From patchwork Mon Aug 7 22:00:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345066 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61762C04FDF for ; Mon, 7 Aug 2023 22:01:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B64146B0074; Mon, 7 Aug 2023 18:01:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AEEC98D0003; Mon, 7 Aug 2023 18:01:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9401D8D0001; Mon, 7 Aug 2023 18:01:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 7FB076B0074 for ; Mon, 7 Aug 2023 18:01:41 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 307A71207CA for ; Mon, 7 Aug 2023 22:01:41 +0000 (UTC) X-FDA: 81098681202.03.19DA3E5 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 338D8180004 for ; Mon, 7 Aug 2023 22:01:38 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SyRCu2BW; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445699; a=rsa-sha256; cv=none; b=dGfCX81m+ufFvqV+/jqEAHhhhykOJ4/5ZNV3HlrjZI0E905fhX/T15H9QJJ9VVYkNoyLeW /uwps2KkS0XGAkTLhcvzL0lwMQgfNiTFBJkc7oAjEEf3jSRUlsWt25ncIPx6ap62WQtjIg w5I7suDkmCTVhJeXSqd5EgsxwknBPec= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SyRCu2BW; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445699; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Rr2GRmUkRH4qcj8DwtxgJoc5E8ETtGtlZ90s5DNZBXk=; b=Fr3XgA5GF9e8nwXj1QlUMZEria26kzHM2p9KH8H6cJOzIUNAwl1gwFZtQL2OiKf/5cAH8i FIRPuoCDu1TqnL86Nzzu804eSyo0fThjtmFA7JHihu8TWJCiJ7WLXqdBhwYdDvJW3Rm3Kg pYO34LfvhLGmzmVd1Yz3wGPZEAfPUxw= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5265962291; Mon, 7 Aug 2023 22:01:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08B87C433D9; Mon, 7 Aug 2023 22:01:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445697; bh=AEKjV/BA0T20XbbVS98znUxvUes3P+lFxLNl3dughq0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SyRCu2BW6qjr/TKOhDZHI+CIXFJw09DWT9LYLuVY4odwt4KVXZuUtQtcKge0vH1yc NhIjy5UQuv5asrLwQ2E/bayheHLHhu3nQKPeclFm8HdoHYz15GauC5D5Mt6+HcufwO w8Ws+NJ0fdX3DWYEIYqZYcB8EFWgy2L6Pr2mKF8rMpMGF0IKqRz/wzxIrFv3GuR60s dWTTZUgdtgBcylPnAyf0BtVUS19a2vXMm1PhQMt2Q62WTAghgQziRBCzs0HFSlj66J oKFDsNKM58C0NGeGk5NYyAvS1MamrjDewe1Pe07wb1g4kcOtlojlyy4wUOp88xfwu3 D1BIppkgJAr7Q== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:06 +0100 Subject: [PATCH v4 01/36] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-1-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4712; i=broonie@kernel.org; h=from:subject:message-id; bh=AEKjV/BA0T20XbbVS98znUxvUes3P+lFxLNl3dughq0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmYCJ09bM4Wf7hxqY5FoHrf7ZbPLgNbywvjDg5K 9v3eFBGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpmAAKCRAk1otyXVSH0H+1B/ 49rYObgdF8pJ25JkrJQQ9VsWeEnauBaz6z8h/tB4H9GjvBgotjUIUu4IjJLjFteX3yMQwWBijDRuSS 4w+VBd6Aii5fQkBfl2z2D8WxZWyzftiEzzOH64uYZg67Ne3II6aINa8Cd2OVFoUoWb3N0AFOrX8IGA 9jLcxgGOHpHV1C6TC29DoYFyuQpMzniquiwkHi8E7IggvpevruvMayzC5xpReY6C0ux7gZKN6flsQb 78zdOlQWTfdEWt3K0n3hLcxHj0sUr1/nvFuNerm44LHSB0D/xDy4IeYrdtQkoZRrb8KHQwMv5tGmVt kzhrE84nhgvv+3RcGtMHYaj5HUXvgL X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 338D8180004 X-Stat-Signature: 4y7yzbf79burgwydn5buzqtathngu95y X-HE-Tag: 1691445698-143346 X-HE-Meta: U2FsdGVkX19GqoG1O+5gZBudFEM8C+R750y4b7hcwvvKrxUX20LLja3m/uomnFWbHFab8Hd6vHchU2M32iCoObaByAfyNl4elx+HGGvnYXzkL8INu3zSRC7VynknrDcaLYQhiBVPD3pW8NAUWytgZaqgl0WGphuZXwEX/lOF4VVJoyxKKs8El8qvfcuOu4cnoxcZque/oubOd1LsyVpj+hZS7zCeEJzrbF89Alw/V7vnTZfXe5pr/fpbNdRbcDM6LtkH5R93g0dGFZ3qFvFnEfe57z3JdnHv/Ycat+ZQwVStsX4VTpzZ58MEC7rIBWpE+SuqKB710sCl2VWY4ziCM4KSpVLvZEn9ezTGt1H+6Z27DgInOu6YL7tqW7oNPV4buuvsC1GA/a7x0eeQ4XJCCyF9cOEH3UfNe31uITeOa9dGn4f+TPcatuM/aS9RCbslMH8M3Zp+Z7JOzQlkQninjudYzm6bZNhhvK1Cy9Ivo4AXlxxFc7X9PbJ04MaFZds6nlwqb5q+gAz8fSK1hUtkqCwMx5M/7dL+K4Eui4osJPQuINwW2OAOmHgyBxHOMnDwFBTc8Zf2uhgghUS8TDMQU78U/kJZVjrktCTe40PhWNKso7URL5qcEWQzTQrNTfmiCqTzEjj5PGbK8Mrpd2/FKaKmVXiMF9WBsCPY1RIhvuNxiVEPLox9q/FBylSj+FkN5PCZJXl2pyGZgagSNuagYIeAvXhx6+W5cTAhYpDwjPY/ZNoQNC5Svfv+E0NX50ZRTmk6JtPzN6o7mkyUfGMRzrc2K8nvQ7aZvYREq7zOE5UrEcv31zspr/dhTb0xMcXXPxRrPbBIrb3OSSk9u7oPtIM8colhNQDyaaM92oSPJ0oL9rSwZvbkSQWeN3NTxdpBXnunp/TGWg1DmJvHvHnp2Bjk657QyNsuR6VEkNwsQG8b9ClcwGOg3l1CyOtJuANOv+ohu/wgSv8x762jbBn zwysUfIz 7aUMcE/T869p8WRy5eW8kHun8IdKsIEfQf9x7lh3/o/qz0LcxRu0KOjSHl+/piMKGpmuApPy1BU3h8/hwLuT4aspOdwVyxDAeZT6Ez/WYBUBt4R1aiXe5N/KXHkZA1F1CQMn2iy6OH1OSEM5mcK5Cm/y55C2YKQIAEmbtGOtqc8wrknLPB7nSOwGP/0+TMTnh9l2rKVBXQbElAlkqD8hRkamzqnqnWYVXD6UooWd9W7WNDpIZBV+cYKzJBAVoN2JRtZiPbmR+T8ZZ1IwP8tFPdvuGmX5SVDXqH8sWwyxbNMLo25BzXA7tG2cSEUkAdx0MauxC0SCb54dvfXrLgu9I500O8arza3asGCRNmHnvnV1hVIVf4UK7yRNKKvAf2Ug0Ih+i62yjN9QTmD0j4abi6Dvd8+3i/+6nR1k1sKByvV4VEwE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 0ead9d8013e8..43fe625b85aa 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3964,4 +3964,8 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..0de3d6ee18e0 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -305,4 +305,26 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 73 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..b26423a614a9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2302,6 +2302,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2720,6 +2735,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Mon Aug 7 22:00:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345067 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 756B5C001DF for ; Mon, 7 Aug 2023 22:01:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E4B956B0075; Mon, 7 Aug 2023 18:01:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DD4536B0078; Mon, 7 Aug 2023 18:01:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C4E368D0001; Mon, 7 Aug 2023 18:01:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id B1E766B0075 for ; Mon, 7 Aug 2023 18:01:47 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 807D5160B98 for ; Mon, 7 Aug 2023 22:01:47 +0000 (UTC) X-FDA: 81098681454.14.5421291 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 57B934001C for ; Mon, 7 Aug 2023 22:01:45 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Th1Z9bVZ; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445705; a=rsa-sha256; cv=none; b=fmUJb+HLYBnDlPRKnQhca1mT4EcJzuQv0S5ObHpFinzi/GA30WXIwDpfCeTYewX9WPQNw/ LPKTB7Daa9zmGjFrV6YscbK5hiQxdm7XRAEv1UZW+hzhCd/C6+mPJcc9GnJC9+0EqmQYsG WrzoR4Q0qQ1IGBdLiTP/0EEAKxqjTqA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Th1Z9bVZ; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445705; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9EiokGlVijer87hj8YWJ1OH7aG1LYVUNBq6hLY0xJSc=; b=TVDAy23dGWEIxkp9hYsE0dOMRXwOVDXfMPnNTw5sdtOg3icD3jmU59YYnFzJFSyHe9xP2B LXezVQ4Fl43ZWedQfRN3l2+MnZsxYB9kdE2jR7LYX95CJ2eTxHkrjezpfXPBVdjqmYYVhC 9g5hXIF41QYemXyVndrzXShvPm9PYvc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7445B62298; Mon, 7 Aug 2023 22:01:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2F0BDC433B6; Mon, 7 Aug 2023 22:01:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445703; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Th1Z9bVZmowOrXA//qqPzkg9/0FflEIxNHKJhCLc/z2CQKnCJG5DosJLmUmw+onOh 5wLMapny4nRmClsBtHWzRgWcJXonhkPSO7plqiyOioxX6Qcp0BvT/AF0SHf2sM/IMp EEY26EU0UBmOKFPHBAMR0lQykh44yiIDEHVxSv1jZVICoDECbdj7TX7aIaUxhuvfFK XyKCA0rMYu2wlIE8YWhBZ/zI0MdfI3gG4epqjukMR7Eiu/3uSA0dUimExMOs3+1h2n LEmAFbygEjYI8+6wW4f6U2Zu0TZdKx7s7Ayq57giRcnMlN//heaQNKqA+mNvFJoD0r Qn+uRSkkrlJsQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:07 +0100 Subject: [PATCH v4 02/36] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-2-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmZbLyQWkqJ2tbfJHVr9HGRMWp3m8IuCBxbUpN3 n4AEtaqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpmQAKCRAk1otyXVSH0EVvB/ 448mJqyXS/1bkj4UVvUEvHo+tLm9pbwH9qPL7ePhWt9agCi1fJ3JvunySZvTrX8Zho9v8xFt8Blvpo IGLmxat/yF6dJKfZitd8oFiPY3cyXLYyUTsiqAvGSn3eQhE7PBKDKLeZEFQ/5EtfUk8L16dNMWjEav qqN1kvOxX6qp9+KPrN8lcFPHRYvjeM3psViv9GfuFs6B2bA4FLjdvNgrH9yOW8o+pVsaZNxPwZmpdL 5bPOa43T95OYMnLHGAXje8MqHz0FGi+O9tUVO2NMSmMmjMnhFXzdMJtHkAcRqhw6yUcGkSykzK2sSI gI0CAqT/hhBf+DnJw394T4Q2tN4/vs X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 57B934001C X-Stat-Signature: 34mmfihe4bmwocg9cw1h48cb48d18r7q X-Rspam-User: X-HE-Tag: 1691445704-460190 X-HE-Meta: U2FsdGVkX1+MBxm8obDvbmCCFZqfQWhY0QJUhCEbNwE3ACPPBeFsGdvj6Op5/8w92VMQcr2XdQoILR2jtOKI/Npq/B4IzibcCmVnWfqmb7UVncuzHV31MJOr7dGJhuIC0UGSN8CtoztKHnsgcGOvXiEqqIT5HeEALBnkvQuone2i9e2l62SJrMUmjLzgKCU4UDE6FHPW/xSuFQ/W6kXvCEfn1uG6SLxi/FGNWdWSYH+Y7/sp+8uX0kktIXkNIYUI5NxV3GqhuX0K9Tdi+U1oDeF9l3q9VinyIxhMZKeSaUCziUpckWbZbissIbROR5prqXBy8cCgJF3rrR2Ir2/ZXFOOHK1wBzwIWiGSxj4rLlW/TPpAVrtFnKHRKnAmcfPoN4v+U7rQt8Pff756bzkLUDHcX9ci1MjR8GS2afdxhQsZI5xl60TVulgfWoKKqGNTDKWyETMs/kPup4MWrpHyNWqevJE/n/wSMNlbLuh409SWP0kBWEpawEQiGLmDImvD/S4GB6czUCVNg70ntzjHESJMLoTKeU2Wr0dfM8llMJI4k/nTBDMD4EswdkcLBnwQEIDslpv3IxGeCaB9E4kec02Xx7wi//GAyrK0Ls2uvjbUH+m8nstdE9YazOy0gJJvadkApATkYr3yXpHrN82QkzAWyyckC6zdRIVWDXx8r+zMX7JOxAFf3Fyxrufx0PKp0nvhwhuXeo9SAYl0XVx2TUpvKc8wjTz1gor1J1TIuKgEuLEkF9969y+QkUfgY9VD24SnesZVqYN0r8IsjhaJUzBcEk7+x3dxdGScrARgR48bLpKRQgPwVCQv9R2/Em152HTs4c0dZBk5YjDfsxTAKiLPWGtb1ePB0xEfdn3vpllEwSKaWVCm/N1HJQwuanRzrjXnbxNoYRjXGcnpuCAQSgoci4D8p7YAbU5Bxum0mcIdNxzErge4s/r+C4VaNyTdsX039ZMrESK8oEjsswb UznVV1rP E1X3COMRlsYje6omcvJNKhLvHd6+eFqpg1LAXBLX6higA/Nj7qfKMb/Cr/5mM4OHC2zcuoudIS5u1yFR8S+g3wGKk8m5i1DYO+DXGd/ZulfmsKocu9tJBu0RGXgOO9ZCWEQy1QrKpWJgqQjmqzMGA66VFfCoKIx3CyiaHSc1B7lQH5v0Qg5rXOIWIuQ2TVpBUQ7BeKBQZsmD4nt423nTmlk5dVxlMy4ponzbaXKswMX6YoycM2pWno3s1I8jJpQiM+xBxkUcc+Cm5fx22EW/uBU1tfj2h/PVhTjOQO5zBMrGm2MnQwPS0eD+3QZhQ1MDihXP5kcm6K+Te0gHM3JdqbVx8rKbJvwPcCdqHKFwY7GJUWxXnj4xiE9jaer/XupnNLaxSuGswYpxSHAHowPpbSE6HVWhcuZQpyQa/RbZm9pl3vb09p98wIGVr13onWnXyUvUfN5DGrpHHQTMgM690KD8TFC89b7GF3+B0wdY0BdqEPxCcZ7Eoyx6ENA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Mon Aug 7 22:00:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345068 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92B7AC001DE for ; Mon, 7 Aug 2023 22:01:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17A3D6B0078; Mon, 7 Aug 2023 18:01:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 102EA8D0003; Mon, 7 Aug 2023 18:01:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EBF7D8D0001; Mon, 7 Aug 2023 18:01:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D573A6B0078 for ; Mon, 7 Aug 2023 18:01:54 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 8FC111A0C00 for ; Mon, 7 Aug 2023 22:01:54 +0000 (UTC) X-FDA: 81098681748.12.8B5D191 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 650A51C001D for ; Mon, 7 Aug 2023 22:01:51 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sK4wyWyb; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445711; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Qw8jpG1nSQZOYyCfJYZZJYzqGEK8fUHUpakjpYEfEEE=; b=hCu8s1sGVMIuql6YlAxMYGSOokG2TE7CkNL5jywoSLo+yJ0+EpmH2SxbljHe9iuKo6kU0N BlAci4K+/tRkNm5QUVB7+i4ShLBtm6tSqfoa81Sp4YfYR3sGiSH9SWQpxCku0hKpGt9m4s N53L9pMqghzMRHIKNOocgMFG+7NnyTE= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sK4wyWyb; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445711; a=rsa-sha256; cv=none; b=IBiWhB66abiFW7Sqk6J/Qd6X8qdIBGFVNgxsTdr/BoqUzTCN5Nk7joskMs2g7XhitWgdWC /geBGCDow1PhRzqnl8CMt3gd2HqRbCMCChIgc1TlHJ1XKq36PNNUtFDLlxt4crM4RNX3Hm Lg7ix5G1eHRUC4ACoF76uBOJgPoX15Y= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A6D5D6229E; Mon, 7 Aug 2023 22:01:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 533ECC433C7; Mon, 7 Aug 2023 22:01:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445710; bh=UGmEM6Ljj6jGLAgDJqTP0WjXv6GPir/AUngl+9/ZENM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sK4wyWybLhAOnNierXWH/0oZVONg6PY0hMSTjJ5/2SUXlDatl57c67u6SgTMT5Wz2 rWoPvwvx39L9WWxKN9vkvir26Qf5hw9ZkROL6FB+SjLlQkWsE02+Q9JMpVfd5uQHoC hrpsJzfuRf/U0u1/gnifb3CtO46PDw1KuFQyEIuY8WXXqoZ8bm1Mm9D13myhQ4BuRA Lln+jQjxNxuevaAdMP+1NRO3dwvvd7hKdg+v0vk5FTOMEIyuTeM6JtexgywiHsA5ki RJkqrbvOXFmHSmptFZEN+xMfIRjXkeOhZa1z+eNzP3UjxIq+lHs1i7F/BSMck74hn8 x4DL64ovRRNJA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:08 +0100 Subject: [PATCH v4 03/36] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-3-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=10389; i=broonie@kernel.org; h=from:subject:message-id; bh=UGmEM6Ljj6jGLAgDJqTP0WjXv6GPir/AUngl+9/ZENM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmaVUMP880FInNYASNKeNNZmYEdEqtaWytN2cgx fsSbzmaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpmgAKCRAk1otyXVSH0HcgB/ 973HXExLaz4vkarDYRF6RyG5STwRPay+uFmkHCAn9zvHZZXKje0YTEjb6whFvK/qs+Us99EYhS0OfB 8nysoyClDzt3L2shQZgck+lagj1Ks2+l1O1MZUAp/bQTvYyIoV11ZNLgYHEMXMMJ0T8Ict5+KzolmH y78BblBw8ys5JgJw3VoawfMH6nffNSNL/S86wDwGXIn61CHxRZ/sLF4m+zz3g2S69bZPPI2iEy73hH b6UoNNxutmW3pJm9bgsGw2LJXn96EDK9s4ZSqeE7b93NCC2qN0Mi80YpVVQuOCTta9XEOcO1+qUZRG /iyQCfJvOQx2LAiCDh4H+3a4a4IAAZ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 650A51C001D X-Stat-Signature: int9y3bac88giz7m5hzuh1npo69pqxxk X-Rspam-User: X-HE-Tag: 1691445711-947290 X-HE-Meta: U2FsdGVkX19mcuU2hOHQxTsUXEYFWEg7rSMEx9wendmv9rTC1MnoW0S3ncxbzHUx46B1OATNc9wGIsIGdxhR67W3HPruRWTNH2jBdN3d73jak2T+aRB/APxGoZSzO4ijAhPdCHm8C2kjyiw0QW0o8GxOvA0yKc8EL21/B9LCFSGskMF7Np9LHtLpU0ZsqipSqleH4zi2WxXextAE+WJKtPZcjSx1FjWtH65iOlb8hxITPX82LWgeU7cMrbuhxMLzEJODO/qsrBvL8mxRetLFxmOgl82zUUWzEErIXs3nAKrE2QZs5dBv6D4oEYc+q+DvSUsTk08rTzghgIxCYRUO4zK7yf9g6yJS0YsBKaA4G7JZnRVnxyhOOxjUCQi1GXtuvOkGVzSL5VVPGsFAEnVpeKjoWJep/l9j2fh7p2NyRHQ/yMsNVfjg2PFvaoL2tHbUEL1nukhpZAG1L0WYlqFBXbzyYojzdjTC1j52HmpcMpHWopK5p9b6hlv+ehGzMuGq6iuZk5EE04Iqt6RpbFwnO1I2rv7P5e1nFZ1mDHEfAsuxFYI5xwrS6HdlP/joSaGnNm+i/L1YR1N/s/Kv66xdKGJrTDYtAez6cNkC3+ucl4744wePMUJwL67S8PstdKCQWQfQrx1aTwIF+a+r58ON9LCMCSGuEY0JYjVMtIeVEWs0VSuVyYXLblZzX3lKbsdX6DnfXbClA2M5gH0nzPaQp4YOJagumSqqtZCBD+Vr3u8+QvzqdvLy3pvY+sLusvYpfibkuESFZbSiXrfzLpJ0YLA6PPMiRBDr0umaalOa3jEJUCqEsaywxYADP31ZU1sbmT1Hdf5RpMNTDYvW15xs2X5DGLFjR8L4jwzh441AJXmsgIP/Zhc0MSjcL0FFSDTHBM6hoYVr8SrppH12Ijn/s7NqK02HvkkoLxo7PbizNgd9AQz04SFMEqJ2hWcVfBx6/DVTrgiDcup5KZ3oEKY 0wXnLw5v 9IiMD4T6lVm3eXfdaGmS0X45fBN7N9U78g+6BOJiSmTGZQDpuJkM9dTV3enXsyVXVNcjCSSIuXiV+29LopsaL0GAnyg8Dfn8+yN8jtiNolqFQ544kZuyZ2eN939miD1S1hhJWUnlGZ2OHqJ5qqjyDeVPRiLT6ZxvPfa3MFt9MdH+A+LWvWmMXbt8kUACHdYpJOIrM5PrxedhmrHU6LJAlb8+pTHL4RnIB+SRRnPM9Ddwh1X+kto2Rp1wbrBS+hH3R6zrq7eCx9+SrUhUI6TmPVBqLzNwzb5/EkXPLPT2UkfEKju7wzHBmUzOLzgLSGsqmN8MMJI2OXWeEF5cIHatrqoUwNQsIRTBep+0KRW0d2LTk2V6tyZ3FLSA+jI68KBS5V9eAG0RrjcYdoUmPZgLfctm6x6DCo2zedybB8rK9aJ1izMM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 228 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 229 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..c0f43961fd4b --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,228 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack for + and enables GCS for the thread, enabling the functionality controlled by + GCSPRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread the called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK / 2 or 2 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must be larger than 16 bytes and + must be 16 bytes aligned. + +* When GCS is disabled for a thread the Guarded Control Stack initially + allocated for that thread will be freed. Note carefully that if the + stack has been switched this may not be the stack currently in use by + the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set. The GCSPR_EL0 reported in the signal frame will + point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +7. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +8. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +9. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Mon Aug 7 22:00:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345126 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 897B9C001B0 for ; Mon, 7 Aug 2023 22:02:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A1A36B007B; Mon, 7 Aug 2023 18:02:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1518F6B007D; Mon, 7 Aug 2023 18:02:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F0D448D0001; Mon, 7 Aug 2023 18:01:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id DD8716B007B for ; Mon, 7 Aug 2023 18:01:59 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id ACEA8B2326 for ; Mon, 7 Aug 2023 22:01:59 +0000 (UTC) X-FDA: 81098681958.19.93AB7AD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 986A1140026 for ; Mon, 7 Aug 2023 22:01:57 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NXEGe8qg; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445717; a=rsa-sha256; cv=none; b=0ETT3/wuNf0qDuPR9iR77PsWIQxUazE/NfhPFEIBUpDFZS4kz5BLqKoJtJylkd4hVp21TW L1SSJ9JKmuBq5Fr0nFc6c0sYYCQPVVjDdz2nHcvnqRhLAZiGwWlRO+p/Gnys0qevriJ3qG zuT0QJUdCqjrnToMnHfjVVLQNay9M0c= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NXEGe8qg; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445717; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZjNg0k5JLv8meVnlQQnkT78Rd0wGAKwtkegHXDEiJaM=; b=dFNYUPwx2sNEGgc/jXd6W84R4IPzqpjls0UKbQ5DpeZEROlGHzSbYxfX7noTXDrAHnzo66 OzCXRcglyymkc7vQzD8SGFCoTrxQJ5szQnatU93m+uLaYrkFzWMlIKtHxvnMbrEEGcE6Ec uXweDUilnwJ3cv+0GZ/DvD8+vuqA7rI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C8C9E62299; Mon, 7 Aug 2023 22:01:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7FCDCC4339A; Mon, 7 Aug 2023 22:01:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445716; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NXEGe8qgWBXHR/TnXm0iyjuU5h4ZsCJuLRNuWB1fRnujzYyRt7DovR77LQ6bk6NcA AavWpKfEGv1HHnyGjdp/NT/yBHuk1tBj17MnEy2zfnAPeQhmrBLPsbUqqbYNj4lwE3 0ZBl1WqGW4HYvMOfo6ueRBsYnLB0MsKcgFmxF88Hr5mTv/qtpmMAMmHAfFVwgt6/+W Gh/x6+LZArDcAHH5G0veeztkWa3hb2bltNMGbGxGlvwK+3omrbISbPyysFw+7mBevA N7aKo4Sts7ZMBOs/SG3Ega4kYW85ePAYJRHOn7JPVaRdPLwdrnYICM1A+ijqPpttBB LaTJkQepdonMA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:09 +0100 Subject: [PATCH v4 04/36] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-4-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmbYz7h4KKVyPVSng5oTDfpmHrQGuHESgbbfxHp oy+ZR6qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpmwAKCRAk1otyXVSH0Ni1B/ 0V34yNxYv/KPJa0LhtcUa/t815ae5BWGGSrD3VDQHDuAMWFxWbJF2iNdwHIFCUQiejD0Us+hhjwW2F 2z4VeH1cDPvdf6NtfTwtzjn5YWtd2wpIa2YB5p43LKp9JNxRxf6yDCiVeb8PrR7eHcx9BL1qN1K5eE jFonFIkpKk9fGtso75yZfcs6+PLaePYfki07sRDRt/DquN1TSih4yeq0dcnFHU4ZabVsx3bxTp6PbH BMEmFaotH7ozIrsMTLcbFdnExgT3Y1B/8ULXjAVpG9BBsI0X6DJaRL22Wo7YUIoynYE6gjBiITEcMq /beJBkqp1fwpfkqpdtorPQHF81y+Yg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 986A1140026 X-Stat-Signature: 4y5nbijfcqc3xd6x4qd431hf5pd5tn1j X-HE-Tag: 1691445717-660349 X-HE-Meta: U2FsdGVkX1+7xS33hcT8HQn4qFWiW+R35oU/fHObpLzrI3QLvehD0xqlCsnQS54ugUD6apJZWW4EGt8++U+4OD2hfVXxncFHXKJRXKv92DaABG9/FRdBR4dj3AJN3fweAox8/3BEMWNYJWm4wcFAVWPlIy3JlaIOU93JLVAtgw1wWO31FZa0tKKFzp3EM7LOQn47eGkJt7dZ56CDXRqYgqEJGlvRfRdQ+HH+WfDmwiRGnb7vDR67RUTXzBe2fvgYZyPvKSIcmD4aDGcXGLhPmI8jERq+gCQFnPZK+iDCZRaw80vcYvYyQAOph03PBKiVtL1KtzNNKDceBmWLunlAGP+J+HtBlbEm9/1J2uKadwUTefWAg7jGwRsMTJYPCEy7nOXSLq7ZyTX7LNFzICT+NdXmrMMB8L7gsh/3InMSJUIrLaQG+wPrrWrpYy5hTty2Q2f84g4q3xOkgj9JeA9K1SM/pZ7LzfBgi5u2TglTJfpOic4ty3tZ+kEDQkyneERyusNYPOFNMaZA+UdLpT73vXtIiNztCESApzgZfAkzVvTFkCFZ/KBmFtH3XwCD0V+/OCSrGXYAzqxXR90DrNs/SO44n4bNGZmravOnGnxu2nbtw2Q2xRHUp8tJHfknVCsoO3KbT8/Vtfh1qQdgIpJmJVDB12Xj/1YRaSpmL22HzHQYVmPL38DhlQcnOVdsXiSqshR12cXh+PGy+no7fzJrKXWrlA/AC0K3MTehV0vP8XhvXyYnNlw4jMi8S9KBRbfyC8xxKz7KC4iXGxl0W9KqvRDjz5jDxeGNw2tjfPZS3aHqSyPUFU/3Qly5nJMTs56+KyQrLrS6kdxI0xy52CJ7ivfgTN8Lu60yLhURXyTMlm9wnqRMqFr+wgpPKHxzFsonzlN5RP1mWPCfSNHovRiuwHNOdTNoapRGknuVPfyDza17IqMUCXe3Xm3vTUHFMb3biFzdrbgPEM/IxH7MV9W qE2M0619 1LrYSVCetW6MtnxpcDEqm/Bjo1wxRu7JbxRjhYLvCAQKgfZdomugV3GEzRAmLArlYsUrUH67EORKH1lup+aKP2mwM9hfVb/EF15Xgee629p+I9AkcqyUyxOi0YRYN/s/Qa7YUja6crfhdLdc/R7AYnsYydxPnCMRVE6oYTLk8F2Lfg7nqZHowzu4Q4n5V3AHh3tSenqETr+5yoRPiyFFwY6hS0d4XQqUiacCPVzrOH1CrFHtRo6NdgkErWFm0x4Lxh3YuwgppvJLak0eYYE5tHsITKz6hK//+5sJUYgxwSdZ5NIG8hR7zpNfbcgwnv3gAlKU7+iq8gPY6jMRANlMl13LI/V/fvzV3IavB0rrxmxFHsymaniE8yaxbwJ9qb+gsobn23pkrr9u03v+YWOTvszJK0qs8VS4AXFRE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 65866bf819c3..20c12e65a304 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1780,6 +1780,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2010,6 +2045,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2209,6 +2248,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2268,6 +2315,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Mon Aug 7 22:00:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345127 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A759CC001B0 for ; Mon, 7 Aug 2023 22:02:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 487E66B007D; Mon, 7 Aug 2023 18:02:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 412096B007E; Mon, 7 Aug 2023 18:02:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B11C8D0001; Mon, 7 Aug 2023 18:02:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 171866B007D for ; Mon, 7 Aug 2023 18:02:06 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id E1BCC1C9B39 for ; Mon, 7 Aug 2023 22:02:05 +0000 (UTC) X-FDA: 81098682210.14.38EFBB0 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 0210F140004 for ; Mon, 7 Aug 2023 22:02:03 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nApuP+06; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445724; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=f1Fjfwmv9c20XNlM3MrDH4yBU8vPb3KKbDiNXIhVRLM=; b=02o96M2DjcemsM7MbirFoogFeKvD91BMuwvZF18uVyGXiqq4HNrK+31kxkiOyoh6KrG7Es nxv82ALYaSji4ipv9B5cSXoIg9sXPA1lix/Gy1LOFTro64xAmVlCDkf3mGS3URCagjtkPl kxvsmS9mRMVFR4z9/KJfWQDacKSxJyU= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nApuP+06; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445724; a=rsa-sha256; cv=none; b=NqzjusfNV0RegbCVP3yL7BNO9/natIA6qFpH0CeiFsQA+kPLL5YyNv4b0iSnCzsMMFRx1e 11BsgwZNJ99MjHrZz4eZvzyxyviHqBQU+Mv3DaB7Gm8LHDXYxsv6CnkF7H58/xTkfW8uKi rB5/ghU7X0WsorYCfAcPnCzKIMPWSxs= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 01D22622A4; Mon, 7 Aug 2023 22:02:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A811EC433AD; Mon, 7 Aug 2023 22:01:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445722; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nApuP+06jysg/y7J6ZFHo8EwbwZrQg52kz06YA448HtW5ZD8Dn5Ua5XDCrv9J1r6m 0Bb3tJ48ice6SQZuY0QlNWt6f7+03WGysSnNbAaGqp3il2b7cpS2ltxRRmZyXnPkzF iyvItt72vm12Bf7UiyJYlD62lhu9dRzyz2/Ea0zjAglmyMhySLg/rFnTo8Fhu+uEi0 mbFBlmvNa9mgcVc49WfP7aTtg+NylzhTaK0paAd6dVD+ioh809ACVSla4uD8qmVcbQ V4XGbTV+8S0ZjvPt38JTcg7VDbkO7+cvEo2hk68rqBx+VUQmOcEjfcKyuxY7cHnakI uruau8eum35QA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:10 +0100 Subject: [PATCH v4 05/36] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-5-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1361; i=broonie@kernel.org; h=from:subject:message-id; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmbk5SKHIgUZPBuhpE8jhIRmhoIosfJTCDsmh4Y Kt7ozLGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpmwAKCRAk1otyXVSH0CAtB/ sE7EhZAiONJOLz/iCK0MbpxBTxndfXombnr0bVNTrn1eSCo4nyeEnjU/0StkedCRh+3f1vC8QH7bws Gt2d65gecQRs4M6mTiQilYcYyZYql6pTENRWJhcL6WqmfZrzHFy7zmOJC64Na/jjZaP/ep4CNo1kiD PUCDLqXPDg/Tg2JfSe9NDcpPY9q6LOt1xEVBFKA1bstLwgyoQvkbEh0fkwTB1+WMK+felFhu9v6cEG hoyWctwsqa7x/ChiK0Ch2q6N5un4sii9T9Lu37O4rN0st8zsFh/EESrrey7Tjox0AP+I21SgKi7ZgF w4FvbboJ0reNZzcEXE5lZxVgq9NELw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: ijbrfg46hxcyxzjsazefemfx4d73jgca X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0210F140004 X-HE-Tag: 1691445723-818980 X-HE-Meta: U2FsdGVkX1/iUpAQqXeY1Mfnz5CwAy/xCrrgZd2kS14tvPuB4APn3YnRoEWZ/vd+eANMOa+hxG7f4LUf8PiP7Oq2SjO7tptN23lKyJ0APYxeCffREbfsFnKnNOBauhIcqJUNsBHfF8YINDKQ8bhXuXIebvTqPwjDUgtg5jyNfiz+JsVwWtxXmt/fKcJaEDQGfLS3cp5/zekXhia76PdgXiBqv481aC2eiPEhObdqUVqHVspVBVfgyKye0jwpLp2f3iON+kZrZG3dPxXy/mlOM4wBAJAWTIAxs2HuB3UceUV4H56bS6PDrUk642XKPgjvEvT7WKzwl8RJZzeM3IQMQlE7raXdJWk2gsVpHb23SuIU9lEdsDLa9E2xzpJ4DV0kvHdvDpZRRtaI26lqSSuBAaVEESQWecpcUXz1Q+olxYWFBteEy4Bi6ANjaMtKKSXlg85Vsb2ICZmK6XAKFaQsU8IeJt8kE5UrWLw1Zi6gkIO/1S4hsXYFeWnfH+EqNVaZCgG21Kg5dnb5jxN7tTIfxn1VKKxHgJcMZ8I45kinYT8Xu5V2DdiapffRiLOxBRH43Ql6AyaXvgjr9cT1Vhr4cOCFaAIzcpiVp2ubYA+60XMH/t6X6cO/Pog5AuTu/K0nLWhVEH3Y3tHRYatd3hPIDBtLhDFsF7/yDd2d/iXxjqYnnBCCRn6eG2CFlyrchLax1JpDGbTGwniubo0Ci3M1WNiF3hXdot1lQaADWDpJHHK8D7beiccswRW1JZqEKiCrwllQtmoBc0PMkHQ2YFdHQZ6LgZQkOOBizjSQ6R6bc8bU6TMcCPhLTQqYZhg0JQu0pLQs1YpyRclhmtKgKZQoZ8zYOYJrkyj3jhK4XxBihTC/aocBKbl950hFmP9CD3PtOf4LARKu20sLBdD/XZkDmbquJE183n6Jq3tSP1bZ0ZD2X/qZo1og0jWYHr7AxuR4df8DVeWlcpFnJkNM3b/ 9xjd5M0z ywWqlhs8RDaH7hxEkDX0+fxzoygjkQ00BORb/EWZZcZ1WXMvLgLauSqvAdYB+UAB70zqiIUbzXfoizHXCOSFpDJWtoJJCc5q1UNg8u9/7i0DvFARY9hjwTuhF20Bg9nypbMgftu81vPpq31zS9kgFJr/9EGmu3EuWLepZZFxWeJ/xzYppwOWq/IS2Hpl9kd34OWXv7m83jjgkHyLFImRx7wZ+R8B1B/e3p9ZKQFPeDGUk0pYeDo/QcV9ZXi90M1lxIZQ2BLA3P2iB1/vvocgwVUtVosVbT630vyH4Xv+nt9QDtFIzLEkND7RHv3ZwFyclMIW5OGQBKplEctfDDRgW9Vc/0ldjWuv7l+I/EEIUH1Sas5RjQ/zIs4zVDZXcmCOgYzBiAwjXEOlmkQcgget1PrUYc2bIUWFNQVFCL1it/nq9IQvh/Qd00t3hq88psrZfg82KQr99Vs2TXHlgnFqqD6SYO53suF0OmOhEKwSLPF5DO/w6SasbItQAGA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index b481935e9314..3d7f9b25b8fb 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -730,6 +730,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Mon Aug 7 22:00:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345128 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05387C001DE for ; Mon, 7 Aug 2023 22:02:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 96A046B007E; Mon, 7 Aug 2023 18:02:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8CC848D0001; Mon, 7 Aug 2023 18:02:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 745DA6B0081; Mon, 7 Aug 2023 18:02:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 607596B007E for ; Mon, 7 Aug 2023 18:02:12 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2184180BBE for ; Mon, 7 Aug 2023 22:02:12 +0000 (UTC) X-FDA: 81098682504.24.CB3579F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 201AAC0005 for ; Mon, 7 Aug 2023 22:02:09 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QgRlN10k; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445730; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw9uk67+s5HTS/4C+7Hw36JUsrXswdGZ2FWphnKG6DE=; b=PJjrKvNOWOve9BqVqKHplgmv8E0doLISog0bcPPcRrUdBpRb6DMZJyBaO3xVqrX69Y00jH mB8zKqrfsNHitkiSYRpdijnKHlivgSzR9Lj0B7ENbW0alblIH4jTRywO8IImlbdosyAyL6 BlcQONCiBfBNV/ESyUtcwfm1ojl2iSA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445730; a=rsa-sha256; cv=none; b=MMzKQf95ijACD90MNrSVBv7RAETW8m1dlEd7c+OsEQNh17A/0jhVHk+41Ws6uY0xdhAMjm eTGGuIRMdBgCf87YIeDERPga0M1gQbHbCSQYiwpNuVdSRQttIC+t/482yqMVsTX9LJeB20 N2irqNWOzE6DXlwNyOe4QPe6SCxDIM8= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QgRlN10k; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 28228622A0; Mon, 7 Aug 2023 22:02:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3CFBC433C7; Mon, 7 Aug 2023 22:02:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445728; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QgRlN10k2BIzrEOhrn820jRtBTe+fdrBpMGuZxD/seyQ+pfycy1plO6GunO+YjM9T Imxo0U4YrMKhO3pM9TOiH1OsrcNBEzDNkq7sWsKjbuncXLC0IWK+hYLAIeA0UYbdWk 2J4Iivp40QsQkV9YiCt6It7TTmVxrr0kO4KV0AWCZ/z94uEi9EdtD7RDlHF27OkODA ALTuUeamaOoBl5Ucy1dzPpmmhTGCr3NgAIF0omW9GZ/buRCGh1cvjoN3coBiTqiDaf 7OYA7UQokad+VnlK1U1BN0N52ZqJdItBSCNdiLweUCMB1A4LCPHbqxW14S392t51qw PxjYi14eCeQ6g== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:11 +0100 Subject: [PATCH v4 06/36] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-6-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmcf298yHaLe0/pQ+i80LO4Bv3pqAUzPuw6Cszl XMBwrJWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpnAAKCRAk1otyXVSH0DeHCA CBYigOoCQiC/afrEIqP7eij9j6h3yuzLkjzLJGHLMd2q+XK6KyAgnqoLcONFXVgzpQsR4r2WnoVo6x vsvqKlN9EoWl+KDVsz5kIWyQPqqk3G13mfnkVtQV37cfWcGtZ/smrnGlw4D+iAeK0ffl+CRwd3hZ5/ 3KLmhA2lNgm72VcXSA/ypXzPiXEW+XeGwk4iHYG9TnbIePSGsMxYtuT4Ak6yLYsNlQFAr61t4f0iet tChEloC3EnKkArOX8qkVzpA4Fcvyrv6rl9+IKhv9VWBSGmyQJvsfZLrXcv4CPimPFNechgNpN0zo2+ ordyWKedjaIbaaV7MSZtf3tbO6TfoJ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: b97jop3g851pd1tma8pbtkw3fr7ehj77 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 201AAC0005 X-Rspam-User: X-HE-Tag: 1691445729-16702 X-HE-Meta: U2FsdGVkX1/RAWQQqMPHsppdIsJFM92iFQG/dSVLahkXAsEMjMY9dSTj7qgpn2hHDVx8IjSqDAqNPWy0jJovL4fAmQON3X9JRMG6zwU/0wdzoXd3BpC84qLvI4TIXFlxZ1kEoa43MhcUZDFGwP4CrIxpdf+szt5YzyzMjVoLCAraDpg79GnCA+6lWMPh9y24YzJjLqqc7dEg4ajU+roT/6O79aQy64Ay3p9E0StbXi0AW7zUFuga0TB2X1PjwuspeIyAunwE5faiRDyBLgKnm8ScjUZGcYGyBXcHSO7qabymLjrLjvHxK8F/DVNK1w2oUDuVy4jp3lksSzHRHsx40r1NfzuyU4bw08+0UxQ5xKkCBisAujZQtHlwtWAQdHvQ/ReBVv5H9zDn+mF2OiWM4r2hya3QShSZgW1VuM8+wuRBb0E1WZyZR1UqqeCmLFuqbWwJL/a6p/fikZFjReyoFgKbJ9E0J9RVDa9EoCB0hDd/SaCuhm7UTciMTVITwEO7COUYH10XTzlTXgm8yGJ7iDvCelJnHXQwMSwb8QkciJkgHgqfPhBLZIqyNHzSmJZFUVU28wBNyov+PXwJp6/tyd9Fzhgmh5NaEHaOWch+B5v5u7ZIPQWEb1ZlgpvbzY9la9Vb8vfBFIR52rz4ZsfL9OEtq1hYJfdfbltt8txp5RDsdlAZzrF6Qp1DarXsSzD3uGlU478otKeewnMwln7k49Q5Ay0ccltC3cEI4QC6L1y6CLkW0Qt9f1TUXPHwIAUz9Ne2gKaRxaNLksdTQic0BTH+SR9iMur1rwadADE9LIpidcDMRgdrx8Wu4ScwOn+lCUu4MRfJWeJMWwGB1q5uchTEg43nxjz1HpU2VBoIo24GK8Xf5nzIuqtoL82RGpIqTO20VZ3fWOZ3XM+/EipD+qWVOQSnGS+Ae4NiPMftVRs4y2rVih5D8ioMx+yJCsuIgnhYTaJtaHz1wuS0BZP 3N7FbtaA TFogP8GxuZ684WluXOBFrKrrlTGRirVDCNidzt7+VY6MD391CcfompUIqBIH91Egq1WkEt+9ZT6sA9MTlli2zp53SiLv+Q2Y+BhOGZbB+9R0sv9gRuugFrhJCN2R+KliG64hqRRmg+tUI2NZnivJpaSpRsMQufPjezBpCApCRjEg7T2YqZEHCrESJAF8JZqfs94bWhhRyRXg2Xzzl0vYZbB3q8rpajTOH8Dg3t5wECSsVmrWeXmiKAZMLLVjRBFLmd9kWNR0qtFacVcOVQUsmJVJumsx58fEnn8vmUbNQ1stDVFDPiZoGgzSUKkgHlO7SkfvapI7kagPKlNYCkkR9XZ/cQDACA3FLjPSHnF1HfWeXPiihWrUB2NDjsWqagj+8HACznPCWPRYe2Rsez+th7Qj47WAPbNw3zTiLTzqo30cQqcU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Mon Aug 7 22:00:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345129 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 072A5C001DF for ; Mon, 7 Aug 2023 22:02:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D1516B007B; Mon, 7 Aug 2023 18:02:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 633D98D0003; Mon, 7 Aug 2023 18:02:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D40B8D0001; Mon, 7 Aug 2023 18:02:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 381866B007B for ; Mon, 7 Aug 2023 18:02:18 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id F0AA51207CA for ; Mon, 7 Aug 2023 22:02:17 +0000 (UTC) X-FDA: 81098682714.15.CC59827 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id 1AA5140004 for ; Mon, 7 Aug 2023 22:02:15 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AN8K1d1h; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445736; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; b=R49nVuZnTtgs6NJV78sQowo6Ox9SM5CspMdw3MyDEVhOerKxAbwKd+QwO3vJ+z+ZOkRBJ9 V1TEjK0f698KsYJTgvfQv2fpLbVV6WFWirJal8tkOT+4RB/4KFepCSZcYFbdODaLbSjF/a Xu8/BgQgaMENnHRYcAoDLLVJGyU0Bxw= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AN8K1d1h; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445736; a=rsa-sha256; cv=none; b=mXpls4ARJSVNiBFynMEdzGaVt8ona5wSWmQ6rkmbI2IlXwJDkAm+2cBq5pf/E9H/sRxhOm tUS75ZyicBD3UN0rD/QB9bMIedDdlimrdf5PeUXfb7ePRVFjLTUUQABCnvRxmEEcMrGq4u PIZJhb9HYhu4Z3IW7NiEU+B3JjeQiyw= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5853E62299; Mon, 7 Aug 2023 22:02:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 08AD7C4339A; Mon, 7 Aug 2023 22:02:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445734; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AN8K1d1hM+FECwj4m7Q44SZ/vVwNunzEI3mgs/rR++hEMNfIoQxRuwsnk0qjuB3lV D1ZNx1pKCHk+jlGJrGhqOh03ixH+zIDWje3WQslo/D1VjOd106bw3/Sewy6jMx+PPV TA3QA7zrb5an0KKiv99PBqXcJNXT2FaKbYHwnhgdJud2Ks3fkjqiuhhdAI5ZR0azGN gknfBNDDPh/z83GWTFPRA2GBxjxry8PKjojl8sQPGAWKpAcNgul5FcX/4RCaCGUKEV ijrUeUtz+vIZ5kFF/s+GbtITiEDIGroF1ALAUkgPiZNea9bSzwDHJ0/UFAtzrojDet Jw0fbUZ3jTnXw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:12 +0100 Subject: [PATCH v4 07/36] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-7-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmdqU/RL8wRY7UGOdRitXWgZrgqu1X0IXUshUit KIiqVCSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpnQAKCRAk1otyXVSH0AZQB/ 9tN3nl/ebmiN0afW08bZaife7HUkEpbCB5l0jP7cgS+5CXXeUu/MNd+a4iyvAqFyTbsmhnZovZGciH 45jKvN0Wdj0v5UmZg8g2WhgEe8qrw9mJWRhS0xBR+xWz4XygskhCKc1gMDQFx+gVWkUnq3pbWwBmjc /XoE7pKFNO5K69hJIwETGuwcI9Sdjy3SY1si4ogJax+9xc0hV1/WRt1U1pEsjFbMsgi/15vufsROHp rVgmckZKCqz/Vgchnf4MUtrhlDduB4TDrKphXTQZca8fdLK3COFpPcYEm8U8rjs95G070cRz6cN2fw CPy0cLZ9DhsR8Cq008YQs8AYbWifzV X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 1AA5140004 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: en4kqxywow6oie9t5t1om9y4bbzy7ngy X-HE-Tag: 1691445735-7847 X-HE-Meta: U2FsdGVkX19ywi+p1BA8n5YmYTsTQzemC9YV++y+s3iikD64ee0VHeF4lwi4kjn8K5CMt2fSGWp5Cke4jPbuIZDjjTcTLboKIDqEJx+vSsBphNnyNACAH0SqRILjKwE3u6Q5ZK1t91iQb4tJAhLJj/sSDTfiTyAfbl02YaYuj3GEQTWXUOmlnfwvBj+xccUDb7L/qpdADdda6uXTYzs3Ia8G4ppUTIxyzXrfd6aY4RVq0Ny6nQzdDJFOOBBrYBmFONYu5oBqhXWmrkGiB7pZq3of+NrQVcZ6x72NMQF367EPVdDrmP1jI1WiP7P41ywk4iNkDfg0CpRx9nrUf0AZqJCH5U+UCPV0gbWzoO0HgC5N5EdXRRv/M77GddP8suDuLnLkYRUcSaeq2L0xwTVEqOz6o2rPcjsbWTA67AtzQztpm433bQ8wgTY6PP9Oa1IuyMAEXLttxqiyeG3SoGncXZrCUSTPNEeA4TLUCLXKDn0FnYJWGdsdptHCOxDhijAyGkHvoDbEb3Tw1nCxVTH/wl3mPWFoUQnYaqSAradhUUBoC+M1D8ftiZkw+SfJDWUJGdY+52OK4gUd0swhDDZpgCw1Iqp4HGWqfxzVDFmFYR5X2N4lQ3bzLMAg0rvJyfEtsIVAY3+rg/EaESLT6ZG71TgnhSTQg8AgVnbUg//AyCsqmAN3wSdt0HZVGnAVPxLA8CYzPwJUTElYwl//ojW3xcf0SlCpA4E1PGZZnMqKMrIxG7t1YGkZhCgU4g61pHfvZpr/JkIy8B+kR3tynjs/9btefJYw3/GrKIqeDcEtkwNMMwxK8mbOKSyNlTre5rOUcZsnln4YmvJS0RGDJqSVqJPKCjtLdJkDMP77bjyq84zbzlHeiDKClDHzcGcTZCH5KKGT9hmERg7qIrgX1hHU39GsuTe46LEPB3btFoYZ+3BqwWwdxqvDuyZeNrPHi3NDzxSSjsGPV8p1qKGC6Hj iEjMlM6o 3iH3Yl3e9f5iGfpHPC7EduBUseRPyMg8NrWArtugIzeVj0ImbMq1c7wzT3OiS9F1V8xGoZo8DmpgEebdezSeC6VhUFwjXdbpnAgzVGVzHH1kqfYraG+7oAh7pODUgDmDJGTdTVvGA140E8cBMDRrYqqMhMXZZOESh+cbyr1tRA7VRKMfVknF697gojkoRwtdofbjSDCZHgcq7pvqrUm0OvUQqrPKuuGHgw59PDoEBQSEJxxU1fy9RfFVzKv1uetwjWRZZOKyEZVOuCNufRjxJBP7QB+WG/MS8lcUAS3rRUU6vgeunGbssUwH9OcgHz4eno4yGtUBXhJHZIYjWcEMfXoK2ogaePj7R03n3pqgXcKFiJ7xDRsWkalVsCx95M39nU/BG5RN6b16hC1GhEnBlN4nchWVYmCn7o4HwXsbbzgDfcyy6O+1ceNnhMGqHhraW+WP+oqWyvrEPJHjKEj/l9BTn0bX+jUhtLwd13mOFU3qoHY+U6ZZBVOxUgGi5RJXsxSTClnBrza+4vP26FdlUYvU8ioM+v+5vWy89 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Mon Aug 7 22:00:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345130 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C609C001DE for ; Mon, 7 Aug 2023 22:02:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 23DD26B007D; Mon, 7 Aug 2023 18:02:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1A3258D0003; Mon, 7 Aug 2023 18:02:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F34E78D0001; Mon, 7 Aug 2023 18:02:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D3DAF6B007D for ; Mon, 7 Aug 2023 18:02:24 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A3CA740C14 for ; Mon, 7 Aug 2023 22:02:24 +0000 (UTC) X-FDA: 81098683008.19.26610D9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 7226A140012 for ; Mon, 7 Aug 2023 22:02:22 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LVzzDEWk; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445742; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UsQ4evMiiAYwQjdayZkqlkQ8Zju2zsq0zDtbSV9Oikk=; b=e+CI8Ir/J0Iv46TMxYtHK+0DKcfbBkTwQzJt2l+qOzETp0MiLWH5WDRyFQPZIVpq19PhNS JJd0g1UivC+N3E0WH+wafEnGp1y9MaVdWAmEtcFMNyowqjzBzoMn+I6UlBM+LVpUo1+9Ea IZBiaizL5LEoa/0WVVcrLfch0S9vwPg= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LVzzDEWk; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445742; a=rsa-sha256; cv=none; b=bMeGhomXGQEH11xlFAZWe6l7/u9TFl3j7R1oRJeunL+TvhoLTHlLdmFxAKtLqWL+gtrnhG +uUQfOtDzDStanMVWsEgmCJdSptS7mnfUb52eZdcrn8CALzZ7Mlf5XmgUqFhRJ/YSng/fB bC9XM5msS+Q3fQoK8bn2kdxsG/7F3fU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 80514622B2; Mon, 7 Aug 2023 22:02:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35F60C433D9; Mon, 7 Aug 2023 22:02:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445740; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LVzzDEWk5irsxJYUs1w1FquJWSX+JT78LSGknjsJsaejE+UoRpw58HiGbpXy/uKKX lr2CjK8ST7ioqGIwCg6NUpvsRwMWJuH2jruwL5NNRnDLOY9+V+boB6F1bY4uU1vYNw n1A1JxLL9hnmg1WqURqvV4j4PxB+iJ+Kqvnu7ZA6ethH1XCdP6sCjs8u+zn3uANIg1 rK3jnoINCNkFwtm0pDuOtUQF23D5cmJ2BpIw7LC09GyxR4dB1H+RW4jbyFYJUJC4nP J+w+XeKpEqYT5FjUPLMNrR4utFZUox+SR6RIbQLU46H1GGLdpiRM1D2ZP6m5mZcPZH jGc0OD1BIhhcw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:13 +0100 Subject: [PATCH v4 08/36] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-8-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2901; i=broonie@kernel.org; h=from:subject:message-id; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmeNgerRxHk3+vE3fBS5wdL2AtUi7SFsWNQ653Z m4fHZ06JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpngAKCRAk1otyXVSH0P2pB/ wKlrLvyaCHwWtLXYP9hvB1q4+QtHKBda328eUhF+7qyfOjcVaOhbuom1bNnFuI++/guvbu5LG1kM9X 27l5PwyGxbXv6q7MnO8hgn6Nn9Hu/HiKDapUzAzcEOZEv8kWzIZvMB36boWq18dQ57i1v3mq0xZsUQ WTyKXGmNDPaju7j3528qf6l0AjKyZs/sCPQBz7/zf1ZWTFLPBlaqkZfiYH4smiqxCAcZgQxITYLiAk 9pbqLvnVI7TT7Zlv5Wx1rAClUq7gWOvkmff8qbKDfYvAyNV0YtBGCobyAi79UT4ZoBPAIHBtiR1elr ElgMhlMSnbddJ6zrDyW0TjYkp/NLau X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 7226A140012 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: tpuag7x4e13fiuiwqtac5q1epqokk6xe X-HE-Tag: 1691445742-759917 X-HE-Meta: U2FsdGVkX19En7Tky4V2BZir2uM3Nyq9ephVqMnYO+rKw98N6UOgmC9Bm13P2BBKWNj9LcvsO4KXSaWCLqD3Wf5MFRmMZ5KmHPzwk8tSwazYATviEc0BlBPglaMiDMHNvuHhF3mY7zSTl2ln5w9xoxLIYbYEHH1Rz67ss9jSzk3YQa5/wFeUlOc9p1e44A/PKXXN0a7ocHQEMlLmDL7Deud99a7kimkRsHrd66xZeIhirLfG8trwgKd5QImyaleedqUCh2N0mV35k64PLc+tW3C6vQfs/FHjPFvHlMAa3UGk+hHzy1LCeSFGVckNR/ULWbAKxId+KPu2XdF+GaCAwq6tC/+Snlni8sz5E/lNDdkorQzX6gAbJ473hQKJ70AX/8sOQCbxjWko9xIwn1lAG4Y7qn+1oVfUKLaRfEORy0I3Q2HlQ/h/QLdsI2I9eevDZFKJms8WJJuWHVYCaIs0pwdRRollRYQNbiC/bghL92zn5XZWzLry38aMGryU1fDTFrGn1jo5bgPbjcp7kvrhpcizXQi2lLoOC7yDpPN3j3jENOjboxuU1fpOv2PIuRMCbLumJWOUKfw2bvjbUC3AYOX/IPRC386dotttAsq3ZpLvU+UvOgduEx2LQ1c1JB3/Wu9utAqR5Az8zyFrUn5/7bzRE5l8pE5d6oi+VAaMbffjE/N3d9sUeVDHQHOPDGdG1WEji3a8RV8PtEI1C1RiGzLavKmDG5+tfE3uNLV8Hb1vlUkX4VhbC9jNA0E48JA70XplL65etbzwvnTehJNzfGVAZIcT1jrHLDAcF9o6xq1b3NlciRyv8xqIS3xP42Iqm/GLSAocbNOqT5UudX3FM3IPUqVAekcBDVMbvvF/YOq2qKyJhyaYdQFf+32Lp5sgS4AhlKGnWI5qb8zz27JbghWietiiXSCb/oZKc453s7szRLh1/mGAu7SQc43ojipSG1GyDbYuFLxeyWjQSeO 5/TAJh+s XPQOI/htxOOrJyGZtlZXPBjToYQ3yZmBcUPmOkZmsv6Mo72Bh4Dnei+85XDOLwVPl3avqU+MoNrq5tlscPymwvKERhPgvG/yzkinZzg/dU9wzrC6jGEqsM7eNyYVZ4yqhIDtkeCHn5LLPAw02qaGrwz//94zYKELtW+EATy4GjumsTpvwNXMvNlyz9I9wnvVzdhKF7YpzSuMmzPWbmai+4Q7BPxITmBQ+6rdsBC3m43aTWUfXm2PTNLS2dwWurxcIQZNFSOdn4LCKpVKyqv9nCuo7nw5ubVcB10U6LFUStcv0skqhRZWlPpfY3LQrZlG3ASUawY007DIFOJa89nnsF2FYUZwRS84EOGVXhIwvrhRrjyE1KhHIdxGJic//N2XuXHglVAt35kjJxTOH8nmfQdlurBVzU0p5CFv4aWAxru3tQng= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 96e50227f940..189783142a96 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f9d456fe132d..91a14a6ccb04 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -254,6 +254,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2219,6 +2221,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2715,6 +2723,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = ID_AA64MMFR2_EL1_EVT_IMP, .matches = has_cpuid_feature, }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c80ed4f3cbce..ab582f592131 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -26,6 +26,7 @@ HAS_ECV HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Mon Aug 7 22:00:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345131 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D25FC04A94 for ; Mon, 7 Aug 2023 22:02:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3EADB6B0080; Mon, 7 Aug 2023 18:02:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3746E8D0003; Mon, 7 Aug 2023 18:02:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1C7208D0001; Mon, 7 Aug 2023 18:02:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 061E06B0080 for ; Mon, 7 Aug 2023 18:02:31 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id C50AA1A0640 for ; Mon, 7 Aug 2023 22:02:30 +0000 (UTC) X-FDA: 81098683260.07.958A902 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id 7224B1A0015 for ; Mon, 7 Aug 2023 22:02:28 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EmOZ2tYU; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445748; a=rsa-sha256; cv=none; b=EzdEmFZosrJnRFIewDGXEIRanZnTK3cRFze0ETAyN32tfq14PLPYjpuoJa0BvKQYdAO9O7 Z7GIQuifyX948QrXFu/Qc/HfgIFX89nQgImy/G9FYnv1aG2Kzi+PC68brfwRjLtyAzR1Tr WjyeFpZIsgVTMGG3W6iDSLGR12RrKfg= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EmOZ2tYU; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445748; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Dnc2nP1HVaiEDoBVg12zB7TbohL1GVCNMw7SaItQG9I=; b=qKN4OPXryPlXWRTUXdYkh17hHi90kQ2nMHpPs3lGEpp+LuvsN9HppDWsstE9P0gzNI2GLh lE9leRv+Snjrrx4e2ngPfl1KrI8QmuwS0cwNPxUn+vPmAZAKio09NXwZKzDpHctfO2fZZg lhyDMi9N25qg+aW+UQExtopXoPKJ8U0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AE996622A0; Mon, 7 Aug 2023 22:02:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61D44C433B6; Mon, 7 Aug 2023 22:02:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445747; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EmOZ2tYUJCJhMhJ7hO34qV5fLR5s6c+Swyx0MdJ40FErxgl5j1pJ1C/4mPxfC/fB0 zDT+DR54Mvr4RmVYj3PS0INYq5at6DJwiJvlBLToBENbgbSF9qThUiahmn/iImdMun PbRfcsONPOAz/DgAjZkxiEiueS6TUZ5Yi6L6FvhGBVc1jkT4KNRf3lkY+HfN1hSh2D VFR2AVLEomJrR2LGmXga00ZjV0tf0hkN6eRbDVRD4D3G41ruz+/5U7xBTi7fc6s7L4 8rXROIj6mbaHHv12TMfkAL0zqssrdoHVk7BA+B8lqyVX07XUu8TZWdW8z9DNOBAnTQ 2mlgvyFVXCLDQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:14 +0100 Subject: [PATCH v4 09/36] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-9-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2919; i=broonie@kernel.org; h=from:subject:message-id; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmfSCjgX4zgvM1dX0NE3FBZc7yto4Ja/r7dY9ZP YJvd+7mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpnwAKCRAk1otyXVSH0LkeB/ 487t0CeDsRzEJ/l8PbvmVhXGzZVKGNciRrG6v29QenKmFmWK3ROkp6BzL/Dr4xPkYV9tDVG69jz2aW noHAWdge6E/0geaaJAFe05seIm9jrY46BFHIZxolVLKZH4oFO0uG3qyA+Ct9k2m2RQI+zLhSAIj2Ue aO41sp2HhKo8umHeqzwsPEdHCZIlmQUPrK3X5emQgDFo/6iYIl7t2GRErkfDQdNq6kI+7i78vRgwHs M1fyR9/182RGa2FTE6YB6iQZY9Jpp1ngitVNFnpgQz7Gn9UTy5WHOU9xWttf7pOQFH7FZ3OIQ7BGRe w9VbzxIICBHqJFtASettRlZBpIAvmI X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 7224B1A0015 X-Stat-Signature: hk5bk8fujjh1ihxo7mhq57kbiko5ycrc X-HE-Tag: 1691445748-292678 X-HE-Meta: U2FsdGVkX19iwjvM0eNKTcLfzYPBDt08KJlOzG9nV6wEmcmaM+UdioDbTrwpNfBJ4u3goWtm27XhwIlcMzBnldLUKOy1Bj0DwYljodynZYIkcMSybL62pQlPhA1BfjJQ9W0Wi1zIqWDHkWCvCaXewvwSFbLWFstDVffkwDRfJFOI701IkkZDRmDqJ0a+bqjy5WiwNCGg6g8MOXexHK5AApC8ebxcX33u85HHlVqdKxof8mIs6QUdyiBO///jBEGu7N8GMThyudrLJ/P7THulxQ3CbyuR8cmGTrO5H4tD+4BdL2PebgzaHn+e7oC1VSf3d1CIJDYGxTK4HFKMgwQMmPI3P+QnEPFpoj9Ehc2nm1Ktu8YzaUA+QsGHWyFgtX6T/vRP93JbIv4CEbqtPH95TmgaxIKkHJMvSXdNwJ6zCLqtQlmrIPwZAWkCbwDA/bE/fG58R/LDiNSFweX0KL052f68dajdhMvf2H66hD98xw9yVxt6LrQUL32jJ8qzo6cbVvZmMx/MKGwsc6YY5XxCbpNS/ITXC1fqyxSM1ScWU8VuR4nYTvjw2rXWDCM96y0J3cKiaz3fUh8Bpfr81fcPZtt31HIWOnJTS4uIEsoWZTIcFkp02xy9X6LXvSezPaj4QCVFJAKohwdUn9wNrmGMjsuChu2eaCq7s5LPZcBgfPTT7/qhUGdARY7blyz4KKWhEZdePcH/jSSgF+aqAs4DTKncb6NcmzSttjLtD7IE43qfKGt30j7am8umzfypzfbTXS+XmHKfBuTA4mGwoJ+CjQzeemSyF0Li2c4hW3uvE4DuBj8HrCXGXPKcCt/t2RDYyvttjBRKOTKzikF8DSN8YuKyxFoRR092bzNF3RcMUeFS0PoU7FuHoQer4UiGDLGrHkXs/cJUPOnW/BXgE0Dhxm3MuCXU7bdySmkqI6CALHzrHefQ/lKLOwsEckT+0E+9INdue8snB1+PpRHnV5p 4/m2nucn 5CQ634QYY024SzQmpliLGG0I1k9ktK9a8DNQSOldVmlsur3lsbJE4Dmvqx9dpZwpXNNwDmQXHkIA7IgCKhIRL0j59EaIYopfeWfAk6tBtGdVRKruAUeLLTfIqllR2CVQ4JaS10a/H6ELdhZCVNfeZlTrdn8fx8yQTRWCb7tegMn/s/Nc6yNx6JoP1Zy1UROUO+p/CkgwKJwb7M/efTEKe6E6aMQdUfVlsgzgQV57or7ydAVOZCDTMFbIw/k8uygKwJgWNAYhxtiikBN2srXW9eZ9AaGTi6HMEDnU29HFQMWbfzBEShq8ViN2N7qd9ImXyCaJdUohRx5d70/IsgHQleH0Dmai0ddgmoZRiHgVKsNuuFoOIXtdjjwZCe//O7fu8d9PimqJDYCZCu9aghylLf57p7OqaX+06pKXudDUfBNr6nfDpw1LbfHCGyON0knX/6gAlEmfVlEDaGkS33xNxvXLNB+Bw5kvzz3VDy5K3TI/pgZ63yyazBztkwQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index eed814b00a38..b157ae0420ed 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -131,15 +131,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -147,6 +155,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_RW) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Mon Aug 7 22:00:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345132 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2237C001DE for ; Mon, 7 Aug 2023 22:02:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 830E96B0075; Mon, 7 Aug 2023 18:02:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B9E38D0003; Mon, 7 Aug 2023 18:02:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 60CC08D0001; Mon, 7 Aug 2023 18:02:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 4C2E66B0075 for ; Mon, 7 Aug 2023 18:02:37 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 10B2780BDF for ; Mon, 7 Aug 2023 22:02:37 +0000 (UTC) X-FDA: 81098683554.27.9E3A955 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id D2E2718001E for ; Mon, 7 Aug 2023 22:02:34 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="db1Dx/sx"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445755; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NBG0tU7kX2ozstMwYzf3BLRb/FaAIwac2wIDi+654YY=; b=ponf2cQHIGIBG1PspepwllqzhAGXKCK3br4aJ5BjKw2JjT/Ecx9v6w+W5aiASsWN6RGCSN +++ZJxlUcWZEh/grIsWehgh/ozlibQiGzd6D5ASxAclwoFeSxETkGvr6yeX9TTYmS2jor2 MJ06q614sBX++/eefj8Oo1j0qjZ8OHg= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="db1Dx/sx"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445755; a=rsa-sha256; cv=none; b=GlmuUnqyRrMtLADJZ05lXgfwU7wbXfduZO9o04blyeYn3kaShM/MRGZzgTeMD8ztndXIKr 92z+wEq1W6RFrGQcO86W5DpXGOPAKH++nHUx/rl4OlfAhDdFZaxxYDKtmA05n3EJNv/PZa NkNRR/eJZRM4l0ZqzaFB1oox7SLBAes= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D898D6229C; Mon, 7 Aug 2023 22:02:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8C5C7C433C9; Mon, 7 Aug 2023 22:02:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445753; bh=38AeaFL37vV9MyUQ5JVKuM1gVCMvtkdVnDbNL3TTQpU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=db1Dx/sxvi2GeSAf3rMhKXkcdbmJDIbfGUllMMOe7trw5TGd+vI308J3L4cvkXQIy A5eOMbMBeV+Iy6DXGLgZPV2F+yerFVZYxAxPyGfOBYF1anXcMVZRwrdJqAwLAvpbXc YDsN6zKyGjydncigvfYWIOjoqQ1hCoR5Gi43v8eOSsHPg/aqEgfOPiOgs1WJaLMRb1 9BvC/IsPYBbZuRF2oYfHysw7ZJkNDBsrQP5yK/Cs4ueUWvjxWcwBpuCkbMS40bOKci sHSrh8RghAfAnm3dUDKaiUdqcray+L0SvleZYqxC83BUSBcJhJ+dAsfdeeIjAER83K gdG039mOCCB/A== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:15 +0100 Subject: [PATCH v4 10/36] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-10-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2027; i=broonie@kernel.org; h=from:subject:message-id; bh=38AeaFL37vV9MyUQ5JVKuM1gVCMvtkdVnDbNL3TTQpU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmfHaDrJuk1F8BZkrWtkiZfyI8pNxlLvkhZH0Bl wPbm6M2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpnwAKCRAk1otyXVSH0KzOB/ 9Z7ayW1CxNIiEst1DkkfZk1750XtkJW5QHNR8NSJRtowY7IRMCt/HPlKhkUlwoJoOyEqw3wHyEl4sr rhjQWNFCJHDmgCM0xKPUfgrUIUYMqtv7thpDIo4VkVaOE0EIgiVWFpTTaGMzDv1QKouCPw9QV+Jj1G stKQEubuFBvpvQLYb7DKL8KHCeQ8GSLbYJMvJeQOa5n2uFdCYPkRws2FWxsnioGmwjj5GsvOrbzWgK og0YmpMW5ApYcyyP3Sab9jWA8qRAKY+6tJJDIVQvnDM2u+9cXapRklfDOYo49HIPvX2JDVyL/RM7SS hQ/pTlu9f3Mx39vSgZh/yIdSidNcTp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D2E2718001E X-Stat-Signature: ny5hs8oxamzcn9wp4qo3ogj9oq3omrmy X-HE-Tag: 1691445754-396629 X-HE-Meta: U2FsdGVkX1+wnkJlQJQ9gHxQeo0CFB5yBbKI+bS8Fw5iY1IxoqC2Ok58XW/WXBewFeLcYHu4w8+1kIV7SJyORn4xkKINQREnxMgMf6VSc7gqO8Rl4Vmsmow2isdPA5dGFZUpqIg7s0kCJjr06t1naeiP2zD6XCOWJmAa3ZcQx9kEVOcPtx6r0xo0XMHOcFW+BswMO6A+iNxs7ZCmf1ot4aIRtx/x2BX79UzeUi1dOuZUDhHi9xKItlwPLCHnd0sD891SqdcNao4dRVs6vu9JL+qIXkzIT9W7DdxyFOWLokclAdfGXMBVgwuOHdSZ8ozxclaMdN8rlmvVsKLrDuTJi5Rwvh+E3SySm/KAW4bFlifhCLgx0uqguVs+EBAKssl0iiRNuqZPYz9xH2QdL2M/PgmRcJj7Wwqs6nqjwKBfROQ0/QEoC3rDjQM58tAQ7cOwZbtLG3teUamfgramKJFo/FUxR2qMoKdXR98Z3EwRYUyvRG42+7Tn1QocvinuZHFYbQeOPCS6e4UYqPbcKFxy2V4H9pA+0eMBXXqS/kM8Sjn8QEG55327Hs3NCepO8FlbOqOh+cOLyfMLcnDUmOO48G8r6RikrcN7ZLay/BPQ8BeClIihZDs5ig/VGnJEkpwZ5gWoMv7E9ZTjmFR1fp/JBaUvel7B7RW+a1TiCfjiC0bwLoAQjG2jwzTD39WlC/nnvwiYpzRHdPFRfAr9HRX4Kb2s0dX9roINbFFBgsnFuKke+llsm0a5W4IOUUCZYZljVatVNpH0WV70OXkLkMTx/P+64Bfomuu9/9rblWrUytOQ1GaS7w62CYkO7H+vH0fLz6rOMOEJdVrkw3ZJ3Yjes/47seyXQ2Vb3ZP9yHzQehYgHrSNVFymBqA2jBZuTyurzioBuW7L/F3mVn1U6X1vDjMBERApq7Glh18UoVVXK4GlzZJDDZBrkwMEAGa8zws7BErzGBRf9ubAt9gSSzP s4Gzrc+0 v0SU6DiDRo1AJXz6Zwo3PeSJDeubxQQPG6Zae6OpPYKncw6bssHmB/LztpDP3OgXAmWYZjGswCdgiLGjGHk1mYuIsAxKNGn+P8c1cQefB3VbJs4NMW46YHDRoX7XwdmBTjacx5mvf6wU8AFte/DIFShKGc8Mxf+3YkQLkkrc26AxAS9c/wGW5h7lSw39InvSBAkb/KLOAmWGuj859OtoCMLd/UPNLkNURACCgP5860+MpZr7bruyzaB0nQZ7l45E0sfQxCfyPbGGmbG4TFvehwAjgN3qvf8HZxaCiaJCyFQbHTyFi8y3B2/IX2O4R9zd6jxdRfouT5E0ShIPdz2R2Az8JD6eo38K91uXUHL+20FgyX+ry6I2PrBnZH8rz4nR9Kmxc94KlNBhwRpfU4tbOS/pjRFnH//pR+GVtLtkEqgcbMNfc1WzZNt6U2f9HTLtrSz2KeVE7CmtY7dR8zw5gYwp2lA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 6ccb57089a06..086a0408a4d7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -566,7 +566,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index cfab855fe7e9..e8c50848bb16 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_X86_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 43fe625b85aa..3f939ae212e5 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -372,7 +372,17 @@ extern unsigned int kobjsize(const void *objp); * having a PAGE_SIZE guard gap. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Mon Aug 7 22:00:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345133 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91B8DC41513 for ; Mon, 7 Aug 2023 22:02:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 28C906B007D; Mon, 7 Aug 2023 18:02:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 217118D0003; Mon, 7 Aug 2023 18:02:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 08F9B8D0001; Mon, 7 Aug 2023 18:02:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id E9F956B007D for ; Mon, 7 Aug 2023 18:02:42 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id BE61740C0F for ; Mon, 7 Aug 2023 22:02:42 +0000 (UTC) X-FDA: 81098683764.27.35DA891 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf05.hostedemail.com (Postfix) with ESMTP id D9253100025 for ; Mon, 7 Aug 2023 22:02:40 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B7+8io7J; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445761; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XE0cp/pXkFJO5Epc20SRtvrQrMW2Zd7bcQADyaYtsBc=; b=SB9RPI8ybVO0hi/JqokYHbepa/ws1+wpvWXj1Wyx5ZBhsvGKtGsH9NzHt9hgcpXyi9d7Tb kaxbRqJTXO4cm/a+24gAmj2MEduvxbpjziwBERluyopkbYG8GFzypU5R7ZwRUMPjQ6hDN+ AUYgqTvKBrVDli1QFq8TPPVtXEZrdEg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445761; a=rsa-sha256; cv=none; b=hzU1iwhy9nk3vHZoJ0CGxjHs5u7qNImnUcnBJqDQB37E6ZASI1k+LwNOIw/MBiPVGWFQuf Pyr41F3/qo7tW9iSphAzB0vSuwJXL1dhuO4BqEhsSWjiQqFwwt4OMiBBCzazD98SnHEBpq k74YuQJMh6L/rC0CR/utiRTZoT+5rE8= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B7+8io7J; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0FA48622A1; Mon, 7 Aug 2023 22:02:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B665AC433CB; Mon, 7 Aug 2023 22:02:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445759; bh=aGB9MytFbopKILsUP0kPuxTbIpt9GJuR7uXvXLP6vLo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B7+8io7JEg/LIWoZNhiKlYaOzexSqBArV056/ScJvMpxGs2kYB4Okzkzol5kScHYE 55HMmJFzcyF8LtgXCBJKWR7eLCptLh/oMa3OwoCIW/lmiSswqdleH9vkIljQqqI1NG HLehvcCG393fnl1siFCS/s7UzNZzDQUk8j/IEVppVkDJ+oI6SfDcO/ioLRso4uqmWd 0nFYrpM45VWM6oql/4rbBGH9Bwejm80beYj84++Sz29XVXXPZ08K9bNizQdES4ri9s TnarJsT6SfHg4wd1fb/cH2kV7WdxLpv3PjSjRekkZcxhPwSttByrH0KzubjmRIB62N obTS3NSXeRxEw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:16 +0100 Subject: [PATCH v4 11/36] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-11-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1124; i=broonie@kernel.org; h=from:subject:message-id; bh=aGB9MytFbopKILsUP0kPuxTbIpt9GJuR7uXvXLP6vLo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmgYE5sTjIW0s7MSSUHBmNdoL8mADFajoHMlxxa sLCcTiKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpoAAKCRAk1otyXVSH0CQmB/ 4hCrLHpUMmcfdaL24W2A5mDkcuuBM88bAHrKma9GqNW27peedUqdX7QojJVVcc8Pti+JDlRJQlF6eA QZEKYM3bKTE3mosdO+93NlHTPGn7gi26Pt1S42K8kRxwwm3mJo1gL/HQE1ao9d0KZg9o9LHWjR9UsG hAoZdZeodWYeIhnbOvuyIXIfGKTlRPnEOtzr//cVzV6vxPF3kggLcSNXBGXhBYJxComChKV/1oWfxG tHKcsX37YMulc8njZNNNcc7c79OcVYO4TFDHmUNkosm8ee1zIH4H+rIteZ0Pyhx3nAnQLUDe23kVjg n0K3NwP/ZpHSz6lX1gqzfW1nyN7hWy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: D9253100025 X-Rspam-User: X-Stat-Signature: h7h5rn85467ny33dizcejs5t8r96aqe7 X-Rspamd-Server: rspam03 X-HE-Tag: 1691445760-602165 X-HE-Meta: U2FsdGVkX1+9koInywVmDFj3ufFf+e2uSI0XY3t+mtv18srrJT5MUhYA2KgQ3p2B2U8Q40DF7kxJFuSpfbIHwX1aOGpWaM8d+TXQFOQbYvvOzaNnTBl5RkwCnhosEupunacaMtboHKL+TDEwap4bbpHmPyntjw4H5bH/+4RXQnRR7bWmA/AOzwghMF4FtAa5p/QV0nKRxjF0ok1ZEVqFsWpNM1oqfHBwUfOfHPA2U30eLqEEwj0+tLQdrdIQfoSh9c81erhkicxxhwlP3i7u0qLYp5lv/+RJJ3DtU5ScgOlL1H991TyX9YPWhJ5GHXAuoUp1GFitbZ9gRFY7Y5IlwXAvs7TfH/7dyNn7jEsXEES5+pQvWM0cWVBvb6SfB6SMKlWxZxa+f5WlsckrNFvgNvhnSxSKpZRPaIWrwhBuJay2bS/tdWKgdqgEF3f6DsopyNP3S1w5tpFpY/GX/jiKcpgqCwIWqPoq0It5lCIrurg8ydxEYkTAdoklAyFkmPfZRbBlUa6qD4je62WzN6R02HjdI1E5ZB4o9RAaxz/hqbN+i41/jJnvm7gzrmLyjU8DnkwLHSNUGXeLcf4fqJqKn9vaZqst6wnWpGSwipNLPM2sipejd7RkZIoOlwVAW3/aFQ8/V0/TpWPrExofv0XKPLNwnFZbH3+r9raAVKCbPxbe4RmXPpyo37Qb/zuhqmYOv423WLPb38oyGdj7yqDWFACoipAr+BtAyDXorCcVmD67DEZgb3QoKGZrsXQ/eAAaogqm7DWbHBesPRUZpKy+pb/hxzeR+znqgpH3PyDHYSmjPfa0oxZOHo2n0gFYsz5JVD1/UxT4tmUcu17GVCW+n+WgB1H3nG3In8vJZ2uEJnWlwZngEl4sBR2JJonNPyznUfpSgtTGWeT9E9sOTsa2hl9rHkHf7bvXvO7pdSfBF6E9oglEMyijRwQi9OPnMy0nroitXwiTbaLpiwaBF1I jhLI8PJ1 l/fQ9WGpisJeglpem/ceNL21Vd/D3uMOIGbWMnBSL34M5c57xiHOYnY0yfq9q4eHejA8Clb9sGy3LaHrwPszq6u5EwDzCsyeZREaut2LU+V8NAmfIz0uKhd9NpKK4ak9lk8iz3OwfWZozzv0tsBiuX8BCEJk5prP/E9BUNztI8oTuqJ+tSioDR9k2BtTdTtrtKevG9bPsV7/3yWPbF+kCtGVv5H67XkOsFLhy8wBcuHIhOLsNfd2qeLzrhznVT2i7I03Ca5rb0AgxUU5HaFo/ls40ByfTtT//U+t83SPN1v6Dj0AXh8zbq3vdswF3TT69B9WmX7TK2xMPYS3JDiraDe7Kxi9N5u/nrFjQwTEkf41zhEzcetEl/becdz3U77FV31jWMGsrLiRTI5WbszZambf92BnDITTDYjfEE8l+ZcrnHCw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/mm/mmap.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..8f40198cd44e 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,18 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Mon Aug 7 22:00:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345134 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C394C001DF for ; Mon, 7 Aug 2023 22:02:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A30356B0082; Mon, 7 Aug 2023 18:02:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 968E18D0003; Mon, 7 Aug 2023 18:02:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 793578D0001; Mon, 7 Aug 2023 18:02:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 5CF5A6B0082 for ; Mon, 7 Aug 2023 18:02:49 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1D969140611 for ; Mon, 7 Aug 2023 22:02:49 +0000 (UTC) X-FDA: 81098684058.06.49F8193 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 252FF40023 for ; Mon, 7 Aug 2023 22:02:46 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="q/n4yn4c"; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445767; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qn2wictEWB8wzi6RrERix0h5HYhcy7w/c2/srM6xMb4=; b=Tsaf0kOeVoLWlHD37t8CRwxuS3yKjHntDVJPjOR+r+IywzVze5k50SrilBiNOsaFJ8IveR zkw3eImPgaMvDSrf88xefec+U9jEt3GqVL0kdeXyHNbtOofyYho0T6uqH0fCV0C1De4yMi mK4w+X8WMee8PtV/cUgEya11oPHiUds= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445767; a=rsa-sha256; cv=none; b=ix7aneO+1jO0BmJ0HU69sdbyiwqLNvU2q9GPA6RyO1TTANbJSiuUXR4UO1ld2B06CivLpb bFav/NeYpGf0rXgxQLMCbd60G5R2h3j/+nYmjJmt/0gZCmkY+ZaxaKH+C0nxug270zc74a 0ZixedKK5Av7qJAdlba0mpIHs/LecpI= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="q/n4yn4c"; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3EB1A6229E; Mon, 7 Aug 2023 22:02:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E577BC433D9; Mon, 7 Aug 2023 22:02:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445765; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=q/n4yn4cZaeSyePyXNr8Op9TaYnSKw3fNbk8PhlqF0llJDMBcMRuMie6BapTrST9j 5SxD32VVcYGrEgZ5kfaPXVTA8XXZrP5bS7Nee4r93to5+0PHFJrkkDCAYXJHBCPUos xeLBkHDzkCnrVBp4mVb++3kcm4it9gxKIhTIdWSEOr7oD1YNLqG/bFNnph1NUnok1b fOfJ6ZdcCBFC3Uuqkc8nS+K3G3duOlwEH62lRG0oYJGWM88wMqSOQXGWhPEvhf7egy X4SMyAz4tOiyjPSbHuo84GAWdcAA1HPfxLOGTFnrZkzluDUeBW7/TTAdjlBdR05qr8 2tVxJqPAUzURA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:17 +0100 Subject: [PATCH v4 12/36] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-12-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5343; i=broonie@kernel.org; h=from:subject:message-id; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmhQ/sSJfA3N2Sh+oK4oRNsFB31nNAeCH3TE+RQ NLQaRGSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpoQAKCRAk1otyXVSH0CQLB/ 4ib2fyNNPQL2qwEnNN+Z8cqd4xYplQWfgJUtujwKpwsmx7VwUECRi+YpRN2A8QINA1fYFPqow2Fj+s 63hLZq5k9dvTa3qvTMn968zzI1JInPzmD/3PPBRVvabYzeW0/MO3izZnnGON8anS5/wpZiaCENg+ke Kw4AUxeARsz0g2YxT0yrLfaHw+RcKqVevMaCqW5s3bhHtbd/9yDTVakWJ/oGRv9VyME2IuDO1TwC1O cX0o0tvO1h1COcsOELOKncVVYLD9P5YFJDX3kM0H52yPoGhpQEiWz+LpD6Dbk9mhsB9gql8RCwp/KC oV2jFF97921UhW6Yl+iK/pAf2MdGBf X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 252FF40023 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: x4e14izrsffdwxzdsfzgy3j3u56po1b5 X-HE-Tag: 1691445766-96294 X-HE-Meta: U2FsdGVkX1/5MZwOhpKDX5HQY3yr2T04nXTU6W338dHPwo6+0JW1tkkxF7V6EYmIDCrxhOK7D5IvGUmPl+zI0QpBBuPn8cv84hlKR0PpRso+HyTLovKn6Ejd/DuracIqKEXLWUvJu5etWdHNQz8v9LT5vqADUWoEmMRQnt+mw1yx25i7XngG6ceCkqoJT/pOlzbNvwDrMuzTq75gcj2rfOttYN8y9oddTxCLKBYY7TePzoEeg9cZ2RcIpYVtpjQs5UJcrdD/MgOShSvvXTV5ZAEg6qg74qW5cqVWsH3lMQyYrkIIqJ4r/vNfZoPZnC9dH6iOys+QpfCyhjLiUVNsAYMn9c9IHmEHb8FzLAJH9z59pwL7alk3s+/0Yn6A8D/cKhh9U2xjIgnI0uVIMTcPB2lxSeMMk0qdBg+KQIG78J2+q04INxzTSJCLS8B1a6oM/C+Z2mhzVeP8CdYUIm0fHFB7oP/3c2Lcl7O594c3r/7HIgqf2lZumABY5A11RPGJ887w0E93xCpIYRPOaGb4qklslwAEswwVrdJwIqp/9tCXO5BK6mjfs6bk+jlUkYveCpw3hbuRAgHbA0E49yr9huQL4mBU0Jba5nJtT8bF561jnvZb0heYjfXlSHQqsGKcetymjnLXm5sFCfszuLGH4JeuW9qaz/H6LYPD34sLkP2Ot0+7xZRVTZOyHjW7GyLEoPHcQSIyr1Q9Z+sIKWbtw9dMJzq6JpC+1viH95Qo3VsDojsWq/m+bphPscvVBptoktsZIH8TlCzyTGhrbXkL/1HJ9zCMOdPqoKj2IkwR9BoC3wC1Rs+PgKze6wTKferL8G8mFcIFATWt0HOoktqBn3Ku84Sf6wJHAjH9dmW9KBZq0ulEfgN2n1YKiZ+P6cvVqQ3kkBcgL1YIpvPBl3lk/11KRyR3AELnw3K/ow8dRfQQYypuNYmbWSCqNTW+XIlnQ06etaUMt+L+q2TTRAy VbArwPhV qN6pu6bahVwW7HDSwRiQrKz79lz3Lawj5e2stBm99lJTlD0b3NntTN1aW2OjDG78t06PrgTV0WMdB+ReSsbncDzvV/vUxRJYFTEi+A8/XJWQcS6eU6tQ+kNHyLUl3+Ynf61h01Z7Eq5ubOojBwoHvhk/da1xfBtTsvSmbgfpPw1LQT5kDl29R9tqM3Q4vrpSOl9yhPkP/lL5ZAH7Cy5qW2gEbJxJp+fKJ8naasuH3WoYmjNE+J+tJvDg8RC/vHvLv1S7BqvWMz4iX9G/W4Xr/TCnArpzYhkTgf3CpZtjOzbPms7n+gBjZBo+MxnIUXmbAyu0k1MP/q2d98kUn7VgErBT5d2afN/L8iuPcmQTHf9QLYiccY7HfZZVI7cHOz6r+RkHtanDXE1kUQw36XwKHu5hwi2U3reu7pR/KO7sU9v62ZGk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index d3dd05bbfe23..a5bb00f58108 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -364,6 +364,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1136,6 +1142,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 2ca2973abe66..5b2f238d33be 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2162,6 +2183,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, From patchwork Mon Aug 7 22:00:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345135 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D17DC001DE for ; Mon, 7 Aug 2023 22:02:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9DEDA8D0003; Mon, 7 Aug 2023 18:02:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 968C68D0001; Mon, 7 Aug 2023 18:02:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7BD498D0003; Mon, 7 Aug 2023 18:02:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 689C88D0001 for ; Mon, 7 Aug 2023 18:02:55 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 3B2EE160363 for ; Mon, 7 Aug 2023 22:02:55 +0000 (UTC) X-FDA: 81098684310.28.F3FEF19 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id E52BF1C0021 for ; Mon, 7 Aug 2023 22:02:52 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LmByAeAo; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445773; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9LAG++LcCcbbqp3M6GFrQpEMo349DKDh1KwpzFMW7o4=; b=mSCqJ+q6Y59CkpRJZzJlj1bbXoUG414Deh6eMypsqmGURiuVkAMxTjwa/7On06nq7MHpnu MoAJ+A47tjFaFGnagSGtFB5IG8nh1Un41bP3tnNi5j4n28xPFaXPtQqD3IY6GLXbmBxUFp Wbvrkeypn0ut8WYdaWoSPmq2FH50+q0= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LmByAeAo; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445773; a=rsa-sha256; cv=none; b=XbazTqC4ujzMc4Z3LU0rAXrG2Fcs25saaFDA7sO4Nydkvlwwdv976kAxn6i5cnMlnobfUd 2afOcXn77GrlG7KrbG8B1uok2EcTOplk+fjrE4heL/sNSGlfLlEqgqtsnNDemkS0Lgz8zc CPETVIkxCWUn4upBGdtL2zbLUzfNoE0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0ABDA6229B; Mon, 7 Aug 2023 22:02:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F93EC43395; Mon, 7 Aug 2023 22:02:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445771; bh=S97P7xSs7G2VtUJIV0J+B0XZVXkpwW1tCMSo+ZYUeDw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LmByAeAoBQ6Sp+qeln7IRkPK8b8wrlI6vP0ofLetjqcYdI6c9SbhWyBuSYq2RoSwN 3JO0aAXKdoRD23voxo/lqdNaqV57fxooeda4xnKjr+wxZMXRxhLSwT+Hbj5gtWUnjx jcnvujnN9lwpXcPbHCmcgom37ArWn78GbgkBNUaTWEcASiIxCK5juxR+QU6y+Kc2Ie ODoPlpYmz279tMnFraV0cvT/MNMrXmEqJDxYzbicOy1+2iSSFUfgVRsbtBQmHqrzl5 mptrmONoM/Fx4ZkkVJSzCKJ0RK86o7Ht6ePo21JzNnm6bong7aocdDash7K7cQThJ0 JXlxq+OTI4P9g== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:18 +0100 Subject: [PATCH v4 13/36] arm64/gcs: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-13-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2248; i=broonie@kernel.org; h=from:subject:message-id; bh=S97P7xSs7G2VtUJIV0J+B0XZVXkpwW1tCMSo+ZYUeDw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmid4tbAShf3/PL65tMRoJhAzK985+MbY4zQtG4 AWS8TpmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpogAKCRAk1otyXVSH0CFGB/ 42uOHFOxkOrcFRMVwpLJPgCLRzodl3cgSROjQsafe2+XD0+fK02+FgoeVHgdLqtPqq5N3sdA2m1NFC wKkpNYS34teaHEl9hOZ0klAa3BxjU0mX8SkxQJs42+1wjLmkrDfqn27T8AU7+TwyMyEfw8yYhl54k2 P3snTqZ5i361G8meD0Aj6L3se3eWta4/vr/VfdRFPdYtq6Nhlyrr+CahCp26Cif+4KISBrWrxkESkd 0UX9I+tKDTWYEBnx+8P7Acc54KBHUof2annb0trLelaSOAmRXdcwMrbujlRLpqVY1gWF1kibG9ytG1 pKhWa7ssyTMMZyk+OqAVU/vr6HACcs X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 5i1cnraxx68984bt6msy6dc1du95ueje X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E52BF1C0021 X-HE-Tag: 1691445772-281340 X-HE-Meta: U2FsdGVkX1+Nu+WYoIHAW32eyyw9jbjDT1qQ8/ird166+17XE+xQ4ymq3tKHSQ2P81+uSI3ip6oJuxap46uUmOYRNVT15WOAWTtH8WoXp9LljxctWaoQA+EeZmrDVZwsTK028zKybiNUrcwistK1I6vsURll9kGCV3xu8uUGbGrgAZczIh2lTXyAPGN5LN9yVu6BoBOLLrrdgzUxWO6oP0805cARljBqSpwy338cyOcSvbGs7OmwoHoh7a0YHu3+rD9EOqq8mRo4HvVlXSKlV8RtvyksZMSQlBH3yx/7PWBtDEE3tIjCPtCLdLHKIXoFC4E9LZ3tKwct+8gfWJe9Tf3ocvOUTt0PpD7qpPQv1Rk5ENaYSRounLA6xtmFdC0mglTB97QTenvR4zk7EW5vbCIoV1iaG+jxDPGlX8n7hPChiRP1ABWJvUkFPbZI/bEhXuuYIRm/D3IpLvai/1w0v7TPearEbtzV5Iyjj2Dh0ltB1nRp7fAR1Gi7rdXQ7aUvV9+GkI3i9+Jm5vm4b0/5nqaZ3esYe6fagBC8eD21L85jZDwasS1J92Ee8Bn/SrJRRzMJUwpQ2mjqyzVExfOMkZRt6kFofffx4KTtA2HVwPilbjDkou9Br5BfIwJ0tu7G2B/MNm5eAzQapEMXBXC4ywsz6nWRJbGZVGwnO0ng2xNTFnphwvqA6zioAtgBVPjNXE/0OPrDqCPBeMJlL+n/V8yjO9wM0Z0bfZJtji2PSa3bfUxB6TQyHal1LRBmBTIPMduUQA3MKHESq/J8w1lfvcO4iDsRSJrmfcHm76WKv+JRJtMeASJXPal3idci0rcnGqarNmpIwAcxrusVMok4CexyKSqpP5Y55hIHDFnvnuAEpZmwwIxo3IVwZUVY9kUIM4ExNcuOcG6031nOXvquLVaTvMRehSU+j+gk/np35yHcpnjskiqQknVLnxphEN1RAY37vKdfPbYpnLkVyUc DRQFFOUj Q1+sq7zeFOxVLgLxXrdxGykuXz0iwwk7L8P0VjZNGWaydaNY+N4h2M4LMzA1bRmxV3Mu/e4ICPTg/hyzNi0oU7FKgwnYTx7czS0u/BTyFmgjOh7tBDHSF92hrEX3/x4+boqncJ0vaqDfnTis/U03e8nyU20s/XWtiEeAZGrleeymKyeTaQ7IgMfmsVLdPQmWcsCg4z/0sJxCMzE7FLGYVmX8Fn6Bkirf01IdeMGY6+YQilQ9xzZKTEE/so2XLA3vxVCjFgBbu1LpBSYwW/21BV2rFPKzycTlwYNlPkUf+oaiVWLUJUhf+3NZmA4RFqt88BE6yZ/4R/UtrX4ryOrEKQ5sFleZGIz7CjV1HpcoWbwiHfcaxeIRRo31REIY9tkkzgoua761TtXwqjsSGmr7JpK2ZJDHuQlyAf2KBT+MA5PTY63E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ arch/arm64/include/asm/kvm_arm.h | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 8e5ffb58f83e..45f3a7dcfd95 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -186,6 +194,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 58e5eb27da68..9c84e200217b 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -94,8 +94,8 @@ #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) -#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En) -#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En) +#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) +#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) /* TCR_EL2 Registers bits */ #define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) From patchwork Mon Aug 7 22:00:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345136 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC0D7C001DE for ; Mon, 7 Aug 2023 22:03:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6354B8E0001; Mon, 7 Aug 2023 18:03:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5BE8B8D0001; Mon, 7 Aug 2023 18:03:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 411258E0001; Mon, 7 Aug 2023 18:03:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 316E38D0001 for ; Mon, 7 Aug 2023 18:03:03 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C81A8B2364 for ; Mon, 7 Aug 2023 22:03:01 +0000 (UTC) X-FDA: 81098684562.09.CDF95EA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id A3EC11A001E for ; Mon, 7 Aug 2023 22:02:59 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gOxh4qHR; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445779; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cBzGeOagmqKjhuaJYBJWsgv97GCqd8TKwDh2bth9VlY=; b=ekVdfwjYkqdFbI0smgr6A02Y+Q3/VxXT9JQmAtmIVM1Ce8xUK/e72dWKIASHogLIsl61Z3 7BbY/x8pkVBQNJIsnAYkAqOWNTib1KPCI5Y5FKN711RG6n+TIa6z/IroSkXYymkAvP7++m c1nChhOCcsY01cLBsgqsKprj3lpkOiQ= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gOxh4qHR; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445779; a=rsa-sha256; cv=none; b=sDPLIl/HwQnHeFqOP/Ox+oOb6TYZGNjnEcUbxAFJL/Uh3BfV4VLn0IVl9r14+ByOZjy3Vh uU+AH6oEL/K8QWCT+8nbmXXntkJSv/bRZn/qFOMJPWGar91fowFGoNBqyxnG4A8W6UHyj9 7VXnMtCoeXYgFxtAjTjMSeIs9f/SxDQ= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A419462299; Mon, 7 Aug 2023 22:02:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 498D9C433C7; Mon, 7 Aug 2023 22:02:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445778; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gOxh4qHR/r7rB9NJVCt7VnF+gkZQVKawTdEoVjCS+gDU+yaU9Y1a+k1wx+o0F0tEp JvCSYYH8EFWXxSEuxhROuLrD9SKI4bVoQL8KVbrKITmIy0thYVXQhhKkCsin7TWg3+ MD2f+/LTDtlM0qyKai65866+FA7CiNG4wIAni9pTkRHA+f9RwyIHlh5XfznFNsNFaR eQG62GH9vRzkUYdV7AMPr0/c0xNh4Cyy7fKxSWUuw1AMR1MheVXk44qpeBCRSQVY9q S1Iy+ocbLFYYsJLMO4VdH7DefVRNVSIuvn3hy8dGDpbYrFjUVcLQ8AD5gDqOV12N3x qms6ShhibZSeQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:19 +0100 Subject: [PATCH v4 14/36] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-14-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1796; i=broonie@kernel.org; h=from:subject:message-id; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmjvNpGK/0ATBZaH8zkfmPZvH0t/9/WiGWNCTBo /VmnQh6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpowAKCRAk1otyXVSH0EY7B/ 4+mDFp6qc85atYuUaBFI4kr2OoE9DTWdH+a4qVB7DNp8+K9q0TKVyD1QAJamgg4eQXQSvBhp2R4oVG cUVK7eQ6bSrNV0VO5DD6cYxyPI7Uq4FiWycmHZ7WxPmxhlVdxL4FfYi6Vf8U6SF47vPvSdPkErgVKZ 7B7MWhogndX4KDucTRa86ciNGLUGiBVonG0iB5HgMD5btOa+8EwRS5k7aeo33gJ2THV9Io2ViyNPHt pCuPxNpwGEknsX39ob0qWwyElUa2qgF36WmPeYy36HHpHIdhoMdpHT6du+6LXtGmjQ8yuxP+Zvfkql qMu6hut2wsW6k2Euj3UqNW7bql+5wZ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A3EC11A001E X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 9g5yb9hzdts3nu1sfykah8uoosrpswfq X-HE-Tag: 1691445779-405651 X-HE-Meta: U2FsdGVkX18dAMj5FjXSfuKwEdCpG6cpx9AX9djYMrPxxryyWbVJ4GQUFm5wVE+mjSSQRYuwBeVBD8uhYmVsCd4dAqLJsfVIVT+xreRkFMD2oQhoo8n4mgEdOmAUC5c+MD/1s3XytUv/0Q2hfuxbBuv6P6IMht0muYX1WJ/6R/5MqwoA2Re3NcAv2KwzjBQoWRLk/FVgki+HGLPzjFC/mAfuopHO/jZrIoIL/zwPPzX7y44P4PrCVZ/7Rkxa80TzDcp8SsNU+BNdv/oBUPF4iWHvi7OS8+ZMKxPsIdbShXSCglCS+x9AhsDCYzBYrpMfGpn7txeNQsb/4xbr/A8DsMU2ZVZFGTLwDBUHwhre6vYBqtqZAMqyJkKXetcKkCAHc1UrR7bO8dCVkHV4OWHRA2Ky9Fh7Cd+PN67dd2tx9VVlFw+hKyJN756pkFOBQij4C6JdFgyBF+Iota4D+dm8y6kaoH7om4lKJIsJd/zyAqoqELhK4bX5KKVYwLJ9Zgc8i2F1cGKXtBD1QZl/dL420dShtHSPf27hAxLIa54r4+okePoTkWbo99txmRhqvi9fpgD0U61toYi3vDIktuvSsK9gVI8KQeMl+cSQI2d/9/czs0o0L4886kvqHeSm6Ok8QWprDQ7dBfiYpY2cmSlO4Iy8IhVDcgT/4GY3YQ6pr4fBLS4QtwDI1DswIZN8Rz2KztYXr7lvGeEvTHbrbWE8OrxWwqjPpy+UV1mGtH6swTNiPEUNrQEJci22L01haY2TQBfgTo+vfS5vYmeZlIfNDYWVNycl0ndmssVsFPVIuzFPoWpyzE2K47wqJODZ3u8Px+hjyuYidNwQPSgveTy/kIob0Bi3G/NObx8ZpGQ6UjJqDdFiSEp6B/fml6p5PZy8uD7DPuP9B3re42sH0165PWQRQhcdCvuPDpJE5pvGsmkF3di8WrDTZohBX/6JFM+vIGTKPBxrSoOpOAjp0Yo BrVFghis XBGY532nCF/k2nPP0DiV0mGbDnOInWK/qj+z2N+0bMPUbuYer+UMkGsFREk5JN0rGaM0hILY5oDSq9+DA+Vkb1mA3D1kBV8gsos0UdYHv1CwEujhWkXOFjwWsMzCkkHn41CqvNQMvrQr3rTwt84G5gKO119aXhHhTVIDpxN+o7VKcMP4j+kiYbF+BR+mYRlzyJrwKRJ/hCeci8OAOnzYDuL4oaNBEALQ73z8n0iMNis/Wd5c0/ND3QJdOYpHfxNS3QCwX04Ezha2kGJtxjanyykaU9w8syMr1wCXGYHXarztpm7k8yyyAP+NO6pRdgZ895g141fc/keAXYqY2g1V6M24pm9tbA+moIfHyJ+7RFEYkMTAYDssk+J5b0rLlsuJ3JH5PPHMBwiXUx49ZSH5KxqC3LJ2dH5nsNJis88qi2bRU/+6zJKgn09/R+zpOeSSfwD8q+GPUurYhvVLL+ksa7ZpgmxA7EYJtylrnjc4Wbm/I+hYXChr9L61AXA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a1457995fd41..86662eed3003 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,6 +418,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 2fe2491b692c..49269a5cff10 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Mon Aug 7 22:00:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345137 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B564CC04A94 for ; Mon, 7 Aug 2023 22:03:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4D5E96B007E; Mon, 7 Aug 2023 18:03:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 45E94900002; Mon, 7 Aug 2023 18:03:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D8FC8D0001; Mon, 7 Aug 2023 18:03:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 179376B007E for ; Mon, 7 Aug 2023 18:03:08 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D49CD1C9036 for ; Mon, 7 Aug 2023 22:03:07 +0000 (UTC) X-FDA: 81098684814.17.621DDC9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id EB36E140019 for ; Mon, 7 Aug 2023 22:03:05 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CIBFyqNG; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445786; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UdUe/7o7abJT5BqbT0XR+lhA0UzLWbJEWS7DcJ5Gy0c=; b=vmZWYqXBsqFtFxjbQRzTMdtdBfNqX+4+JnXqJXUvH47o5lJu9Ns3ALCMjdFRr5U28IOlI6 B7PVqG9H5UtwAgXokfECYeYQgwqrc/LZ+srxQXW6CxOpfq0tqZua1He86MmJCLyxubsFWQ 2BAqUjnML6g/bcFgn9Vs2+1sj0jaz8Q= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CIBFyqNG; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445786; a=rsa-sha256; cv=none; b=VP0sE68x11uQXJ0tXINYEeMMGZQJqV4OLHyzkF86S6+0shKe3DXz0IeXF4p+WVFDRZ/Zhu MHhUFlk+ChqpsAAG/guqNIfT9H61vBmfMWCfvBCMQLR8K3m//tgnJ7vzxep691O943a7Mv ZYIHoLMOKAgCUmN6W2ndR3VOe7Zp03E= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1659C6229C; Mon, 7 Aug 2023 22:03:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 859CDC433CD; Mon, 7 Aug 2023 22:02:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445784; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CIBFyqNGcrfqpOq6R8BTm1yxvk6wWt/C4A3uO5XiBzrwhmxJVumHKVGReUNd4D/j1 br5UtebEH0RmY7oMeqaRFrQgcm2OJioJahyEoA/HQGMwHTBvYvzapNcTa3g3zcv/53 j1piAnkGo1sHdlHU6i0zophCuB/VmBrrysT8ZmpPJfFWufosqtQXJFsTkklJoVeYo8 iKYTWz9cUr4Q/ZXoo3EyiKAAZO6psSnoyeJDymIlT7MkYyCygpXyjOy7rC52lWzWPM kFwFrsosfzLCWDsJpYps9+bkakZUhN/olsUxEMO1f/As+hUIYO0mvUAwcLEqnIe6+A pO2wC6pNYErRw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:20 +0100 Subject: [PATCH v4 15/36] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-15-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3001; i=broonie@kernel.org; h=from:subject:message-id; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmjwcCbGPzks/JnfaQIfFdlcySo+Xhb7ZoorOkh BPhYuqeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpowAKCRAk1otyXVSH0Ng7B/ sELxqzv9TndJiJaKFN2xDsYzZsTwaTdfWQVXCxwaKMcN+WDJWuyRn2WMnU4LEwvc86N1e1Y0T/t7Aj F6QEt2yM0QSrVKMhibQYlvjUJAKxoIpCxfPb6lCrPbmbQ0IiQFuDHGmt9L/Pu2fGN+/cweG86OGVHk Kujdu7KzE9kEhlTK18kzhMfhmVZBbjrMC769Ev08HnQa11nwE8YvvSQdGcpCr331WLFc2NeJGXOzMU X2YwDufERf32R8WH8k2BtqSqBWvKVLpEFdtL+E/kdDnumKj2lNczmmEI1EGzk5VTB5oC6MUoDLNni7 KjEWDNii2I/FOpnm31f7ggZWPlySmH X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: ao3pfk4x5pz3z558quz9owdxdr7dksj6 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: EB36E140019 X-HE-Tag: 1691445785-842783 X-HE-Meta: U2FsdGVkX19q2APcBWYaVkswZvQTr4RfA19Gae5SIpm2776G8yD0Y2hMJugGf4UybU5aI+t5Ivt16tSWbCuzBrv1tc7wgesg4+gt7hVWCh+b/Ws+XTEX7La+jbrIhmK/g95Pyc70M5LVdedUH6HoSaFMoaD+nxSzbEC9/lSdzeqA8zNPmTXZLXcxB3H20xkr/n2OMVk7x+GXGQ2VcObQv3a5glbBOA5D4z77NGxihhWf7amQ70DVnAmGUia4nBWhi06+PJ8yaOkADvtQCWO/uDq3LKdyAdcEgcud39enhsNyaZ5Xfd5fyy5ONQ8SHsjON7JQbIaZMsVbDpxBWm5vJhgtNyReOuPY1Sbk05LIhw4I70L0NPVAzEntq8STMdZIqaICwyaFHl9xrkepvxKmRZzbB41nSxYtVvoZISp0j2YE++QWoQ44ml5BPLoAcnksAwU3r3so+GZdk/RJ9OWoJJwJIWpu18D2xBIDWs+yemZvjng31/OCPswUR+Tms8DnpGDMxdN4V4t44ffQKlgGTz13ac/9+OIv+lFgb7UdK1BJXy/UboJmDjV2diRgSO0B0jDlA/FQWuxMYkR2nfhQzDVyznN+DV0zWM+qnHyBhEo92G6rrQuipXQEH0nn9NIa3ivuolAzaBI2mkU/fVfy4BUIyrNlbgbb2LzYDa+Y1ZkJoa2DoBU48HeXYu6c5O2a6vZRFSXdPhU1rIKpCXw1rUixDRWKDVbSOIsZ099nIYKYgxxujSNkhft/w+Fs8pv3yQsyWSk/9IyRSYEgYJulwU/dcJ/ZqKIoZCnW6WZ49EshOZjArtzEQYQyBKHzTNRH7Jr+/R/iTcWXbmful8gmftUcx0SupUJdkLaZYnGdPD0u9Hd4WYY/35DBJkoLzCFJpk0+2hLfn3IMTjIvlA6fJEcHzo3Xd2RKdt+rPmN8zZL9DwSjZMJ3iiXu/iaZn8aJIDsmhxyyvwhbVJi+Y8w RgylXiAC y1DZGn3oBjG93N4jpvdptMniT7mdrHNaWmbMYuF9Os9WuO7VCG6RsM5pqUsFRrKf4WqAMG9kO/v0n/Ul6DtzpBhhE/WyVWFiP1lTp10ppeGO2nOPldn6Ep7MgCHoK97pBnaYX4AfceY8NBsn75azkLDzxKiinqokQc22jhJc0Uhm5D2QVuzwb6GTwImRI0BzK+cVDJq1Ff9zpAm1rQDac0oJl4UEMjZ2n+Xw0lfPH6qPJwql58HagUkwsfeblTn6S23dNqmRxS9OANEsoQuD28UZ+BU3RO0MVL9Q/Ca2E7LV7RIBXmxOqIzPvM5+XrVC+sio1HhECbRlTxaHG9J2i1Gby4V8yRyI9l+n6K5A3wef6u0iEIWo+Xl7tNqYjhHWrfgWU5NPvYIH00QjRazLUjSmWncC1iLyZ9IOOfNfFeGKGmRg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 8c8addb4194c..75f3960cad39 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -305,6 +305,9 @@ HWCAP2_SMEF16F16 HWCAP2_MOPS Functionality implied by ID_AA64ISAR2_EL1.MOPS == 0b0001. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 692b1ec663b2..39f397a2b5b2 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -138,6 +138,7 @@ #define KERNEL_HWCAP_SME_B16B16 __khwcap2_feature(SME_B16B16) #define KERNEL_HWCAP_SME_F16F16 __khwcap2_feature(SME_F16F16) #define KERNEL_HWCAP_MOPS __khwcap2_feature(MOPS) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a2cac4305b1e..7510c35e6864 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -103,5 +103,6 @@ #define HWCAP2_SME_B16B16 (1UL << 41) #define HWCAP2_SME_F16F16 (1UL << 42) #define HWCAP2_MOPS (1UL << 43) +#define HWCAP2_GCS (1UL << 44) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 91a14a6ccb04..7b46e01140c4 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2840,6 +2840,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 58622dc85917..451fbbeffa39 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -126,6 +126,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_B16B16] = "smeb16b16", [KERNEL_HWCAP_SME_F16F16] = "smef16f16", [KERNEL_HWCAP_MOPS] = "mops", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Mon Aug 7 22:00:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345138 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85E5DC001B0 for ; Mon, 7 Aug 2023 22:03:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 217046B0085; Mon, 7 Aug 2023 18:03:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1A1C0900002; Mon, 7 Aug 2023 18:03:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0411C8D0001; Mon, 7 Aug 2023 18:03:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id DEEF76B0085 for ; Mon, 7 Aug 2023 18:03:15 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 80EAD1C9233 for ; Mon, 7 Aug 2023 22:03:15 +0000 (UTC) X-FDA: 81098685150.19.8308675 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id A971E20012 for ; Mon, 7 Aug 2023 22:03:13 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ss774Umf; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445793; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GVW/Wb+UQgRbZFsiBWrQq9WDN9Jw1tFXrIhcblQEjIs=; b=WYvaPGa5qh+FmwhcDDcO9VTRfqePpxGMdJoCpG9qcXLY8f/z2kQR+ywzg18O/yoKNw/Ein IvwMW16a34el1uapSPg7CryEE5rMOF4IxZSq9C3VDHeBIm6X3hMakn99CjdJpfuxR9hF7C 5keMUdgPSdusCpx/ZLlGDa88uy+qe0A= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445793; a=rsa-sha256; cv=none; b=wXnzxzuTjfLtUpYrpO7b7qBcS3JTCYloJcr/c21E8FyIth8VsvO0TlaiwlKeRjFLNzAzqA svmWnJGQaO78k/XXOubENP5vI5RQ4hNN1cge2pfa+QZWL/h06k3mudQTxy522ecznW2G/E WYuxkHqYkVG6aynyx8XKkVEjW92dLzk= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ss774Umf; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A8284622A0; Mon, 7 Aug 2023 22:03:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F21EFC433C8; Mon, 7 Aug 2023 22:03:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445791; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ss774UmfREQ/zk8Pe5HgZ3JOA5vxrOqcV0K5BqOOF/3S2zRV+sMVmiJY0L/tzujxX R/euriyTbGd0Onu9fD4RpbmltMzhz5oG8hGNCFSLR5aDD7TS/0Y4a2XAFsWaLvDSDS GuqEeJkPcsTbZQ/f7clH9zlAcG4m50fArTE6C7/rcavgOh3d65XbfFvxoIoiiOrGwn /NNCUaflA7joAGATo3yCQM7G6I/gK0eQiv2f382qJztOl3LCrmvuIjpWUFP75skXkL TMjdyQtC4y14ptGn77lIlJbRFpkVozhz/P56xUwS91AOJLE0fcLk4SEUnGPoSCIe7E IZ8l210RHt7Jg== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:21 +0100 Subject: [PATCH v4 16/36] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-16-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmktK/PjNdqpqKADA4B0lzy9ao2R6anB+nWsRJR J63y1TqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFppAAKCRAk1otyXVSH0DXYB/ 9PlmYt2rLwTxyD9hhwtemGtFxKsapPrvPwvbnu4dR5x9CenYUw1BfmSXBDNtucurTotIcZux2j8AIN uIpbMJf6cXCsBxb9B3lTzNPm+6q3DlRzk2ZU/mc+HQ5Vecuc2z0hIPkSyC9gCmYHZOdTdj/VGe4+gY BfJQtm5HXYXc6//gdb97qdrGqJtHis3ro/6Z+Ks4mZVAKL/uIMR2IgmSpCYOqVGZw57ZIKbsJspdcX C0v7/+q7+mgZF2BSivj/uGyWjZWPpg8XXRAvlS+L7+2qb+9GkH3qhbAa2TW7D59PFVBQjB1idFHWj4 rWju22LOPHzd6W7UercRHb7G7MJH9z X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 7snztkabpfk3u1jm54qgwwoqbju7brf3 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: A971E20012 X-Rspam-User: X-HE-Tag: 1691445793-556822 X-HE-Meta: U2FsdGVkX18S8Elmb+vuowsslr0sOqexzXWFwik50yQwSUN8LiRNELP8YqUnanOFzcw8bgLRxPcMn7TT3oBrnnFyfh1M6zJEnsPmfj8VrzQLsWLH9iAe63Dq8zdeMtDtMteGUCkPuzgUQiysMziHb0mgXDo6iZILoml4dukpqPkpUDcqz3+comCNkVcNXiBXjGq3V1Et/V6q2MqwkCmu4CQBnT1yrbZ/rj4Bnn4RdLmLiDKiKiCcBhvBdyBX4U72585ijditq72JWTdvFRhd39KpJMwamyYY6AtNHDaurlSefjuVW9cfMKFftlbyNfulr5Zt6TSIT9cnVRiKCSyh3RFDF63gF3iJZqCxToVRuZQUtRqSjcr6TLFRNsUYp6gtraIrc+dfb3DY5QDK4KIpUcuGu5CCqEadXu+Kk0xX/kz6oDZf7phpuBRjbQU+XCKyr9cOFYsOX4r1UcRdyDipdmdPoozudqxbZulSEHfVUB3dyNN2Xo+Eg/7gveWBa9RTp7bl0O1BBSyKTZxsZ9kEGn9If4cIYKSJJ4dYvtrnE05kuMrkevu6Wvim86AVgSBT1liHbRlXAl1yeUtE6XcYB5FIuTRra7GHuFdIEnWR+ghR3N+d2D0bV/+ZaynGRnP8pSeKIpEWDSDiyj1tFJ+J27/1qCSpIjVNzB0K76BLFojh2sx+H8h/WT/xICB+r+44S4t5H/mjj6vdWNTD+wI6iQVHWRh+IQCu3Z63XUqax0wBf3oXWkQ44R8tuw4byZCd5frv9N3u6bIC6DjUyGDS8wpmH5ogiwzSQJhq4xPdzLT6hMo9vPBKxFqClwjLuVA/+y6OTnvY+FjiCUpwYIZE3lv0z72WfzHKKhZU2nqKZoNbF1TtuJk2fnI6Y6xNJYlhZiRs+NcJ8NiSt2aV8nb8zekc0a8oHHrcKHDOcVoGiZ//xJXv9PbF+uBIQAYPjaBLwx3UFOrV/XmADfPybAD 369caiKJ f3TWr+TrurmnDjk55diaXazGc3r/V9jQtoY9Baqk4cw1uiZVnwJChiKMjE1pfkhLYeGUb37DYLe2rJ+rnRQn1uPWXP53VI79KFeiBTJ5OsJsXhFGazsQot6mboOadCP1JV6VpTa2ieJlYzG48vcouado7LEW1ngfbuo0gn1aik0HKrCugaZ9n/t9B669CIoz7c1dDia5nw37JNU58bp1zQnD7pMwXT5wdgCOGsb/PLPytXWefKzkuhV9dJg2itE9tG2XvrlwG6NZHmwDpQdFveMEfCepjXBc+sjiFEdV1LsJ1psSvPHtzCZ6mhTWD9RpxW5LuP/MeEGigu/1CO2i8/zDMECjI8tpetG/l/ouEenvB0Tfy9yCtP8WvAFCV4OKu668D45/piYqm36IZKXmQH8mdZtoZrGXTBQT9geJ4SJUosJQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 6b2e0c367702..4d86216962e5 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -400,6 +400,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -442,6 +451,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -621,6 +633,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -701,6 +721,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Mon Aug 7 22:00:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345139 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2514CC001DF for ; Mon, 7 Aug 2023 22:03:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B190B6B0080; Mon, 7 Aug 2023 18:03:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AA0FF900002; Mon, 7 Aug 2023 18:03:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F39B8D0001; Mon, 7 Aug 2023 18:03:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 79E516B0080 for ; Mon, 7 Aug 2023 18:03:22 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 5C384160AA6 for ; Mon, 7 Aug 2023 22:03:22 +0000 (UTC) X-FDA: 81098685444.14.3881FFD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 7A248140009 for ; Mon, 7 Aug 2023 22:03:20 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=q+CeRmt5; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445800; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DhriSxQor3DCGKL2zl7My1a/kfJpgsRjjKwA8agrULg=; b=HI7dtzMAwl+TPXLbn4eae2TjZxQMY0raCmzf5nmhT2z0tV+ABi6y1wD+BHs173byuuaPC3 gER5mO0HU6DFKkx4aHsM4/0L6XSA5OwFh1b27kKUVGMDh8pflyaQ70IjzmlRz4ApqdnCMM TBT6wU7pNHLW8EJYR27RtjD1qqgxN+U= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=q+CeRmt5; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445800; a=rsa-sha256; cv=none; b=4AG2k/4TgOdBPVwLrbP1Gt82VVdYgzSFxkINTlIF09cas01sXkC5JqiRpXc/E6EmqUWucX PmwO4Yfi0molj/voT2SumXfkU2ZpZpmBKltJWhkOE+aQ4Oia/u5u0pIjE8eWLCT0GMuiiI +JiAxpSYAXK76B0fGaMl41sXdJZVnxg= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A8CF7622A9; Mon, 7 Aug 2023 22:03:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C7DCC433CA; Mon, 7 Aug 2023 22:03:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445799; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=q+CeRmt5eL4xOsVp8DYzEjCQrkXw/FRSsEX9IqeCGwgoiPRyvijX8JYktrSyCByCn v0GIZk0MFIOkWmyVIz+zz9j8wjcgXE+jvhuNxKJhfqoJJ29DUqNrQEfAIYjOfncO+0 1aPONlvSRFOF8m0JRwRrRo9j1bIbG+7cC7XO2g1sF7YkOXdKGVdvrOMfsSB6avpi8w /KDAXEhb6gyBm0rElUOe6CamNH6nu5oJKXjuYZIcZP86sNZOoLwWXLvRKDJ5n5k8NO UymMTSHfVU0v5ZtB1wUsAKrddDObxWWzb+pKYCB3dbQnysbLoU4ZU8Mme5p2msWO2F kzkJCIBxgWWpQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:22 +0100 Subject: [PATCH v4 17/36] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-17-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5613; i=broonie@kernel.org; h=from:subject:message-id; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmltRJFfUgILH1PT6OkleoCIbvpqrmljfh9p3gp 3M4urASJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFppQAKCRAk1otyXVSH0N0YB/ 4oJGO83iuU3UKPBuOCvYuymDohFnbZxvKYTYQAtAbZ1aMpN3CEhsNeZWsoA38hszxT6LEjReBE6ALE fFnJ+TJ33CGsrhK6hvYp+DwxeZWBg7trVaihxN/iCI3VnqB+ANcuqMenK2rum+Yx1KTZ58fXds8+8+ Kg60aa+H6tZW99rFzAtR2R031hmdcG2/O1jyIubnBVvBb6XAn5RrEnpVbNBsCaMfh1ZevQ82/77MMO ys3/QgA/6D8ghPS0SSDhlC67klX9IhwA4ScPIqNRv1ss62ycbaqnaUXKR+ffaeujZBrNz/hYUMD3pa su8gqWStW+ekIoquARGSe8T31nR4hO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 7A248140009 X-Stat-Signature: 3n4sqw7yacqch57dos4rrcnommkib6z1 X-Rspam-User: X-HE-Tag: 1691445800-644380 X-HE-Meta: U2FsdGVkX1/FPpYgyu29r5QLus2h2nkIuR0pFAyscKiLE4OkGeEb8Wl9maeDvG4O/92ytUEpZnsXknT9OAO6KCu3AltZe37qzhJD+OEY5u28f6GvKJ7jRAHjVBPCemT2AIy7QbAhpWQfCz51ongumhV7Ua92OHrXanf8b8kx1JXLqoKbp3RoH7Z97oAozJjEBt85+6SVM8hlFN0RyCuayamiCM4kiffm0wDaNgFkT3du8lQamoVWzDDhRavlCfD2UHZLclIK8VmLGwdvo+JfHOChTTSBGKOKYmO9fDinW66FNCds1n/nGGzKhFnTY++7anMyFA2TqcCrazFt60yR0okvYgWUG0iZUnXfnKa+dpVxaOXC/05wrHc9GvCjrFggaN/0OFohbZXe9NLhGSq1zntvQbhfBlwh+4YTy3V7LgEBCQOba3ltMuinCW9xJyOj10dxo6suEHW/3lp0fxO/OIqzUSNiERjT0adcPGO5eD+T+1By8uDxDv8QXlDhOA0XjI+6mcMueWViPLBZXv5WgbrYoW06vxoU/TLkmw7WCKVhhApVh7wJ1fnD7QdThdNiay5EpVt06KLhs9t1TpSMzM3t9vMPizuVxBU1C8zx51GfIAC3rSywbs4epjmddXbkQRqcqob5GkhioBxEwnXClQrUoB1U0g4+fLyw4efuM5g2zlVMzhJmxnFLKMD2+BRGuWzIoNt2ngfdStN2RfRpRchcsYG57oVXsmGKGvtBd4d/0BYvlyVjpV42VHnkCjoSXO+1ghypbmB8g8K82vbkPC8gyiz7rThLF5ze/G5nGHiczb3zFyj+mR4XfjQSvuSnGIrM1I3UuGk3ntBt2Kz6ICubjtzfaLD1cjZhC1BsLI5sIV+yAiqMQYQwfP1xco5+WyGy6w8vW7lUta5ULqMbD/qIWJ7XPo66DSGXrXo3oetQuZGKZL7Tilc4eajjSqeyAaYtwBe6dH6OiV3/yiM m6pVQRZB bHCQ+9gKLW+f+xLeS/ktFCsXOVw8/EyE1qwD0yhtIg/tajHTtoxaRZWmCd8DQR66ul86Mi4fkZnCQcsYdjc3t8tuu9Fw0NkoZrQ2r7DXSdaiMZSYe9XMyiY7qGs3+tkWvDGBcFO0Eyfrb5lc4GVOJv6O07W02izgwGsVPw9Gq9JVD2Rw5k2DFYjIepsEBn8Pyew7yfEq61ojKWLpKoCbsbiLINzfvzRAlEOMu0xrmzbj6WxlqHACzmelIuEgPJnsqC+smE4Uu7lDiGUXPGkDJuXoJ6eVwQaQA1DNyVpqHqpZqRkwjqxMezaosfeKcj9lLeYewK+6BY2jwGIjUS5wIcn+qssAKVsQB0p53h3lGmsSUp0YKP/qVkw/SfF3qoZcAR+upr/a8r6pTNX4xbWh51W1n5X6F80VWCZn5skaBtswS7Rg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 78 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 3fe516b32577..ec392207a475 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,18 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) { + if (is_gcs_fault(esr)) + return true; + return false; + } + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +615,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!cpus_have_const_cap(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -595,6 +644,19 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations and from EL1 writes to EL0 pages but just plain + * EL0 writes are invalid. Specifically check for this since + * as a result of upgrading read faults to write faults for + * CoW the mm core isn't able to distinguish these invalid + * writes. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -624,7 +686,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Mon Aug 7 22:00:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A57AFC04FE0 for ; Mon, 7 Aug 2023 22:03:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 302606B0088; Mon, 7 Aug 2023 18:03:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 28B2C900002; Mon, 7 Aug 2023 18:03:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 104EB8D0001; Mon, 7 Aug 2023 18:03:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EFD956B0088 for ; Mon, 7 Aug 2023 18:03:28 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B6BEA140B43 for ; Mon, 7 Aug 2023 22:03:28 +0000 (UTC) X-FDA: 81098685696.19.57092C4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id DC2634000D for ; Mon, 7 Aug 2023 22:03:26 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VuLILJWP; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445807; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sAhQux4ErUwiAv3XkaoNHj4MussaVgrlpmB3FlGsirg=; b=eAaw+bhypFx0J0HdfCMDfTh55KAS8TTcVK50zBZ6w3hrdi5xIIWvDsr1VYVbFEDtRohtIT M3P4IFTHTHVFNZUWqmLX7xp47CZgB56ioMofD9rg3u9bGDGC7hveAqKJQ4+NBqN2f2rQm9 f787kUh8+IHTjzBktkXgC6lx6IjYEDk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VuLILJWP; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445807; a=rsa-sha256; cv=none; b=gJ0yrxKRpNTLZrr3D/1KelGaoS2ES04KGyIUy0A2YoLMDt6NOEXgoAl1dYhDfgx3QYCkqV rEwJiWtV3z2FiCzdqCQkyqPN49w9Xzei7xBz8OnEbQkgALvldiGxMKFbq0XIBnAIS2xCAL sEUDgbSJvewEb1UKCEWAoJyIkaifrd4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DE3C36223A; Mon, 7 Aug 2023 22:03:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8567DC433CB; Mon, 7 Aug 2023 22:03:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445805; bh=QhfMLGzeDJZ/KjsMbq99IZf6UTeyPwLI/WOXtKz/xL4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VuLILJWPIJadXtEHv2oIy8BJNKgnIXVAS/dgClg0pz+Ewm8YFgPvsIJnNPATVpyqz eS5nfXd2vmWyaFX4k72Cg58qfEBF9RRkZwtohs9dUl3qclPPgdvPFtE20j5XPXhEve 0nlIsPHmgi7pCqqWMBTaAgG9BIn2c4ex3KpT8ZHpOXgQbDTBpF7UJFAlfcC+a05RRl JUXkKzKTF068aPIK7b7YwdzMcx2BZuTDGlP4xsMOuM7CQp3K+225Lscfy8k75GBC9u zPOY91pFev4+rPZaDOyXK2z9GqCZBUkx/iP06LkOGCadnqfYu1Ohf49jXFofmXy+U0 l/jKRuVEvJbcQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:23 +0100 Subject: [PATCH v4 18/36] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-18-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=6697; i=broonie@kernel.org; h=from:subject:message-id; bh=QhfMLGzeDJZ/KjsMbq99IZf6UTeyPwLI/WOXtKz/xL4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmmusCyKUu51cqJMqf5Bw/uaxABoBgQjuoGzyAe MmQYzfWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFppgAKCRAk1otyXVSH0EXAB/ 4nnEGl8Q3w16Xpg88arEB4lmAcTGyxORLpfPHeac6iue8O/TLWKOCXdjayTpOii/GtRvS1jb/SyuCS sDNWfJYNfm4QggTAN7jRNXCyvXEepPkGv78svX5LulPJmL9W1P3Xe0VpUQIN5IWLYSvg7h9QW0mlFF Gdks1AfSyf7O9l8ENq+5B3j4/0g2H8KcbfuTRT6sUpapldGN14IuqdDTmvLkdmt1R7QIZY5S94CqWY SZ7XaiBujnlDo6pYpwUSbKPaVye026n7WEJbzUCBX3uL8KFUxptZlrgW2rqDd5WYALPk87/Ml6WtvX QOGj/3WXXTje6Z5Wo56bBFis1XkIzz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: DC2634000D X-Rspam-User: X-Stat-Signature: kd7phyj9jaqq5496za3judhgztgi317s X-Rspamd-Server: rspam01 X-HE-Tag: 1691445806-129785 X-HE-Meta: U2FsdGVkX1/5WC2YNzwv9MXNEKeqZhYhclmgCKDL58xG04Saj697YbSYH/N2flH7LSDVKJx4NdUB9T//Bq/DtDlxwDIyYhwI/EfO3dQCtCGrbor0TyjSF49LgmHinkNBcxMfhvDLvo0y2QpZbB8brOeDEF7VzIz59FQAeyVC93udEFvGyX53xWDTY9eUyzilyzx6xYHhpjfsUAOB6m+gHmSwArXLrSfZN1XKdwM6dbVyJ21AaXOCML6sEwcN1H7KlPExsRo8ffWwYdlu0BsxzLmB+nZ4es1JUIiu6C5hxandFam48z2N23TjtH5l2V1PV7z4CLv++GM3A+Nge+3ZGn0szCn+ab2n9ebCOCMy6hKdGH4IgzpeBd6vwEs5LKdXgguqnIJM7OFdRXHbivgrMHY6idS9donZkYogNtnV4q5F1cu2Zd6voqokeZLtxjpGJuB/0dV3VOUKN/Hw+dsEIU5/9CmTcfuCVQwc9RmYg5VKXkgiZuQb/J5irX1bMU+C1MI6vg9XTzm6qpFs2WDDHuzfBOHNj+yjImUQAw2nT/cE5TU5qWCbrnOY6bJnY4rx3dcHFXb/FNCFMBdl4DHoQeMjjyXiAV3c8iGDlYFFMdSyD1vsOcz4timlu4T5jVFRWpBvnJwROYJuZx/pUO3d+RiXV6Vd/c8VXFLD/J1BF0BgDjrNgls6R01e1f+DgejY0U6jMHlIRmEgNMES28410w3ZnweFgFjQSTITJxDUhbPEa8znkldeWFet5mjoOYZzID5aJDX0Rrp7vzvGUMLzwXQ40bwo2wo2l37J9bIl1bH/gzQz/y8u7z61H5tkTTyMNbruoNUaRiYTVKMc9dnjQs36nRr9mgIdylaYwaXvNPziH7qeEEN2+k0/NTW6Fxc6TsQPD6O/LyUL3mdoeuGrhL59El9Eku8VWGu8GuBRaRzbinWxT6jjVwj+8X597fk2HcQBMo1fYMW1TNugj3P djlxkBZ8 g8w9dCr+mCBuxGPCpYOnH30Xr7R05BtvDkSsJHhCfOgSGf3fhOi+rGf7vhv2rSpdGTUsel0tvMclUa46RBZ2GQqWQNdV1bFTYR1eHYtd5BYfL3edIWkXHrbzAvSv4LzKzJPrRma8gnwlqwvy0RiAnZfqmp3LYTRq5IoFJz9qkYZqUfJF049nb9Eh3+hPvgJWomd6rQgKeNu6cAS92lGyTMnuIg0xd4DdjFVURIlgAKfeGlxowAuS9mSLftE/AXuaP6QQ0f+YNYPuS5k1jBxSxoxj6rQFzJQCZFcZLtg9uNcRsJtTljfnkK19lx4/rwn1w2+/5w2W9R4VOFJVFbkVOHc9WUHK+kCFLJwpkdNp9GcUodtb9OdHPf4kCIjIxKYj2InR+qP5rkO145miEjZYf6nsWvUBDBrTcrO+/sU60yKNciX63MmSuiryBHrd9w/xai/RJPjDa5qCEOXjc8+IU9DXRQQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++++ arch/arm64/include/asm/processor.h | 6 +++++ arch/arm64/kernel/process.c | 55 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 +++++++++++++++++++++++++++ 5 files changed, 125 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 3918f2a67970..f1551228a143 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0fcc4eb1a7ab..b8a42471aea3 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,31 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (system_supports_gcs()) { + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); + } +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +494,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +587,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Mon Aug 7 22:00:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345141 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52972C001B0 for ; Mon, 7 Aug 2023 22:03:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E74D1900002; Mon, 7 Aug 2023 18:03:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DFC898D0001; Mon, 7 Aug 2023 18:03:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C4EFA900002; Mon, 7 Aug 2023 18:03:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B32988D0001 for ; Mon, 7 Aug 2023 18:03:34 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 85EBDC0BF6 for ; Mon, 7 Aug 2023 22:03:34 +0000 (UTC) X-FDA: 81098685948.06.5147A4E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 8800314002B for ; Mon, 7 Aug 2023 22:03:32 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ytg+tOV7; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445812; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=z/Hfqm3gSkub6VfcgPGrQbJE+2xTyC922gBSrpwYMhs=; b=i99ewTlN62Mq+6f0WhQldtIyqAOsnkun9D69y8pjOZZDKmPRaXO56Te9wwwjuaPJyLdy0s 6rOb2ftAwv2jnFVpi3lX+/6g64qyf3fV3mecGN9TKkaSy31bZfXpY6FdCxu6UdxuK8Nih0 P1mqIzSdfLHlbbFbpoNQTQLSDu9Sbp4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445812; a=rsa-sha256; cv=none; b=fpExSd+fQstO6jCWzQJ+2NBsxJGRzBjPOrdTryoDxMxWmKnTBUGy8f5Hkv+YugmCVRXpIR DKFDWT1GNVxmj0WjApjX9aRsy4xzrLJOwgcZm/44rRGK5VnomD27EyAmkOFJ5Wuo5a1jyS e9V4ERD7yKP91eThnhOlRxfnmcA7GDw= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ytg+tOV7; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A9D806229A; Mon, 7 Aug 2023 22:03:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C0BB3C4339A; Mon, 7 Aug 2023 22:03:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445811; bh=2KK/mGoHJbatstMicr5F2Ynx8xFfeN5q4Dmfeo7bTNE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Ytg+tOV7+zRYzXcKtYz+aTBjb4TePeGTtv6fNHDqti3E74faEATUyxlcVKmEmctVF n0mdG4is8qr20/cuNimsjbWoIpvEnHxBqqFJHn0csKQJ00AsgGOW+gRVhqqH4M0Mdn avd2S0HNSACUUZeuD1DmwjqNHMQx211egQw66mJOA7ulBy3OYxdEuGDV2g4TfAigs/ AHKAaavmqQpSY3gxtUSat6dRRB5CUwkeWdf6asQva0y9GuqcDIDoE67Xr0Pb5+ewiu CkOt8uFjDHYMq/+HxM8KmitCYbstOY3gx5ZeMO07mseoD7B1f1kXvrFrwBOutx3VVk oZyp2bc0uxPCg== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:24 +0100 Subject: [PATCH v4 19/36] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-19-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5142; i=broonie@kernel.org; h=from:subject:message-id; bh=2KK/mGoHJbatstMicr5F2Ynx8xFfeN5q4Dmfeo7bTNE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmnwdJIM2X4zNIIdcYbprLlCRvxUgKxKl2+LhCm JT614omJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFppwAKCRAk1otyXVSH0EkJB/ 4kBL8J5Q2sAomH5KA43BnG4Bye1MDjIyvGNFKReJFsRz4+gkHmDRKTQ+WZ1DMreNewUseP+6OiOjBn rdV+8+ZB2WJOA7I9dwHFL4UweMVu4nhbF/fNCJsDM6tMFcbPB12HG6DUl8slTWRHL888PyIr55FsQS DHn1EAlDMQSiHVPGcXlXCWCFyvyO46wWbKAT3EhBHq1ct7dWsns0sG7FE0L4yuI8kp+Jdu1ZJf7Zk7 WJAfDrMRhf6EAUD8I1s2QsdX3yZzhsJDK9gufCV+CohO0hwy2HBmiiA5BI/MO8DjmjR3EBt+Q5J1Mm 9p+ZmreL3Z6r54fDRF/MGKEOUNODEQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8800314002B X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: sa6tuwqkfxc8oj383ox4ewa5rgzzcte8 X-HE-Tag: 1691445812-250235 X-HE-Meta: U2FsdGVkX18RrKe7Bfwo4iXTSXTHcNv5OnmIi2sevcQsQfUU8fVdgP0A9zlsuEN843+fn27JxQreGgzJ502FzvG4B1JYyNtZE0b8AoTguG7n2OCP+oVb6h9+3SoSu6TKW9eIBkeneHVs24Ulk+dIZ/0o1cZpEtMYLkwd9VmHVGjZQWZOlrOEud51bxNG2LPgqxZuO09lG/lHomotxemyIqW7S6gp0jT9EFImWEcUQFNTemS/aC8jR3j97/RaExzcs83fkpBZi364RHMB/tneDmQe/bbAgAEqRhO1pTaPa4cD1G3Ih+m0pRQImz1WNjBeyJI1DHvwEkJo9Kyzvec6yw+DcnlWhWEVulgSGrPsJawsM78KmaJkvvWUpsoX+7v8G3D6Ve8cqU7hSU7GRznKTcZXMweuyDZ6bCrZqwq4F1Unc4riojzIbBOj9/5fVfq3JodNn178tG2ueHhJJhQ459z+y7QKny4w/NS0jFQ1buUlv5nOSUZrMyVZ55FD+WjXulQ5c9OyOJhA6C8QDgdWcHKflAU9NqgrBmnsEGlEhseUJlL5b5Ofx6XfX7vk0d0Z4atKlGU6CX6ihmiItoQkz6+Eetq5bRRQlqhyDDUj0v/FUeOJorTZ65z517R7p2VS6oGgrKJG8+JIDWWiUdeLt2BfG2V2KJG7b75E8AABYTcpRG9vgM//gaZq0BnT0Uf9D/bUlEDJLtjSEp1tBfrjsHn1/3OtcHzUQTd0X73WsBowqyjZ7ZTTZmo30IoeL6YbZB61zBjI2MbVGf9gga8Dz+emyTgXJmkUjvJA5WGnkmR1QWdanK5QlAddA8ftdvHaRcoA8VmoO5j0EEkEc8NXbPn9hcL0n+m8v3WZ0TZ6N7Z6O4elixb2VOEYsO907zbX541iSBaz7uGaJqGGV7+YbxeMdjbYYsnW6xDOe5azqyl0+G8+M819aKbIBCGoffjMfU9h0e878e89JvV/3Mr rGaxlw1F UxWfCNUwI07dfXDCV4WFKXVKJRNJf1aSmWPwmN4TDfZmaCmMPig3rClPLbJNDn4q8oSDbhqkdSRtFg+8hS07FUHSU3Zz3fSWaahFSsknuoHyrJKqsdPCQz+2K7gIZuvWNe7FJsuKIfb289p0zehrPhOgGocs2iHKYyqmd4PIvFcMiKJKYCwo6sbI19r6Gh1Y0OpMn0s85gpK9Q4MGvpf9hkZfoXvTVOXPF2okujwXZ3eQRUx+rDO8Eh0JYbgieDzzAcA3BQf3L3KDfdpWig2yNOGNVnf1y6jNEz9zN9ztsffFfvFZ8kiU9S2emqNP+2N5FeX0WJQHHn+5Rgd/ka7p+EeUahnoGwRbmAsBqs6vOm0sELDty9GzU9MLJRQ1yMvSyXS5U83qRqzLDHXVm3KsAfLpCpk33gXoCFK27+CZcrKpLwI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We do not currently have a mechanism to specify a new GCS for a new thread so when a thread is created which has GCS enabled allocate one for it. Since there is no current API for specifying the size of the GCS we follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. When allocating the stack we initialise GCSPR_EL0 to point to one entry below the end of the region allocated, this keeps the top entry of the stack 0 so software walking the GCS can easily detect the end of the region. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 7 ++++++ arch/arm64/kernel/process.c | 30 ++++++++++++++++++++++++ arch/arm64/mm/gcs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..4371a2f99b4a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -58,6 +58,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size); #else @@ -69,6 +71,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index b8a42471aea3..1de6371ca2d8 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -284,9 +284,34 @@ static void flush_gcs(void) } } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(p)) + return 0; + + p->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + gcs = gcs_alloc_thread_stack(p, clone_flags, stack_size); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + return 0; +} #endif @@ -368,6 +393,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -409,6 +435,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, clone_flags, args->stack_size); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..1e059c37088d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,62 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK with limits of PAGE_SIZE..4G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK), SZ_4G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + unsigned long addr; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) + return 0; + + size = gcs_size(size); + + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Mon Aug 7 22:00:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345142 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB096C001DF for ; Mon, 7 Aug 2023 22:03:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D274940007; Mon, 7 Aug 2023 18:03:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 65B8B8D0001; Mon, 7 Aug 2023 18:03:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D58B940007; Mon, 7 Aug 2023 18:03:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3AC1F8D0001 for ; Mon, 7 Aug 2023 18:03:41 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A1D13C0128 for ; Mon, 7 Aug 2023 22:03:40 +0000 (UTC) X-FDA: 81098686200.11.F59E12C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id A479E40010 for ; Mon, 7 Aug 2023 22:03:38 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B74Fbqog; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445818; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CkR4LcFi/Apf+N3CqhDJhcfTx9Wd0mE1G4u6yDFXxCY=; b=pdJBJiot0V3/E3KlSisi+11j+h1u3xL/ZOoJZ/wMExqKZZ1GJKPB+7nGtJoNzqQ31C1+xl O9+sn7WcW9ZnODs3i2f3nFm3086vvjgwLLPQ2GKq5T9C5uEe22Jg0xYBaV2mEwe6kFW9C6 s3pq2lC/Gwa0qGhecC4JRKCQfz9NzuQ= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B74Fbqog; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445818; a=rsa-sha256; cv=none; b=6qc/yOtMTlGsmHJWHJssOvOYtzEwpqh0wbX8p0kKU4REf84jNEBnlOcSvfYf/5GYB2H5gR XWqVaiWk5tLON0726hBo+tPyPz4zEFdQi82YW3xF8kw5oGevcmR62op75+mitJJMjaoJ56 Fivb8NycdEmz95xQ6p7VQi9RsQOF8u4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D34D7622AB; Mon, 7 Aug 2023 22:03:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E9200C433C7; Mon, 7 Aug 2023 22:03:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445817; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B74Fbqog9SobYYSRdQGRfsY0wS0zXngCFdVXqm4tNtT96B/U0FlBg9DK00lvnbed4 6MFUvy31cmp9rTx7ucCxClFDnQG3b/dNWwZWVTlfDZGYEu6CEPNupSDodgDBHW6yjH rLPVdcHQhWT68Io4Tw/j99fRJrc7Du3rzi/Uzbhva6tKG92qedL1zRbSEWAaqvFfpw 2uCOYuESzXe+oMNgLmgsfNE2ESBJHNN/1JyGTK2ZOVTm8rmeCGB5DVZVBjUyRjEfxS jw3mVIbciC9EQFrZvLDANSaaV6g0C937rv5lGqhFBvE8POZUQg6EN51clJFUoPUw+9 DOXw+ITTF0FoQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:25 +0100 Subject: [PATCH v4 20/36] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-20-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5673; i=broonie@kernel.org; h=from:subject:message-id; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmnszHr3M8G3eeRDGQExFVNxevdHjgqpcegTJ+o fbEKDnWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFppwAKCRAk1otyXVSH0PKHB/ 9nhGymqffd5PBWSptq58Yzne1KmThxdqYjk59Ov1VQmxowgD+eZM/iacta2nJ9Jz9gZvrvOAC/cfhh sIjuAw7vjrvLUhADoB5b+s25w4AC/XMygrUkkz5mUZUdL603vdoc26fLxQlnzQLae4bSJQHLwrWzcb 6/zQs4tBYxfcbl/AhZSL53XpDNd9KPzS1TxknerkKpNEzAoyCQ0BP6xLkjvofHahe4YPUNH4UDanBn ELW5J3IKC/W+AFyUTzgV568BdFzf5rgcWZbc/Slh3JAA6F1auYSy7FGN1KWakKiBMcllsYsVSheiv6 GRPh560WsnD6ZZYFeX+ZKY9dqCgJgQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A479E40010 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: j4z7yhg4ou5ef3mhyxb8bezzzz1gmnnm X-HE-Tag: 1691445818-654059 X-HE-Meta: U2FsdGVkX1/dnvNHmVTNZlwkrbCWaLDL0UdVB/3FS06tG93FgpfjLyi7rh4oB9OM1tsEsfCrIwBRFpoOZ2yYU80AQwtpqtQ69+T2RrQ4Iay8xQ03y00wNrV0NmtGDe8/+E0jCHQIbmO6xZtflX8+rCjev+6++reQqHqdw+cQtYSuX9KrKMhCLjgLGQd5gwHfynyTnoT/7yjSubCzvHRzuLx5E9lc6AETqYNarVHXhBO7v6tWm2mF3c9fLCUY8Gip/FTkagbG83sxi9CkALqtR98qcOZn67jZI+gTeQzaXrHz3/nHEsdUoSBi3MXg1+Eqp1gokqOU8qNmBb5vAmB6dr7/53qRXnmod3XLfCD4UGZ++vTy8JXJEcxCfkKjBBzpdOodzsMprHsFnYz29egehRSUr2di/IGe99GhP+e3JSVESxF/1ZKnTCnXR9UN2z4XYdU0P/TYH8V2LxThIhqnb2Y5S1jWQQXvhI2dwtktJJknZ350odda4BUiS76I6LQ66fm2TGDlNyIIb4VhrQ/E7ItTcpNqjZbufqBwXb0KELHIBla8vPhlrojujrbycU4FYSxVpN5p8g7KYEdQ+ElCQ6SB9CrC3fISu/PazXBYSAcdrKnVtJ+DAwE0gvfZjVEbzZXb7VEgLZ/5vEZnFC9c0DmZOJWYckIv0y3iXADs/kRGE+haolsVvdisDoreY+L3MPFypskWpgxHS0EhCUzXzs/URdgh09Xe4H1PSUq8h7/J+99bNXmyREUSoV8JY8iaeK7Crux+mPXyRqgh69wsPCF+EKcALbrTGvQjCIFLb+UXvHy/kVzzhBZQNJoNI271OJrP3q5+MDic9NAPw5KbKsf5dK6PiC8cmBTeAAkliQ4UG1AY29XsmX+oDurERr4gPSbedw51grRZlaHU/ZUmUCpD0cW51Mci8N0ycG1aXHb4d7XruDPSU/XCKZtqzAU9WqoKDWH2Q8TUmjKEXhx Z8u5RfWc xnZ686quSJhdYes1/j0kClWyz34s0v1fEGYun9MFRTzWQ+wLPLm5RVs8r1vpPdHkdryinuKw2zqk9wDvi3tm9sInYQTiK5ta9SEYmu7S6QYLEBu/UFcH2x5+xw7TE15asJYJbFkAjX1o1yvCL1QIg3fM0Kfq3mQVf8ljkToBQtCU+Wnl2iihJ6g5ZfwgzxkH2RyPXbiVIs7m1XxNI9OQZmda2xdD6l/pGLC/gjoTbuTFO1B6SUrA3UW5E2ejMBTKxKzDTufQC9Ta3vppra+Ifb76Bd00t1ObTLOAmAXnT87t78KBTOL3SbpSUK5SdLiQn9NXHecy6RCCPQSuI3dJ+lgR07lBZdXKnFMvNEEPaftVj69HN+dsFCVjXQsuaYo9BtWKooI0ata9LK4D8UwC3aynEqsy3zboXp5yWhtyqyyHoCB4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..c150e76869a1 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -61,6 +64,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags, size_t size); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -76,6 +93,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f1551228a143..e4255749844a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 1e059c37088d..64c9f9a85925 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -93,3 +93,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Mon Aug 7 22:00:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345143 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D13AFC001DE for ; Mon, 7 Aug 2023 22:03:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D317940008; Mon, 7 Aug 2023 18:03:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 634908D0001; Mon, 7 Aug 2023 18:03:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D5BA940008; Mon, 7 Aug 2023 18:03:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 3AD9D8D0001 for ; Mon, 7 Aug 2023 18:03:47 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 0977C120BFA for ; Mon, 7 Aug 2023 22:03:47 +0000 (UTC) X-FDA: 81098686494.13.408D854 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 37E4E40018 for ; Mon, 7 Aug 2023 22:03:44 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gHpCqYNG; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bAEInLM39Sy/hOSS3gc0MsZfXLP1bvbW2+0n9AI/9oc=; b=o9TMIA8hOIrracMUByRTCzUvijoDQc4HF4kpzVHTqxmlBdG9Hf82mJFZWscA2KTyWw6CDd XdixjiJVUf0+R2UkjfUWOdVJD06w0pHoX2v0dR9E1KjD4geEPsZ2rN7xZ6Bxm/iq0Cv2ou RZRSBhY/4ZigizgmIWt0hieZovrGW0s= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gHpCqYNG; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445825; a=rsa-sha256; cv=none; b=6+Q8Jg9JIfGQ6hSKcya2Y1HBBGMGAEnM5yQSFmP4XOrrfIT0GO8qr/zcRGgR8OIla4ErC5 WIVjvMGs3KT3MvKIEY/ldgp4r5NKHueDTz03wfnNv0pqFlmh3EE8+cc4rLMr5azjEzSBdA DC/ZRWFsPC1QgMDnGd3tjddxBTcwAak= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6CBC9622A1; Mon, 7 Aug 2023 22:03:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E668C433C8; Mon, 7 Aug 2023 22:03:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445823; bh=I1+SuKJuT5iazgzZ0wCXVNUOE3JpgB2Z9BDX1mM3nWU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gHpCqYNG4awhvx9sqcOlbeWAYnzPJQSc37UIauZOMkm19o39gat5h0WxJWTfJbXbM OAtAhLwxUSrOzSEFLvmZmLVgARyU66Joc0n8yvEHKcPZwZU3Ypniwd+Kx1Xi1uapyT yPMi+fpkBECD6/5OndwmZNLOC5bDADsAS4f/sSYBN5fELtgjZNQcdJWFN0Us6GIHx7 luc4jMODl9scAvZO54tnLr/Oz63fwdFjWp7sxJjOy/+xJyvv3xBuzh3YQZaXd4mnE5 ULZgz6KkvfrY6xVmZtmDr4Ohd5UCCq9KuhR8C8Q6erANW1PSuQ8WGMmWmu2bLbRNen a3M82+t+TH/Lw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:26 +0100 Subject: [PATCH v4 21/36] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-21-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4897; i=broonie@kernel.org; h=from:subject:message-id; bh=I1+SuKJuT5iazgzZ0wCXVNUOE3JpgB2Z9BDX1mM3nWU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmomIt//HAc9Py9yC1PS0uokFzGNdVQXuKQ/8fg AuDdVSGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpqAAKCRAk1otyXVSH0CBkB/ 4g/60yBcwBTiQKu1O+mOr+XUawY9DnnSHL9z8Cg1frClnMiULipYsYioyurJfUd4A/3ZbgjdSBKLlA zoPSHwJJ3CAAF9NHg36bAgUybQuV1JdlqDc45CSNZ9/PQwTBCSBcnF5IOjMekhOwyWMW5sd70AHf3Z wrGFG80rcqjFiCxTectDKdk5HybgNXsob55hWlM4hMHsPFLhzTVXURlOMjowTUCaom8QdFQ4aYuGXV Hwroyl5yDT/ljDNavh/EpRMZnPmNCwEec17wb2E4tIeaWv8mnE/z4WuTe4WgmdDQDHf80f5C/91Ams M4yzYYosCAFShlGXXhjJohRU1sNEF4 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 37E4E40018 X-Stat-Signature: 53dettyg46kf4krp8jrddnqpdnojiexo X-HE-Tag: 1691445824-740366 X-HE-Meta: U2FsdGVkX1/vwnZgWI7MJeKEZgEZHX0IrZ66YuNZJMVcNzawCIWiyzfobbJl+MUgfZEZK3l7seDuWIsh0J+zp05oKu0DFf8ZZldaWo4xN9ATPQpS8dMmSOWiBQN4M68HrB0n9G72ccb06oKhJ2Oqn3eZZ090fmPa+2pwfCaNQNlgpF+Mg+y7W8tCHApQghkdjv85DD/5eP1Rs0t1ayKbTbzkW/EEub6iTdz8Xdnh7u+Kp0TkdmVMn5S2MhgaCTZ1C3ThSeUOHP1usuyujoky+lKWCNzTcVSEhc0sFUbsun6vFmK8tbQgyR0W5dSnh3AWrg/pcg6xxcA1iJCWqIhA1sbslsXfPh6wojl7M/WzPYjpTBKjGEp8Fwm7ySkDDQMyBndTArHpKbWRZOA8Lr6f/v5yJKU6UL78aRwCbOLN7Fpwd1BXt2962ZhrWQE+G+9fvOFzXVxXj0Mq+Ftjh0mmA4930xtZ4OEHD5FurclSzAha13BSzt6UfBIgn60czvYJL7L8qaOtE0NZnxOKEbkw7uHTbf9nhknC9tMydv2w7wJ3zc6TUGQ6JkV0DELOKcMH1RGMa0VCAVBvsyFxaHYIjOSA8rr9876Tdi3DSjw6ulDV2tB3UdKaNHhwGoMWU0IoajVsTnvC2qVdMQBpHaZ/1XBXBrFblGa4o3pgXr4ZTNgkF1f7nUKbtxQC+GI19zWeYj9SHRUWu2tfzmo5wktNWlpnUM/79AwfVi4It/DauMXWAY/x9KP830NMt5pLwBNpb/k9hrmFp656fiLV+bKOkdSxOwXsBmyUeuF0jBrmhOFBftETzDi0TmQBP7AxhcHPE3B2JS1WmL18NL69qLuHonOwuj7CIXYjquEY4cpyKTKhwcIi9yC2y+Kfwc6J+uxL5Ut0K5ig6D9QuaUnGKoN3hR4p4cnkYXM1WMj85MPf7heaNUf5Tasri42O3dyZs4FY5QBavcyELQpA6tZ5xf 8oxceHDr N5lBUPWucxt2mqqEI3Xstzm8Men/VmeccCGd9eX+q1BBjM8xQ9oErNbcmvVjxvnGnkh7Esjs5gCwS1CSmIi23bngSAjuHNpiPgiP+TcxLdSM+iipusVYkYOSF3ORSUCTKHuR241Y/pYy1hhlApwRbzvyn9LPEQaNVb9VX4JCslg/GMr6AIjhnoHmozsK2z/3FWidGXgSDHrcN9k4NOff9zSwCggyztUVcO9rWM+IyJCYg5cFLbEgfcbdBoy7AdJ6rqs7SiJZSm5Uq2TpHrxnEtTT1xW+y3zOtS1DMzVpzysQv8qvRCojTY7Co4dE7aHWrgmV1PsgBqa9eL+SSkL2f62He+55fwdsCIMKDf3C9z41PS2IzJuhoIzKkUUUHMET9tFnUnk5v/xcRhCQAkJ3qN+Wuabp6g8NNWYO8IQD03b88U6S3z1P8DJOZO7mv187jATIkmY9+oUiXJeHG6OVYXBjnkg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 58 ++++++++++++++++++++++++++++++++++++++- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 5 +++- kernel/sys_ni.c | 1 + 4 files changed, 63 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 64c9f9a85925..b41700d6695e 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -52,7 +52,6 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return 0; size = gcs_size(size); - addr = alloc_gcs(0, size, 0, 0); if (IS_ERR_VALUE(addr)) return addr; @@ -64,6 +63,63 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret, cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (addr % 8) + return -EINVAL; + + if (size == 8 || size % 8) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + ret = copy_to_user_gcs(cap_ptr, &cap_val, 1); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 03e3d0121d5e..7f6dc0988197 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -953,6 +953,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_cachestat(unsigned int fd, struct cachestat_range __user *cstat_range, struct cachestat __user *cstat, unsigned int flags); +asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index fd6c1cb585db..38885a795ea6 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) #define __NR_cachestat 451 __SYSCALL(__NR_cachestat, sys_cachestat) +#define __NR_map_shadow_stack 452 +__SYSCALL(__NR_map_shadow_stack, sys_map_shadow_stack) + #undef __NR_syscalls -#define __NR_syscalls 452 +#define __NR_syscalls 453 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 781de7cc6a4e..e137c1385c56 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -274,6 +274,7 @@ COND_SYSCALL(vm86old); COND_SYSCALL(modify_ldt); COND_SYSCALL(vm86); COND_SYSCALL(kexec_file_load); +COND_SYSCALL(map_shadow_stack); /* s390 */ COND_SYSCALL(s390_pci_mmio_read); From patchwork Mon Aug 7 22:00:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345144 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC04DC3DA40 for ; Mon, 7 Aug 2023 22:03:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8813F940009; Mon, 7 Aug 2023 18:03:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 80A108D0001; Mon, 7 Aug 2023 18:03:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 68307940009; Mon, 7 Aug 2023 18:03:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 57A5B8D0001 for ; Mon, 7 Aug 2023 18:03:53 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 36FBF160363 for ; Mon, 7 Aug 2023 22:03:53 +0000 (UTC) X-FDA: 81098686746.15.24AFB7B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 6CF37140005 for ; Mon, 7 Aug 2023 22:03:51 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=r7Zx62s9; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445831; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=d5Ugs0OfidP8C6v8MlXAs/MjyHa7VNuEf6IEkz3uQLQ=; b=HeGrKu/8lhhKWCZezQAqLmddgoTbJPbAh2NuaZLI7N/7stEBPxu9KQguKRDz1JMpp+HPtW UNXcmOMppldCfZwqD2nPAUSq2WQ3dayJZkmZaENjs2DzYjqriLm+oyCDlLj+pCpoIemEtF j0aHIY9+d+i/w4/I78aqkeYk3bYEqSc= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=r7Zx62s9; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445831; a=rsa-sha256; cv=none; b=Wy9ySIJ+QPxXyuS0JK0y8Lj9MXBujYos0JkOXoJNX7CiDB/UGbfjHZ7tzloMjD2LunaQA+ lZGUy/iza2ScMVh1iOs2Tu2zjiW7tm4OB54MXM3+zecxfqfWr2S0ABH5hwhgRAY/Hky0xh Qw3bL+wvmvVTEDeF+IRkxwBna9FvTtE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8D0BF622AB; Mon, 7 Aug 2023 22:03:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4ADF9C433C7; Mon, 7 Aug 2023 22:03:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445830; bh=+dR3d0METG46G3YweIr21QD2wGwLVUhSq1WHDSBihIA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=r7Zx62s9/BdpdeiI+jVH8waOJkH0wPGns9X9VgI4dpw2DNzFtQYWP5/uwkwZ8Qxxa 2+Ia5cnx6TgoXq07xcOwv80wVt7suWb2ihgNk6MmRvvuK4pL3YzE4S6ZSTJ/r+TK82 5f3jxt5/D3Mta6vkLCdAr21Cviq9uhFXrfs9/UBXaS//97NViE04L1JWwHYjQYam5M OS7hGYP7fiJvUr1g8gr2Ad05hVbUJm31EUYOgoFQgvgroV4xeEqKzusfdiOyHINBOY 6jwSi6XbSKiHLu/ur6mMHq6jBeY5VxWetAmgmJ7Uo0FFptvhmeeCqARAVMOZnZgijI 32DJfnjG9PYVg== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:27 +0100 Subject: [PATCH v4 22/36] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-22-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7272; i=broonie@kernel.org; h=from:subject:message-id; bh=+dR3d0METG46G3YweIr21QD2wGwLVUhSq1WHDSBihIA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmpUwYmeJzgdumteUNjZwQFpEgiamfSrWV2l0Sg d7aXtwSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpqQAKCRAk1otyXVSH0LwIB/ wMWDoKRhf2e9vEc+/CC2Y/8x8dZzJEbmHmubFJhEdLTcJQ4ymRlpc0WaeNBdAd01vWH6/lZnxnOptL ERapv1nCCZ4lLLDPMwzsP/IrbvaSF+kd7U4miHSgYsV/i36ZiRfslBRqJwql/yVhg2qL9ebEe3na27 sUD6KsoUYCkdd5oWeSbECov7P2IdPUtmoLxmf5RaWVDLPdfr9ufO+VFmbBZO0FOPJyF91yEzK4GqzO Y4pgU7ovvKTGOqvLmptp/9PskULx/qVIPwfWC2BXIbbKnf6MeGNfUO17NVFIxAaH9X3cV5HkZKUbQv Ll++fsjw9qXN78jrRDLjZKLjeVCgo2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 6CF37140005 X-Rspam-User: X-Stat-Signature: dexrrb1396inpn3unsh1dkxiwgydes7p X-Rspamd-Server: rspam01 X-HE-Tag: 1691445831-801826 X-HE-Meta: U2FsdGVkX1/CvjBmEBDotIigNbih9H53F5mmJjYmiHTJESBAB4vPN9bmUGKBmxRCNwFcruvzKdq0V4ur3sGXsxp2HE+EFG+aBR7MXUS8E4py3nCd1VeirUtCtA+QcOQsiVBuWiYMvBKBSOCgfk//ENKGCFBXBb+yQHpvfW3eI4DtZycb71qC5e+ioT1piec8oel/v70C2egEm44pW3zEyeJys1369l7swOf8clxTsQjqk+WCX9lxtkXmayZ+pxFN8lJS1UxErAOQFWaXZIE0Pyta/IUwwtBdTX4FSh1Cp6VPgb2lzYnn4IWtjy+LPLH4HyI7/zC3/eVgVIVuZOxAMsN6BRxkjcRvRlJGV2HXObatVf6c0DAlOTXkpQJykqkr+z2hNLKBsMqIRKxzYwvRIj9QALDCZF7QFwj3Kkm1KcdUBwfXtSNsmqejh3urJuSRMB/i2UV1jv+O8QPg4/wAfrclsT9OyjWTKJjdJd4z6jVJkEqDBMASJbkVkYqNVSF60ogspOYb+nWU1cF5DFybpfJ2iqM2fELzBaD8f/j5dRziKrMT+UsIHO+Tdu0tx3hapKSI6adp/TQ4RsWjiFOS8j/HcO3D4Jic3uLPuEAsGrCpEZkiaIfQZH0d+izHGBHNUPqylI7gX4cnScDgTOwBKoQ6e6gnBzs+pIS/FfUu5TUQIFyJYCv5J3tqY5m+4I3E3XhTwk1pNF0UXP7FkW1YGCjphlsBesFX+2s+xFuqhhjRwpPTfe/I5PQaDLyobStWD9v41buP9RXV12S6wADnQi6cuIJMWn2nU9hdzUE8pF6ZsqpGpKaIS2MZZ4g60jK6rlt6NnyzekV4bfEbtNPKPAyi8pMtWQAg7MZRSDHKkBUN2Kl/KuOlro4emzcI067IdySHMHroj6PBhRd8ZH/vgQjrKHNExUPUoetTChs+RfwE+WVNrNtMnqbXcasa2UGLpOCHPo+pSVXxluYc+tL ogW7efgV bx0QdUzMWBid+ddKasz8aUN0dmzZQfSsl0dmthkFnng8KM3S+r07G0XriRnYdzEQyXXR7utIeIGs5MMPKY5SpwfyvXj5p0seNcdHUhUG2oOenBNEe9Esnv3yX3AYA7hw6u7GS85//5AcFegKd3oY1t+uUIr7ZYni+/hendyMPyj5YB9XHXWEPYnyxdMOFGSx+ztDai6k99tilN3uU34w+SdXuk4XOAcFUs7MZ/iCua6/AFYbof1EvYZQoxl0n8W5aQ+JIbwAQGiuUcXCOKhBHUnPBj0B5VOy45lVraJgl6keMM0qKtcRW9+hAAcfpOMNCo0dTJ/mYXgS2c0ZxZbGLlKc5it67QT+d+9cbj6PkQug+Efu7G/iBkr9lam7S4ap/kuK3eW8CtJAuBI3oHATcugFQA9rX/4CgLroM6VIGO0gY5/E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set which we add on signal entry and validate and pop off on signal return. Since the top bit is set address validation for the token will fail if an attempt is made to use it with the stack switch instructions. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 2 + arch/arm64/kernel/signal.c | 130 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 128 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c150e76869a1..65496103d462 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct ksignal; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0df8cc295ea5..1c31be0f373e 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,36 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) (GCS_CAP(addr) | GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != GCS_CAP_VALID_TOKEN) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +846,45 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +911,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1144,52 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + unsigned long cap[2]; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + cap[1] = GCS_SIGNAL_CAP(gcspr_el0 - 1); + cap[0] = (unsigned long)sigtramp; + ret = copy_to_user_gcs(gcspr_el0 - 2, cap, ARRAY_SIZE(cap)); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1197,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1237,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1267,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b41700d6695e..0034d5b12971 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Mon Aug 7 22:00:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345145 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35974C001DF for ; Mon, 7 Aug 2023 22:04:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C2A9B94000A; Mon, 7 Aug 2023 18:03:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BB3168D0001; Mon, 7 Aug 2023 18:03:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A2EDA94000A; Mon, 7 Aug 2023 18:03:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 8F9708D0001 for ; Mon, 7 Aug 2023 18:03:59 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 70D8EB194D for ; Mon, 7 Aug 2023 22:03:59 +0000 (UTC) X-FDA: 81098686998.01.455A0B1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 8D1B9140025 for ; Mon, 7 Aug 2023 22:03:57 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qw8yJdFB; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445837; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Tv3ZQTe1vq0gXi/ckLnsUDbjI3sqm8avbDnc9Ul9ahA=; b=svsxeqUj9AV7sH3tS2DYOm8tyO0oPTOYRZ0WfOLtv6+0FwK8N56fJ812ey7006rUcIG7M0 yjiuuyS32jUPYDUFfWz84KNkXn0umRkF4YhjqTyo0nuYvo/q4Jwxe+mWsolnuMkYwGS05v OwBVRPtA8FODTKr47T/5oErRkz/UjeU= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qw8yJdFB; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445837; a=rsa-sha256; cv=none; b=ILzntOkpVY6pP1/ArkGtHWRa3CDM7vSfKxYwbFBjvOlhzbVEBnULBIkorFGnr6fDcgMlqb gFwq8VB6jCztBuU4JGtADC5Gpg5NljXcmLGb068N7YjJi2G+k6wrnsyT3t8LjkkqsKL41U MwGHTz/vPKHCwrTbEBLqDCZG/E1Hi2s= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BE92B622B1; Mon, 7 Aug 2023 22:03:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D94EC433D9; Mon, 7 Aug 2023 22:03:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445836; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qw8yJdFBMvLIyUsvxRVMlG+XCZevZf/qmFN+xk1o8nzubhAEI2GctJ1yzKv0G1K/G jVJnQg60fwgaCTzpeVvzMof1qu/h8unW8AtpX0RhHMWOH8ODj2ho4RblN73aiIx9mt 0Au2Vh5TWnV4wPqhHG57KAFVB6MLsynxcX1b/FWRXzO1dSoypdHMDfhdmJLW2XzUdL FYq9FnmtlIjXRiMlAlA80DXJQabjwIK4bdWIsUhyDeop2S8Lep0t9BxYxNkzQWmHqI gg+BWF+h8aImHmCQhgR1XG4tJfkDnhyrUvlygvA0H7m8mwySmxZFKL8c5fsrdJuIgH G0Ud6tLKRXp2A== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:28 +0100 Subject: [PATCH v4 23/36] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-23-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmqyG03hUeRnrKqH0a38tvAdQu+suquEneUa5dg bA+sg1CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpqgAKCRAk1otyXVSH0OBZB/ 4tAqRAujTpzzMb4xdhNeW5zhIrS0Sr12OE/UmJ/9xQXzkNc49yk/K6TdchlHkOLRrRhmXxEXte+yVg l8qfGPf4Jzk9uS6RorouGqiRWSa9yDA0PKB+zggsjfFM1dmasTeOmzXhxeQH1Ma/MwM5+CzXulYVKn l1V1xssd6bCPh3BMhbALldWDJVOYbKnZNbkDMoi4y2rXD7EVVUZ7tAbUQmkstTen/gB16Ii0zetRzU rQF0Rg3dCycyvTz6R13CyQ/4VLk36nlyn4NAGBKsOaCgqiwriuUy+mn8RCy4ACub8rcPqCIx30LACl yZucIzderC/xO03GgxZnHJ0flJ+h5d X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8D1B9140025 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: ux5q9sgsy7p9b4qez16yuucafnsoks79 X-HE-Tag: 1691445837-289293 X-HE-Meta: U2FsdGVkX188Ari3cK5gqy0l/GVw22uK5YSdmCvYqrvC8IL9IlsrwGvApHmyOGXzQliFcSJG8gkAzmbOBwJvrnCHAqBRWf38NSBjmb71v9hp1pjmu0PO/yQHTM7mTRml3CSJMiakhPL9a14yet0nDbsvmteVjJpf+JHUCqBXsUMhCoM3pQyQ4TDpkZhW1ESYHguEoZTbwDa0b8ZSlonekatklXNlV6saw1hw6eMdpHRZBrfgpCdtVzzGXuk7wYgDXJ7Op0tq7aWzMpq5Vchtow/QFn3xGEytbOBnxNhbtbhC5q7Tz1dUTRg7YqCLzSNu05QSUnpV84CKrfHY0ckziolWtnPYjtE5Dc59BsQuf0H1qIVcDruEck9vc8od3sxoNKVSh1QkVezCQZn59ts1+FT8tTyJlvGMxA1Fe9CLRen+7bH6nYYQyuwwvghKDF/Aje2v2yPD2FCN8aLdiA5lMjT0iGGBETowWVog+LgCJygrC+gGAcUUgDQrjgFZc6yqZVW1WqDEftTRhUn56rwT5TCzqoFars38XsCtx0rSIPTw2NBZoH392QkW4LnW4/bPf/5VDby2TqooZi2UuJf7CobWGnG8yNRpnAl0rektf+Os/wZw7eiNVnXZXpxaaE3oAQ9IEtcqHJr52ynxJW3uk9KE6rGGSerdCVLy0K9d5coNpzMqPEv7dv6GjK04fPEiomV6NTHI9nWm9RWuxI1HUpxMft1H1A0x4wpkyUFhaQkngXuSMhbkP0pTgrgVmIggIyN+rin7EchacPpxvl5EMsGEkfL9P8EAB6/G2urU1OK95YvaRzd/mJNybFXWsmDzvivHqnPW3Ch0kue4nxOTvkkJK5bRKTuacy6nSi7D9VUcEIytJwMV5c7V3Zp6QvECRgiCXrPHXkSfyktfgGiQ3DNwf+ACjoKBHhT/c5CkXnXYDu56uJfjirB3OYs+YlO8XUGloDC3Ug1D4ZEQ0Xy 7rUWR1KX 1x+nkkgOgTO0jA3BtEJyz8a7QmU6pfe0PiMnHgxNf0vNOwGDUB8MB1TcUd3KvXS1U/jLRRK4zfl+z3l2sr+hksfkIKMhITEbTwgOqgAnZUkJ5ZdTjog+zY7fJLxipvBAL1LnbojIi1bFgXFtKP6NRGh2hFyiFevzSex8cMohOZksixKnogU515geOhaZ80Uvb1+z367rw/BmM22QWX1Mu36cpNpg+M7nI/MCNozMrOQfDAUbVdp0oF2jpGq1iaYeD33a97+w8QWil/YsoKHzo+amqiCYuQWdGN0S4lGcfAyjiCTgP4PoX7VORdV18oGUDebOhWQaNuOKsIwYp7Ra5XjFyBDDaXVvEAUsg4WBELTCfM1Sp2mjKEaWC6zmed4w6nwApYr32ImInGSKo4O6zBY+uEGTkruVYeVkBBiG695ku3J0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 1c31be0f373e..4cc0c7928cb3 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +700,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +795,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +925,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -948,6 +1042,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1041,6 +1142,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Mon Aug 7 22:00:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345146 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71664C001DE for ; Mon, 7 Aug 2023 22:04:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 12ECC94000B; Mon, 7 Aug 2023 18:04:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0DD8B8D0001; Mon, 7 Aug 2023 18:04:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E733194000B; Mon, 7 Aug 2023 18:04:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id D40F88D0001 for ; Mon, 7 Aug 2023 18:04:05 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A57BAC04E6 for ; Mon, 7 Aug 2023 22:04:05 +0000 (UTC) X-FDA: 81098687250.14.82FF3CA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id AEF0C160021 for ; Mon, 7 Aug 2023 22:04:03 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=t8SAodXm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445843; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7Xh0jTR0r8+ize43vTl6QzYzhaS83l1nMVxt1u8Uym0=; b=cQw/gizYCC7lVLMalwTQL9VDn3zoijeRArX9LI7/qlyqcWFCQ7+YqJ/KOy+BrkL8smp0TI YohsSVsJbRKPUDi8Dd3TULJujRuEpHyoFZVAjIIqpDHYE/Cr2bYPd2Sp0NAtiC6dE7mAEP pmuJFcregzsx3CtMfxdxu2DRGhWrNR8= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=t8SAodXm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445843; a=rsa-sha256; cv=none; b=OYZhlN6ATg2VFHo2ONx/fx1pVO9VYb7DV0YRfvgW+4SVe1XxWlz6r/5LqffqdwK1IGKhfx h7XYyaBUjsWyo1rHldDJz0Hs2mqAeD8cE1L7FqT6RsgUUVw9rkZtN76+5ykPPXRhAJ6fiH jmj/qJUk82CLiT0FXa9rwynve+18vuQ= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E40A6622B6; Mon, 7 Aug 2023 22:04:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9889AC433C9; Mon, 7 Aug 2023 22:03:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445842; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=t8SAodXmV30SSAG9TfCx9T0tc1JXTUDa17ANZoNGGQ8XgDtYpu9jzRwEyCbO/Trm5 HUanShH4KzIaVhqJcHgCNdMADk1LvqZrbyuNIf5KqOEVvL+HGwZgVaByJosicjM8XQ iiUrN0aMxoVoCoTynD6gYha5cPt/aqEpAb2TMWLiALtxeKyuZi0gJ1lqNXYR2tiR5a KBXU5KBnq7mzP1GXxJK99+t17miAdwgg9oriwEXiSPYk27mPJ0Qi+MZLYHm47pIqqt Qo5fmQxX42GbxEYST7aAr58Wb9PBT1wIAT0Ryx+nesWif+E4czI4wG8LIt5VbFolyP oaE6I5a1UNOxQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:29 +0100 Subject: [PATCH v4 24/36] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-24-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmrLgjCxlg0UGVpy5E7U+JcqO/N4JM5rjw02mao hZnV3zWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpqwAKCRAk1otyXVSH0PnlB/ oDdyHIOa8icx1bsyF+SJQ9duVfWg7gwTkO/RfjwXSEpwdUEMMlXLDWrwhb12vC5Mm3Bjq6StFpKbgS CKSDQJJIY+xNJXFtxREcls2VA7vIKUexY0482OqGRTM7jtul02zjku/wNRalUHx+SRLWPenORSda2Z fXANEjIjEfPtX7FoGdpDkK877+dKUfzvCK6X5YsWhUpq6J+BBHUuXVw33S4CP5Dwzbx7EoS87RLc05 2ZN5FOuD+uXdItk+ltL89Dncj5XytV3T815hsHegWS9fEyAiKnuP1Ho2zEAqYS0C3+44MfWoe8jiTA 2bPdAXBLpb3l0KkFMhl97WPzxFmUl1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: AEF0C160021 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 7zosjg978w73ifgxudyypkk7ix6isffk X-HE-Tag: 1691445843-542828 X-HE-Meta: U2FsdGVkX18IJPovvMwK5rPbasOygKpDk1UOfqJ1IS0eS5MRvzvf30wxcah68lFCzD9ktaSm+BDt27VtmJ4dMRTcXU1sCCBBkJ+j24lzK4JmObUWwT9Y8Wqw9Qd5YHD57JpxEEU6WRrRi49DTEMCd6QJsGiFlaM9sjUjhZrVh1VN4je2TCTc7vRWY6Efi9ij2dl9CEfeZxbzI12OPZWLMr7GHYLkudOP/L6Q5jLfW48Wuww9DhJbPon22YxfZn+wy0Ok4WldcVxZwGMUw0O93dSJOwkYRnrp8U1T8S7sn+K7nCz3PZmGrOjcwUaFnhV8lo+UiRBAAE3HyXJrrjomdybqbmrn3Ilv/ISGji+Ye4OSnWjxc73f/3FnczWSyrouplC19AgnAI6AIzckKPx4xG3dGiFk1NxYUnJ92voN6CyQaJv9HVBpyntro1uGlRDDsoC7oqeRyYo4Xo5ZI5iaa/FhdG5RmQep9fE+Rjk/TbOJAdnVqwxLjf4+goErC9OGE8X+99kLEavu9jtfmW/H24gZNY7wexDeQKJGj0+Gpz3GA/xmaZ0MePVlNI8mTNDJbpd8GeMkZvwsDHKS/CvOj1yIn/ZEpIxHH/jTfho/bKgy8nt398BeE6mWmlQrgUbURB4I6QAjAUoQ/3DYuVohiszHmZ2tTzZAA/VSI3w+SiPwnpBsXobzFwGcC+LNg/QISyymSroWzmw2ZlbqLKib5+1UgZwAyWaf6Ds+o62fLRMK3W2ikDzTbbQcjxcE+tK/74b7b5a1jJRIAlBiLFfzhjWxQUz7SOFZG51pOEFP+v6C5sjTkNFEdoOLEc78I5BW2ZDu26ctA/W1bqMgTGLeqLsdXy0DLe5mwhlVCw7V/XTXrrFL5c+7jumkTLu3fwkEuKSObw0inE2FSjPJAJx2EFUvYJ4Y+2F0tRFEuBZeK30sLgTdskTJ2e8wJQeNkEgHGudM6gC3PDjd+OYKtie fzGiFOOy boZxsq2AOnvYj5w6lxgCiKm5u6hd+X+xGc/wp+d3rJS4ngh2Da34ury2SlswaPFDY2i61Gsb+khj64QgQD7UEykwdIlc6WWZ/aUkolR7aBCihWxiPJOwZwcci0NRIzeGiJl2hyZkvYbJ76Koyxsid9qfbka/Nwcs5mfkESpmsBtyyzlGxFBVH3l+u0rzMtK07dJ386MizpeWadKhSkiOacanFDU6MBs+FHubLhJQeCrE+sq8v8b9idRgziMxlZ1TSDGjM1kkCoyIjIUNCwGzm9+I/QjheH6RqliZzL0j+N/My/EB+0MiZW0yJArRL9v5UyyN9EUG1tKzkL7uC8r0Xg2E0Vzgx7m63keTjKKwZbeLNdBkEKbuOObXhVbmj/YJC6hhCEzVdXUtzkY+cdgqzL/QZhIHk9a8MT/GXmFrvJHj47UY2eGwHYtAmZCXID7WMYw6W4cOQAvZsjFU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index d7f4f0d1ae12..c159090bc731 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1390,6 +1391,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1418,6 +1464,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1568,6 +1617,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 0c8cf359ea5b..00f698a2ab17 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -438,6 +438,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Mon Aug 7 22:00:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345147 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E814C04E69 for ; Mon, 7 Aug 2023 22:04:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2B41B8D0005; Mon, 7 Aug 2023 18:04:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 264A18D0001; Mon, 7 Aug 2023 18:04:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 106188D0005; Mon, 7 Aug 2023 18:04:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 003998D0001 for ; Mon, 7 Aug 2023 18:04:11 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id D1ADC1A0BF0 for ; Mon, 7 Aug 2023 22:04:11 +0000 (UTC) X-FDA: 81098687502.25.5740AF4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf05.hostedemail.com (Postfix) with ESMTP id D9D5710001E for ; Mon, 7 Aug 2023 22:04:09 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lv9rtr+E; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445850; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=BnTPNnb7vLdvFR5WbrJlLKVTi36UZPFC5Hk16d0IDAo=; b=oQrahcXuwBjEHyLcStuvsIRUAbNL13e5UC2MyOjh+LA55ktCDdx+87+RrPaDHBIBy630/C 87wjBwCVPOSvq/eXiG1ItOpQTvmGOeqRFGfi1Fo/B6EOqIAOrclR5WXwQR5Qhg+3rmQ4nn Hml7/5PEyBsoaHuEoElQwwbT1fUunY0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445850; a=rsa-sha256; cv=none; b=EVY79ONeaPVa55ZRhIaVhhjTU63LeD7ZfY7Wj0inK1jgYGCANvCkmkWAlAFGDa4Qo8s7sF U8IE0WeXTLKJLG1lcwdx365sxWxBFwsXSHBEdZ5vWCN2k5nZyu2AE74SENhloEFNPDPysL 0JuDYT0LtObWXrrDWKZrtP8gFBTT3qM= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lv9rtr+E; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 11DF5622B7; Mon, 7 Aug 2023 22:04:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2521C433A9; Mon, 7 Aug 2023 22:04:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445848; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lv9rtr+EAtd7102Xa76cZT5edbG236PmmRMfJ0OVh9XSwdHdiQDhzAodKIm6h6vRL NdeHOOaW3VjKe4x6bFplgcRucirA65snxMgTKHuaMJTLv4B0DDfwkx1sMx2pSK8oO0 2aM3m10IQgkgZWX+lvnqMHISitXUCnEYUGloqvw4yCl+r+w1ulXdoB1lZkYddHbmtv q4wt3WLucdMRrSVRnCJv3xHiCrXZzxoLue+HgZiUTOaMubTpynltGWm9V39FVRVUE5 7aXA+eCbY/2l7sEIajG4DCK1yU9XH6gMDwdeTqgBTk9LL1f3LWIlsXsKiGB6G9MZo6 3gvRa5H7jjZBA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:30 +0100 Subject: [PATCH v4 25/36] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-25-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1334; i=broonie@kernel.org; h=from:subject:message-id; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmrSl4chwKr3/R3Gfif9Ncd39ArWvtZPbVutDLW JCRoW6mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpqwAKCRAk1otyXVSH0NifB/ kBQS0LE5LNfugxE9C8D8+xMQF/ddJKgmOJR6SlfCJAWbTlPEYUJ2WICFiC5P5ZO7Mu0dMk1v+UlHnk 9CpuDpHJq6MISRR5/Q5wcBY/wv/canyD6S+BWS4sQGiuaqOtLiSqAPiaVOupwy50mVhdQsVo2WvHNg WhgUOF97GkPLzxHTQK/EE3e6694K4HF1KKPETwaR1mKg+cIH1kH3150ck6WmZqVUnKF0QBoes5+WSU f3ejEjNWL3ipnUAM0lvk/Oqbz0RiBsbjxunbVG8LubCbWLB+aDglDoTZUO7tXlGyOLIAfhDD7FSa6t yF2AdyawCHd1h5vjTc1KFjQp6WZaLh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: D9D5710001E X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: wemp8ju8hxyg783b7i6cudp9qc5sroh5 X-HE-Tag: 1691445849-582200 X-HE-Meta: U2FsdGVkX1/5BRv3skPSrv6HaPovgzNOO8CZOqaO7qGAVNT12QKUrm2C4MFEqt4EzOox3gFkXz/R9OBntpFiN6LB7ywMVG1+kkf79jONjCK3FSxRWRa6+jW2exfEwLyv+LD82Dws1KZ3hPLwmpKIkAC+/+DEFfu/zoMXbaRF6y5qvHYD4CeBL0kohRhAhN9/apMVWuooDfBqZgvdIs1ykIXzm5j/hRQwWP+J/7lM9izViR1+Y7dw64miAaTLGiMYv0edwzGW7WHNLPSzV/YwKyWjQdZuwHNAIt4f/wEVI4iN1LbZKPcqiQx3UIicmmJNJxV8WTzluU8MrACfK7nm6P8eDfb+mr63oNDpeXJOPtohDBfSXhf4VX59xvxjwxkSdoiMQpcfeN5yGGOm6Uo8WAh1QJTz3RSMLs+uzuMRLHPqmgMNbITfIg9YM0RhfXrW8sKhkHjeqGwIXZF0tt6TqrzHHcCAwepeh473akaaxdIWiefqCLqug0Yb3kMZsl7k3GXly2pJLrVZ3Is8IQpShUCgiXYJipVS0UZz5ARZZIi59ai/pY+z98TAfcwMToIeVCzLVS/McUA8NTUMb5zjKnpeqPUFQWa0VPR6qN7vzOb7fUiO33tdxEG0/C/Tagbd8vr97i2N+cAwRZ0vAInq7rdu+d1Sa6MtN6VlyEFrek4FBcqLeXVfhS4C8WQqHw5jch/ccn9jryl4tjiatX3gCowh8/3IcoTGjoRqCW0YhJ3qBi9DGRQo1JEdBbsYUsXWbCoes7Y4A/VjzlT+qEU7fTgSyMKIzrbMbR0FzxqzUk+ZW867r5z8bSTdHdHY1MRA+EeKGon1DS4Py1Uloip+GQ8mU05zVLf8d240BBAbrCn98P7nL1R8ETzFcs9VUNtTuSgMiAFE8BRITdKErbj39ZxOVc2Yod4OrekoCLtiQOqCG/iRbxpI9wBUQouYWZx3lJDJUAiJcHpIvIKtCnl lpM2Jum5 uItlyDCMGghZf2zjYiLHXj42zra9eiMUdpILPYvAJXfU8JwaWE3yhK9idg7KYVF/7uxnQZ+OfsIYPF346vtZFh9QF0CQNOgmLbU+fqQO5uWZYYzOpnW41H1JYKDBO+jP4bnvw4di1TQmnCXCUDu+l1I2DkCmzXP2NuxRapooB4tmP+N9XcQJBEILntKnubzKAWQVhKb+zjLL+6Y2aHKKh3JOCywqBHOiXDsVl6lqXzA3QYUAsxo89teTGqiduX+Q5swM3ZFueBDXKCh19KIDnwbi7uOhV3nLpv7WtNw031YlXWKazF83XVVEpvi8rpAW4mSRIG/Bzx0orch5cznwZo7DxiNEE6Bhseix9N1hvZ2HEGzGYISZhHhoMajHHGDyT7PJkdosxSUbly0ZiOJuDjqQDI0bO0m6n2AgLmJyEO+CkyRI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2511b30d0f6..b5ef1a698770 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2093,6 +2093,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Mon Aug 7 22:00:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345148 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D513CC001B0 for ; Mon, 7 Aug 2023 22:04:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 796798D0006; Mon, 7 Aug 2023 18:04:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 746288D0001; Mon, 7 Aug 2023 18:04:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E7F98D0006; Mon, 7 Aug 2023 18:04:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 4DDFA8D0001 for ; Mon, 7 Aug 2023 18:04:18 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id E7EB740C14 for ; Mon, 7 Aug 2023 22:04:17 +0000 (UTC) X-FDA: 81098687754.27.245A6DB Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 03A59C000D for ; Mon, 7 Aug 2023 22:04:15 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=aNAspYX8; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445856; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6f2sHhBx1jepR/YNA5SyNc7wOpOk2HW/TCkILD2DXmg=; b=Laetcr4slSZi8mLP/7Iv1LXfCtiVk+yw0Nf4dkiQ/dAz9rLjT+cTXs2FVFFHUJE7OALVuJ 69GdOeGqj9+shQLcn1AQoIR16pk4zWnVSZnL4YD1G7ZxwYB1ICrtt61+mywiybUR2sK+Ts w1wJH7dyoUaa9N1KYLqwA4D0882wy7Y= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=aNAspYX8; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445856; a=rsa-sha256; cv=none; b=SS+YUiEfdOlAe1R1IFgfSPE7XuxBO5Rxa+0RQPRPjQ0SLhSe78mSN7nJ+MC0UtaDXvyUZT tfPykZTd1S6bVV6xyKJ6tr+zTVfBkcOPKKDD11dINcQwJxU72laksibQ51sdwxPKjqFOmM 0QQ6b6ZrcNxibqoZMHBLoDVP+BQQp04= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3BBD86229B; Mon, 7 Aug 2023 22:04:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8415C433CA; Mon, 7 Aug 2023 22:04:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445854; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=aNAspYX8YMDa4S1UOfbvx8zWfswbqBEz2wJe7nfM0pWFTYZgpasCip1sxspsbK1qs /ctFJQYBpm7aljWAEoddRMJF5WmAQCiy0iBDZYT5uSPQXATQIPS9q50niTcPxSoYYk U7X+2GqIufk6btPdrinnoTk4hj8wM7DiUAFP7dlkMqbK/aAWLB1jFFgmzAvPnQhJUU oXDcFIObaNQGJy0w483/tdaMENDzBL3QS97hz+z2fp/xbLo6OxHbD5nUXVeaLIwxqG NryQH3iy3EX4Hs9w39NpKQdf6CVUtGS5BHj7u+SZrrV/4S85G4qoG9XZQYOA2P/wW+ CAywrJ9cKhinw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:31 +0100 Subject: [PATCH v4 26/36] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-26-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1205; i=broonie@kernel.org; h=from:subject:message-id; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmsQXm1Nq46jBWok7xLjTNPIAVH3O++MCR+eGVU IlIReyiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFprAAKCRAk1otyXVSH0HEYB/ 0WPQNCRQxW5vYJJYV581n2TRG7EYT3pL7OPOKjvTDLv3U3bWOAdKBA69F+CMA2Cf9vB5QMcZPf8HbY F9VwARZ4J1JwbrXW8xotnruPFWMpZzyIdAgg8/YIU5lOzFtpFhSGm0hhnEjxK16rlpCflpZSVjVpnW OEQq6+W2PsvmhAgpMBYG5P2z/J1gUpUOqhoiDMNyFDYHNjd7tmG4yj+BHiaCXNRfWATS33Y1kRDx42 XRZ3wQ8i8jAjo3JO7pX95L7caAT8EAOfI+ZGgvR+1aHYzcbx2sehURn+5lDFBzXVM+CE8PTpXIUXLc VfOqijnQtnB8bltlyq6L9mWoafWwPE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 03A59C000D X-Stat-Signature: r15fnsjk6oqe33938raraw18iss71hs6 X-Rspam-User: X-HE-Tag: 1691445855-324370 X-HE-Meta: U2FsdGVkX18uYHY22jWCIxvqXhPj1VrawDa52x8meJRTt5QcAyU+NGZM4pwYZJzpBoTw9+uY0V+End67Xe1fOAHvKolyYJv3z+YT6tZpwIb8Bpu9UaKUokV49/s73idRkRyfoNAniqAmptJpDyl46Ns2JXoiGicoJfuHsJk5Gjhl73kOe2TOhTRJZ3sFrrk+7O02D+um5j2xzE9Bt7TuJx75z4nIo1vyv/5Dsg+mhasp3shAf5Io7TUtbwXULcurJAL+oASaipVbV2KKflt9zkmoCKYJ3O/qRYvPZAA1qnFJpwDPu+uERglTi5f7i4bnClBCyWDAaKUTpRrVUeL4rxLHkOL5rvFHEc/DAW/blnyUomHN+FWecnxT+tZ5t5tVv08HGfMugHKLqpkK4A+oDnGOkE/lamBvLkPShu1XLB/kiwVV0Ai+aZpLVlx76+YpStPERu+4kgUKxGB4m8FNLsB/jktcXETZyn99OcOTPGMxaBOUvcdqkdGOsk5z1rJUupkanykD/zKQwxv0V8K4/c0IFFjqxJn9poPMD8S2oMou2AGgLpOtuofcNypAfSQjiiAyivcpnoEnvbzXAmqReyw+BV1EBI/Gxcuv05saR/L4yZTfgfndj6r0G3+E5KVGhE//Tg2rhyxVs9BIHvVXBafGJxFJfC2glvnSVXibVZLcgs9zvqprxhrPH/lkZWW541hNUEI9Hqs0ajn+/jBU8KqYJBMlLTJkmDE8PrnXzLWpr5pHJWhRkdS8+asztuHfF0/HtMGy/MGAxiA/8+BVpZk6+pDSpe0qdG2zNIdZ7c7HlMCyT/I7lnQCtX1Y839ormP6ugM9aabURlSW4ja6Q8vMDEFxrYPb+2lXN2e3NU5Z2cejJY5QdvPDS6GKlVI0tmtK62XuIHz8lWRLxGhGWLrVA5TdXb6/J4kif0hTyO+X/aCSIigfibi/JaOuUbLPtLeNyBTP3+aaTwsDpMn poh+l6s4 TTgVWvshpV9SLH1Y/K+9FjFpnMfJIyazMus+2rAk+IPQ/qTHBKzSubecySLmoJvhb9kvZNbD1IOzN5BVXtuWHqsD1iwIMGdRv643ECZ8E8t2lZCHjQBCfcje6O0trvjviOp2fgcPSkDbtBiFIB0oka/SeJrNbZ4lbvPLBwde8w2NaLuB5j/lfdMWZSgkVlyz0lvZVB0KLHKyZWP6JxzT9M9HPCcrTnGS7VpnYPd9zVpiYlIy1xaYFAmtkA86bqyomrIAdx9WGJoZN9XcibzCBNQ8CZLzcR57J64jJR6i6RO1JYfH3aQYHEQ6VS0baRsyFDh0qgxyc4FkGu2oZfCcusqwgVVx9qqCYtEFX0Qx+PrUru4uf815LMuapn/mYKgDEs+VBk87pxZlsl8BTL2dFEUBj2Yy8cUEmosuXUjK0A1CGlsRgnKXzQXKZQ0AYC1RMSFC/tOgZdu7Qq9/aGYhr9OKJmME+v/0D2cOoGeYUD2gUmzkNFf2BP9B2xzD7VYNS6WL6ZNEqAU/N+VybaBqptdR4y62k9nWR3PPW2kfo3MFHVU0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d4ad813fed10..38844e4c5aae 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -39,6 +39,17 @@ static void cssc_sigill(void) asm volatile(".inst 0xdac01c00" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void mops_sigill(void) { char dst[1], src[1]; @@ -223,6 +234,14 @@ static const struct hwcap_data { .cpuinfo = "cssc", .sigill_fn = cssc_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "MOPS", .at_hwcap = AT_HWCAP2, From patchwork Mon Aug 7 22:00:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345149 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB9BFC001DE for ; Mon, 7 Aug 2023 22:04:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6FA0B8D0007; Mon, 7 Aug 2023 18:04:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6AA8A8D0001; Mon, 7 Aug 2023 18:04:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 54B458D0007; Mon, 7 Aug 2023 18:04:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 441268D0001 for ; Mon, 7 Aug 2023 18:04:24 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 27474160B7E for ; Mon, 7 Aug 2023 22:04:24 +0000 (UTC) X-FDA: 81098688048.17.FD55B70 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id 362962002E for ; Mon, 7 Aug 2023 22:04:21 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QIDi3nsa; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445862; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; b=E4pFkn0M1i9EG/gd1Q6KkGloQFgPY6gI8OKoNsq2vsY28p7rxa1dIu2YC02DiRSLMgODHy N7DtMH2A5D2SsOdaT25r6NyKGdLfaQNwYKO8txiCor2Y/EntuYWYPDr+Sx/ZvBJGY30RKu 3MhFK9aW3TG4tvYv1pL73fx1EtCeItg= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QIDi3nsa; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445862; a=rsa-sha256; cv=none; b=5yUxnXqGx+7x/F+SFuIqqHH/c918NIbEN6IhQ+NImaU5o4RySfRcui10DH3X3oy8eiEA2F gDQBq8KojRxR9qZMvlkByajVwzl8tgzLsJc2bArOrh0z7SuP1zKpMuRV5u8UB0kM/xfJbP xIAFapxAZ1nmi8TerDAfdhCDALWFAxE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 609B662299; Mon, 7 Aug 2023 22:04:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1BFA2C433C9; Mon, 7 Aug 2023 22:04:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445860; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QIDi3nsa+DsRCeYHoIoIcbELawp+4+it0GlgaT4DvjDnJ7Q4Zgh2cigRtqYXHnqfp gd+gElF+qj3RCwCvHIbU65ZgMewQqoPl4YfQ7vYMdVcLxczbcBGpLHGfh4CmkYnXhv 8/l8bM8Xlqr3yQlX4mIgX0B7oPvpZs9LfkZNJyMKRFWKF7aTFw4dVLAO8HeS/drUgC vLMc4sEpVAUH90ZDLMnnfdQQXvAkj/bh6XKobw6ybeTUZ1amhV2GqyiRm7uTQvLiof uvx1uB0SNsJcmlu3W5NxSDelhmC7wPWeQTptCwE+EXZuzBIhExfPJGANqB5KtQjxdr vdlQK7UaDUIkQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:32 +0100 Subject: [PATCH v4 27/36] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-27-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmtHdDxBWVvmzkYAUf6uUsjA/rziBCuAYQ+QZzI 679QmoaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFprQAKCRAk1otyXVSH0BDfB/ 0cvKNXfnPZ6BOOjIAiA1MSHXH2H5yBCzaglGgIll198tjsunG8/G6A+HI/RDAXXiRIjvcYqu3qV5QC V/Dvj7ODSDEsohFNtO14yt1OplCxE+MVflQMtxtEr1pTIPFKH7Tn6K5w5hF8Qxyj5YoLearg5iTTX1 8D+LnTNTaPKI2QKUQt8QqebBWSeyTw24FLNPRpn4wfQ1aStwtUUXEJzlp7J/zb7icrsBXBSYicmFE0 FIJfsxE9o5oJkXGP25MnVQoIogdmUzVPWuMGAbZ1qITZOxi/El+6gC5D3azmYMJ62ioj4rWLy8TngN K2c8cElGsuO/QnqfNBSvUxITecp5Kv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 362962002E X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: tafqced4yzxkrzfcnuefzggcas4jmwi3 X-HE-Tag: 1691445861-14302 X-HE-Meta: U2FsdGVkX1+hdLq1+HbokaU1LVYXjZkvVkT9X6Vr/VO7nKHhry/2CibPLB5fCSqJDWC2gWZrDc2Sl9ccBj5lqBmUaoK/en+6Ul91ke64PkoKeItg3V9DZdCN/BFBznI0zSgCg57zVxPRW73OCSp/2RJnuWzLwSvrJhWmtanZzvXP1xFn+EGX1NBOyiskooG6JRSS+1bZRz9sedga5lHwuwJje++YQUBeyBp7uBe92kmvzW8WwM5ZykvdZof1Vhyq6SWPg/k5IUB2ZWxXozfKUCthN9A0vZWCLKngLCETy3S4PuYZExf6G4ntCxSEg0jI/kGZA5aZRGheiDSQbfXxH+MhYpfXVYrupUq607je0rL/Wj5zNiCtEo+VMFibFBqB7Mb6as3dqc6/NzmP9WPX7VJO4DGD19oa/4WxJ30Ng2A4bUR7vFj6sB1rrxNyVJcgBne+ExX5AqX5nv/5tfQxWz5HXE4r3lo3TdfHYGRe7cCi03tUBfveWngjuTUJhS2uIupJi1pZXDu0qZKJ8GSi+7bFJXwjSvOU/N1sdAGzinuCPIkMSWS55KrwWMoS16bmPkEQZj8SecIyAiKLEreqe6UklaV2FhryDAl3Qz/tFYcVjmpEvXpqB4tnuOS4kEQmR+wVs4Swp+It1PSiGOr4ui9pDCQhGDco7sycByOaaGBiSENKrbb4mvXYqJqXLFZwF5WqEz4BKSJ+WTMAGkg6ib26ORW0PRsgt0SmIvtHQ7J8FXqIwEOo5WJ9EBmwZhByQJm/YTnWY4VBGgKVhuy/NFLkjNKHD2QlutyO3jIYdUqYJyPajqilUGEOHTvzXdeghYdRFRPA/X0GGiaJBRYpqinXH1DxM/44Tx4xewEN7nd9RCX1Ryf2vOyG3peHkGQfanKQpMf1OfD5evZ3h8du1hcxaBfUOUni+4bTRleEcHF9oD0DQT8/DU/7kRH1fc1gdcTScTcQwg49x8fnQ3W 75GC6GJF yo6UEzrryN8T5h5wadURFbFQW9jgHO5w/+rzKP/5L4bkCJzs0h3MUK7F2K8fyqAjZw7umaYtAa5vNv900TAgl05hRUJJ0XTrmFUZXgPoogTj47QkTSLn4w4LNCwF4MR22/qjZQxFch+94gaLsNos9i+2JPk8Xv+sHfbL8fQtLXlixIE9fVoVsQI42uZ5DOOInjzbqJiXmzdu2CWnreA3BjnhKxYJQ41rW4bfoAOVOWleIVTFEGMPHyEzggs4badvgDgYlVSw79Ck95x9UaJFEl9mFejIDe2NooaFgEhCjsob4SVxjB4KLBPymHxiQ2/XAMRzeXCAFEVkJgOLBZamCmAgQpcdWlwYwWHeCPtReDC7ZGnYX6xVnKvzn/zOaaDsKSDscKRhYJmdDdCki+GfZqTPx3d7zX2BH3zm3AobM3J2lspM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Mon Aug 7 22:00:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345150 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12F2EC001DF for ; Mon, 7 Aug 2023 22:04:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A554E8D0008; Mon, 7 Aug 2023 18:04:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A054D8D0001; Mon, 7 Aug 2023 18:04:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8CDB08D0008; Mon, 7 Aug 2023 18:04:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 779598D0001 for ; Mon, 7 Aug 2023 18:04:30 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 40B9380BC8 for ; Mon, 7 Aug 2023 22:04:30 +0000 (UTC) X-FDA: 81098688300.13.4F18894 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 55BEAC0005 for ; Mon, 7 Aug 2023 22:04:28 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AC2QqLWX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445868; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dq+jcN5GMg5Lle2kiMLPNS24YEsjylZTVcQUjBnRNs0=; b=uVUxI1+9L/mcZC1H7i6GIXFaad4c5pN6oD0pl+0YqiDMQ/2pukEte31gHHwiTHCQxafc/f LK/CsD+JkPeBhOvEkmAnVgA7T1xKbGz40j2WHjEI+C4u6PkdrAmLZIeJYk+xfSoNJnW8uS fBvRAxMeSEYBVEUp9yk6qNWKwDlbyu8= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=AC2QqLWX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445868; a=rsa-sha256; cv=none; b=sr/TA8+CF6IOrK32CZYsizPpS0edzQDKpi21YdgRzEwE4KW7IUMp69T6U6Y2spzcOPuaaF +nS20a9NvJkxtsDxVQgdtsTurirFUmcBGYdEfR4YspgpLuJrTi6HA4Oty+ac3Tbjk0BPWl fbe5PuAhHGVIKjC4/QCLfDZC+foeG9M= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8AFB4622A5; Mon, 7 Aug 2023 22:04:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 41674C43391; Mon, 7 Aug 2023 22:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445867; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=AC2QqLWXUVjx1+F6RoA0QlSWpNsuukm5kHhXGOhrNWfGDDr8frHsYBi7XOpfT9ODN VjbPbrGmQfEiQwO4Xz3e56eQ5YdNPH/LP/Og+TEt/ZFXpotDEW/L/498fxt3g4HWuk w3bB6OyLPMzqQMYUiRpNFFmduFnvselHcqPr5r/W35gZnRZ6cmDYw98QaOxnARCoa7 YAKNkMuZBAVVp5GHFC5valeDcY7lx30+SkGwxDaiJZC2UpPd+Jh2NX/AWwncR2hQou SL1mpMby0L5J9H5hYWxg04qyGGuaLDrgIKgqxn/mUJboNKEV1Qh/7nTYGES4HrGmiP oaNbaOmNMvh5A== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:33 +0100 Subject: [PATCH v4 28/36] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-28-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmusfWfEkcyvCfzSfKfCoUFKATLvAmncYX88c2R +o+IMzaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFprgAKCRAk1otyXVSH0NPiB/ 0Y03wQVk8JyLWrx8g74ZkbbG2krvzxo4vQ7NXJ7BWRhay1jB7m22BEhUdvJNtrL6Fp9YC5ForUKv63 HUUU2oq2UVQ3CAMc/uHZnovqbLz8Fr3dSxSKxmjOvR7f9yTdNTOET8RktyKFXhET6VrKFlIhfBR1+G tf9d/wijScUAFLUPfJ3Zmn9HltpFlYEeHZJzxh6GL+NfdcCrjBwtu83KCVmeBc81PG7jJF+rvb7GGb UoO36Zy0L7XoIRgQR120IyPJWBnPy4X4LN9+BGOC0A331xEeJ7HoB57vj/gDUSssCu4bdBbSjbtwtP W/1vx42vgTBtszSkzawm91hT3cRrX+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 55BEAC0005 X-Stat-Signature: mfsah8uj5j4q4ub4wwusyaig8p89qxa6 X-HE-Tag: 1691445868-42386 X-HE-Meta: U2FsdGVkX1/hMSMY4GmYgjiMnjAGpFzSg2yr0028akYHz4UkzbY0+0SjW6n72T2WEoQpoITL7HNjEhxJHi6A3pqN/TqUS3Up7AGsOYhsZ7NMN9pqBjxbr40Gja78TG1dCqJq5jCq6Ow43Ojy5i31vbK6L5aU0iPfbOjcarn+KEIVzxkwYNoe2nMGSqrPSBR8cfOv3771ONqUzDko2TUb1T2W3L2owctcNsMy+ut/Fg3svw1WbxDjBKvkm+bPsi8GjEluQUeE6TfutjvNkV6o8ELUQ/I/1Rvb1n6QvElMno5AEhE9mvUJBQr2Bb9B1HmzBWSpbVU3pqB1mRak0joJFdqSOjCwaBV32EzDfiSZRtBG/O4fXz9nxPAV4xWgT7g7cjNA8hTv7kgIDxE2gnAixZUD1F/QvSxFpMaTp4++puCx+Zz0Oy8c3q8mZ9br1syb7lU44WUdXjEINAiHqTL9h6Y5Rz7+rH0Dlc0DxWnBLZmcpCuhQr906EsUGSli2C6YiWuESQkmqpG7lNumQgUT20yu50TRLp7Pe0osNjUcwU75AVm1mE01ftGzaB3ciEcXwgQUoET68h5ZnhSFg7eQ1lp3E2f19d4bSFZQc2suwTodPXHw/RQd+Y//xbFF+vUOuS9gvypaUUT5uB1jjRZI8jEhTYQqNmXjGC2d8LcCfy3yj5F65FAeoiwCKzAGFoaHrMTT+lCb9GT1ruHjG/3xZgNmD2OJm53K0DK9Jgc8fWueKgfxmZtv4bwkEmX0BMGOpuD6CJZKZwYfURvkFOa41rwY8EuyHJBpzLgvrcqDPrF8DSlxkcG4PeFDlIlm6JuDjG/zBkrR9+NjplKNr5cQXCWKj7vFh+lDEAJb/Yo2/CIi88xOd2pfH5g5ed9A/BKZgpemSTorf/n0oMouc/SeupT6wrEB6F0hdZj1yu7EP6eiwVdcivF1ILUXKVJOERJXbAN9XkPUEfcs3fqu4WS yxeKvQfa tSDclz3YTv2AEmFhGjRKGL9PIFUeS2iLrYkArlIM+Sw1Yhiorj4F8tBRj0Cn2AeK/H9OXypN/gY07fzPz2sWgFATCktrDfAmcKjQH6/WphWJrW61pTDGKJ2mthGa1mJMgKdFkKRZeZ9Un69Pd6uSzjkalCytuf2vOqMLy/fiohwwLnTgp50ufYvRj5EbOsu1x/e0SKjHgqK9UqrObTYtd/Ia4KXDzffyOedvqA85b4y1vyEP8zV14TjW+NyLK8G4ALybvbfh9rPdZnzm/r/3tgjK8oZ0DKAktygJvrEkROUZvOxG5ca1x2VgrdeOIFMph5fM7/cm2pbO3iswzpKOiGy3vQX0RbnH71+KBwTWv2p0lnglnk+gYNtjMh16n2K+K241b/L/aVCBy5CCdDCBd56MMOgl654TgEtlbzlT4/EIukLI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Mon Aug 7 22:00:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345151 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF3F4C04A94 for ; Mon, 7 Aug 2023 22:04:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 684FC8D0009; Mon, 7 Aug 2023 18:04:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 60E488D0001; Mon, 7 Aug 2023 18:04:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 439818D0009; Mon, 7 Aug 2023 18:04:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 32E698D0001 for ; Mon, 7 Aug 2023 18:04:36 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 15742160B67 for ; Mon, 7 Aug 2023 22:04:36 +0000 (UTC) X-FDA: 81098688552.03.CAA3860 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 271F54000C for ; Mon, 7 Aug 2023 22:04:33 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rN8ckZmr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445874; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; b=r1885eCqfQ+xuvuXV/NIBfDRZKljtsGP97mr4oFQ/KO1nfLoL/I2XlnxTdPVDIUzSmHiBr sNsOeZ6CmacFtFcDfqxj78iowlM9mjtpBvwHRcTaNaNYYCi0TzzHEGCn4tz4z4ORn9uLt1 6fFGq/0oPVONNELXSOAeWCsYQTiJF7I= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rN8ckZmr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445874; a=rsa-sha256; cv=none; b=e9eMdpV7jVA8lMz1umg9oNj2DUjsonnSN7xej5D1bpx13whPwb8mMbg/XivPXdduJBJOoX 25d33EpyFyeqc6UEw/Y5t0U+iQq6uwtN5npXDDpEtPNDKxBG+TknNNAgAyadAjJxurmwZn MzjMu43BeSmoKjO97bxmKkSgtXNwB/Y= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6599A62290; Mon, 7 Aug 2023 22:04:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6CE1AC433D9; Mon, 7 Aug 2023 22:04:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445873; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rN8ckZmrZF6DP3DK1z17DQ4UborvhLXmgwp7RrVi8uGDap3g8szsq50Rygvctk4qs 6H7VCOahw2VukqHOypigyE2FBB3kyVXySW5qZZTDz0mjJpmM+skJU+keh+xObcRMFg lMJVp6BPDBl7ZavFsN96Z/9wCnZUCCx5tGuOvD/jrPe+IBHftICjQwpsP942jd/p/G RUBXdVM8m1+18B/u7IOhLk6JIgh2A5I+xiPF+d2uA2va9EVlqVMx+ydohM0jj0ZcC0 pfEHorYN+PE6oaON5Cz+lJ9LNMu+s7qegjXwVBmjWaxMih4nc/V4pNxYIuzVcWbZrM YD7BfTXH+0Ybg== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:34 +0100 Subject: [PATCH v4 29/36] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-29-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmvgj7+0Dl3dBMUzy5osqtFltpvLjCBs0jiIIcl T/WAIVWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFprwAKCRAk1otyXVSH0HLzB/ 9aj1GvMDbc50DdhzBKgei7+9lJmBts7z3e55GSTyEGh7mW2QSHPeDZmHTd2vMR2pspdUwkQEenPJdi uuAUCeC8uv79EFoE33H8M17We3UnjGGZlekCrS+H2q/tLk6UOEOa5tN2H+EsEEt2391WwHlUPdmRc7 raOxBtWEZp4sSUFS6YpHns7d5kWppmv7WZEVTQd6osLBGQ/OWVH1DJngsg2F4U/AQYqmx87GHLtChe 65A/7/WOFjXvjbU7ShL/aoNHl3HJaZCEX7fMYJ1Wv+XVrM3LbHqJ3o/1czI3tACsmA55jjBJ5SiK6G erIVmi7Hb353T0gVoFU6xOZK5hAU/W X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 271F54000C X-Stat-Signature: ui68ftu1u83rennsx5kmdgxpx15mkh4j X-Rspam-User: X-HE-Tag: 1691445873-902402 X-HE-Meta: U2FsdGVkX183LQ5vcD4W40QAjAZ9kSHKw8ibKUg+4ga5bnjpxWo4pEXoI0eBuG9kjIAg8P8rYm3t2m9FfPw6GH0hEuMo5TW+rLEJHnCtq3WxvnnUmHNBfqs7oUXfG6mCXF2PR2enjGGO8tpEbaWK1hdwhwK0leEf4rfZHaaa8MM7VrwxMPYqZ3G/haocvyXV1L+vL1By037gMvHKa4pbJAW6z/Em6bNE6+GRbpL5/heumANZAIzmCUB8LfwiORnE6x/3pt8/w0tCmB1KanVr0UI5n/pCDbsSvGtuS32ZXbd/qX+KRFP21vg07B47/dMTPaVxp2shzM7OAty/mnllj7+lHxO5ZlMnffg5TR2D8xOWaZ8LtmYNSneGkz1xpAH27QhCv/tLse1z+yV6GHzralbldr7s5A40Vo8wwtJsxZ9eR5yZZdWtrsYLxYVA680xH5yV5+U7ULUz1gBBFdMeUe34W+TWy0Ba+4QM0yY+DOwL/YPJ1fl+clkzcKEEZuIKz1LhegydSAskTe37zBsZGWaJjOuUhzSSHUmdQa9CHKwc+0Pn8/TrUEqR+prEv8Zui5LobTAztB1bjdE8g1K2gt2uzHr+IbGLewwbGmCN+JkotASejhTaiICg7vdKVll8KPd6dRfvetl0rl8/wasKYNaw+PUZRKRO34LMvdZD6mukKY1EAHtaS7ihS8tWgMehSrHDAe0PsykH+rc4yUy/aapQOKmmZCjT5z5az4D4j7FfuqljDjD2pAIGkySStJQKDtFyvd0+EKk5oiNoy0o+drI9DcbJ+XYGoRDCS7G5tg2x8qikfkadfhNabo26HYoDjy+GkB2zpLUIHz7/49AQOnZ9KuaaNUFIkfkgOQKIx1yB9I9ELO3XSZBIhnGnK0LyIBUtgnfo3OUsA/gdGbLd4k9/VyniZjxlL77p+PT4y+AgUfUyft3H+fw1Utr5T5cKDxEh1o08KYAusKf2sSn API2cgqV uIdfuw66z6bbGbzx9A+7Zo1LJwBR5MOAN0xGHJIt5jnJWx4q4HW42Vv/9MIwIdMYEGIm/GkiTnpE1BoYZ6VPaDsfj7FWRaEFUFawAK1bFpGD8XWfiM4blixzY6vbtAsoSbZMKuQ/fggC/dAlnrB4lnUKLDMR91zW0Ffgb1qUPK26AhkRBs/vga7oRkxNah0DnMaOxiamBcU4lMUOwbccVWJSujiXsxNJbaTxhiA1fcysziy1BFV/BvXaH+5+PmL0euahf8EbOPvpoDkb1cyhjzXPHTpab+xkBZ5zWoIo28C5G2AeBSZU/ss4KUFWtD9srAeKXdBlcxALTIplWZtxJh0PF86ZwJp5kQPPzYwR8JP5jsZCIoG4DKs6VpA0QsTTItfgajvTr43sbjvyD9aO1bkQ+iEieY88plrwGgifqydxEV9/W2nEnVk1EKCylWGYkyCL53FsYDLUVEqmhco64rPr4hEiLjxKR8tDbRaTE04AM+fjv8fBSQNK9DpdhjXVSALBiHoU0vmSwxwWRKmZ5WfBHOCJ7TQ8/5LdI X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Mon Aug 7 22:00:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345152 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED97BC001B0 for ; Mon, 7 Aug 2023 22:04:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8CF7E8D0007; Mon, 7 Aug 2023 18:04:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 87F0F8D0001; Mon, 7 Aug 2023 18:04:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7207B8D0007; Mon, 7 Aug 2023 18:04:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 625ED8D0001 for ; Mon, 7 Aug 2023 18:04:42 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 3E9D780B1E for ; Mon, 7 Aug 2023 22:04:42 +0000 (UTC) X-FDA: 81098688804.21.99D7DBE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id 58C731C001A for ; Mon, 7 Aug 2023 22:04:40 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oqomdH85; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445880; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nDVR3fn2xd0MNSzIh34zJUX6KbyaSvUYB+1ILixlbyQ=; b=jZo23Uq9vZkJZCA+NADqo4cI+zl43lS/5/oz1F9fG54X6hUi9D636eIuIdjIoUmIRbifwo TEGludfc3XPpE9uj7dq2Zxcrr0OFbxNqM5aCzVsltMefyrw+Phza1DyfgHnxHKdIoh6hj6 s39xQCstlYfW/Mo3hwN80pzgK4Fl43Q= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oqomdH85; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445880; a=rsa-sha256; cv=none; b=p+BpRL1tx43vssm9m+Fjk6K7KqjZN/Sa7TAt/AlDogdXRgkster9bvJfhRORDZQ9Iyka/9 iGng4dm+SumcCUtlf9rYnaH87/0JwE9pp9/PEt/iPwwfN5/FnxICRPnWFF1g04jJ2ZtszZ vYxAmpQDOcF8d+BLnLN/m1wqNh0X75c= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A3D56622BA; Mon, 7 Aug 2023 22:04:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A85DCC433C9; Mon, 7 Aug 2023 22:04:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445879; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oqomdH85xVI6BmcDXTpgHh4UlnNkfgbBqDewczWS1Nny0bLCpqHLQMZ2yVHmelPyJ DOXHTAFajwNq9EOW/SccMyYrcWr3XkxSVtiNpAjDzEeNT1ACFrPSlpQlWVrAx7sJaQ QgrepD73UZaXrOsnk/dnttsFkGUxtl988T1WSQC9X6O4mNZdLE4Zyxdqu67WSssa1R 0vonamwAx+mrCYAzaCHAIVI/vrmawbET6I7BoDY2GLFVwTHbDFSRaY6/SzIh7zQ/vP bgTZ/eW7Fb43SVWuk1VAv1pyD2vV9GZl/kOfOjyCJlLnKvcq8WUJDlSssM0uarz90B xrQBZnzbfEDmw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:35 +0100 Subject: [PATCH v4 30/36] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-30-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; b=owEBbAGT/pANAwAKASTWi3JdVIfQAcsmYgBk0WmvLXsYxqKRGRlefxeZBqhl+PK999pZ4YsuCUid ++xJ7IWJATIEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFprwAKCRAk1otyXVSH0GduB/ iX6rAEGPgUi4hoQidaZeyfLL/SAuncTAhDLiJc/dN+37eF2A/eLomNoOwnXVaMbkfTh/HOZs7RbOaS Bf3YsuKitPDNaiL6pvJOBA4yU/0JTtG1nBy+55u7Jnmq7nPA09WektTZMH9xGQ7+7ROwjUD24qlZpm tGM/4QTQTT3XyIJrAcUsW9SN2wozrrMk80KWbc8ICQgTVDiOn9u4NFhJnFfFBG7vKs12nZFri272q2 F/xUuvA0cGTixwRUDkGPwBoFFuYvFgwT6G5cL4ECG7eBKoa+o63n+5Nq/G+c/9Y/M214+dR3CdyIZM n6Ext4XFToBJniT3MCC6DkP2ofgtU= X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 58C731C001A X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: zmbkdor5o53c8dk1wwjko8hw85xh7yt5 X-HE-Tag: 1691445880-170521 X-HE-Meta: U2FsdGVkX1/iQFKnczxC2HRruMG/eWqv84toIamo90UmIzd/BmJ4LN+5COase5WoHQPH6aS4OtNDVpgX6hz8nh0LiFejKAaLkLWyORSmuX3kea8BJrio9F1Eab/lUbRZ59wgt/rHdK46vxvLKFfkiZeRXNihF+9eR06G1D+zl+KuOjbtyDuAomXl34HmFABUieKljsVR104EUKZa/pnQWGYrZuh/pil07TCSuodn24wPc079Tc9cvTJHzkJmSmMCZjTPI3tgbZ0HW38T6WVjg3dM1CfzBC4lkxxBIFMUtdDTg/WyYgIOpn7RfW/vr3eDAVyhKE0PJAaH8bDMFdZgHL+f9F9c4+Z8ICL5AVYqccphuhEGxvZPigvKVU5QPxn8hJbg2Ga/mGLqEJguyo+yfIcuKZG0C6HOD0Y+TyMNSm89FO4KQdA7YjIITL7eDY+MdeBeUuFcrVlonc65JadD2X4qqXPCOc40y78crVh0dPzG4oMB7RXUm1vdXNtE0ZZATShfln/bzKI55MKV2ebncuWUO3AYgxmarvVRtlhZFMDvgoBk/bpb32zxpaWdqCCEt9iLYl3CwSR4JpMHtcu3ko8Y4Ty663cfZxTXbmqZzzC/KrmKnOPzWoqUGDLZi/Ptp9FAHhlDS/Ht505af2PckP/Z2QE3ch+KI0NElVf1KJYmQ2ZX8W5sYYntUxfUIIbVdG2exQ0l8D7EOhkxybITKupQH6N/krqlEjkqL1tcyphlU/GLVw7uBnzqdCsylt3QdqNxU+BtoFh+ELd0VBSGxRpd/cqVFz0nkXPISh51+8xcwikVGDomLsDE7GDaME+X+fg48LBRdUWHFtdiywOV44dWolY77WD5N4p7/e5tTAOIyJeNNlj4CqsTr23tITJL5e5c3SOyhh07Pr4Kl7L5LZD3d62yqkReFnoPSlKOxir4AEPEivIxj5YS+rjaHaRrc6QayPMxvPv+8GXwYax 45EFegpm Od/MSILqwt54jM1kpE7UGs3rSnAt+AF2heCUEQvSHMTlKXjdDGNCQCv7BGj0b64aSqZjUA8/+9g8bH51ojc6/Bj6f/868GZE6AW8ajmR/MGfBbWsUUN3ZLD8m3VZbWntcsYJYycV+UsaOOx4F2uH8Z+mMQsqRExoVB66trero4Pkru3OA0jDHf/F04eNT+2kyi9Qr987v9/1rOBDroxJr45k8ZfyGdK83E+cdfahnvY0++j+XuJCpTv5Hb2O9A/hM2yT50PSxPfKZzXZpG5nGEinqpTTSR+6wVhbR1Eu/N3EQ+Irs+SOsWNM8+DpNWz23IZgBRf4k1TeUYD9JXMFKSNHP7IFs9fbwvL/IPFZFFT2GYSusANSarjkGfGs8yVs0sz36AQQ7Lr62MWfmeUWtC1ogApEbtDhtk6ns7E1GpL/X4iN60+dsqbyk4akOcG93A2Q1r2n8vgNWNqR0wudSZjNnClV7bMYu96S6q/LJH05UJ8H9SKk+Mb/yhw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 222093f51b67..1cea64986baa 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -16,6 +16,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Mon Aug 7 22:00:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345153 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05FBDC001B0 for ; Mon, 7 Aug 2023 22:04:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 91DF98D000A; Mon, 7 Aug 2023 18:04:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8CD518D0001; Mon, 7 Aug 2023 18:04:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 76DE18D000A; Mon, 7 Aug 2023 18:04:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 60B148D0001 for ; Mon, 7 Aug 2023 18:04:49 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 33206120BC2 for ; Mon, 7 Aug 2023 22:04:49 +0000 (UTC) X-FDA: 81098689098.05.ACEFF84 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 2F90CA0011 for ; Mon, 7 Aug 2023 22:04:46 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sNagqg+y; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445887; a=rsa-sha256; cv=none; b=fOTg14sR1SMX0YnXgFlJwu0x66cjyEulrPBgZZALq0Ondz+kd2FVV/AUOJRYv6x434xv3Q HZfy4hp/6akL0fa2ZBKBmegqTCkfbaEZBuW64zuAGQRxleqwLMk1MP+helg419ZHJvN5e2 XafmaX/RFBbg5xAClxSWqag+Sol6Mus= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sNagqg+y; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445887; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Foqm/e1e7IsIZ/5b07feu73pb8M39MmIYBZTRkogGrY=; b=fotaB3A4rheEIr+YxE+bCLQzPBE7yLT7yn5O5dif4Lt0Ojqsdz2UBGhybfnd5h69EMqgax 67xfHVLltmeCTXomIm9vAlQWyM7sil42zHQirBkjrYZ5MlAIZPvGJpfSa5T3lvjj4MyW7g Y/FdvCEe0F4PClER47ZXVoNdpSwwZbE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3E2E662299; Mon, 7 Aug 2023 22:04:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2E8DC433C8; Mon, 7 Aug 2023 22:04:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445885; bh=75YvBJ5QL/+Xe7d9RMK1bgP3aBxI9jQnI/H0r1x906A=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sNagqg+yqozaNcg8gIx5nTeqNRHJPDF1Ey3fHwnxD8tFGU9utILKaXl2jAVBB+2w/ 6LGHd2xnZsNyqWV0NhZpV6Z0P/YoMr0/yjn+MTXaDBA4vBUwYJCnN1+DOq0/pYl+QI gEDWV0KWFq0ZkmU3tkZz5xVnHICdp87cTBpGMbs/H8mz1yGJLYzRQzoaIb2PfuR3S0 wkk6tELYhpXEuf2wINvMZC+TTz/YtF2BraBKxzcChRJcSEnmBoUkrzhGUQs8xlAzem V3DnFGUPpdcd8HPyR+BgLNbzjCJUXuESsqfF6UB1L1TG1oieyc6wWnS46m003jARVT RoqLHXXGUw8PQ== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:36 +0100 Subject: [PATCH v4 31/36] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-31-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=13012; i=broonie@kernel.org; h=from:subject:message-id; bh=75YvBJ5QL/+Xe7d9RMK1bgP3aBxI9jQnI/H0r1x906A=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmwpXJiJeWhLXlO6VJSSEfAIQrQ/pXmvDNHA9cP BGzui5iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpsAAKCRAk1otyXVSH0BZ9B/ 9YRKc4FuePEawqICTJYt2cpVvKFIaRwVi9WjNK0WWodHTX+JIHoSkosFZ46U58fUOPCaf5uXLfcx0D Hepoqyf6rgohR+d7OsGg5op7XUsonx3jOzhiWf34zm1t7YhaHvMSoBCSG5qsVxg2/T7lSrhtpkMXea DhB4DSLNLYjlzN1fejgJ4RbnvET5L+m5eYXOiDXcG1qvlZv+2haFToT3fJDKOo+Sk4/VglKOShfED6 oaLV67bgO58j9gzPuNAOJAex20W1HSVLmnUeosyiXzovO+RhU6G7XJG8HmZXwsH9bBQkReC1IxepVV Za/IBe1he5PzB5SKvY7DTeuMVdzIAd X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 2F90CA0011 X-Stat-Signature: 8ge5bd3z6qgbjadufewot1u8ehnz69km X-HE-Tag: 1691445886-757212 X-HE-Meta: U2FsdGVkX1+ifF0vHUSJUd6GXOO9i00wUISyT1sAgra+Lf0PetFxYseBDuCNPN3sdCMvMopi1Cw+BvtsJXs7gevs3HCmOe4rrTebTcygUi8UizFVUkIBL+UdPehPiYYg5GPE0Gwg2w2EFWqhGXiGJNFGZhieG4gJlN6zbtwFd+TwMlgnK1LqmLv09GBVCToBK3p/V9AGI+QrYswCDm+IixIeJuQnFeGdJzBAlRVunYDNvvloY28B47RlbyHwbd0m8lN4819StkKilK0TsmUkUGmNsILrvKT0T/ZNfECJqARmv8cPM/SD6Tp8jEqJ4+506i3eXIiR6oHeZ+3MkZjrQyO4JtaFbqw9hnzBJ+nLfmKSOOPGxxRkRntIcsD7oj6RrDMqvy73wYMMPGQNhr2iuqr/RfalW8TGqxYuE2C8IxmqJqC5cJDtJyhwwCN4fK601p5rHlXDiJ0NQV8KPQf3vz6TQzmdgvWHeucI9JNSuZYUUC93wDzvkkZQo0BbOTwpGCa6TlXT+SIxT61bFi/w+s3eII0cMJXnAkGNz2Ux99a80Da8yHsZFTMzoVGXkzCnqojWPa6zVO7tVRjE+hHb4AH5ONVfLF3Zn17uOpbTA5bcjwgwHt7Nia5qgzIC0fdYNdGHnz+JhaDwzw0SLDfPKY72t77DPEx1QuBqCiwUdFXrwb/qXTscb3Xz9aRHHp4pucCY1hl0Rj+gPmg1QsHlE442UQkf0vZOWmE5gycjJ62h1A6sJNc6d3RTpjLAHw0Qs3QATFcIfWU5nLJ09ahGjQZknkB8hMCYqkgpfefJO7pKOmYkX+Km0BUHe/kSLNwk/nCxhWgnAw/j6ZrrsToHhSQ1F59MHaX1ymtyRA8znk/+9/y65NvG470AsKEHa01lJVxUKbpTsSkHOgY0y3MFueyhsQ09TNP32ChzUKbEcnNxPFQJcqZv/td4roJfMyZ3HQCSNG0lm2RvlKFGhDt zN0otyjE avL+slN7IVXItaHdQoGTbmItqCRKTG0EwjbrVDV3EjSNcXUQN0eQuvIrlU2rkBWG5YqfR81uy9ST1LN3+N4h7IuamrATopSFEllhJqUdlHF/Grs3gBFHmf+WFbg4GHR2/aWraK3fXfKODAXRJOZ4vm+GdBgHKTygM+/JpGzuOPc8lmCm5M5MnUkCUqR8mDXa7zwq1s6L4+se24h1rFOCXkSFjulWXgmGMYBwRnjZ0i9qrMZBtGLsDo4xPQWXN5NJuWSe3z+p5Nx56YrLtBzMlEcPQzBTw5qiMPNxjqV/uwJdTwrXP665ds0peATEKA1DYk7rIQEugV2bnfQ9BT0hygxsEdo4Zp/HcaOM2Bnp1agscthZh/NMel97i3S1I+fPtrpCSwnG+YC8ygG/e5wL5EuApdQg5v2JEcq30S+Z1ZIsSj6s= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 356 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 87 +++++++ 5 files changed, 463 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..0fac554a3c4d --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,356 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..c517f1a710c5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Mon Aug 7 22:00:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345154 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12C55C001DE for ; Mon, 7 Aug 2023 22:04:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A2ED28D000B; Mon, 7 Aug 2023 18:04:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9DF5C8D0001; Mon, 7 Aug 2023 18:04:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 858818D000B; Mon, 7 Aug 2023 18:04:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6BED78D0001 for ; Mon, 7 Aug 2023 18:04:55 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 32165A0BFB for ; Mon, 7 Aug 2023 22:04:55 +0000 (UTC) X-FDA: 81098689350.30.F27A679 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 3F4D1140017 for ; Mon, 7 Aug 2023 22:04:53 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fUygPdqL; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445893; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hyrNBjeUstEm9WaZHJMNcaNKCOBSmOOEH8vdj3P9CDY=; b=AUju2J5Spna29jqK24yWGqcW5WAnu2fAVe/uboJZpI9tXjN1Eenb0cqYjMAwpxnEWLGlUZ XQAEuMM7JGLt3BBZpktLyVT04eNIvyP+kdQ8mTmPEEhnNnOOYG+SSq4av1TyAJ8RcPXCX8 6MC2uTX+X5l3RhPKXUMwBtatthN1HL8= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fUygPdqL; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445893; a=rsa-sha256; cv=none; b=R3Z3tkbCkY3pCxhubIxEMyiKu1wLUNG1qmadx4x5FVQrztriReUwhPvMvdFJoyISX89CbT eqp1LmjDjzMIBRUCQjbzm/0c1uj3g/68+e36VN8g5XH9AbWpu22LUpQYmuE+eDlf4gmFEe H3hogujZwpEMGZrOOXPNCB1K4I207LM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 73513622A0; Mon, 7 Aug 2023 22:04:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F51BC433CB; Mon, 7 Aug 2023 22:04:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445891; bh=bmXffNPLeGaR3X6mpkasbCD4Gs6j+7nWIYlPeJrCXTY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fUygPdqLjkrxjLy22vj8i76tpvGawZv9Py2Eh55A/wfNKxkQGJ4By0SaWpA4+2Eps AW1Imv7LTlCQqFF6NzkF0ZfSD2IPlxqFturpav9CmOZV/E7DN3wVY73neNxLbrMxTW mXXLGItkfnYpkXDgUXZpvqfZ7mNFz7rdk7mBo+M3yMyrBJd/Pgab8MVRYMtsBrA8b6 sYDL0MPsmp+iPJg192b093mlGsZGZmascmzsQ81yiovkfAgKChZo3YmURMSZ+11QaT 8HUFcFLJeGTb/iI9cUBd4aQ6hF84jFqnrWncHQ0hdnpp3M/DJSdTIQJHG+oVYENS/p N3/TCgrMGAtRA== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:37 +0100 Subject: [PATCH v4 32/36] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-32-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=14855; i=broonie@kernel.org; h=from:subject:message-id; bh=bmXffNPLeGaR3X6mpkasbCD4Gs6j+7nWIYlPeJrCXTY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmx63lI+lu/Evu7qwfdS81OeuA5MjudXJ7LKFZY S8lHFu2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpsQAKCRAk1otyXVSH0KWlB/ 9mNm5Cpi2zJRzMzJX2W4pz/CGSgVpkhLOCGzI8npNwI7Ecn6KnpKlzd0ggfrkca5lRtavL73KHUJYL QSvEVLJz9h3G/sYM77kyzluXaF1bLhbK3GcK0j37EEzrTQZYBTgNJn2b4R40yYsfuktQcM0BTp+f+V TIDNw/ED6pRKXuReODAGoo/0RX+UR+4zayOfLm+iRSYvy7rDM0i6Yc1y5AYLe2AAsdNs3O/baeKh2l WzsXb9uPrXeQSDmU4am9okT3f/Xk8D3HHCVFOnjbTWugTbc3Ilr/0g8E78Mf0ETEjpumGBD357ZTB1 FtZFq+OjZB1VK+ChP1Qorze2ErJZFx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: o6rurye8qypexpdzutbw1rfshxb147di X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 3F4D1140017 X-HE-Tag: 1691445893-916747 X-HE-Meta: U2FsdGVkX19TO0QFrMit2lyHQzuPnHVG8NaLccnd//a1HKfvin4qLLfdYbHA+FQ0M+A8UKg48rKcmQRtSzfK4+JQWgDPIiSitZJFZIr1yVmVjeeq7Qdyg8HN24avCdLXFssr+hlh9bBYPrJv3gUzQtTl9Ydsyvlqkjq1Sf09P1LKM/Hw0693g7lKQXvew5f7RS7RFNyDVYzSZFqugoBsG+g2N2zZeb8F7I0I/pEseRoAcMWdAYnFDBuK00F4pCHLDn7iv7Z6FpT38kYcDscMpVMhsX6jg+u7y1zsCbgWgTMOVDtTMYh1OswGq4SxxarXIgGLJ8VkS6X5ex16dCnqCcXRrYkuAI/oDB6u4XzEgLy7axa+zOixYTPwHDYIxku4BRqoYNtJOZqgGOBMdl63A5fhn9wdiPblOQ+emcM3NTqethClAVp3bE0PDTFjSqJH+o2BdWtFP9EeT8AtudsyVMm6iPVANaXppaV4QMfeZoWrDT5/XAfsX4bdXGeZheqC7RDq1rTqbSENLLemKqmOWynzCNukpgKfqDtCkptoLGzTjUFBVMaq2zoFGblimBl5+D4w2+rpvHZBExwpAxv1c3/oEHbmFh+pHHsD3oDbtlGdp+kr4q0tQFba3JrhlWyd929hTL6yma3ZgpFF7t8UJbCtdQf8JCuXbJicArk1o4HS0h8Dum6b3aeeyYXyJ9SX6fjGbtjywEp74Wn+E59roNjsOGBFNvwxShpEqFu/kX4krSJymW10EdNmWLM9w0Iy3t43vRUPOn/c78RvtwJP2FFfbrGOlkBRb5NpvZiKD7rpM2DA/R1jrOqDEgNI4mJFaoIB14AVU1rE4Hx384aV1/6seVCPMjIQZspq+spNZNm6IVdh1E/KFOtYsJbn8OvPVoP2af6AUZvna8sAIpL0i0/l7JT8kI6xFfqOqCyMjj7K8kn83WhHNJhHoTLqoTkBuCEO+TugtT/A715Hyd9 DA5ujm9D v9OWCY09027dJ5mdDvBRpjWuyHF9KPa6LkTAuLLiDyPo8dkWAkBhSutyVx0Cgcu5xXrMaHvngIfoT7Wb/ubV/RWbZEvXv24Eq5POqKeFWQz+PGuH3Y8keyzQyoYQSCDaBH2nsIMBYt7W3QKGA6QWvTZuUu+Hb6q1llSHwn7HdVPet1hQH1a710uNk6HSiK9L3ha4/kWjW/NMR8q+gn/zl+yZIk5omztxI0dWH+4djSy0vlE2HF27EQo0dEO98ZVXKk1KowaJS1us2DEPFyMZP+xlcnDA+kevESGW94UEtQo2mejYmCtz0IaRHEbBnDSdCtq9a+MXm1x8iTKxPqhpzqTTv3VrbpwZxZpJxA7+OedsDbJwtsX53ZoAHx+Q3/uM6sLC0nABQKyZpSaCv2T4YBeL0uBxicl85OoZO9+ixTlXAk+o= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/libc-gcs.c | 500 +++++++++++++++++++++++++++ 3 files changed, 504 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..5d20442358ed --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,500 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %d levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %d levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Mon Aug 7 22:00:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10F41C04A94 for ; Mon, 7 Aug 2023 22:05:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9BAD88D000C; Mon, 7 Aug 2023 18:05:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 990938D0001; Mon, 7 Aug 2023 18:05:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E3FD8D000C; Mon, 7 Aug 2023 18:05:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 6D6DB8D0001 for ; Mon, 7 Aug 2023 18:05:01 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 49BC940C11 for ; Mon, 7 Aug 2023 22:05:01 +0000 (UTC) X-FDA: 81098689602.18.3223072 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 6DD2D180013 for ; Mon, 7 Aug 2023 22:04:59 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Viub0+3Y; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445899; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wVIQOatPna0iFL3WRNbrJxMJgExIxYsZk6uwuE1VaNI=; b=N0Eshm+KijAACKqEMXqcmXiJbrXdrasPgkWFFL2JbsygnKAvxj3uO3k+ct8Sl4DjRovfhy Yk+w2F6vVqdHXcHZRoSrgti1TI8sYFrznwmdUSoXsgAQZQu9TpfaHLVC9Mz0XEfkS9EIKP AnRj1oN1uM2qERHUnGuyfpUjppjAqgQ= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Viub0+3Y; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445899; a=rsa-sha256; cv=none; b=qpgb3aPov8z6gYpOGi6Mh5jAqwM4LbGixe71pQhL81E4aDH7MFbAjG6V0OKRtS2nFu7X3m BZJu56TWKEudLFx3lMdPF4cpGLumNFcBhoHkfM2JojT2hyHeldfsQrocIYavVfCF9A7py5 /irirBOJvdFuqmN4/03pYfk1opJJoKM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9CF8E622B7; Mon, 7 Aug 2023 22:04:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4CE5BC433C7; Mon, 7 Aug 2023 22:04:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445898; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Viub0+3YDdK96RLbvcjS48dbEXvfC5pa4QoAORz0LyXsMAVUG/1zaxs0PxUrdcUiX NCjOXJfXYjXr7amwGBUMbzpr8BvJe8lFacFAe06AYCVERrNDx7zI7VRwwVD4bawlQP M48sWzBfrzWqs6MZ9Yz1mcHhXzt3SMHVxRFWzw3TEti5LfaPhFR4NsrYaM6gQbu++o YFxFB9SJvBeQWMPrswz++R27gWk7HgZren2w97TDPZV4RcOee5zEku1tkCjqiiBjwd lOnDaqcdOwmP/h1UVDDEfNdlYZ37MfXEHJafRMBUOkibjZYhZF3TgsMnZL62xzgI3X GRm7UXieTEefw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:38 +0100 Subject: [PATCH v4 33/36] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-33-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wmy833RI05pBQJNTz7t1U3vX5cr4i3ZM+8P5Xms Y5DjP0qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpsgAKCRAk1otyXVSH0FcMB/ 43hvcuUQh5Evd2eYzgjYV0lbil23x9rREejqSJUUALiEoOFErGVQ6fa6WHJEJAj1dId34JBlPbxfhk GFdJtCNFxXrQ0Y7EoCyP0Xfto4Ej2fanrsOxMzOTXMQVF1I3G0i/4ZE4wJg0QzWZ80s2wOy8M2zYtR sSQS52tRAwNx86hra9QGVZ8Cngx47vZXC6sNyeKRP5sn9ulHNtOfMxt68VPkpoVep13UNJVcZbpF31 BdgSWDEH+K/Bg3z6asIFWnV9C3i2Y60ONLoOVBu00A673IoDdp7ygVa4bTiWzyfRRWUYxM9BzoSdtm bhZVw8/PeXFKs8u3ehyXx3aAPzorvW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 6DD2D180013 X-Stat-Signature: sng4pwhghz5fcx7emsbj81zbanx513xh X-Rspam-User: X-HE-Tag: 1691445899-838045 X-HE-Meta: U2FsdGVkX18l5O85pDDOejyg8wX9qYbAGlM8vgAdnip/t48sOKIdwrwndkrA9A+cxtcT9ZJ3XMJUTRDFo8RRJOZgAPtLe5vlXWUFvd0TiBYe5eO0jRIDEUqkQtBcLOPsGjF1Xti22DAMDdojcjHmKZCS55jkj7Nz9QBvYyjRvXkEzrXb8+8Sk+5zQ8+0sNZcP+823EepOemZbWjafpfCe5SmEovP3RXcL+fC5MeY9n/WKOBNylkwi1L4RLQk3dJxP4GTT0pFzeeZGx7PqRERlgRUGm8upX3ubKjqoGjtlnnh6Zc+d3HcVKTD3WP0LvUmo7ClyO+ZaRsJyiI04XYltui77obGYUTkE/ybpSXXSm0ex1Gq9Jr9aaia0ufuEA9EXqBoteW1z9TkJEmK1SesMaA97iPuAStVjvRj5y/U7VneoMqhfrYfkp2bxK+J2DIg/oXVl8Uo53J89O+r6RtJwRRn3hZ3Hpm0TDSfRxRuX9oxmbYpB1VsBWTgVZrUIzLM94GFf/d5tUUqhzNqmhoZtLrHmvrdsaLT88K4ASOqbL8I9uMyBoNO43qk1IpRM5VWOP24QfjZjuJv+O1CNLUQFS2eJFrPxT6OdjQz7MQLWeekUmUkpwbdEADvjy7xEv86MDd0D2xa3tFo7mb0tXHnOUZK9Rka5ZqeoE5/1335wpl5TBmmbvKlric6fS4WmhUrU3zJkRmfJcnW8QWZNRpnj+Es2tY05ysOTKl91fmVn/wQNspLpPao5bqUgn9nrIxi26JJxGuYrjsgfht6vcrqh5WPY1//Z0JfhXH8qk4AWK4THkyk1yh7wd3QnL5XKR/g3Ama583daczq64xj9VgzrEdvqQYRdt3zt8hJMUsrol4UNmhLj/r2Q9CYriOIYp5pRhwzqzeDvvQtdyBvaZUXz74hc0IJAxAVJyaRTSeq78yuVFBEN7Dkq/JqsLK6d6KXALfJ1dTzG/oykvlSc6F fK4N27yA /z0e2N2FpHbkF7giNeigdTzzwrOi9rsvzhz4a4p9SKZyL+NqfPUH3XTxS86gZdQgOl/bl/Su39x94FamdizUepPgLyjSs4KShBU4/iND/pjfd9r2MZ+ElbQSG9I9X8Ojj2oEVldL4b7wFPuUAAOtchneMxjZxwewkNzk+wyi1OZ7gp2acOcxRQVqTYboEWq+7AWWURJ8Dy/H1DpiKl+WVooJTJt5c1bFNqY2cuSP9Nx+EEyt8CMptIKXvq/1fyoHgiQtkZM0zUneLYyz0ZX7qYrB5BEO484iqT11qjQrPPFnPtoPqQFwOsI0MzklsU77/XVwiZHwG6C6V0s6AKDcIGr6Eda5VaNjYXPQXA1m8MZmIbw0o7yrw6aekd7mfa3j3n9a5R/InfWfIS+NRz1occaYGIB4E48VasoBlW4csP4DsOzQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Mon Aug 7 22:00:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345156 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE0A3C001B0 for ; Mon, 7 Aug 2023 22:05:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 796BE8D0009; Mon, 7 Aug 2023 18:05:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 747028D0001; Mon, 7 Aug 2023 18:05:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E7CE8D0009; Mon, 7 Aug 2023 18:05:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 4EF818D0001 for ; Mon, 7 Aug 2023 18:05:07 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 258C2C0BF5 for ; Mon, 7 Aug 2023 22:05:07 +0000 (UTC) X-FDA: 81098689854.22.2F25EAC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 3309CC0012 for ; Mon, 7 Aug 2023 22:05:04 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rVZbPBZd; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445905; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jIwMC/bqbkUcFEJdr7ERJSD27N7UwacVww2kxw5A5eE=; b=IKfLm5IUjXzpoXv8gomAaOzLgP4m1H2io2Mdmu5nePTjv5SbocuumDhiK9UocpcTMTgdKR UYAbu76eOHvqQsbbFcYBTkXTdy9WxjE2pWQvgkVKbLtLlmkcZpgGFLVy6eXIXqiZ5ocUPp e97jHRfGiJaxHb125MDic59l5xCC3LI= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rVZbPBZd; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445905; a=rsa-sha256; cv=none; b=YC6EcLOTqSmjN/zisOZV9eCfKrGbAwSC79XV4hMp64hMMtwxlS9wj79dyDpgbs5hnWSOJK Y6UTI5DkooeJ8HOMiiJUcLJJjYSd7kzdhd1xpiDVdaMsa8xtHlgWQLAxl8nI+JIYn+K15X zU+DcqV1aZKTVzduUFcAOK3GVPCO7zM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 69D5D622AF; Mon, 7 Aug 2023 22:05:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77DE6C433B6; Mon, 7 Aug 2023 22:04:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445904; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rVZbPBZdwcP1QVYU6kAOqJoyG/aALvVi0kYIKgykOU8JY26+tMgaGCV9jiq01ORMf ZTB6wpxJpaSJzP8w+xtLeV+ipSQxFee6KDpuW3RdjGwFeZt+PzJNwRTXBrOqTAagUf TYA34Zr0NG4B/QobaUEQu5mSh25QBBiXVYMnE/9P3hTBmm9BK2s/LV8K+YBcUAi2ul XP2dYs+yLcd26s6YfArVZkEbhjHliRWgM2OQPae/d8guWmHMi0WKC62qRCXI6aMsNJ PgXv38r1L0tkDLCu4CD7Xttf7Sp8BkirhQH+OQrvis+saB2JVxL2FU2yUmToTfXn81 fbeKk5+ZJ8Dyg== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:39 +0100 Subject: [PATCH v4 34/36] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-34-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7313; i=broonie@kernel.org; h=from:subject:message-id; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmzUF0Z16avH6vwqIGlUoQuzjpHKAhiGUXv4Yq3 xnBMpQmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpswAKCRAk1otyXVSH0PXsB/ wIXBuyl7TwMToWk0pF3iIL5vPvG2Da/HuEVfn3BBVOX0MzvHi5qY7ABZl0J6OakkbOeiXeu6acuJ+j EGTqWt65KeKB4slWqhxbRqVYjTgiwEfGoMfQX+PfUSPjOv+7X768j9K0Q3NVJ2N2UVrK0pRPKFJ5HS i+mvYUv8paijzpaIWINQF3Gu9wMMPGKXuzXSR+AyJdFKoU+F28WhsXWUSBNYHNOaIQ7F/ZoRfzoKAJ u44+kCYldV4ldEmNyqu3W5nC8F9KxUaaO0G6BWXzSyIzlSioEnGS9+X7R0m8fEh7p+HBF0O8D2eLh+ VRy4iequkHzLnQGjatv+c9mdheOhj4 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 3309CC0012 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: frmuwkqgqjbk9ekcbeb4pexpcdh8eq9p X-HE-Tag: 1691445904-75175 X-HE-Meta: U2FsdGVkX19Vv/NN6CS3zhvMh50+QZriZXlHmDelyUwDY+EVZW3UcS1/o+fUQxq3UNag54iC8tZpXFyBt/eFDr+fwyTVG34fm0+fzqWxQVgVDr6mBquL7lPmRhG35hnjEzMGiR620Fp1e4/mohO7MMoSNZbSCib33B43Wp1uUsfweBNUBE57kTskhoin2ReEjwto4KLNeJoXG5DbRQRhz+7q2kEJYRxa2P05zWEIiy6j1Mn/WTtPvXnLn353hoPHx4a8VsMUdMukHbODzk/qFvzR6RIcaYFAZwMuKnPdZGXu0qeQKBwZKGuGGgfsiwQCI99DfYtePUWfsS4FCA02lTejjMo4P5vbAQoOk3LJl/aIA2o3aqqYfGsjT2KbhyqJS3pNI3x6B13JNUiAAtRqx8fDs81RV7wCIF8BRkYz9cL53QF18rtq1Ph6OCEeIW5zrX6M7IqwoDHhGM4690WCvPUIGHnoUImc7Dnofin2NbsqFU4BTwLrMWUdvoSPikcnUQLkg+kR1/dtmaHvr37/ucNKRP8QIRL3rOJZcLPZvAv7n8OBIEdf+yFVQdblpP0JBS+fHcHaCC2Y7Rp2iixyskWbRnruJY5tpJQTkDZG/LYUtFOg4/qvl84k8Al2nwingE5m+Kf3vefmpWFX1COV6zsKATnSEetX7b7EqT9rFAeKy2nOtxHfTzn4IKaVxpDpXvpNW0j0sEMi7lwYnxNpWJSxAw9vDJLJUMlQW6kp3lbwlvsDNP5kkhwTvfb9R8Yyj8K8k08f6EE+zu3kw0wFBhhEo4NfA0H2BUDD+N2bJ5yqaLYI+RVejGsVhMaEBQopyVz+FvLnfIeYz9vrWzLW1um+g8u6iI1ZAkVUIMAVYV/PjrbnyvtIFgRUHrqrTUYtzbahAsi+CrLnmh/fpwvesS4CEh2YxLAig+iAbufu7kdtuAYqZ7p/bsqwrbjzhu3mXjG+Iv3gHs3er6lsY3l 4grQdYMQ RvtvoO3bAezQX+AhrdSxysCVXSuS0gnXRFjoGd6RtZ8NME9iNGncONtVxZtJZSUe5O35gw2hugZpe7TTrJM+5k15kjutaWICtCJrBXLUfU8F5082R/lSRQm6hoqWd2CUWJNtvvHecbrydJGA9LwCmWhQlJcB93pcSzdwwsOZmjBHSsoi9ZMazyduyxA0wlAWSOj5gVQ1KnRTk392r2XdJ/Kn1QUKPRcOii92XoeNDhcOLC9f6UxLBbqEJXv1Uz/sRhudd0NQoOhBqBuTRv2Kzle4wyFg0iDc1Zee1S5geY1T2U6e3YtzgFI2/YRL8OIDA1mG6oiFcVwL09wcSfjcvLTthWw/QivyvmR97hdFzAoi4ujQ2ZdOgaHkoucFnEAJKVDRWiquTNzmt5LKYGoyiGiUzyYkjOjrswMNYl0x6hlnTaCb7AcwD+/BwZfrBSTrl9Gu9sQrIibLjJ6w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1cea64986baa..d41f237db28d 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include "test_signals.h" @@ -45,6 +46,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Mon Aug 7 22:00:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43106C001B0 for ; Mon, 7 Aug 2023 22:05:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D3CE08D000D; Mon, 7 Aug 2023 18:05:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF69C8D0001; Mon, 7 Aug 2023 18:05:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B17A88D000D; Mon, 7 Aug 2023 18:05:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 9A6E48D0001 for ; Mon, 7 Aug 2023 18:05:14 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 623BAA0BFB for ; Mon, 7 Aug 2023 22:05:14 +0000 (UTC) X-FDA: 81098690148.30.BEC158A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id E0F1C120012 for ; Mon, 7 Aug 2023 22:05:11 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="e/QhVZvF"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445912; a=rsa-sha256; cv=none; b=lC+sPbwZa0ReFc0HJEadUWewZJI5n7KGFhITOL1d1B28EAZ5T4Gb/XXRYsHrjp/N3Sjudy NPyaRBldwGhqf++5fPd+kRS6R/mA0Z6AiFiVODBJTHPowxLcOSZr+VXBcFYE7eKFlejuTn fcvjr0UEmBcP/DWnEpq2TD6qpC4wf14= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="e/QhVZvF"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445912; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PhDpjqz8s8m+q7sBQGQ168X8mcTQkmGJDw2AKcFRSZc=; b=BIXBC4TivIyViIUSFSJX8kOWJQySZBEdyIA9kfVdNRlsbDY6RhpFZeNUQos4N1ziA1yT91 h4LKGPPY+FS7s3V+0oIQJqwJ1PCzb0WeCsYyaycRee6gQnUj/FiBgJ3a/dcQEKU960JCQ8 gSV0DuNt0FfHVM4gziGFQotmQsVP8BA= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 04005622B9; Mon, 7 Aug 2023 22:05:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A738AC433C7; Mon, 7 Aug 2023 22:05:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445910; bh=lG3KgbVIo1r1OqYBn7opAKflBQLCvcGKxyXVF2NNf4w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=e/QhVZvFkqjXk+rQVPwlUNuwMx6mEXnJVB+b3LklM9btrchVAb4qc3cy9SypcA7a+ 5Sf8sF58et07Hil2K5VCdh5z+bdP3JVXSAX6jhr7VXBQ++FGnTtkxyEez3y2/gP6R2 BX2wrSejVwEYujT4GBlwhdMGpErjF86WHvNfnrJSHbpHvlX7hPn7QVVPxJa3rKpMGH Yhr2G2LrJbMAXD3f7igu1PJCgYjlyalgf43Q+AFOV/y24n/NDhx/mGZ4mgJu8pf2w9 VqrQ5voJJdPgzmrdfK6voAZGCAjKfwWhVXw3FMnxYd9peuS2lNat2AGDH9SHfW2iYi eg5uf2cwO9dXw== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:40 +0100 Subject: [PATCH v4 35/36] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-35-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=21150; i=broonie@kernel.org; h=from:subject:message-id; bh=lG3KgbVIo1r1OqYBn7opAKflBQLCvcGKxyXVF2NNf4w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0WmzUEEsE6lhdTlULGgzQbLGdC2Beg2LrwKt8ZVl JwtixeSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFpswAKCRAk1otyXVSH0HwoCA CEXbMQzERmiOFKeO/f5HuzsgHjag0KqLLXPxGK5EdnHBqOLBXytpl3lCuLBQb05u+9m74b+4jl/Jzg 3rYhithuyfLAvgMfLUXPsDqQ5UO7Va6lb4PvJ+z2NqdLbwVbyN+G3/EabJbEulDBAMSUSI11wQgwww RK/uAz2X+lJrXOdhwP0wTqbwxA0BrOpkOi4UdcaakdZAjj9zcmda+5yM3U4vBBCjk4t3Ns8w1abu7l rqYD1uNjEHoqbBh2aFzToETgRJJ96TK4gSsSaz+5bLzSuIDC6AT2Ze2WxlBjYy0S5XLHTxkGR2OB9Q 8eBTIH0TYJ1b1Ewyv4zfctZQyZknpU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: E0F1C120012 X-Stat-Signature: grzt437gpnjeehgeq5tcwt71rd89ceue X-HE-Tag: 1691445911-560463 X-HE-Meta: U2FsdGVkX19yRObYkKcYLsdqZ8oRfyJdJx7TaR91Jx9qzoA2re/HTca8L8g+wClIN+GrcdHDvFCEwIhFj96tlNYvuig6s3h05PCcs6yjxF6iE3KhMvCuCHcXmPBuA1zOP72QFQSOOuQU1wt9OyppIdjItAapFnZjtsXvPu2bxDqwVGNTdtdvz4qeS3DNNy8tC3ITSQMuPQu7o27SE34Hd+dZDd5UC2TfSN1taMwQeLQllIy7idcS378mq8BHc+mOG6op5au8/x6QIlEx/5t2W1iIcvUsWNmQqlDaD01XGzqjdLv0yd+QBnjyRIYyKBTMxjeOGgGZYY7ihMylq1u6V5wV96DM/M5FoUys2fYAOSWw+N5RaHJHW9PpQ8dp3F1fvM5TRZwc/P5QT6str6xKfxwgLF/5dg225DesSS/KhNT1VINXs1symCCs8Fodl+1THPFSnI3SUmqucnjahpf0DjKPLAoZ385Jc5tGWdinNFx6czTEB8KCH9NoGzshw3O2aoS9Bim3VDCpsW/iSeaTq7m+dXH5BPyWOp6jez3Ww/9rGon1uOMfbFaXzwuTW4b3vrlpYmScI5L+kNYyncwMbqh2Mi4tq2BukKf38vqwreT3G1cyXk8Ba7lybOsA1DWgYzgpGre0PhjtdwQ2XhxjPYWO/cTJ19/h+I391KYObnKeAFpaQqY+2F72C3iHeD0Vx4wDvgnbwgpRM/B0obbD+bmHX8UW3kkLikZ409zt3C203AUMn9uG84Fu8VBJOkiUD2JA+1PimDUfc9eOG+xJy1wkmSiD9q0GyAJXMsoCX2nteAhwD/npAgjqygn1fOKgk1XNFw/oEjrRhCiRg/h2uFboQTorAdxMeJCAkhfi4I3FMl6MYlXLZB10L0IiHpDfm9wy/QbcsstmlOesF9EFJ6JI34VNUn6u9o6EFg62b+nA1PhQiYdRnV4DaJXGqeHe20jPuZL7/dRue9hy6o0 ys5RGMp4 u2yC5TbKvR1fxXNc4chfXDMrlclPJsNHecW/FNybn29ex2XNXPuS6XZN8P/kHKoLk32eChtzA59XFCjZRs8+HQCZj9InjygCPV8G+SeF/kCJpkTBDBfa1eUtr9SHEj7uMXTGazA25Gg6DO6R23bbZU71yLVCoICo0ZmGx9wugYTa4CyNOvpjdS+Jcxx8dKGk5G/6Y+CRrSVF7ZI416QE+MZq6hwuOxWKtvxPFR48u9Pw4xGjuXxGjf+uBXxEbhAJ1SYGBbGy41pnYtsCvatkygwXOR+l2adOyOImPREgJleWsi9RxdXSIzepbCW0BC1byp1Nr9XwlhZY7cdkQkZYHt3iQyQre9v0a/Dpkrgxoqz55BT1bIruhRc8rawisRHgjT6nAA293ato2I8reNCbqFUEcUutVL1qY/LcccIlVvIOvDVA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 532 +++++++++++++++++++++ 5 files changed, 850 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..4fe8695333e5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endmacro + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..23fd8ec37bdc --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,532 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_print_cnts(); + + return 0; +} From patchwork Mon Aug 7 22:00:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13345158 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44EAAC001DE for ; Mon, 7 Aug 2023 22:05:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DB10C8D000E; Mon, 7 Aug 2023 18:05:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D62D58D0001; Mon, 7 Aug 2023 18:05:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C023D8D000E; Mon, 7 Aug 2023 18:05:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id AF76A8D0001 for ; Mon, 7 Aug 2023 18:05:19 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 8364880BBE for ; Mon, 7 Aug 2023 22:05:19 +0000 (UTC) X-FDA: 81098690358.13.4AEE8FF Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 8C7EF140030 for ; Mon, 7 Aug 2023 22:05:17 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=raqffCvM; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691445917; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c422h9hePWFZGXVEyc1SJULBUM8N+meybf6z8umXg3Q=; b=A+Lz7PikecMK3ofL4yWeGRlEG3a+XmpiFqisU0xD+KwNGMmz5UZanUdmwlScUOdvweZ5ux YL/REpkDSR0O8kg+IS+scejQUeydLlV2kof0SuvhZ7rDHHzeDZySvTBezQXaYnUWkNtapu qZnt/i63COj+D1If/UKfVWDNUzerxiY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691445917; a=rsa-sha256; cv=none; b=qj2CeW6wIaa3r3LBwuqCsTDqXW41DdNCJXR8vYsKJDJdSkZlwjgiidZPuPinn0GoPr48fO oVBQTQA94HxGUqY1/RaCFUJ1SUjVNMgoiwR7TVVBkALoC/KSji27Ev09WFONCVg4302hwJ 0sfaqx5VWtJ1AZlKGd+JX8jk1Og518Y= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=raqffCvM; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C947A61696; Mon, 7 Aug 2023 22:05:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D52DBC433D9; Mon, 7 Aug 2023 22:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691445916; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=raqffCvMWTfO1Rng4omxJsfaaPe/U3CqnaAlwHzSNkUoRIAoq08QfbIyecwv217iE KMqD6uLpuE3W340GgPyHszlI/P8+n8u7KI2TwGB+m6w/Wtxxzf38mpvtDNOz+Vo6La L5ixEyzPsS7uxnM7jE0qZdJI4NpY89YsIzri6JJuC8iK7f+q7Qg806qeR4SNqTSYxB WHYb8J68r7ciowGSwBwjRoGP/jdMGSg9k4TEzFe1VxKvohv+K8tSfsiUa8oAwK7PJ+ r3PoZiOh1+Azha6ud6Fgh+N6dZkuqoB3eyHFTk74zNCJaLf39h7kAkdClqmgymBJpc to8IuzURDg6Ww== From: Mark Brown Date: Mon, 07 Aug 2023 23:00:41 +0100 Subject: [PATCH v4 36/36] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20230807-arm64-gcs-v4-36-68cfa37f9069@kernel.org> References: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> In-Reply-To: <20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk0Wm0B7vR+Jj9+krh2MyVWaBaRprqGc6O6TMFB5LC x8Rao0uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZNFptAAKCRAk1otyXVSH0DDPCA CGBai+t6hCD7RdaCFqlpyScaFFsCygo7tHGR2ExxhQOjj2Qp6HrfVmIIebZ+b2n+GhUD4FG7W0cd4G 60s8t0qZCDiFxmb2nOYio7ZyqqUYHRFFOlFHG35XlpaJXVfYUphrX03EUBt0k1vyJmB/NV5ymRv2Sg viuPPcZk7co3lGYe4ormqwFoZ0ccHqkrzvqu8zp8jjCFibKt1tybybDVqYq98nwG+NXIB7BBwnor8Z thxFR7SWA0bL3uuxTULgb6GGc/3Dip1tBAoO9i+LP1twYFWRUuyt3UHzwK2gWiM4jK2yHJGIFjQ964 3v8/yDZmbweC+EUdisAnTPAphazHwS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8C7EF140030 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: at5bknffcpggpqa414wrp4dnyc7irtmd X-HE-Tag: 1691445917-181505 X-HE-Meta: U2FsdGVkX1+gVBlLguCm8yzuNYoYVGCnT3IwqeBAd795IvewRMloxPEqSak1sNcpZZdLDefeBwiE3s+2non2f2GCjYGDAGd7VLP3LXpTORH195QH9XljJHNALUSqy2iYp0nLa97vgTh3wNsT3EhpwOEAQYjNagVXN2EDMktXb1ouzwBFEQJMYTZmSw1GdlvH50Hi9cJ5A47Nn/IZe6Tu2oMMegVyE4DXHxA3YAQyAeHovwoKL/uWUExKGUPovZkIgwpgy4/JDZgFDRkaFv/1ASa3Rq62CPe+6qRRP5Ag7l+28xC+Np8lj1fBRBKzAJ2GWhiGtVwHoCF0TbZCdwb+A3ByDWIPFDFJDJ/y4aXL60DPo1fcv9Xg7iteA01lD+ax7ieopo/tbkDJWIZTaGVoHuXpOnILCRtuwt5hoQ5C1eaWz8YCGP9S8by8XozSm5D5frMTof5R5gun9v8cRWSZncQpgZz7AnTkivnbJ4MZq4lQpoyLsckNYtMSLDEcwSjdw80TBMHgcNZddeiU4uOrq7zcmRFAtzI7AHbCr9YwXlJlGmoP9KA4mI1OzAuszRdqn28yP4QQ2nSTKA2xP96nv9grJNyPRp73G4x7YR8Bzv85l8UD+5aRyXS5Qvx8QV1UT8LM1WUNNdE0UCWh+r3P2x7G2az6/pUSW1+cM2HRLzlzk8ff/Biqd95ouoTCuhvZuuTQ244u9+6lHdoIMs/1y030Y0y6l/hs+F3z34xKYpsqow/e7S6E0uaISl00c2lzrmM5VshIBgRgH0xfkONUs+xgmMJppwbY2cNJvGXghvX2qazVQon6rjKmb8/pYoZwinL2JU46wZy/zzqc5ELFMH/v7fnxQhWOJspd0/HyQUA2sJ9W4Kcf5Qgej0sAFCZZp46iqKNA102Npc2Uht62ngTeGb1IU7sUxr2JPddy/7l139RI+Lsc8Dk0RE6UDzztarZLsinkgLJasKromqi mwwPtNdD Gec63YLlYAOiH1GgjHnQRsg01m3vjSKFEiBB8lAb/74BoBmNSF967jIVpKM6ZO9/7JfqFI0gSrrBFEhDEBqp7kXeSlgEUcBiqJysCgGYFFrRejA9M5RnyEQeMO3HDBLsqVcDjTFJhqEcvG/zmrdZSAnM90xyWV5+1OlWrqpIXBL5dhNAIcD2SHQHkpdw5pOHWWtFe8NQvLssFxvVRiTQDE549Rr6HnsTx7tKSzkDhxbYj5OVLYuUM/T7F2CDr8vSHqHs6QMtmy6hUcWKlJb2hTFamzTQgdguDAY9zlXRHce0JL4DYW9L5CVIiqHg5FS5auoYGrS3k0+hjF2lIYSldrq/az6uQhkPl/lRa6h9Oxon/6dGZsWBuUKbmtFxHemtAkclvMcKSLidUAO88x5lkAp7VKW5y1YsKVPAYDovBiUQE8TA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT