6i9XIfKFHls= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 1c31be0f373e..4cc0c7928cb3 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +700,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +795,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +925,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -948,6 +1042,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1041,6 +1142,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Mon Jul 24 12:46:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3BABC0015E for ; Mon, 24 Jul 2023 12:49:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 866FA8E0002; Mon, 24 Jul 2023 08:49:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 814B56B0092; Mon, 24 Jul 2023 08:49:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6DCD78E0002; Mon, 24 Jul 2023 08:49:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5D82B6B008C for ; Mon, 24 Jul 2023 08:49:36 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1CF111A0A92 for ; Mon, 24 Jul 2023 12:49:36 +0000 (UTC) X-FDA: 81046486752.06.7CFA919 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 232CF14001A for ; Mon, 24 Jul 2023 12:49:33 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=S2by7fTw; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202974; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7Xh0jTR0r8+ize43vTl6QzYzhaS83l1nMVxt1u8Uym0=; b=bsGI5NqSgc1WZ6CkjITQzSsmYtybXUr02v0L6bQUEhP4zZ4yGvyTdpAd0ZcxYiLTwyc3gP 13WdIeCdH96E7UHc7gMuUXZvm/Cy91QQ2SIJNmF9SMAcQp1b87X8nkP9OeWlkkTlVQzZSC f7oQImOoiK6NXDxTWljE6fd6PEaDkSc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202974; a=rsa-sha256; cv=none; b=poCsS3P17nB76mAexrbFUvDyBDtKHIFYc5zzY1nlMkZE2+0JFibNQ7q/bBGug2yVFd4uSh hVNZEqOquTjn/WSTt3W90g8x59L3zOpRmtTgESBeiYEx6wbKeXA2rJuu7TJG6X2pkrjw8T Y30p7/NEetyD6uMeCorE/PS8IgbNZxw= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=S2by7fTw; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 72FA061169; Mon, 24 Jul 2023 12:49:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8FE5C43395; Mon, 24 Jul 2023 12:49:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202972; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=S2by7fTwtza1j7xK4vbG8/TPOT2ELIzrq6FBkXgnpc6RctcJGbowE2cdinUL4ulWk 7kgfWBLa3QPeh67Bq/HwoBGJPM3YKT3ieNSZa3vjgLZvwW6V298RjM3nH+udx3CZ7C BalpvWV9J6jGIyyXUu5c/FlFhlhXbavjPDUawnWhwgNT/Wf2N/860D5yMszrT+6AnJ u25J44GdZV9Dr/bbXzh20oPEcGz+lcIPgUy2JEBop64BJ1G/yRUV/1MQNCVuhE2pbT JmF6sNtU8bcS1oP52Rijepzl0lILyOL3xAYAStMey/6YrpMjkwefKWab1SHoNzf58u lAzw2ITdTjNfA== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:11 +0100 Subject: [PATCH v2 24/35] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-24-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKnsKf0W3lFoB635rzoGTaz2yndy/CskcQVKCzm 47uSwjaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ypwAKCRAk1otyXVSH0AebB/ 9puHQ2nwuUf5/vMSPRgsFleh5e8Wzb39H2Z5TEz9UwGoC/oIWJUEWVBE4rq/Rh28vaZI7jO8ZJyAta 21BWYzIEGw6stgm713SrMoFk2ZjG7RqY0nnGCWqcnSEb0pNnKbzaXp0reUarS0StFUw6hli3dYbmBN QtVbuiA+19RLe6CiXaEG8sQecaHQquhFMUjYf2OOpLdfB8IzlPHpE93YRBqRK8t1AcKPzkGab0+uN4 FjBtounVbAZNw2iobITFysaexYdZPhDsMqBbufwQGQhzhsXveM2YJWEjo3+yvHwtajHgHDwAjJpdvo 1whVPHF41mLonD9s5b5HGyBbHehGOz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 232CF14001A X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: nkwtpa978doif1toyoncm6mu87dsdqw8 X-HE-Tag: 1690202973-658772 X-HE-Meta: U2FsdGVkX1+SHHeKiPG/Ba5JbYMhZZNgIUL++3ITwWyX7HUafiPA8PDLKLT2DvcqtDVokRPqAD5zTVbo2d1mgi2VorV3L+M6SdLQILcx5fKsaFuX5XDEh5VNRYXv9x/IwTjxrkuQdCHVDHAdOqY0xP8ZbTIosQAWrNkY1EyNlsAaXtVQXmTcmu337h0X67T+8YWFcsN4slR66w7mJdDd03f1T0wFE/4it7o04+bUsj5okfXSl+2NBIgTe0O5tggmsd5Pf+jFewKKiKWz6Sx0lkNFcWQqNrSmzR2kR4SxjkICrCbmMuDwYE8W4Bh0X3vuy582THg77AdWu0LI4ybNzUU4ZChg31GLwHYWdPnpzMkyUT7ROLtzZZYCCkQK5elQUyBTZdpMbZ8RZTv71LT1IL+0t2fhfgP7Hw+gTqJmGPjA6NnHCEamXp3lPzgz3EAFXB5YOXynHeqcf+6ScsX4HkYs2/NJXFYZDSMRwKE99CZcNEtnc7PdDt15GJ9T/Ajd7LMlg0qzEgdGMi0K/aazcXV6AWoStpSRvJsp4mNanjDLR8lDp4MWKcTmW+Bn+A8rOsBFOzKySDqc7e74xaGJWeFxcnII+YEKrxB4wNTGL5nomTbw6jNqe03Do9bRxzeB4X9YyzrqA1oBlrvL+9JeJzwhN51zXdT+kRS9uwTFODwf4BOSq5wsU/A14PgIJJ4UQIr9gkLyillYCZE6pIpe0yViRZZoMpGmCQIxYDs9xp73qOSBw31OXrInTlrKWA9biN4GxpxZhFh5gOEQrVJfU2nmO8rEchFyllh7HjX9TQKQZ/2HTjlEd28jYZ2VNDs/FyAEjZqzVYlnLLYHOaXklBaBGb2ANCjBOAi+Qk8B9swXcmo/kxWQusiwnRN9snLMAs95EIO9AQucVkCpZ7GFbtxKvzUyVGVNYmpzepYe4U9qPKtYYQDIyqMgv3rUIOrtfx5RVKNzoN8DiFTsbQW uaUho7pS H66fV+Io3VotFzQ3NW1OKvIophroJpTS5cwlnKl2x+rR4TVFIn4Do1XeXp9dBCbqNWnNSo+mqBEhHeu8dy161lncc0beNjf4vZdTAbsRdhlZthPBmNqbp+yzs9WwcTuNS1THgfA2nYlaFcbPvlEl2/fsOUHazNu5axOwy4O8xkm8PDKMCYajA2av4Tccj/zrnDPh8ofrIBQS5KetQPTFl8hiie0gkMkEdpzSNTyoo2P9vEoUiI86Z92gHR90hnzzSyALnOsnTYlHJxQWHNZjnwEzQw0HDGj9xG8Zk8xxo4UKg+SpT2CKgeAAq0YASW/NNEvvpVHSrTp+hyqkZisETH4ZMIg0k+fF/cXsvSr87Ug24GehAAXwxdN5Nu/dHz5N35wvoKkmNLJWshtj5IN5I/XF6nvcRpP7PwauOYJPOibStzeExJNhCi2uPQt1RKq0OpRfoPniGkWrr5cw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index d7f4f0d1ae12..c159090bc731 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1390,6 +1391,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1418,6 +1464,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1568,6 +1617,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 0c8cf359ea5b..00f698a2ab17 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -438,6 +438,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Mon Jul 24 12:46:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324645 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EE60FC0015E for ; Mon, 24 Jul 2023 12:49:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 88C048E0006; Mon, 24 Jul 2023 08:49:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 83C5A6B0093; Mon, 24 Jul 2023 08:49:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 705A98E0006; Mon, 24 Jul 2023 08:49:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 62AF16B0092 for ; Mon, 24 Jul 2023 08:49:42 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 38ACAB1FB7 for ; Mon, 24 Jul 2023 12:49:42 +0000 (UTC) X-FDA: 81046487004.23.603DD54 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 553DB140011 for ; Mon, 24 Jul 2023 12:49:40 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UOuiRDkB; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202980; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=BnTPNnb7vLdvFR5WbrJlLKVTi36UZPFC5Hk16d0IDAo=; b=mdNnn7QOvjaS43ys/uBdxFyiXawkSeiNfS6sZLVY6tq1RC/0MspVEncGU4T7VxAIPyZ+br nRpeOZ+n5Kx8AY8HwpnATCTGMf633wmCx5AifYm3SdLC9zFkjCtXW5CM7lT3nXYAyvr9Z4 RGmmsV2Fo+77HBePJHP1NkXoTyIdyAU= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UOuiRDkB; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202980; a=rsa-sha256; cv=none; b=a3zT+OrOt7qsJ0MHFg6cgenu3/QulGPyYQUz3V5hnrCNYr+KQbs9zvr0p9jbfy7VP6Jh/6 Tk3EQE8FWV6Ffx9qoKrq3IYmZyP71qfFlddhCpWce/b4ugBrYPQgRTM2VCvWqGtIClM0W0 WbxV6yJFZRCmjWdIpMmzPO3oNEmcvXI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 93BCA6115A; Mon, 24 Jul 2023 12:49:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 38E35C433C9; Mon, 24 Jul 2023 12:49:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202979; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UOuiRDkBusphHSxvKkLrOi4hb6QDNJiEeqdsk+bAiNRlkVULSMR4LyXqN6lh8jEqU 6aY+o5iGUOA6CFekoyYKLuLpmCp+ki3We97BjjOgf1TovklVWs1IesDN2/4ZJCIFfS IKWq2s7SUCup5jqqhGVztCdgWGCi6H6vhnbavEeaeBK1/JuRYjJ9aPnPZUR/omR95F rxly5mAwX/l/+1i7EX1ua9A7x1W/LZ+n23XWxRezK9rDiN3SJ1xWbA9wJnBHy88E8Y vSfU0G78J8CFivTLw4aU6EPd8y37uIJOGTm2UJNJVqYpVChDBEi/Xr+hdmloQtpFzg l5nGgTUqt5dhw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:12 +0100 Subject: [PATCH v2 25/35] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-25-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1334; i=broonie@kernel.org; h=from:subject:message-id; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKnQmQDKgw1sV73XajzPOr/VVN8eYW4BuRVpTBw 6U/CDZaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ypwAKCRAk1otyXVSH0BjjB/ 4zmlP2LuDl/tCz3VO/DUeOVn6ZcSaI/xa1REDMlzha0SDGdV+QTgnOm9wNwq8WieSsejDlPhxDuvki paM4LrVSh1c5aAtMHMQ/HGCdvkCO5DgZgBqp71Vmbl6yz4Vi/gj0UfNJDOA3FLp9ww3m7Qe5H3UTpY SJsdjSeveABSRymkrBiBwjX6uOxi1DtrtMVpatbk1zkkjp5TTaBE35yRGdsgVgA8ODTsqZP5OKTSN3 4HIlACNi9tjNEGYf4wzBTSKJAaxhrT3jJQH6jMsMwwyXhVvlMx9/aQLLuBXlSZcSRJyqVsR/kzRIxf +bE7Fh1YOi9lG6dI2er5/PlgVCBoni X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 553DB140011 X-Stat-Signature: yy8s37i69yp1daastchxw91ghzk4uedq X-Rspam-User: X-HE-Tag: 1690202980-719126 X-HE-Meta: U2FsdGVkX1+fvWqfjyZSeX/5IfsqSg2XtIp6FDbGS3Nk6ZvGVOyuKQvjKn3b67aFq/SRbAe2ABr5eP5si7Z+8JK8Livv4pS9gNFLlH5fjkTKl12UE9QQBYhoW4uIC1GddVOj+08aVX5fRatDk8ZBaaNpPf0oYezcNGrqfaVOVF7nTifvaY8WC21CKDjFFGBGpbI9jHXykaIww1EbmJiePeix8YpqioI8cghXbJOofbHoYr2QzXpsCYmXp1PtmcLb2tY2wuhDd56fC8kE8S/dPibt8x8+//0rDpP8si1md4NqLgbHSGhbGpS623pkqZrB9cAgYGnZ1cxXv3oKAS9ZiuvoHxKTvDHIBpLjRcgQ0kVnVSFeoCUnSY8LX7VjaSrZAkFWx8D/nvlwRaoQQn+vaWJ0mxsNqYtw04Vx3d5Sv6lbmWBbn0Ffgw+gcQr3bFXSaPjPI/4pdy4KRa2nfvkfuY7hqC7CFK8aWJFCOpGjNJQB+r6XjWKvUrj9sbF7V0xXQvnoxnOBJ4jEd6WNGGRnSjtHAjpsMuDYNtbPrWIOsOevG4arfzfDodOhVsjCibc/Kr1Uhv7ufJMlkka1SgTbsXlL18rDIH+QvKpNqk2iWMamdBoWzjXuSMUTF+Mpw6A6iijRnSfVNvdkmghtZhoDp13HkvLBczzdwGRaa1Qnb/y5jmrzusZJg9m5pRJF2cZ0ZndOa8njWckaipbEZyiXlqS5kfqYcxS+4TWaCBw9pLpbZU6kigEWzjt9ZxXZtrh9kgdqnuyNXum6OZEigZwmAPxvbPoUjBmVYPmCMUDCYwdrUg0BLywwiapnsiQikl4R9g3LFpqOHd2yhztKd7dU+YKkqCIAOZ2bmdsBs3X5k59xM0/5GS/FqWbfAgp51C+U9VBsAEwOH8Ok8/JBACJe8HwtUhl3WSIDFirVVG6KrOwFChLcAeZvz6B7gzZlJ7Ea090uT//wa3us4JoNAEU VjIixaTj 0ySeK0ph5Nka4Vd5jFTNl2YttL3gR4TkZwbbj3qRproqalbTrC5zwi5yTDEk8TyLTT16toR34RiELV5+TsDuI/8q6dgPYhn93JfAhuCER1D/Epcs3e5jTRqr9mnWsAE2BHa3IeHN4H8Yq7arm+MwShjwFJQeOG41ixDQ+MkXmX1sqgs/Ly3Md24VW8vdhfsJAR8k20QKl8MsigJMf0fqK8d7g0/i8gyU26yuspg33o74pO2zkLhPAis0n5pCS7XeirmigJP7n17Sj37WdLjJ+wSLq4VnR7FUiMtzQ5PDARPMhY4ZO2G21jKKZ4LY9kSD10UJZf76jtWLzFSC23gxL9wD54LMTckHZ6dUVTJ9TwgrNjvizEznM2x3Ljym+UrRV56yUjeS7PTv1GWmdZtv802viqBuO+yINw7IMjcvrW7pk+q8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2511b30d0f6..b5ef1a698770 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2093,6 +2093,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Mon Jul 24 12:46:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324646 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 735EEC0015E for ; Mon, 24 Jul 2023 12:49:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 111F26B0093; Mon, 24 Jul 2023 08:49:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 09C9B8E0007; Mon, 24 Jul 2023 08:49:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ECD626B0096; Mon, 24 Jul 2023 08:49:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id DD6F26B0093 for ; Mon, 24 Jul 2023 08:49:48 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id B53BD120A5A for ; Mon, 24 Jul 2023 12:49:48 +0000 (UTC) X-FDA: 81046487256.04.3B705AB Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id B477F20023 for ; Mon, 24 Jul 2023 12:49:46 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XsJYHa+k; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202986; a=rsa-sha256; cv=none; b=NQ2v8fsteXkUMKtX4ZZnS906Ra3vM/SPEuXwthnhIVb2na7eZ7EBdeKvgZEmx9juJ9L0dL G8WbOWuyCGj2x02N4lgsuKTeqCcK+5jOEZJxWJETWmhO3TiU2MSBVrUp2xWzb4UTRh/ApX eyMxo9vQct3jA8Oes1yhZ157ui6MTjo= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XsJYHa+k; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202986; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6f2sHhBx1jepR/YNA5SyNc7wOpOk2HW/TCkILD2DXmg=; b=RxXF2m9tqu6i4I/PRjCNhEf0jb6N/XlQ6078SZMDeWFH+9R4gg81uSXc1bhhX3L6khSOEB h7H4srXGQSY1X53XQyKw9T4gfXHBjOy1ObaQsHX7uekdEtZDS+SUhKXADkrRnzUjogjsD6 SQaa4zbMEDlUEkavTuU+UgczJEhOxiE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D4C7261157; Mon, 24 Jul 2023 12:49:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77D0EC433C7; Mon, 24 Jul 2023 12:49:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202985; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XsJYHa+kIAgS2CCOa7LW/8nHLa52NtiPmwTpouZl0KMjTcwczWJae9MrsyadRYqp4 NjmpGvvKIqjNEZbIw1ihnZyO28RsU1vq8rf0vm313/q7CEMyRmYRwZ7MDdIFHhkyng t83jp5fU2aSUHOgp5bSx+cti2+h4koI/azC65FWVTD18niCraPWwpjAHyfOpKVaH+T YTuaHyxYss4pCnIKAjF3A5lqDVrogZQdzzMtedQefoBauCySoxEtkXuyHGrIMX+m/E 9GV6Onzc5k2gYSPBxresj9HoSJPMrmcw5u1C1lMAw/DX3mZO4s3nwBNtHhzct2rHrr T0q+KNBLoAavg== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:13 +0100 Subject: [PATCH v2 26/35] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-26-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1205; i=broonie@kernel.org; h=from:subject:message-id; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKo6f3jqr3UTwz6pZgSF+rdKksxp/uJtcwca2ZR AgUzGISJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yqAAKCRAk1otyXVSH0LM3B/ 0UPEO0Wjj2jDMhLtiAxLbW0+JmSRkL85UA8GD7f0behK4SZudUEnykSfwI6LC+7dHO2StbswpuE0md IfAL8WVuwJr4TTV2wog9c8Poi5AbnXKPq1h8O86dzjA0ccYL+f4P1CSepX94zyYdpxVnqDk5lYBmd9 BbLMZfUAoLDFVFkNxMMHycIrpEC/Tq2CH2QIMTdEHqTOcbMiSahlB9lLXeHlSN6pmUAEkioll7m+hD GH9RdRHuxb+j2j9EqPOAs35APr7sLaY0UOMs124NtTM3/+Kr4TzcFF4K2BD3w56v+uDEDxLrYxT24q dWpQqi14QIEjkH1aQLDG8jYPKLJTaw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: B477F20023 X-Stat-Signature: 7ub5udeeznscr7gwinxoy9to1mjohjq1 X-Rspam-User: X-HE-Tag: 1690202986-124941 X-HE-Meta: U2FsdGVkX1/6TqwhbUEcH3OqIKm8E9vYZQvT+1h5wBapwTNxf/TxWgf3KsAB1MT2qm3HuDVOPeReS7C4eanzW15wFUEJNj0cGhAUD6i7Yg3eytIS3tO5yC4T1QW8GUT6zMsPzE8OgYc2noRgHh+pXF+xJij3lLQQKlJUbijZ5Z7RcOc6xgi5WxCAt8z4kaO7rSvstJgMMGMl8vQDS+tBdmqnry1vBC1U1tkC8q7Co4LPxs9HJ87ey8dElSXDBrh3iiPKKVKvn+Lrjv2GEGOMEy/2KjpCozSV0SxnUzExxi0epZrqw6oVHlOLf97BYPs76VAPbBXslgAHtZ9wWPOplFK0vP/JWdARbkez/wIXf/mrwSUNmrFtVRUGlK/Aw1kMnY1rIQ3sN29tA2WuFMDlohsQ760Wa8B+IWAcsSOAr3/pBUH/KpCvm6OOuxHt4HScKO6eSWaYPtbD3HwKLZbYIVtqnuekI8X6O/4s3T6pF6EUAtX8eUq7Jat57GiIsr0g3xG6vaJlvsYIVVYFdFp1Dr3iMTaMpnC3cyaKbgKyyh4m+khjr/B8PHYf2vJUGys2JIVmB33hcoA3//YMnoITlWpCyyad+K+IlPvJf5JWiaXi9JRuTKfCqHd6pGHg6cohhKlgNipOaXjsCitchqUOhPPLdtpgJMJZWKAO5igFuVYUbd6RPVV8WfjmZlYt2nO5/xdJI3iMIS7SyXnt9O1EZ8LqhdsZTqsVoUpIsRv1mD/RsmLnB62/N8FUAkSK/daY7GvOoIhZe9kVTDaDVcPmeEpNzzg54z7hwGEd3aFzSWU+6RXW0G1x6LFZhISWYXvZlSj/Fv4kdqZvfedlfzKc+UryxYe5EYAoHCP7Q2B2fjdPVY0L9aTCFjzq4lzX7B4wRWDNLF1HmRUYbhnetp2jeNu2YnB19hKLdR5kfZlJiO10O5B0JUn9k+UdJZpYq/1DQCkawjAqrAGL9GxnMyu Mw+EQPZ6 qkGWME62CZxyRa2PviCHtF32t6km93Co3OlEFRZLcWE7Scv3xWKWDmglaieAXvzO27kSldh3dOyENYBjxvc7hRUZsdhdJpMow1RspyKA7+VmwYxigm3vhJeP1ELkyCWB9QujC2A1Hlo5sh6BESfWF5k1K6f7M7DSLZiMXhdlgWyOd+Ce+wUGUOtXt/zn/QU2MIr8ie3fWNOyMXpdsWdHEX6hrx9VI8yA/M2c2HyYlAeQtklVUz9dcymamOBtMTF0PKXVYjLo6VRa/hOthFSsJYGk+dxq+3bVYbFixLx55ZipJDlkA4PlYOqETHqtvS98L11enXd/rRF1ROFssjEmJ3lw2emixJ/SZt8uxLpfTxtZzjQSmUNU2pwtfs359PJemL5WB5XA2jy036lbnfnj+jotx7DozwMtdLv4DJN0OH3WjegnPU3G9iwezWn10lXLfIUVoxPHvOe5vcE8M2SZ1Ymp2WA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d4ad813fed10..38844e4c5aae 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -39,6 +39,17 @@ static void cssc_sigill(void) asm volatile(".inst 0xdac01c00" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void mops_sigill(void) { char dst[1], src[1]; @@ -223,6 +234,14 @@ static const struct hwcap_data { .cpuinfo = "cssc", .sigill_fn = cssc_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "MOPS", .at_hwcap = AT_HWCAP2, From patchwork Mon Jul 24 12:46:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324647 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 825C9C001DE for ; Mon, 24 Jul 2023 12:49:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 24AA28E0007; Mon, 24 Jul 2023 08:49:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1FA678E0005; Mon, 24 Jul 2023 08:49:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0E9A38E0007; Mon, 24 Jul 2023 08:49:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 00CBC8E0005 for ; Mon, 24 Jul 2023 08:49:54 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D560E1C9903 for ; Mon, 24 Jul 2023 12:49:54 +0000 (UTC) X-FDA: 81046487508.07.C2EE996 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id DFAB1100010 for ; Mon, 24 Jul 2023 12:49:52 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SGOel0zj; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202993; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; b=NpN3arOJnIp+mCR5hekBH6RZB/aCYepYBz22Bn3BLaDxNbCiBdpRK/oAn9pF2xzZ2TFRKC mCE/qwafENcDROk5JR6NxtvYa1nBvDmji6FVU5LOjnbfpt/2rqrz5p9UON29XC2C7lBwIa H4qDo3awb45BCA4JhOVr7VURf14LZRg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202993; a=rsa-sha256; cv=none; b=hTz4XiSXSgq85JNkqC8Tz/swqDiCGNKZri5Eum0G4KcQXXIqUQDwIKXK3VbPlLLChu5W5F /tgW/hDi5/R+7dr8F+xbXJxkfut9Uz08cZ8C/HTSJbzEBwkTxfi0auWxTtZO9TrOeAyRvq ypiLE5ekTlzTnfM83oNcLGNfK7S+wJY= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SGOel0zj; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2206061137; Mon, 24 Jul 2023 12:49:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8F08C433CA; Mon, 24 Jul 2023 12:49:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202991; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SGOel0zj3Xg2/V8CgGXmv5Vb5xs6UcZQZjnllfOer2XsJZVwiMjQSGCW28PzjcBo6 Yk9kG/y+io+W164TQBWcwNpdKuiPaWg6w2D3xlqLkKkcSDwCM8Z4Tb3NaIGkd8gh2+ J2V027GZilLJrM8LIs/jwkctpm3PUEa7esX3sVqnk2EYFq9wrZEf995RtZLTAMHnNm iq6XmbPf6oFV96R7bjs+vJNUhtQQfKD3LGup0eqxgF7wZ1/hcR4tWnGoDrr7kiUIQ2 2bEYAYzMWlqLseUHQhzcdqL5DzmAf7KHqk9ljXbR6UOMi7ZiGXXGHQTd2/Kp1aOLWR 8Wd+QedKXia3A== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:14 +0100 Subject: [PATCH v2 27/35] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-27-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKvOKzZt/3RtZMYZPIxgGH/vxVptXxxrSB7qESE uisUIA6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yrwAKCRAk1otyXVSH0DE8B/ 0RsbllIrmgF0TpXtVH7dWcBHmj49n2K3ymmrVqCF/PPyoCh20RLlpVhuD7BOKIYx6i9IlhfBKGeAXm Pc6Nhyh2F7J5tk9gfCc92uZI9IUcfV9FXLEUngLY7r0XBzsCqiVcvc3h1uP6vIoPgoBE7HlCbjh2U1 Iutb8bvf9hs8pj+oXCPaoEITQGFhcL90ldexuMH2Uh0KjGE+tDhm9jSFtpDxSxWsABdcmASbm0YJhe Ppt4a+zNNj7yjDytgzztjfTq52LWsEXgqXmj76le3k5uoImU5aJ6PKVdg7q0xm0Zy1DJqFAjWkGwY1 MlTkxab2Wu0Uwc3w+V5v8GkeOWQ5u9 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: DFAB1100010 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: zbxu5j6qyey1rhsjn4iodkyo386oigau X-HE-Tag: 1690202992-558195 X-HE-Meta: U2FsdGVkX1997+BDCC75wKbT1nSQVr6uBO1d8K4vVtjrw1aHlXFh3F4zpV4LfGFcaxIOS/F7rlm2+TRjXb4wZsrem5npB2j7pZLuQjvc9RtkVPFDRZhzq0ObHZpwm8HsI5eNvgaOwFzL+asql5TiX/TjMwdp9PRTLr75kQZrjljZoJjVbSkVdmZcs7OMASGQRIUyPgPKWNxEfKDCpkLT45OCuZUWk/+e1F9YCqicuL2pWzNfQKCpy7bcB9KE2zn2fdK6tKe0aKmGNiYMf1GpWl2X0g4JnG5lwaxCBigxNL7ToLdsGSJvTNL2zkUaLmxfuJQePff/XZ/elmWe6TauBQMOdIoXWO2sUCL/NjxjTwLDpxrCucPOOEWJzMFDAOmcDrhBc5AFO4VImxsqygX06ktFGva31tg/SSzl2pNF/zg5VrgsCPt0eORq4yqFb8TYoK7Ud3/eyPMI2HnA/mvKHYEvih8oWIdF1Xtgwat2sDHb4LhQdYIO4kPrgHsNr/BAFoxXcbvhl4KuDZYQWUMN6cKVoTyQOrkVT1TFNjpyenla/nvU1+fQiFJslQ2iddi2eHP7C/umRRwNKWhtLuCeaK1LCLxoFxEeJwcr3QFaxicCimMy16qN8x5XP3iSovrJcjUXmVbhLLRzB4GLd2Zi9KFb8YpCRhKG6bLnJWsD5mI6dvIzp+zVgzB3kR37YBh1LFmD/TCAb4DRuYRmJoXMq9XqHgpM8O2viyvY2yllX4Z+UeCHZb3KtmWxtUFwTHZ86LTtJoUNNMXgsaGFFc1h2wTEjqe4XqiJWicthA2GEbPx47Jr7gJhXPgZKV8IkeLeoe+bHS69arGeYqn3b2xzSs06AZ0zZ4iOhkaG63/M6vKbcKT8dW7XOkjgEQZTlymWyAt+eU3tUUSdZkkhLb3PUiYDn4Et6Agw0c8fDBqnvagNnF7h8Frpih5LKBt5aB9K5DUiOZVw2OfuYcBmSXK h85KkTxR hoVIeM7mGmKgPbA9yZmDRvA69Hw1psqC0BJB8L5bkSoQM3NHMOXjei6lbCDuFC36sZopaA6ifMXsy2/ocOS915sakl2VPWz8HkUpY8TxYSDD9fAZbJJXprV/AdQsownuzEMxUzO8VayRbKsLCRJM6wMvWonG9pnarevlblS8cqT3rkDDQevcvYrFCO7YVqbVrXfnNuCzAfGawjnYQMYRtsG2s1Q+czu53D7Fj1wTm4nrW5/MpAY/FwkEg7a4Xylc39CiicKgZEuEQ662UK3AewFM4mBkETyyplfUJFBEyGG+JYkyF6YoTw5Cz8R9pMOSgFZpagbRzS0EOtdzA/GbxvqPQz9PY0J89yKDRybLgsXcdIq/oGsAipI1eXxJCDOrksZaj/LnwIhiHJDkTR0c1ylqNZF0qmU/RetB0uOHGtnIAfkk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Mon Jul 24 12:46:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324648 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D348FC0015E for ; Mon, 24 Jul 2023 12:50:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7C8D58E0002; Mon, 24 Jul 2023 08:50:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A06C900002; Mon, 24 Jul 2023 08:50:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 68F0D8E0002; Mon, 24 Jul 2023 08:50:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 59339900002 for ; Mon, 24 Jul 2023 08:50:01 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id F074D12083F for ; Mon, 24 Jul 2023 12:50:00 +0000 (UTC) X-FDA: 81046487760.15.832A97F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id B6A6DC0019 for ; Mon, 24 Jul 2023 12:49:58 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=IUoZTFyt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690202998; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dq+jcN5GMg5Lle2kiMLPNS24YEsjylZTVcQUjBnRNs0=; b=MfCYkm3vAWbAIo2F1NnRvNoJrlzSJb6dWqkEKtVagqNGeMyPra/vxvfP3gkm7YdZdfX17e q3RHBHwx6hqsddXDe5sCwSiAaZEBTKa5dba+ADfakV3ojpJKQReRq1n56/9UPZ6g85unJm 9OadV89mYoBQ19RzAXwvOcqmbFHRtYQ= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=IUoZTFyt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690202998; a=rsa-sha256; cv=none; b=ipPUMQz8jg25YYw5VkC0HJq7MZvij+c8ol9CgxTIsU0pqOiCuuZAb614lzb5OEfOXSi1qs 2J0bapKAuIRhMCAg56HInjhswd8+89VzfrEBdGvG0gyBiYsf3+Gcp5BZkM+qvGEity+TdC wZfN9KsX87US94S7J0Y+KOjyj//MmAk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 07FEC61154; Mon, 24 Jul 2023 12:49:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 01DD1C433D9; Mon, 24 Jul 2023 12:49:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690202997; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=IUoZTFytVGL4xL7IhIxdg1nWec1xqYOM3rC8hP5r7Ed3fjKC6Epo6KgMdnaCGtZRE /1Ia7SCVFhMN7008WtWRIVVIQewdoaH/kLojOC/4B8CeSMYhg/9WvHvzEdZDrdNhM/ ZppJfgvJmeUYCboPphugV+Qc4zfN8d7SrKHz4Pgm039wTNQ83NIiKGqlB6w5BrY+lP SS2KPsG6UsSf4E9abb94zbB5S3eFhHqLBXDRN4l1suiGEkxttzaapRbGn+YCasRGel bGdb5JDjalsMIDleYixTH358UfPeKiW43FfZDzuafowTWjq5JJq1F7TpsimiGwZP2b fbtQWo91n0esg== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:15 +0100 Subject: [PATCH v2 28/35] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-28-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKw/Lzy9vRLhQ0v13Z2E1an+ZYJFNFtfGDMR5qc 2iz7nAKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ysAAKCRAk1otyXVSH0Dv/B/ 9z12rHapBgNvwTFstRW+LvaYq4zIFOeh7QfQsNxWufo6IybVnbM+Hvd0mXm4AjTv/BSluOomrarAEr m3sxqGmEoeUCUnwYUab6uGpkjrUOG0c4Vow9UuK4BDQ8IsGg63BT2nP+T+DQEIBN+MzYp4BF6e9yBS sqqcXKNecviuKIdE0tlR3/D6YYzJKwPOqJDLOvrrA6DsmD9JDj/p4NQEjt95ikt6ivRQ70L32KKP0D /hduQnIfCgJZ3Z+IR33Z2xIrkZUkqbaUXnvXzYMwAGdpajGCshPQve1wb+BzsV4pXBkDDGv2EFXYLv KFvvodUxTwYEQrCmkpjw9Sl04yI9WO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B6A6DC0019 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: cmgi13xdi8p3xm555d9q4fw3npjfpkwx X-HE-Tag: 1690202998-897942 X-HE-Meta: U2FsdGVkX19R+zHCwG36CPOvT66q87ZWtn3WhfMCgIJEOCMKvkw5MDv9D70i02tcOYYbXY8orDZSDvManG93qpoT5Pda8FOm2q+S8RSySOAXV0KWYS/30tXyy+iF1F2XDRINC56RhdS0HBMYVCH4UrT78HTqP6Bb0sO5Nda7DsbCjKM2xCYcUgss4DuS4YwqC2cO0RPRXCFV2ksvpCSdwWfwpOJ/rv9C/7BSDDRadijxLSvyV/qcdmCj4JpKYMgBLn+mF64McszzaOAJtyeaE436lqTZtJ/Zl1ubZoLOmEM8K2Oaru5Yas6jzFDuJeEE5Cm7sLwfyUxtYnSSNXetzYdzZ0sZhj4toKoKvcQ3EcXDpRa1gDklmZGjt/9T2G4c3YxNGvbZGlcnR5oAShvUR6M5OKEJUfs+osYu9MiyOB1/jqKXnmaGvBvx1uA/Bq4wIR/bU4Vh5QmKy8781YFS3WFsTjBsUcd8QZ3i4ycYaX72duCx/yFbm6K4Hb1KzfP8OREGmMaHCfyY/7nBBwooLvu2tu9WwVpm1K4A7Edhe4CffFeVJmrO5VJyerFKeAHJ49QiBDDOSSipEz+sUCq5X4W1kvdzpp1bf70cOIJBRVtGrPhGS0Yv9fxTpjllyjRg63SzvuiraHGZ3uxBz+386FBzTsf5d14CfxW0C8Ldy9QEkxH5BR8kB+GAIR671hh1ALCLqT59Ypv3vP33gZ0DSDGs5PQBd2npQlTMctTNPrs9fpR4zWtHPEi68iMeBIwlGIcJCpt0WIkxhWCmO3SZdwhuedHTcEMD6rFhdxDVidAd+YKGlsDeWLBrSpQdgKIpd8XJikSRRJSQjPG76VIGsec2fwWwP7q5h+W+7d6CfiI6p6F31y5uHlmgT7cB0nYsGDesAkT8o0qosiU7xEqrxWJM0v4IU7obt4CZrD2oR7Pne5qmHoK72UImOaJs5MYKwbGWvTXAfnIe9mugN6e Jl6GcTr0 9sSr+EOaLiAzk4UsXrQEr9dGPABNdD8YU1wI/xUUHAZvT7dEzpruA0OyRzSMUEa0vxORV9Gjxheh33qCScY4uM9bMZP0AJTK4GMZKbdR95qnFgjolnOU9UosJp96bsVPea3aq94fIyPd4Wno9hD4qRkkU+J2mHQln0moP32SzAUlv5fXWq5/eNSdtlRXoDLCwYrzCbvxUSwYKf6zYKRPM6xCyGrmTQ+b8cP+2IeJXYGi9hueP/Dn/rpmW8c906a3ALaAg3KFUjnZA+xcnCAIpSsmJUb63XayhD2+JgCvO5NOUo/912sNkvNtxU/kQ3mMZ/trXF438iKYxX9JXxRIGMcYp3WnhLOQL3f0vrNOgkdLHc49ZBP3c8aHiTtZO1/jOdgiShYSZWWn/a9fJS5VpUzsipLUNCCW7u4AWWojtqJtY7Zw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Mon Jul 24 12:46:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324649 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5946BC0015E for ; Mon, 24 Jul 2023 12:50:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ECD6A900003; Mon, 24 Jul 2023 08:50:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E7DC4900002; Mon, 24 Jul 2023 08:50:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D6CDE900003; Mon, 24 Jul 2023 08:50:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id C77AF900002 for ; Mon, 24 Jul 2023 08:50:07 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 7B4521C998F for ; Mon, 24 Jul 2023 12:50:07 +0000 (UTC) X-FDA: 81046488054.12.DF2A1B4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 88959140015 for ; Mon, 24 Jul 2023 12:50:05 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vPogTPE7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203005; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; b=x25u4GlEiP44KBWeG1k1YBRwnlGNRMkCr3C5TLH7kQbHnKJ2faE8hNMhaSJdu0XyBuc+VJ FAwPs+bHkXZxzLUmwC/sj2R+mtkpghaGqAk/U+0eJNpER6u0gQahYSz32fYkot2xzA3/xY wzoemPrdob0kRzyp41FHSk9zt+7D70I= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vPogTPE7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203005; a=rsa-sha256; cv=none; b=qXbVom/S5X/o4q9VHPvodSVeuDItpRjapQBf38aGTFkMT0tUUzzHUaskYF1vdcMnBqRRI5 fyiWv5NQwBT5KDqWo1wCYESLpxwa0XBr0zjoXTw6OdaSiNY19RFBImNhb0c1Z1/TZDu37p Ra90SiZjyRGsyDLGGIeq0E7u0wKxRwA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BDC8A61167; Mon, 24 Jul 2023 12:50:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4924BC433CA; Mon, 24 Jul 2023 12:49:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203004; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=vPogTPE7pn/eaLc1MLdLSnGzfK7e+qVHTabZTHFSfxz6HliE0BH1pG5PDlDUzuDmb beY99UheZbTiz2uERhIQDBYfxuYno+jK6SkSlbZgKa/5Z047gySjPbkHVNVy6eRKea HjBYCtZnGmA1kVDtB1kBFGMeY5yfNlYMgXnfcrsKOXkV2D4Nyb3eM5wCxbwohGye+N cYF/WAN//zkKeXtwvSJk+CJOgiZoU4a4DA787pMXlCj8EBPn89LGoATR5gS7JMCBIa z+FHiUgJNJsdia956Y2JjEf72fgjekqO/7Wou1aVuelMHGCBPsMEcNLXdpEOB7oNU7 nIHTk+dMnJ1qQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:16 +0100 Subject: [PATCH v2 29/35] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-29-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnKxCmMiMdhZ55NKopiDM0r9ZQ4wmAhmq+eZQSJj d19Q+peJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5ysQAKCRAk1otyXVSH0EVEB/ 4nxFWGm+gXQOIhXJVYuK0f3dUSAR7Bc9QE+ZgLV1xZYsUw9rdQ+FRPm8tgprWJ5tCezWNODAjchO7w RbO98ak1+XbucVtrbXPIhBwq6JR8bgzhTcFR+5eFK64P1KAIGi6KohoGJfOY5XLWfKByYrAWCEQTtY pCOdeMOkZ6juiWfUZfFOU5hOeKQSn801k7VO53fkUElSuPSLStInTIUydM3vktPmiamCjKcL0SxMHx HP9Bca0RkTIh7h5y0mFPwWn7QVGtny5W9w5YqD1/aXrng2cRBalkOKd0WNgZXNoukNJRYOfG9RTR+D gklcYUyK19lEEQGpHUtsYGtfWuoeUL X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 88959140015 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: nie5cu5rf4mrds71mfgz989hhz4beup3 X-HE-Tag: 1690203005-27113 X-HE-Meta: U2FsdGVkX1+5LFXolX9FdyxHa9kdtIKJgYouy3BzNwbIQG4i3+b3g+gs9hT4Xy8PWLYT5y2Pg0dGLWxqnfO+qRY2OeSN82qfD5YHMwQ7qk8gXiHZiDkK2ohP/Ux9k04q83ttjm0wrYU/tx5g30SeVTiPmoJ2hlHBHn6f10svi4UWYJ3fZQwUF0u0Vi2CHuehhVnAmelLaEpVA8P+/1NZjC8SRwcUkijb+jh1h6nBotvTbqTS4PFZIOyVUFBIoB4l6b/2PV7VwS8Fx79PvVBIw3pNJs6Lrvxno7d8e06TBTUScLpsbsOfEPebEqDOBGhin0ssxP/DlXBvPySXUTIN00AwcUAbKkkIBRRtZSFiZ10aEemIW/j7KT1fwuSYz9OiOWYppg/FARXXfRcJLfv7xEiaAhh94lFzSOVKEjEkoNNYCtnwrCgZqtEITyM0gAzEdUUYLJCxKnTP+npzngKM/6lzaxnubccHQKAHXq2d8pKpjDhVWcL8yZu1HIgJEZQsKuCMmCxD3nRkv0hHw3azn0eBlIEBDqwfHgiDotm/TDwfr5mmzl4dUKHDyJwfsAOfdzJVh0oNzWFttiDCPZ2c3NaXSiywxGiFMxV5JVs4Cyc0sNBVqa7xLRQCP94Zha0qo6/v5Zcv+BkB4c0S7yUBe6GWtB6pW8AjVKCc/PD5xyxtbKmhHQlhUJam0PpCRvOiift4iyKygSrJwWF0S/RYoKLLUEWC0MvcyxZGM5ZEV8+kh+m9h0oopPkAQKQxs2JJYpMJAZgCOr7qKVcORqIhpHPEx9aLcv00JvSkrvO9D0wRIB15XbDM98W7C5j6U0wFdEhWKbsWNpxp75v+gvJTXz0o5qNPx5mubKo4hRWUdkzRSzQZR3x5oQ2wmADpvswBZM/mt+ntWpVxYLw+TeWLDFNRS8M2LaExuZdQTsUgW36i1jQavNdFK4/v3KJqYVgokAHQxSagD9DfcjCi2WK DdBYp8I2 pw0dBvEukOCGQyw646Rp1nA3DmpAzY7sCGZt13heJk6xw+3JHkHq/8QzDLnDnWN1DlTxGePmIVx9EC2PGLl0lBommwRTFIzON/M7cEzxKhAzcTw3jnwhdo2a/qw+Pdi96vCiw4m4v/719mo903z12tshlM9+Z4VK/jXxu6QVHTt2pzPSvzsbAqGgp2Bx2v/+OBQLT1lEs1WegeMXov+blOq8X0zzltbRv6CsAbqcXgAaSe9Cby2Z7U6pBu4FmgQSpCRNpM/fKLmijdvCFCznFj55qKCBaAV83WcAPl30S0nOq+qyj2Sn/yLDvtqxKPll7i4vCm7PLBHhqkfBye71MGTq0A6pefN3q1MZk6YjmlbuWiO0EpEqnTUKKAvmLz+UmXnH3GWarw1z/poemhbSEwgqiCLErUZim2bLHBX3F46Qzi9aOPKzS+p8JDzxRBZ6Vxd4E8+Bqtslfwhq7R435M8x/UQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Mon Jul 24 12:46:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324650 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38BB8C04A94 for ; Mon, 24 Jul 2023 12:50:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B4CD0900004; Mon, 24 Jul 2023 08:50:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AFBBD900002; Mon, 24 Jul 2023 08:50:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C3B1900004; Mon, 24 Jul 2023 08:50:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8D692900002 for ; Mon, 24 Jul 2023 08:50:14 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 669168097C for ; Mon, 24 Jul 2023 12:50:14 +0000 (UTC) X-FDA: 81046488348.28.842F449 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 6983E4000F for ; Mon, 24 Jul 2023 12:50:12 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uAvnRHpr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203012; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nDVR3fn2xd0MNSzIh34zJUX6KbyaSvUYB+1ILixlbyQ=; b=gL06B+NH9T4sVd0p6KcEBaRqb5JetBkv5DLJi0aMpgxIkG512SRDR+xTWrChqkZic/HupG 2wzaRDL+/oevHHT/B+pUoQYe9eWQTzGEFsth1CjCkGoW/kNwuu2Q8cKK2ev74g/aLoiF7M fIJZxBtFmuh/z3S3n+bRpEXIaywnZww= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uAvnRHpr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203012; a=rsa-sha256; cv=none; b=NB0e2tU5SMg9nLDOshm/Wa1g2hAI/i4lDdcXDypv9S2KM9Ju1leV3X6KUdBWdpFOrbeA27 nvyHUn8LzeC8awM3ahSNX6J7M1jeUrHhYmumx1cXgm1PYbRNATxU69oKCK5NnZgoo6Clt1 32Y1xX3H7LhtcQKs67z1zgXo1j/glpI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8BC0D6113C; Mon, 24 Jul 2023 12:50:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 99FACC43391; Mon, 24 Jul 2023 12:50:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203011; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uAvnRHprExm4rHtwFtNZqCW2nNBMYLh6iJY1+IZfHvOwHzMsr5Im673ImNRnxclXp KkD1zAeNnpM+Qko7Dpk+qMYTpceQ3rTt/gP8MXX/MVHhRWrq4+O7LGcOzIJzuB3jL6 TXym3xrMX03wrjHPfM9JN2g+DXk3H/6hRlTgKnx0Ze7iQAIvDuHPw+aA2PyzhnwxPy OvxMPY//pg5m4QnRgw9y6zYMO8X7B8r4CBOkPUqkwDdjgOs1JEOEBDcomGC3L2ts/y D4MCYMPPhM1SOhi25AE11qQoMDdAAd3dSIoePSoXLsKZCLFwV+2we6aWVQFe2Ic9u0 nui/HMjfMEZMQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:17 +0100 Subject: [PATCH v2 30/35] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-30-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK45+pzq1hMYh7vNBEddQXBP/Zib2wAsrLN39VS 4uKPDWaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yuAAKCRAk1otyXVSH0ONQB/ 9hD5i8L4J/RyK5GDvEKXhoT30mkQIEm2V1R8pAGD+HB+o7qJo2L/7vKRam8n914cShaH/Ki+POidad gYBZdQyFp4eOLGY85E9KNi/4x5F6kvV0jBD1EM4KErzrZE4r+HWDJ4QFiXL2wJNCR38NAvMIPJjpwC dSAecumgA73NDEeH/9kmTuh9bVOwwyVzSEudn2VEA59fcXevqmHhpUod5aisb/rAMNwg18z+ueXAgT JIO3d0PznDq3/xOBAdUusU/2mnBky3EiseJS6QHoUORpCSjnryyuS9f7QuZQUQ5QWALD/PRthFZHja 7MyRuPdnX9R2cOElJYdbu3NANETYWh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: fuonksbbwftc9114unj57k9u77g61etq X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 6983E4000F X-HE-Tag: 1690203012-398327 X-HE-Meta: U2FsdGVkX1/u3FfB9wfSiNyjSb08MGjNOgjJeuaR36/uxpyft9eziiMWPkN0HlyC3ujAqpCD7YVWc7sv0WSvdtdKUZC/+Gha4oaIJQFkeDJMzScmqot8s1MI5ZvPSofMB5tcXS1wg8r9pDAiyV6EkXFL7ERBWJ6qXA1O2S6FP7Mw3BYlBPktwZ+ZiWL8NaKMxm17MPgTnUbeD5c3oazxeGJfaDz9XZWqE6s51u+PoRWYuEcZDetDZVKkgNmJRdge+lrhTk+q8IfWflJpxneu9jPvJeuxmedzEyPBLISI9UxZkRQ4wyFuuc3WZa3ze6b3tnslTZD05bQcDG34Wj0V1gKgIp78uklWn7OEMbQRcB8jmaENIma42ZStCPJ0UPFG39amjWTM7Wz+3AFWuq9i6yq7o9nxF3VAY8FzRa5jzfka0o2YtfPkTIHVtzMFi08IEG47JVL2qboM8msp25OC7uP3XyliYZFJBKcbmUJbVEmtaOiOYpNfeFJUByG14379bslwpJt4hPuz9KEMcGeO7NRE10DDWH7lC0FrQNd1f43XfUTvE3AvjXlmtt40XepJr7LOx7/1SgkKkaRjxmlgsOJYG9wWqyyMwS0eoWD648MYQ8fV4Cpk8619d7ln7ctXW4YFjmRCt8F9S0DwrJbsgk190+4K3U18TAfrq2sMtHcbno9SH3Y7mYcSwq5cU6MHtcC3bXG02vEcGcNu2IEhl0uTc2Ek6UDlL06qvbXX/63lraP0juke7GBCXdzsoACqUZoB2iZb8w3BiJsQH44FSg1sb/uXiLWkTlkY6NzIROfQymrw9wNaNXi1+T9n5MGqNr/IE5PcRJJ5ePzZYh3i5GSRlRsLgG3DQ2ESpEIFMwnAhBZSGaCgAffPlwmSCqHjzqfJhm46N7dcPQmFTdksPKoTfDC9HZxOn7SKL65HTR5MMT7+lPqS6rZBFWw1NuN49ddS9B6JdN3lCjViWHU NrrVTntm 8qm/jSW6K6n62DjsoxVTKqOGLKs30ejkp5wzjvfhVgHb2AC1qQ0Dw+gkmJOj8FQvlBHETbf4wUcv/eb+tRv9EtPV2hwYUFZjgcgfbzkj7eVS9g86MJzhR0psjbUyrZ178id2XHlsRRMFwY5YpmWhF0e88Q3XBsjXh99ynRosrX2xvLkWD6XEYZieHuXAHIUxrfUu8PWrP+fs3Ou/963lEt3JG+K5FQnsR5Zr38T1nBFLisW+o9K6EguZfP/t40QqIZEC0v4s/u+BFpVZSJBhs516U1OP0N67tkz+vl2CfZELXaQdqc0jf67rUi6xPjX09eD4z/CvO8eNnBoGmm+qhM2kE0nAehQdxL72SMUIKBdFHOEZWA1sPI9vtOqyjsfh8e8tc/BM9/VpcvUjF6ZFIyBMBo3zqMHUD3LBwf1WTdnkxj7M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 222093f51b67..1cea64986baa 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -16,6 +16,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Mon Jul 24 12:46:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324651 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD4F5C001DE for ; Mon, 24 Jul 2023 12:50:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 669018E0002; Mon, 24 Jul 2023 08:50:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 619B0900002; Mon, 24 Jul 2023 08:50:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4BA768E0005; Mon, 24 Jul 2023 08:50:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 3B0008E0002 for ; Mon, 24 Jul 2023 08:50:23 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 0D732B20C8 for ; Mon, 24 Jul 2023 12:50:23 +0000 (UTC) X-FDA: 81046488726.14.FC4A296 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 1EE6314000B for ; Mon, 24 Jul 2023 12:50:20 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FxXy0+nf; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203021; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LPEExQ1Qk1Ez728TN65UkW7spefPs4z4cACz+EcOj8w=; b=Q9gXeeV1DKfJ5ywjJLjICqUbkKK3snlqYTGjSOzSUgAzKfr2hCtOuPNLTTbQEwc8p6rK4e DmBQdZyJj17r/krMGxVVB+dUTEJRxLRu9GBwPYxuMUDmBTeJpfIsuv7cs+G4//b9RWcPK1 zH1EBMK9ABCKOD0WPcXCTdySd1Wg66E= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=FxXy0+nf; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203021; a=rsa-sha256; cv=none; b=WPzTDoQgLAr38XF30zTo0Bvv7RBd30oIWA0zzEV21fgl8KH9GXStGuyflAvbLOSMAXFVME Rf30uxcTeNTVkqqChb2tdZuIKuLYzHJ36pH/96IDgmGz5bGFmKQGKcEaoB6neRM+h9Qp/j /4+JqlrDp/Lrl/LngNiEwckAq4YMIAo= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5B7B461159; Mon, 24 Jul 2023 12:50:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AE19AC433C7; Mon, 24 Jul 2023 12:50:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203019; bh=PDX/i4+fFmNinWArKmgCBD81AP/VqydBiUWqO2kyXWw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FxXy0+nfT98Opbzb3MyUz+BtkZmXTeyXRJBFJBXZkGEq+pk6x+ro/XAqRU7rCNNhV jykXMa4Wd9kYUX9NumwRN5uaaTjeC2hLJ5WuMdplRumE+1B5LHQRHf7f9Lli1lf4UL cu6vcjah6gv/CW4ZE8Sa+r9D4za1sOn8HbRe8KFK/mqmwLDmZSIvSJES2tOx6oS97V wzTydx8cwMAOnN36ErUWRfTKLRMbv8tRtP9Sglv8nKUodVto8j0l3NCMzLviyhBMby NPEFlXjK+od4N8fqavmgy/b7QziLMZSallylKi97pQUuQeIwheKB2CFlI8WGeevHhA 3PdTg6toJoh7Q== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:18 +0100 Subject: [PATCH v2 31/35] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-31-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=12863; i=broonie@kernel.org; h=from:subject:message-id; bh=PDX/i4+fFmNinWArKmgCBD81AP/VqydBiUWqO2kyXWw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK5s4F26dClHtsRv7gKsv/4cmzaQ4WjiEO4cN26 f87F5UOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yuQAKCRAk1otyXVSH0CBOB/ 9HDBmt9W+5APBJ6ecYRNvR8/bjOgN50IN3Sr93T9CgULfi0fI8E8mWb/wHwsUFJ74StiLlcPAuGpP4 2Sf6kyqk0wz06Qc7Wu8KvGD0OI7ZGFSVRnKQqqrKC2HekLvpLl5TtOLGJqw11w+WZdOV76mBYFO9D5 FIs2JRfn5agF2cmNG4FbLSVyJh1i1dxr/M5R4wBilTaBQZ2n9peMk9I61mRkwC8Os+eH+1wVEKvJJ/ ALvzm5DTOfuAcNewuonFo+USnzWulLigGPOlNsEelVH3EqkEsBO5KP6wAifURsL++5p1ym4MwD4TPQ 3zHJk0jEGFmB1Oynwj+kMTGZs60Xoh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 1EE6314000B X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 5az1qwpktkrmwykxq5ecmt8az61hfnwa X-HE-Tag: 1690203020-697732 X-HE-Meta: U2FsdGVkX1/T4RJNBJlanYL8e3o0JFvIyyY768fv4A1RgAuXYoDvv95TQUY/RqHvNJ2UTQUJdftU8YfMrGm03hqNr6OpZ1CuXtKoMz/4eng/Z1toQPg8IytmCrzO1ytKs/U52NXSTB79uV33C/tbBHOcRx3p0z1ou8L7mvTliiFLy4tAuNv8cTDWOdrNK4h9/fJBaQF/2HxCyLYwT9lIxEcecV1TF07Ld+gqxtYdOjUMUbR0iHYdwFwQKV+pLw6ToSdUdaDXqwt/OwgpuGGo5cDBDViNtw9A5shFJEMYEG+D/DvU6VkUaaRSdaIZxjtblDaUN3Yq+wW+EaMyrdVycg26n88LSuxRQMP23z4+KhvgdXhW1rEdiZLrx1w1d+VfgK+sLJB6h6NkMhX2Kshnokta+eYJa1GE2yix+cACNuh6AB/UX1qxfAzYfyaU/TEstTOqcnis3v+o3KfndZtrWEfCjhDvYmk0LKt6rnoWLvPhGe5QcVqBhJTgrTIgZWdL/dFwyVoocakcLz3SeI+LCa3Jn7ubRj/Wyvfo4SVyqzxSFGXnDEnQhhEIBS45e8ZviJ2a5cDZ1ET9giVA47w0WHApApXKLSgjTuTxOKZGEl/W9uTGpkXZfc8LyKkh9okwSlTi2b/z118o8tjR94JjM4WkgTmPQRgxNtfvU8TGJc799eCaarfnHw3SAThgQPanISHfsb0UDQG+LyaKFITtQvy6HW+Y89cOJ9dXzU1Ke4Cd642sY+jQ3ldyG1BIbAvJRp95SqIvEo6YFeOvkCqyqgIY6qmnXhZV0aVTFQxoyU+kYtZFJ/KWg9Byf3NVbTVWTZhEroHVH/8osF5z2lJmVajLzlNqEEjj3eDGE6ElvD8AFu/JWUPzVnPhHeTpS8oeaugzGuczdjHxF/iSXHS8ja0GLs7SIxaJCV/1sR0NVg4sLIXKqIJh2cn47vAKguCPllpTtR32aiYj17i+Wnv pfq0AqVr a8IsR4dgAWmhkY02DbiZhCg6wj0fp2qGzvkrIbMCYPuu7hDpwBiwuihulm1kAvySMKZqvvx30bdjIJNdxSph+gHQit8dfQNKgkUgjbIYWXrMVz3aFSEKj07ZxcXhhMrQievfwLE7L4qNOdqGBkZMFbJvx+dRt/0CAFp7iTIT10oN/TGrPP5OMtCb5lGV06yIhzV2t6tF3V5nP9+XtpPZdHcfW/i7jMLDc8FEHEXhkWu5xfsvq/NCbTX5N/lErjfsws1d7zt90N2xCIfztQfusOoUd2HuaGJhedmxu9rY2iZrfPKm21W240+eihIXq7oPvFtezukad/VqWedCIrDa30nHgQc5SE306MFNNe4QY5s59cEelZ5kJy00Z+Rbhg+U4dD7EBT8p6lQFrOuWP+7SWGGxwyNl7jMKkrAUYzlf836pbuQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 17 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 351 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 87 +++++++ 5 files changed, 457 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index ace8b67fb22d..66877a879a9d 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..322c40d25f2e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..625258e00302 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,351 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, 0); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..c517f1a710c5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Mon Jul 24 12:46:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324652 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D26BC001B0 for ; Mon, 24 Jul 2023 12:50:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9C4C6900005; Mon, 24 Jul 2023 08:50:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9753E900002; Mon, 24 Jul 2023 08:50:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83D5F900005; Mon, 24 Jul 2023 08:50:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 72762900002 for ; Mon, 24 Jul 2023 08:50:29 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2D0EF40AF2 for ; Mon, 24 Jul 2023 12:50:29 +0000 (UTC) X-FDA: 81046488978.17.2AC6359 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf05.hostedemail.com (Postfix) with ESMTP id 38ED1100020 for ; Mon, 24 Jul 2023 12:50:26 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mz3HkUEN; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203027; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tCFRg+ZIYUcen1CD6PU8a86NKeLxUh5MmXklL+xwqbI=; b=FGiMgPsnpn9zyfiPA34RdUJbRoRtItmNKxFolsuwXXnAjNs71GEqwaaUpG9y2FeedD9YZa xi/X33ci2y7rwIpB+eBGaTvWDMu/eQ9yOxQ+WOzdZvHjzvxi380pegKKo2OdjKL0ECXP4b F/RbK5aM01Ppz1UjRSCT2UjIbTy7VbY= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mz3HkUEN; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203027; a=rsa-sha256; cv=none; b=VcdwSazl+3WgAR/E/NbVzEd1lkrchZIVIZHoT3HBq1bPME17QfJpYlQVeQsKPf56eb42ES wMIgQ++XhUo8ppu8Squ3jT0qRpIyPvGgCgy6rw0KAHIN+5liI3FO3UkCLAzy2B9ff5TKVQ wB7tasIPFyi6/QOSi6FjhLjTRPfZrGI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 637C16115A; Mon, 24 Jul 2023 12:50:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3A6A3C433CA; Mon, 24 Jul 2023 12:50:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203026; bh=PGgvfGg3CbAIFUY7UKf17SduiHxpyL2+GpkRD9S3PBY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mz3HkUENP82a2uiM0ilrJGrcUpaNz6xm/4VoSVEpuYtbKvuIEpDHao8KaCqcFf2kH LD9Yo7TmlXVO8tt3eLkhGnG1PllcStU+D4oODPDeIDzcyV+zpGcZfqYsychysG0mDb Uq+tR8PKITKi6VRVs/OYGj3hhYR8oz+CTZ8R962yYUSQgK12t2qhKMVTzoExvEkTNS VSLATh8Gq+Su8MrcxllblGf9NL626tiKX15vOuD+rOwyJ3tSefZa4rvp+xgJIdh/l3 fEw8CwDNargPClIGT8jvfhCeZR91jb/GQdwZx+2oHLVWmNTNuDk8g8Ai6BedGAs8Vz qAxPIGDiFTTKw== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:19 +0100 Subject: [PATCH v2 32/35] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-32-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=12527; i=broonie@kernel.org; h=from:subject:message-id; bh=PGgvfGg3CbAIFUY7UKf17SduiHxpyL2+GpkRD9S3PBY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK6w0JqyE8vbqgNGOXcOZKvvZrvkv5WmV5g8j6D 1HuNG6+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yugAKCRAk1otyXVSH0NvCB/ kB//SImwv2KpTaAU80mJ/gTWkyAfL8kqWgUZaOLCeqMDvYPM03+EmQVAR2NvOk4JIUPZ2ENmz12MWN zGFOUKQtQr65TY5YXRPBIDxYHAOziOvNiYpWlz0vruaVxIxKWpxltifJ5tr7HRvZ2mFHZ0u6bCIhhR ff/FEI8w1WMtKxFvi1Ao0EQQJk697q8uSY/xbEKoYdnMNnuAfm75sozzvg5pn93LHwT97rVIIFjAGd C4PQhqNihCNiL/VzbqXtKVxgESKhPCmbrJZ0QfRvhRa7+esM5N5PqrdRRbfRhT6tkdHcYF8dzd9HDZ SbI0CfScbtwWKzHo7OeUHyQEOmrQPE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 38ED1100020 X-Rspam-User: X-Stat-Signature: 83p8poxiej445dh5tmkc4yimjeejhjuo X-Rspamd-Server: rspam01 X-HE-Tag: 1690203026-360276 X-HE-Meta: U2FsdGVkX19hO1F6usK2xj5rViiT3bdubFJNl3c55RK8anoC5pgwhuVTqr1t5IkDHa0y1q+EooryLObYVCHtbHZvIxYbeQ45j0kNs2i3mHgxkSZXinVNL0Off6pvwdkVZk/P1l4bIQDIcnM/hb5JHGeGv1rs3UZLtZKJE034P+DuYK+d1p5+1xmL4IYDH1YnSyr8TjvSonuhrAOQWVin3+ETZKhoDARZmW9RYtcjgz3PCHygGzomqi3XzvFhJlSwUGLI2cxw4ZO4p4xMIgaF/LBoMwYB2MppqsjVH/HlCE62zE+9YDNwtVhGMr6rKT+dTjnj7nm/klFBQAflxUkPy4LLljyXQDsicrEKm5zTBYCV+IaeOxEz/uq2fX2WXYPQOrXmKEiqqmp1Oq7gbzKOCMc3WliBa9J0Nc21NFZzCqFiGxKuHEdhdI/BNHACNQ0ikf/z+3SL3d0qaE68F+vwNn/xi9aRLID8lJ5ZKD2Nx498OekS88A9icbsx84I0o+aQ11ElmnqJSRYjv3+eArG5ch4gHfQywJx/8pst94/+Gosn+slH3bh2U/jJrpeonShhXYXn0WNc3DJzwEGki7RtnsrcLWNwE63ZrPuJZ6NRAxaJrTN/vZAM1YBy7PT14fsEs4rp0cH5PTw5zPbWDOcsr/NrUGaiSrXXTc62rvfcoK6KzxAEYrnyZduriTcZhBy34h3oLZV/Jy+IkyD9gOnH41uD6WUOgZDcS8RRwGODLuL6FRarqpvUVmQ53PSNvQ2eho/YuBjymKssdqskFxyXUk2SMpNjEiBI8C/YWmKnf5MXdcBC90dx48PytuJ4Gv68DM7K46kpRpzreINFdt/kYAtWm3GuVey+lETJtTs9Q/SmsdAqyH7OaS1jhcBl+N/aaPiGYqfBij5VLniLK8fxP8RWddOC9u2zNIUAlKPFtQtN17soqW3OuXjLt6NJFbvuXzUg02YjQ/KJJGqQCq Z6YytaYI Z3Q2Q/iBx3baPmy124aJOsuODzWB8KJ8yoVo+7+hyPza69YpOATeo7/oS5IquJASla9eW6E7AOb4wk3sTVJSeTDpl7viPPTnFwuiumjoevNdVeSgUFzuVmTfAOPxFsCo7Ou5EtBpwA6JqFe5O7JUZLEdBJsD2tw9+r0uxfylO+yJmm52/I56f1IeAN46QMiuQpwbVc1CqoyHjUFoxHO0Pe8no2kRjDAdAJ2TRz/pPVZ7YUzY+sjwa/9HOsO0/8dON0CxJlxOgRkleSE09V1MF+JxLQmNL2UK+qR8ajcGRff7q4A17/BHzhJSLM4LqMtDEEEaw8pPz0gmWzCFFkRKRh22JnlumqBDEeyR4EwSvboH4RLEANSHUwgIVj1HEvXyhpMH7mBGnzVOjoE+xu5Z85ST77FgSpwOV9t4Bx4DNuqZ2kRU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/libc-gcs.c | 372 +++++++++++++++++++++++++++ 3 files changed, 376 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 322c40d25f2e..31fbd3a6bf27 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..a8f58b9c3f4d --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,372 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static __attribute__((noinline)) void gcs_recurse(int depth) +{ + register long _depth __asm__ ("x0") = depth; + + /* No compiler optimisations for us! */ + __asm__ volatile ( + "stp x29, x30, [sp, #-16]!\n" + "mov x29, sp\n" + "cmp x0, 0\n" + "beq 1f\n" + "sub x0, x0, 1\n" + "bl gcs_recurse\n" + "1: ldp x29, x30, [sp], #16\n" + : + : "r"(_depth) + : "memory", "cc"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() < + (unsigned long)self->stack + variant->stack_size); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* We should be able to use all but 2 slots of the new stack */ + gcs_recurse((variant->stack_size / sizeof(uint64_t)) - 2); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + int recurse; + + /* Skip over the stack terminator and point at the cap */ + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() < + (unsigned long)self->stack + variant->stack_size); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* Now try to recurse, we should fault doing this. */ + recurse = (variant->stack_size / sizeof(uint64_t)) - 1; + ksft_print_msg("Recursing %d levels...\n", recurse); + gcs_recurse(recurse); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 16, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_8) { .stack_size = 1024 + 8 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_9) { .stack_size = 1024 + 9 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_10) { .stack_size = 1024 + 10 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_11) { .stack_size = 1024 + 11 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_12) { .stack_size = 1024 + 12 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_13) { .stack_size = 1024 + 13 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_14) { .stack_size = 1024 + 14 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_15) { .stack_size = 1024 + 15 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Mon Jul 24 12:46:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324653 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83ABDC001DE for ; Mon, 24 Jul 2023 12:50:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 24AE7900006; Mon, 24 Jul 2023 08:50:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1FB4B900002; Mon, 24 Jul 2023 08:50:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0C396900006; Mon, 24 Jul 2023 08:50:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 00388900002 for ; Mon, 24 Jul 2023 08:50:35 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A5DBC80A33 for ; Mon, 24 Jul 2023 12:50:35 +0000 (UTC) X-FDA: 81046489230.16.7C83488 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id AA5E64001A for ; Mon, 24 Jul 2023 12:50:33 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZKj1YYEo; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203033; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XJbY1bFU7w0cPaQF6eYkdTRefgro7AfSI1KvzwfLPNE=; b=SWKOTGTxWJdo4kw/uMwEtAA0Sd2O3qU1edmJpDs1f+SjbELo2EPRiKmwB/FBdi27LJkPXP 24TyJTOmtclY3tX+AgaDq1829cmASVefbrOQnjn+dC/nulw5z87JfcLh2o+kwl2M46Eq5L Xjb8WXAxxY8ErdOpiT62t4WB0c0LNoo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203033; a=rsa-sha256; cv=none; b=BL2ezX8VopdyZN347kWOhhBjFWoS8dHqPFYjsfYAnl4QHhCJoN49k1FWJpiVN5GHyQlYU2 d2bMXCMjJ0NqowlY0xp/798B7frLEaT7y0MaFv1hKMvCvVTU7Exrw8p9w3mNaD+jWWG7E8 z06xiCDfGBxWamJ/aN/migTbGGddxhE= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZKj1YYEo; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D9B376116A; Mon, 24 Jul 2023 12:50:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7659AC433CD; Mon, 24 Jul 2023 12:50:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203032; bh=h9bKdgMYA3yorcV7MRrWgctU4KZ0wYlnm+mQUdEZpv0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZKj1YYEoVdPc8fiwTzf0w74FCo37vXYTSCnrdcJD2+UbhrpFbSFR2OWfYVVNrcUUO LW7wLjp8wvkzyXUHlaGFt0RHzK2JVuMIT0xeoytqKKSMvgzfHxCNoS7BKEv4om9gKj g7iikWD0MJilgs2FcZxhgLP3NanFBY47WDrLkrdNGLKoY0IrlB6I49P84S2zzTo/wo iavhCbwftdOujha/hl6W+Aqga6/uZKtKEx1DlSf0MNCeGXzB4xyh9OXmG9RqRdQ2Xn 03PGnCiQ3YhevMR1SJrsVraIp8HEHRY1ODwTEOD+ITWyEBMWXe2z7PmIk9OnMh62WG 1xwss/vOJgUQA== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:20 +0100 Subject: [PATCH v2 33/35] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-33-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=h9bKdgMYA3yorcV7MRrWgctU4KZ0wYlnm+mQUdEZpv0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK6f0LijlTKL84z+30hoEFVoLTAGbO13aFzceqb oKvKnmSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yugAKCRAk1otyXVSH0FkAB/ 49tfu91qRtZp3kO9rWiQppU164eKhqP9Ay5nfXMf5xia1YOoD5FEWtAwYDJPdi2nKQVo++K2YUSikh a/QJ+w2LDn3o+0JPk2a531jV5kVQLVekmuSpnC6lZ5yA2KmKhiiJgK3bA6JXHVpUlR5M89cy6VHmJ5 X26TB25wojZJtvAnpSCgRXs4mudT6hUZb/PqXrrPDDgSx+hLg3rBiuWQCF0HbrQEU+p6VOjnLzj/Zp 84lF3VZiWegKOPq14Br1mVD9ZMey/cqoozhcNRQN6UQVJjjjHtzknvRisrsDMx0ueJp5ephQroRMcV I9cwWr38G37qkYc1EHRiR3VU01Dtn+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 3u77qhrqmrrurwk5fiziijq8ag85q8ym X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: AA5E64001A X-Rspam-User: X-HE-Tag: 1690203033-137677 X-HE-Meta: U2FsdGVkX1+SeGAf+tphirnj9flNgCntswGlGu/OuEaQFlwvQsPBA3HED8MLI0pywWIuaOKzinvqJcg6qIuwT8tD0kx3Dgl048w/eloFOPQIrsZwGK6N1cvNPAtJQGq7j29qx5y1GVJp6uN/9a/XzNYfIXzH/xaUaQ7SphiUAmeOKTq5tNRbZWoWm0hITndkLFbxBhvG3F+wF8a9eucXfHzB1/mnWWn6aBHlQTt9qcB4ZrTyFQi4W662zJ1ZS2tnVk+RJgh0tAPG79lAJO+923vT/fEghFd1bdbphtVm1kLV+brWV7ZheacRUynD2v3fJJRVbNZkTF/wO3rA5Byn7UaeSxljq3PxnI+/4mfi8opegkJtAv6FmVMEBsSsa/zxNi4TvO9PFmYNGtXRSn/A1xQnxk+xpLQl82MnwuahnQlbBnhV1ERSTfnT6L6HnM+nC6+btgzZDewhRRr17vsNFsgZd0dO2YcxhQMp4W3gH7EdkgWQU0EovIDcSW5FgfwC1PDysst1QGIaluX6Za2S1dfcxNBBZlEbtidJAA2dSD/OK6AaE6Wy24tfjEBaH+5pawDXzMb1aY0xb2K7T8h1xvSIUbB+bv3tfvKq9Rh7pSkpxg+e5UwKXxB2e5BQKiqQcnOBzqO8G95qlZOlhbz+1bDFYM6qpVLq2JWrdJli1B0DhQiyvd3qin+REpGK5RSLS8bx7YJVJZl7YGwpukwZEIDQCAyI/Mit8MIWVGK+fhfvdE6ljyjksUh5dEB4PxjxhsZ3rWloqcXJWtWhAOC92OKBWEFxQIuRAHY9V5EU+qZns62aH81bsuT5sM+8ogGFma6JJVnTy86saQKg0dC51fSh+nljcdKR+utWVlpvs1sZs/S7iNGsQM+vOAITi4L37x8SGkAySyf1DPzpKDiCw3odRztRYfcF/BWkz/ljijig2dZd9LyiSU41Hg6pHHBWIjbtiY3QcPbGdLP7OJW QZwNZ4at oS8G5gGLhmt9IZkhaLadERLJHIUI2cbdLVEHMhKaiaN4QlKJnYu6QO2trODiPZyX3KxrnG2t4qBW+QUxB2RC2cbhic+3cyTjw941IpTI8qfa5bJBpAiJ2wE4nDdWxRMB4KieA2Z3y4tdbgz2kxUen7rsCitvei8P2KT4t6F8fT87h2iZbqD/SU3R/Q1D/TWkxuH0DdhdmJO1As+pfqAzamKjtt3s9mX1N1GoWuIcPPsqBQqCDjunFq/1zN6N22uDrBRCfcOLq37rpzloCESEsd7dnt1JQkmnlRBrNehcwna2E26o/rdExdTlXxKABCzx5yE5Hey3c+kxJT2ieGFXw15zn8aneklwIcZidKdFwmLO5rFiXAyiX1GaoAXe7Gr3D6bnt+pvANLOTmCeucwiM/gMCC2K/SMYwlHX+5a51OMdHg4E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 31fbd3a6bf27..340c6cca6cc9 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Mon Jul 24 12:46:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324654 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 753D1C001E0 for ; Mon, 24 Jul 2023 12:50:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 160AB280001; Mon, 24 Jul 2023 08:50:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 111ED900002; Mon, 24 Jul 2023 08:50:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F1AF7280001; Mon, 24 Jul 2023 08:50:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E45A8900002 for ; Mon, 24 Jul 2023 08:50:41 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C0ECB1606AC for ; Mon, 24 Jul 2023 12:50:41 +0000 (UTC) X-FDA: 81046489482.18.4D03C96 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id E23A680022 for ; Mon, 24 Jul 2023 12:50:39 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HqFMgmGw; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203040; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jIwMC/bqbkUcFEJdr7ERJSD27N7UwacVww2kxw5A5eE=; b=1udcghFAfC3jSDlrG3bIe/HDZyyXvv129tvE/lJlEsD3UosNsv5jTpDisGOVUv3DtDQ+3k LAFiqvY4EbjokgC5QUNprYCx5bqmOWgjF/UeSwrpBZOjEMpZrJxTYwwNNSdTqsb5swCBex 7jciM3wDETuXfLazG1ikiucnhtpxrq0= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HqFMgmGw; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203040; a=rsa-sha256; cv=none; b=qtSPy6b6kcjdJh9D25um6NdzM1dkanz84BQ2ncegdZARFtQwWNH+Ia+HUv9GLs9vOL0hkx Jvwbc6E7ewHVLlYG7FKO/Efbj76lYxcp/d2b9VA/QlvGT+8/XL/qmg8RUEZMGaZJxAhwWy lIbmNXvKq8gpSPiSO1s+MxyaO+xmFN4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 19B5D61150; Mon, 24 Jul 2023 12:50:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B473AC433C9; Mon, 24 Jul 2023 12:50:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203038; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HqFMgmGwo02Xj5mxpzLLJR4LlOu6e/snjpyrmmurE9isGTmjDSDWF40fSRHqYqBga m4Y4E9JCdiDdeeTnk6XpHWuzBYUc5G4MgY5Si0/pzzMlChVsWvVY72P7hbFF85eW9T hGl0Xrjv8EguyyoxPODrBYTmhQTgsbSgZXazb6Ta5DnBV7xgJm3ROp5trYtmysd3bW XD8ZtkhPS/ram2MtieAdxreDDEN5e3My96WnVJfMVwGMiivs420ViHS6fgR6ncJ4oq fem18Oz4s+P6xE+jQt7m6jqv1ZRv2TBLfPlKqZoskZz4szmSfbXpAha2B5ltkkjCoN XyYSRGFlWuuYQ== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:21 +0100 Subject: [PATCH v2 34/35] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-34-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7313; i=broonie@kernel.org; h=from:subject:message-id; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK74I7mp+sddtwoyeHDS/wTgvV5GflHjfU6fIg2 lgijfKOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yuwAKCRAk1otyXVSH0OtcB/ 97TNCJBO0wEwBzUzF/owBpHAqVxjgy4kd2Qn3bQV1OpE2KfJjZ/FXVCI0IHBzOvpyjwjUfLVBQHmYb k6xlSJ2Gm2VPTkEdzwAM0iLlucTggdbpD73Ut/3ut380ffUe0wnpGD6m+ddd8nv0gXvlE6s2aTsACX dR4pD6kKqGRxB7QZtTqG89GfSZlp9SyUL80mn/mYsJntMntqR4zC2kmlFp0mAZQ3Anzj2jAW9PvzpT D8AhYGDp4Jl1bShnVbXleYicu9M+uwj4zh4xTpsaQl0vNq1IBPrUAaDRuiLhpTVYNWIJTnrMklIA6Y N5gGRYE1esKfabNKodVJnrOVK4h5dE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E23A680022 X-Stat-Signature: 6oed3i93xzq4ucz1751g1rc53ugkk6uw X-Rspam-User: X-HE-Tag: 1690203039-706575 X-HE-Meta: U2FsdGVkX19RWPZhamNZh1EyPaZhFq5bD6D7kN3n9PNIMe8k8FQztnYR7tf/ZzRRyO4rwfkGgdJPWCiwc0zTPMO14eafEaVfsK2v746UvYQp9xWdIMWekQ9h/5h/iyF4INopVe6VEJo9yvgffWmSDCucRf28YrNsLxbB/pSxPujL434q5M0hs49VnsMkk9+nH/b4gE/OSDEc8Uwk+V9UCJoA+t/wMAY0/DxxVHLNyIE4qX8v6JiLN5zvzFhVO0ySYkB0sP1x3rCeMa9eez6LRAyW48WwXY3He45CmTLYMo8Zayec6inrDE3a/ZH0k4/N3ZzyzbuxTcyqSUG82EzjaDEvf/U8+ofBSBIP74t0IJeV/ASOBlzjZNXSzDcjAmUBe09cDX/H7sJ7kzC8RP0coEgPidouqf1JPveulid0CCfzAU7GyM+I52tFDCwsUvWuxt2qVFVo/J03F2r7E0oewIzdQDrF93IdCU3HLp5nREV9f+EzQTts39xb68Z8Nv9pbaOdONC/IRhHpW/sNmovwZWNEQG4sk6i6iHzGqwVdPxnFCsOBuK0J5Sw5mB0ALlN83ZldTu/SW61ixlZ5XEbXulBhhpE6E/QaBtfkrev0GiCwkyu+lxtRk7psttpS6VEZlTiu+X6ZVT0PadblVhgGGwDvyVJzF3goVQJo5LcfSf/Adrzq6etnTDQ+NGZScbgB+LGTxdgNakyVK/dnbbzOcAgWJsCcB9Qh619objfBMSqhxG9a+SHSm4qth48fb9Hmq4c7jeNQxhvzZAxaPYXxlNjVkOhws1EeLnk0WUhqNy45A+LbVIGC7ROou9Vxd+GzEg1MeLLMWw6GgMownib1Z62HP9ZpRz/wylSg6I4v1VHv2mofz/7oixFjfVieNVWaz1gZaZb523L4BWtOgw1yIM/UImfuW1vdN9gGl9VvQ+iqnQ3X3uQMK69i3e9mkFqqVWqNz/El3bU7iCANM/ 19cA/nA3 6dhBr4WaYAdr27+xZPxJku7j+2OX9Z5D3OULGM/keAp6ElE3+yhXcde5k3Y/i36Xn+SWUwKoUtHipHNT13SvhcFNUqsj6T+NUZV5omNc6wkr5lMV62vbNJmSZ/Wb6pnwBa6POH4gnjZNSAkEF9+oKc9O/NKHESN1ys0byXRTI9cxPzJzUII7HCob4J4Kl3LHeHPoWHtWV4rYyIEUJvVfc+1lvq89ZIxKwbERVXZFDaZiBEPKPP6EPfIGoWsN4wpTaB2JY+QvbqHXT6xK7xy+fdqAFJVwZwL4Ga6NU7fkjIwSMhNDGu9Rmwqf+824OZ6HZW2jy4832bxwtp5Mm+NulLlgoJTd15Fv0GT0HP1OHiTAIGT8PTI5EneU8sR99BhZb0bCqs6HsO6ZQSh1YoknSMa8UefFV9lOD4LkI2JkOddaMpw67Xg+TeevpEVS/lxDS4jWIE/ZewvKXCtM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1cea64986baa..d41f237db28d 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include "test_signals.h" @@ -45,6 +46,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Mon Jul 24 12:46:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13324655 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A381DC0015E for ; Mon, 24 Jul 2023 12:50:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3D1DB900007; Mon, 24 Jul 2023 08:50:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3829C900002; Mon, 24 Jul 2023 08:50:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 270F7900007; Mon, 24 Jul 2023 08:50:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1930F900002 for ; Mon, 24 Jul 2023 08:50:49 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id E15F31C98E7 for ; Mon, 24 Jul 2023 12:50:48 +0000 (UTC) X-FDA: 81046489776.11.8FBACB4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 1546514001C for ; Mon, 24 Jul 2023 12:50:46 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RKvbf5xF; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690203047; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c422h9hePWFZGXVEyc1SJULBUM8N+meybf6z8umXg3Q=; b=fpEfM8yZxukqdC21gcm5NfXUrb7lcaLp1k49Hrm31IS9CT23Q6+GwfpVQKq0Dk07b0ksvu ocvdLcZgIgDD36mcqDS518Mp1Tcq8CbNJHUqGKiqbVW0589kwPkTQuDyhm9sDfEwC3kX8t SP66yeAHCWCLmjGDu9xruUQk/9mv0a8= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RKvbf5xF; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690203047; a=rsa-sha256; cv=none; b=2BKKK668uFr34U0VNYwmMtSzLGhTYrHfHoPqOlVUMXN5RIAvTeUkZ3bjJ4lRENaOY3/tvI xLXcA62ctHTVDDS6IiqaLnBgCPB9RcHymMBf3nErErgyPyeCjpBsa3W553e8TxQUkp3oQ6 vt+pAfmQ7f2hJLhXyrdjndNLOpIh/Mk= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1928361148; Mon, 24 Jul 2023 12:50:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EE3EFC433D9; Mon, 24 Jul 2023 12:50:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690203044; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RKvbf5xFIOYmBfC9cHliD8dmfbRs+QpFurP/fbZe8s8WPczwbciazon6lfXd9pSXt rheOw+8XHarDOdaOF5ubRH8/iZsUGbGtNhSaDV1Qx4zDPLo6HFjKB6fCIj0yN2+zWj oCXS3GeKXc6x23k3PjdrPPXhENg2OPse9fbsyikKnvOksNaXle6MUIIkR7VJXplfqj D1aon++cZTfW+FDS9bsY+rkjpaFz1hWPZqy9btbsOm6ybbejCdq2gtNCgmx55APO6f wlr+K3ar2XUp+ugNJ5tb0YWCaAHRU1w0siIsTL98K1dL9appy8Gq6F1skQSUSNGDs4 BhqTm6IVAw7Ng== From: Mark Brown Date: Mon, 24 Jul 2023 13:46:22 +0100 Subject: [PATCH v2 35/35] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20230724-arm64-gcs-v2-35-dc2c1d44c2eb@kernel.org> References: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> In-Reply-To: <20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkvnK8hNPDwiHC0iaEDryG+Mu2O7MgY2oLGt69EQIf sVXvDwmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZL5yvAAKCRAk1otyXVSH0HvdB/ 48/ystdzGMlp9ZLcDce6kKIY6+miYLetihauHdnActGmdUw1giLgnaH6IqjXYWeEg4GQJpHOTRWlQ4 /vQNIe9Yd0Db/nuJcsciW0gzge3Wx/rCLMOsEWZdmAbsilSwEHZtzbSYdq+aAhJhycf0ouOKX5MfAp 3mc1Ec0oRKmASjn/G3juxGiZMPk++J5C0pY5RIjCoG/0NFY7QLfeNZj+tbVKhkfqt0T+IFdzwMwmrN uUUWXBdHUuHPfUlZCvbhXeUx+jY6fDajjRvpjAf3Nt66rsHWzkokYRzk3hBNYOg/NMaM7g8XYQAWeY iJsXxNG0RU05traqr4buJj6xOOYhku X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 1546514001C X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: mfyw8ekfqqsay7x8ce14kg7g3463qsyg X-HE-Tag: 1690203046-514231 X-HE-Meta: U2FsdGVkX1/SmU8eR1TZd094hmLGdVenr8QU4v7k0DpkORIyBQNNaJiXhUO1NbcVevVps/t2m5POuDMkFRbAyLW6WcRLhdytKMXGEagdty4NruLfFZc6surv3RGE41qqqLrKIMvKE+LNvU2jDplRFV6swRWgCs291AABeBn/YIZlXHYEK32sPBaPBIkowxnUKIR0RJuJM7VEWS5BECL/z7UHjNc3tsR8byku8h+M+lIoToY2j5IFLpF1n553T3gY/VbDxQMV+A94QSoTVpqt3H45tYQUWsWB0iE+qFCI9Pl8PfNkq9UjKgHLDEACwi3AuomTgHiaYVw+UyO0IOtfpbT8rY7f3K1isaMKlDzkjQFAPZbzAlmLxQ0DsN0zfjX7oV2IyO4COWdeFp2DhGg8KReYj28yGUyiZDv7nJFupQklRMdkfMH4FnKV0Sg43Mn7Va2OzRWyF9inXdXSdPyAMr301SKEdCZLG0znAqdlDhUG5ktqfyM/fdoWtTQWAPlPuvVD85Dt9aBsUF1o+dGlnUJgbCEy+xZINwY2S63Rc6GNvJJZl56n6uJwy1boVzKlGeEbqWVSOdMv7u/SdXPOdpsYzqrJVDNDZA9MB27PmhaEMnzg5+nAau3qeWF3ShgSGxnqbVqktMG/UrBpWCc9emE3iDFNxjqCBJUp9iA8fNxbIOjFqNciuBWC8A5h1Nre9aUpVad6f6a+Md6HIqJ6N8xfrb3pQlOVCbwVKu9VKlFheUQT6XubiEnSoGlze2wKHS7KtOJkougW27Szgtmo+xFFCQp9DuhmojVw85SKy0fIRAv3mMoKkz+8/P7Q9ZChhcibWmMQyH6km0wvwuOE6A8iW/JQfLU21Rk9aGazN93BRJPGhfDqtrhWadaLnmniPxpXWqGc+QyjvAj4mvCrPEMVcf2LMRJ3WbnJWnCYS0CcgS2QTbMShUHpUkNU1PkNcZwPy9F0QcoK7OcjeXF XteNSK3O 4Ltn7453YVU0AlwZ2P2tiBeEyu2PTCxfVIPHqwrfDqajT8bKmufBBRlrfzloOuYh7L2n25BWS4VQofbH0YiSLLSR334u42pnh+NF7urMfUtpFnoAEjhqEJfOtr+wItFD9A+8QQ53bHTXDEiNuN0bHjugoKlO6tf8b07gYWaxX2SlDutzh8A78dgvsb0LVZh4JMT7U6HFtgZJAYDvY+heSLRXuGmtJgsmb4o4joASBadNKpfZUGwVkomqaHkUyC/UPG4Dr07QZQaKIa88XDvZ6L/9d/j5nxHqgfZ//HIPvwbpzQpx8PbVkOlU0oQeudnL5Ustz7VmITHGXZ45bU7G8EiJpgQqMWj9XlMwHYjcsX1ZSdgq97gRfRtkCfECNBec0py7TqKQjJzF0se6RfqQ6Al30652HGKT5D7IbxjBGGGEqCLc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT