From patchwork Tue Jun 25 14:57:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22DD8C2BBCA for ; Tue, 25 Jun 2024 15:01:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9EDA96B0088; Tue, 25 Jun 2024 11:01:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 99BA16B0089; Tue, 25 Jun 2024 11:01:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83C0C6B008A; Tue, 25 Jun 2024 11:01:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 663686B0088 for ; Tue, 25 Jun 2024 11:01:06 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id CD72E40245 for ; Tue, 25 Jun 2024 15:00:54 +0000 (UTC) X-FDA: 82269723228.24.20339B5 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf11.hostedemail.com (Postfix) with ESMTP id EF8314003D for ; Tue, 25 Jun 2024 15:00:51 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="l/DeTr8D"; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327638; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pqqAahuGOgVzBd2V2rC3cp6LsHNItpORh1WCuQkluUA=; b=bUlgAT7wm+cxykgw2HV+UXf78gtXiziCOHuxyKTNpb105QlF/sE7ShQooWYAj2zX7Vmp2b iqYhoOQYb0q4jPrZXQDbtXuxYAzXuCRKepxXfXbkXAa85zuLi5vL2h8fzDACmWCWDzlbRN ZnLqm96KfbmORSMXitxVvBsFZnVfO84= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327638; a=rsa-sha256; cv=none; b=7YR6Q60Te5RdsZBPUpaqF97f0qlz6hdIy3fTR0P2oTeo5C2fUKjh+ILWhKkrU3LumslqmU y4tn/tjbwLcLb4U72zwLDlmlsSeqSTV6ss5IYI/CL1G9dWLOZK/YOWWiVMnQeVsuUQUy2U bR0Mp8NdFTm79hPOcD4QduhQOqdiKjQ= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="l/DeTr8D"; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 784F2CE1B78; Tue, 25 Jun 2024 15:00:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D4B5C4AF0D; Tue, 25 Jun 2024 15:00:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327647; bh=bsiMqAlOgEwP0cbRhsqWxUT30GAWtj7CcR/m2yEY+EM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=l/DeTr8DtWFxGVC0HSS5cpujEUcCgKLCZdzEw1O9VJ2Y4+V401JvdWm7738DDT2/C G31QUqtzxIQZYudpEY0/P5f2zr7w1zPdsTPrEbkp5lmRa2tsGlqVdN0CyC1dp6NjtL ELltzeKbigD9l+7ZGj84vGJd+3Uqd4d6bk4ACP8dyOyavMy/Oaewyx3t1Q8fZb319K Gqdq1v0FTLFQvDNb784RnjnjMGe10RcOmczkA5hsJNRyqwCfmZ5A8PWj+63UUI0/J3 pp6kLurbonsGGkBgjQnu3gHPCidOe++OBQ9irsvejwzmw+SvRVZeM17QnuBInZ4aah hUj2m/22++x8A== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:29 +0100 Subject: [PATCH v9 01/39] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-1-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1369; i=broonie@kernel.org; h=from:subject:message-id; bh=bsiMqAlOgEwP0cbRhsqWxUT30GAWtj7CcR/m2yEY+EM=; b=owGbwMvMwMWocq27KDak/QLjabUkhrSq28XSrHeTDQNbdl0X0BCQ+rpHkPMtP8d2NzG3RUzHQzoy 7sR2MhqzMDByMciKKbKsfZaxKj1cYuv8R/NfwQxiZQKZwsDFKQATEatn/8OVLK9tLPw9cH7NJM1ajY fK+jNFwy/NbM93yxcLMmBMVcja8Gbirm3POx4XMj4I41xe9pop+rUF8682uRZLjk28NszHFd5cqpx/ j7vQWzJz4bzta5OXTe5SFBWZ6TShQze17E7yRqfk9212NYGh0S5X6kr14lXCunZP+bDy8NSVBTVtU6 R010Uof3l5SzrbkbWe4dDihxdOVb51+VHL9T+ta9Pp3L6Z/ruMU2OEuOc1326Pn22nkf60uO7OcQHB Zhn+so3s6m6xu2o+L3s9PzDuSfYpi8QNnz5Z/NoXuZFVxLh2vnzbqiU1UWFNdxR3SYf/X3FdRmH6bb OewP3bQgO2rb38+iVD9o3lDDorAQ== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: EF8314003D X-Stat-Signature: i5ot4rhndecsikojg1dzqm7awgijt5yd X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1719327651-902340 X-HE-Meta: U2FsdGVkX191z0zq5GnHQRCd6YWwtrIltTjHYiYgF+y1/gV+DYt+kSuhEzEBSJL9YAgrkwO+st6KDSGKU4khmmBllYkOtFw7Yl0A2ZOPwRb0AHtFyhbiZlWKehtixxH5CaZROaazpejI0M54iXeNx9yJGIM9SSMpCdGB8aQeael5+945M3CXWLdTGcwnAF7nR0SUYSb+rq1Z8dU3pVkN0o6GntQ9hmMuZZZsdHW0GwuWJ+kbLVW4FEqCwvRQL8HlansSI6zQkOzWS4RmxRDhFn8tEktDkW+3qB7yFM0BhNbNg4TfnoZsG2Jg2b1RVGy9opVMXjBcG/eTOH/3i1Y99lmVVuysnbnWwUoNzJQlsVOqORdg60u0F/6jPAtQx2TKO70onDBzzVcbzid+bwjOciu9y+F1dsZbYYwCiEHO7sTAKQmYRGTGDQpoR/NzBbdGhc0NWhCZ6sLp2xXBxzZjDsmviGXc0dAwzQgbbgGtYwQAZK0QUl+IKkUeBAgkXNwkRF/oxrFDapJvWNl0DdS8q0jDgIAmTFQ5vwCojkQ+mXgoBFj3yOB0Nbg9EGUJZZ+IahO4P+ykbi5zI9cDOXjcr3ANwwFvKKQ6IULpZ9zKth/4TRadamIV6PPrMlrwuJGjtvE2TdO8puilqZYiTGI9gXsbJDgWHV0uTrgedgilBVYAyUx21ZWVYhavl8vj0Xw3/1SNB87i6TnnJ4tAWSH55TEwGODkfCcYiIZEEbzD8QVSjjnO1QF8OqW4VWkgkCwCS/TUx1lDWZvIhQC4zceR6sMaDV9KB1ghVWpy3R2Ili+V/kHa+B2qMF0pUEEgqEQMLEdN7qM5fOtqF2myOZ2htQjv+1aUp7CCx0evT4zztNU5Qv1ek8WIjLJJvs7Wo9QdJQNNnmLtYjVLtLGKea8hKE5bHmRdawz/KA1BEmSYaRCVhu4v94FONzCnvr4JHE+YZWPvXt+Rt3/qon9BOE8 zTKY5wa+ kGaM1jMWChofHa8IthnIpjhWyxG5PAX9jC3OKTqRNYpB5gerdvnpVSGciTpuJ3lTa5lo47dKu+gTHLoJsuLwr2lwNM1DVOC8dlabw13203Q3QlmTEkcEtcT9Aw+D2HMcERwDzKpLCSHXhC8RoF2pLJiHsIVMfDjAozr1ZQIaEsEjfbUODGuud9LkBj/yDJToPpUGij+85/BKaZ9tu9yxldQb3Km64UEt245Mb6rragW9x7jH/1jV6d4QuIDJBzknFk+4/za90r2yOVUWpySpp+8TVv3GD+V3NMFrI1ebAX3ztKYOArVncHCYrPfPnG5M/UxQ64Dhg7+NB/8opK2N5NawfJZ2kwCvOTVpB7jktavKP9sg3fj7PW42n1nPv5Xu76LsxfT3hS5CLk+2wYv2zQuh9J4OAqp551/k3rduoJWgQUMQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Tue Jun 25 14:57:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711324 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53D3CC2BBCA for ; Tue, 25 Jun 2024 15:01:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C37A76B008A; Tue, 25 Jun 2024 11:01:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BE5C16B008C; Tue, 25 Jun 2024 11:01:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A11396B0092; Tue, 25 Jun 2024 11:01:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 80E876B008A for ; Tue, 25 Jun 2024 11:01:12 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5AD8F1A0272 for ; Tue, 25 Jun 2024 15:01:03 +0000 (UTC) X-FDA: 82269723606.09.F589EA3 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf24.hostedemail.com (Postfix) with ESMTP id 65362180037 for ; Tue, 25 Jun 2024 15:00:57 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iq38Clbz; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327652; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=J+9ds0kZZ41NBC4cvTWTocGTWVesh9aE1nmGv53ij5o=; b=VyrQ6whVjGLPM/LjtkSEmbnMjK9vcBE24oxCgjeMSQoLJALGouqe4k19WeaYHoZVM6Oyz6 6CsF2GxkPdNRd6oNdM11D95wVxv9D1tdGTatQ0hDN1w/eoPeFIZebYYT9G60T3henaFDQI 8MC88gXmh+Mrs/O4C8YGOYbgtzLiWG0= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iq38Clbz; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327652; a=rsa-sha256; cv=none; b=g3fFfbLfw76iFMzfPiRnRg/Q82LKeeeWWMieuukL5u4EbxFGm5lxxxMt8vqAP1VsmbPhQx uaKAbIXOepikS+jlZSogk/2rHM3QsHzeXkkf8Qh7ZbI66lsDpMriRP2zAtXpDihtWLhqZx a+DkPVV4ohiXi/BxkhTZPUQXwl6Vty4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 6013BCE1B81; Tue, 25 Jun 2024 15:00:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B2D7C32781; Tue, 25 Jun 2024 15:00:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327654; bh=xJ9t4tbxjPWwdEXN7AJPy8EkOPvqUrrpN3dVrptIv5g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iq38Clbz1hHfoKc/wSZZk2BlQ/mzhSjhrLiA22m0q1FADk2R8NduGL9CtpxdE3zfc Jta17wr/D9HMP1ARNRvCP0Viqb4rSdbiNxuZQhnAjP5Jb29A6CyazGpm5O3GV69jx8 6hEcnHSVlTvtjPcoLw+NYCnIDmU78emIwCnf66whyp26i7DcG1bERn7A49wpmurqL4 uBfPOMJxK7wRhjchjrCY7olbYHH0FONp2kBM0d2FvxGN2z3ok8sTfS7qHlN6PAldGY WUzG7tr12MDHFTK+y+EYKp/vxrD21Ux3ZdzMr/t9JcuPZ/TM4qh8Q0TkcakZ363p3a c5srk9ZdAG+eg== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:30 +0100 Subject: [PATCH v9 02/39] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-2-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=4925; i=broonie@kernel.org; h=from:subject:message-id; bh=xJ9t4tbxjPWwdEXN7AJPy8EkOPvqUrrpN3dVrptIv5g=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmettzm06Y7iTf+FNBBKI/e4XfSTUxczl0dim7vJR4 HzPqY+mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbcwAKCRAk1otyXVSH0NGTB/ 47xIkH+crEklE5tZJwII1usQp9/PxNfFycXYIe4bAwnF70KSEO4bbwXI9w/M12yzcBsdHrQkJvj02v VNsNl074a53gnQuXxBfu1gWQeaopApABUjzGPgf2Iy0lmtBj0VViuhorXNlbhOZMRtuMZzWaw/bRxH aTVtePDPYNZ+JosCdRpomOyi9yeN5/8ShqI5r3xmiBuzhKSITzSrOqj+7nq+lsthAhqiDtf4J6j+l4 RGkYUrlS4WSfdnX5bXJh/QtHHlXBpt0g6uRPNR8Ezh2iG4i5mYJuLd9w1A94uPLM+fmAj1SQeeNloH hiMikorgRQJgQa63sa7a2OmRhSi/Yj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 65362180037 X-Stat-Signature: 7974g7f1uzgp6sc4bbgiwc86c8p3q3nw X-HE-Tag: 1719327657-814563 X-HE-Meta: U2FsdGVkX1+o2lUwsaTSKfn+1phc6CfhLepdU2EJj0NquMo+NoZaszAKyyF1Mb8cQLl2BYRK4p2BKLfosRw41BSPcNFeCe0rQ8G+A3H9FpT7Z88jnZplvDJUc2Z5p+PxjyAaVARjk+DdGBLMz+3KunG0V0ISpG+lRlCdCDEQCKqI8/FUvcq5N5dewhbfxKPqXfqFDsX7GPdHI1QswDSqrbmW//V/57+6/eYzgBqfAG9OsmMturwfd2LIHA944ss6Zj4HNiKNDZZ++577xrd1AMbdHhda53SD5C/5cAH8aApHVOF1985hX1qE6AV8K2YJEiXSIroPmKSl71clQgQ3WTg3ho8ZZYv1biTnQ/hNFM+0LpjaVyuQAQ2u7TEC4rKBIDL5Ij/K2PrKUvZsOl0o4gS1RrJZ4X1T5S+krYxVXwEUEQ6LRUr1iqAC6AuhZYPg3SPReNwvgsJmZMaf94a188sPx0iuNlsnLWJSu2foHmFEe0HYEqgEKqCZQ/RhNetLKySD6snMuIyLI+t5ozC+tN33EIiGMsbveG3LSV7T92sFuTEXxcw2qL/QMEOZhUpFEaigCCZoOnMFOz3jGrRdu0h4xVEzwzCQNPEH9qGyEmK5cFhTPnX9B2MPz/BuBvWpBUd1b+6C5yKpoTn61bTv8Eg3hNmMr4Q7NH8X4w6kVIKYtODsdjVNDrugEbYoOq5WcwtEV22tUgldwe/Cuy8Sa9s5Z2QxCV08ZSjFUuyQzLZEd3O9DfCQXbXwbaFeV2kq37igIn4GgQk2q5p6eD5yzEdL/sx04Ose+4L+jk9ewx7BodeqiHEc01jml2dbZtgAhCVc1rXh95cVNhK+PKsAdJlIjpfWx9QEpw7xYuXFY4657FTM8ymTb0lEM3+/dlyRpm3dUqy96WrHMwHQMfP9GKK32gpNw04Muodj834M1w4wMAMZJap8YdYn5TZMw6Wb7gRmljVYDVepMY/7znn Nsz7NIUa sC2NtIaqCU+43EgIh0nLoKYSZw1tWVfX/HHfekMsqz2d64mMbOdO765zrKapITvHXF9pTxd465uMy2fdS22iamh+opK9KnjbiUvzDsiLl47y6ub80MSLWrzw4I2FKcek2SGshVKrTPMUL6/yvFiRuqy/tdDj3/cjBLjoXybnECMkWAAj2zr7Fpgrv3oEI80UhrSGvJIxJZfJ/sPAEzrWV/3MCRP7GKatjvBD0bAmbu0/Na6NsNk8cy8XaZ2ouraKbk/Eo+KQWcXyh83j0VQkixlukhYwuDKwLfMJDEkzcgExKlFOHOOhB9UmBzeWcgWRbB/FWRMPW5XzGLbeb+QtHOs4u9GfHVlBA5CH0p/Kqv5Xoym+Rq1CMqD9THDnj/sUyRKOm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 5ec7bc355657..120abcfaf974 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4263,4 +4263,8 @@ static inline bool pfn_is_unaccepted_memory(unsigned long pfn) void vma_pgtable_walk_begin(struct vm_area_struct *vma); void vma_pgtable_walk_end(struct vm_area_struct *vma); +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 35791791a879..557a3d2ac1d4 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -328,4 +328,26 @@ struct prctl_mm_map { # define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */ # define PR_PPC_DEXCR_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 3a2df1bd9f64..7e0c10e867cf 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2324,6 +2324,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2782,6 +2797,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_SET_ICACHE_FLUSH_CTX: error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Tue Jun 25 14:57:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711325 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF74BC30659 for ; Tue, 25 Jun 2024 15:01:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D1596B0092; Tue, 25 Jun 2024 11:01:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 57E826B0093; Tue, 25 Jun 2024 11:01:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3D1826B0095; Tue, 25 Jun 2024 11:01:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1548E6B0092 for ; Tue, 25 Jun 2024 11:01:15 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 19A4E1A020F for ; Tue, 25 Jun 2024 15:01:09 +0000 (UTC) X-FDA: 82269723900.20.CB51C3C Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf24.hostedemail.com (Postfix) with ESMTP id 55D7B180063 for ; Tue, 25 Jun 2024 15:01:05 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mzTxWTli; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327652; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=70cjjLOtabb/rzl2w02OHZeRiB/3csN9WFGlBeL2SM8=; b=PkyG32fYNDFE+WaZ0QxIKV6JPQcLTSruniJZ6u0hXtDH85c9eLYIvYGLBld7oVYpNwuise yjx+JhXkgLO56NEud+6yLwuBZm4stNZdApCqagCpaxIL80xb8jx6cNgpbXc8gbNXhJNCCy X2+xWubH9l5YMBDq9LeQ/OHb98WrJ9s= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327652; a=rsa-sha256; cv=none; b=DIlan9ylmsoRUmrG3ydd9ET6JX/FHo8QJztBiL+nZsHlJN36y5oYgQpfVCFbN7D1C1wdaC PMXiojIS8iayvyEG2CMmLPo03Swkcei/rXrd80r73Y6xjPlpCsrQccHXQMroMnonKh7FB2 QH+PsYjdxR5DogPLJQM4TfJILXGectM= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mzTxWTli; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 4AF51CE1ACB; Tue, 25 Jun 2024 15:01:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F182C32786; Tue, 25 Jun 2024 15:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327661; bh=2jWl08+8re+Jbyu9WlYwMAOos2oJrw5SQjRGnUXuA4U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mzTxWTliTuTTk2JUY2LHGWlCpOYNhYQnbqbOaFCe1eKW3ChL80lwGsA7v15pLtIRr /CY5sah9wnG+/M/txc13UoiuTO17cga0aTsKBhWydbMUTpqWTnXbQDAs1a0SfXHdLl qoVcTGQynXNZq/6dMkLB1GEjLpGe+SlvF97AnPT4nal9BAJupDUdL6g1YvtgvjwhMw U7N5JBpsOck0pb6hjzSqcgOGUvjanbOjMt0n1yZOv7628rSels/zwtth3YaW1p5bfT c78+EMP6WFoUlDyn7SE6zLhy3h7EzsZ6bHr8FIMO+0yD80LEqzwuQEWN6u9EWokxPR RHWBkVwDixtzw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:31 +0100 Subject: [PATCH v9 03/39] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-3-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1825; i=broonie@kernel.org; h=from:subject:message-id; bh=2jWl08+8re+Jbyu9WlYwMAOos2oJrw5SQjRGnUXuA4U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett0AYMvTd4M+mUQzuB+sU2VGcUcJh2k6ep8k/Oa xyt8GD+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbdAAKCRAk1otyXVSH0Le7B/ 4p0K3blNBx+osPkkQaCF9XLApSwBKl8n26fdMeAmlfh9bwsWryKXKzkHHLO75WHM/ERBc/0i0yBbEz zKduRjPO+mSToFcQa1HgNifE5HXJ2OsSGNnQq71vZtOnDHVzxP+UwGe431j5UV5/6dHUMIj9lfY0g+ 6MJKhHwJ43INBah+hkUj4yNnSmM/eK4Ujfo3CuMqn6aBRXjQlxqsRH1KoLQR0q0d1YBUN6/pV2jCCx BTzIJ/gM/FsVYtegicohXfVWCnHv41lXYJL7HVDBny0rtyvj+u6H7erniqjPqueHr2ZBKmWeO293xS kwYER8Ltdo/507ycRN89NL9U18KQ/V X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jcbkiofbxoeg83azg66x5g8ysuq7jz4w X-Rspamd-Queue-Id: 55D7B180063 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327665-841936 X-HE-Meta: U2FsdGVkX189PuF/z1/QcGW3n+FRGBCqdCYC6/4qGQBLyCGOgGBV7g40Il4qAFFTWVWUlO+AP8oHGVkltttOkcrPiCL1gkJebzxy5+VwNMSMiczqM+k2VNoiFU6pMr4l0DW6mTPI58lwt2UIBnZ0Pnk//X1r+SCsqSF5h6j6tekrq/NDa+4DMLVFPrSOih2v5CIo0muCJmgi2MO2q1NVHKG9CDB41Dewljv9ebQCuoVqvvXj6Gwb2Kc+rZVJGw1m9Jlgx72UfPfw0OMsyAj3097dAaf8lk23kKh+PM5UUGKKCWyS9m8/OlflqsLveK5yEGF1YyqREzCSSozZ7aIytmYjghrt+Dvzy9gdlXjZrYZeyCwOST14obxHlWMbewGWjkPbPP6L5WDsuoL7sG0cmKrNXM1215RaPll+70/y97KWwgy4dGyQnFqtRjZJ0wR4jDfZXKNBdIVC4lAdXHr1C7i3O+I43829s3mq2JxnamLXm3e1ejHdf//38Pho6FL3BNLjJ7daKe5phnlHqEGBEu9dLF86zoog4vwr8dPhfSSseNAoTxRabCtMpWIGGgA+cShx/p7plln4rR08lCABd2ZsiNfqnQtzrAee8FlHDl04XDXAxeRMK2RNc63sL0nwO8g9Gq6a2Xv1WGTdlYKQ7AXcBoFqQinmAhb38NNTRLpQpKmGbmMOQ/dLO4vDJbDeN96LYYgPXM14VKXoZd1ZoqSq4kAKCziBWBPaxE0srMAvcA1wcW2ySJ3Psa2jupDou1X2Iehu4TNWzjKEIieBIVBeS8Nc4QfilA61Uub82GhMeDrnqO1/J2GyihEaSBDh+SNrkTL8mb3nwha+WZNt+XQkqayD9Pauelqh/eZurc6yppUy8upY1iK52KaWmvDAE4tX35dPUDPgzfFPudBn9kGjpzkQ2c8P0+0oUMyKc33ou1FWQ4zS2J20rUz/ZSD391xfbaJZONZWHRUQPGU GfykKZ4r l7acsgsc101aDcAj56pK+0sKl/YDXn9gXsRwZJzdY48K3omIcyCSIJDUd5jQW1jP2rIjagzoPdeYliMm0SRCL1VLDD4zS5wWFEJxxFTdKR1iMRJN9DSdnKkT+e6ozm0EbCOk2fcBKiCV3GkDAYJlZv8yh6bTfYjo514zV+02iTc6Ule/+eQwES0cHMeXVVDijMv7fkaAEK71QpJPRnVbi892FOQXTXxETq+2zbLH6bwi5WixIGfe5S1ccaOAAd2a7CkhlP5HI7KBIeN54yFwyr1X2FBtOYzSJpu6oZ3He/PXPeOH+wu44NJqZhHnUpNCwE/8cYWO8JycTW19nKxEpgkfaoz5G8rofuW+JdllMc+idzpyX3JXrMHBbzw8IAPYiPlMyQEFEzS+WM4EnR8pruRC7lWZ+PxYklZSIm58Rqtf5AEY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicats that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..d6a282687af5 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Tue Jun 25 14:57:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711331 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34F14C30658 for ; Tue, 25 Jun 2024 15:02:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9532E6B009F; Tue, 25 Jun 2024 11:02:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 900A56B00A0; Tue, 25 Jun 2024 11:02:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 753556B00A1; Tue, 25 Jun 2024 11:02:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 543346B009F for ; Tue, 25 Jun 2024 11:02:00 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 66914120295 for ; Tue, 25 Jun 2024 15:01:47 +0000 (UTC) X-FDA: 82269725496.27.7AFB039 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf07.hostedemail.com (Postfix) with ESMTP id 5C74640068 for ; Tue, 25 Jun 2024 15:01:14 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UlQ6TOIX; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327660; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uuF1kCYHSDmeBVTnPJ7nzTaVEoW5bzxVh2y1icCdM2A=; b=1P16FLbbbGgVNptTEYlFfIhenjeR4gez6ebWukDCrGASPA2VzXxBszSEBI4cFJYlfhv2ul Gcub8dnbGYg3qofSmdaCW90uty/O61H5b1bAVgjVoCHADTowA6Gi/V/ox1JjaSkn/uzACs wMW7KKs9O21DZevR4xDA/AyK8HXn1pQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327660; a=rsa-sha256; cv=none; b=PM3C7GMjxNBoYfN0OFAcznqLIn5q5EeGf1RYtaepDC2H9P5ABD7/908gIKRU0feE4RHZTV uNJ924IJ11bMtKIUiMxxvMUf4xpXEFBdE0GdtD/8AE+6FoKm3838b6lDijLjhmS0ykno56 yt5xhsjXT2MNM6uj1TwgH07O600ioPY= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UlQ6TOIX; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 8B1E0CE1B7B; Tue, 25 Jun 2024 15:01:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B79FC4AF10; Tue, 25 Jun 2024 15:01:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327669; bh=TLqYNWudouYZxLvdqWlChA6sggy7uu0Dwx9vwrb4VlA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UlQ6TOIX5U/4oKhEYjjToTqMk9dhcx8quYDFp8K0sioj/tbOYeCCXfVrd96oczp8z Q0pQ1AEPE7/HiIy4iLFB5K7j5ibW0DWVokTzX4lE65DjnZTxPuLIEonL3nXQHZo4wb I1UJpZGPwwry2LnPeMsiR4GEMN+zugwHkF83hfkYU8H4IXeLNzBw13xm9v08eRsvXH o2UnnQAkyjFtDHERdOf7OtR/mv89YzeejZ1SfVXzTUUNH+mqa6o4P92D1jIP5EgTu/ wa1xvOncxWbLm85Mi336N62dGPkN48DTMsPDIWS/7EieOqRHewAkc+v7shYz7cTJ2Y S49TMB6XfDAVg== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:32 +0100 Subject: [PATCH v9 04/39] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-4-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1706; i=broonie@kernel.org; h=from:subject:message-id; bh=TLqYNWudouYZxLvdqWlChA6sggy7uu0Dwx9vwrb4VlA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett1Wk4bVcZOcqjYz+jP+BA1iZz4W5DlLa3jsX37 CNbJR56JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbdQAKCRAk1otyXVSH0PzkB/ 4mz1VzfKV2IStH+P2yx6moJG/TRBVMdnGiYeYEGpCKpfcS9fvAUUa+UcXCtCzkp6kwSyxHpNEH1t5W YF4qIhKfZK6ckvcyKEOjNRfTC201wS27OPawQmtGg9vUVLxpqvVXuUbk3ogailOroPHmLUqVJuyCsl 3IUNWQ8gBTfYiBHY1hM43UNn0TlRByOSPmRBK+1TYhSXjtiTb/Z3qOdvSQezoQaOaN7eRBUIKtkhgn Rxd9FaiCF5v2yyEsMNB5/Dzu7pQQZulY0aNKv0PmF4ir7jQ12xzbj/eBym76YS0TSBWH1pLhCjjN0d qgro1ApVVUoCz8Ybcj1G+v6E3ZNxhP X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ya8pnaga37nwwzj79ockzfy7gctdpkdh X-Rspamd-Queue-Id: 5C74640068 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327674-346915 X-HE-Meta: U2FsdGVkX18itZHfRarFrm8hgdvtGtCQjmX95uCGuNHA2pcDpqW51bYPbN+rFIHHeb9kSfkqodpkWLYSIuY02Kqu1lqbwBLb/KIeu4wvcdYG2PpxVD+hHJMTMeFhZglCeHO1K2S0AEZOOoPOLBTfb9uwxQ8O9TL2g8084fueDBrPlUjcdI+WsVpp6ak9q8HQ6iEct9kiod4gZjkyfk/ZPbnsM4PNMgc91jRVGjaimJDuANNS3+Fb2WSLoZnvOxMhQthY2clrvaVYMWIXkLh5yJoc9crM21ctdnX9CDNOg4b7QtbCaJDBNJNXmATlCmdNzDPbicoewaQ9LawkUSclvIen1B0NjAdnhoU0mN2nvmNSdvxFdFobEm1Ux3d/25cFNVmubkqsIUqjJY8kiO89zaJat9GlyfSH6WxMvEHM1pywVFzSaCiCmjv4PYLARWyJP5jB0+KMDak6C/RB7BdDcqW4MEfYR+5dsWi/N+HWTcyMJAb6IzRZ4PxCYWR9IkxwzJq4bcIxD+LpuyNgZdbfES1Jn3owv23NrSM69+QtgwbyuYNz0jr1nKcLW0lT07dKtS7S+py94WfAu0h24APegq9bDfA4umlvMPcNST+6ORPP3RxBJzbSe3woVgjDVvPM8PuCWUnzkVlNzDmFg5LmnfWEjk7uEDBFd/pqxoegOdkBqSPRa0s6O0FyrCwj0rhYUeKem7ePHu/cc6dQMXrowblFhsH1A6c07hlUB+AV5IMEuj/n0Je89WjLEjDUdzcAjoa+nL4o1X5IeLTZhvDE14mGZh3fFFt2zE4F0SApce8nW0AYXqB/SsIIDgv6rtIIrABM78s+BtjEsx3/CxYJVGsIBXUuoJ+Nuhjbcj715FGFqoRU14vliKvi8/1x3L0FhXeKcrJp/3M6YUtOzbruaIZXrUuxSjpIwbeGsESi/BcCmur7CcVVcLkJBC5j4vgLk1VweK+KtZbybK8L/oz zob1d8fc 6NZFWcjrQ+awKYQJqPObLmLKKXIcbG/ylPIH9Ea/Q/yCIb6yVy/fWFd7lEMo99XyUloMbwl1Lw9dccUUAcSsxIZHyOx1zOKstkTo8v/YIc0HOBmgaahZTnXjEdQwy58vy3UtuBOzOc+7lN0GH5j8/Ci31KQeYmwl4hnSZLBITR9Tp7IwOUY/qRtKTskBOP+tG7gPn7pJl7RaPieYiGuGK3WTK8oJljQLiDNmahwpoDwVWZQhYJPyy9vZtqXm1hgICQBF0qCclxdsT/LpMMP0xCBPcYRNXlBkuJQXz/m9nvB9OMwQXSx43VF7XHn8zcLToHkh0IS3FhPT5K7l4K1oLAupM8WOolZ93sYL1+yiW867L6hQSFKEatx5p0g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Tue Jun 25 14:57:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711326 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B6947C30658 for ; Tue, 25 Jun 2024 15:01:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4E46F6B0095; Tue, 25 Jun 2024 11:01:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BA266B0096; Tue, 25 Jun 2024 11:01:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3828A6B0098; Tue, 25 Jun 2024 11:01:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 18EE86B0095 for ; Tue, 25 Jun 2024 11:01:31 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id C56D9401ED for ; Tue, 25 Jun 2024 15:01:24 +0000 (UTC) X-FDA: 82269724488.14.0737291 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id EE58A18003F for ; Tue, 25 Jun 2024 15:01:18 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vHUGns1+; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327659; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QOKnHNT1Y+Xkv4jKNzu8fkogfz6yIk17LpbHVKv8TbQ=; b=iY5DLpApyKtgvC2GTgyOrTXvKCUl39RKYi2IFmR1HNn139OIwcdVglMLx0p7C7XPOeuv5k NTBwPoJreMjixIkNxDFZFE91GOzmTY6rPNWIv0OEdUxgucpGCIHw5EizqV8wdPOkO+zkBd VAVzSZdfsis04gWj/sCVM1lJ4V9qMkY= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vHUGns1+; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327659; a=rsa-sha256; cv=none; b=a0tCHwRNwatEryUV+rrlyOJdOrgvgojNBkpCfi98R8h/S2dotbG10cPdU9lCPCV8vN3pGH OopzUbyPzyCBr9nH7JHWcBhxH7onVfENuTqHvrHtSMeNfdTgdhK4727X/TqpYyvsEkHw2T fznEFR+niJNuj6j2qWYaizdGPDNS2xs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 775ED60BAF; Tue, 25 Jun 2024 15:01:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 599EBC32786; Tue, 25 Jun 2024 15:01:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327677; bh=iM3rZ1LmY8YyAanNDH7/fR7dukRhQz4hil3oumBrg2U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=vHUGns1+w0K2+hOT/OgRgjxG/1Hg8PpGDNi7l4rDEuxs+0fqPxb1LsJkfImduq9zn jOYQqULanKPDqfOSyCga379+h53cHWHL/dDZhnFoF1p3N0u1E5oFfUHTkp0/np6a7D JJXN9cZGKxW5xO84fGZewDUETJIn+CzaF/a5LwWMzSGpeqlWtUuV4MrBbOVoQLxcli bxDv3Js7K3E+ib7c1HnNBo0ZlcsNbwrdB8IXw45esPCok7mYuJQbS/PQT/GRQ+pBmX enjcJ6E26IcVH8Of/WH0WTs71neYgNMNPB2JWAEpiJkXZBfipZHRQWyAi//2o5tO67 A4I9Ww5RIZl9g== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:33 +0100 Subject: [PATCH v9 05/39] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-5-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=10726; i=broonie@kernel.org; h=from:subject:message-id; bh=iM3rZ1LmY8YyAanNDH7/fR7dukRhQz4hil3oumBrg2U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett2odJnwTYPXb7X3Typ+FohxTKr32AmwWNSNPsk RYbb+nuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbdgAKCRAk1otyXVSH0OKxB/ 9dlc6QOWHrOh+pEREU/thFxcY4/DfMn4Xmj/wXev2/WByvuy1Gvt0lDxBcdYzqpDxOQlZJrc4+niq3 4jhuFAU/cEVZZQshYB6j/0ltuK7zK7CjRMHTXSfJ0TCbuWRJ/xc5PeHkYQFKAZZsUKR8XSHVLA1Sj7 pcMgObtS54MXkn4NZCFqgjok7zhOD1cgqXVYfhL8C4tZrljXkG6MBCiMwt3ZiFK2FWxaXMl4NAVVsO Qh1TMSfr85n52cMT+4cELEo4vlyIZPjNZorYqtkLRnYYyAc4ne08E/oVAzraIQARftzfhM/POHNWZT RrmrT8bAIQcEXBoBGsK+gRUgF/QrmJ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: EE58A18003F X-Stat-Signature: mput1tg5m1c85ruq4gfe4xs84rdfhori X-Rspam-User: X-HE-Tag: 1719327678-474549 X-HE-Meta: U2FsdGVkX1/kOGc8F5mCaJTINWN3ctLLuXmFqeKGqRed14Cd5RTtMU2xQMHp2AWbwTa3JDXKVJj+s5vWPaFfgVKd/8yCVYNtrzHc65LPJsYwA7yYhXiyrgLHsVpKsS3L/ZP0iToY9+P00GJ6sb4jPWc7Fw04b6/RKz/n33VO316WCagNNLe4vXq2Loh/vlk0rPBGfOPZ9BMqpmo/ziJ1UldPTTBJZ0lcM++FYyOPF2uR0VWGak3F7LwiFEtE135pZ0Y1DL1n/ezAVZy4SCs3zi6wOlMJxeivqry48KKPmFelfirBOG68mbRTL2z7Ys1Rs2YcGBB3Urt9nO97CkyiNExXImj8xBMFsyRidmYo6iGZb9QWzPWXptVt5FUnV5moVyJpAJJmFUz3yqrciZNobareMPKScUg8vGspNNgjTVVk+nawCpV5HIkCVjgOeIq8BiTvUHE0WFxrYd7mzLtfzOX89LBNLFPVds6MEYk5XihubM30uUaFXt29CoXcEPNoufmt26qZlbqjorbFl8AIcCqt6+ATp8EZEbKMyg0Bdm8eZJSa6e/iOyx7wPRfknvRMUMGVEIztVUNWzIY3JsJDIpFGvAELMkxG1e27E6d/OW6XwKqPytls3J7CqmMwZKI1jADFj7rRSaoYhXDngyNxdyRRlsWUBE3KO639rsFMlR/0wOEBAFh6QYfD105mLz4Bcv5cH1PG4//9HTWpPFZo0ZFEb0ZBnmk2tdgrdZZVqm7rjzpJKgkkgaA9vlbuGnmyUdHiVv3x8PF7HugNIySO+DDcJ5e+YoChCZD3yXBXKhjpxguNuH0StvYEq159BLCtG5A99+EkHY0hG+HrzZbxs3+ubePlB4wjoZ94Jpq9c3Y9Vd5CQVswn5qL9XTIlvx77wIBFLoiG8CEIHCsxs24Zf6xrDQtXhE3ToJvKzNKtMRBefp1QqsMVS33saMIaWAji4QCouiRScMDSdc7Bs 253fys5M UR4xzNsbANBKpGzjPfwJ0AiDyjOGeivgFo10Ds/XvYWi7DAN8JVV6MqWbJiy6KrLQC9ESEzJerlfwh19mId6vQWOVnU/49xX2B6QL0TU5OD3TMhMAB7KJLAjgAU/Z2/OJTAvoM/OjWjRPp+qsc7RqyQFuMb6iXN3cnzXuWkFSfL2opORQsMo9xr8iuhN47JlEx/1x+cKRpR27FwTt6JinHKP1Ls4Ae3L9mgVZIwAa+am6ZNkbxeFRG0k8Bf8mxOyHiXSI1sUBtd9P+YRtkdC4ViITKt8o7QbcZbk/wGxAXS7ek1mzKdJQZggfVMKJYWFK9l63OZe/M9Xd8cIkHifw4wbWZK57DqZtMnrA3jsUQiYdIISvKwJvLVg9GEMVYSgsQa4D X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add some documentation of the userspace ABI for Guarded Control Stacks. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 233 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 234 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..c45c0326836a --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,233 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK or 4 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set and the token type (bits 0..11) all clear. The + GCSPR_EL0 reported in the signal frame will point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Tue Jun 25 14:57:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711328 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23A53C3064D for ; Tue, 25 Jun 2024 15:01:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A3B456B009A; Tue, 25 Jun 2024 11:01:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9EC4F6B009B; Tue, 25 Jun 2024 11:01:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 83E0C6B009C; Tue, 25 Jun 2024 11:01:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 654536B009A for ; Tue, 25 Jun 2024 11:01:39 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0D1F1C01B2 for ; Tue, 25 Jun 2024 15:01:38 +0000 (UTC) X-FDA: 82269725118.03.D091B7F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf05.hostedemail.com (Postfix) with ESMTP id ACAB11000E6 for ; Tue, 25 Jun 2024 15:01:25 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tBApK9Cr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327675; a=rsa-sha256; cv=none; b=wL8i9p5OTR1lBqszCS+ossCc3BVE56wiXi3IdaBHcDWv/WOCMv0nWcPoEHUkBEqjfnt0RP pMh68QLCb760SRmvIPVm3iAjfIeTBelMwFW5QXxs2AYye1ZpandumqVJVAnVqYFRizzHqS TP6oVjpMOjfHSiZR4dhePdvoVKprUe8= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tBApK9Cr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327675; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=e/fF6j+GFZ/B1J+sTD7FTRUr5nN0gJgvjv0gndMoJSM=; b=iGaxz85ElzMPJxD9eVeze8pPZAtlAZZVKavCYziJLcwC/NG4fNIhNyfk7UXuiVsUXLYTja 1tA5u5KJ9LVxWbqUBkxYnrq85zcnL3JcDrXw71fT4D6LrPhvnJjY9gD6JTEyukaXdok/kq i/03+poUbkjw7CHeu3dJxkLTxnSQYUE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 6708661463; Tue, 25 Jun 2024 15:01:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A0C7C4AF0C; Tue, 25 Jun 2024 15:01:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327684; bh=OtVuYnhHZ3Ff9iifqi0z8zMYVHFXjow5mOcREWek5jw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tBApK9CrubSeAIcZz7A44caQcV2AMjXOrBWKOAQ3YTROjS6A3B4P8v4DYUloTh3iu L2JunxfQe6hZaIBlEPk9nSW/4o4pQZmJ/DFcV3ws0UAQ2v71qgRnh8O5ROxwbkVS2u Od4fFEhLHznvAgb0qV5QQr4wYTOrgQxeo8iT/UyiHXH2mwQ2Gv2eBlAo0sUKyHa2/H EpnCO7nOAwCEH3PE/YoT1josQRX1DA+TcpWW/DUzAO+2gk4RVwbzuTXJNrK+uZkuae 1NtJZFXhf4RCRNResyygODc36rxxsXvch8b78J0So8bQnWcrBWUvDry124M1g2R/jY 7LKsbul7AtnxA== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:34 +0100 Subject: [PATCH v9 06/39] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-6-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1421; i=broonie@kernel.org; h=from:subject:message-id; bh=OtVuYnhHZ3Ff9iifqi0z8zMYVHFXjow5mOcREWek5jw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett2xSPtaVh5MhskCkWC9d+Vs/ZeudvczR6T8fnM pi3EiCKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbdgAKCRAk1otyXVSH0A6RB/ 9c9lgKwWs8KNFn8y602zbLtUWWDwRky5DJm0wa9ndVkr99Np3G6Sgp0kjHCrAME1Jhs3loF7ZRybJP cE8qjsWIDeZ5xnO1Xyk9fkQnHnEnm+mx6iD3x4MjqpDs+Llqis9IJMXZUXdHhR+S5XUJHaNOUmE9d4 OVBHUXg7rMVfhK+/LBd9eQgwyt+T37LYbSEJE4mDUJL25MGhqGZ/C7KVwXwFLuAD9Ego1WlN6c1Jux E69W8dgNbYY5tptjL9vw8zgrp+QLEHvMwCxgPYkTzlK49PHBow+u8sN1eOjKFNvIYEKwHwcmDTHJWI ofycDRnMbkf8lWLsyocl3/o+4LmsPY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: ACAB11000E6 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: t54hm6z7mxxis6rsco6pn6zzggyuer7g X-HE-Tag: 1719327684-452035 X-HE-Meta: U2FsdGVkX18NY676vkQNvgoBfJJNK80nHIfT4mhoqKtJboA1u6s6GwTo1xR4ivskB6exOGEO4UOtmoOE93mHSL7SQOcnMp1d7IwFsfBCS1NWEaowOmWCK/gMqW10Ap1WZKQ2q9CHyw9HoJA0PSC/zvpHEzXKKH79elbYIyxqsfq6XNbmImcRieUDz3Dm1gFcMFUFdVXsKdsUQUZTJz9F/RniYJbCOwitCTPaYt11fOriCoJuvtV5H7GJudtJSD6du8lw4svqsI/rfYlochabmpX7gu8rRvicZljm6xLVL05KuSalP4rWbpSBRJLMijB8RUzg9ut7f24/efntT9I+eGRQMxn+alkLozaY+f8AExnvImDil/jnl+OT4xsadMucakciHBPvvD0t5BQuhUpCznJeB25P29zMToqW53NP1HTNIUBpYjvcn/2leyYysc4Z9OVkJwGoRBcBc5xcXXNaKvBRqEohpJ3UUzfh3H84G+q9AvkW1RwGvT5S40S0FNOq8GmN6am7l1l6/woOSGQhwuwRCUmPXgrySNJEcts/9PU0d5Z5Rch2VjbufEkIhj5F/UGCkWnX8qbe8cJyvPLLQhH3YyVHOdbBlzOySif4sZikP6xpNU8buHpFIFMYGWR1/KR2KwNVpfrdo/aK8q7vEkxnjw2+zwQ7YXoiYS92mMM2pat1NPg/y77gDaBH8ZL6SayKpK4MnzxjImYqgTS6PhdDJ7/DmLKhS68+4FgPemJYPjYBBUADjs+Glf7wIcYRselq4d30Hmh3vSC5vaH80ZwpzRO8jQ/7X+tn5hWj/OPUZiOr9qHcbBBdqK9N1LNmDseAi2RquJdlxQWAfQLqBAUCvF89XvALy9zfUAfDDGe0b8TspNr5YwUlDTWNFNwp+6RuHq2Zu91hksEAigvXmKJu+uv3ZAFIctaBuTxOe3qt94OpvvNzKtHQuDLtUomzlgASDGDhvpQolnQj02V I0lDBDmJ xwjzaWDhFQ0XWFmUjDMQ/lxZaH25JbETgTG0nqJSJvICFH+YwZzZGnyIJsfGb4HwNz6exsWswM4pqKkWD+W790dTbn1eyM6R/FR2lv1inup7bHXv86baleDpkPJpdpNVnODgXeRLVbjN3O7jCG1Ccrei1mKk4OcDBVkgcpp663jz5POS0lyIv42NgnoSg8izSSSox3K7Kc66DhmT608hBFdDIlD7L0Bze11RVJL6EJGPo7bb3fhhTxTGRNW3YHcg0VGdaU0GFwrHHtWsja3hnmqMHdwTzoYLv9QM2olAIZUo8TtNcnHi8bkOjOBhK9P9RSl0kj6iV2Xjte0OZYGCdtfX6y78OuiCLLWbFD7ZNBam2ucAU/JP6vgN1zZMaw1Sfxu7o X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index af3b206fa423..325a1daa98ed 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -1064,6 +1064,26 @@ #define POE_RXW UL(0x7) #define POE_MASK UL(0xf) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Tue Jun 25 14:57:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711327 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4833C3064D for ; Tue, 25 Jun 2024 15:01:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 66A836B0098; Tue, 25 Jun 2024 11:01:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 61A636B0099; Tue, 25 Jun 2024 11:01:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4BAF46B009A; Tue, 25 Jun 2024 11:01:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 2903C6B0098 for ; Tue, 25 Jun 2024 11:01:35 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 93D05801BF for ; Tue, 25 Jun 2024 15:01:34 +0000 (UTC) X-FDA: 82269724908.04.191C11E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 4E21F40047 for ; Tue, 25 Jun 2024 15:01:32 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LB1z0uLC; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327678; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UyxaLF6c8bbKp4k3CezmG/s8YRNENr77in7SNyRbvfg=; b=SHqhvslQ3bZInbZZ3FMOV/JRSCI9/oh0+zYgLn5Hi5bjW4s+6G0PrknZ4iUg94RCMQaftd +/o/Lof/cf2TdCDCdpy7gU7sU8Qt5HMxnuQCh+aY4R0IXPLIFM+AatiJkRLMSqzWSwtPZU HIQAMR/6su5mRDb1YUbD0W8yjQmrjtQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327678; a=rsa-sha256; cv=none; b=Q73DbKPGODkdOcm8e6atDE+jvZJHAKFHTg0DJ7BZNYweFygyStcmwp1DoxcyDiSQ+pqi/G FXJg2JBKk3XczDpoPRWrQyL0Z7fOcrD+styqrLRu+7YKmwEQRzczZu6MMYVeXObR9Orzi2 NBCS+sR06ntH6en1JsaTX306ENJEEC4= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LB1z0uLC; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 56ED36146C; Tue, 25 Jun 2024 15:01:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86A8EC32782; Tue, 25 Jun 2024 15:01:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327691; bh=FZl6osZQv9tUt2U/ynTpAvRjKv0nX8jhIzHo4KZI7Xc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LB1z0uLCfALEQBxZq3EKZVaHBNY3stJUGGS33HnAF+qvGORdfESqvZIYxkj7bv+HS L54U6Iv2tOs7j44tOE4h84EJHGTDTjVlcLQ66TCpZjGdtamPPWx+W+Bk/1zpl79jTs jEkOH3pcuJ9K8R5CN7nTj8KGgEESCqUdR3u1CW3/JZ+hI+fOukZ6IgdLE8QPpSaRSl Mk3jTJZCntx0mFGHWhgYC7NFHGichd3Kt/0PHDAD4/TAgKu2FgqexAejVK5n7sGLxs 3Wwr+VUqSM/UeLdYhiOS9WB70a43AdK2D82QFbm3y+bMh8yXGTcW6K9Wkz8IKHsBlm UnY7K7gsZV2sw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:35 +0100 Subject: [PATCH v9 07/39] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-7-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2643; i=broonie@kernel.org; h=from:subject:message-id; bh=FZl6osZQv9tUt2U/ynTpAvRjKv0nX8jhIzHo4KZI7Xc=; b=owGbwMvMwMWocq27KDak/QLjabUkhrSq2+XPXm/0bpVzD/k8YQlf0IX13+pntU0rfHD/iHhl8g2+ bCazTkZjFgZGLgZZMUWWtc8yVqWHS2yd/2j+K5hBrEwgUxi4OAVgIh/bOBjaedu9c59WSqjki3yWWS WkUBj+trxszfmbhX3ln+cJShS8Cf0lqbfX6VfE3P7yG7qM5zdnnxDcNe9lvfSEMtXr+wyKs4KnPrjO 03bX9I920aOcdusdTDx8LEfvPJc1S5Bz4Jy27qW2XSfTifyd9orsthH/duhkuLbstLrrWjLxtWfwzk 6TSn9Fq1bVzi+rtRec4WJ5YrXh/5FvbypfOEwRnKmmf5YhbIl8RkBTI0+Vo70zt8D2Rc9+x0nrhWux r9w2U1Q0s4QjMOj/WnnbwBuuEyavaqiPEJ/ixn6mNC70/Lm+SL2s3r87+cOPFieUOHbynL2RzijscI z1zj19gUM/3++5eqSDT/FKbYIsAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 4E21F40047 X-Stat-Signature: kg3fr73zxuk4g5aftwi8exs3ny73omtp X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1719327692-654444 X-HE-Meta: U2FsdGVkX19+lO2njLk3F1erQRLF20fQMneb7yXieMUC1KbLR/XrEAgYdqMWlqGer/dmCIC9Ge3S4OPkyq/uECGiZ4o1epdtZHE+9+urgKfzHCIoVvwyJMJ1jIMcbnVu2j4L91ZIS/OKcLtnNzHSRpwI+rumIjQ0oNzjflgKdEYqdjTVFMktwEXUiJiJqFBzQOOygiFKpJ9UAl/zYC2K8JXc5xEZBZZJ2WrgHi2hBth0U0/XE3244zw6kk1nVEFgp2SXZbGt2/BTSva1jbnkoKAhF8zLD0QBje2uAUlDAgH05ktY1M+zfWZAUYcB0LdDgngyCawp0/k58v7MMG/ir3PlN7+w8wq4nTJugNdUdYXNDYXfDfPlUR5DuhH4ajZcUvJiqNDbHScYbrT9xGGUi+39Ng/XuG+pFlsfUz+Uf0ytEUi4ItGggwlZeyfOvryV9PWc5QdJxYAP9Y1M5VgYdYtOSKLrC/H03MSgJoQattkxWBGUJPUCbf3R4OGMJa/dUdRRa3A6Up1SpUTBBpfl2ZuRR3IqsZGvbKap32e6M4kJUVtAyPHrGvvwXDi/c1SkJG38eyuDFkn5oUk3a8rlilOO+u54nZ7MmMMygS7jiY4GSY2br+RDtDO6RHUjAIybKfQCgqRbwe5j2v4clzdd8xLCQufrD+1zsgqQGv2T89eFBNKRDT6VTD1wZwDyCG+cWbghp6FS0LfiJsjbUz1hCJerQewhsPZ0mjDCJ7zD+oa6Rma0pbDmvKyVQHgU+hhE26M9/08HYgJdUepByTSZqZiTQAf7sYl0FJiHxEd9Ptr/ezt5srDEAbzK6CdC2z6NaXV7sn0jJqmBAOU5iTzdkrrTbPkQVogpobPI4qt/ZmEwSVS5e1uU83PCzrxM5HXmSnQkCG3Dk6Eel5dTXCi8TeMsphn7E/RsuJ+uZjVwkMgkRsWl9s8sI/9Hw547dCL3u6GDEBvz5tTIyjBBg0t 11EQ6MlT qnZu8rZ7beBGSfboAWYTPThdlTW2VuuyYYuDK2P+QU1657I7CjBgEThN30hTbJcSzsr5cUin5HuuQHS2u4uxzCgkvbl5eqt/Xt6xuCggzavXGnRpM8sdaO6DUWCJtmkrYZrv0WbGxvJlpHM373xHc299Rh9gtdH0TkUW3JW6Yw2CV64kWFVGQDn1srngij28LboKgYUvdtN0rt1WkfurKOdAG5PDREZmxBqX7w0a6ClJ5RpX7UTa9/Q5/7b9cYkPP1hldgPD96rNSfjakJe9ryu7BLttxzqgBTJy/n9rSRqTDvqPVA9NV9b0Ztrl6vryu+LwkVlvE+wWxtf5lge+JA4l/9eSZforBODzAR89oTfl9FJkP+Omz2FqG96Ul1PMct0QE X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Tue Jun 25 14:57:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711330 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64692C3064D for ; Tue, 25 Jun 2024 15:02:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D22736B009E; Tue, 25 Jun 2024 11:01:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CD1286B009F; Tue, 25 Jun 2024 11:01:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B4B306B00A0; Tue, 25 Jun 2024 11:01:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 92B516B009E for ; Tue, 25 Jun 2024 11:01:59 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E86CD1401E3 for ; Tue, 25 Jun 2024 15:01:58 +0000 (UTC) X-FDA: 82269725916.03.B39B7F5 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id D220A40127 for ; Tue, 25 Jun 2024 15:01:39 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LCKBRIM7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327688; a=rsa-sha256; cv=none; b=tRVXHw1P+1tBXJt/K6K9dYawa0FC8qf/bThtYHYmF+E8JCWgl9F+x4Q2hf4WP1lYeHiGqL 7PqjcFzNEUentqJmmrFHrenv6WcaEuHGVGdXm++Sk1XN9PnM81OsxsNecrlfbGQEplH8zK wxCzOdH2qVAL9tbj+19CAij4OySKZaU= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LCKBRIM7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327688; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=p394kNOGuUM4kB3+kce/KU992lWtCnOBaZy/f6a4gQE=; b=oqtPcysfu3r6Ktz52WtXI0ZTwDBgt3NjkXDxrpqXLDX6WSC4fFiCBobnHeA1Uzd/X3TIZd 0W55h9hEKHuGQiwDdLknsjlQYlAP2LPT1ejn7T/Py3/f9XRmKDomq3GIrQGCdqTQlwiZDu x32vbx5dWD0GEsHuOqfbNBnEY/u1Pf0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 52A246149C; Tue, 25 Jun 2024 15:01:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 75909C32786; Tue, 25 Jun 2024 15:01:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327698; bh=SpxTDPkJgZRI3y2Hq1n9QzpjFWZ3Gxi3l59ZtBf4jLI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LCKBRIM7P1X1xpvsS4XEya+CU9QncvalN8/HgV0jOcZrtdPH96iZ79e/FfldlYcyQ KG4D/US9JjKXYl6B32tA/WiIsea5bmSRxlZ8rD+s9jRPHVCl2dfCCaNrSUGkPvyfTj f1I5FPA1gSm4owfH/cYTM//+93y5ac9PdpqIsqUC5aI5zL3mgYULmUS10eqDN02DIq s/+fZZEtRgCN8Yu91NoAulTdaszPk2cIrUC+Vub4cZGRGySZQD7qaEf30fZXBDXLWg apjmyGRWF49cRMCO2zvSf9I8skh6/KYYKTNe/c1B4e8lNgRIB89TjkLsb8q6EKyBRI v632mqX63KxEw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:36 +0100 Subject: [PATCH v9 08/39] arm64/gcs: Provide put_user_gcs() MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-8-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1103; i=broonie@kernel.org; h=from:subject:message-id; bh=SpxTDPkJgZRI3y2Hq1n9QzpjFWZ3Gxi3l59ZtBf4jLI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett4CKl1cP0GjqsEsHZQn+ZUgv8UOnY1gwbJGEPy 0nF1gWuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbeAAKCRAk1otyXVSH0GTvB/ 4rzP26uQ2jw9FuRsJAqw1gE2ydgI2bc/iKdMxs34w3uUiteyu1KQntu5r5O6S/pDWsDvBv9DBJSjbX C3BsRvj08B3YrbhlpjJ8tIwJrzT0vK8lfVijApbbnDEGHfkQ+ktEFeGlNYYxlpcM0Dua+4CplUqp5v URfmO1+u9hbBub4a7rjyBrKim/HyioooMWWoj15ZNBrNVzgiZwuDPsq+EFXJ4OTwDXDflKXC4mpytk yRKGcwTpLlL/Y5xmDIsOW81n+j6uhypg+JIlOx/pXvC2LYHCcqFjuGdcEZetVcrga5Km8RdHiVztO4 fEt0Wr4EPbNTgi0mUCzBzWL4XUs9a/ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D220A40127 X-Stat-Signature: jh7a3imi6n3pgnzunkodypt5b86u19ma X-Rspam-User: X-HE-Tag: 1719327699-366725 X-HE-Meta: U2FsdGVkX18HcshWTMJHurgZhr8WyKuMKjXc7JVgDOeYER71EzqrhyAsab+MJ0ETJGMiHZct60IUhC9Wjw6e+U43mERiysz87Z2Cibf0Ynp1JMdLvzzD0yEMu8ZbSahAXekmwV+4R+OLDbiD5FLzVdxtK/td9h9tuSCDYoiNHBdL5LSDHCnPciiK8s3RELtIiNI4gGf6st3vlvLr/7J1q/CRIeJMscnqC4bvu/su+T7RdO1gDhplM2Hi0m/beD+Q5O2PsgYxAPD6RTFlEZcd44/e9XdU1pAP8f1fWWPbevaPwz4alQoeVmN1dM0tW4h4spmbBFp8zXWLrsHcH91uY8y1bx3k1rCSJT7cpLEWbCxQOVEX8yblddaWHXR0h/Knu8yzeRWQAIU0T+aJ7MlX0568PZBMhnu/yj4V9mpahHAhkSx4hY/yo0G3fZYMyMCtR0oniGiU37TN6rL3f5osv0Q+pt07uBMoavwtpUy7obuggquz0NSMOXFf2H+uy0knpeVNaeKVoeUI3FoONstCy6lJh6BfNCBCOrqjMKUo//T6O/akUVzmj2lXECXnzWzNHIlD879UDSCFEdefEpW3/2fxaoB8fKtAq3gqYKW7z4eZ2ggPHLScEeITRdQ5OcjIMlnTwqHWmsGVZQAtNgxvTYl+vEFt8Pc8feKtORPjmghqzKCTJvt/IbfM+ui6rFkvqfmmP3nq+2xK4716xSx7do4bfKCQYW3JxyzRdS1m+W8HgcBFfW3xNHvxHq7dV8fROsObOsrOP6C8egilmL/p1wsYvY21g0XWIQF4Vu9Hmpx/ypfTUdsfDNzLHzuYNQIsB5LLwWrsF0eHW0qjOxLmlYUSiG1wy9qzIOBj7yM0pI+E8CBU6srKdsoxrliTmSqtNHNpw5MfeTSu2tfrym6a/B+l+I9VRQppHy1w8uDfQiBXVsV7t479Qa9exjP4MmcDSnxuZFcz5IgpQBHkXG+ wW3fKaEM DeLulP1U8Py7jFvYGzJdjZPHq1bSTQznVxLnQv7e4dZYq55FhCEVi6zVx+vXvoPGTfofvfojvvAezkgaJXtQMsUA8oD5ObslK22hO4gKpQKfeo0ThW3FBPoePPpimigglxW+7YkXZtuXuIGCIx/5mCR1HIGBEkzhjWOA3M2wAkb5HT4q3ZenNNEymIemSF8EyJIpkgzMJCWXzwP0vNe9a/scw/CQ3g2VzkdwGvDsEVD6BtRWZ0K/j27+4A4OaM/yma9Io84jFpBGCUExpueT6pQzcFOHTIneBnAp/LQ5dm+njmkwtGGOdM1NLXucu6IL7fEYNVcPLPTkQUdnkNe54wnJDe8W4Ap2WOpxrV4KT4EOF+DntnTc7bC1jgvpydivOvAZSnLyhwiZqtbiE4PTQyXO+N8QiNkHUYbPU46s+MWlI9EY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a put_user_gcs() which does this. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..e118c3d772c8 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,24 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr, + int *err) +{ + int ret; + + if (!access_ok((char __user *)addr, sizeof(u64))) { + *err = -EFAULT; + return; + } + + uaccess_ttbr0_enable(); + ret = gcssttr(addr, val); + if (ret != 0) + *err = ret; + uaccess_ttbr0_disable(); +} + + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Tue Jun 25 14:57:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 591E3C30658 for ; Tue, 25 Jun 2024 15:02:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D97486B00A3; Tue, 25 Jun 2024 11:02:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D206C6B00A4; Tue, 25 Jun 2024 11:02:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B996C6B00A5; Tue, 25 Jun 2024 11:02:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 96CB16B00A3 for ; Tue, 25 Jun 2024 11:02:23 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 1BBE7801FC for ; Tue, 25 Jun 2024 15:02:23 +0000 (UTC) X-FDA: 82269726966.02.A136188 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 9E09BC00CE for ; Tue, 25 Jun 2024 15:01:46 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=guFLMlnM; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327698; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yuW8U8d6RaSDulCVk8KUFCc3flk69UeERzuK80b34IU=; b=kIvBBRrzwV80kBkQiRK8Z4uQRbw2e8qXg3kimJheJfGF03ixPyYoglzLGRKOGrlN1eSvg8 Qa2IiAG8fg/5oEOSI/j8Fkq4lmffgJW/k9ZK1fJw7xaP8i1Y30Yj5xcsnMQtYmg7GPSS/n +mACxXU1l42u5uMlRL+HYZofSJEFmyI= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=guFLMlnM; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327698; a=rsa-sha256; cv=none; b=SfADaa0hbwfEvZK0IsA5r1Ox9UkwHAO/ekf927n1HwS2J+azizKxs7Xb+qRweA4s97f6JM VNA9RSKlaGwa99X/fafWq0ixwc3KYPSX7X2aUVgj+TrhnVf+zf7EyqbN3XYv8zfjT0V2LL W5hF2hQ3EEmgIDjZYWeCMQK2dHbecyc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3AD6E61461; Tue, 25 Jun 2024 15:01:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 71FBFC32782; Tue, 25 Jun 2024 15:01:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327704; bh=HBYukUfWWcYFaZwVBzBm0FRifOIeZ7AM+OQsOqT0FkM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=guFLMlnM1QO43GlmvCb+/U/FOOQAUKPCWEgOqJfY5M5MDV6SRmAQOa8q7C9lTPBvJ bCTwBCFm1G71kP5NwfiymCRgWuFdfK88BlX2BsEf4OZvoHlBG33AubZ3oA/ri9TwuR x3h6i4zE6icz8GEnRzzvzKVrK4BJFmIoHUDgx/cYgO94TdAqy3duoeOcMTWTqqkl83 XJYk7MlKz+mCHz9ly6aD2LU/yOz2Xsh7xy2ZOaj10LsQ7cSw/hkg7Hoa8xWvYO8fgZ 5F+4lZS184nGsTwjJsweeg8rH9zsi87ornpjkfw9+/ddJndjUetLK/mVuxfPCyrGG0 cmGd+vmSRllcQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:37 +0100 Subject: [PATCH v9 09/39] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-9-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2967; i=broonie@kernel.org; h=from:subject:message-id; bh=HBYukUfWWcYFaZwVBzBm0FRifOIeZ7AM+OQsOqT0FkM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett5TPImNiJ8QKbVQxAR+IKRHbeiwzvOwBa7FcIp VCtDJlSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbeQAKCRAk1otyXVSH0C0wB/ 9NlpCrbN55O/ocWyGWdcitxqcYlV5HNiRlaj/HXg3uyfnTgowjv1GnR10+pBR8qw6i05h/sCLgJkcW 89w0l/rOivkbV/LHTpoMWradc1lhtcePGc8r2oqea9dHPtD1nKD632CWNTiByENihEmHnufFbWzCdD n/kuevX+t5HPce0qds2YCgqByhWei+20Tq3fTtGrBTDK+9DFEpFfKxnT2fuZx1e/20QT/gQaFeXkCQ yrzSLi6gdBWy9fG6Xpuh2j2YiYF7yaiS6DhtFjSLzwS/lGdnk3onXV/WMYzqbgrefN54gTj2hKQG03 WFocfLobkJrHHUhGnQ39ToAgXyrPXO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 9E09BC00CE X-Stat-Signature: 3atank5bsubcb7s14bstn41hfc39hnqu X-Rspam-User: X-HE-Tag: 1719327706-136253 X-HE-Meta: U2FsdGVkX1/Iw7T83wQ8w9/5B1gZ7JUghcuKItHUXZ32NTitTAu0ORHSL1UibvC/VN7eM/9jAZHUeTOMIantV0QMzF0FcNe/MzE5ksgGjDvFOZ08p5nKb/WQiJjDDu5IZ3B2Usg2KI3i8+pZsGW800POvJ5vqBgFfTdfYePh8E6p4mSguyw+eSZqL8IhFew2C8ZZSLWJnWDNCpnFzXyiOeMvAaE0AlqzjkvYF8QUa0RXqTq2Yx1YAtUT0kjW5i4DoVROly7aoXpw/t5UwjucrrOQcYPHjZje4clIzW32HNhM6pxA9hcxq045OfhuJjoBHddzRmLF0pXInWsh0opXqFRlLR/h3ihXR1WG6BN9UeiqVAt25mzQyEE3VEsEoPWeR1c775IsoJNAAOOW9phtC4B1dxpyJNUJ61nOnZ50mTQ3GGAFYtGtwgmemfgSD0X+7Dx56TE0L8AR538PQGpuMXZWssyEkhz19R877vG2V39XIKxs7n9A8A0tpkzgho3Fm8e9AIVKs1wH+SYPCm8YNmiExFormoDJGjc1ElV+QCvNR0J31Pg2iGpEbea56+u5yg/3WAQANS0TgSgnUyibfFByDtGbF93cx8m/bVIUkqku4+WG2ayvNKV4zUYb1RF7FNgu9y3/6HNQk6vf674QRcWzAGRPB6dPQQChPBqZeMONldytTH5kmNbuKwUYGUzARnkRprPI6vLmRpdslVqJr7VVHfdLnfEVl0YlGiAEkeeMduAjZQc1s196fM6o7+PIDQYa6X++zyCp88iyR0YmGK8hZZvHEofnhjbWZP4eMMONfQYT4Nnm9WJKvkPZ5QQEN9eDQnNBluOt3oLEzay42EBY0otv/PWmttHVl9MhJD9TVvYH+mZtSVxgumLCnc2seoUbxGd4Y3L5rz03LRerfXM5DnBTC42h06HvBfidC91iDqPS+WYr4ZIq25+2QbUbqTX42WUHpw7pOmrBTDH 61QrO9ep gtnwsGzL0VJLisoQeoZXN5GshfNFweHGDbyMI8nmY77nMDH55LSfYVFF4nus5Yf7TDyyQu3KoluNxTlDIN+HulWAvttWnNj6u/d0Wz4QTRcB+5nRYxgr7KEFryXSXeXani6t6u9kO23wJhk0Yj2YdPcdDMSPSrOW2jVZfYCahnnZhyeyyYlKTQXnEAFhgJokAkWDd9fclWAXKZ05kv6z/7BLzLzTXP1P3wNXk2PUcbjsHPRau9pt+7FO/QyOd8bDz+TovhpO6wOll61/ANbZlJioglE8VtFc65xYXPXrOKnXdUwyq0MfbtQtTp8E8nGhIWTnVV9XmomI4OHjmWNkWWn6KSSZ6/2RRM8EbtF+rMYmj3Z9OwV96GEDCWMp3esKGUVVR+vcIFG4JTCyhZMm8FoGgnuXfRTUeuxwdO1Pt5Pa+QCI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 8b904a757bd3..0ebed5dfe55f 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -832,6 +832,12 @@ static inline bool system_supports_lpa2(void) return cpus_have_final_cap(ARM64_HAS_LPA2); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + alternative_has_cap_unlikely(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 48e7029f1054..056d394920f9 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -291,6 +291,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2347,6 +2349,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2869,6 +2877,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = has_nv1, ARM64_CPUID_FIELDS_NEG(ID_AA64MMFR4_EL1, E2H0, NI_NV1) }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index ac3429d892b9..66eff95c0824 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -29,6 +29,7 @@ HAS_EVT HAS_FPMR HAS_FGT HAS_FPSIMD +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Tue Jun 25 14:57:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711329 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29197C3064D for ; Tue, 25 Jun 2024 15:01:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B24E16B009C; Tue, 25 Jun 2024 11:01:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AD4406B009D; Tue, 25 Jun 2024 11:01:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 975516B009E; Tue, 25 Jun 2024 11:01:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 7A4296B009C for ; Tue, 25 Jun 2024 11:01:55 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 2CF9B801BF for ; Tue, 25 Jun 2024 15:01:55 +0000 (UTC) X-FDA: 82269725790.18.83D0C5D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id 46BA51C001F for ; Tue, 25 Jun 2024 15:01:52 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ilJXrKEm; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327706; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=N5xlaKfE1qe1MkU2t/MFh1LCl5bc+UWmzF2cua6bJB4=; b=Sdmf+XNf5I0c/1F66PM0BlhWpJ/FVkPfMCzFa/ZVkzm7oUUmDnpEQldrjAyvaxmZJgakXJ CwL7+f0u7nTDcxRzUFJGQxyHWGcj97tD706Tyg85cTYNAKhE+uQs2FusQx0Tplg55w+L3g 66aMfCH/7gvMHxKNEiDl5in0dhUElvY= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ilJXrKEm; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327706; a=rsa-sha256; cv=none; b=V9w0bYRdY9O9gaT7crgdvbIG8eljBXn9EUSdo6vnxacvoSzT9Jqk8EQoXru8FdrdFGsaYr OEsGviUUjcgoiivIamQnfSZd0ECqwD4CPHBj9hDq2/r0o1n/ajPLb3z4IBoF/j+w+sHEsI dgdycBOojkIMMWD9KEsdynCY6EZyVyo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 318F961463; Tue, 25 Jun 2024 15:01:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C39AC32781; Tue, 25 Jun 2024 15:01:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327711; bh=WqKsS1qVwE6VKZ/8GkyAqMVM3MB00X49lYjibfc4BZQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ilJXrKEmoiep8bJXwU2ISOt1APx0j4HH52q1DZ7pmu5WhdjJ/gwYyljQqcWY3Vjg3 oXgriQ2ABM/n4QvbZVNHyWpA1l28qOgXngRQbejJl+SAjFIiK4POMXDzZ4CdLj+AZ5 tfwouCFft2E3QW54hM5YYqgtVHVEXfWXOq+8hAlcKDRBIiOCsxBUxERRufuNMJCaBc avKoDFeEtMVgkM9n89rShVeR31dChFcneUSoU8caUxnt20VEENuYHTXS53Zmlo1ItW VbCvVI0OkIz2PFeY4WxioBe14xv474Ptj6kuGOTvPrjmreGF3N6W/5NZvO+pPDz+5O EY4Ko0lF0s0/A== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:38 +0100 Subject: [PATCH v9 10/39] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-10-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=3028; i=broonie@kernel.org; h=from:subject:message-id; bh=WqKsS1qVwE6VKZ/8GkyAqMVM3MB00X49lYjibfc4BZQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett6+kzmyOKCgGmOpKaR0cYZSVyO/9vRJKYT504K +JJF8pmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbegAKCRAk1otyXVSH0LTlB/ 9valnIlrade2yvkfz/cq7OVs3qbTVZqiZu4l/buYvQpXRVuiOmXSzOsy72Yn1FZwf56B5iBpBMKom1 eJKNSskeZTfA7KqoX4PcpxkTwpE8HITZA4bgrVDb4CZSH+CAp1ktvwdcV93bLRbpruBdY2Sj50uocW PKeE7/Ui7c7xjlvSyFe/nzll9PwXqYCu++22FsAl0k/us/kmVqiQziqJ9ovcxfB70CSEckHHUSciGp /tEIJ8r6dNBoTfitEpdbcbOkIqijQGoOiq+gtbhuw3/GFLnYklH/3jquwVYxA2LbzQJHqTV05fyZ1l ilXi6zOwiYbwYEysmWGxPakaUJRNkv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 46BA51C001F X-Stat-Signature: s9for63f8x4df6zfu1gc6xn9c5dxooqt X-HE-Tag: 1719327712-300063 X-HE-Meta: U2FsdGVkX1+VgrWbydnMxt5BrnWiaBj8YKH8q2NLvvYfPgPp5SQdAmq9Izjmh4xSWQUV1SWSxAG9kR5JApYmuq7y4gDJEdMd69av3peqJcovwwUUZgnKtXIJSaPd5lHqdQhsOMVwnuyKDU4ZBZ0G9ULZ592YaNVq1a1nWmSPHJu3V+P0DOYch7yMP2i7oE+lt5JvTd7rxXZBL8uxE1aHZ6AgM1OoRzTy45fjV5oAKheerusdCpEuXoIxPfF4po8ervthzzplmLBGKC/kzLP8KToquBkjPTNcUFJ7yq0lOd7AYn3Bj0swS7A5bgD1U0kZ5UIZSR2qR84qwwZIt8oWUcF0A3rzlyCbWaFM5Gm8fuUiZfIOKiUahSHPupW2xWZhJCAxameGNeI0TC5dvlC+vemcMaTN8aA1srkX3oxQsNGBWdmmymMC4JQvYbfjqB+yPtAOcYePa3jX8FJrwAqapbXY/tpmjfHix9W7Sk7SUmaYO9DrXZZX0dxMFnpsIWdpTRPidZjycg94prXB+06TZM6YjkOKCUJ24N7y6cyBFgZtc1DpeOwQr9M8xd+IVOAACDhdOY+Wt5ciP7NmLplHjuIdq2UszbAg32WT8HYm/I1m/+3MpZF5/TgwESQ01W1UjJzadDj7dTkLZTQf4wxMMP3IYg8PNRBUcPxFySTBNak+DhMr8UwRpHpnlxWsdMMi6bzDgrzWiibuOXAlEoV+zQZSMra+D08Qg6QCdjY7dPNEnh2HWm/de9uYzc2e2CiNtSInejb0bjt/HqB3sIk+kZpi+yBudde3sItM3FwTtnpcjpDcpL5hcJZE36qKA2GAMJP90MEZwpFu0+xFftq0NjcM7xucDb5PS7BcHpwQVuC6m46wxH7zAWBeoZfSHs7BEMuWLd5qxdB2OALreXtwemab4jNCNoz2GOHawbC3ouX8Ghe69ysBxt87GxBJXcLbY9X3UDtc1R8iN/6Xxql FMmf3VCi z+Q0wol7/HWsuCM5nRIQR2Jlu22q5qOsJHEsBjeeCjuUvCPzMAQ2rIhpL6duQAraXao+iU5eK1Tt29WvR8/tQzggHMd+JlNHsldhdJXYy6EqakLMhYDtzb8H2x68S6VJOBQESyTqf+8qhAYnjafdC9G3y8A7xIyVKEkEjjIUjdlJ0eb3GBccywnivCGB3TAgfRaHUEHFTgvPyHd4XRJezY4nVqaN/yfb6+2oWkQyyiPufyraKTFPwqlg+wRWIpnvl0HVDLT4sHdpdmjN6hrkS808f7zFizmXONAYbH7iOwwWONXK6jbUdA7dE9YtOLjacokReSRNs9jFeQpvOTIY6bNIc1iq2Jd8pK+mbgDFe31FS130tETG1zNtz9Rcq7UMBFAQP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index b11cfb9fdd37..545d54c88520 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -144,15 +144,23 @@ static inline bool __pure lpa2_is_enabled(void) /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -160,6 +168,8 @@ static inline bool __pure lpa2_is_enabled(void) PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Tue Jun 25 14:57:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711436 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8853C2BBCA for ; Tue, 25 Jun 2024 15:02:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 420126B00A2; Tue, 25 Jun 2024 11:02:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3D0F96B00A3; Tue, 25 Jun 2024 11:02:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2978F6B00A4; Tue, 25 Jun 2024 11:02:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 0A4816B00A2 for ; Tue, 25 Jun 2024 11:02:22 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 28529120261 for ; Tue, 25 Jun 2024 15:02:15 +0000 (UTC) X-FDA: 82269726630.01.9B010EC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 1F917C0186 for ; Tue, 25 Jun 2024 15:01:59 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kvOcYQEl; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=y62O5lQP9rJJU2i8GeR0b+nq1Zow0bGo8B2UUWulJ7c=; b=oLxY40izhwZ+5XaP7slSnp7AZ7f+qRUwGa7nYHt2jWklcScTjwG8LcnDuhQDFZuZ2X4JpP MXvj6riDjG/zJjqjvIWoMpaYM4kXrgIZmiKcEi89J2LX0pv/S/ohaUFYvFOqxWfCeamYzC aNc0KtSyxhrTCTjnU6cCZdG7eHC9PW8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327703; a=rsa-sha256; cv=none; b=AQt2/C41WIdKJuj0vlIy34eVLWBzIviRflwQOPO+BGAguBnfXGecaX/SyP2TyhEhB6T8K0 uTzYX4qWrZfT2I2oTpxuxW+EKGVT8f4xWNx3IcZHuilg0H6C577qv2BM3ud8BiRKPAKgpp D0tX5+SlY9twZsV+zQOIh9QPuUYL0I4= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kvOcYQEl; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 30B08614AE; Tue, 25 Jun 2024 15:01:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 53D8AC4AF0C; Tue, 25 Jun 2024 15:01:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327718; bh=Unhd124rE/jqvvDlek/bJidtCfK7zFCpWUHj1gtJAlA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kvOcYQElA61q4vtgFvHH6iNGxADyiqY0YwdCW+iuPCtYmIDdprU6J2LZNTqJZ7B7I 0sc+IHtBYeIfkavamiFKuOLWcXFXTg93HPGGilGYd5IkCmMASrwxJyti+ApCFaVuTH SfkSeytMwYCYX9hs5vqdYzwqFT0feI1bjJ/CBV+8mX+4EeVCCU5Xi6H9tc83PEL/Y/ uECyOkyl4CT2WE7XlCyYJPq95sl48a7ZWupJ8YDnMHUyQgsNgckFyOB3P3dFkHWZiu w2yv9T1b++jG0N5Cvo9w3Dt23fPGM/CBALJcycU1kiPEapEg0VKQEzVXE79SBamAtF jEnImrd60svcw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:39 +0100 Subject: [PATCH v9 11/39] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-11-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2104; i=broonie@kernel.org; h=from:subject:message-id; bh=Unhd124rE/jqvvDlek/bJidtCfK7zFCpWUHj1gtJAlA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett62ORcDGXHQwaoqfcnrvquyIulzKV0+KAWZJZe QPlQBiWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbegAKCRAk1otyXVSH0JBFB/ 4+UsKy2BohvSlBZDXDtE1oilRwWH9qcfuSZrbCrB5+QlcpiplVi9twh40tvp6skJth8Spv9+9jN9oU QTm7pt5Wgq08OmDUCdkSa3AOyV/gaFYfmPxrsRgm8tUH8pJKcDGCigaJGhlA1XEWIUncy5BH8e22n2 39RaNarJ9tB413TLxdGlIPf9zpOYgUsceFpOSWTTad5fk5QHy8slxg+knnaM4oQ90wt6uusO/soT8D M4O0a06fkkRut6qjhZ5Cdo54D5qEZg9uXsKLS9fJXY1xtPdCEJi5/mDHKas/L6Sg6cs50W4xoQLJXf cG2s6O8xEVu9ASeqP+Y3BGNK0/wL2Q X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 1F917C0186 X-Stat-Signature: y6i91gekrwjdaggw5qbkzeinzk7xe47h X-Rspam-User: X-HE-Tag: 1719327719-626240 X-HE-Meta: U2FsdGVkX1/C055BfHuLw+mOjfKGxvSFFi6HY8re8ZQGRp8tQv1SI1ui7bx3FKDMdkGL/KogPGOB8G7CNM5ZOOji99i6u9+TK10CRhW0aSneXm8UmdOocWw5C6AmRMvJKSWrXrmvv/fCEu/O15l8O3iLbj8xSaH0bZuKHbABNMt1zKqPsmZnqz5geL4dTFGGPlhDS4lOesviG4twxQBKbPFs9AE6b2rfxW00TQr5yDJ5oBUiL3sIGtXQPlMkcbtYhh0lbvWAanTTJ1fSDn/iKU+5b8NXpEYt9wjqIR+M/d8g02AZrd0Fjv0N8fBxa0Y3LCoJgRltvzXjUQRJJnMX0JRaAnSRZCeGvl6F6zNHs9Polee48kFnoXDbaCI22EQd+jZZgaUw2YZ0Os2gZA5aJv05mP2Puk6zIBmH6DNJW+YC1qH1US5PbnvkmjAUEcg4yqBpmNsMuQ4NJZ9SprBPABqtXkwum8z2g7N5uLHDsLO7colAclh3Gx9wOPAH0LanpByghf0Bj5ql/tM7hY8j/DqXPxdScvmKpm+hYb7mVz0/UaoundNaDyA2WzqYI+8uMM0JBW4Tw5z5xvLUP8bDj83Na1H+JhKSCFEXhak0IjjMbBOI0LTc79upTIXri10U22SbhuGJGQTmicjjBgdq1eywBKN9ssMxII6oqDwPR1kx7ZTWnVt0TWN6C/Yid4nVEQDKMQclV7Bme/og4TSBl7x2eVBAUWyJ5wX/gHITi1O32BaWAKE0fDIXxX29pvOiLpd+YHgMZdlCb8wbIuVtM1yv0/ytjEvbdK+5ftAMnDhBtXGOp+DHvAW2EC7uV/TtMqcq7ghPibXpSVJjIY/a8rzvIwp8sYE/fRoLCNbav8rDDWtqQn52dasYEnKrrea2+5lugUVD2agB9d7K6DfeO5C4nmPOpoxqWk7MC9f4LaprWW6dNT+5DDq9BtKbG/1zXKU2rEspjuZo9YV8+rX NwOq2bin hS0rQ2QZe6QQQW0imu0p4niFPd9h7FASaAisVCG9TAKUkqvYx0HRtdr75iD3O5+wYm1SOnfkb/Kw1gHpYuPY48FCaw5yMi1bDhFgXXqKsNA1qUQTSEzLC1tDufP+KiBwna9+L00/RjXxp/VUB8Bf1VqMq5sS9hl/qu2W1aIt3ZJKrrChkbmNPfihaS7ZZd76Bp6MG/v5euzaUpkhyj/8duoKB+gB+OTTpmFC3MfAAZpblcnUcABUrb4K7g6sloexSXk+7TeGu1+i2S6+YvJ5QBaaHy9l1AtqcuBushEKxgDa+F7sxH3j6V4pZ1Na+S4sqhbCEXY4O7dFpbsA5BMZHfH1m5VXMm2NUur+hGjS3OnOQyYeQ2U/1ePeIZGrY5VK0qGHIva0+PBZAz6Us7t3eIHUIzzPMSXOoDDfd4tfmAxw+q+M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Use VM_HIGH_ARCH_5 for guarded control stack pages. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 7c3a565ffbef..105312a0b33d 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -570,7 +570,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 1b56c1077507..6ef1137bcad8 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -706,6 +706,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 120abcfaf974..73211cfe7b31 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -353,7 +353,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Tue Jun 25 14:57:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711438 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4857C2BBCA for ; Tue, 25 Jun 2024 15:02:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F5CD6B00A6; Tue, 25 Jun 2024 11:02:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A5636B00A7; Tue, 25 Jun 2024 11:02:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 46D016B00A8; Tue, 25 Jun 2024 11:02:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 28AE16B00A6 for ; Tue, 25 Jun 2024 11:02:42 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D37601C087F for ; Tue, 25 Jun 2024 15:02:41 +0000 (UTC) X-FDA: 82269727722.08.397B69D Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf29.hostedemail.com (Postfix) with ESMTP id C9115120054 for ; Tue, 25 Jun 2024 15:02:09 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=beNCUVs+; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327724; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=shwnKZam1nAqyc+nXH4Dy0KLe6JSNPPeIx+vjyMC7uA=; b=DiFcV4K1FRalkn/78yfxCwCEg9EAjnmzN/7//UrrVw8nL9AKhDIgzXkpiYgyaGIoY9i82T IKOBe3u/qB5Je6o2YSC6st+jHBfd0XN6Qa6waAAsmYzjA9SOAGDK+TM17g3yZaON6a8jDA X1BNd3J4zakbeR7yCo2EEazQVqRE7Fg= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=beNCUVs+; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327724; a=rsa-sha256; cv=none; b=TUEUB/fjW1E3yMsQJkWka5Zu3oIBkerVaVQAAazoUfViEbjgDHq76LXvEy4uRpaW0J3jjk LeCwW7dSzWxoGQ/hT7hqE3UtSl6VJpgHa5tyY2CQLb0InggePUWo/0u2G4Jd08HjHhirRh C5S3LqNhyPAGftdsTwlu9ckYeh9U2vc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 93606CE1B7E; Tue, 25 Jun 2024 15:02:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4EEDBC32786; Tue, 25 Jun 2024 15:01:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327725; bh=VuG0ltlteCeZ/4k6bojlfT0W44+SKVrRLZbC9hnNujY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=beNCUVs+G6Zn5FAQHKN6Nt0Pwm6rLF22QV0VRU4rYnkvURD1UZQCe3vVKmCo1UKVi FiqWPBa6TOiqgCACUxIfDVIvWuZeTcJiOUs5dgepYOUHxgzJGZABr7hO6vYRTdnXnq nD3/wGk6yn2U6Wv1Swn0USywXyFD7gakSh6WA9RG8H3h85JfjOXV1J4JMcrb77GoUv gy6gRmzoEtabQG0ThNjX6p/J0ezfbHbI/P2DxiDoHNdXbxedAPbJE66du/fzgzSawV ju2hhFwU//Yic98PXLTjx1ZdLar6wsli10UEK74gs5+atzdIV5/1cPlNsKtsUce9qX PGC8Vz5aqwK5g== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:40 +0100 Subject: [PATCH v9 12/39] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-12-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1903; i=broonie@kernel.org; h=from:subject:message-id; bh=VuG0ltlteCeZ/4k6bojlfT0W44+SKVrRLZbC9hnNujY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett7/zcfVGPMnD8A1EYvs1Lrbx1uJS8YV4aHxLr1 42VixbSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbewAKCRAk1otyXVSH0O4xB/ 9jRMGcN9VYBiS1w2bLk5J1eyjmYaOK1F77J4lI9wHRHHmV5Je7D2sEkWkFenHfMmmLRgEUxY1g3Qfp tY+gB6n1Cn8ae9pH2lQLIbZ/8InLffFmqHMUHS3M6H1h78MClzXmGvKcRGsScPuMiqBWDDWCIxD9Fh c7l7SRDT42f63ePDVK1z9CvvvU2rysYlXVk5b4eA8/leysGX7w/iukie610QzU5KmtECp+wJE9vIfo U6Hq9SNIIDpdWc6U3tlqgFgVDlgOlZaP3RmDO9P8t1n1sObibs7XRnb+VBo1Hqtph9ktjdx2nxraCu TTG/KF06eBoEhcWjlYQVd90nWDjsZS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: C9115120054 X-Stat-Signature: 5xcxufa8g8tmepp5xkao1ahawnw8nocp X-HE-Tag: 1719327729-612551 X-HE-Meta: U2FsdGVkX1/i7T5gPduCecDB45mja0GiuSvOr9gH0WfA+Tk34gbsV84yrM+aG82eBm7c+8MSRSIFQFa29NLOBdJ0XpTt8as6YkUYjQsaujhGQNEH/o0D3mlPEHcvCFF3KyPvlwglUOofatf8F+W6BgmiXowuX24RQ+fvWUFcEU2ju32+Kcd0BKRolGCU3lYEeT1Ii06f2zPOOkkV+w+CFvq2kcKBFDozmhhK+pzF795IQPZH9p0Y5/9TvK4H65nFpU4FR6f2ENDx+e1oXcV3lGc9JriFP48DWtazSFVQ8/Q9PX9CBbnovZrgTsGxBFW8tQ5CcOoHuzpCPQaxrLtDPubtRbOcN/hlyoJyhwuPmc7t5t87IOtdv5jD2416bY1dNpUem6U668VW5SefTtFg9HPSASWsoyd0xC1e1BgxdHLx2iKqy+MiNqW1gXbjRZZSsB7QKvULVq7YqniXcRz70uHes0+unvmVwhK+fqaSB/sqT6CeJ26j0WhgJ9266jV21VO3M0QF5OWpQnt2tpy7cRLD6SmNfv/nIrKddOztODhXHz8tik2hEyjjKATCppqko0uSviOxoFelfx2wR96y7b6kxHElRgO8YV5qo9AyIWl4e67B8LGQ84/ABEJQQK7ICVsblzFDZCENIlVlLE1WCdxSgBxy1LAQI8QOvpJXD74AuD1/7SXC/sB1rNs8wqSc9o51Vfu7tMoTFAEXNznzgh74YdLKuqKYEJc2Ws2VDCT0N5BWvjzCBOi/+vpy3oODutxcmbGV6FwHTQrFXumLWBoq+WAM1640OC2y7q/D1hj0DvHL5AXH9y7m97fJS8QXA7BZMkiuB0nCDjLiD/ua0r7HV+nJXH5ECs5zhMqSyZtXFWALZINN01OmuVUPwLgNurFGuLWVVSDZ/eS7v0tvjxQOL/AV0v8iQvycazI9tHWmNgyb0abh2bBC50i3FmqhXQHf0VRwL2rJPtXtfxI DbnQSdQa SkUyETiGXoGSKoi1xI2JBDM/fNs9D/SC52MIGDF3alc5HJaqHvV5C+ww2OhlqWMizEHgVqUA9tdNSj8WxIGzh1TPJIxZfiy7bqvvbv2bvXPuLPms2Jk5TR1oQEOQ7u695VJpwSQFDbgmyDk9xMFQouZdFFdltNuewClr8z62DQ4kCdlhz6T9vTmvPzBAh9cNJw7bVXAqKsKLIV7786yvb061wyIBek/5BmM61TAD6HeFQqyOVNw7oS1JK7RzmznGsX8hcoaHm+ZVTwdJoiRWgDjLpqi+/8SGlwA5R0/p0c2wf5EhNX2jRLTd9krmBnWTgcOciZca7OPpWa/h5LLb0rs+idGIHcK9JercyCpNE/VM/+4bz2rkzW54trcv4IyCsUBDT X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 13 ++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..6d3fe6433a62 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* + * An executable GCS isn't a good idea, and the mm + * core can't cope with a shared GCS. + */ + if (vm_flags & (VM_EXEC | VM_ARM64_BTI | VM_SHARED)) + return false; + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 642bdf908b22..68a17bd09d00 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -83,9 +83,20 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } + /* VM_ARM64_BTI on a GCS is rejected in arch_validate_flags() */ if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Tue Jun 25 14:57:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711439 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91110C2BBCA for ; Tue, 25 Jun 2024 15:02:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D7C26B007B; Tue, 25 Jun 2024 11:02:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 187036B0082; Tue, 25 Jun 2024 11:02:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 001556B00A7; Tue, 25 Jun 2024 11:02:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D66076B007B for ; Tue, 25 Jun 2024 11:02:45 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 574E31601AC for ; Tue, 25 Jun 2024 15:02:45 +0000 (UTC) X-FDA: 82269727890.23.4273518 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf18.hostedemail.com (Postfix) with ESMTP id CB2E91C00CD for ; Tue, 25 Jun 2024 15:02:16 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lWB+uD0P; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327729; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EYV+u0n4owJTVnrCnnx5V8EfrF/8bv3xG6MPSWuL/8M=; b=TvGXwt5iu86hz+4lOZrsN2iHxNxlmwH/268DDT4mMUtJgWiXKbyoP7zS1g0WwYWIPQGRoZ LahsT+8QYbSRW8tYOmAzWi+D2rpYm2q1q5a6rubfq/EYVG54/Iw9wJO6z0bNwAHKT1hrf8 Agpu7DxMfDY6+1sFXEKHTFYhOMsxxxE= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lWB+uD0P; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327729; a=rsa-sha256; cv=none; b=SoIumLkTlvAhG4GByrMANMrYpgISmpExU6U4HyTvXtPXweXc6mxko4ELZDQTPoQiHkApkt 9Jc/FkAAmruVKzWrRyWiiOeyGydkzVFQ5IYZmlEQKyrC+/YfJ4VXmyi35IYdKcBSSsoCR6 bmrKxgBoevWlAnmPTCpuZK9yGCyPX7w= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id D9878CE1AD3; Tue, 25 Jun 2024 15:02:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 46220C4AF0C; Tue, 25 Jun 2024 15:02:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327732; bh=xFEBkbQzN0IGx0Wur4TK4R13m6HUYLs3KSs1WTNlE3k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lWB+uD0P+CZjn0D3gIAi3l0wU12UJryATRoPFYQtAME5DuHfW1K9pv1JUDN+Lhumu cVyY7Tmc3evtv7bmt7yv1Hy9kKinKs+K0cVYKH7c8T6q1IihAZNe6QC3B4U8rzozVZ 0UO2+IFvCxXWoKhdNUHq+doeb7GJimmPC3Z+RcjSB+xKVxqHtUlcF7X8vfCvqVZC2E KJ/DF2f+Lei3CvZlWp5lyi5slixonkkPt2PZ5BIsQpcHYmMeGkX20gmOMjL4uX52PK e+IcuGz91DS/akfrs2Sj9xekORyI+T4p5xB0nWEEVsIpq2hGccUqOFjR2uEqHZsA1G myPT1Px2w/Cgg== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:41 +0100 Subject: [PATCH v9 13/39] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-13-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=7774; i=broonie@kernel.org; h=from:subject:message-id; bh=xFEBkbQzN0IGx0Wur4TK4R13m6HUYLs3KSs1WTNlE3k=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett8m5SYHux/E6PwvC/oBmSfOioYLmK8C9wuf+Gt ttHfrYSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbfAAKCRAk1otyXVSH0LNcB/ sE9kOsJaxY+fNfIdAyx39PauEcgMwlrnb6xtbVyGoccy9lGhVAF/xvD3pVrB6J00a0MW81xOuUR/Lp axWcRu/lwnABdEA8tzhxXxoxlnCjkMYGQKtbtmha8MgBDK6Lf8gpvsjYL1JRZzhiWpj4MWhanRZHyi N2StFGm8sSC6BiCW2P5SLJGc8Jv6gdby1NcFsl9ycBvme+gnJ1AIHghOUJvvDLk8zjYCvri6btuPKN B5DQWdwsHE+YzGYUK6aSI/JqJ6qurYeTypfyG7gzSUJL+rn73PcOM7GFB18XxrdiLjBXjKhYo1zUb+ rKdfxTqYaakV3i/NZpXXEYO/NqmQ1o X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: CB2E91C00CD X-Stat-Signature: c5kaqh8575sq8nfs5mqj1n8nojkounxb X-Rspam-User: X-HE-Tag: 1719327736-483090 X-HE-Meta: U2FsdGVkX19OucpZ5KSuisyvBURmsWPnL87PnSAPcm3okt3zmU0V/XE7E8+hCIYvElgpLdf/y5lqBRTCxUEVtM5xWldUCknpZ0YQ8MosjVZzeilyl+50nTMNg7UvRiXg4r+bwt7ysbIcj5o99K11byyYSHn09Yy7y4a5rkuSVroPpbO8BBFOg4q7I5OTq1h5pREfz0X2rohJsM/amL1bITG5v8RNdh67o6zLBe2RtP8lgRB34H/v6+dMq3OWz8ce25T1PTpmz0nf6HNRBlD2VPCPHwa1dbmS6Cg3sZWv9pM16wq4Q8yv/HgRzLntF1hYWx4aZb0P8KWJkc72EhIdeomS0SafgBmLzsTAhuHLNvqdJejxEI0gBjMBQ4axOmWu8LnrLCg4A7ZV6taSc+XtuvcHGrSZzxVOacjWkf2KR5sLa9+HBwfEpCMxRTVNCoFacjZ5isK6Mij+RlRbVIRew1GOt486ph3n4w4VUhYjQmHJMOfKnMImc78VvqYoK62o5taNYPhQ+Kx4ZY8XWAk/j8BTkN9CNBFlFNRl9wFW5IJvPfGxSBxOzKeTdFMwKle71S18/XFJ1+elaa3qpMOvGjbaMocY2Z+AfVLrQqxoLLCavWfQYGb+1uJENdczkAtgFunDLklh7OUCZ+Eq6qkpw/J31ryK99A0xuwROmAHa2SIt1C9bCAbisYLsXmRMg0jN8QfTXbC/m1zfa+Wn2EGkMbsMyntb9gTIQYRuQp9p9RF81jXwpr/dzJImqjk1J+K+VgihFTqLqAueU2v4UTkzZNbMgXsp0/C7OJw8u+5i0nJ0IW1ObiTVZU/QnKrFC2/LCQ8N+Sf8gkgRbyXYJl6PRNR3c4BHJyQs76e5Mam0Wb8qLkGObJThsT2v3S7u+A79Wt34SaXHyLVUPFJUxlg4XKodw3N3SbVTnbKPgJ6PzWCwLAU8QU9mafwsJSUUtzvd8GOJTHUk5Bit+XW+7d /bHKtfb+ vle7xmhjsHkkyCrS5fJN9cA8fJSI3ASpVTv2h209yvLRy8udojaPPnj51cwNd9bPJbSOqen6QT5Hl/nYtO0KM1Qyxb828CFqVYQuiPGDAU1H12bI9oJTgP9nP9eqHhSB8ZXqfsIJMzTLSGNqvqn5usKclkwR25cqA+o87k1ejpH1Wb/nRfmT2K+tbi2hnDXCYNQ6EWx0c/2598v0jaRVliNZeuAPtJ2bana6F1ppt9gd1fKL9uN5Qr7a7nM4mP0H1R9Jzx1qMrwCsui1EtJu7VBh56TtvG6H3WvKIEU2xVMn+fpo+c/GoSM5DAKjHNobkCX5ygB2Qch9mfPIhBZYD85hEI3P5TY48djvvyznW7W7i7kW9BHi91PdJvxE25Ws3oFGZ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS, as well as describe their fine grained traps to nested virtualisation. Traps are already disabled. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 14 +++++++++ arch/arm64/include/asm/vncr_mapping.h | 2 ++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 48 +++++++++++++++++++++++------- arch/arm64/kvm/sys_regs.c | 25 +++++++++++++++- 4 files changed, 78 insertions(+), 11 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 36b8e97bf49e..316fb412f355 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -411,6 +411,10 @@ enum vcpu_sysreg { GCR_EL1, /* Tag Control Register */ TFSRE0_EL1, /* Tag Fault Status Register (EL0) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -481,6 +485,10 @@ enum vcpu_sysreg { VNCR(PIR_EL1), /* Permission Indirection Register 1 (EL1) */ VNCR(PIRE0_EL1), /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + VNCR(GCSPR_EL1), /* Guarded Control Stack Pointer (EL1) */ + VNCR(GCSCR_EL1), /* Guarded Control Stack Control (EL1) */ + VNCR(HFGRTR_EL2), VNCR(HFGWTR_EL2), VNCR(HFGITR_EL2), @@ -1343,6 +1351,12 @@ static inline bool __vcpu_has_feature(const struct kvm_arch *ka, int feature) #define kvm_vcpu_initialized(v) vcpu_get_flag(vcpu, VCPU_INITIALIZED) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/include/asm/vncr_mapping.h b/arch/arm64/include/asm/vncr_mapping.h index df2c47c55972..5e83e6f579fd 100644 --- a/arch/arm64/include/asm/vncr_mapping.h +++ b/arch/arm64/include/asm/vncr_mapping.h @@ -88,6 +88,8 @@ #define VNCR_PMSIRR_EL1 0x840 #define VNCR_PMSLATFR_EL1 0x848 #define VNCR_TRFCR_EL1 0x880 +#define VNCR_GCSPR_EL1 0x8C0 +#define VNCR_GCSCR_EL1 0x8D0 #define VNCR_MPAM1_EL1 0x900 #define VNCR_MPAMHCR_EL2 0x930 #define VNCR_MPAMVPMV_EL2 0x938 diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index 4be6a7fa0070..b20212d80e9b 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -16,6 +16,27 @@ #include #include +static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; + + if (!vcpu) + vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); + + return vcpu; +} + +static inline bool ctxt_has_gcs(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu; + + if (!cpus_have_final_cap(ARM64_HAS_GCS)) + return false; + + vcpu = ctxt_to_vcpu(ctxt); + return kvm_has_feat(kern_hyp_va(vcpu->kvm), ID_AA64PFR1_EL1, GCS, IMP); +} + static inline void __sysreg_save_common_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, MDSCR_EL1) = read_sysreg(mdscr_el1); @@ -25,16 +46,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); -} - -static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) -{ - struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; - - if (!vcpu) - vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); - - return vcpu; + if (ctxt_has_gcs(ctxt)) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -80,6 +93,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -113,6 +132,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (ctxt_has_gcs(ctxt)) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -156,6 +177,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (ctxt_has_gcs(ctxt)) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 22b45a15d068..cf068dcfbd49 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -2015,6 +2015,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2306,7 +2323,8 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR0_EL1_GIC | ID_AA64PFR0_EL1_AdvSIMD | ID_AA64PFR0_EL1_FP), }, - ID_SANITISED(ID_AA64PFR1_EL1), + ID_WRITABLE(ID_AA64PFR1_EL1, ~(ID_AA64PFR1_EL1_RES0 | + ID_AA64PFR1_EL1_BT)), ID_UNALLOCATED(4,2), ID_UNALLOCATED(4,3), ID_WRITABLE(ID_AA64ZFR0_EL1, ~ID_AA64ZFR0_EL1_RES0), @@ -2390,6 +2408,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2476,6 +2498,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, .reset = reset_pmcr, From patchwork Tue Jun 25 14:57:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711441 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29CCBC2BBCA for ; Tue, 25 Jun 2024 15:02:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0030C6B00A9; Tue, 25 Jun 2024 11:02:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EF43B6B00AB; Tue, 25 Jun 2024 11:02:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D47296B00AC; Tue, 25 Jun 2024 11:02:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id AE69F6B00A9 for ; Tue, 25 Jun 2024 11:02:48 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 743151401C7 for ; Tue, 25 Jun 2024 15:02:48 +0000 (UTC) X-FDA: 82269728016.20.355AA88 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf06.hostedemail.com (Postfix) with ESMTP id D65D718009F for ; Tue, 25 Jun 2024 15:02:23 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=STatpgD2; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327736; a=rsa-sha256; cv=none; b=ZYpnHSiK4YlefzILDk4DxXbwNR5880lf+LjGZWlNklwpqj+yPa7IRCrG3nx9Mnx4aCiSpB IMuCAeadXgXpsEc0uXIfLOk3m8X5WayswaIEzUzYJZoi7PYZV9zxvNQu1h20BXrShip6+h UFw4HENxyfv33i1k1E3Nd92+g+oBVGc= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=STatpgD2; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327736; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fvichsDnUjvOVlM+NMBFRierR8ZQ7Dq/WTpqL757JWY=; b=lPROaDHQh0edKel/RFPPKfrY7FOq2HB9xJRhSXZJyLGc8TnKaTIXK9at1LDokzioX/tE3x 1+2UGGPjqZ/iwR/I2kbiB5sIOsl1FsLslGMjfnGsey7BhryeBLMyAhVUmULoex4gSmC2vY r4p3XXvkscN+38AFjgbGkOqj4nHTE7Y= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 744CDCE1ACB; Tue, 25 Jun 2024 15:02:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3E37DC32786; Tue, 25 Jun 2024 15:02:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327739; bh=TfNpxv0/YFgIFj+ehQEMyQU6+Dwt53rcvRO+chZ3qhs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=STatpgD2i8PfRN0VLtvr3/xO4Z576aE4SkCdSBU+uuppRnLcsEIl09YBQW4P3cJV/ 5nPYryHHx8XOBERPro9tvUe7WHZE9e5zrrsmu7uDiDGlt1rb2tHMZJyRsZFXpQEZbv Lfh5wJSR/w+YIO2f5HKJz3uW0rCPkXav7nCEaYXnujgz7Vxlwu6k8bfME/aWKN5ZK4 +2Vo7VpnCsfDzZhfVcVlex8iIkQZT7mslYD9IJbK3Wc8cUNQI++3PPJT5fRkID/Tew +NOBLkJNPrtlIgMIPIPBPIpmMOxPyPr2D7FfuK1tqs8YknrdtCYI4ZF7jIhEJFDKm/ WGGoVGXke1AWw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:42 +0100 Subject: [PATCH v9 14/39] arm64/gcs: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-14-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1532; i=broonie@kernel.org; h=from:subject:message-id; bh=TfNpxv0/YFgIFj+ehQEMyQU6+Dwt53rcvRO+chZ3qhs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett9AN60q5kvIlR1ZcHcKPpCsET41XbuQScM991y JwD1yJmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbfQAKCRAk1otyXVSH0PcTB/ 9cpj20UTw99E9XrZQ4iq0JEfF+LAfyUcO1sE6bwkbyJu9xmMka/NS5vgBpaOVjWQHlLEA6PK8spBiM JKjkW5k7zeUW013lpa/iWiADA05kVin3SSzAVcRf9B/NoQ54ZJZjL/mHEhbeli16FDg4o3tJB5JOdv rddkE38qEE2zTtwySZ4pPFsqhi0Q44wMfZMrK0kuM+OPrCiPeoNUhtmczNkkW8l7SJ39SMwuNex5IP hWJE6EQjChRcge1YsVTmS/BdZdzg7R9HuIcMkXpq9JMQ2N6RpiOLZTx5hO97OoApANlVjDrX2w+rdp lXc8DUnhi7lkYJ83O1dvM78CD4A9ri X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ez8mbsryt7q3rg4yt378rxyckdxbfnct X-Rspamd-Queue-Id: D65D718009F X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1719327743-799509 X-HE-Meta: U2FsdGVkX19RZWb38AFmUP46ok0Y10ga8ryfJhuVwA+kRV/z59Olc29Xh0ehJIuJPjvRN74Eb6f4fnfd+c8qghRkNVyPMhtt+gqdbSzx6Bigc4V2gZ7dpogkfsWnmLahQhuZu2idcy35VVsAN0xHpaLZu2H7Qh8Tt/OlgRI6GA9giq8wIL+p4KTrCzmA9wcwC6bpumZ/k6LeJudd2lh1HT/vYv6qCNwy3wYkk7Ie3yokaqIaTri+hEuD3VXXdnTgJU6MfzPOOKhhdTyH2ECrjkWzTlc4nfhrH3FK3oOn7P8gdOSXo6O9Z1WhdYT+8p1BeBue1JKz8KPeZD5IoIPmB8fhzY6U0TTUmptj2ekeWFYNcOhOTcj6dCt5ne2LflGO77FFCqD3z58d14/3tjDYlfu6GPRQueqjh+zYSJdRHQE7rfK1TIsBmguSHwkkcBEIgJRf01m5YPAtspZ38/oLSbou7yY8K6xuEhJsQ+jfdEKRmzRu8K6nru7l6gqTskWocKdNkBBJV6pa6GurtsorIxFU6K/acdFk0w1SOAtzL2+hfy4TwlZBv6Bzt4JHwqvTURSQ5O6DzvQQde82F7/EMgXoaShpncP+WbmX+ru3sIwhWTbXKUWjbOxOYY2it6jcHqqCh1HVPycPWugdEr7HUN5bzUv2c/uGU6F51QkgHjRxo2OqMwyja9f36rMwfv2EuwlfeWHvq2baaKgt9uVfYKk0fc2rzdBcLeywQ9wYmvvRThs6NcRl/VPeMxWjwZGXVqzfVAlWxruAAr6jvshTaO3RleUoiRvdDFl3sX53AOhRLYjlm3OyUc+3GXxf5tfJ7VCbaXcghBxwtcxlzgIoID1xXnkeAjDrtKVtUlYiFuoMuEMqJZ0n473tcyQ4jDkJ04OYwrZ9SQ48SudElyMfRZA921CEAifR9koQrnCdrvbrMWxC7iqGbyCrnhXxVu8OxoG8F3/RJKoD87RuO70 J2TR4AZM VFI4B2ZX5mNoxXumkjQlEvpKEQ1mpqhyRRYZWLkuzT/Zoa+1a2SU4JkOS5kN6jFTWOA42S8oMbYpPSrMtdUfdQl3/EpR7eOAZakC57is4X7vWoFi4tv96oKsV0hOLOM1+uT1lY9ZxyRI7Q01mSkorzmoVR4fzMa8+amZyrhwsoGP7sFfoWzugN2pUddMLq0ljXihrYhiwwUhGxq/2IQwMpmtWBi8OI40+2Y++48VvlqP/zIrCUx3XNAH+EaO3sgycxQ0CGOkL6w8MHr5Of3buoizJkNTyWFK0LPG0ezPafbFp5uYbgdbHxAnmbFyCS7i2GnuDdUCt12/tppEJcLznVAAOZ4rQnsopZghr1A1RkHGi7vw31O+XXcZjmA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index fd87c4b8f984..36aa40c19e85 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -191,6 +199,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 From patchwork Tue Jun 25 14:57:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9455C2BBCA for ; Tue, 25 Jun 2024 15:02:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 77D236B00AD; Tue, 25 Jun 2024 11:02:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72C716B00AF; Tue, 25 Jun 2024 11:02:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5A78C6B00B0; Tue, 25 Jun 2024 11:02:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 381506B00AD for ; Tue, 25 Jun 2024 11:02:59 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 626E21C08C4 for ; Tue, 25 Jun 2024 15:02:58 +0000 (UTC) X-FDA: 82269728436.02.C91460D Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf12.hostedemail.com (Postfix) with ESMTP id 3E11C4010E for ; Tue, 25 Jun 2024 15:02:29 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=T1tf4EPZ; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327743; a=rsa-sha256; cv=none; b=lQNb4O/ODgiEOsA7lJT7776bVdLYYJqAmwug9b4HmQsjyY451hsn3aT5ffj02mOHztDQDw DzfeZ6NCxmwWjm+LCfG0W0b+ZLUkN5XeKpleYPTQ9xW7npVhfegsWPw2VHsf3s5D+ZTS3T w7WmgmtA/Oejn7xc4DwklOqNMVGDYhs= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=T1tf4EPZ; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327743; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=M4ul9MBwWnIIsGgh5VTJpSGeQwgaTZfhbeMOXSkuJd4=; b=acNojqRPptAR+4uHyBdS5fmcFU8jIK3iy03UghyQRYn91Dof2jvHjSbLGu2dy2kOrZipOy h7RaguwoogxT5mDc1FZ0pax+yDjwe7GyY3Fe/Nb9WPI7IF5kcxz5yhr9u7q74NCDhJbgC8 OpDYyQ1WlCRux5K+9CsERbLDwf3Dwck= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 6EB0ACE1B7F; Tue, 25 Jun 2024 15:02:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C4C9C32781; Tue, 25 Jun 2024 15:02:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327746; bh=TArF8eu7bR+kdEQcw0PtiH938ElhCp6XbYhZJoxTCrM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=T1tf4EPZxQepBQJZ+2P0ysocX15TlkKsctCglrLlJlpjTmopmLVcDgRZfo2fIdmZD Lv/NFHftNTdwBf3DqfZoSYfV6WuoyPIQEs2TNGXOriUMN11am9Hf5vq5ldwCQf9dmn 0E6qSnfvlSNhImxN7J/5Esjy55MKMRoTeQxGdu/7rc+s6RaBqycPQCbJ1TvVIWnutd b0q5gHzn3xZPm6Kw8+HEdwKQCSqhFutpjECRBpgQ1baiTggkrS2AIXDeYXF3KKOsEf YDaxMulmfJyDO7V7EcDfLhjZVhoJxdoOD6NAE0/79RPpuNfB41K0JcAzwYXIXZ95se U9cnQ8VrLX3Iw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:43 +0100 Subject: [PATCH v9 15/39] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-15-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2079; i=broonie@kernel.org; h=from:subject:message-id; bh=TArF8eu7bR+kdEQcw0PtiH938ElhCp6XbYhZJoxTCrM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett9kBlIGznTOvZYNu30sR1HSi39oURagt2PuqvD Y/xML0+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbfQAKCRAk1otyXVSH0KppB/ 9h/NsU5ZbvEakpJLVgdEkxvY5UpqOW1ugkUmSI7i1GKJvwyAjnAS2GjipTcPYY971hQbCdfHwZcLlW cGE4g62zQz3KJInv2E7a5LvVkEoEx9xQoaz4HTnvgXRkvw7mt57wnleIJzA434vuYSF783mIrrb/33 UM4KkpS3btWvRrCRi2VY8VDuFhRhvl/BAYFalo/nvTDQt/Bivon71MD9KXQCaREWjPFWn45DqF5xqc fgB9TM3IcC9LyqQXwPr+ng36ckx4ht13tLxNrKJmclwsKt2v/DvuX9vgsKXW5FMhSnNTPvaVjaVXuC UWd9Pvf2d8i4vTpWJR3H1tCTBLdgiV X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 5swrfjzhf9mro8g93yxrz38fkuhzfuqy X-Rspamd-Queue-Id: 3E11C4010E X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1719327749-383926 X-HE-Meta: U2FsdGVkX19eCL1Uvkyh0JVec18WGnORmCku3Vsyt/cPOEmxicsN965ZR6vmjf5ED57yy7Y1ehBsDPkk2adMQE5xGnpfSpgyZVPnbyMh00ESRj2Ug7IpKx/G9X6DjT2DTHEn2fDkgAaIQG9EZ2IExb5yC3RSLbzMVF1RfZkv/wROzYjEaPaTDlOFKnoWOyIVcsqjAWA785xlm41LxcQ0KuBjfAdjL5khTMmQQOlupUP5nv8+P80gDzDROmrNSKhSu1Ao4FBtardMz6jEmRhLCcjy5tJ+uXZmoSOnO7c3yL+Zv1349dk/O8TzKVcmIyS0RU98HzOyNqYeXhOX3lWJUH/AXmE8OjUOBRrVUR01BmhUV7xUL1ZdrhWGT+Wgr0fNMPJwbetnTdtxMM7Maw7lbd1LeUaEaogZI75roihajd5TDVZsVaWwnxBuYdXijWFppqFx1HphbT6Y3bvWOaXx0qUVzp5zp2cBArHC5xzF7D4zizTblhpdpVPEtuskJe+YRK86Nndp6lb7rtx7aTF/+uj4hnjA7/6tgTqcEC/RDa6WpKzGchAlSDnf0eKLJhZ7HA4xqxuPaESBoafJZSmqqmu8pnBOVzfKzKCaglxyQPU8kdlesJTFWQPDtqyVDKd8i1hweKu9B6M0CI3LwKi4razADzThhfHi732mezCBX2y37YSY6oZq+4JSRHJ9UFLkiSVHPDe1WREWjQLiv9geCBvSTGKdqrZw5cmqNmrx7Z/tAxmE4ZwEasCcWbUboRJ/hf3Q+Oh57PBM1X3X9SKfZvdb3MjXrQCtY+UUhpCcRvwKSCMApWdAtl3NFEY+qQZ2u+h2zZ26UKGoSB6VUT1DuVB5iHOgN9QjKHN0K6F7YzE9sPdFDcEYQwnrTplR8WRLoVmUJJpC3rahiMcWuawY8wCKT7OzZXFowD3hazzi8vPQ/nZaiDEFIYSBINaPS2yPfy/z+llxFvIZsUlJUbZ feVOF6M9 uBcJ86HvIMC4B58m5cSCHSFcDYnFGbryKSyvs+y7KiuvFPorS+tq9sXX/pIpmVZ0r3S73M7FbVoyZFQqtQAtzHZKC/zig2F42GsgDTlAjlUJ11N+pWTFaBXgZnWa5gFcfi1GU2Y5MGI6N43LEpprgyChn0M0rK7tYQLdq/zUyAfghhkeoG5lm8SltgzD38Fi/6Srdqe4bxKaSf/dhJf8JyX2vcWdcsGOd1bzDaQkM9HeFh/OvStYrTR5TRr8IfrH2Q3XPklqt29fHDfsnE3QWlaxDmMo23WbZxzC7RivonErK16uF+InHHGCDTiAL5Xy6yfM6xq8AzvFbPiaQiJ/XcSA6bUSpCWzOTEV8eOmjDrP+M3cPyh72+yz+aA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ arch/arm64/kernel/pi/idreg-override.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index b600df82669d..c1151d547b81 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -437,9 +437,15 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication + support + arm64.nomte [ARM64] Unconditionally disable Memory Tagging Extension support diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 29d4b6244a6f..2bb709d78405 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -133,6 +133,7 @@ static const struct ftr_set_desc pfr1 __prel64_initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -215,6 +216,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Tue Jun 25 14:57:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711440 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9F18C3064D for ; Tue, 25 Jun 2024 15:02:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BEBC26B0082; Tue, 25 Jun 2024 11:02:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B9A316B00A9; Tue, 25 Jun 2024 11:02:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A3A346B00AA; Tue, 25 Jun 2024 11:02:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 85F316B0082 for ; Tue, 25 Jun 2024 11:02:47 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id D66471401FB for ; Tue, 25 Jun 2024 15:02:46 +0000 (UTC) X-FDA: 82269727932.14.2F100EC Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf24.hostedemail.com (Postfix) with ESMTP id 14378180031 for ; Tue, 25 Jun 2024 15:02:37 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pNuQG46x; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327743; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CvhkkUJZStYguSJ61DESxCdwJuPPz6XM/XVUYoczIro=; b=h929tsb0N9NHgaYerrX+rvnuzy1ZhygnTzQr3f+in8GkRumDhbDMVc/QfXcL0i4zNNIf3e uZ6jCwgPiMZhJur+hQk2TH0wB/jCeewFuA8tjoy8rOqL09S6tEqdeyMOWnSKkzR7wSdI6K bUv6RAAiXEbnGL9a+Ip5x6tp/mb4ShM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327743; a=rsa-sha256; cv=none; b=eDucB5EFKhLStHP624KThrbZbUYuW8GhsH7tURztzqmf+Ie6bvWlrNqXlzWis1RCvVhapQ Qx4JUGHkwgzS7bI+tNyE1wvr6XepetCWNQSpv+ppQjRXzW2PUCYqirTzd6yv4PSztweSyO dOZekKdPioVDUb7uKH7WUM5bQ561yFg= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pNuQG46x; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 88711CE1A81; Tue, 25 Jun 2024 15:02:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 235C8C4AF0C; Tue, 25 Jun 2024 15:02:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327753; bh=Kmxb5RVmmeKbW1/e3B7PrOUII5jIGIYQVXAvph2Sh9w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pNuQG46xkvoalQUluSU0Pyvi0FtChPN7m57Cv94qrrJxDYDN6LCwQkij03Gs0g2rW VHdt5Nov24e022+FazmjFM/W+rTThpo/VUpLP/c90c3TrLzn+3P+juCj7S8opQrRRb ilD5u2RwzkuutsnvK5DAK49HhvWobgc5+Z/Juij/4EIDdkGi/ZGMV5H95Kj+abYLv3 jYGi1wCzuNQsQ5IeYHgRCQEXpo67/UbXPwn4oSwai9IcN5lgHlCn8Wn/KGT28TS2FI GgGoYkYpogFpCLq68jzH6LRWO+m6/ABX5Oj8+RnZhj4pd34sMxyp3Xk/pZlQ+GiMQ5 zL6kNPmu5f49w== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:44 +0100 Subject: [PATCH v9 16/39] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-16-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=3096; i=broonie@kernel.org; h=from:subject:message-id; bh=Kmxb5RVmmeKbW1/e3B7PrOUII5jIGIYQVXAvph2Sh9w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmett+HbgswjYmIS8NkxyQ5h/tmy9cg8tyQVHSeEPW ROv9x7yJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbfgAKCRAk1otyXVSH0P6tB/ 9YJkv1pEI2Ay3oWSOI4Ku6iBxLgePypAa//iO/tXZKi5RRtkYzG+iXbXcvJh4pSw8RIW8Hj1ykC8fX FRSx/1jK5T7ch4HvDyZkbb/sTo0hNnn13zrSz4LoKc7OucF0pa8kWDQT6kLYWKI2JzIOyTAqZI7IlV 8MM3HcP+Z+FkrHXOXz6Hy27RVcWw13oS5gpyi4ZP1hgVb9pHYmyzZ0dBDQ4RaeGNGSyxBXk17ZfpiT 16VK6xI9ZRpitjDrbExn0fm+Z1MTzk9zZYHtnn4MxIG2pfEKSw5fMxokw75jpiirfbD+4FGn30b07c 9Hn5KOdKrWAy3fcNIhkxBAvRU9lwzO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: mjp5r6w9dzt4onop31sfubprfynipg4g X-Rspamd-Queue-Id: 14378180031 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327757-848211 X-HE-Meta: U2FsdGVkX1+QaE4awGWyCTXYnYTSWiDYHv6gfzd+udddxUBDN/e84zjr2iTz2qzcShhxaTnajhudN4SS9qOpLoMdqw43rPxo9BeuhIUc4dMl6Gt58+AdccrX3erQAruDqVioVY1w0zxNmqERoQdxj/fm9A14URRpUFWJPDTFDEvIp5bh+hSQAL9TsX0BaaOhtQ+VzNdOj5Xqcr0XkYFBcGuZCuYNyoxqRk6C6TkTz1L3XmMKI5nvIorXhZQWMLii8m6CnD3CY1ChlkTA2ZThJta239V+9qPZh9+VpW1SmaUeHRH/bqDTZjCh9w2FGUK9dxKTEH246zATrUMHhqbW20fVG87ZkhrVUshLDxEXrMkzAZhaq4ooY6Ge0QSeo+xyYGDpNx3JrqhWSqPt6WKd6asXBQdO27PepK7PAyS48WAPbqBUA/RLgzYX6jX1H83x+nxY/3oUxE+MJsEwpOTMo1qM6qMmQ02xZG6W9v/8YBsxDJeSy0lUGrwJ/esS+4XTny2UWFtnjoGNcALi6wd27Zo0E8WkxF40iQmZLBbH+fmHI0TkFT6U3J/uSqUCKqu8aE2R9OQamidMkE4cpaKQTej+gNYssoDzihqYUCagbi8XgKyZPP2D8p1TDo8Fl8jhp3EVMdvGXZi7/XEu8298IYMaBDxXjmEaSJgGHurDuwKQiroqK7kMHjkilK43dYPoWorOoaUIsMMeeZpB3igLyxod3G6VdIo2Fs0+cjhHc1qNTBs+VmsrHndT5q9dgiNdEKuiqrxjvzOueGj07dGqjHnllNh/V2IGbOVZjo2Eks+i/VvyAbETd9r649Q+yadS3fLHXcrUdJACNZ/ghidYT+BCfSELmWLDvJqLSlf9gGX+Xbj+KHSth7QflQuPOcxopT2OB6kzNBa+wIzgf5rwZc9B5b7Y+tJjyAy1iKqjK++uJ/dxxRokGOUnuyR7RouLcAjGRjK3TfPiLVScjbt VDkauiFo 2JyNiSq80R21zKV1nszTMdCrV/gFmr9hC8SGy0vdju5vWkahpUgxKIsXo5O4An9kJvpwlOXYp4iW+E3qQ1RFSgIHB7NEqszCzFOVvkpsMAX3yfGlFkoKcQYYQ7ZByNLHwYMejbe5Vd8OoyqcUxFlpNKxs2XV00AWY/nmVHlhlCydV4yK2G6vDkhdOcBzkmKkXOWEfSlTZDuy7UfNSErx0DrfZUiDXx4FbN26yM8tsvlHdEA8z6+iS1ZxZwH5OungC5claARNaAY+OkenE/tfS1W9PKhjHdodEipSsgvvLHXefoYTt8aaP3A2YKdlu7wUPVlJB93Q3Po2c+oyrY5+wSqWfT+C3kJVHuiG/Zp91r/AEmgwFriWN7tJdnSIeU1BxXTV+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a hwcap to enable userspace to detect support for GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 2 ++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 8 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 448c1664879b..cf87be078f33 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -365,6 +365,8 @@ HWCAP2_SME_SF8DP2 HWCAP2_SME_SF8DP4 Functionality implied by ID_AA64SMFR0_EL1.SF8DP4 == 0b1. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 4edd3b61df11..fd7e162e7e39 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -157,6 +157,7 @@ #define KERNEL_HWCAP_SME_SF8FMA __khwcap2_feature(SME_SF8FMA) #define KERNEL_HWCAP_SME_SF8DP4 __khwcap2_feature(SME_SF8DP4) #define KERNEL_HWCAP_SME_SF8DP2 __khwcap2_feature(SME_SF8DP2) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 285610e626f5..328fb7843e2f 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -122,5 +122,6 @@ #define HWCAP2_SME_SF8FMA (1UL << 60) #define HWCAP2_SME_SF8DP4 (1UL << 61) #define HWCAP2_SME_SF8DP2 (1UL << 62) +#define HWCAP2_GCS (1UL << 63) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 056d394920f9..d2d9b0be9c5b 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3000,6 +3000,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 09eeaa24d456..2f539e3101ee 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -143,6 +143,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_SF8FMA] = "smesf8fma", [KERNEL_HWCAP_SME_SF8DP4] = "smesf8dp4", [KERNEL_HWCAP_SME_SF8DP2] = "smesf8dp2", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Tue Jun 25 14:57:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711444 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2B13C2BBCA for ; Tue, 25 Jun 2024 15:03:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F77B6B00AF; Tue, 25 Jun 2024 11:03:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A95E6B00B1; Tue, 25 Jun 2024 11:03:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 310046B00B2; Tue, 25 Jun 2024 11:03:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1109E6B00AF for ; Tue, 25 Jun 2024 11:03:16 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id BD7F4C01F0 for ; Tue, 25 Jun 2024 15:03:15 +0000 (UTC) X-FDA: 82269729150.08.33DF4E0 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 06C76A0085 for ; Tue, 25 Jun 2024 15:02:41 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uaJHgVXr; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327747; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OK0wve8mnzVO2LB8NPj65lykyXTXAQ85770zNxi0dxk=; b=fzkD0xRvBz/yJmzKiMw+Xt7OdgDUfic2UOti/HmFpo3Ux4y+/jxrhdsgwJ54vURLpURJkh 816pm9dm0DSSRV68/q1mLS9jCJCTbPyODPhYrQldIfY/PT29307Bb+1tCGshYYkR52a935 C2PtB2VTwTFR9UcoQAGLUv+0u28crww= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327747; a=rsa-sha256; cv=none; b=Bt/sWCUF3uR4GsXiv8WYJU/rePoPUAoXcPEfPHf1TVEdyCc4SAxhnqWRLY0XYPtfRVIAq9 6iv9841HonNApKg6O0OBmm454ZuGcJQhqfdpTY18d7HhTKcXd8mZZC7yZrSnyOQ4xQV8Vg MzCffXu5a1rPoPsKJSSuwxwnDY4t+MA= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uaJHgVXr; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id E398360BAF; Tue, 25 Jun 2024 15:02:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 181DCC4AF0A; Tue, 25 Jun 2024 15:02:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327760; bh=ZeJUfmWUn8AhdqTBGWmAGgYG/PSKOzanuQ1mPl6a5Is=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uaJHgVXrkcH4sdRnMs8G/LDMZbXUtEOLUHL2g1WCsRYwRI4fgHnVQCVfs4Ex7YZUG NIGSjpc9y54xeC3gXKPoFrd3vMW/Az8VShYWBY2kSxP0BJaWdGt/BuygKG2zEkc5Fz KtQkJfzmHSXNInOqTujzlK1SkGo7hvhtH2GQNHZMZOOT0tl9usun+YjpzxBZbiO3Gj bGY6V+i4Lcla073iGhB7xY0O5j3D5yQ3jHXvgpYxzDDE1RIGaHn5+7YJiRJ6sUptBC 4kQ63sWOSNholdlAuqeJRPyCzzjXcwHjJu6/8PWLuGwUK8yMp4mO6UuyfvFvi9h8Z4 GoUMLVBKNcIxQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:45 +0100 Subject: [PATCH v9 17/39] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-17-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=6092; i=broonie@kernel.org; h=from:subject:message-id; bh=ZeJUfmWUn8AhdqTBGWmAGgYG/PSKOzanuQ1mPl6a5Is=; b=owGbwMvMwMWocq27KDak/QLjabUkhrSq2/ULNGV9prPvXuwbXKxpa8OhMf+0b8LmTseWiZev5k/r Ny3pZDRmYWDkYpAVU2RZ+yxjVXq4xNb5j+a/ghnEygQyhYGLUwAmMnc3+z/tjiq1XTO/Rl8XPtxYLm 10mqdwnvl2OZ7Ci0KOLEGsGc3s1Vt3ld80KNtzRV8w0Ir/nrlp2LZVsf0ezmtXuvq0b7/jbP/0u9eN +fdTgmrcluVMehk1j2vez3v3rz0LvG+t4CE9TS5ux9kVanedorZI9QT7em7wm+Tv1yQdYDdV0cpP9d WDa3dbdHNSH3nV/edLkjjW2C50+1jt51f3u/ZrNYWa6FWZVGQmc/jdPqxyMFjNiinA4fE8v3A1Q6Y1 VTzODmsrIk1ulwmbJtivOtHuJKH55c+F2RZ+/49x9IpEm3312/Bg7rXgpfH1eyJOeTV7FX/f581rPG 2Bf/fEPXvvry/QCF56qNad59RtAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: sswumje6e6c5qtg5bxmya557fcko9yib X-Rspamd-Queue-Id: 06C76A0085 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327761-894396 X-HE-Meta: U2FsdGVkX1+AuX0Ije/aUpC7QYIw8TLB3flDzYSfJ6VGbd65SCdNhMVh8WBdIJLbGt1aPhKBLW9Zq0feNpWu6N6cQG1up6csZuhhRVCbsumnzLMGgvzKgRZ14r87YoNgmwNFP2RssRi0c4F2AyIYp0BPv5TJIEfyvn/i2sYpsq/seJLrsa/yqRzB1gaIjfzSAwYCwaydR2f3rau7WmlXcSp9KVALPZX9Pbt+HPO7Xo4vV1s/fP7hh84gOIV3oTIYzD6opRqeJM5jQdE8/WtrZ3mZ43QY3jHO2fUZ8WWIN8Q5ICIQSNUKiUwpDZK/2uVDgQgWg5bY8C9ncixV87NSZAMe+nbrS6IJJ4meJiaWd7Uhk7XGvddGU8s8208KcvQ3DSL9JV0I6zIttowgWX2QQbbPdGY1kAwEdqC9F1wWNpJIKcwEr1DJKMr7saYybDl/ErV3Z4d3qdUndYRdd4t8maflPgwnkgdu6jXswAF/xNOewqtGoJlwp35Vx4SbKJcpUejr+dWEOlDW739VdXEiSeYBP2isRbbXsaPWEXCcU2p/8SRP+32wxseAyJVNE0Y/qYSnDX5EiBmFGHyfR4Sxi0iD+hFroHBaz/XX55MHGV40JQKjpI7V/SiBan0xyyxtuhWL9xBYbzGCokYjXkVWzrd+fbEEvX3dFjtTYozoX0YajFnYdTqvcb0ckFG25t3VfsCOjdvgM4h1ll3OvrBfB8NOImYkbQmLsCBZ0aXfYNi+HDPYYh24qzLcOfhYlpAIW+uYNfpIF4aYlSe5aDR0YR5ieAH2h6Cu+/lLBuV1M7F/hCQM4zZ+SvSX3t6WwR117eoXZ8bhx68WZIqvB4a8JEFSX8TK9/VgfTQXC3+qybXkIOfaPZeuxcLno33OaXiS849gNX6nJa8AknBZ/Lue+8BfTMeQYA4kcChbzBSj2IPxBb8HHjmLHjaM7DE4qSsLZLAHPyhkRQoUCYes/RW CATemLqy baRtKbt+eP9mZybQbopAFEKcz6SkobufWml+oH+EBYhuZw4NsCZUNFZmeecJVBggyDbRqQi2rSqs2azXcFuENXJM+5UetuPPT4dq6PG/4n2OWAGYg4oxbEpaGMcNlnLUfB5M5MGwzNs6r3UyNQHslhABh1aDz+IxOmItuRriaYl+6wd4wrTrABBuyReGC/CTxsdFCKtyht9tTa59RyBy1j9dlsR1vax6x/JA7mk80KB8/rA7p/NnvmWy8na76x1XO2XpNCYnvUnAue2Nla0ta1aG7EKHmYWknYG8wAvMHIdd3HBkTv7OYZDbM58KrM1w/dxIVIQIo3n5fte6KX799oMf2igAY6l5ma39fhtgIUiPEIkYmjGnF6t3NcUhyLU21l4VP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index 7abf09df7033..8982b4ab297f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -376,6 +377,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index f296662590c7..674518464718 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index b77a15955f28..54f2d16d82f4 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -463,6 +463,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -505,6 +514,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -684,6 +696,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -766,6 +786,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 215e6d7f2df8..fb867c6526a6 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -838,6 +848,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Tue Jun 25 14:57:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711442 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D61BCC2BBCA for ; Tue, 25 Jun 2024 15:02:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 66C246B00AB; Tue, 25 Jun 2024 11:02:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5F73A6B00AD; Tue, 25 Jun 2024 11:02:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 446F56B00AE; Tue, 25 Jun 2024 11:02:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1F52D6B00AB for ; Tue, 25 Jun 2024 11:02:55 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id CE5F11A01EC for ; Tue, 25 Jun 2024 15:02:54 +0000 (UTC) X-FDA: 82269728268.24.CA25292 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf16.hostedemail.com (Postfix) with ESMTP id 418AF18005A for ; Tue, 25 Jun 2024 15:02:50 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="NqmuhU/F"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327755; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=neNjxYSK5RinDqINCqqALmwc8YSiZ7aA4MfY4tBDfkM=; b=19/bHv1NIWl/2DHrgm/gvig+KRjkmcaJtq+cAnQzh6cWAihcRqaA/jxAcbYLSgWPnSsRbH MPzfiQATWbwXTBOP2sD1REf2eH6Y7/6T1W7Y1RKzPoeCYqSQxvdImpfGdZ7EZlqLCWZXj2 CSNwKfuB9ST1JCesgWwEWdP0C3IZPCU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327755; a=rsa-sha256; cv=none; b=QsNvgujGQV0BZx3TYqG0dhdi0L6eIXZq58NTytQTtnEv8dxQJH4KwqVFi8i77tkdRmVI32 ++kbR3q7a6XlTm0e2wCaGo+sa740lR0zVtK4qJqOxld1seEbIwUOlxP0lKcBpKmWbb4J9u CK49wHpQugOJR335Wz/XZV1GhFg+Yyg= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="NqmuhU/F"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 4DBDACE09F8; Tue, 25 Jun 2024 15:02:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0DDB4C32782; Tue, 25 Jun 2024 15:02:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327767; bh=Kh+IETSPL7qtolQq3lnlhkzFZ1gTXcIg84ZJjg4GwDo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NqmuhU/Ff0h3LtISDpIR4LELNEW47+ErWU3dX0Kgb2WwBpg/UNPMZk/3pQ0PYB1VI r/Sk2xkGmNKtOI/q8U2CgxZfhnnEM7SbHdW6fD9QDbpvh8GryRUlCOEwblVuQislXS UMhR4JP8WmDWmFbOAPfVkDy3agDNMQ1EjqGGBc6b767cwqVtcNWutiFFFJhGEz3fU0 CKb3bK8zw9PtvzVDEpX94l+RGWbaYZkGsx+H35ODgE8LNeBd7SZN9OxBfAMa72WOoc 14vmisyaBHOWWM1XshDHqpHBiAEi+387qIU1euy1VJrilb7MSQekyQzo0Ak+tu/xDi TWFJndJ8VyW4w== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:46 +0100 Subject: [PATCH v9 18/39] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-18-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=3651; i=broonie@kernel.org; h=from:subject:message-id; bh=Kh+IETSPL7qtolQq3lnlhkzFZ1gTXcIg84ZJjg4GwDo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuAlhPwwg74pRVVM89hL0m4VNM6ITOzanR6CdNZ sXVkSpCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbgAAKCRAk1otyXVSH0EpYB/ 9DrxYdrSx1M6UsWZ8hhevoQ6LhgfMS1f0ctPjflnEYxAuXwqOT+eZL/xrSaLvCcaVqiQz7y+sS5b5K 3aQXMrDN2LkRkJbOxwsA89H6WTBhFvNPu0hfZiAAO2P6wEeEtdIs/efj9Jif5lxTx+4F75eu3qHJ7v 9I7XDppZFUhJS9qA/xcfwrgR9YydpToq5a/cS2H7r3aGSYe6+NkWAIsyObTDjgxANhadUN06ef2rjx A8f/hqcVj+Wlm3QLrLdhjfHiy3woa+yVkGfxH1peBijH7Nu1oW6NYBqXizTNPkLbv7F3077Y/SUzPJ yCsShRq/pkkfBsZeVJieKkZPSga30a X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 418AF18005A X-Stat-Signature: yawqs55txwkubdasckaut4jeghrkcs86 X-Rspam-User: X-HE-Tag: 1719327770-729258 X-HE-Meta: U2FsdGVkX1/Bq2f+tLtNBA7z6m8Du3eqBmKe8E57E9ye3/J90YkWc8Tn6XAujV7JxofVclwXxVyRuOL+7Zr75WIL9P9G6Y7we3vrjFENacD2KVmLeRUGpzqD3Ldf/sX6nL5SWlXc1BAH+iVniBz/cfWuWIqWiDtSHMRGdZteqGpv9EK4iLK6NRXc3Hutd6IJEZqbbluYL7yFZq2dESzEY3fzqOkgo6rLLEWaHEHs0zWjudU6m4VLgREpoTWTWwhSkT6oGF5HP+GPuOCSiqYE32mpIxfsE02IG3ioDP2QDw4W0aYXiSQ7Tcy40hPvGMUxJxkK7Ka/N+191Uo/oKvCnONTdTjNvCL1VzAlBsC1k3NUPuweqij7ovJFXZfzAZcg3PL/ktzsxdE0bmM+aqto8d/2BVQqXSi+AOGH2ultR5qETuZ2NLzKwWt0i96FqUHjPj0Ytc3IrkItr/ktHkKgqdpQqmYH2yH4/XjpOgeFI/h8qV/WMzBGw92LQp2li1WM+ZL72Y3PZHiqUiDDK3OYyRGbMbXXsPfYcoafk2oA3s07xn4EOS1twRM3HZErf5MB5xHaGwFvwjGKQKZmpq6YcD4dXjqxBVAmKjAJAtdAjxaaFsm24arcqZIHUsTgiHvn4liFEhI3yj8Wvw6ORzhEbSOmurFLZqso1Sly+pnturc4KcvUFbFrhtzD8wht6mp4FHDt60q8jIp3VFFHIgIbahA7qrCmm3zjA7h0zrE8RR95jC2z8RNaBcUiHRtJk3tZtFPU353+vhyTkIwNzEHb4i5ILJEoBgbx9cKaj93PD/9FzirhHkoQKwhK+HN9vvg+QMV6YHbqSAgy6aLAoigLxCNEzREY7vyY1pegl9winAevrv5CmYokIrX+SywiY3V3GE4o0q+t4CzQ1CFsU3vtYwSuopuSugYtS6quyqti6wzG5xKrLk5s6oDvwzjaF+vvZUnXMpxozEIdRzE/U1/ jGmWPUfN mO3a1Bh3xMbHSuYZouIlKNH4UngB93mXGvL9ABDUQ2ZOgME+69PX3bBAPCGzHkXeQAekALI6LlpypqFM26EJRQZ2QggzEUfsSwrDtHCghHVFNTn/XLSitEu32Ad8VziaU15SVwZAawml+x6XB6bgO8ZpnCO6Fe2u5ZhMLa1OGIq4mFgaQ6u1ln7BgGxVHtJs4cCtoxgC+IURdfNZngA2bb3okmnMY5oYj/entQc8cPZBIAZ5Zp2z8/Fvgl7F6RJa4m6tLVLXfvoDvsSNqO8M+jrbwtz9s4nFNLsd5DCGwhenJZ5DZIywIMrYnlhFumGspSxOB X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 451ba7cbd5ad..bdc28588163d 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -486,6 +486,14 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + static bool is_el0_instruction_abort(unsigned long esr) { return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; @@ -500,6 +508,25 @@ static bool is_write_abort(unsigned long esr) return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); } +static bool is_invalid_gcs_access(struct vm_area_struct *vma, u64 esr) +{ + if (!system_supports_gcs()) + return false; + + if (unlikely(is_gcs_fault(esr))) { + /* GCS accesses must be performed on a GCS page */ + if (!(vma->vm_flags & VM_SHADOW_STACK)) + return true; + if (!(vma->vm_flags & VM_WRITE)) + return true; + } else if (unlikely(vma->vm_flags & VM_SHADOW_STACK)) { + /* Only GCS operations can write to a GCS page */ + return is_write_abort(esr); + } + + return false; +} + static int __kprobes do_page_fault(unsigned long far, unsigned long esr, struct pt_regs *regs) { @@ -535,6 +562,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* It was exec fault */ vm_flags = VM_EXEC; mm_flags |= FAULT_FLAG_INSTRUCTION; + } else if (is_gcs_fault(esr)) { + /* + * The GCS permission on a page implies both read and + * write so always handle any GCS fault as a write fault, + * we need to trigger CoW even for GCS reads. + */ + vm_flags = VM_WRITE; + mm_flags |= FAULT_FLAG_WRITE; } else if (is_write_abort(esr)) { /* It was write fault */ vm_flags = VM_WRITE; @@ -568,6 +603,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + if (is_invalid_gcs_access(vma, esr)) { + pr_crit("INVALID GCS\n"); + vma_end_read(vma); + fault = 0; + si_code = SEGV_CPERR; + goto bad_area; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); fault = 0; From patchwork Tue Jun 25 14:57:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711446 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67357C30659 for ; Tue, 25 Jun 2024 15:03:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E5B5C6B00B3; Tue, 25 Jun 2024 11:03:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E0B376B00B5; Tue, 25 Jun 2024 11:03:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C36086B00B6; Tue, 25 Jun 2024 11:03:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id A62776B00B3 for ; Tue, 25 Jun 2024 11:03:30 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 49E6B80208 for ; Tue, 25 Jun 2024 15:03:30 +0000 (UTC) X-FDA: 82269729780.08.2E85838 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf01.hostedemail.com (Postfix) with ESMTP id 641AA400DD for ; Tue, 25 Jun 2024 15:02:57 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rFlS6RdG; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327765; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oe9Vexhwqj93GjpqzabS7C48jUF3MOTi7ueTZQ7hbvA=; b=CNc7Z0ZIXHMubjKbOr5KQG8heQnrREawpb78gT+T9kvtMNJqwKZ5uHCTNdACFNizA6hdYR 3/mn3zU4682NEf7gOem4QFBpkqunSBPXu1Kr1FqrK6b/6VkQnmC4vsc5Ad1u4RtNrPoHH1 ot2j68da/oNLGxRzObIwALOnWlT8cO4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327765; a=rsa-sha256; cv=none; b=KnWxoFHjrDZCfw6rwoK1Uzd9V3m/bE3yc6T9HOv8JM8XXWa68ttb7pdWCKNVbWQacjQJfR OKJOEiFaVCxExNPCrm/kASzc59e12Jj+GC1GVbe9FZCVkyv9fqAmaOxHbBiV1L0P41+2/A 8kzJlaDRW+aeRsUjMHWMdAngtXcChSA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rFlS6RdG; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 38077CE1ACB; Tue, 25 Jun 2024 15:02:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EEEDCC4AF09; Tue, 25 Jun 2024 15:02:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327774; bh=LJRx9dbx6SCHWemf1Wkonmx6LcV5PPBkBodAHDEcEts=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rFlS6RdGtZddK2jNwZk/d8gtcS56/uyFSs6qeldbORYJZIo5mkS4TAGG+HqzY6daA enhG+gI8D0m5UfMAdVZGjQgjf7LFMnz9rTPXWhDnqsxEtz7MhXdSjDQfL4M218vUp0 N6+IbRhYXn1xBbLF+XwTLMUYjBasaESo0zBLpiXKIaentd09t8xllEb/h+gC228naI tsVnWD1IO3ADLO4nHtvcOA+aEhPnlIL8/lFRaSzo8yGstowtQG2JWg9VYsD6sv5Dp3 +z7DIif99PJF0k1BYjKP+VmyCQvumsUpm6wuzAYzBt2VN8qxoF77VUSQndIVdR4AIs Wue6zXI/FuNtw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:47 +0100 Subject: [PATCH v9 19/39] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-19-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=6765; i=broonie@kernel.org; h=from:subject:message-id; bh=LJRx9dbx6SCHWemf1Wkonmx6LcV5PPBkBodAHDEcEts=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuBEKNzMFlyOBsKCNy08riaRLaglF3h7kGA0zvi i1g4G2OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbgQAKCRAk1otyXVSH0FJhB/ 0ZOaIT0Pj3q51c7G6mKdq7E4El7x0QHbJlPtLFeKvEiFK+r3yvAcuP/QJT+c0uWtFY83Ccarkg2OSW fWoNl0fgbmVnJPqwcVm3di4m4pQbbaOPcFdCKW3svQtOGRtMjXTMFwulOioBbYXPAk58DRgX6w4Qn9 EIBndmRIp3MdMiSSLULVCY16fDZ+2TdwNUWCmEwWCR0S3Xcknub8m8HGsfrdAfMJmPKx3wOXSfSOOV auPP5QdghqrJSxqKpeqlmOPPheXrFktzpxAaiMZNXhEPNQgKp3ivuVWTjkJ18jEhYD4EItUS2bbmAK bDYPzdQ4Itf6UOv7Nj44NE4EFjO4X8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 3n9w3jut8bcq1o9rm9tyms1qyubfaifa X-Rspamd-Queue-Id: 641AA400DD X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327777-570346 X-HE-Meta: U2FsdGVkX19FRA1vLi35+iIvEx7fp1bUtFw75iLxOj8woMIZv80Tes49GrAZOJ/FXBMheAJjcBIxG3xYEtqvI0qlWs75L1mwWseYixlzPtHmxvf+inqkOr++0PsI+hujk15TM2yjpbicNL8nDr0ui1nGwgX/uUhSxZRaijwk/2k+phHZqYNjg2lQOZ6RHjnR3zbUsgWDyj8EgTWlGjnjzMeV3RyzJby1oafcCpoYXlm4KxWZkm3cA9xHArVQTO1f4+ITMczJOCaecTidjg5yzJp1bFzBgiY4hlF1A9//DhE9F7EruchIVAfVvfjgYaeZUGclxCNIlUpjBFtCazUzPyMWIoqzRatzTYeoEGdDiY6kw3D/FlLPWLsoT1Z23UjTcgd7v0kU/NBc64zSXatTrFTSgdIRZCe3TMHRoXpHXwjWBllj8ZGXUMJF9hjYhrYxDi5znPmLE1/Ig7CuZFmfSexWXbo2Z/Cp8EqG9l91TmB1MepCKWZC6TBIrC+vky4MQP9vqgKZ5Q8lekT1hjUB3skmSapu4HnD2Tl2+ypW/rzJwsUSbsvVmDK4cTlH0xhtXCvXb+aD7vbnSqTwbgDlKM0O304bcJSud3MtBX6imk5Pcqk5G1Dz07tiHW2yf2o7ElDI3K9+Rns6c2wzT4eE/PEPVeZ6HhxRiKG0EaRqnLDPnUjkF4W/RwXyplOGvgZBhEAaG/v7rsS5o7YuUX5AlXOq+l3UT4jPJfTQ9SlwFqgN8nRcEGjOzeE9lSuIAP4iy5BA8EerPvtD+nvvZVVZll5CT7+9axhVA70DLxxDPyodKiInlQ0wDRjwviQixiIGLuQCqebNDNQbz3ceFnLS1vXAWqOikDuNsSpOiAZGocWzwxQcPqz4Wxh7gZ+ZBEpu+swvKUfdDuZLAGiuqs6GK3iuRAXbWGlS8z86f8Fn+oFyxHEF8nur/b05GD8c9DQtjsvgIshCkSvyf079RZo 9FQoD17U YSHCJVIVKz2k/Gcz9P/XiPSLpdYtn4EbuhWet6VDwuJTWHZAvQxvVx1bHm/FcY1dlQv5Q9D5milOR6DP7CrqZrGjm5Asx/a4qPPIgrVf6EN9AuefUAalqPEewLkFwtfKsadXJJ2Rax3yyiJBovpETegIKzPaYbODmOfySgC5oczYPajNIX/nXNlqbrpN5isj8BqFimbrd0ggauWLSe5HDjcenzMt9Kuld/KDJGMxRIWq+jETBKOY5eqc/+wmvseZ69ocB2yLFvrj0yXsVMbsJH8lvy6TNo3yqqAQnqOGt4S/LygNClHK6BN1Q6FruhP/YaUsocNUjevDoq+v50lxBycsnbnWeAdYLRs3r7fLk6F1H/hs2f5pr/cI+R8jpvD8+fdEQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 ++++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f77371232d8c..c55e3600604a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -184,6 +184,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 4ae31b7af6c3..5f00cb0da9c3 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,32 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -471,6 +492,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -530,6 +585,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index 60454256945b..1a7b3a2f21e6 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -11,6 +11,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Tue Jun 25 14:57:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711448 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B5A8C2BBCA for ; Tue, 25 Jun 2024 15:03:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B518F6B00B7; Tue, 25 Jun 2024 11:03:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AFDBB6B00B9; Tue, 25 Jun 2024 11:03:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 97A246B00BA; Tue, 25 Jun 2024 11:03:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 7532C6B00B7 for ; Tue, 25 Jun 2024 11:03:39 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 9B20D140187 for ; Tue, 25 Jun 2024 15:03:38 +0000 (UTC) X-FDA: 82269730116.17.3E63EA7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id E95B71800C8 for ; Tue, 25 Jun 2024 15:03:02 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cGxifYni; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327767; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fzDWkItQKyEKryr3je5IgsbHORJ8Tv6kOLGAgtoCGxo=; b=k8fTyCzV/FmzOFT2tA/j4Kyl2WmZwk+4+uXQqxAxsNh/i8nEPTyi/Rq5Qxo57VChT0FaKV JZrGY32DQVRmv3JoEJIaS/2mDN4MTVcy1OakWboMdmG8LpFxorbf0v4Ao3dRFpVnc5oAYm p5fdereCKi8N75ygxKm0LC/RzyCcDVk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327767; a=rsa-sha256; cv=none; b=iLWJgzFTAgPZgb8ghH4GCZTqekLrM5T7SZ4+6Th+qQpfnqJ/g5rXztMAc9c4dyBt03hVit qeiHVbgIptPYMrXYCAgwSmuh3NoAn83cVG+SHRlzX5Bhd1af05tmCyegu1h/jrcqdbRE46 RCWtl82qyL+aL24sKL03tzchXB/mNHU= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cGxifYni; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B81C160BAF; Tue, 25 Jun 2024 15:03:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF857C4AF0B; Tue, 25 Jun 2024 15:02:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327781; bh=3MuDT0lq8KZmV1XvQ4eEMxmePoPU0e2iLvefjXGcLsE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cGxifYnizydDYbAYvP+wDKkG6jlDC0JHeyn+sBV9HwjYjBjuPNIwVSCFTTtNSh8cE 8G3c/p+gwZhEcN3KfNLa6lnJsZBN5gtJbWav02ElEDbXl82phXCXq6kvKM//cpiR23 MihlsaHx3LzM/fp7zLy5Vgv2v3s6a14vKiOYgXZeb093IVhd1wP088G8YnbtqHjq+w Uco4e0oCGwFWiHqPqffp9/McCr/HnZg+5y9efALmGK+J69fkH+8xDmcB0Mc7BPTV7y D3kVduHxgqv99IaWX9z7M3JBW+2AeBzx5lUto2ZaMZK4ZSp3hplisJS9aA1P2M3x2Q mD+pGvYLqpG2w== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:48 +0100 Subject: [PATCH v9 20/39] arm64/gcs: Ensure that new threads have a GCS MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-20-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=8610; i=broonie@kernel.org; h=from:subject:message-id; bh=3MuDT0lq8KZmV1XvQ4eEMxmePoPU0e2iLvefjXGcLsE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuCyD3AT1jyLg/JaFc7dWWdFw5qsb2djX5Sg4ao a6pI64OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbggAKCRAk1otyXVSH0POFB/ sH2aiItPsj0Q9I2eKEI6VayCf5mkGZsy48E1nyLONDzZa/ATNrSnwvHtuTHH4y+r4rcCh0pkrmwAkj P1ToSmfjffCuSkCsICmwjtYiUpTSO9kYhn1GWUkCYLx83UBY4tQ9gyVxLbkwt/J0wcQHU8opIPOgHH eUA2lYuMoFk5UaaKN1dEI6Rjmf3xzVr0Adk6pQKEs6tPdJaNgib1hDAlq0pPGJjWFxyi4uD35lsv7J 1No1DBddD275ztvUNT5JPIGRgZxanHh+or1SH0JjxSl5xbMQ5u6Ia+HrOYmqf6ze8X4l1F9kdQ778g 4l+a0dz0OHEabQP4iwNP5uo+J+K5jG X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E95B71800C8 X-Stat-Signature: o3mrw6joc6rcefysirjhqrkacbexypcs X-Rspam-User: X-HE-Tag: 1719327782-898930 X-HE-Meta: U2FsdGVkX1/LOgwiDA0GFWYqDZhLKon0czRuB0EwZYitvj9LSRNtZv8SJOoJaDODQnmoeI8k20V4PeXW9MKlXDhys5AAFEgsaZ7+b1WxHot51ypjtXhvVlz1WXNhNQSbZh9s/fXuFeT9uuxGeIm3Lo6+CnMjNtAXFwtKCV3cUWE4yv8qLIXuoZxmuGTCyS2Uaj8ULjOxL00ihJ3P7QgakE/OgxVZIBr6TYXfqPH10kXRcPzs3S53UQemMmpl2KVA8rOFsz7/AqyVwiEztayVbqJdCJxspvNvtsRnuUfXR0KEnyb2epbIrNSII5v3Un7wwpPA1DcSbAMq1ABDrkxs+d/hE4iJppLhyHivnSwWBwwR2jPMFbgw1GEea6dWHPya4oIbplAZlGPvtVDdDXtXkAZjuAJ24JNVKmJWA8aM/Ugn9vhFqo/sozXaheFo1okLhCl/+9BMwj9Bx9KIdOIxhrfflVelwKdi9sycL0djKrnrpUew2JIMjtsOWpOAIM9mGlz8CfCF0G2q8Pll1FaysVIwvLFGw6okPSPwgFouWph4/nT3UcHkUVW0xNZLVnvFfmr+1abdKwMjZNHCs089/QwlZGG7F3QbQcXrqASOX+SZo1jRmuAOGNh99mtKca8lhWzf2MEROPO+EaItKVUKKVKNvmEKqBBbDILp06Xjg8GCh5j3qACDLHH6UG1b0FZT0LxhhqCqKaMODj+xEtvoaHvQ1YkHxvRIXLx+lx7i8FS6FTbAhySyevFGTopDeYfevRlMAh3cQ0984x5bQ+8kb4bSgwvdyyOoUPFtwVa6lHT3qFG1Al/pxf9cW2EjGKhbvXph+gE++4oxoUQZHGCW/GJztbY3gB+PufNyPeno07mV/cTwQuODg6WXJsfz7zBSjbpjqiLIXaFXfjvDaBlbozBwPWzLF0btGhK01vhX6vuav77jsTeDlYt5OkGRtlBV2rWBaLlMrvAgDa25Xm4 58rjwc6S PobbG1bUhEEFUTFQ8UhUMHoxBR482RR7LYAurJzIwj830pAkdetu8UDkD9Aaahf7ijLt72khio6ZYwzChDj3kpuBODnkrmK4lFdx+bSlEu8oVISed5NXhaGIUP8tkF/DIyoWvCxcnHSUmgUdl1LhXNxBheOCtcooXVMYv5ck0bs24eXYQrmV6sFOoXdOlR6nQ2qEZq4NVyMQIyBzj5jJ6yUfVzQDElXvOwGyXfPkAK/DPeb5+zbF0z/ibFCKx+2UgTQgg5apzpQTqVUQ+0r8k4drXDFKfRVpNTD/q0fyKSNwmZ6pgtIMfv2A3NwF6q10vsZRO3NpWYdvD0grRCGZ++cbhzFZc1qrQMbf8YHD/Og/wCXAUaRAvCwyNn+cUCMdL8UkZ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack. clone3() has been extended to support this case, allowing userspace to explicitly specify the size and location of the GCS. The specified GCS must have a valid GCS token at the top of the stack, as though userspace were pivoting to the new GCS. This will be consumed on use. At present we do not atomically consume the token, this will be addressed in a future revision. Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. GCSs allocated via this mechanism will be freed when the thread exits, those explicitly configured by the user will not. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 9 +++ arch/arm64/kernel/process.c | 29 +++++++++ arch/arm64/mm/gcs.c | 143 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 181 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..c1f274fdb9c0 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct kernel_clone_args; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); @@ -58,6 +60,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); #else @@ -69,6 +73,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 5f00cb0da9c3..d6d3a96cf2e4 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -285,9 +285,32 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + unsigned long gcs; + + gcs = gcs_alloc_thread_stack(p, args); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + p->thread.gcs_el0_mode = current->thread.gcs_el0_mode; + p->thread.gcs_el0_locked = current->thread.gcs_el0_locked; + + /* Ensure the current state of the GCS is seen by CoW */ + gcsb_dsync(); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + return 0; +} #endif @@ -303,6 +326,7 @@ void flush_thread(void) void arch_release_task_struct(struct task_struct *tsk) { fpsimd_release_task(tsk); + gcs_free(tsk); } int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) @@ -366,6 +390,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -407,6 +432,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, args); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..4a3ce8e3bdfb 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,139 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ | PROT_WRITE, flags, + VM_SHADOW_STACK, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +static bool gcs_consume_token(struct mm_struct *mm, unsigned long user_addr) +{ + u64 expected = GCS_CAP(user_addr); + u64 val; + int ret; + + /* This should really be an atomic cpmxchg. It is not. */ + ret = access_remote_vm(mm, user_addr, &val, sizeof(val), + FOLL_FORCE); + if (ret != sizeof(val)) + return false; + + if (val != expected) + return false; + + val = 0; + ret = access_remote_vm(mm, user_addr, &val, sizeof(val), + FOLL_FORCE | FOLL_WRITE); + if (ret != sizeof(val)) + return false; + + return true; +} + +int arch_shstk_post_fork(struct task_struct *tsk, + struct kernel_clone_args *args) +{ + struct mm_struct *mm; + unsigned long addr, size, gcspr_el0; + int ret = 0; + + mm = get_task_mm(tsk); + if (!mm) + return -EFAULT; + + addr = args->shadow_stack; + size = args->shadow_stack_size; + + /* + * There should be a token, and there is likely to be an optional + * end of stack marker above it. + */ + gcspr_el0 = addr + size - (2 * sizeof(u64)); + if (!gcs_consume_token(mm, gcspr_el0)) { + gcspr_el0 += sizeof(u64); + if (!gcs_consume_token(mm, gcspr_el0)) { + ret = -EINVAL; + goto out; + } + } + + tsk->thread.gcspr_el0 = gcspr_el0 + sizeof(u64); + +out: + mmput(mm); + + return ret; +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + unsigned long addr, size; + + /* If the user specified a GCS use it. */ + if (args->shadow_stack_size) { + if (!system_supports_gcs()) + return (unsigned long)ERR_PTR(-EINVAL); + + /* GCSPR_EL0 will be set up when verifying token post fork */ + addr = args->shadow_stack; + } else { + + /* + * Otherwise fall back to legacy clone() support and + * implicitly allocate a GCS if we need a new one. + */ + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((args->flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) { + tsk->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + return 0; + } + + size = args->stack_size; + + size = gcs_size(size); + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. @@ -30,6 +163,16 @@ void gcs_set_el0_mode(struct task_struct *task) void gcs_free(struct task_struct *task) { + + /* + * When fork() with CLONE_VM fails, the child (tsk) already + * has a GCS allocated, and exit_thread() calls this function + * to free it. In this case the parent (current) and the + * child share the same mm struct. + */ + if (!task->mm || task->mm != current->mm) + return; + if (task->thread.gcs_base) vm_munmap(task->thread.gcs_base, task->thread.gcs_size); From patchwork Tue Jun 25 14:57:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711445 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A42ADC2BBCA for ; Tue, 25 Jun 2024 15:03:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 385396B00B1; Tue, 25 Jun 2024 11:03:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3349C6B00B3; Tue, 25 Jun 2024 11:03:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1FC9E6B00B4; Tue, 25 Jun 2024 11:03:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 037116B00B1 for ; Tue, 25 Jun 2024 11:03:28 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 7AAA3A01FE for ; Tue, 25 Jun 2024 15:03:28 +0000 (UTC) X-FDA: 82269729696.17.C2D33AD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 5E757A00E5 for ; Tue, 25 Jun 2024 15:03:10 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="p8Zd/jPq"; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327785; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dNj/kj2Kmfp1c/ZBwx1iGWGw6uqqQeyDqPmf3FyTqBA=; b=l74j5sWPVUChrU85G17FtJ/Stzwq9jQQ6SFNZJdCGOh3jsSj+Tk4jlffM/euX011C0BHnu Vzv0oV3zRjaUkiFq/G12MNkGDG00/nyyq/e3e7ab3xKv6wb9QQXBayHu1AMzn9szh7HDhz z2tNq66JugK4Yz30j+y0p5W5PQOBK+E= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="p8Zd/jPq"; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327785; a=rsa-sha256; cv=none; b=kfSXWTl24d6J6dPmJa8ZXrLYSVrs71YU03nIrkWdkbZZnTrxIMkUDYpbOP0wp6j9s3FYO8 yJNfksaKOEklsni1v6FdysWZ3e/exQrmswu8xkIM3C2C8KBDz66IUnKWdRGiZ7a0NDCUkV d2u0RZ5X/31hWhla08jPk+KqOiYdtMI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1999361461; Tue, 25 Jun 2024 15:03:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D801EC32786; Tue, 25 Jun 2024 15:03:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327789; bh=74i/o5o+GAjLuG4LcdrjtJS8isttL5m8bKZPRodV91A=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=p8Zd/jPqBWiv6p4ms8GUw7vIIxGC5btR+4/4QhxrtRFIULgo4t5OYBdjQ1NjzUEMh hdjCWg4UQbaCpOTCol5u3Sa3+ag1HxAgOV3Q0JHCYm2XsRVM6ltPV+R2/agqh++JcZ WdrNYNo2brKoe0x0c+RaYvXbUq7Q9E6TkdEO2j4Y3y3Y5I7C8QezK+zXWWZ13ZC/LB 5zTeifMzG1qugKL0a3R655vLcgF8BhddRWxkhwpdZ/rlikEbXQovm7MGipXm87WXk1 oikjW3UbIFBBigwerloHD3nK5jG9/M9wepMz04ATFgDE7Op0WmpfM/5Q3XfOBpyEBu DgRrKFvUQeNyQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:49 +0100 Subject: [PATCH v9 21/39] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-21-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=5714; i=broonie@kernel.org; h=from:subject:message-id; bh=74i/o5o+GAjLuG4LcdrjtJS8isttL5m8bKZPRodV91A=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuCFKqjdims19CgzTU6ifsr5pf8QuwxxzCjXEqT wrF/+EqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbggAKCRAk1otyXVSH0GchB/ 9aDc/X/c+aXCj96fsTSKFZkg0nIo1y7eH/uk7em610g3Amo1IdUZAS4Js/GL5lBxhXiv5YdRU4/raR SYtM+eLsKatF67WosEiYbum13OxZbM/LBmfCDHZ5Gc3Xw7i1U+NAtt0wkYsyxwreHxb+sEbpAm3Z9e 2aijxqHhPbqBEXQRCQllMvj0/pvAjWwklmpGt2sL1fUSR0jGljCAK1NONQw5L7EY5kHr0WndUNxqHz 3cxDXq4wuQJTADELQzTMInAfgbM4GGYfH7Q3xganDRJChWu0mGSy9ytOnBQL/v0PA7OMlYJoJy2Fc/ L1y/xFkZwE9aXSs7JdxPF/WB56Ks44 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 5E757A00E5 X-Stat-Signature: um58476e99af11c4goxiw7r873kchzyb X-HE-Tag: 1719327790-366147 X-HE-Meta: U2FsdGVkX1981WV2zy9qmL77ZHqQRhUDwTKGpPpsKH2MYfadI81oLCz/Vbhi850A6KBJH03HAeIwjCTc0sKiv/4HvuOyaQWvzRuZYzhSAWfWDTyrW201N2QUKTiUxxCUeGMAgGmVArvEvKYNhF7HtIsk4o1n/+kcD8MfttVfiveBNuHI66Zlo4EhXF2J+Q4QMzYVti69OjvtoCwh2y+cphIn55RntHXwLh6ButmgkexC1dfXEX5Y3jwvuzs9SZZCF/UAjLLxBt2lcGbLIMCcdWec0X0R1lBHpZSQJ+MCefcr7+WH170LjrJiLwrM3TfjcfJxwJrtSeG/bLyduq6hgm0O1rQDZxiHTHKHlzUtFDbDa/teIiQaH/ajy2xlHTfW2GtocIF//I6yAht/Onx7vV2uye+ChqyBj9AWNI/9h3mQClzwNjeepYI/jmrWXxqP+IHHVkAk2kvSfIYfulXROS/o/MLD4MnKC+qPqPDz8DFFSZgjiGXvcqmcJJ5rdpiLjpP5J4E2Vghdgw5YXRczQEYlGdMwhifsS/Y+5T/x/3zZXMToj1OvQq+2diRR8PBfQ2PkVzlMb9fPbnajSsnScCXzIhM/q+FHq7+pS1tkkgyuEbh3nPrHbyKCPAhJ/52J+0pP+ykVVkTSp+ra46iKQPrFk4GHZDhzZFCiGW2P8Cq5AbYpCr76VNoGUxvQIk09na6FKhVV5kHUTVGwxDdNOoibpZxDGf+HL+93Z2mfVXD2K5Tw4VxOHQBGKAdezGB+rqDJfueHKDBj8AqqRSHCzRtpjmkkrXBh9yqQnAIynZrfAwp3p5bvkJLNGAT+mKGt5eEw26kcE3sRbnAciyLZKnesDtAKAqGWzzL0AaW9Qsjs8YH5SKloR9OSVjWMcd9PFND+5VRI7Ro8CAv5StwNvjHCpvFQwZObRyUlMHrCxU39yjJbaeTHuZyttkjIQl3cwLLHA1aZmF5GM49XFsx VUeuZBez /tW6Y/qF2vAXX+se3dQrKCATjLhgFo4KkalGRFpFLVL3ofTICTfmNURttSg4D+91l8zi0qmxPL1ROrRCMsYlMHupGOECZT8gSKtlJdQDVIKpMQmLSlU6oIQlwt70KskUZB8/rvok8mpzFdVfnTyE/xknwbgGhdwta2+Y6jXjCm4shhYqojfrfZRcwz3MUN0+DZnlcrwXdLyuLirW1wSYpkg8lgbjRJ/El5r3M9awIyAR1ffqr72x60+quB9Dl42PThqZ4/2yZtxgCSNyOtNC7Dm3OPQctX6cPUSro5Seumi4PMuTpgnBwMRcpeiKMurlgSb7WFWPhcLW7cK3UXVXS2xIW49Ky+yFMRWlwM0qUwi4P5e4KHGRnXaUEVhNfO5sd+hxW X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbitrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 +++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 81 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c1f274fdb9c0..48c97e63e56a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -50,6 +50,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -63,6 +66,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, const struct kernel_clone_args *args); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -78,6 +95,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c55e3600604a..58eb48cd539f 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -186,6 +186,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 4a3ce8e3bdfb..c6fae0eb9bd6 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -180,3 +180,84 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(0, size, 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Tue Jun 25 14:57:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711450 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62F0CC2BBCA for ; Tue, 25 Jun 2024 15:03:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D25DE6B00BB; Tue, 25 Jun 2024 11:03:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C85EE6B00BC; Tue, 25 Jun 2024 11:03:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B345D6B00BD; Tue, 25 Jun 2024 11:03:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8DE086B00BB for ; Tue, 25 Jun 2024 11:03:46 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 1441C1C06D7 for ; Tue, 25 Jun 2024 15:03:46 +0000 (UTC) X-FDA: 82269730452.12.15E8DC5 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id 87E8640080 for ; Tue, 25 Jun 2024 15:03:19 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YDScwu9I; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327792; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=v+HRmjxdUqbr0LXCAdY6sWDgk3GJ+0/EkFe2wq48Omk=; b=m9KKN8GpRIIeJwC4a5L3ir+RNFzg98NKuk8XwWbrkDmJC3DAoZ5ugYtt5Xg3cYupSOi3EG aC3L8prIijGi8t+420BZ9Nmtnwi75ZZpCwaea+CkFvq+W4XOakWNeojvo6V1i1yM+8fox5 wFUF7PQaua6s6hJ85tS1e5zT1nhnMXM= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YDScwu9I; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327792; a=rsa-sha256; cv=none; b=lISuLSQ+KlvBNMTE+W5sEuIiX7O5BFGJDndeNVgwtmzqKID3j5WhffqVkb7TIPYhSSEP5U DArY99X6hNtyyU6Zy6SwYVCftqhhk96UieNiCUrLEffr21P9UTJAD6RhVFMdhdK4oy7rQT MG8V59eftjVouyR678ym+eyEXbYpeRg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B10D5614A8; Tue, 25 Jun 2024 15:03:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3A9D9C32786; Tue, 25 Jun 2024 15:03:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327798; bh=Z21AWasSolhz5J/5c3s78sHem1nY4uu+1qvn/s9636U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=YDScwu9InvdeNgK+aqQ8J/hft/U+qyQUnoOjYAg6t4bAVWWn5H+aPxwHYZmdEnukq dJKGVC4AfFZqiWzIsvkOEG5KEaLV2ct7AcRmq0fkCAAeiQIC//CIuGw8ea0IptNNP7 +Z/FctVB8JE7ZF4n49LA5JkQhXvQNzHUySkteY+FxbjZg41txQyr/W6IVgJZYtrJLb otnwOy7OIfi0/GH5bFqBmeiVmSqYuDO/S+kg/pXZpyjHPC7al3EIM0fnj+s1ivXBbf kxaJb+HcD2AC9v4XH+WDNWlx/1uwXXbBI6GwvuL/P+EHSeJdIFUBrOEZlm+1mKwt4I vOb0ouLv4jkGA== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:50 +0100 Subject: [PATCH v9 22/39] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-22-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2997; i=broonie@kernel.org; h=from:subject:message-id; bh=Z21AWasSolhz5J/5c3s78sHem1nY4uu+1qvn/s9636U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuDgBGhsGNt6urfwiqNBknViTYtmdy0dfkzlTfV tuvsHI2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbgwAKCRAk1otyXVSH0BSWB/ 90CNgm4LPzeTEljHtp42jqZxx5NRjOcF5UPwn5bhwBHZt4Vvh+G0AhRI2t3RBBxfjDegG/EQulsvNL UwVuDcQ/kUJC1c4Os4mMIiNBCihT3EszdXXCWaxY7+Wf6MSkFVpRTKS0zItLUiSaRMTlrrBwN1T5GS KpQ8sGdqNjxetej3A1uVuFQH+IXyerstHNoHWT3DWh54P8V6u0EYBgERs0cEhylH9kfbVxHsBrcvgu Nn41IPVVWUsPcr4Zhy+Rzu8krZrPjLWx+vu9QkTq2cLR1jBXJ4WVTeC6AATc6DMgdc/C9ptIu/uSoj VI2F3/ySC2M3YL30Xi7WKg2x+dOUOa X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 87E8640080 X-Stat-Signature: 6ztz46efyor38g6yh3sazeydjknnwiha X-HE-Tag: 1719327799-410288 X-HE-Meta: U2FsdGVkX1+LcQpMb6M4jSNBQoGcv5NzPh5OVqy6wziqkIY9GE9+dCGClfyf2HypMEt003y7Hb76mdmweeF65591wZvKRrWVdDHZnOZQZKNcxmsuAp6bsh4SWpzrtd6vUvCDMLM7fjNNObmWfCJzsUg6C41pXQG/y4Lmenfck2/GiiQ80RzoQGtT8C9kysD4X6/mblftYPeyPZlpmBvTi8TJVzo2sjWbYIB88Dc+2NtzUcLGkKPIEqH2vQqENEfquUmVRLXE7rji0qDsfpWelkuF0l0uAzrayvvM79bYNvJ89q7S9EHu4DMJx3CulnHgSxMYk7OrnGiOetfYeamCdvCC1pzlaGG/LFcJvht1O0lRLXXtpvrjFBx7+8zCLIvxt5X+mOtlWJxUQdZLKhqiqO54nFjpVFDNM28muyPH5w3Ckttsb+CXdhAq7z6ledo3+GqGTdau/vKz2rY22FjjXp4VAHzRnFkf5xl4b6NwGgiU9Kxd/1aaACswL+9tHYIVaHmDUpn4xzOd2X3n0XEv2BWK1nA9fuAKMluOxcU2WXHpNQcgirnROONifyOMV2m1zjKmHlvc8TzqS6T6QNQEItOo9aLibgWkyL/PV19YfsvByw5kNL8pPjS/YLg4DQIaing/+G+jK4PTBmhuOZaJtZ2IvLDj1egc1EaLdS3jCgM2dZYl3ICXBDA2/hcW2gnWv42z45/F6G++9SyyEpzpjXvL1X03++7B1ldTfzZa0ytfmhDcAXuBaA4OOWRjLxM0AEQJFaGWhA1ByoicnFJ2mrQbi91E/PVJTtc/1CfPOKuDEasxoqYsuRggmi/ZxQFLki8/3c7FtZxCdisww4EMEZs6axDpSUz75jy/wFryl2LGwJn1Qpv2jxEYyxgGa8kFCNS0dDCx57SO4YCsFwEBMi6tWeM67yyVSdZvDPE4Ow1xUI3cQuh3SvyDcowVR5ffxAnx74u5J/7s+3/iWP1 AyNQ4CXC LTN8GdUd523nc3H0JZPRZEC0ajgPHaQCQGQUs3fWe2bOMQAzQsLUnColVoxFSAsy0k4twUGNCqqENckw0zLJ1ImDKz2A+HPFNBr+KEesVL9eq5g45Kd4rv/OxvCo7Nia4VM2+93gvywSo9yCd+qHODCrfWpfbyeZJJ1a3bn66uWpdzrcvGl5i7VEHMHPWYlXNh8toafz/v9rA/9ttXEleDt7a2j/W9xrii5Gmlvp8q8Ec8AxX0qvpR08AiAJxqiEN2zeOdnc1iGtZyXcjD12msgHW+N68NN29S68AiXMCOfuBWkTZfHlmMDsrKV6sKMA5C1Lf/7D1PgyTaoRSlRaAZleXYN4xonwuUTsgDZJAJCiDDhKnBTJQKHGd2TiuT9G6HDZVyoCU73cp0vT3KoQt4GYbSk1bJwXgmLs09EXr0fmUEZA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index c6fae0eb9bd6..918d50ba53c6 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -141,6 +141,67 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret = 0; + int cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (addr && (addr % PAGE_SIZE)) + return -EINVAL; + + if (size == 8 || size % 8) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + put_user_gcs(cap_val, cap_ptr, &ret); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* Ensure the new cap is viaible for GCS */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Tue Jun 25 14:57:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711447 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63F9BC30658 for ; Tue, 25 Jun 2024 15:03:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E17F16B00B5; Tue, 25 Jun 2024 11:03:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DBE696B00B7; Tue, 25 Jun 2024 11:03:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C39946B00B8; Tue, 25 Jun 2024 11:03:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A1F536B00B5 for ; Tue, 25 Jun 2024 11:03:37 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 4B35D801DC for ; Tue, 25 Jun 2024 15:03:37 +0000 (UTC) X-FDA: 82269730074.03.4A954D4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id EDF338004F for ; Tue, 25 Jun 2024 15:03:26 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hClRKRD7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327795; a=rsa-sha256; cv=none; b=Aw3rrWRP2VU/FNiDJUcY83oVguweayg5zLvk57qF0IW3q6d1aQWooS7ft3b6BucWB4Dg1g 41B7pxBffg9wHvuPcUooS0l3JyForwJcZgoYje064hSYuJMf7Jz1XLSjGPAQJfahLAQAlD y7+lNLe4bUXJGff8V2D6euTnfYW3ENY= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hClRKRD7; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327795; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MwKXz9rtX+4H1GS+xNH1tVb4/bZl1NfRNtGvr4b631s=; b=t8LcYTyGYExjutZZ0TFOmeSQTUzltMZySh7VfSHAQ7KFyCRDrCHwtYPlpDsOmQ14uULYbQ EwetU5w6wnnndBsO0IL3uxNOw+UjnzUPhkUzdte8Oe+ssu71JsNwWd0H7lfSNnjuzF2Ri4 pWMjku9UXhhKiOFG5Q7k5XYXDOBNf9U= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1722A60BAF; Tue, 25 Jun 2024 15:03:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EEB3FC32782; Tue, 25 Jun 2024 15:03:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327805; bh=r8OeCheZca08aBPplXRLI2j23mHYi0JAXY2pfIZIwuo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hClRKRD7piPsmFvjSFelRmACKwTiERJyuvd2cpFA52Xa0MVhvYHUOVNlQ4SznwKJk m2FKwh6jTTWvU6XygXHpLhm1E7bukpTifj7+HULrqmLZR1l5kU2GO5UZzF2Nfd5k5a deH8UCBeYMRuDN+WCSWgVWIUEXZjDqaXKDea5/vIq7ty8jCdYbgBwdeyPX+5duQKnp CNrSWbtD28SzkYRXQVYwX8sBgIzVgzzsEmHiBnW6t/YNXhP9mIZe+EP4HlA25d/tFa g/RqM2Bam5hyakaUjrjk5p6bc7jYIM3ZwwV4y9P9f+V3DgEeV3orNSMcGyAveLy9X+ PtEGJwrXQEV0Q== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:51 +0100 Subject: [PATCH v9 23/39] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-23-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=7410; i=broonie@kernel.org; h=from:subject:message-id; bh=r8OeCheZca08aBPplXRLI2j23mHYi0JAXY2pfIZIwuo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuEbXRZZuhSHnJ6VyUSqEQSOYDxx6u7HeN7f9ZJ B3xTvrOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbhAAKCRAk1otyXVSH0Gm/B/ 9fu4otU/PRfg472GGYRkOwItAA/+lli+0iyVjt37Lx9gcU58pDpd95YMHivPSiDykcQJ9T++NIVHBs IwhEe3VA7qkgf+nSQh/NrzUewhi8H4ckf4Arl/iQP0hzg86VqGH4h90eisyQ0w4d30MCT4V382m31u sDedl6FhVAwsyh3tuGLFXgpTczq4muq62KzV2t4xQQMT93A5NgGGZ5CGFfatWskiObMEHgz9E4Qj5w mpsRi3TIbfFkWWzPx6y0niUXbLpFmptpgF1HR6Hz5qS3wl6HcY8ZAUeC6W8xbdKrKqLkJ2hPFGpq8q zkpaoSr4a7VMG6Zky8x9Q8GOIhuVPz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: EDF338004F X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: yk97szy6znyogzqhdsfxo9qn143d498z X-HE-Tag: 1719327806-946850 X-HE-Meta: U2FsdGVkX19LiifSoK4Q1ZgP8wHVYI9LDnCg87BQL5c04m08Hi4KwKHYqw/aTi5GYLWq6G1YxZ+1vypX4n3pqHOCVJfCDW8szg8qzSETa/K0N8VfZCpBkSCSvdcmC4JPnJZT79OagSexH5lbltOBod5UxaM+XW08mycSaHwCLv3FL4L5oPmPHXmyhhF29rD9+DNOlOd/yD8TFDmZSy/XukErmZSYRYGc6BdyAQtpgxQke+jYAtOZI4sscXOPNfDSZkTV5yHFDax9oqTocUw8Vd4Ff0VK496K7ZpjlSFJNAz0iTY+8GjWzx5nm4K+G/fOygdHFqZeuLVLYdA1AenNX/dd/pGGKwl53cMmfgujMQ57rwqyPGnp1ZgFzWJdSYzADQ0VFYb4fs0eJ045DMztIwiV5ytHlD4WAdWzXKMJy/F/oEZlA10PrQlGl2hLvxAQRRk6Yl+UNHkF7wmWvgsIiTX8atA0s6CH6/VSkxcxMZYRwV4VQ0D0wYaZzjyVDY357hcrAFi82Y57A/9eQc+ZeVFxnc4d7T2cANcwwlF9050GD4mZngtC7xo7rMYnNZBqRG6vLhENYSFroMtoFmZxwRKsXi46issSplC4un+XOcCLdLjwCSl4podPGm3C+LDp1RfQrcUE/copJDguiCfnGsX5VcuIL35NB5L33ql8Mg+QgvMW3R9x0kwSiAX0Axp+CdiVDh8w96i4O7k+9CAz3QeUZ8DH3ZeD/0Y39DCXa1tR3A2xttklKa5bOpn9fy7MMa8xIZNkoTI4F+n7/zba8kQR66OtqkMoKaPlW20/1OoKyeYaxO1YiV8R4JntJCTDvtMjOGfwdVqwkNhmzsoJqMawPTfbXyWz9+M9frfzPGQhh6DloCPe3lfh1lVZOPJHp9cR6p0fsHegKprgp31bsk2fLOIhbiFV9tYD4Zrp2myofBiSin0rSzMqZC6YsyGXU3YD6G/nEfYRdXLRRg/ ODCzr6Q6 PngQOv9wKwTQ9VuGzCKSKPzsKjw4PZIJNzdWE8igms1uxKl7FqbtRxDMeesusEZyBkBuKTX2o6GtATEm1XNg7j+jOgWffkj6xdXGDUFhmMcfb+hiBbx7zav47AT4zaXUPozIIyAd94bZzS5mCWQwRZMly+72s6blvpvGDsUbI3x8HQteEC42kCJO3auT+hP7yMUwlbgqC5lylsXvtJ4XPHR7EV2jmT8HhQSONj/gsUOIy0mZU7LSok8UWRkU2iI9DKasG0CCirw3Ug3QlabXmngIqU93+Dob5kT+1x08C0xnV2c8p7IUXUYgpw8+gO1rGcv71dJNM5IXXFScbGMpDw1XMwm7I6gtvb39l+aOeJra/AUAn5JKbw9KNYiO/X7TSLtO4 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set and token type of 0 which we add on signal entry and validate and pop off on signal return. The combination of the top bit being set and the token type mean that this can't be interpreted as a valid token or address. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 1 + arch/arm64/kernel/signal.c | 134 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 131 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 48c97e63e56a..f50660603ecf 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -9,6 +9,7 @@ #include struct kernel_clone_args; +struct ksignal; static inline void gcsb_dsync(void) { diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 4a77f4976e11..a1e0aa38bff9 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,37 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) ((((unsigned long)addr) & GCS_CAP_ADDR_MASK) | \ + GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must not have a token set */ + if (GCS_CAP_TOKEN(val) != 0) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -860,6 +892,50 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + /* Invalidate the token to prevent reuse */ + put_user_gcs(0, (__user void*)gcspr_el0, &ret); + if (ret != 0) + return -EFAULT; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -886,6 +962,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1130,7 +1209,50 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + int ret = 0; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + put_user_gcs((unsigned long)sigtramp, gcspr_el0 - 2, &ret); + put_user_gcs(GCS_SIGNAL_CAP(gcspr_el0 - 1), gcspr_el0 - 1, &ret); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1138,7 +1260,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1178,12 +1300,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1206,7 +1330,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 918d50ba53c6..7429a4b3600e 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Tue Jun 25 14:57:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A08B2C30658 for ; Tue, 25 Jun 2024 15:03:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7D2856B00B9; Tue, 25 Jun 2024 11:03:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 72F8F6B00BB; Tue, 25 Jun 2024 11:03:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 582656B00BC; Tue, 25 Jun 2024 11:03:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 289756B00B9 for ; Tue, 25 Jun 2024 11:03:41 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id CEE9D1A0205 for ; Tue, 25 Jun 2024 15:03:40 +0000 (UTC) X-FDA: 82269730200.19.3362E3E Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf16.hostedemail.com (Postfix) with ESMTP id 6300F180030 for ; Tue, 25 Jun 2024 15:03:35 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=abiwsMY7; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327803; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LB2f067LJFvydnOND1bFIwkYnAf0/uOqfDmyYeKI5+w=; b=KpLyGdxPxxQVB5w39J1JU4aXfLRFfOP5FEKyoHw80Zfdni5/ObxNaROdsmX7wR8tk92BX9 Wo1QgunDr+qFDlGWVidZ6QLqIqrZt5xST9ZDkvj6Ddl+VANtj/KUYXaKPI65TXR0Gf5eMd hmIQZ3qf6fmO8XCq2glenNvLv5Cx5mA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327803; a=rsa-sha256; cv=none; b=pbN21ut3ebrNV4jxtmDWYfbzv32Wwbf9c8+erBnq28F7XZS+GE/Q1MM0u92AnSb/xqpjbU 5e8KQ0whA4DLIMJaJxQQ5vKPB7BdeZmKmxzkRhXLdIRXWWZvg6vgNGQe/Bdj1ojKdQZb53 iJxYfWIMFqiZ9X9gJCsPLOZ7gvNfbrs= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=abiwsMY7; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 43052CE1B78; Tue, 25 Jun 2024 15:03:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 367EBC4AF09; Tue, 25 Jun 2024 15:03:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327812; bh=CZyk2Foz6/MDwSr5OV2kQ3tmU9mYoHXOdRBxLAAsKpQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=abiwsMY7+KvzHS4P9PmFpFGCEhgfRkYRU7IEtlsNfXBRypV5ugB2bGrkEJVvM8I4j 9jcbbyT2tLv5vZNCVrPo4QacHCxBo49K7KyoRyuf5AaoLK297ouS0MCDrgjsNC+cxJ ar6ISZYKU+e5OttraAVt88d998Ryen6dnW5Z6k24XXjBNpV4RH6erpy6S89sxCTMhF FGk7xs+oq90NGpEM3Ur5oVqrHGiAM08LqTGvs1dVIusEI0L4vPAwF9t0nEhDp6iwP0 UgkHCwtpKQ1h0ZvO+E1ISnbEf6yvg0H0J6gZDCvrs3SSZF4PTWcs/Ypo3CRVhKdl0G 8CxEaKwvgepOA== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:52 +0100 Subject: [PATCH v9 24/39] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-24-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=6094; i=broonie@kernel.org; h=from:subject:message-id; bh=CZyk2Foz6/MDwSr5OV2kQ3tmU9mYoHXOdRBxLAAsKpQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuF7m/PmlelddEg/bBFW5FD/h5PxHRPz1T4ZL/z fGWGm8+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbhQAKCRAk1otyXVSH0PsAB/ 43/MMGsHECfy2LfiwF5beeX/KzMJ+QU6tHv9Rsszt32thb32vCsuGfKKH71Xe+3E247nIHvEtd7KWo 7CwsIx7fNvbl16Me6s6NdDzluCb6pKjVw9XCUQUwwVFDVuIkDVk6azKRlXnn5W8r4K0uSyqiyAAulY x0W2qVfgGP5KrrZ0PuIpTSNi/DEec8WvurCvULvwfQyuvqZd9YSZNkmIJ0ruD1syAofnCIIrmQSUdP ueVupKXYI60989eIQZmtXS92XE9GTHjq2fl7FlGX36E7MyL3KSo5mV46Q/dNNDctkUc+1bhwk2bdsM zbLzeHeBTZytsjveH0XBKROeaAjqZy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 6300F180030 X-Stat-Signature: o7s15w8u51517wzgm7txqs7w5h11p9ta X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1719327815-895506 X-HE-Meta: U2FsdGVkX1/4Goh9jB5xZ2fjzXynKwJLv+k+Wsq3off+D4Baf71d6QQjnWCp3TAK5qew+J+k36yRsueDWUnPoeW5mhn55ukelRkXBawq4WVW4P9J6TfvPdvhCcnl2gzw3VQKLDCXxIXH6jh/3DItptb66UOj/iVHse0pkWapbbiXg4HO0MW9+7Rgp8aiun86wwOKS3fL5pL8lXuFpkMlbf3IDsFr67fEqoJU+V+ZlQZcehoWzgVOCf6VMHcW9eLoIXuGmuYHXIQpJ4bwEZeksBjL1miRovcUHBYSgXEkO5bG06px7A/TZV7npBxZ6cwO2JfRWlOXRDrwVc4EcUWiWbGNFFXqyhd/8FbbaZX2M+esoDdkNf07L9YSWVQ8iyWra/onjmHMqL3A96ld5py4nBeFmbwQy+MOq5OHOiDgU1xAw0ze9yzG356wxrJDVL4vEPMdvMnvq9lVyRQm/WbK2jNIECwcX9uFagnGgGAQQRT3A8Y1EY+MmmUjGKbY5VhOQET9VWv5f8M1FMOlgXKxUghW3TlgHPnFdjG8cK1jmooQvD2aMm+gcrjZtJ3x8K+s5jWfnnMTLUAlKlMus31u8/0Pfdt9zvtblTS8ef8/5DgYu0fjPih8GsU4kOt+XKEMbS0LF1Jk9JXzfWqenWdgbK2/Zpdl2IbSjLL3BQ2SBxGwlMPPWdb9CHK3aMA2IW+2oldy9OimmAkMdJMlJMMndH2W65M1e2/EoyRkqbuCuIzjf7vz+KF+t4oH3JOejLCVg9YFeBd25G1T5ag/FGtR3AXfJRdyzue1ZF7ryKJ63lNdM2Yca5rt4bQoWani2+FwRNfobP5Xv7j1JbhJvBevwSxAe0dr5ADbqiNVMwpIVA6NoI2yaKLCvQRakatOlfq8C1CsNKnPPbDIWblhu0v2/D+lSKQqrHoMcZFKtnM5P1fDTbFFCEve+3PHXGXUxqs9r7comnEtMCX2dTU1iu8 cUuUl628 wnCY9NT3WqIqduQKoGcWql+3LOYfdR7q4KMlPs8xKkqYOiK05v8IqsuLTH5NyRXUlS/4LRqldklbyIhuk3Z1mwe/exVFs2F1PF7WwvfnyHR43Wu4fwHCrHpP1QddU0r/YWhgMszfT0aGxFBr/tsSJNk3UGuPXIRA9ERQAP1ns2L659H9ZSw2dT//P9H3M9klxaG0ecJeGQgRlLt7TfbJt0jKkIAP3TbaM7PeJyDwwI5STlbRkHy36kA7ndA2n4+IIRVe+aEYsTMOhvzfFlQWzjUCY9ACZsTke7ZtDtXRrmcA2V9a3nbhYlb5awLw3FVyKgPFn5Ng0NSlTMCgZhquaTp2gKwHEvuankuJ9qnJCXrbxHO+foNWNWJLbXP8140MvVu+V X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 108 +++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index 8a45b7a411e0..c2d61e8efc84 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -176,6 +176,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index a1e0aa38bff9..f034a1a1d194 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -88,6 +88,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -217,6 +218,8 @@ struct user_ctxs { u32 zt_size; struct fpmr_context __user *fpmr; u32 fpmr_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -636,6 +639,83 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(0, &ctx->reserved, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -653,6 +733,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->za = NULL; user->zt = NULL; user->fpmr = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -758,6 +839,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->fpmr_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -877,6 +969,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -999,6 +1094,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1099,6 +1201,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Tue Jun 25 14:57:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711451 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6752C2BBCA for ; Tue, 25 Jun 2024 15:03:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 708636B00BE; Tue, 25 Jun 2024 11:03:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6B8306B00BF; Tue, 25 Jun 2024 11:03:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 558E16B00C0; Tue, 25 Jun 2024 11:03:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 3575C6B00BE for ; Tue, 25 Jun 2024 11:03:59 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 637A0A0243 for ; Tue, 25 Jun 2024 15:03:57 +0000 (UTC) X-FDA: 82269730914.11.041CAA8 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf21.hostedemail.com (Postfix) with ESMTP id 667F11C001C for ; Tue, 25 Jun 2024 15:03:42 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hkDTstIo; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327817; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=V+n35PJ4/w7NXYgL0xegfC30fzD71ASm6FfCB9JQvUM=; b=gqgY9udCtynUAjrpSo/bOqXyYp3MTLRvYUHwIiKxC23rSrpxeKTzkYusymw8e+fkWBDVwQ EKmrnbtI6NjAnW2ZRKBHhlenenz8nnZqBdROcJKSnfL08CYLTs6ezwBXmNi38fA+fLqNkb 18LXS4YtTDh16Dmf+U5jXDeZ2+EKTew= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hkDTstIo; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327817; a=rsa-sha256; cv=none; b=sGEQsjXs3oeYsHUJOkoNWsfNsA+52qu4dlulmrLPXjOtzs2N+rmJJPfDetqAsTGeHucxID xMBHgSkmJhMdBMD5VqkwRI6MFMdJDJ6r/jxiH/OAyXwq9oaUN/1uWKk9xGI+KwZvDyGcnU SqxntK1U7XuZd5MPFtHf9ArPkp6RxsU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 6A1EECE01CE; Tue, 25 Jun 2024 15:03:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 29B1CC4AF0E; Tue, 25 Jun 2024 15:03:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327819; bh=qLuXO3WTZsbuYPpzI7zPKGWHTzDvnQwqGL+bk49RD84=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hkDTstIokDbII+NgDXV9ygGKcAbZfi8xcMVYYBinLFGzUbWA3/1aC/jkLX9TnILxY CEketVMlSoxdyZPQm6qRfTzTiYkPed/+304fFSUpPpj1120NlP7ix/o2Z/nkWcoRfu gJmZwP/Kc885SgOeQkoIhj+q8he90o8ZC8GY6VtWUJgCdsfuk6WoiTiSgs01UoVtu5 W6X+h6T77fpf98Hd+jPAuXX4SS2uNEXCOOkhhYZgfeqW7dKQTy7zQAa8kI5Ehz1OE/ t/WFvdAS6r389/Xi4ws2uXHHfq0b+wuu58cA7xdK0rm+qyV2+vu4ltK5osvm0by8SB cHhG49/bgy6Sw== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:53 +0100 Subject: [PATCH v9 25/39] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-25-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=4329; i=broonie@kernel.org; h=from:subject:message-id; bh=qLuXO3WTZsbuYPpzI7zPKGWHTzDvnQwqGL+bk49RD84=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuGTfR0xNzu1+84q9CMfy/yxjpeiuKLfYT2znrk GoY1/N+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbhgAKCRAk1otyXVSH0G+jB/ sG6g96RCMiqgpbeydGZ6sxqiXuFMRbeInyskwKusJZFWMvPLBsIZX8FlYwjIxI2gTyJlNcNnGQmE5R NY2i8h4sxZMNgre4QDrQ6wdkv2cwZ9bO0hWIFqTFjNqSN9iUX6ZIKMwgvbZsHGR4zvGmhMqMY9i1ck HKr4syx2DDMAIUdAZlQkdkekG8w/X5QwNY9ueCZdNRgywiImEMQSOKZPA4QU7fu2W+SHjDD/0V5DF3 54Z7V9ECYDcOIrBX/dnHAADN3GLG3H8zwa8K0RfcXl1SBbW9voHlHgTqubiMscyG6ZDHLdrktic433 MSUgxVm08hXgJhgbB89Ac4XSk5AZQr X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 667F11C001C X-Stat-Signature: a3icgu1rzjnuf7r343dub36ah7rr1aif X-HE-Tag: 1719327822-482810 X-HE-Meta: U2FsdGVkX19vmYpUmoMrtCtdL5LsXvtyXNikEIyWQ9/tGcdLjWr8CfFijWuFcWUPD9JK6TCqqqJRShyFqFyMHtHqXT9QChL/WbjCX/b77rtxa5n73dM3YONahRQbtjr5r3PdcUG8FQLQrsItzvHhT3QMguzQXHVio5S+eEM2EvNtuAg3mEeUmb0w5Sl3ZqMJzta3HXFYAH49pbe7dFUL1yeOUOBbr0RC2zziv5h2ASNQlqfdx7Byk1u4aomGXBu1x39w2yZeFXJ9buVySlT/Gr/ESSdL1PCrySLTkOPE5KpkfNEP5Ja5sUlxVn28FnsengPTPQjSF+Xkuui6MXEsnyvpCn8cUgscm4UOmDOCq/ofjae9cUhxXw9G0TQIUJBFXPUkVIOSfshuN0rbV//IN2uTqE43svgl+xC9oybg14GtfBD2QyQ4OVVHWy0NzYCyZd/e4vHxHdvP6AxRLPPcaM3giEMUffS/YAJeONllb9vd1q7eRPHWwawU9irl3r/zW/u7A5AXf4F8vmb+ygHLWUFLaXhuymlGa9i6yn5b28eyRYaNQoKiasJxs23LoxjxU2FJDx+05WU/5wmHsrPokobzfOFQobaIJUFFNVwE4mBocAWIV7AaiY7+30ZYoGsGqVcKbtz+gjgdCYzS1D5dHC68Wrk190DJ0IlpxUB0Kz+ojCFt2XKKqMbx8aynEezSqWbFTmlA1DmFHOYIsPxXte+zl7EMJrIGZkDyyupc3AqTPOck7W0I7uUz64MNgrhWvE56JeO5EEcEJgzh1kv5SFlEM7N5ALLwxUNb5X07cc3hUa3iUQMisLbUZxYLx1kEPBPprQp7ucJUFjpSKUk3mlP5IoZbuwhXMmqd24kvPQ/xfF9LUeje5S4bnJQir4jQZ55AxqqXn+ciJoM38bHOA9BMUqmoxn9a4f+aVcy8bmdJd62rBgtubgIsbfFOMMSzyQE6Nzymn72yO7YArCC 7FJzQSkF Kd3zmWZloneOMt4m+n9MrqPV0UKWDWaDCcXQoJPvMOChmItaxxAxv/vWSNO5fETlUICl3sEQcYXNSRNNV6KVoCJwMNyr5nYrNuVzmnsv7Nx7WOZq5ElCE1s6Q+Ha6Zsq5sR+JIGB8EMpuvRAaLHu2qDl860Uv1+X/85o9WLqrjCyKbmhazat8fRcEaknzbZuYz5fcBdBPoVpk3jWIFYBTijuiG16N26SLZtly+iSbKGPpmPpMDSfZHSxuQDWyhq8dA5hdPea8zYOM73v20Gn5ZVJe9XwPviLwcWRzKSZvjJu9Kir3nXrtZEB5iOWFoPr1QkyhoDyBzVBVV1G8BYG4Q898J7J6IunCq41V6KCjHihF30VOWszLuN2RsWCPwv7yof8C X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 0d022599eb61..9db0b669fee3 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -1440,6 +1441,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1469,6 +1515,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1628,6 +1677,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index b54b313bcf07..77d4910bbb9d 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -441,6 +441,7 @@ typedef struct elf64_shdr { #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ #define NT_ARM_FPMR 0x40e /* ARM floating point mode register */ +#define NT_ARM_GCS 0x40f /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Tue Jun 25 14:57:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711452 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BE43C2BBCA for ; Tue, 25 Jun 2024 15:04:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EAD446B00C0; Tue, 25 Jun 2024 11:04:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E5A666B00C1; Tue, 25 Jun 2024 11:04:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CD5FA6B00C2; Tue, 25 Jun 2024 11:04:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id ACA946B00C0 for ; Tue, 25 Jun 2024 11:04:02 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0025740198 for ; Tue, 25 Jun 2024 15:04:01 +0000 (UTC) X-FDA: 82269731124.09.9CC7901 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf20.hostedemail.com (Postfix) with ESMTP id 365B91C003A for ; Tue, 25 Jun 2024 15:03:49 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=l2xsFbIE; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327816; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XBy8WpEO2hCs8De6t4VdyvNFeHmJPwaymnVsPFsEc38=; b=lLS42kwLE9XQ2WgcDCIbDoaigr3JtHgtCXkJufCQce6MoYU58IkosuRKU2g8l+++mKkKCe pjrfNFZa3KSTVWh2oan2DYrrQ43pbg8NWaZEGVhokCKuu4/62dBUCxraUODPDtKfUMuFbD nfM/qb5BQctNnJBkKiTLiVt1JNystGI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327816; a=rsa-sha256; cv=none; b=VuVtxy2v3wXdg5xlo7qZvPCkP/j6khytyUgLxNAyRnAooB3WWkoWyrO6s1pBsLEfXnKG2F 4aZxtAsmL3qxp32GWvyDmBFAD6AipLhTdjvhg1ay6bPilOr9qrwZHyBYLNScVufOdaS2pG S4sKOG6QelPoF7FKQtC7AkY0yx0NuDw= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=l2xsFbIE; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 76A6ECE1B7C; Tue, 25 Jun 2024 15:03:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1F6C7C4AF0A; Tue, 25 Jun 2024 15:03:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327826; bh=fjC2QiGsrbMcCkXrGFM5RiSenF/23moS6IQnQJ7tLdI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=l2xsFbIETEPKGbR69SWsfYufg6rpbRn4aaptp5DtVcbSm+gRqRmpD2995e2y8WGim eCRcbHiIQJ9pqY5hWpsMfCcDmmgdUqN5aJjCIFdPU70s2FqZgkpUwl0vGFg4JvUhqM 4R47oEbqzTI/WIzPgeKJ8EyaVVlcSIGP6vCKjtr9UfEomWTHc7ivJggF+Wsk89OTlh wFjrot6UoGGCjUc+BQcPE4Hcrd/4lr2FjzLykKDT4Ars+AhqTtk0YUxWBXmBDuNa20 LK4zLQdD2O4gn8+MU+yZ3cskmZeebN965PyinB6Im0jRSXCXTS6IHMl5u/aRBwe8kH 3kXJHBn/ECzmQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:54 +0100 Subject: [PATCH v9 26/39] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-26-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1438; i=broonie@kernel.org; h=from:subject:message-id; bh=fjC2QiGsrbMcCkXrGFM5RiSenF/23moS6IQnQJ7tLdI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuGg1xlcnXPlN04dXEBbnUnfgQS+G3jS350+dWn /izc6wKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbhgAKCRAk1otyXVSH0KfjB/ 9KWonE6xeKtgOTtQX2JO7awYH9lQ6LkvpJLYKruT/tw3b5S8asSEMPcfTcPyEneVXId/HNouOKa9RN wGGAWeR7McyjYD95XpmwDqTx4zPmmme9t2V0A6LxKTGf8/Zw3LuK9L9WP/4FiItiDYbKXFHHbR1MmS YrBnyYjZm0vjLZMMdI2vobtYQ2xicVgK00Qyr/80i1MP6FhmpFoNNYpYplfFJ9JcDJTl6SKx0ZVoTu +skJQfsafa6R60XpkYGtVyB3Och3vSkyNhNc/dLNxh/JH/oW7Sp0pYRTESkaxSdnQLoMFTzY5D5H+a 7eWD6b20Ne30nkS0CHcIRuEvSi2DB8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 365B91C003A X-Stat-Signature: 5tjh8w9k7xif4ncuumbtmtfgemoo8xim X-HE-Tag: 1719327829-313598 X-HE-Meta: U2FsdGVkX19ncQftZlk+PaPjQzDTICmTtc+pOJqYjrb7FIKNSZKJUeOo6gt4BQ3qtPqFPSmbNyxjYWu1Z/yR4AXHWdGh2CZfCi/xDcZKGQax0penSzh/EMI+AyW2Y8OH7Et9UtZXQYeTsqN+Sx+zn5QDEj6IzAP89UV420c3stajzpuO+DP8WgnSchLZF/ysAKytvLTTC4fHJYkfE7pwjajUkDjt2ZUqOk03n68O1CBKGlPrCx5TbxAoSXebmmtaTWNHAryt6gp9gJ+Etyhh8v2qqfc8duuB8WZ1r3vg99yyzm6DIxR4oCjVJYLKmnyFFlZcL+GNm2SX5rycRhV7dNnJiRi98rHTQ+MaGfjBsHqAKTtsH/zQDYCo8xl/39d2aDDE4N3CK04HzRAAsfnvU3UhsTgeFEYOVvkz6A3z8NXOqlRy4IF/7EHWtUZMKXbciQqQTQomMr/tHeRiz3SSbQ7A0EOrfoaD58QdcEoRS+VeN44/bL6ZBB2/LgPRoZV/XJosGXbnCZjV9LJbjw7mzT+1JpJJH7X1MvP/ZDxpgQFtWfxRAKDT8fgnwvsOAUhTkzMVlhM2eRWGHRwK8vbn6cCNJ+YuGuUNWJyp1IPURUxsYZwhhD25nSoWzYxgpCIlozpDuTdLz074cRpHWA+rQ42Q9G0lb0HA342f2m/9DGP8lAWyBBVj0J6Z65GPBR23BMlncKxIaQTY5uwwWZeIfeElav2DHKXXoyM1df9JBKgZAcC+yZuMzy2Aun6QIbkeykJAAETfLJ3q7hK+1DP9LlfaZ5XYnLPyViN2cxuqUa3CmhoUDs0nHXzrNFwBUDhIRsVelThBRA5r7boHQmYjGKPcoQk5qR9C+rs2J+SCWu6MV4w0uqBQ+9659hGn3LsNqpuaZtadOpCghcSrqk1au0yL3JgO711L7EEDKCLvXOIARWhOSEUHjkrJxehRnefTnwMLVKNgeEC/ErqAEyE ArXBsayY quycSSKdrFXqfzUsEOTjdjXTnMlaG0eVys2bHq+CmwTf5QpT7OjnxGh/aV8UlcrTbfFNo/5BXU5oXmmVbMGxD/JPM5Cw0MabUu3ZMJDbgr/J9B1llIPIyiLQze8mKyLbuvKxHExGKKN4mMjIqHqyLp9KxFkfSFcjDMFb0hYWeVT1lcpoBxTaoVaInhiZ3m8aebldnF4tJeaCidVCtHaMwb2OLPUQjtWpmAoirb2/xCwDCFZjEfG2Org9K57r4YiJMsxDEtJc/rg6cUbHivOLEbJR7GTObqa9GHoteatW8PF027lmcQlmjplYvkkp825c8adyR4/QwhpfQedA2htXzJB0mWh48qOazzRltysHrBgyh9d2/9SF1mfULLg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 5d91259ee7b5..248697a29d78 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2140,6 +2140,26 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Tue Jun 25 14:57:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711453 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D288C2BBCA for ; Tue, 25 Jun 2024 15:04:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E10316B00C2; Tue, 25 Jun 2024 11:04:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DBCFA6B00C3; Tue, 25 Jun 2024 11:04:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C0F486B00C4; Tue, 25 Jun 2024 11:04:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9AACE6B00C2 for ; Tue, 25 Jun 2024 11:04:05 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 50CD11A012E for ; Tue, 25 Jun 2024 15:04:04 +0000 (UTC) X-FDA: 82269731208.02.B228962 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 6E7EA40056 for ; Tue, 25 Jun 2024 15:03:55 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RVcHIs3e; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327824; a=rsa-sha256; cv=none; b=NAmUA4spFUYQV4/WvsT4cGcRtydGe1QdUIDKIVJfy4umVAtU/O2Rw4YqOrGAP+EtX5JCce aM9ZbLlR/hZ7YNHNbDHeRAcmgUcsqgm9YdGtckmERXimb/OX84ZqL/Gj0Wtz/93GQJbw89 rG6xLYrfYDbD5VnDM1Bbscpuq4XeYwE= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RVcHIs3e; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327824; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lx1e4QZxBbCVWVB0QayIR7s4g0rsUX9FuY+HasyH2g8=; b=b7Svpqip0V9wwUS+Tr0xr2i+ys7GcHbmeTFgosFgnAj2btLieGxVWJCrmrOyPEjVAqpt35 oACV5jGSwGitvds4p2c69H+mGbR9XeVoCzeJHs0sAsEHE7vsJiAJNdhvzq910N7mdHDB9N Iv+Wo9vMszYww1sLeFT+521s5x1qGkA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 7380660BAF; Tue, 25 Jun 2024 15:03:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D40BC4AF0B; Tue, 25 Jun 2024 15:03:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327834; bh=oHs0edHK2ZH//P9wlXUiorha791DOO+hA3lq1vKIHRU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RVcHIs3e0+1BTODXPOdXj48xTE6Ig2X77qbNnTIQRIsQ1F/J+hGQH3DoCpTsV74KQ LP4Qq7EwvxhXEaHHjIjrYyUvTxzK77ehOh//lQv8X7OkWgdjstOMorkAbbx+KHNX8q ROWqziyU952y0sO0yHkuO3MMdFFLczKsxuLA84f3p5kl05IXBvb14Owt3bAZqhg5ca dmGd1AnNLQrvvSqMYd/hpvNjgpq3P6QwCOEIgl3e5F7U6Sgudc33b1GrSWb3pdJmGz I2NzxVo+oIdHLb9gxBTnyjAvtRXZA9Ft3ss+7ArRfSNZRQDRf0jpb8Y1uP2KVUxvDI epU+0l3m7Vx5w== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:55 +0100 Subject: [PATCH v9 27/39] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-27-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1288; i=broonie@kernel.org; h=from:subject:message-id; bh=oHs0edHK2ZH//P9wlXUiorha791DOO+hA3lq1vKIHRU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuHDmIv/1BR7AmyIP7TdZpBb0DyVJraa/k+giyf IMNNkZeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbhwAKCRAk1otyXVSH0GErB/ 9P0d2K2QWmEiq6MtR98YyQMB73y0NDVSTD0oL7snO1bVGdOgv3ptXZGHFRdCTsQEa39LCg09KHmEfQ uaxKzfCQgFpTtBTQ/V7TBQNmyNgv15eCxTBzb+bcJWTbQ69u7FmV9LUqaXf46j7gsK1RTSQPijNICB 43+McjEr3BipgL91KboTE8OffZ1hik0Lp3s5RXWvYgyHnYuwzaYNfGWKaFHiNm+XhLMBsFUJFBBODe S6XKVjZpD6+x8cR3DNl+jf0H/VUNt9Mv+ekTdgAOwCMdnCWAN9wXJ2khka98U9PvPIJEglltn1BqE3 D5k/13JN4yj/0zmk0jjehdcje46viA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 6E7EA40056 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: tq6hj6po7ft1ffzfgnfuxhguznsrox8z X-HE-Tag: 1719327835-299984 X-HE-Meta: U2FsdGVkX19J5wYyZPzM3Nsd2zE54SvJ2cMINlxQKKN5vjYu0jUdSR0f8a94QZNvKpMyu8VDMhVf99sacCssdZplulO/2W5lUwQeeKvBNtyIvoDIvuI7oDi1/rVH6BjrruHfWjIqxmm69GOQAh97hShfCSAZYnf8fhlbORZPB7NLWegOSBfV8a7P+L1BveJOZF1B0oj6Qxe3mQkg3pMOioGreGIOrfgiJEjpxeOKA6GqZkc/GNjjkdi7jNWBQ60XeafriMlOPPTuwTl91DS+UARXaRr/9F0j8cVN1zST6lHb4gsAT+DqnVySPMyHp/QwdMtS8XcILsZNmqh7hgw5bMqQhGdjexpeGF2wse/HXQFgUcQ6fo4508LYwIjZ/sT59ZHzMMPQ6iFQloJ4//eGQ60aNjifGpOzMY/9ahukV7FzDtWa6IerEkhRuD84jW+C8mfjBjOzv/lzkfaXu1kYDVGobsw/heKk6T1GRouxOwr4ZeIYWOG3Iji8pMAPzf69kKptuddi03MJdn3hCvR8qtjJtAlQFQInWRpXVcRr3xr5n3mA1mf2RF0XdqMpt3TarHaJM63NaH79m+iDzNXV8SlJ6V+FMWhJUWcggh7M+Mhw+W5swHIjVUKFMxhf3Sppeia6DoZi7/wvec3GeHfTx85NFRm6vgT4h/KFVgQdWwWfvTpAi2CUPCcxcS4qOmwCE9SmDFa0Qr+PtAqNbGKZWrDTTKhhdptcV0BRki79pSgpV4LXv50ocyRcRjoKZheyOkC7R+G7v61yiftYHHU5HSC6sXJDNJJsyAgnoFtGRe3gPhvl6HRWauIkwHMlgGfQ6PDc1w48R0OgiSpuuXC8lsCICD9rKsgZArdBt9rNotXlcJYHXvXpoRoNWcBOhDwIS8TyY96XU/H+0lJUyG5pFP6ggNR6ockK1rTyjYUnupf+qx3CAXaYJdIQvOpnsqEAATOd86rfUXpfOXSX3oX JiQ2i9Zz so4aVT0Xd7okVSlDEuaTyEnsF91jrSX4SKeUYlHIwqBXeGLLc2+YbmuvIfi097KeHqesjdjjy4TkXA7BFBRfaN3TTRULaiWKQKMLNe11J9Cxo9y47XVZoBVA+ABCzEPi/JDY5aXqCySMRxcvwGZab8v7waU6J1dL/umk7mbVdm6eU+yLLmRT0AZcGlg5Of9iEPqRC9i6IjE7/UbD0ogA8UuFYgMLPkIy9m+S3XXiuF7TTv1zWSUqwB+gvJsn25Im/dfK/AUjmbSI17rSCAn+5vwTar5lX9CZyZjZrGWGc6TeP7IGpWMrrRLwbg6BiQ8oMMz3aLq6M6LXyHE5AB/4XzOSiAYxa6r/mou2PaW0hFWLilxOBdb1inrL6M5gj/nbnymHg X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d8909b2b535a..dc54ae894fe5 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -98,6 +98,17 @@ static void fpmr_sigill(void) asm volatile("mrs x0, S3_3_C4_C4_2" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -528,6 +539,14 @@ static const struct hwcap_data { .sigill_fn = fpmr_sigill, .sigill_reliable = true, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Tue Jun 25 14:57:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711455 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C0A0C30658 for ; Tue, 25 Jun 2024 15:04:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8DDF28D0005; Tue, 25 Jun 2024 11:04:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 88D7E8D0002; Tue, 25 Jun 2024 11:04:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72DA08D0005; Tue, 25 Jun 2024 11:04:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 51B608D0002 for ; Tue, 25 Jun 2024 11:04:25 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F3ED540154 for ; Tue, 25 Jun 2024 15:04:24 +0000 (UTC) X-FDA: 82269732048.22.27639B4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id 3A42440101 for ; Tue, 25 Jun 2024 15:04:02 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="L/22fLgn"; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327836; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4i9CKDG7ncScjip5i0iO/FjjJ91XpqkXTPTkLZDpV8M=; b=d5lwspFvI5I2ieiR1OOj3Toqfdj2H13XDYafhczsY99yVHCF8Ab9r0kgqubPEL1dQhvwvB p6cy9sJfwDYtBCzmso7bu8rF3/wQcw3HN1b/znbAUKXv4vImGYrvHBbWZfzahwe5XWIeBy z5wmgNUPNpzfOmQvp3BvWMIrfgb6wps= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="L/22fLgn"; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327836; a=rsa-sha256; cv=none; b=OuRkZRz1e3RrxsciSevoV7fk/0ExQLURunsKgRto5+52typLR5LJQBJQBanIL6Qm321cBv M6Np8LPgEIk4RrWszdU5F0ON+fD48aYf5bfEABOMtQGX9azyGDE/vTta9s5tkt4EFWnf9Q Wm7P2LpGhcAMgGhSepCKPtj3E96EGPk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id DAF0C614A2; Tue, 25 Jun 2024 15:04:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 952C8C32786; Tue, 25 Jun 2024 15:03:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327841; bh=18sWPiMz/2PRxXCIvtfcK7spgh5pr5ZrfaiB3z+47E4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=L/22fLgnVrCDuOa9AvI6QdbD1mU2fPLWMyOny0LJICnsPQ+OE/mai2HAC7OkLXWrJ pcjmdvOHUArp132IpQ/J7Z21Sv/jOjoC6HDAqdUKWzSDHPvfBs0pcnv8FRQWxrb3Sr FraOwe39xbpr7uXa7BJ61D/F5eof33J8kY9ZTgInPA47/sgIlBPg/f8C2pZayWI2YR nrWC+5A2Hs6TAQQZSCany+TRS3b/filwuFp/OmO63FLC5Pow0ctynPP+i3tlzxgMWn ycNQHDCO02rxEI6Wbb971VZMdfryYPFOk1DSQOosLTixKz+ahicdLElvrOaKYhN9HJ TYvGOxzLrD3vA== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:56 +0100 Subject: [PATCH v9 28/39] kselftest: Provide shadow stack enable helpers for arm64 MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-28-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2438; i=broonie@kernel.org; h=from:subject:message-id; bh=18sWPiMz/2PRxXCIvtfcK7spgh5pr5ZrfaiB3z+47E4=; b=owGbwMvMwMWocq27KDak/QLjabUkhrSq2x0KqV3vs2a/V1Pb7Be8+t4u7WmabwqCORe9/xTgHr+8 zNa2k9GYhYGRi0FWTJFl7bOMVenhElvnP5r/CmYQKxPIFAYuTgGYiHcj+292TZ+CQLdbi9mYW8zEN2 X1LjihftFL8fvMrGl2EZzskwXMdeZ+eBMrWuqa2borvMb24hZlk386KTFbd8ltvyeVsXVOUuDr1asv 5ZQFu/QfNL7cmbnl1obSPh5WI7muxXX+i5PSXV4x/kwPf7jnbGuQWhhDb1TwV5+nwho3/2t21fw80T +/J3pniDibQTHbr237989ZsoBNX6Ly+1zl60weQQfadrmbdbHmndF47pjSx75Xe2qA22mzq809x4pu SvLH7TaZ1mPz6YWxRt70D7HrehQD3Njlrr2cmpYzdT2bxNJMr5m6ejY8x25oC3rm7/86pfBzBmdA0f namwlBHDZhJpa9tqHSxU6cK8oB X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 3A42440101 X-Stat-Signature: a8y5nrqdo5tp5apo7poni753m9nnnnyn X-HE-Tag: 1719327842-18169 X-HE-Meta: U2FsdGVkX1/p2pwyiIDsJ9ZtChCAZScJlUmIKDIEv096Au4xrVPZPVZwrYslbtU31AqNl0pMVD3AuvfMA3nhOBqJSN1CbXdAKl+87sL83Z+5rlTSmgQvB4AWzUoVkJFB4mwkZP5ow/n7QEI1ov4QsClfmS53JzrHbPKFxIDZV7yV5cQvXywqgYiEpHBcId8PLLX1Muin+tvSd+QfdI3F7quolgoa8wjT1fo2qaLuUpdhbeQ0EJNNQtto74VCenOqQaMY+uLxxoJ9WB/NTaMll9eC5n1mqYxFMrf9BHw/51xONzN6UObupjfl6tRpPZ248VxaV7rh+N+xOuE5MO6tnlpUm7TbCLNDzzvoyoaHuH/jt3aq47uCQa2FQJcEe7P2KEQzn47s7h7yOjLFXIxMotqBsxNJpcsYg6L+GswEQp6to/A/tZaCfsvGiSD4T/NRJOcmUtfgU/i38hqnD7iNnONtLhMZbJV3Z3oSs52dnfynUOkWcQOhlXZkYoLxG29Ann83/Euylq3QySUXNSih3pig2ovnK7eeRBCgtI/EgFrJxMBqPtoGd68TgXJuJtp0aoFcNlifNMO7x8j5sQU7xFYPD0NyhNcWR/TgmWH81kCE+RbqygDPkRBQ6jns74Bj6zzXpD/iOxlrb+jETP4zItrE985NsCmbCbeqnYaJql62P1EuUBU18UP6HMgIhtHtYXauSP6MF9PUfOwUrI0wpAKBbqglU41Niy2V+m2DyEvnAboa3tZ31v/Rd77AIo4T2jeqUFmjspoilXCzkrkT/gbHS490WC7lfyowZTEwYnCJ8OrwDzRwATaOMHR1VonyuUMclXIfEH2KMz2Om17d2f7uYMIRCaud8ByM6CT4zztpC6F2V+Y3DWg6hvb1KhjSxT+aSSKELx5nrhk5rRSq8c0YwH2eIumQXQDKfTRl3/jC6UwG8JnMMWFOUvpQ9tpMMyvwaWsdY8Bh49tINy4 zEmuQtw0 lTB+MR2Sx0HxJ4+56QcX14UuQvICppcQGw8J2OvDOyBJRXepTM6t/gbitrFjeYqitRYC/TS/kmN26aTZqgikAcg4K/6HWTZ3PD8Z5TuNiqk3Q3GA28/k3tQjlGR3dDM5r4KvbC3vKtHyixC5yeZAQi1mhMAU8jIDIdVcyJyMyVS+/yfUNBuM03ByCWzuHXZJlB/SFgS8KKhelo+6jC6TLsyJ+HLT00NRD+KSjAfj8a2BdJxOIujb6dmH+redJE/0BPZ1/oDnSCS+cVkWnzdAY9UEdElA5X1ndQi69ymyTYJ6heGDjT4Lav2OFYcQM3ogsaCjwGnGHX3nToVMu5azH7BHpcBvavGwrtVjRvUMTlzEfMErIoFbf0Bo4uVgS4qFg9KZn X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Allow test programs to use the shadow stack helpers on arm64. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/ksft_shstk.h | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tools/testing/selftests/ksft_shstk.h b/tools/testing/selftests/ksft_shstk.h index 85d0747c1802..302957a0bbd5 100644 --- a/tools/testing/selftests/ksft_shstk.h +++ b/tools/testing/selftests/ksft_shstk.h @@ -50,6 +50,43 @@ static inline __attribute__((always_inline)) void enable_shadow_stack(void) #endif +#ifdef __aarch64__ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define ENABLE_SHADOW_STACK +static inline __attribute__((always_inline)) void enable_shadow_stack(void) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ENABLE); + if (ret == 0) + shadow_stack_enabled = true; +} + +#endif + #ifndef __NR_map_shadow_stack #define __NR_map_shadow_stack 453 #endif From patchwork Tue Jun 25 14:57:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0446CC3064D for ; Tue, 25 Jun 2024 15:05:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 842616B00BC; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7CB436B00CC; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F7BD6B00CD; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 38ECC6B00BC for ; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C9B8816018D for ; Tue, 25 Jun 2024 15:05:04 +0000 (UTC) X-FDA: 82269733728.27.750D6F0 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf10.hostedemail.com (Postfix) with ESMTP id 19BA7C01CE for ; Tue, 25 Jun 2024 15:04:12 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tavxR+nK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327842; a=rsa-sha256; cv=none; b=UEO0Eqsvs+0sZ6Hf5IGDmIq0Xc7bl8sIjNd39FDR+ryrQJeSWXwtdbvIww9MIlm/HeUt7h ej/ay4haJdTwrL9R09KMl1BQY9AolVXg05bAVJ8ygSL13/9802pDTezLdSoAwo455chI2o 9YHbPFSCV7oPZVHkmdSbwy13ui+RB1Q= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tavxR+nK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327842; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IfgKesjS90GRp51P7JpwI8TFVKD8QBnSEkCAxrkao8Q=; b=8BB1kCtj3Z83wyl3ogxt13YxgC04tyyVYmUufCxVZ+HamfbM5ZSH5s6RblVnZx+gPX6w5n 0Wzf7aDCEDxe3CLAq5YzkZY/hUHn1f1ihL8WUf52q8tEKCeZpYax+G16raozBzPekWYn76 Tv24hrSBTtXQCEsP3cgvrf6Fm4UM7nc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 25913CE1B7D; Tue, 25 Jun 2024 15:04:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1362BC32781; Tue, 25 Jun 2024 15:04:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327849; bh=b9Gx7QUiEPIAdR9RNFo057BasR3/TeEIE9B40jmDJ/c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tavxR+nKLIiH02ssJeoEROBXmOsCstTILDhWkKXxGu60OsgiMLuDIKVo0pL6GtCmE igPSP6RIQSQWfikzRMGnE1Kg/67CHxNork4mRYKI3D96sfMbYWvsSFQl3IOmRa/Sf4 mRBbETLNbBhApzSodjPWF64W2dhM+zeIMkgpyuJ/OGB/QVYcC8rdr+Gm2ZH2a9dTQO +ie8cUyHrEBDEw9rUgJ52SuTROV/Atv37rarClR6qcQhAf0oPjoMDxiJZAhnY63WRF 10koRgwnGojMJHrP7lJKHTgsKkLjfX59wpBQd7C+FiFvMud/7otZgv4IbZEzQvVpJG zIHRIuySEFbYA== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:57 +0100 Subject: [PATCH v9 29/39] selftests/clone3: Enable arm64 shadow stack testing MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-29-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1471; i=broonie@kernel.org; h=from:subject:message-id; bh=b9Gx7QUiEPIAdR9RNFo057BasR3/TeEIE9B40jmDJ/c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuJPYum8zU2drU0QkG0Oevd9R7hfLQlztVXJmOP AMNcKOSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbiQAKCRAk1otyXVSH0BxTB/ 9RAJG8vNMCnKeW0ZaJ2eAuj74/NV9s5bUsk5CVhSS9OmMa/aJ+gGWY94HaF0LO0M1jlnry4Je6LXUz N04y86o4L+9c3XkvE+GTl1jJ/1Gkna5RVE2LXbIbT8mRZiwGQSJdDveYSoa2Bj37DHov5V1RP25uMZ wGWAuPensfQp/ZFhSyZUpW4mSTgmdApUyOm6005OB6HsSqlcTKdRwjD6o7DEhh+iNAcTBm4+UR8ROm 936rXsxL2yXXYX24fQXH0f8hiOJNgnDfmeHYMdbPZxh/xgFapx45UVH2J4t9am/rGr4blvsGhgPbUV BEAqQPu/bmkwHrSC+EwrYkGwBWaNjY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 19BA7C01CE X-Stat-Signature: r6fkdyoeaatqkterizwjup18pkrpecqu X-Rspam-User: X-HE-Tag: 1719327852-330669 X-HE-Meta: U2FsdGVkX18Sxoo2PBU4150IY6z3Lz4u0GYzoVwDY1saBK7cqXhG1XIdI7Enx9Bm36P0EqSof3CxRzA3uv2uvSV7go+VGrKsEMj7kERsozDadFnhkJtM6+DReE+4YTdDcwXOWLFEsavn5IvBPZxR1ynDjfE72VQFp4QrR1xBP7yOhOgUSIrQehJrJoGy9xwiGR2vfNCMblQSeDI9GmehT6jQ6/g7/o038b9Q1oqwzhC7cIoT3joHE7iSCGKsL4/hWPFDrwhOlEV2T6c6jAgRpdUSMIogKRv5+K28NkhJZ/DwfnPjiOjI+ZG1EjHNq+Z4VEQchXa+4CHwNyi2qjgTf2rVNfZoKJyFO69K5A73lfPXMTM9Fm2nLhyM0uA2hhnZkTwiM1TkN4qLacOqsnd8ZbmuYhvZcBslSxqbpZCTWscdt7Vj+tq6JEK43XUjQjCW4sszWBprHp/vViYUKYZbJjfaIUWg+QR2D4siq9BxZCOYdre8GzZ1phDeHxg6fllpvWfSrk0Ng4EnJG/IjwJlg7zCsJ+tCBX24NbsfoXkNQiifMH5P9lzCG8QKsGYm02gAOCEmFlhv9B6XvAbcRlFIcGkQRycddQcwhxhYDw9SO3cphZD9VT9Xp6lbpekS4kIImzVipInRNPk8V0iT+I2suZDtkvLmpUtU/F0zxZiUEcIfdpD5oGc3ZMUT/VuEC8dCfo8tHk96zRcqdx2Mb8RJnOfRSjIM3z3eQvCsFA4aNMszYJoVQENbg5++MqtedoAJ1Ku0ZFT7m0M82eFFUJSz8TgiIqlokTqQdX3XRO/zuO5fFwbgb+JAyIjeYfNhTPHyZi6A5YEnS5p/UNhOwHSoA7RfIWCRPS0mFiV3TdnPwvxt+MqvtFsvvHi/iQor4NGksrKLMgVO01+JjYbscDLe9VPaYcdXTScD74uMvEdOucf3igO9YDOT9NE7kwJJV8V+nzrgouqRyD4J9MUE43 ydM7CfGG j/fVSl0wdYXlPuCEqNQQkAt3i3xq6cePPMtj1kCl5fYbs8Um/f2j9WZkDuCL/skuWOobZGlABokLNkmnPMQ/KJ5ZN0oTSLJTfYN8pBAsxJNZmja2C1n9wObEtZJyx2nUj8LI6YWqe5Qdqo9F2zzxCN0qvC2NP3A6WotbrqlSIEMOX/cOHAQRFHfXgy4po3uXgKRYURGde5Z3pBS7NVGSikt9Axv0lFnG1gEjPZEA7URQ8ADcfMsqgxzrty7XYMhoheT+Q1BjAEtbTvOfvm2QMdm/Azzf+OCYS8qZ1ohrPmJeb9BGD9/yd7ffwf+QnECasXQ9p X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In order to test shadow stack support in clone3() the clone3() selftests need to have a fully inline clone3() call, provide one for arm64. Signed-off-by: Mark Brown --- tools/testing/selftests/clone3/clone3_selftests.h | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tools/testing/selftests/clone3/clone3_selftests.h b/tools/testing/selftests/clone3/clone3_selftests.h index 38d82934668a..e32915085333 100644 --- a/tools/testing/selftests/clone3/clone3_selftests.h +++ b/tools/testing/selftests/clone3/clone3_selftests.h @@ -69,6 +69,32 @@ static pid_t __always_inline sys_clone3(struct __clone_args *args, size_t size) return ret; } +#elif defined(__aarch64__) +static pid_t __always_inline sys_clone3(struct __clone_args *args, size_t size) +{ + register long _num __asm__ ("x8") = __NR_clone3; + register long _args __asm__ ("x0") = (long)(args); + register long _size __asm__ ("x1") = (long)(size); + register long arg2 __asm__ ("x2") = 0; + register long arg3 __asm__ ("x3") = 0; + register long arg4 __asm__ ("x4") = 0; + + __asm__ volatile ( + "svc #0\n" + : "=r"(_args) + : "r"(_args), "r"(_size), + "r"(_num), "r"(arg2), + "r"(arg3), "r"(arg4) + : "memory", "cc" + ); + + if ((int)_args < 0) { + errno = -((int)_args); + return -1; + } + + return _args; +} #else static pid_t sys_clone3(struct __clone_args *args, size_t size) { From patchwork Tue Jun 25 14:57:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711454 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1684C3064D for ; Tue, 25 Jun 2024 15:04:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 50C998D0003; Tue, 25 Jun 2024 11:04:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BBCF8D0002; Tue, 25 Jun 2024 11:04:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3909E8D0003; Tue, 25 Jun 2024 11:04:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 18E0F8D0002 for ; Tue, 25 Jun 2024 11:04:24 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id CFBCD1601D2 for ; Tue, 25 Jun 2024 15:04:23 +0000 (UTC) X-FDA: 82269732006.25.D08956F Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf16.hostedemail.com (Postfix) with ESMTP id 44E1D180028 for ; Tue, 25 Jun 2024 15:04:20 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ktyRcfaf; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327854; a=rsa-sha256; cv=none; b=UPuwuivDMKcCY4wiFCakSr4S1LEHsXeVKVfQ3w7LWXa+V0FFOG2/v2yHCVGVDMCY4g1QFp xQkcPcmIRkFQ14tVxGThUwwoKvHKgqMdI0oYUpxmBcAbzd8eM+rhLIvzMF/DpXE8JJ23So JvQE7/kR6tqQyQGHYAhDjU/vNXKb6gM= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ktyRcfaf; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327854; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ni0Kxk3yWVfTWSbrVjjhIlms208eOmetcRX6FMFodsY=; b=G3G7xBzer/fbNegQSDdrphGkOb779lRZlNF2b/R1RqnZt+5dyOT1+fRCO2H5P1/Uebj71P gWuFeaiAwpP39KOpaTot4dM8arBpHpMJo7s8+1eqlYZLFm0c7EY/zfum1f5MBfmETZfpyE f2+gOhc+pjXl4oU63PB+66SmZPVtup8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 571B4CE09F8; Tue, 25 Jun 2024 15:04:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7E68C32782; Tue, 25 Jun 2024 15:04:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327857; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ktyRcfafUUhIMsXf5oneBK+snSlpQeugkhVjZE2YRX5MacnN8eomwVmH/eXWYbndy Bbv+Hx2utIGhm+2Tgc3SusbwTiEYQ5OIXkZH3656sxcyd+0s7NNLxTJhvGUM5Oivq3 eFn5Wm4YeM3x92jJgPhEjh1KSPLi3m6EFl7saSY8t8nlY+BcHMKrvLkYL8yM8HubqO dlq1aVbcRdejCvBPVb3yN4cYI2+bQc0sFxLY4+Iz9xIWFRaKdINYWnQ6eq6OTiuVDA yB8jD89Y9G58EIlWYbeIfvxaB9tWZ2L15ajbLt1ApY7RMP3ccjRVbPpYSRL5SK1mGe IVALtQ/PynU2w== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:58 +0100 Subject: [PATCH v9 30/39] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-30-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=broonie@kernel.org; h=from:subject:message-id; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuJcOEMNZAQtPlzVsJjV28kEQ6qOU+DbPTfCM+4 pCN9TQiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbiQAKCRAk1otyXVSH0Jr1B/ 4gvjE2wKXGGGApQ5q74/oKwz+A0wC0yMn4POTbhvg7vf+Qm5ARXSMnRyDI8WdzNGBJGoV4SDJEtRMo m+xdUxOHHnBGSehO6j7cvyja0YabxZRMPHJIrwFQEajUFHFCesNSCQM2g8hwLPKxDKV6htRjzzxZY6 zE5BU0AX9RdoUt/E2ktOkhUk62fGSsj1mJaZShFKAMvUVmFPqj3bdQ2emXGVqbeZSGsQBxPEGWO/VI m1m6GgTbIewLcBrlWRrLfb+Tf9xAKVBMfSRmNqFjnwB0eBpl4sLgC5szgoySN1GaJUUyvKgkiOYkBW jy97koY53ucYwaAhvHv+wf/hhgJmJe X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: yxuejgogsmcoxi5zhreq7u3j71booajd X-Rspamd-Queue-Id: 44E1D180028 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1719327860-994371 X-HE-Meta: U2FsdGVkX18FtJCLuKIt3CIBcELNIDW6Z5bVvoDSZs5xrqWzXhH9HCLzaYzYL5SblCo0hIOmVJBJwdAliIkHpNfTlG0lVd9VH73tQJ1+2yqjMRoC+T9YHeWrnGsnwOQ/qSRGnjnVCrTR+ZzD6gpWZec5c0trkRuLlmOzS1Kwj4DXrAaS8Y/YhrtBuK5mtyNM37BEDDqRiyC5gDluX0jk8br0XLAc88jLL4HzME05baIBBfqqvFaRRxeNuXed8ic/6qdP7TrPq4ydAi9M2umui8okPENo45FRh49bgRPF2ETPcO/rhfPpL7Qs/AFvc8vO6JDhf9WJ2Pku3gGhTM6h8U6eHz907dwrdI+G/89vCfwXluVpwT06T0T3WCfTYVEGTwYad5QadgzuWu8UztKobRoFTn+oIFZR+67a4dZEI5ITQ9ZuDeYe3yQrqVmGq9eNAqZXvRoiqzYnwTEMTNbVoP+tF68qu13l0ZrqOVUm3a5jTCcITf0p7cQ4SSvHT+UZxLALB9euQkfVi6b1t9PMkzHbWft3T2gzt1+wjHfpztmd9yIRMWWI+lHQnvS8vLNP1gjrL8EnZ91PODLBse9qLQlIIT8njoMenCCAuTrnQtTDjp41W4MwjjlfEbwNXc/gLVTLrYh5/P6IoH/h8X7/0Qb5rGt79OEXOOcl0/rHm7XtIzBF9sYyQc5O2XDLZ7wTSB9Q9D/eTvYi44ar4VSOxWZeO6VgoKqxsuQwg5EocUPAPsOD4hFJXHvAhT0bBJmuShEcddJ1YnVDo/JsHPOEgXSKvpPnM6FRU/Vmanq2X/Unj+O3FKePKzkJkaKLckXYLVM7G1M/T1NP2cCSteWZ/2LB+PbuVqn11Qbf0vuezDhMDJ2MFsMeELR6g+qJid/F3iXin55LLBoP3pMkeviMyyi6xZUcvB25ePAqrRP7lFU3gMQOVdXSnwVAJvXtaq9Wrmpo+cZ8qmtzm9FrXHg 5cvd3pFQ AGqiGjM/e++HFtd6j1GD6zqxg/wq2oOMv3x4tUiJp4Jf5Ax3AzoLNed7LgdLzftP3aWLYxI7pd70X9wyRRgQXQ8ecoe2Z9bGVwb4Ek4ZpA2WMP+Wikxb90YeopzGGny7KeMgxvoDU6QauWkS+tsKlalPRElZ7R+8WS8aTMVVK6H7Vlj/bXTNz6OkU1EGwHXzpJIqCYAqyJTC7CP0z3oOWO/iD4XKHxR2EVgh65IYx12ZnFAhoce6HQhQjq13Bl7z+pKrBtxEMbiIAWhJHMNurAixsLEJ5WKe3VhkYrQ/6PMwRlhz9LygVDz/wasuzK28IozTVfMjJv86nWACbHDA54Pay+Ak2sScB9j5vzu416wTyOehDGK0xawfp9Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Tue Jun 25 14:57:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711456 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03765C2BBCA for ; Tue, 25 Jun 2024 15:04:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 904BA6B00AE; Tue, 25 Jun 2024 11:04:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B4776B00C4; Tue, 25 Jun 2024 11:04:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 72E176B00C5; Tue, 25 Jun 2024 11:04:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4EEF06B00AE for ; Tue, 25 Jun 2024 11:04:34 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id CBA1FA180D for ; Tue, 25 Jun 2024 15:04:28 +0000 (UTC) X-FDA: 82269732216.07.C01B401 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id AF6E4180011 for ; Tue, 25 Jun 2024 15:04:26 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cQW+1DGd; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327852; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5eBWEluxA75mkTzkT1Wn6Xubbm059W8B8emCrmFOIYI=; b=HI4IrXGXzFPjJ6Egpv+DpU1w6GRFoC7Tw521Qgz/+rLr9NKR7kqsiA1IWVWqx+gvgdr9eT wUeUw+hVI+rExe+s+Jtx2g2v1BejhkRIdomcbVRi/bUY8aiQS+xUFTFmNRgD5cQOcHCENa eGxZMef9TZRA8C0JhfL/KjPGfqzR5sc= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327852; a=rsa-sha256; cv=none; b=A4WGcjUgnLFD3zc6tgPSu8E5jC58oZVEdA7BAcBSvK5oW3jzstiVC7WDnVdBz8ueFm+xRZ XzWaZPVvxxa17BfEibzbB3vWKWDwWDC9l+yZP+3nLPC5CtWkFvE1DcMlbraQwY0f1tthVY Lzr7l6rsd6qERYeaeguXAVIoOAnDpnY= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cQW+1DGd; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id C61DD6146C; Tue, 25 Jun 2024 15:04:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28EE4C32781; Tue, 25 Jun 2024 15:04:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327865; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cQW+1DGduHcv0A53zOU9mfAkvXSjD6uSZXuyR4OKXGWJkSe/JriAuddCQb/ggMUBL 0EGV34C3BUnaImshIGLE24glyODnPPn8T7WFwDdWPn5JEje154cty0lc7tLYpED/l1 D9bxuYZ4Tu7Rsk+j52ugfBSqCcKh+8XvB4PQ/tnL4Jds8PAlIpkChK+E5+AjvWDo3w wqh77NwL/H6uXGSEtmExGn2I0I8oTZ0yXqT2ge7AUQbIfP+/X5/nF1euuESXoR/qa/ 0Xg5HK+T58BIRhFnJhafQRO2yVDu6PuqW7TxQklDNo1pZ7QQh4TzLWiPXdazVs14L/ Ztft5vY4vM+GQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:57:59 +0100 Subject: [PATCH v9 31/39] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-31-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=broonie@kernel.org; h=from:subject:message-id; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuKW/krSUi8XYWUdlkG2nL4UDldJ4ug0xy0Dt+C W4gJvTCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbigAKCRAk1otyXVSH0Pc4B/ oDUyvKD7a4pekNS7XWWK1YnPOFpl+MF1Lc9i1fJ+v+jX7ID8koOws6d/YA7fanEdBdLjm1AFT3MQ+A 0sA4gEEV3BthoJ9ttQNtSDM/s6NsXBuzZJcrLe+aGvJAKB+c5oABVuLAICYs0Hu+AUnrxKLHgSB8tC 1NCpnq1budfoJzMXhiEztD66jlgC/Dvl2dIOMsIH+QYPiF7ehjMg09yHq1lOaW6LXzdzU7IrTy55sY KbV0yiOf2PWv6Dvl3Oh0PuQevpo3MtLHNILd4SLlP6fS8w7sqImQdqva8anP5tAZaKJQF8LP+x+J0t U+sLYT+F8OyWupxfKOrMqgzFDQpZyp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: AF6E4180011 X-Stat-Signature: oq176c6zd1adhcfzmrrecwpzpga1j4aa X-HE-Tag: 1719327866-326816 X-HE-Meta: U2FsdGVkX1/6KVa68egy8100KQwzS0+hiec7nhq44XcqiPjxkLRQO4xKjzvRfaM/MHf57lWEy+ECZL8M1mjoS69N6+AxPfUsOqwDeoYGy5gwgSuYiUr5DlyDnWSeNYYycEphRVk7VAUDkogvIfL3Y7IKBw19v2V3Om6XsUV4W5xyCNnoWAbe/vLOfwRki/F3mdT0rN3HvVcxKQg7Vjet1zg/WYqMctKeXmdz03sa9VfhI2PWe+kYJugScWsycDq2K7SfSsFm6kNQAA/IgvvuEN2tBBrKbVuv6BJIPO+nO6KVreNRgi3SUa6+SQR+qBgP+NbAC1Y9r0SBl8oC6kT6jRElE1xgnAHhpuR4rhKPxq3Ts6HOPz7eYatudIHpNdRgwCGNXlm3JbCiYS452JvPISS8LVLlYQD8y2kNuv+t2UfVI+XUBzJkvpQjBAhec7PMoiSLKWvl51HusExXw3lcjEwX52DdBhf+z3Bxi1YC6PIQyyByunyqZbYJk5UYj/GSVBzsRYrraPh73OMGQo7Ui/JgiSzpzILPEaHw/RyiaD6IePOZwHpOg/rCgW/IoamFKfKytvhdyMU713n5LDv6CpZ7trxe++/29fz5usu8YIWVQOsyHV504Xitd2jyDeTZUE7+qnAJl+/PyALBTBCdV25ywxg3lcWFYNQZ+sD8Z/TXzrBxGIkJtrMi/eSLJqRAo7PhReZt5fG6ik4Ak/iWOK8Gg7Kk01+SNyMQL3DkTwcznW8TCkVZ4GoybQI3wY05Ts1M8+RflKYCfN7IZMpFQLjNEwL3HxzH6h+l/polyZCahy9JVNdEpNNZEim9ndSngusU6sWIoaqJnWYlfxdnp5152Cx+atM26HHgBImT8sNYW1hdzFZBZlmbUL5OfXuzAMXdTC/qe0/aqzWxYHt3x6EkYOjDDJvVf5WXuWtLpbBC9ZrwTVg9UXWvKE31swn7ySNa3UzHLE+MIX4hdf3 Zbl7fyUl YHAoSENk9yu8GmMQX2f8Nlrr10YGMg9V53JJrFldJe6Iy544S/rLNn47+gqmy3RwoNchO5BD5SmebOClVnsvwjs788ut6/QKhs/Tgy19w0jBSfeIRq1XhC3DEz/RW3+tHebzNHuHpFHV/U8QJbNVC7Hq0gD/7y5r3QWgo1d6aP5F5+NhBHTTvjxqJ7+aE4gQ8SQ9yzP5Bbu9t919gebfBXQl/PgQeDKHdDi9vjVkVa6k9ZZspUAWC4xBm09C6sN+Ht6T2nUMbfywgoAOsQQKDXrctK7owxOf+5fA0Et0Hy0ffsOEOGehrQ4jYgJtNyNXWuw5WfEQxQpUkxHjYcP7jVbGnRt1pHKqpllrem4zwCcDCi054UjyZbwhFl5YHT8GmXveQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 674b88cc8c39..49d036e97996 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -217,6 +217,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) *err = "Bad size for fpmr_context"; new_flags |= FPMR_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index 7727126347e0..dc3cf777dafe 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -20,6 +20,7 @@ #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) #define FPMR_CTX (1 << 5) +#define GCS_CTX (1 << 6) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Tue Jun 25 14:58:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711458 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44FBDC3064D for ; Tue, 25 Jun 2024 15:04:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BC4156B00C7; Tue, 25 Jun 2024 11:04:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B744F6B00C8; Tue, 25 Jun 2024 11:04:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9ED5F6B00C9; Tue, 25 Jun 2024 11:04:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7ECD06B00C7 for ; Tue, 25 Jun 2024 11:04:58 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D9B53160158 for ; Tue, 25 Jun 2024 15:04:57 +0000 (UTC) X-FDA: 82269733434.15.07A1DDB Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf18.hostedemail.com (Postfix) with ESMTP id 0C23D1C0061 for ; Tue, 25 Jun 2024 15:04:36 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="r8cjstF/"; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327863; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WWCcnUoJjrrALxAjBZhPpvknZTOgZ9IOR5Q3O7LGZXc=; b=0xbSJGkzaLa2bCT1IkVQzeHPnaNzIIdNAyNZ3XQmHfkjSreyQ9eaE5qDfAvr+qBu0ZSMxI FRqdZJShvwn2ztYw6u2rxCFaB3AR4rWSGZNMYAat1cEMCikJtnwOov/0b5kga+Nl5dYMVz 1aeeu2YzlK+1am9flYjoXLGsWy70a2w= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327863; a=rsa-sha256; cv=none; b=6Qdzpr+udMaNCqNvYKdfVbqew6rRQHK2iNGXAYHy0vjO1kyEVP0URAyHsbMcdwtl9HXH8H Q869XZ2v2xp4z3ueZDMzcK62YCRE9gGdijt7JssP9xy3W+DEBZY6q291geCoI4cgD2T1aa 3cm5s75etEK+7/KdRb3yG7w3tl+pBwE= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="r8cjstF/"; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 363CFCE1B78; Tue, 25 Jun 2024 15:04:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EFEFBC32781; Tue, 25 Jun 2024 15:04:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327873; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=r8cjstF/mgdTleo91qpC2f9tAA/APzDt3Ah/q506dJUs0NQK+MXiE8V/fP5BCNkd5 Uf4W1coDnlv9pX3xUikhGXVgudO0JzfOSomv7iOEJ9A8Gu60ZKHBcJI1xjPXhI/Rv0 1aYOm8OusCZ7nGtXfrq1fELmm40/kYT1qscr8JN+IebV+/6CIfBWCyck6Ldf59XR1A dRplzCv9+2bZFT/fYGD+/K4FqWmRHnGaN2vVZW/d1TDjjxuTXz3PZ2TT0SimG1H5HK uwW3uhXxbjDIpdhpxfs+8LIziAdfH4byOMVg+XXs6e6wCqsqe8P4MgCdOrfKci99YW 1aCO84B2UXtjQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:00 +0100 Subject: [PATCH v9 32/39] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-32-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=2693; i=broonie@kernel.org; h=from:subject:message-id; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuLHhc9eoiFwa2wgiNY9NyD96L8JKN8REd40ykS +Qp3x3SJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbiwAKCRAk1otyXVSH0JywB/ 4xJOFMt9ir0tkNA9PxrFv9eJTeMLvSLxhqLsveF3LAyd3Uu/yVbBgFU+5FTFqGi+4sJ9m/NlnTFVx1 N5bIEo9e9/46Xb1lRUnO8Tl7P6bUAhlPC5QVqvWY3Rndee2MvV6APAc3Wjktm9tJiPAoCYYAEFKGHy N6hegX+FVqJZpNIav+9enZxpWZendOqihOSq/kI73pEBvUsE59IygNpO3oF1R2R1cW2nWrM367aaLJ oZKU663P9entBZ0rNz/KVgbW4BobG8tcdSbsFY4jz8lRZfeeNL8M1UBHH6E+SmacoLvWdwdI+/7sq4 QrdXN0MS7m2o3ZTNBuMEjofJd08Dsp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 0C23D1C0061 X-Stat-Signature: ytnai94xsrjuuq5om3n9dgpr9b19xxh5 X-HE-Tag: 1719327876-900723 X-HE-Meta: U2FsdGVkX1/wlZ+ig6B9HafxjIHnmxpifk/II9Lbyze4BKAoI1rlJayfykyGAGH7+xowENyOG1Wn22bKD2Ixa0+vcaFOTmuC5fCMHvLtk+Zp4igBL7xVrSAFEdTTIL1mKaBZo63Q57d+4rqevFI5VbUGPp7rkuRtJ4etKQn8deMcIzneRuord9RYhDF+vM1e1kQfJyN88gBRijNyT0DgMw400pDudSl1ZNPEzaCswqACptMJFZo604OWvbTF3D7ieg40bjnwUpe5RRV1607gIOD53z1CSSKnJxDh4+yeFbCM42LK0dhmnp1dKwrfHKV9T0v8v7zhZFobLJIWey3MQm7IVndDylkORrv6NePxsRxNRATajYCximy5nkEbqwLPgMFgg4dosHlp/kOOpFqjF8b611okG3bd6chFwFJfm70n8pmddQdd4nRSWBjG63AqACrpmrw8BoY8BWSKzpFHtHdIzCMl723q8AvYJlXJIY2bxCKNvGrC90rszD7awT5D5Eke6pY1ThhCGDLTOjJJxSmZdUctBuX5gK2HImMSkCHjOauEq23kOInNztdHAixqDhcJ4KTg2XCGzFhIISuvkA5uHJgUmY1is0VY5MdfxtK2nPqG1h3qcBo2Y6YbqRlUnJ/tbXd72py32ALkZFbwL+0QW1u1u0fhc88EJFRrCf0ugGTY24llQOSSbxvYB8EgsSwwPjiKsN1MwfzukmsadbeaQekt8umraoM1a3J811S9qpBmaVdbOgCvdlsAcMD9DqktS+iVw+6NObjUt1mqnSn4w1eDu++FJMEnpAmivHiSPchTjw3rKDVVbY0gVTbQyflqXmzS0uxfB0AiGB7UWXf2AkMru8EfLKuXk0LhH1eCWVc6cN1j2O/eEbzUI5XUfK+biO9uvy3oR6pozrZxtkbQ+kWYExsZEkJSyuzAzsByiZt+kqd5vdul5/L6YjVTvLtYBGzOv5Farbwaik/ F9UnlBwP 23vHP7Mo+nNjhDTOTjAgIyLAZm72Qt6IzbfKqJxbffI4DNx5Vc/SwA/OMicmcQMMnqnWi2GSHTuS3p6avyxIuaTjVz0/OE9gPsCrjr0Xw5Nm0LYOSrGMFlzMsopWXShmevS0NsPsyZn5hpWaDCVZlFI+1236tjYCaer4G+qPB9MBeNLMIhXDpv3veyC/M/iPEEChymC8Ngfjv5qEwA1+MvVukCnx6BCbiRWNM12dxzwOFnefQElE3EeIDtYuq2YdpbEH9hmpIc3mtBd4YbspS/nOHNCEGzRrhV9FiPzt+ktM/R81/wD/4W9z9UaBxAp58kCxIBOyo/mPYfT8+ybBR3H1R3JdDjNalfLJQV26TYQcntkXx49+OP1iNWotsMv2Ic4uHlvv2P1PwnxdqP6RXfPwHn75yKYOgluaWfAPmlTcroiQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Tue Jun 25 14:58:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E31B5C30659 for ; Tue, 25 Jun 2024 15:05:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D4C8B6B00CC; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CFBED6B00CD; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B746D6B00CF; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 80B306B00CD for ; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 3669DA01D4 for ; Tue, 25 Jun 2024 15:05:05 +0000 (UTC) X-FDA: 82269733770.21.51FE92B Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf12.hostedemail.com (Postfix) with ESMTP id 9FB8B4001F for ; Tue, 25 Jun 2024 15:04:44 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=du6vaexO; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327870; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hj3WhFaOCpjNcMMrW6j26CW97t/N+Ei51YtOEHgyON4=; b=DBaG3IHZnzpUoHLCcX2knildpWOqiOyI3JZ/7XXryQasCh/C12tKQyNe4x+XzrzOKiLQRX NsG8zGdC9eYY2qgiv/LizlIbB4SrIx361/hAXq5eHlagvaJUZEB6SXE7lRo5vdk/UYPt0r gfjD2BquqWlV8sh9OavaQtFFR44Frjk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327870; a=rsa-sha256; cv=none; b=ysLZ64ftmI7xvT48WwdLcoY9fzqbBZcmkpAKUWJprqQuSoGEbf07CdsxT0fo6MxgHkOdA5 YAT4fb4uDlta0TSVz/IL7tfgG8l1E2RJwcECiNWiDwfhgiLyqNi0eyOm6zRhZQU39/CBfK 3v+KOIvJSpp+JNrvRWwg2MUfbIDeqyo= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=du6vaexO; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id A1245CE19D7; Tue, 25 Jun 2024 15:04:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EFBA6C4AF0A; Tue, 25 Jun 2024 15:04:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327880; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=du6vaexO1e9KK9PBCwvYTpxcVwePxCaXdSUymitdkY2yGi3OSvzt93iasqBU5USJL Os3xr2P02ObG0fL+ZHRIELyG0Ey0MaUl/ka7TIszprjmsRHLPqjGLHWsF0AKTWepq5 +cJ6Yc0uyrKVQWzzBNbf6P12IsfdDXnQ0dEvfXskWqj2RJRsfHSsV74q+1VikPOssK 7K7fNpCc0rnJNIOuk8l6DLh6mlxszcslo3E+QCl+EEf9N65fyyednMT+3xVCwZ8DSN h0LK0chSBv6Mt/xDGWyL7/kbXsWBl/FAHKC/+TIALyF+9MmGv4G7aIy8vlwp6RLGDz RBe21pgE8cSpg== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:01 +0100 Subject: [PATCH v9 33/39] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-33-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=3656; i=broonie@kernel.org; h=from:subject:message-id; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuMBBzEr/5fPxdn4M1kqYgyqYIDV9xPj9y1gpdq Dasxi4mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbjAAKCRAk1otyXVSH0NeqB/ 0eu00yVrdM0nkJRE7E10o+fE9zBjQ8yuBbBz40rjowd9RiICT6y6kzUWPLkkw5hZJ+nHhXz6wVEskQ iBk+cdeqVhuG80/i43LtKouhIPOB/pUPVCqOIYEG5J3pL1mVqXfMa6z+PftgDFrA50rtWgyU33qHae NwA17vdSsKBUmTWqD5tWpiXfJ+9BB1HbQozGKbEod8+WGNi55D9isLwEuSjA/UDUW7D5XsYg7IinXN FY6WXb4ZKhRlLIBj+Wp6/gOyh+Zb18GdvOjXgLqtJlRUWeEDRZ6yntwd6FzocmZYzJuFXiWYs+Foiu wWaVUKbXTVDAjk5bPe6wc93gzDa4WL X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ujifeagwyywymut7j7xftxa1688eszdt X-Rspamd-Queue-Id: 9FB8B4001F X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1719327884-893304 X-HE-Meta: U2FsdGVkX19dOhW9Wi3YkgjR3xRx+jkfo0cwLAN2RiFKj5XcGW+jcdtWGk42H/GhzM16HrXe3EOZjYgPRdcv/wsM3LuSDXMb9fZ4AQi6dy21yrJEoNMtA2eSRBvIeSje8zEW4TJqscAtpYWRsdqEeZCNz+iE/WbzvhA1YI5Gc/2rRO71+Crzgn2l1EZOHXR1SvawrDTtb8YwSZ/so3HSqBFQekW6b4BcWBe+hyroS4vwZlUso3kdn8S6bcF4DFVeW11uKPJ6y11JjfCFooWRWoUmrUo6vH78wlb3bSHm0MXc1magdk92JsxgeS+bmaARYS19RRiHh1oMAhS5OggTBvxLTcQfQDLUdgJkc++KKrjrEREayFd4gNIyxxP65FBsPcRLOXDw17JDjHQrgHL01jXXMxKVklokOqMbIytmQcWGtM//vBxVgeTkdrPKHhaSFIn7vU6ZX+kg/9O7i2yxwcvdhuKG/14qYa9dWy8UzfKS67P67DVb59fS6bZtdiUK2ik8uPFU+wMNSN4yIfdFm8FRjfOC+7ZOK+F8QmkgJG9Euy9YaCL6AEG7DhWYR9G8UF5JD5bQCiW0Zw1M5TqjF3yOgwHnbheUq+aEzwoEZqtcR//aD3UavRC7kCTcUBooC2Tc7LVPcfedgqPFf8VPebj+zP9leqrJaEbJzHRT33rTicx4kg6naRDkpdEBrjbmOE6R5dfMn7pycl4K3YURDhcaqCTK4aFVMxPJwveccu1lvysDumz+9cagqLSqy51qAVEqSvmjPEy32ssO0KOOwPq16HF5tYyir2i/cAam+ArDrpSIUCx5HyW3sUzgPSIhy4GzUx2eItPr2sb5czWYnIiIfUGd8tHedadb8xGnLtsSAh5iKfC8PJobaBygPa8I8FHK6J56ir224SZ0/cE+X8BO8mpso+fdtXYJd28ni+l5+2l0tYle3hN6+QnagMsPRSMESCxwltVbNl0ZYjh knHikuXv reHakt9feB8q50ZIkYrqHMkyGvCJkonR0mjarc9iYqzYCxRdValB6OgtvcjSscBV2UDTjjVXN+csiMHm/7wAmNneVZLKSlOcnuwDvvT99QW/gXPOS4NFsZX+cyt3pIVhb4HhkkrZDPNl+dinhn1bMBC84K8wmxMx6eVhpkgv1Tlg/hnDSDj8mmyH9qp0FF5hg6tkzyf8IM1e0HC+1BDkmSWq8JWY0Vql6jL+te10Kg8UvQKVnkC7VnUrFpW4epwZztJw0yiOCRNCoqsepZCx1IYaD09ujBFd3C7AwlQw7KDUGvwTH3BdpHmBglO2HZ7Kv3WK/yAPrF70WejA0ZYzJrWitxcPrl7YRxlKD1hGkeLVwK4aRWIRGe1DsdiKWMujmLK0m X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Tue Jun 25 14:58:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2970DC2BBCA for ; Tue, 25 Jun 2024 15:04:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B00136B00C6; Tue, 25 Jun 2024 11:04:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AB01B6B00C7; Tue, 25 Jun 2024 11:04:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 929336B00C8; Tue, 25 Jun 2024 11:04:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6F68C6B00C6 for ; Tue, 25 Jun 2024 11:04:55 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 9EDE5A080B for ; Tue, 25 Jun 2024 15:04:54 +0000 (UTC) X-FDA: 82269733308.14.C0F3ADD Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf19.hostedemail.com (Postfix) with ESMTP id DF3101A0022 for ; Tue, 25 Jun 2024 15:04:51 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="B9/+eD8H"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327884; a=rsa-sha256; cv=none; b=Uje00kPBLricVCHlDh4l9zlhZ5CD64M0CBtBi18vufBdr11KqVb3osRbt433jeemB+UqsX ZtrhQPKnnbrO8zskqaLtxErzSBdyjrtoWwY6SLb1SYqkwQdcJxmeyY+6JA3+3cpyHlfAz8 tv8+GU80OaQiKAGE3bP9obLWU4Q/bX8= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="B9/+eD8H"; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327884; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3Jha9xXlI6eXPmoCvZEt3tepTTT+aH8aO/t6Ev+AFq8=; b=liI02+0Tqg6Z/rsDFdQZIwHRjhTy3BaMt7LX3lDvYdJORdlfHB26k232Nd4pgzZ4UiFrNm Nil0KpkUEs1rjeMfcGMSviwDDNtsaSkX2/4k2I/AeOmCSrs0sUrOvYgLl9nikCJznVnhha s30OrIrYlBbEUlqocVK7w2RHWgPboBM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id CDC6BCE1AD3; Tue, 25 Jun 2024 15:04:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 424F7C32781; Tue, 25 Jun 2024 15:04:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327888; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B9/+eD8H/b4txlwb0fKoLsaf1vEzp0vHCKL3eP5ZYdl5m3fIQnZe4kprD4iN5GUOP uHWFJ7DM+IO8qM0oWr6Ny6cRoGFWyq9OzMN2uKIzhI2F8LrNBNCOHB3BMSz8Xrd64S 4cNYJyEFXuKSIzvZqolFq/lqY7J+Vg0Y010/1wCs29imOkytDf7VIDSBu3W3yCQnMU 5DpKRXwbihbnYXOAjmjoR6hD0cTneP/t5M1OTLbTFcJKPMTdgq6wnZ8fbWoSAYEgg3 udfC5wXImn8NqBNI2qMKhDMOu0VioWY10by7w2PBQ26+hxjh43zWDRgYi/MMRWqu0D +mXWQfOdpnjuw== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:02 +0100 Subject: [PATCH v9 34/39] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-34-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=13330; i=broonie@kernel.org; h=from:subject:message-id; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuNgEZntme6jAr9UtH0VfGfGf/1dLXYaQNm0rST 31Q8lLWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbjQAKCRAk1otyXVSH0O/TB/ 9PIUSIFlzJOt7RtwV6XRF+NWmZqUEZqn9f2taXUenbTzGZDCjjCb09wh6bZi0bGTcVo5It0KLkMTLT vLYhVUHHI6FTJY/x0yc1+rjXjcK2IJNKMw6DqU7tJTrcNRUTSanUB+s5hj+OiRfLMQ88aC4i9S21BI M89wFfmGQ0w1px6MVrX+0dU7vBIYZ2Eb7gzu/+OO0D0S9HTe00gbCkjAY03lcjVKrTtURecyIGizcP vdqLeHVFJEaAs41vEVEJnCZxj19A38n5g2VsMi3Y+DtXXclKPxDE2EWzl6uNRFFyHoaGK/rxXaa5uj HYTMdEeSw/7i/GpphaAIkCdoSQXEEx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ijakskdn1yxbrom4w8nb5m9wtids7k5i X-Rspamd-Queue-Id: DF3101A0022 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1719327891-984636 X-HE-Meta: U2FsdGVkX1+2HuU1M6N4Eglp9L5VBrljERN+MZ9aqWKyjpQozzMdOi8mHBOXNCD7AAyC6BlBkEaseUdENQNiLvPiFbKSXd5T6VaO1nA7HQ/aYF/HMSFnxvBbFg+Gob1CxAkajxY4We2O2w1bMEAFADg9SL7md1KM/MVS+9OZ/35E3mtedeZvtvzHTka5jUhv48YHIlW5dY/PtwbuxmLyga1dHiKV4MtMQtTHt05yPgXWWnxU5s4zd7LNcD7CqiKAQOr+ZHA1CKnFVUhJ8Euyow5yJUJnEYqKeV/pzYO6lfI4MrO6ZaL85id5dLFmXdCHzxR7xE+2VVNwVdetuCDtsndIA1DuQ3kfLFquRjQYerZRXGjnXDoHHPhTsfyQ4ugw15l1K83bctYIDXone09/MizH1ZmY/47ILBhdjOlIFgRlZFIiFAwIhw5KErFdtIPsrxfVX4XUG1Mju27lly/WBv/i89yni0r9NNMYsSBE7f/8QirJsRyJfeiFtxqABPxsFK+wKndQ+BsO5XucVdXgYs3oN1E4c64DuqaKhL6Q/14oaq67mPD/sh1dn8kJiU3RtVhpDQbiMPdCGDP0IZCaz8cC2W3dXMNcUeDWNtVZnGCA5DaNylJ2IJVJd0/Aoi0325rWG22yepYNAnrSwjVne0coS9cxkQ2Z2c7PMZKOSvjQ/j295Clnd7JzxOdT7xmdAt6nB3RVD8Ga2i/+LPu8iHexPQvFsG1F8t5dkNQQ7a8TbKEwIIz5H+5ixQpD7wEgxNsi2RRI8UU4toF2M9+HRmbYvfuTUbf7P5oCrTGmsexQOQ3TR5WIXPas9Aqf4lIGYDluiakLuYNR5WICOUsgw07R731o3+L9yKqTCW1F1hQjtys+fogYUh6/u0128hv7UxJD3Ue9MU1NLrntddB3H72FhFxfze4e+mfbSmK5iNGnSXthBzaxlQJzfTp1Tnfo9x0KWwG3k1xDGkkY4eG NiG9Q05+ JZkkwduBRmF1DSNnbXIbVqt2vrj7aG2SFHAOMBA8OXn9c4Blm1NHQXHyW/FoZ8CHTPhT5joUWw2j4qD06mdUL3MLFU732ySEJXBQn60/+tX5LFgD4Bmw4HiqRs5ChGAbs825USGBFYmCNZhhyEbIHzYe+ifq6DnSgq0CWzsFkVqRrsUQQLnO8G7SViuD9Oe4qrCXOctskyplvPH238ICd1yvm9s8yFuTeFY/7hF1p53/prL2UnTTAM2UgJnvlo8xtQs8i6vxKr+z6ragaYhf/DMya/bMzVxgYHauhekrYpxRqgeWx7aXv+Pt1Ai/K/W0yLRtKprBGYoPR4+bFTyd757/Co0PLHy7B5T2YaEpg5LcxszZnEg4U6dGlL0xUKMUPAOSe X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 357 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 467 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..3fb9742342a3 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %lx not %lx\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %lu byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (void *)((uint64_t)buf + page_size)); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%llx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%llx not 0x%llx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%llx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%llx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %ld byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..1ae6864d3f86 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 74 +#define PR_SET_SHADOW_STACK_STATUS 75 +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Tue Jun 25 14:58:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711459 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECB9AC30658 for ; Tue, 25 Jun 2024 15:05:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 55B876B00C8; Tue, 25 Jun 2024 11:04:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 50B966B00CA; Tue, 25 Jun 2024 11:04:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 336746B00CB; Tue, 25 Jun 2024 11:04:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 07FD06B00C8 for ; Tue, 25 Jun 2024 11:04:59 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 93B70C015F for ; Tue, 25 Jun 2024 15:04:58 +0000 (UTC) X-FDA: 82269733476.07.46A8481 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id ABDDDA0011 for ; Tue, 25 Jun 2024 15:04:56 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cxB7wyli; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327889; a=rsa-sha256; cv=none; b=iCc0FuhtXQoFuVMlS/5YDCHnc2JKRNAS3JppdLrhG4klSQXXAjB9vqs88RQhHE+Y+ZvwNA ysyO5BhGex74kmJTZXMYMka/n+KGOx/epM7wb/0HopFbGrk9szr6mFnVqn9D69tJLAsHQS zMGxq2gq+/XV1qZy4JsIfCkv3UQ5qUA= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cxB7wyli; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327889; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VeamJlV2DiQBwOmPZxweMEuePscrjEwMn5NOxSIjeUw=; b=rv8FDq+Q4/rZ7kxjPVJUjpL2X7fo83j1/6KLVlsrQCeSAZ2taSWmSsQTusE4iU4Ag5iqOu Hfb/qNa4+tZO737Yc3gqxH6WB72VZfNa7jMEDHkgnJvvpG24wcrlKtLmWQ7rXWxAH3qz1n i9BzryuNywZYkoAiul9Uv3GbUcIVpg8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id AF7DC6146C; Tue, 25 Jun 2024 15:04:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91C93C4AF10; Tue, 25 Jun 2024 15:04:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327895; bh=4Pvpbla/MCf5qguJKCtCW70h2zwnlYD2LzmYy5wIfuw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cxB7wylinTqTYLj6tBfCdvEYamzjX7npzeJin3orz0RyYVpopQgS8aVk9L39xfptC FolxAhxOr4dnH3AXh/VMDdL+r8Bey9wtM6wZe389xoTiFuIVnMYDhRCBOAIbEam/l1 Mu+iEIjCZry5jpisYQ97oxRXU9QAftZlwcbbQgtPqwe7QniNt+Fp9ej2/RBnvWcfb8 ymAj6wXQefS48bA74yqjfAKA0v5pu/D7PYUwB0M0bexo8PmJ005xjhRDZyO4z1S6kQ oS2dqaRguL8h1NAkG112WqFBQhHom9ajBwaATQKCCa/en3WJ1lAh/JWe4RlSfVsBvx ocvRsGZke1ikQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:03 +0100 Subject: [PATCH v9 35/39] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-35-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=21309; i=broonie@kernel.org; h=from:subject:message-id; bh=4Pvpbla/MCf5qguJKCtCW70h2zwnlYD2LzmYy5wIfuw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuN2MM8rvkN1jy8Mgq6cEA5K76hDRwrrguOh7rv Q3ak0+iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbjQAKCRAk1otyXVSH0HfzB/ 487jrWfngZsa/pU0ENNEMZLcmjosL0YW5F3fZZ3sk9bAMyZ3AQ5qlWti+NDW/VuLWs88WmGoJowAsq yZqRHjpqXORTv4jB5cz3qfp07/mdfElIQYRB/5RPwXnF8CUoEe8HBKJFAm2gLTCgm7LdS98HXOkMcQ TmswE7UxQRgbptZLPWrmMi0tSKFAZaQfglHHB1s3sdDTYCWfZbE3TgUDnrDL1XDzcCiXSQyLAR6BSF XTwbB1zalK3SqgveCo8flCmoPhKVv/832uTMou5qedRffW1VtSfg0nGpF6d5HsAtSCpMpk/m9NiNGn H9KOLCrVNA9YIZ+VSUAl4Ks/kpWWqu X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: cxmxjrffbrwyfjh98baprq6ropprxm86 X-Rspamd-Queue-Id: ABDDDA0011 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1719327896-374962 X-HE-Meta: U2FsdGVkX19ayv8WP4oXWt6am6j634nqVxHezW+AJZw0L61roylHgtbtGO8tQZoF3driXYLRwR0zrd90RcFkB/d/A/dF++FGBICunu8hLzwQeRShDb3JMINLoI2RIgpaxe6cA61Vslm8XWChbqmZznRYm5EKmzE8R5PYTcRbZ2ym6vSyhqA+PPbFtNFYWVmL3pXJyR8Z6pSALYTp+zbDgbPwS14b6TJmUuzBmL/MzV9ti8plyikZCuV6JKvEUfRr227GC/oms1wXIgly51G2+W3fDgeSlM0UkBD9qgERvSXqi2mgyYDWcv1n2DrGsagNDrYIt5WnHaYDaEXEc+CJwAB2YcAHSnG1baJxf1kiql6TjMa5SRkvSeROLALK/CXwMTNGzCeCgxjbXkCljO1eb5Fxgxlw5YSCDDUu9ADHRWVQiR9ttnUvaDHNgEcplDMXv2Mw5CVMNIme5mtOvUd90DB61LXWSQ7vRiSt8nGfV4gZy2HTkMohYH2vHwNPeBV0iiBprvhMcBoQ65coG17Uq/ggZBaoMmHKd3vNvysG7U1Lfb/OghEPdJIELR+RGT66MlTyvd7ZeEGbXSb/f4zDht1hzlW43SITiQjiPyBGMih4YJSIlSQThTDa5vBsOEv5b+Axukj00WVQqhf2sod5hWVL9CDTGs7u29pdth6/0YTJRcANGW5PZD5C+hhNZLAZo6d7hEEku6RGUO0zhFLQDsaWbe3jihXU3EZurwch9n+72gVxJIeMIY0XDsNwcKuI6DUtSdAIgQCAWIdp4I//OkT1Ob8cPo+Gpo4dEBp+OwPuV51IIuaHJxy5cI/m49migeSTxGyBth3XbjfhH7VXWz8BGFzlvHeb3C+h5MeXuCvDDiQB9hinGVCRyz85tTkcsMVv4TUdgHwiAwkRFE6lHokDlG+r12W5LyJ1fe2xT2cbnSnFvQo/gGAyE/WugT4WXL1RCkEhmGIsusjHWEe 6dE7jES8 90xQG4b7J+FKaNjkqkESTYugvOhcBLypol8PlH8SiyKAoGr1c/TRNRweyB4BQeEkujAPW6m0grU7tTxG3YKQB0o6QMo//kG3Lp5JpgvKUJKrJoXk5kI5TSOR3lnHKF6J7lYbKp3kFTbul9hW3SahDnGOAcCZJ1dK4ZKE/QH2KHXFqCxDqlXw6RNvIOwZY3zxwSQtTMgp6cwh9ifEyipiJdAgLlIoMACj6d4hxDUwhal0Q9a0mmDMjILS5yOX9AtFjXVtU0pVEtvkXik4RPzUzCquIFYpCTpbiuxw3V1InYMdJ+t0BDh0pQufv1B3HIYs8k2F4KM2HUDAko4bKTDCwbhMfT0rgWpAgB+02vOlZAXc1SD1E4WWRK2QB95EJfedjp085 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 736 +++++++++++++++++++++++++++ 4 files changed, 750 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index 1ae6864d3f86..8ac37dc3c78e 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x40f + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 74 #define PR_SET_SHADOW_STACK_STATUS 75 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..937f8bee7bdd --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,736 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME", strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP)", strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %x, locked %x\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, val); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + get_gcspr(), orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %d levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %d levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, bti) +{ + .flags = PROT_BTI, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec_bti) +{ + .flags = PROT_EXEC | PROT_BTI, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Tue Jun 25 14:58:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F87EC2BBCA for ; Tue, 25 Jun 2024 15:05:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2EB1E6B00D1; Tue, 25 Jun 2024 11:05:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 29B6C6B00CF; Tue, 25 Jun 2024 11:05:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 04EC46B00D1; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D15076B00CF for ; Tue, 25 Jun 2024 11:05:05 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 88754C021B for ; Tue, 25 Jun 2024 15:05:05 +0000 (UTC) X-FDA: 82269733770.27.DD81224 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id A366D80019 for ; Tue, 25 Jun 2024 15:05:03 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LScJejdD; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327892; a=rsa-sha256; cv=none; b=toF8JMAKZoj34j1Aabn/3T9L90zIGEB0AqxxIvyhk/8iFaY8c3Sam8H+HygrjrEVuWqFnj 8OPIMTLpvXIeCNdjgGisSSgjsBbeA1XysHHr1pdE1WR4wjFPxyn41e0aY3uJa9XhdBrDh9 Xv7G8ES5xH0GBrgZv6Wip2pB3fyOliE= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LScJejdD; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327892; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qeTei2+Rv9TmGzFj/jgAMv84+i3cbC0I/TqETm/VMk4=; b=Bpi3T4aK+vmHztAnT8u2ruTl4TnHDxuQIdmEf/RdaMr96vb7SGpAlTigHT6E+DZWnGy/je mPtA0aksrKXjVLDdglmeKyDU+tvBvzttP7z21oaVR9JV38c5CorOijDSNjfdWptXkkCSnX u+1Rc4/HZUAhEAIHxY499hzP5WHQ/g8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id DA0E76148F; Tue, 25 Jun 2024 15:05:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1B34C32781; Tue, 25 Jun 2024 15:04:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327902; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LScJejdD0HsZ3gyagi0rdW5pplz2PKWUJe8IoFvycuuSj/u3cFyDLfPdQcf4w5Mqe xMchm+nA0c9Hmjw0cv5xcufOcwq8JmOTLGQ1lXNBFRcr7p2xHoQ1GRXrySBCYGIhA2 T7noj+uLdOOmmr5sThHzXr47H4CSzQb6NgS7IDMuWnhYwi9m95QA900m2yBpVACnfI 3GQ6h0HEJMfWStlzDzpr7XjONMjBvcfg4E3N1/slYYIPFAXpfHcpt534ymmVH5j5cG KFtuW0qou0XRhW9nea+YWGxrbueheQfTboHq2B8+IUsQLroPpJl74JHh9WEuqyRe86 NJcUOmfT8I77A== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:04 +0100 Subject: [PATCH v9 36/39] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-36-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=7382; i=broonie@kernel.org; h=from:subject:message-id; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuOwdGPwVGSgR7/GFysax2XSd4oP4cz4jyzMVOP q7a8LN+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbjgAKCRAk1otyXVSH0NZNB/ wNusK30jfSyo+Ir8/SJNPOAXC/+46V8h9+O1cMCaLRq8wlD993ZX9/fPX5gTEn3cE355CTBHcrqkyk nDIpqx5lFgJNyhvm6uwlLVCRwTq6cD1VjktVqQZ96Oj6aUd/IzJGM2WNA7oOwENMLf3Wk7tSf3FEOW tDJHCw1FyhkcllPEx1DndTFFdxltVCvohXS6iHoK0OXQUV5/Y/LSO+kdWN331YgDKYonyN1nrmjDNa xRxn7uT6JUoE3p0xgIC1zQ6mdo1Fg9sGv7KyakStN1KEb7bHbyh/c9mCLwII095y0KFTehAzZ/Nu19 t202vqXMVu+OWT7r07rREuZLfyEABp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A366D80019 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: a1t3w5i9gbbg34wn7b7nc7s9ko75t6er X-HE-Tag: 1719327903-660243 X-HE-Meta: U2FsdGVkX1+udZ5G+SHSgni6NfSwUrJuSBjO2KrNwzfhibfatP2ATzCDsfVTZZUvqBXcy0XNlw8/Y3BzbMRgF0WNiWTFD+99I4qJQVikodaS4Zfj1kEfti844SHNEf7UE92fvW+GWCazXmzEDomYAZWjRBu9xnl4GBrUvkY/Y3+bUS3hBj+TMY/5+hMHOOh3UkTBJwy9KxOCYMfnVRVHZRFgZGXJfD91NIu9AdYCHGc4xn/OhcFO83GuI4g+Rt70RA6jWvlP55jswVwd2yLyMqDOSLfl1Uj72WnSq680cFFMv/Ah+fbcULlEeCdAwX+4toFl1me93uXYmFILBNilJbqGJEnZs4SH6vR4wKSmeXUWAjvbqQd+DHRYIpRxV2XgpnX02lcRg9dU5s3WUHdPifBET3M82hcPYgLdMrUCCuNWXuKyrcTLd8+OQcpkUxcJgj7yurB7id+ggGLQI/ockX9kv1b/k5rWvUz6p69fWqwoSYhiqtKR2wuucVH9bLYIG5wxYgaYN5LQSxZ6q5EACkMXtod3JLUYHttGxHJce41NeJ8w4GoZ4H131uAzmc7jmkqm9g1J0Je7KFqotVaM+vFjrpyF4tgnGL2qZIUko1cV2MyfO91jrCMuTX5w/eGIyISARCoYJd2rIYaps751U1gmyhuajSGylYfiDlRri4Ds6eVaswitbiejUOXo7FmjKHudNU2/ag0/zGWuv/XdtnVDhswlXXDqpi6/2MukIEPuTeLEvRKcmat9xtpt8l71w4OtEDIddITcNJUoQTHycsNkV+dX+GKdWWEXInrUAT6UdE4gW05k9IyCOwFHW0uC/UtMp8WuucOQZ8cQkI7hxQvQXhrY2FvGLj/X/3XeKAQaZCZIkRKpnTT/QZELGHvtCasCGAEYHeAgSTCReQt06f+FPeO/A+A3I6E28zSxtNF6V/dpR/JPtbPtuIltMFtuklHzEmyAY2ZshHin0V1 FsvCX7rS dkvaLJMPuddAWIwHOEsEV21YwK2pBnLiPN/NLmSc7IAyKP7aaNO2Xq2fqz7MO9b0UZm0MD+ETKeGNOxrGkr0395RGxV0N7unWWCFOgJc+CiErN1vsQVlbzZA61ebtq6lAwSL8Fw1bhdn2Xv1Qvi5Kfvkaia5iRPAbsPnUVKiBhGrVRF9Gk2E65sHdObhIhFZnpwcZUb5lNLEu/D0FxmkIywh3ZjipLZFhG0d4Z7f/D3Tpvjc28JCCPopNDPamV1240HHXjaKQb+oZ6HUl+HdE0JpbNJrwv/eVVXNyx//OjHBx9vWVzCRciZdOm5b33KTGtXcAGO8l1qNoP+Ut/01gplQ4D0u9eQy/Lm8QGSkAoxt7s3z6s8i8GAw9SRlM8KBWqSoM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Tue Jun 25 14:58:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51E85C30658 for ; Tue, 25 Jun 2024 15:05:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D24136B00D2; Tue, 25 Jun 2024 11:05:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CD3006B00D3; Tue, 25 Jun 2024 11:05:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B26AE6B00D4; Tue, 25 Jun 2024 11:05:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8EDCE6B00D2 for ; Tue, 25 Jun 2024 11:05:30 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 45A3C1201F2 for ; Tue, 25 Jun 2024 15:05:30 +0000 (UTC) X-FDA: 82269734820.13.5687780 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 6413D40008 for ; Tue, 25 Jun 2024 15:05:28 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cNEK665H; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327917; a=rsa-sha256; cv=none; b=Cz9DhAeHGAnlL7rVkKulrmC3Y7oj9QQa9iRcKP8qARTRtEcAA9DU7NdwdBqmN/soUBQFtc foXGlMNn0tkSMm+4jhQhJt2HcSYCz7H0RgDvpzztZvvobYDyzK16rBghoOam6bF8xfmO9P kCQLdkxqkGJbMqhvtSOfSVxM8T/U64A= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cNEK665H; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327917; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gBkkGTg9iwkURdLLuf+UpkR7ejhULQidz4/W46P4K/c=; b=AzdFRQK7vGSIL+lUHqIwMeJ/B+PSfWNshfOh9K7mSz7rgSWuWev8o7JGGkTcQWMuUAIPEU EJAYqTmKy31GeDdapFvcdOyneEIP1GQzRA+hX1mTSfgpOh5kpg1hS83D7lPUbW4MXJP7ub 6VuEgqzGRVAbnDCHHm6/Va8uSNCf6kQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8867F61453; Tue, 25 Jun 2024 15:05:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 04C6CC4AF0A; Tue, 25 Jun 2024 15:05:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327927; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cNEK665HSoWXVRXSv18N/8iIDoMvaOalTwGw1FCahJt7YskWm9Y+nm8VEilBD37Yx apZf6tKF0pjx7ZoKIxnU2+Ovb3D8/5Fss3/ONFtWcXF794jCawr2rsWg8uXDeQkedv W5OLaMX8coojfSEIejBKEryiOI+WXYyR8hKCzAOTzFgiwHshqGqKG1qLTeNvkrB+zs w1hWkRvhuVdqooQQ9FgW2/rGxseL3d7lO3DqR5lcKGigMzxen2g5MkJOB8Tn8SINga IBlrwnKXI1caWMQHxbaxOgdjg7uJbFXHU0HjlnJx8aUJTFa0IP+kdt8oTY8v9suHwN ImvUadueEf9JA== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:05 +0100 Subject: [PATCH v9 37/39] kselftest/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-37-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=7642; i=broonie@kernel.org; h=from:subject:message-id; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuPquVxjSFARwh+scwwy3+t5W9RXsUl4EkCHnWu c0ZvgoWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbjwAKCRAk1otyXVSH0PtVB/ 9TvfqwtKkWnWEXfy8Tnf8krx90zOIcw9m8P/csKWQ31MXOWRpAX9mZuHvU/8jsHXeN+b1FIAllWWdm PhaQ+A3IE1PTOE8Fo99JiDEIT4vYY2VI/WNVd2a30nUPGArQ3bbxOb2tyS8lBF1xLLPfER1PEr8Qwt iu3M2YpArb0T0/OHemiKW7nA3BDRJTZoJxqESvrWWlaTVyFJLJbmBvQcLkB41eHt+JZt89HvPmKp/V iU/eVP4CXmBomCKyS4fdjkt9ncgbPxFKeL0QjUuIJo1DOFWcgLXMvJDY95DWqjnXyRmOKQ4Rh6SMB/ 4MdEc5KnMWmWRjF68+DhFr/M0IGmCD X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 6413D40008 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: u9878m8o6jib8p6mdgeiesxzkz9zqrgc X-HE-Tag: 1719327928-86106 X-HE-Meta: U2FsdGVkX18c2uYyM8g1Du7oFQqEM02we+1Iur7wTAPjm+FZ1JC9srxY9BrS5YHR2sgiIAjftd/WJ2cwMq1mr9M5PJO5MvaARWAveZfhdRqpgBtdTfkW9nt3rlSWvLYK1m09gotcPYnElZM+ebSvQkqjAgviidrWcXWn5K6in7oldE/ww7DA+3KqD+S9rhN9lEzISQorgjgYOKEHXDowhIeYaVi1Rg2FwpmJj6pBPrBbdQ9Euz2evk43yQ0CdeSFUfVhS7NwAFp/p5qhhJT9Kxc/4R3UV46NfHFzrzcveFyaH4BNBOl0vl6CSGTBesjgZuY/ihwc2h1rm/A+9cWZV8hrm05JvtOezM2Hkx3xbMqcT5B6qgOrn8y7TdVs0uGryYYddb815cen0uKTI1VjILxp7LqHIdwGdcOtYimNkM0DESo2TADmtIcsUzFNAmWIB5VmQc74aZJm9xLcuoEX1NASVSejGTs5r+62kZOqjxW+QAJBDWlnUkB+HN2qRYdyN654u4yMrvHBTRL6mGtYK4av1nVY41p9quvF/82K+VBZzgOvl6sQLexG8DwzVJvuiDAHNYr7B3Ju45o9THX6rt6C5dHmpBo4rKSlcyIt4fC9p4XyOBSmt9UYGU7rejR9kJRYkangJCpDrjVn0hR34a4blmdWvsnubPbrESxfnlvho5kulWpPm+PvSJPXCLtycDl/zCX4669yTDxr6u6Rd2S/Yj6ufFnC+AqN0cey4+JKwUD4zcG84AD/8xAuuktT/L+tclMQAzjicacojeRdZp7/eu5AonGio+1hvvsllgXxHg/vOnTPPVSUb+16MQc/Gna0B3c138wqN4hXGEScaSGn3lc6+5wE1yyEFzHN83mbDnLjl/G+eaMNbeqs4fKCqEqwkMUS6ckLey/V4/fWFBagnIJzhp6BrkpNpsJxH+oCVqhG4UiFs2pZEaGQpJOodoJhXVkeNG1PEGKEEWO QgEwpH6j plUhWEpA9M1n89QjdxA03ahn20SxO1a5tX4ouso27GE16AeySSF9ySakKnaKggtBXjomoZaErroRfSqs4IJpyLbGIc0eay04Hupqimq7lpatAZXHvHIrwJDvCZnSi2LEOnPSf0a8SMi/FVeEaqEDQa1avU3JLVMc3EYw+A1ddGg7FIMWg2yITRdms1lmc24KADZPBfwygaakWtOxjqTNGwHE8VB6f/iOBU2lZlUPpPFyVw9rEbbD7rNHV7YQJtYc44a+ib7wtkRJerjQJ5+Oih7xTHMbV4tMXo1kcgdkAdSuwNyx+IpZpO2bCJpOUgLK4TzaFCifbUUdVI7lnMPJdd141kD+qTov30nhuUJoaCrbTbrcXyvrLyKWVTPZUCucxi2ym X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 62 +++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 88 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 ++++++++++++++++ 5 files changed, 228 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 1ce5b5eac386..75d691c13207 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -2,6 +2,7 @@ mangle_* fake_sigreturn_* fpmr_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..6228448b2ae7 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* + * We should get this from asm/siginfo.h but the testsuite is being + * clever with redefining siginfo_t. + */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..b405d82321da --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + uint64_t *u64_val; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + + /* Ensure that the signal restore token was consumed */ + u64_val = (uint64_t *)get_gcspr_el0() + 1; + if (*u64_val) { + fprintf(stderr, "GCS value at %p is %lx not 0\n", + u64_val, *u64_val); + return 1; + } + + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..faeabb18c4b2 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Tue Jun 25 14:58:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0FE0DC2BBCA for ; Tue, 25 Jun 2024 15:05:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 97A136B00D3; Tue, 25 Jun 2024 11:05:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 929926B00D5; Tue, 25 Jun 2024 11:05:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 77D416B00D6; Tue, 25 Jun 2024 11:05:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 525646B00D3 for ; Tue, 25 Jun 2024 11:05:45 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 04B73401A7 for ; Tue, 25 Jun 2024 15:05:44 +0000 (UTC) X-FDA: 82269735450.30.648D7C4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 3C526140045 for ; Tue, 25 Jun 2024 15:05:39 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eMNYEiaa; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327924; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=I/KXlJzPpTv7WIVOaQdXa9HXJuSGZesHrabQturVGcY=; b=u7rISeBMFjXPTCJm9rdRXBCK7n5ZLrcywlSkCMHWNKVtsisewAEiv7RqALgpNNb+ECQPSc wkbIYaSe0zdtoxYgvlPygpwjY3VGPd8UsLxt7U8w9dJ/wxYcwADUDx8LFVlXdL0AYTFr8+ Uuae4WI/kkZ8CMpBDFydhK0x+FsWrdg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327924; a=rsa-sha256; cv=none; b=XHNQTBpJiPbbVsrVXrZUd7WYC9CAqz9zjM/Mn/VLowoyEp8IIklA0QZkG7J2FvSr6EA0Gv 6R4x740E1Vv1GSVHwVNHUC75dlsXIa8UmhlPoF2O7tdYhTeL9c77a2KAz19bCGA5DCbxbf zOQNN72KrGhhlHa89hxDdGG5wZZFfGk= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=eMNYEiaa; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 5B9E56146C; Tue, 25 Jun 2024 15:05:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8D53C4AF0A; Tue, 25 Jun 2024 15:05:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327938; bh=+5w93oy+K4zoqQhbnCZkQT4yClZXDMcH5TZV9ztM/gM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eMNYEiaa2SoeN4dh+PQFC+MG2yVKB1c1pN7BBkUFMocMGkjfrQhvw55Lq1laJhamP /2/ebGqo8ZowrkZONFjvgCjmWNrm2mc/3Yw3/Y/DwX5xtSNBpZxB8y99DNR+gEzeLE IpOb1ZPEqVyiy7d+f9QRL0C0n1lyNx+B39IR9xbdgHCByhqYXSRkHyATH2N42h6M62 Pqy5lnu4JNSwFTgtaleatwFKj52DKCeHUBbXkkLbIkzpib3KTy+6LlnxNVLc5IDUTZ hUtnrbAPFHRsWY5CTxrXzKQc24q0z8LjhJj4duex6tmCO6FotIhcfKaTWdmor11G2V smr5Y1h8To4jQ== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:06 +0100 Subject: [PATCH v9 38/39] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-38-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=21212; i=broonie@kernel.org; h=from:subject:message-id; bh=+5w93oy+K4zoqQhbnCZkQT4yClZXDMcH5TZV9ztM/gM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuQ7CaTJWorWFQ1vzpLn+2TADL+dray+/aNNQzu 2UXgQUeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbkAAKCRAk1otyXVSH0L+0B/ 9tU6Ji1usDLm1eUspnkNFGpOqWNdb55qoDx9Nao/irZjAjlHLO4MoNMtqgewOTtK159AxUJ+hBy4Uu X5aIT5jCNsFCsODqJx0ZGoculD5lwKDs0me7m7bUuDukmq+wsVC+ObVqd7nap4LyVGFqlEhZUZHAMd SzkO4uIIHo/L/Cj9eu9QELZF5kly00qyhIdHWLZ2Ke2NERfYdWlrpFu0/FoKHE+3sBycHsl69gGbTI G2VhEtWoG/5lJd1S8B6QDor+B3yB7yqKuPrxa+0uR5rDFafh4YLpN2Z6uyiy8cjvYjkoDyNRQesGJS tuBuJn9zYVh/r4KgPX4xKuLqiOBW13 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 3C526140045 X-Stat-Signature: wf4nhgqkqi5g7ju4jxipx5grgggccnmt X-HE-Tag: 1719327939-190873 X-HE-Meta: U2FsdGVkX1+IOdMm6EaVaXqIUrsl4urixYzHVVjkNW0HihcStvPP+yZRId/oZDw0hz1eQnNWKE0agQqOqgDClTv41EEH6rEC0L9byVaJixPPf7m/DDbkf7UOFnd+IlNdOA3xoSEwl8Q7U1EBdYLpv2SFSYNtpf7fr79HfQMUItjReD3sUwgFPuNsGWyVIOMJ8FCd3F73iW5Rgjz5Leic0XmLK/xvH1vIJP7m0Kmn+LCpUP6InvsTtavJC343LVhDIg65/z6Ex4uTQIvLU41apaSyGmuSzfIDPusKs2dEBQv18NtYEmlzOGrt9fClTOTq3pTNh19JUmWExCwAp71YdqiYDSpTK0SCbQIKuyd+iIB57i/00l1+asWRLkU+1Kr1skAeT78Kb1G17zArb710iNQJ8LMBWJzawIMGK5XaVC/WI231Scy4geJXNY1RkALmxcjlCLFVnjxCeCMdoO0R0RqXKCCojxKqjGutsvYM/oKdmEpuYh4h2FnEPOJMTUS/Nuf11b1ftTnbk7uAbDjTe91dlBSHD94BdpPNXWQqGbnNkr1zzYaHPnTJqTw/5bAiOBnvrjc7Dnnc0KDa3aXf0uif2G3Q4quLiNA2r8ENIT7i4B7g4EbWGmL8oltfqFUI0t3Az3DvFAmf3VCJDnQDSC/tGiwJxdruILAz6u4HjNxglkvbfR6uHmZKiV8wz/CHZvv3+6HRcVwIMbVNAC9k9XVG6qvW17ZBVYZhEalHQeVPd/30rcg4gemj7tN7429TVgByMkzN4BiFf5ItQ1ZWrOd3HDbr9MGpZYDUmQD86Mm7SVhwfy5a4QINFp4i0wUtPCBRNM7sq0VvIQPd04p2JO3xYoJxmW1hX1TByEpxKQ6fZhoh7894iW4Rvsp3lWKAbc6wi/Ye95q0pr/0NkfD24eaJI5pddwM/kRTuNiKNlyiVXgiub+AAd8cmNVqMxXwM7Iaca6gOd5QbxQWQNO 7AxL+0Pa 7JDlwe8DxJNsP5hTfJQfUbikbr0ouwjN0xP5VA3X4O4ZvbHP/ILQVJ8rkmm0p3Uh9EXNvHK6kLWmrO+pdj3aUzADIL4AZVl9Bty0Ozf36OR9zvUKVjfQymSZjBaJXpD985L8IqoV3+aOK0vWMPQWYsSllBwexS6yBZ8QhznGahUABIY6OxrIh/OsAToIwyZz04fqIRe7iJGhDRrAQjXRmpXwOf4YDfMZG3yPrx9GVlManBu0AkIeN/f2M/Thirvuu6V13ZfvUlQ6HbnPW8FzN83sccOiiXkCk0RfK9aDjkrWSlOENBqpPMDMfYxdZd5Hx06TNgbpjIWZyGhsz5/0vBl/DUKivY0WCryILfb76av82o0TWt2oW0pof8hIY5OVc0yYe X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 532 +++++++++++++++++++++ 5 files changed, 850 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..2a08d6bf1ced --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endm + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..23fd8ec37bdc --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,532 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_print_cnts(); + + return 0; +} From patchwork Tue Jun 25 14:58:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13711465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04C43C30658 for ; Tue, 25 Jun 2024 15:05:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8690A6B00D8; Tue, 25 Jun 2024 11:05:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 819336B00D7; Tue, 25 Jun 2024 11:05:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6BA9E6B00D8; Tue, 25 Jun 2024 11:05:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 46E706B00D5 for ; Tue, 25 Jun 2024 11:05:50 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 6B87B1401E3 for ; Tue, 25 Jun 2024 15:05:49 +0000 (UTC) X-FDA: 82269735618.26.8B9DC3B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id D9FFA40030 for ; Tue, 25 Jun 2024 15:05:46 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jVtyl15x; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719327934; a=rsa-sha256; cv=none; b=lpYlLqxKoASxSOWPTyqHVEJ3lqu9wqSiCNZ9ktUUa/JiJB7NkBI5XRZcqxaucKsFw8naJg AEXcvdMHXlAnDOL1tUO18awB6Ht1jdOxnrFb2bEiojL8SFzi9oNh070Z3AgHkV1XGoU5C/ g2UbqLTA2/Lz1MblhKkUEi2V435t2qA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jVtyl15x; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719327934; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=x4bRDIg3FZYF4TjRB4Ac3+0Hb2IaTqNwKYJSKp4sACo=; b=2EG5IiQY7yY7HgQlkcbDVpTXltZSXWvrNwC/9tc6iLaZhN8aygBaOt1wuO1qPfE0uF8FPV dQdfDtoiRHc9WJ8HGHRyxg1DtjxZ+o4KdOp5p9mMk2jFowXbM5UgeFH5Q0Qp6caLNte22+ 0NDJAQw1LdXPs99lm9E0ab4EhTVFAaM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D63CE61453; Tue, 25 Jun 2024 15:05:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 82489C4AF0E; Tue, 25 Jun 2024 15:05:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1719327945; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=jVtyl15xNduiXHKLwIurGiHrq6v7QW9hCqMHsjmjHGlP0n43EqHxggFJBuOuA/T9S ZwwyUkiuwOsMntBpfak37kJinMzrQiuoJEu+eVqdpPl53d9qQaqzSTyXFPUSpfJI8S VAlaLDXxrgRW2SWZSmnpBWfuWWfW5qV7AInmNEmiSe/7w9njmux7n7MhF8Y4K9SFGu jfPg5aq3YLB85H2QbpRCUMv9AtenTAWoE2hZfhOu8HG6Az9/y3XS0hU1LsCINimGX+ JyStWz5ytl/jDITq3/tfE0iCyB9uqOPd4C0JMEB3AKgxRqEQY6tVtdMfaO3zJH+kvI 05DmIU8/cjAag== From: Mark Brown Date: Tue, 25 Jun 2024 15:58:07 +0100 Subject: [PATCH v9 39/39] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20240625-arm64-gcs-v9-39-0f634469b8f0@kernel.org> References: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> In-Reply-To: <20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.14-dev-d4707 X-Developer-Signature: v=1; a=openpgp-sha256; l=3151; i=broonie@kernel.org; h=from:subject:message-id; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmetuR2t+0Cqlt/6leQmollofnPNO15qhZxsk4g6Rv IV0COeeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZnrbkQAKCRAk1otyXVSH0KUEB/ 92KBV+o4546rcXH4xXo2EWT+kE5N6xC2oDsBcr7IoWFKdn5b97y2WNrash+T59Yu1XOYrCFFrOrkgm RbmFAWHOBbuOXOc35IR+XCSSa2/XJZ7FXZF5j9xA8t5Jm1TA+oALCgCQ/r6V9BCHcym9F1WxusrRH2 NmGZWONPJFdHa6wI/9n0Ormxp0MUcPFFWh0bQJwB1Ins6vJOcUUYcrUMGUZ83jjhnjAN+zkQ1GjB93 iQmF3xpdVuac037z9gR/TjRKF03O0O2cYLS2kfLwjfhX3qk2c8+SM4699Wno6d0w34BZDduAiPh+cw MG2TnaMeA4ZtK8eaNL8Ppza/o33J+c X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D9FFA40030 X-Stat-Signature: z9p48brq1k8qqk6b9jjhmyzxidysoiks X-Rspam-User: X-HE-Tag: 1719327946-761986 X-HE-Meta: U2FsdGVkX19lfPJ8hD8D03b+HajyTvAKJ/TWroJ17NStQVxXXijQDPtEfSFjXQms4sloG66GbNKz2HNR/JFfVoNQ8xy8YwGPrGVLbpn/eTXRXJK5kISHa48ZcqUymCeW5bO+b6PC0fEZAowerMEzOMCMqZHDcuGg78dTHevKi7nuLDaFFxkRhkfDPIs+lbHm1iK5mBys2H51tT2hnl3uX3hWM7ZrJOR2t5JXtVhl7JzAuCKWrUx4NAdpjOw8kkCX8Dcso0Hxg9pds2VCJqrnmdyoguTlpUws0OpMRZl8mC6EnpTAtekcKmB+RfEfV2nwuXK5wyH7Isq9lpIA///R+O/0L0HGtu3NX1R8iYy/1bw49PtKBWkgx/Aq2higswXUBXmrcCJBFpJpV1b7Eqs8+gLr67HQ6zwYs9Wy4GC4ri/OwPlidxqjEqm/5YVjDbAJQnmZN2zlHhnrDpIwMdZty5p3RIbgoslmBf7GJNyqWhMmapi7FpkwdG3FHq4OdxOwng3Aq8S5Va+tx+8dlXM5UU7weXQaL/52WFiFYS73GgjREYu1YSofXzmoDaR/hsv9MgCuJcIbjh2k/Qh7agespjC6675k+V1dRz7ebcNDYOMjHUfrePXXjPQA8Fh4Vsi3n+jBHsj+yvSY896L4H0HvwqTTfelML5CKULsLbsMH8ReTfqwK26tLyMbNgq14Cwixud0cCUpRnE/P4I5jOEqNlbHX4hj/hjB/fAuohrhDApa9lDZLJTtfjEcAIqzRe6A928WT0LvSiU3AdmEaNlq6BhDhVZW7AAlMkNE231H7tzU+2wv56w67LYQs9sAInije7qvDoqP8ebwGSPuDFXYBVSACgvy8p2H5L/gN9IsIBQfI8rEaWlgakg28BklZysbqB9o1ukBIUs16mCfsIh/Q2/CJwPnv4VHvRQGn20VzHql8LEo8yCiuJmhA/x4bqetEGHzV11xfWNckTo5Qs5 b3E0BYXa 92ePSWw6ssPnDw03rGcFWN4VtI48DDCPvICYlfWzvwbosFHzXt1epdoCNuSCTtSy1l02iwnrr6Ug6lFVzAVc8ZdkMUYDRpqTSnFEw6MJD5N+hGgJ7ypOv0OptCicMP2MuA4MbECSahMkmkBj229wzLrzFsUq2wj6oArZvnLcFUQ8WPz5Dz594zoJ38bZKG/s+P/Y5j1pXTLG/kXViutPvv91WRxrVic/EuWKOR6mcMQKieaVqZoi2OjhAcItTwODRl4diRbFbs7P0PCHmDbwbBohpZHlfJ+wzKP3318DDWBm5yh2oJaiA0Y/W1oPwZhIEJeKN/vfjsJ/9aIkH4qbqH3DPsHGKwuopB7plnswd9sl85At2SZlCKI5QRtt2vDUYxJAJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..1fc46a5642c2 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index fff60e2a25ad..2fb4f0b84476 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 095b45531640..b2603aba99de 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index b5c81e81a379..8d9609a49008 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT