From patchwork Wed Aug 28 23:27:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782163 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 385AEC7114C for ; Wed, 28 Aug 2024 23:28:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CDF3F6B008C; Wed, 28 Aug 2024 19:28:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C8F706B0092; Wed, 28 Aug 2024 19:28:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B57556B0093; Wed, 28 Aug 2024 19:28:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 98B3B6B008C for ; Wed, 28 Aug 2024 19:28:47 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 37F0D1A0891 for ; Wed, 28 Aug 2024 23:28:47 +0000 (UTC) X-FDA: 82503246294.20.D495F54 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf26.hostedemail.com (Postfix) with ESMTP id B0935140004 for ; Wed, 28 Aug 2024 23:28:43 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Gw16Eci9; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887659; a=rsa-sha256; cv=none; b=hbQv61YT32i48o+jap+Os+c4WO16CO6oS7tYJZ/miF5U3Q/dDfrVPNOagqOaxK3EWbKsla ggUIgiidW2gtUJdIgPhbxNv0uUeTi8NUjHfnYoVqwGrpHmfHpl6vdaYQkE1YzTowhf8+y8 NaWGfNy+L4+762a05tJVa07NUEo4Xfo= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Gw16Eci9; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887659; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6yOwcXdXWVvJlvycs735HWhRRhKvuAw/XrrKRUAoVvw=; b=3sVqIHR8fKKhKiTB1EHWLQAqKfPdynYhVyObbMhy+T3MoCi+Sdqz0WWFD4bIWTMz080XR9 VCn1Vy0d+enYFV2fStDmh6p1Ww3G3/1/I+aVhvsV0KW1IJcRa6O2fIFh8YKi6ugCvQPi5U vp2zrlOU266GrT227vBmwvlzd5SbpYA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id B6C96CE19B2; Wed, 28 Aug 2024 23:28:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 068C2C4CEC6; Wed, 28 Aug 2024 23:28:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887719; bh=rFBO85foTdFO3Yh8vyJHtUZjp9uE/dcEpKRiB9tMlcU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Gw16Eci9InmTxeQ/v1QW7kxYKwophg4FALCY/PpN4dJ76jY+jkkPcLa/dolPFzQun VJDTzYf5e5BhG4tmy7HttDryPNy1TQnLRtjJLvUYuQhf0ISni7s9KXf7j0aGTvgb7g dDf5wKBsWjvEncVR8jEJYw+DeW6adMLd4Hy5/WGZZUYTs+SFUMCSGwQk5ZCt+Zm4FI VepVGfYGX86W6Ch+pXH1fFFOHG6rqC2Wc57mpFukSmqGXwAAyzdVPgZbDM8vliymaR dPgTK9+lIPRstG8HVSiTYtDcdMpjlO6sFeKuLl0niQQGcP5/hMimcRIb7fBAN3tCjz RaDEK+jjwNZFg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:17 +0100 Subject: [PATCH v12 01/39] mm: Introduce ARCH_HAS_USER_SHADOW_STACK MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-1-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown , David Hildenbrand , "Mike Rapoport (IBM)" , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2759; i=broonie@kernel.org; h=from:subject:message-id; bh=rFBO85foTdFO3Yh8vyJHtUZjp9uE/dcEpKRiB9tMlcU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J5rOeiVZD0x1hdWNMwUC4132egoBxx8QjkFmK5 Pv24bDmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yeQAKCRAk1otyXVSH0EmcB/ 4pkgEaT4pdaEuaaASONlHltej/0jAvGExqIf5J2OhugKd+NHHJ0jsvzrA6g2c0QV0rfR2cuvQ2ljk1 RneeaD/6oRc2906gCLFz6qxPdc/szByaOGpmkFWAGOXusNxL4NMnfWG0N+hig4uXIfD/c9l2uaeXhq mfnW7i8Yqh/kkl2wism7g/xMtO4gUXlW5pO0na3MebQeWcZo41gsk2cJAZxBJqVMMa2gkQIkqCK6P9 9wSeJTrUogqeEkopqqK8cXNJ7AUmy4ENF9YK2/VNlb5hLQgmQkJ08ujQat/pcqbq8+eYPEbOjxptOx i1rHnmVb55SzZIQwmmp3Q4k24enVQl X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B0935140004 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 6gdep3xgesxropupntbhfof9jc3dpxub X-HE-Tag: 1724887723-7988 X-HE-Meta: U2FsdGVkX1+ufEwCLUNoXlrGAB9E4LjmRe5xYnm/Xops0zYHKCAKWZ81AHuhmklqp8PQLMcFu02mfGOfQdqnI5o0aT/xwEB8Rkm6nXlFwSxfbvQQ5gcl0ZKLsmbe/sAZCjwkTrKjxqVwyxBBQ+F1vT15bdpLG+1mZUHGTzZnjaMzwu+XBg9r2ELQD3lZKQCHnC/4aqbg3pSbh1yv6apnjJ6AI2QdQyJ1pbg9gKsBNplhxjs+rgklAlGGhjmStnfLbfCPMtCNbq78LMHx15oymtk98YP5uswiO4Cz/IKE9VDAc1dBG6ZOZIR+YsbPhumvJRgJkRa2+4EM6wQJAOCcl0scJ/kwE/wL+SkqMG9mTB2766vQSmZCsJxibH/rR8smEoHIoKb5txVSAbNUdr3Xq6rTjtP8rQI0WKSqjWnMvMoGWs8Ize4bdNb0j3rHp2Fi714eB0fMlvDMJOKN7aGj2umNoSNZy4YWU+AU9hzuAx4uAm49lZlODejEJidT2z++OWE20AjSZA7S4hO9wpO72QHazw9BekkO/TfX+SrEtqAUHjAxber1pP56I/URlo9BDnMCTLzEP8UHb0i+UPh8nFAbUh4Tq39vQ+ZbyiGLh/57Eca7PHRybKjJWsnwz6fYTUzkvD6p1iGNCkAQzZwLme2shhNSSRjbZbIb6jG97wItpOAIfopMY7cFnRMLJPtWuIhphv90yywIZ/OHD+InMa3ECEEIQ1diXANJPE28A5fiESIG64fX3n6BEzvzLSpzKovTbQQX3hJdXCMRG0+dpJ+SisNx73p8c3XFfRWW/WqE1D9MhUCDvivT3BmHIxRdxS5LCDXvTUa/fnfLI9mUlZHx9XE2p7l0iTehFRdJWVGpzYsNyqjDBl/y3+Ek50dMKXJzdiAirc37jqn2OcHAcF5rDDFcrZ0TN9pb8Gug9NXJyd378Ns6T5V+bu9/7ldKuwIzdj4crARmKlV14Ie CnjA2PYn nYuanq89B9fxv2n/RY1EYIeHDn+WByVuW6HHe+2BpfjuQH53P9DBN4vtDkw10SD/K8EUBvMoq5LGd8w2KjdV0SfO3L4PpUWS7XEg2dTTKrkG090HLiCoDgfzBHJP3vc25pmIxIkuC1+gFHaYYBfNL3bKhQPUj3muatXtFvRlZNICHeKkAc8ydT3BgYjn3h5ZUr2/F42VyL1tCIqszu/XVwPFKw0fGeY2Oxqan+sFu16xIJVxc0EAHMjYv5f5MZ0AmxsI93CeqS27PR2IRfXMttGJTJjX1Ci+fJ5VepuEJNiafxjr8UNw6B9wnr6qHNv17IfNyiIwYKRoGuvtyJNgpt+UQB58kGuXDchJMhJdyrEGNY4ChqFKbzoikj1G1pdnuJKdFnQys0ih1tspd77RqaiWUZ0szip+jsMnW+8wh5cBr+rHtCaGpeD9T4LQ3ukskYCNNoVade2Pl83VHmkE2XpullXAEPRtXFnQEUFFiSz99R1vWRQIHT/BKCWoSfnkjaLfFGT3H10Ttvx0eZzl+VehYHcXV5olp4W943/KfcBhcZPE5u7G5tut6S0RieykwQIp6TedO96s8o7XhZJrwn6watVF4sJ39S23Epgt7yJYfB3GpNXxvbtZsmY7VhMfXQGxi/915WkvAvqihX0DXQoipFFwgT5Jmqpxt42fluxdYrdb32XzzvFmRUg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since multiple architectures have support for shadow stacks and we need to select support for this feature in several places in the generic code provide a generic config option that the architectures can select. Suggested-by: David Hildenbrand Acked-by: David Hildenbrand Reviewed-by: Deepak Gupta Reviewed-by: Rick Edgecombe Reviewed-by: Mike Rapoport (IBM) Reviewed-by: Catalin Marinas Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/x86/Kconfig | 1 + fs/proc/task_mmu.c | 2 +- include/linux/mm.h | 2 +- mm/Kconfig | 6 ++++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 007bab9f2a0e..320e1f411163 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1957,6 +1957,7 @@ config X86_USER_SHADOW_STACK depends on AS_WRUSS depends on X86_64 select ARCH_USES_HIGH_VMA_FLAGS + select ARCH_HAS_USER_SHADOW_STACK select X86_CET help Shadow stack protection is a hardware feature that detects function diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 5f171ad7b436..0ea49725f524 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -984,7 +984,7 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR [ilog2(VM_UFFD_MINOR)] = "ui", #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ -#ifdef CONFIG_X86_USER_SHADOW_STACK +#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", #endif #ifdef CONFIG_64BIT diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..3357625c1db3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -342,7 +342,7 @@ extern unsigned int kobjsize(const void *objp); #endif #endif /* CONFIG_ARCH_HAS_PKEYS */ -#ifdef CONFIG_X86_USER_SHADOW_STACK +#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK /* * VM_SHADOW_STACK should not be set with VM_SHARED because of lack of * support core mm. diff --git a/mm/Kconfig b/mm/Kconfig index b72e7d040f78..3167be663bca 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1263,6 +1263,12 @@ config IOMMU_MM_DATA config EXECMEM bool +config ARCH_HAS_USER_SHADOW_STACK + bool + help + The architecture has hardware support for userspace shadow call + stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). + source "mm/damon/Kconfig" endmenu From patchwork Wed Aug 28 23:27:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782164 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61094C71150 for ; Wed, 28 Aug 2024 23:28:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F056F6B0092; Wed, 28 Aug 2024 19:28:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EB3E76B0093; Wed, 28 Aug 2024 19:28:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D7AAD6B0095; Wed, 28 Aug 2024 19:28:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id B88246B0092 for ; Wed, 28 Aug 2024 19:28:49 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6B87140258 for ; Wed, 28 Aug 2024 23:28:49 +0000 (UTC) X-FDA: 82503246378.04.77B8E3D Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf23.hostedemail.com (Postfix) with ESMTP id B7B7B140008 for ; Wed, 28 Aug 2024 23:28:47 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rq++GcKR; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887683; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=y8MFiRWNX8QBiT1ZHueoXKSRylaNL0IKogb1Ggfg1r8=; b=osLYxgg7j4rqzIdNsRttPUgHqokaS6c66yEGYbLGB1tIzJs9n5hin364arBXyTRq9hu+tK TD5DoaYDqs2wiDGB1nIxl6sXmHA7sFOLX1p26CZa9t56mZ1EHGP0yl6oYi84ivTAOnO2Wm APcTU8h1Jz9QQUKhri+BAWA8sSJNKfc= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rq++GcKR; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887683; a=rsa-sha256; cv=none; b=PttAlr3l/Xa6mav2OP69LrhDkdOcyt6vTBEN7FfCw/UbWAwA4hSDed0GAvj1/R1ptqYziM PI313AEGg/U/wIRUKsBKrBSBV11aBzTTgUKdzZWvKCBjLWym8QMci7sb7zbAER10AYjAPL kSMeu5MszFJxygDuG60dCMLIUtVBLMs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id F30DBA4376F; Wed, 28 Aug 2024 23:28:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BCED0C4CEC0; Wed, 28 Aug 2024 23:28:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887726; bh=pHfZEKDzLLM4lr4zoXfluscujJ3LYl3h2pXq/J8hLlM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rq++GcKRSvjv+PpuihZSyX+jI22rkXN+ahaJ3t3y5r8tOhGSsG32bALwOyi6zYXN+ eVkgXBG41Uv68iVxp4/e7dy2O7x7R9RL6V+bdhoGuS7S8B+ghf22V7W/Ls/kWbdLBo 7Is1GwWxO6TaQP0Tj7x6lsCbVCGUfXijCHMn6tEsRacuyEEVSbx2WXVHBZ96pD53Hf pmT3dpjzta4JENEwzaXB5sa+L7S1NKJnQCHIsWXQspmurerFzOEyKIifOvm+NSlcfW TzFOCynF53a2oPN11SQE0FwHZZfiWDjTdsJtv/mxFkMVO9x8PjMxmTb8sZsdxPuGhG +pVfHFtUnOF6w== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:18 +0100 Subject: [PATCH v12 02/39] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-2-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1425; i=broonie@kernel.org; h=from:subject:message-id; bh=pHfZEKDzLLM4lr4zoXfluscujJ3LYl3h2pXq/J8hLlM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J6RoofHrvZefS5vfHSrIx3ilH92it2YpD+C2sU TzTMMvuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yegAKCRAk1otyXVSH0OzJB/ 9Gab3WMv/piiW9sI/VMmkzs26eYy2nciOZlr+bDnZbXBO3RS2k7ZKTA3UXP8pw+WP6f3OTrK2JMpfg ycY7eHztFNrujRTDsA1Fbnp4LEYMTUqMdaDxVz54T1PND+NB3VCmbCLle67gDrxjBhI0d/2ZdiBMlQ WlCVUNCOU4/GRZkhQPjvJpMhnxtqZ868DYBfql4xwV4z+fedBMTIIwQLcAO/sLgPIoTYb+If2GbG+R SnPQARoQRW3QsGmVzONtxPqheal1fPNH30HxTnD56qvbXOnHngyg3z0/KOYD9Zh06RHyr1ixJg8tZT ++7YZqvjMHAD6oGk6OoVaK0+39aOZh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: B7B7B140008 X-Stat-Signature: x1ufomhg35ai1z7rqcunnmh88sx5c4bw X-HE-Tag: 1724887727-990488 X-HE-Meta: U2FsdGVkX1+wh6IhCjbDhh5rNLkdjkALuQE0vEwI/DfXPTCb6UoWdK1Ulwa6DDRgQSTgwSL0gz2Mq5S0Nsm5OoTpM6RNwuGIKLqRJI/dTBzOgu24L1spiJDc3TeP/QvwK5efun69PhqQxUDAq/yA9SfDx8vKJJTSJgtgEUHcUeUQJfjDgZ5+hxfbvWMGG/n6GgPZKhnqoVyFXwgxqp1/mo0r6DjThsQR7u3zj2pLzrDaDjtxHoIiArQDiIvC2R5suC0j8ZBaAUd7B2RZ40h3ZQhE4/3XdAtf9EIXWEN55H1rLTGF9P82Z/TjrZG2H/4VGy5w2HnN3EQ2t/A1LOpyGG4Stygq6GoY/PGBGGPRNy5Z36+ZL3i1B/O9UgS8IYWaPpxjSagjbGe4oD7w45qMekFQCJit446oYUpV8SyaCHew4DqGBakFw5t60N4zour8bFjHW066fs2Jm6npvtB6hKZ4cetDkl11v5nWiJlQJr03i98NyKIfGOXZSfyFnyO3oLL36YlASBk22lJv99TJEhKWOzM7YOwOPTqRMfbNl118cwbtHCVVeNnIut1/Y1M213ko88v8XWawh4K5fwhV7TKHYm0MceayYpoJVunguzd2pQe+XUlUZeP6dEBd708mVeYWf4C5fx/zc1yQ9RGnO8X3OkcZ1sjQoGfcwq81XKQUYxwu9P4lMOmhcacVobkig62rCpLDhnKJ5qzzuBk+N36ozyCZgsZHyb1OWM5QWCDe/0iUFkvy8qU6XfZ59STmV+4uRCKg66XYb+ECb1zzbMnP9pgxbbRp0X7bC1e+mq4qdH7KlMHDPFhC/shRFP8drTIgWlue2iGR/J9gswFUilDWvhNyU5yGdK5Z7eW2LanRphpYQE8j+PPwRATfz6fUR0GeP2lk4Jc60H8XWlhkttRHzSbRir5uNestHVlOzmmCTramn4kIkLhyoC4C6FBM+hDEuCmailA5uzybWXs zW2oV/Hc A4i2/OhbhaMcEFjZVeRWKyzhpLWUa4a0Hei6SSof1CWHSEWYO4wtNTK8aut8StWQF1Q0RHNp5xDpO7hK803GDft22BIoK973E8bfZ3mv268F98hs4Rdt05okqKxT7Dfr3rSyRiK03xVN7Jn1Ou8P+UfIk5Ck0EgqPEKyRfEAJA1NFcB0BkjvQ4BvIKv/ysxOnZrpkmxyjz36wpEd4mJjASW5p5C8E5k4KFMMihWql8mB08spOegr5jjuMzR2eOjAQElN5N/CRFYCy79o+A/OqK860Dfxe13qbRbKMkP4e5GB8lUpHfn4jon3Uwdwkis++le06EOGRrZf4p4oCtVmXIRj9AJTBNow0hrYoZyMfZkIn5jidCayBL9UFMDAVXGiIZjxWEWBRE6OfV/8M14VIbH0AIEPo9hXJpm0lE97VGateFs3ldHkdEnYhy4lGyJIz4h/p6bpzGbHYoEXyn8hA7/xLDa0j9OESwA7VNqyqgr/Jy6GPYtZiwY8syOYiA8H5MvF7pghIdSzPVGQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Wed Aug 28 23:27:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782165 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09580C7114C for ; Wed, 28 Aug 2024 23:29:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9AB266B0096; Wed, 28 Aug 2024 19:29:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 95B3D6B0098; Wed, 28 Aug 2024 19:29:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 823506B0099; Wed, 28 Aug 2024 19:29:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 655236B0096 for ; Wed, 28 Aug 2024 19:29:00 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 153CE1601BC for ; Wed, 28 Aug 2024 23:29:00 +0000 (UTC) X-FDA: 82503246840.18.43434AD Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf10.hostedemail.com (Postfix) with ESMTP id AD3CDC0014 for ; Wed, 28 Aug 2024 23:28:57 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CyUah56F; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887718; a=rsa-sha256; cv=none; b=VfTT8oOtqhKCWhFbmiEzdz26FFkZjDRKA8hnn5PxOjR9MngD+HlfBJqF/dv6i8TzZDTkiW 216Mm95O5+uAXAkG9yaXRpXVMLWcsiESEcT2mBlOlTVdfRUVrDUrgqcAvv9llV6DVpg2aV 4idyA0ynk40BqAG6Szk0ctaRskWhBO8= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CyUah56F; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887718; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EJN8RNnYmCJzR88SVnfnXKM0lDyz44SjLAMsegCd2Y8=; b=ixLN6G3vJqB0ODoT0QLejpZ/7NxZ70DKd1nIUbHJEnKfZKYXa6YLjWnWlwwGDBZd3Ewth9 xkihyZRbE2VwxbRiZKWH171NQ4kurng0NWt0DXmrImARh6raUwp3kNOwB53bKjIh5QEtJx X4SmFHjv71IcfMzgUwkFawRS1PFqgoc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 962B7CE1708; Wed, 28 Aug 2024 23:28:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0AE6FC4CEC7; Wed, 28 Aug 2024 23:28:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887733; bh=RTcnwKCnbai8FTs65e4TvcOIdbpBUk2hXTCc6OzveBw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CyUah56F/ucjbAcFwoG9D6pKWXQ+1tmJEEDcJN+9ryqPoOgJTPSLtYBid3RB5nVhA YgRXyYYGH4YY5HdCar6JjmO9SGQzp4qvWwOdniQ4qlLpE5v0TOpQ9pwEBAUb+Tt4W+ NQb74WNVQ/WH0mXhUZTsi4ejE7R3HgCFXk55WwGPXzN8QQeeamJwNC++kVLz+hlD0T 2SDIKVh1wTgL4kdUPjkJyUOIyzpbkY5DQQtPLRxKLevTbdRgPY5iemORfnAiXdMHpX MsWpmJr+RFu34tC4Mlu6XyEez3UKn42y53mWLw3MXV3rXjGfRkXEIkrqPO2o1Q1raS S0RC4G3IKnGUA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:19 +0100 Subject: [PATCH v12 03/39] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-3-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=4949; i=broonie@kernel.org; h=from:subject:message-id; bh=RTcnwKCnbai8FTs65e4TvcOIdbpBUk2hXTCc6OzveBw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J60KI1NAx9s5uebbxOtg5o2u/+i3ZAA5EAZi4W ygltim2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yegAKCRAk1otyXVSH0Ej7B/ 4i7V5o8NwcAlzF0dC+dC7r9ly6FsY2jaJX4HBmux5vDqMKE2ssgjL7PW/vLOoPBS6mpzseOWpwEsuQ efZzoPx50er7uqNMG9uH8TNmUHnq2qCpg1JGGzo/wDFM1rZqH43CnJQ5HxHnbQTAwtbo6PJUqJ48ib n9sXJezhzy/kcM9bSLndvUruiEaLAArgR3BggKgdHazVd5/y6+yeRzzxHM7z7MvhfbUFNo4YmqUuuj amvYgdk7+YXJCuHhIrgqI9qoC03307nJQNKADYDPz6WoNiKrU3PDbGav7T1tGnsCkKrI0jdd3Jftbk xjTF6ie+KPWrJmU4xk9fZ7BVYxKeW3 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: AD3CDC0014 X-Rspamd-Server: rspam01 X-Stat-Signature: y6qc1rwmccectqx9qg8cin3hxmgdiuxt X-HE-Tag: 1724887737-554189 X-HE-Meta: U2FsdGVkX1+ZjV59kF3Bu3tMcMDNfGM4UcdwjAn/5LQU1VvoOUG29D3/fH4DkZeWytZGJX7V006EOpxujxkR/dPEnpl5yLUEAU2s4JShDA+MUBb0X7zQbzkWKCo9ncVBQ1lOTyy5Q7V623iT+84VyW5fYWXR3f6nPriTF83cHQujvrJPjTLrMB1R09nD1YzqaLsv2NXIiGIYGYYROb4w/gJ4lnyGMKe1xivc3uqKylrLCYxFaPei8JYVkz2sz4HHMPHR/VrxPuuMyz9nir83kSBnQynatr2M/e43br19HRsKnaZe45goqPiXMZi05HK8VEiWKGp1CB4RfOggBoVrCwrsgIl5bwlrQpxFZhD/ON15U8YZMwnJh/7tAaG9A4yLVG+J8dW7FJFZrDviA24aFZ4+e+GNkytuX05ECtIRVkmVgV+HuNXK5f5o/UjPI9Gi62NCjEEVY9gGqemUzAphQNDwdJaYB7YwFPH9snIws7xnAC4WnuZqlHtDKNWIb5apfTNoilwtHmoyTAD9kZA3LAU0K/o39QwYfhxvC6ShipZqvrW2m27BjljG3DNcQaqYWhQc9Wy+xBV4JdTsDXk5yS56xjkWJg29YRwHgta7nJrsS2FhReqvlv63QBqOgJ8SaxHFb/7+3+m1iweMBlz6j3qvM2lBDzoxgG5YCHI4jVsjvqpKNKDRQWFFG9fUi+Wp9uEqbauju2r7sh9ofr3iedfczVOSN965ffMFgoS9LsPvjPO19YumV6JGvWzlSFhgU/yy7MQ+QjZZABkikusRaH51lfA+eWnUrQX1BaibQbFO7fKAmGb7UqY7i7O0XkUq95KHVr9WKxLWIwQy40c+9wt62ncG94BZ6sn7S4sXdRLLQfiteu7zJkHCXkpmiEIZMeJnzTqybV+vXHNLn/zbgXDX79T9iwYN5H9dgxTWua1aIvxL9fyXjkvCd65YZWetA0tSTJwwzgU873PiBgP YhsNI9x5 yKb/Z3f1rO46HWIZ6+5JyWTneoFuWdTHpMee9Bp+uNOX5rq9EZvoWPchbh9kmUaqqNUhbGXCS8SnPuGIGMT4XOvw4A1pbRJZMGyoZ7IOpR41BHX5A0N53D7Mp22xDw9BBq34JolwBlVO1ahI7dDWDt9/9r0SUnd2PKuGb783UaCTmcQSemtUIC7zn7NqOaUcuDODzFkuaxh8sKh1/6hdJi9Wo3qr9yPJvFj3acmXgXvBvVyVTbN8c9pAaLxNo6INUta5XCR12oB7YP+VQrlhRv++5QKZ8NH0B2gwcmIXDHXfXOGp3mMcEslqqJ1mRpiiZK563VukBjgS4V9mlWiRz+EtWfEhX0i3Vfg+sbATCq3NiQRpc1Dto/vnKc5R5MLK1VRRBAfjeJsTfrDpI5p3hw5MY24gBQBboqelnrh4M6+H37PtVPuV+a3+rhqPdff1SSCHaRgSLicMJUXhHBKND4B3FLQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 3357625c1db3..96faf26b6083 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4201,4 +4201,8 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma); int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 35791791a879..557a3d2ac1d4 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -328,4 +328,26 @@ struct prctl_mm_map { # define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */ # define PR_PPC_DEXCR_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 3a2df1bd9f64..7e0c10e867cf 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2324,6 +2324,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2782,6 +2797,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_SET_ICACHE_FLUSH_CTX: error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Wed Aug 28 23:27:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782166 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 354BEC71150 for ; Wed, 28 Aug 2024 23:29:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CB8826B0099; Wed, 28 Aug 2024 19:29:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C68876B009A; Wed, 28 Aug 2024 19:29:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B57C46B009B; Wed, 28 Aug 2024 19:29:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 992BE6B0099 for ; Wed, 28 Aug 2024 19:29:07 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 5FE15A91F9 for ; Wed, 28 Aug 2024 23:29:07 +0000 (UTC) X-FDA: 82503247134.02.7D82677 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf06.hostedemail.com (Postfix) with ESMTP id EFD25180008 for ; Wed, 28 Aug 2024 23:29:04 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dch4Alwn; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887680; a=rsa-sha256; cv=none; b=aAEHOp+c3q9TkzczuqHVNNLwIAHeM3VMaqvgdULKHOKQLvI8ucOWEayFomBz0JFYMzT9SY /PhLrvrE6gEcYdXEXpisXFjxCGUH/37SdPIsDRtQLtlEXn1JRPN58WdpkUbnQoMIz6ZaWA Bj+0lxLxeuTzQZecoxdyz2CTsySwhiU= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dch4Alwn; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887680; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oxtv30NBraWOLLwEL/vWBgxKgs+qGBnLi08ra/C2LTY=; b=Ylgn7c+EDJZ7zeP9y9rkiPelH12JUitbJc1mCnqseQU6sex/C1UWkeNfVjtqC81W5tTjNR hnKs/QvcUR5paSEPidMxz1aTDGTYEcNPvVqze4DToYJa7VBGJzmhvUTItb0UyTqd+M+1wK XwMphySuT2O5Yc4r438G0o+Jp0GN6Aw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id D143CCE19B3; Wed, 28 Aug 2024 23:29:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 41C9CC4CEC8; Wed, 28 Aug 2024 23:28:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887741; bh=/QxGsZ7kGu5gcX/2Pir/IdpixOHnIz8YHhHUjvvkxmA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Dch4AlwnMww3ej5URFeoT7x7Lev1k7H8PfLuNI+LwoCFNneQnjJs9vb2zt1U2QD8/ 5vK1WYnGpyFj4up78NnltxMwusYylMmyfidRDyUV+1KYcmZTcg+xubKzz9RZeb6TFv bXoBF/l2tieBJefKx+VWOAEn+ZfXH1EfArtxYqcPtu0HzIDqpgPTL/R5NCzwQVoGWn f4whxK1TPfVIsaZSn36OosZSHprlsnO109lDpcFTlt0o/Jgb4WZ5Nn/ZapHfXI1S8N aZsgbTKsIvTNWrzeCuFTo/G23qMdKgHVaSOjB/ArekHEj1mdH+XWOl27UXr/fOGEAK 9PCdsbrpdwQWg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:20 +0100 Subject: [PATCH v12 04/39] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-4-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1882; i=broonie@kernel.org; h=from:subject:message-id; bh=/QxGsZ7kGu5gcX/2Pir/IdpixOHnIz8YHhHUjvvkxmA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J7DhuYvgHPWvnQp5L8SSC8eApPBM4bB5f2073J OnOxkUWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yewAKCRAk1otyXVSH0CSnB/ 0UYRHqMOQvkJ6ZhOUS+LmaFsZNTO8rFSfgNqHMjXQFWl7ziyzoBWr1U1wbZMbFddsopgmWMSYcf0rw YwpLd9I2lcZqjq3FHDCWwh8SOg+fQ6fVjdfuHVlmu5z5JzU8YZZoyeA31dX2oZMuHbD+9aZO2LD20g kvsn+DNpCft1yj2u4nwLU3gIapk/kI/+xG+ekt4s2whveyu3aa6X0vaIVrlAdi8sS9zLDr2278O/9h PCnTnh+PHA9SCW3aSKj/vMsjPAqZ944hBvr2zYb4oDlIdWaiik3UBpDqqGozZoQkoqyzgi5IAL+nlX sY/TPmQVG7qwODzTybUjKTTE+3LaAk X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: EFD25180008 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: iws9b7fraarws5iub6gfqyuaf3maj9xh X-HE-Tag: 1724887744-403635 X-HE-Meta: U2FsdGVkX1/q9SHLzijJ3QyAiBQmZ03IGHH+Z6nReZ4cJtblkPO3xtCWvZtzmmNSLrk58oPQgPHFfgpYO18JHRy0LhOGekyaW402gWK3PLn4OOH8yMyn52zQtWEMT1dDlmig+Bqwv4V0pVqACQvusQXV/U/9gD+5jn+g48Xe+OtPWJ3XT5xMeJ4U1lBwaMew4SvNbmwQ38qrZeRr2LNlgww/UN63GZ/qTIu55Iy2+8OBMrtWAUQ4uc/ru2hyBrJtCFkDSq4+dVmVhkPP+/8FrTsSDSTupF+LH2g4apetDPDw8fwlrvfq3LANBz8uDXF+hkGIrxho+zqclwzkvju2f0ws/0XJSIRYqHuLrXacmVg/wLA6f7vPaw85u0GWwiVBQhqwjuPBSMcegZMty5VQKIoZTTZHqr9ASp80iwGl2Nbo8pQRwk3YCbKN9WwIkWtp5GB+rpPHCwZLd0jX+MDAjaTBxisfKlCPUIm8yzTwH54MmLSOJ/CTDmbmAu3N7qGbhvfMfsV8+XvmJBgq1L719ox/sWhHYUQoldIQBRjUHjCDZd37uZ3M9uAjn7/zw6mIMh2sd8T0W5d04DADQ3p6XN/D1f+4UcKEoFZZRK30TXjicvam+3pFq7lew0DE4GZ6DR4kC5k2w9zBJsxPtyXrEMeWa2b9EETZeGBcAGaSQWBwcktFn2+vOqDSVEGkhVDLcrMoFpWdJVSUQSnG3LIhRztrAVKvOnT/CGjJIIzpFjHzgt6gMGrE+/3qbNZVqQqut2t+ueVNrwIZzBUZ6/aEIKQon4W7D3CkBaT0Y2KcYQQwQJ6OGJ9WEI/Ya8ZF+JEd6amLXUlPMfR/tmHcCEk/TxD37cudrtJ++XZFoJXZo4XOZ1KJrO+nKrGgl5Wj8XAcw1Hq3dZotSP+6T4yhLT+W5w1VKoPT4JNMrR2irOMeilCRehuWllSoydIcJR/HTJia1jLR4CaIuVvRvvFNTJ hjg9cTp7 06ymOKRmhK6SaLTPMjgg3untd7PsxRY9pt3U3I/WQh2f2l1GSzxif+bL7+VnKBuightZBoZX/i0EGPmDnzhewxXW/XhTLiC1lCnEwJqV6yXefnJq8WuKKaCZwXzr/+NBcYqjOK2JItJbiJVZxmkwZd4l0xGgq6JySAle/uMXIgEpY3cwoAczvklBj91cNAvrnDJwldAzh1QG76nqaIAoKVKd08Ix83yc/T+hXIG0jyvd8muP1/uIHk0i4LL2Ha1cg4BaXSY1ZdpMbAJWaV3uqLDX0uFJGuDu6pGowPWKbWaEflIc5IORd0f3Y4yoXQB7No7VMiPHSvU1WI8N6WMoer0USGl270+vdih37JUEC3UUr0fSsCYvY2M9SdUxPbNcaufHAARFOHkYrFdQT/DfzLp5UPNA3n2FUoKDWRz5qHMCxKMkEVN5YxK0hXmQxrVIYoN4Z5siwNByUnUAssKMzx1SG8P6wibwzdSgXribK9PQePmd1H8fz3379IUYBdWAeeyzigRwmRe3jM7k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicates that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..5e3d61ddbd8c 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack marker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Wed Aug 28 23:27:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782167 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4244FC7114C for ; Wed, 28 Aug 2024 23:29:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C92016B009B; Wed, 28 Aug 2024 19:29:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C41E06B009C; Wed, 28 Aug 2024 19:29:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B09E46B009D; Wed, 28 Aug 2024 19:29:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 92B316B009B for ; Wed, 28 Aug 2024 19:29:14 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 458431201F2 for ; Wed, 28 Aug 2024 23:29:14 +0000 (UTC) X-FDA: 82503247428.17.C3331B7 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf03.hostedemail.com (Postfix) with ESMTP id D4B092001F for ; Wed, 28 Aug 2024 23:29:11 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZtDMwdQp; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887708; a=rsa-sha256; cv=none; b=3K3Vh7K4WbcVod731mlmebVnAvIP7J6gXUefs5csN0YUsNL3ASPRG8m3Vos2ZQNMeEAfZz GjkmHs0QvXp1sORmysCGC95O5bwIa0OezPWvQLo2ktKFxoOVtKJIsgrZmYiNq5hbEWQlqG AlNBekfoWgUwwqErpbG/VKdNGeAPbKo= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ZtDMwdQp; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887707; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KtmuWL5rPnJxunKis4r+zJuOmfs6tLevqw0vcnqTYxQ=; b=ny1gS7meKeLHW8kXo3Al54Q8dXKC4kHYds90bEsFO3hYepZMOo4/oXzJXZV5G61Sgeb4AZ W0SN4vDmbdBedTLL/96tMjybRwqWD1aeCJCM2KrU6I7tGJ+v31FnwbozdHxaYJmgoz/oPr PVfmJhoPp1eXA34FrwVThEBEAGHp7UM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 09C74CE1736; Wed, 28 Aug 2024 23:29:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 76D85C4CEC9; Wed, 28 Aug 2024 23:29:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887748; bh=rOh4m4fj2wClbocRq0H+LpbzuLewpkO3M5BRFF5QA9g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZtDMwdQpJIDs2Rkwg0UYeDSZGl9Kgy35c06eDIK4/xNomEaD++8/p8t2QXdJEAztH wSDe8Jup97ATXtYoBygYSHUOvxgA0EtDFbcoVHiHXkZU64s+4e7QdTpYwjHwYUNNA4 fmXhbKdf9yiRBra8gOySoZ5GyegNK29pluB9SC4oXQpTUsASjznj/+gelnrStbMUCQ mzoDrv+bTHH8lLa0Z0jhD+yocQgZqM15phOtwWzVvG0Hlip8JN4BaxASDLVEXK4jb0 ciKTdIgx29iXFhoHHZ6RBmDIqv5QKOIIhKW1Dsd8YOdLxp4HP/wwySaJA5xzlpY4PO wYLCOROxVvtxw== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:21 +0100 Subject: [PATCH v12 05/39] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-5-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2380; i=broonie@kernel.org; h=from:subject:message-id; bh=rOh4m4fj2wClbocRq0H+LpbzuLewpkO3M5BRFF5QA9g=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J8Z5KYwVa17Tubvy4OA5GT6N3rKn+DrkFI1TFj ZrKgfK2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yfAAKCRAk1otyXVSH0MAcB/ 9SchQoHpvxwB9OxCqShz/dLftqcvRCIWxO9ZgoadV/U4Z50nuJqBdPypaRBS3bZjxOdOISP6XQ/CbU 3V5v+g4JXxiGcKDkpOi/GfmZ6t1GA/fgPZdFp7Ckdq8Pt0Zt/kwqhC/xwj48+HPd3g5yzqtjHeJ9VG yMVnneUwHH2TzyyvgGOyEVPO6GLr8arjGFoQ31TxvfiC+NskBEnNqcixA8MMAzSn+sZ8Xfxuyxmvgi MILIA4dpUWrY3uWd/x5J6+znHC9MOgmcxRhX2X16jFT1Zd5K/rFTcP6Wz1FXTwZMdn/T7eo3Yjz4iO RIWXdgHpzMXKw6EeHaoiWr7gUCLOry X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: zity4qygk68fr9hue6quwxmrojartie4 X-Rspamd-Queue-Id: D4B092001F X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1724887751-978939 X-HE-Meta: U2FsdGVkX1+5orgVnefh20mWrBq+ZPrD8i3UTOiCNG4eBaNRlRwj5Mq7G3LFuWm8nXdWUrkhR+foiwxrC2Qh8hlsecnvMaPgLhTgKp5fZxnPAwx+6KgZ2iZ75uMQ4MjaUMydDQwsGZUcNh/Kon05BUU0Atn9i4c+Nm+tojrGFeok3DC2UWL0IKOQ5M5/si+rUng0Ttfip5kLlpQa8f8EhFZ7OMEKeelu9ut8xA1JfYOzMd33LLswFMG6LxH32f2Z6rbGZ/l1bl5xKzAvdrjRgRmTDgULD/QMXybayqQy2SAa3BaWvqrG5LQ0TcWC+aGKaLaLM6wBUaHbnBzuIbXybBilc1s9cPCy4w0EuB8PcKHfIhv9nE1DFbgoZhqp7RtvPsi2g5ekbJCcSxZkdtGyuzeKAfSDZQxC4Vdjwx1cIbBN6I9E6+U8QQCu/LYu8Js/W+PTHl1JHWaMh6xSrdvCm0hGC5Hr5TEOcKXSircB9bC7d6GktxDV8m2ZjT8lVEpMwgd+eyOnuCp5VbV3g9ekjgPRDMmsAaOWi4eOeFd8XlCcilLvjRt5bZXfH9WcPytTd0PJ4VozkG+Thw3Aap9NnMLddPhoOL87IaCjM1ILqYmoZxDl8mmuwD/1yqFSRyhPLjB8WSwwlU7Z3780synV2akjHYNLNfCKrkSi0kwUuYq/nxgy04cQq/9jGiWg56OnbBVMo+S23la5rP3iTUIbZ52Q45/Q1yUmETeaqkLQVjbsfU/hyhEw8ObmcCcuN2y4yZbOvnJgZUwuoosQqF7Y/0/fVHsQdOJcm3zaQNJ8cuPurJr9C/KbaHAO+Wd70RNtgpR+2Zng8Mk3ruZOTKCaMGw/kyDd0qFYHqlLFlR+T2CnS+7e49XCrMXByDrJUdVZY6LVf+AYUvtTYN6qfsEk0902P100N6BpsNthL46qerH4380hTy4z32qp9wK0MxYjCDdpa8sCdBbeuVhhQIl momaRc8o XBAQdNE3u2+R8rbHyt2OKjfIfKU43baKNSxjAvI9A57ldJBqeQnYhsM5MiU7+YFiIvyyFQYDhs3mfGRnnk/fM+0l2mwlcAneESmXrN9eyIz8z+T5Wzu7jicUJEUna+D1rLVLBeQaxErkBkDdKLsXTmnYH5ISkV2V9uWb5Zgm7vFbtFEytyFz7TKuu708YXo+hE2AtHI1jyRZJcIvclrumncrvkgZR8szvjur5ByA6PApgti52WRL+5fXI2JWwjkrenDOMCufNp+dFS4Vhf1CVPa9ojY9gcMmUHkPGKjQaCJraqmCXvCp0D1rf3HMRp9ObPepzeu2sEBlQVOie7hbF+Y1RC5w2wmLHpB5idIiLPyV3jGlm6QPn9HrYbG616dGoHf8TbqB5z3+uAqeljXaU+sf1ir3xyqFDd9dLemSiGhlC/mNw+hxXoagwMJbZBzmqPO+sEO0j9k6RYf9bE/Xi9vcGrA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is present. There is also a HCRX_EL2 control to make GCS operations functional. Since if GCS is enabled any function call instruction will cause a fault we also require that the feature be specifically disabled, existing kernels implicitly have this requirement and especially given that the MMU must be disabled it is difficult to see a situation where leaving GCS enabled would be reasonable. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..aed6e9f47cf3 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,38 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For CPUs with Guarded Control Stacks (FEAT_GCS): + + - GCSCR_EL1 must be initialised to 0. + + - GCSCRE0_EL1 must be initialised to 0. + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If EL2 is present: + + - GCSCR_EL2 must be initialised to 0. + + - If the kernel is entered at EL1 and EL2 is present: + + - HCRX_EL2.GCSEn must be initialised to 0b1. + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Wed Aug 28 23:27:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782168 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F6FC71150 for ; Wed, 28 Aug 2024 23:29:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EB4716B009D; Wed, 28 Aug 2024 19:29:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E65026B009E; Wed, 28 Aug 2024 19:29:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D53AC6B009F; Wed, 28 Aug 2024 19:29:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id B75156B009D for ; Wed, 28 Aug 2024 19:29:21 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7362640258 for ; Wed, 28 Aug 2024 23:29:21 +0000 (UTC) X-FDA: 82503247722.02.896B699 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf09.hostedemail.com (Postfix) with ESMTP id 19248140007 for ; Wed, 28 Aug 2024 23:29:18 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DX1mD46P; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887694; a=rsa-sha256; cv=none; b=ZVH3zmZmMMYbmSrTlovQP/AJ1EfTqGPt6PdK1uydgyLHVtJ9zxiI9K9W+5Od+r28kPvvfh aov4r6wcZh0wSB02Yly8Ja7JzKlQP93KveqQ2D7niRdui8RJ/o8fGMKeDcuN+5dl7fwlRP vfvx4/mrUBDna+AUABc27ZT31re3FgQ= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DX1mD46P; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887694; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=A/y3BXwdw0pNTWWr56q3hQyKBsV5GFVUemXtQmuFKcU=; b=Gqgw2tMPrJsIZ0O90YRmtol+wEFt33kpFGaP6IAZp0skYv1xUFgoehJRa4lsJHM2Aiibkm 0W+p4u1jwndO4Poay8VgMjaVVbwPOSmGNDRRMODTQtlc0JkZQojjE2qBvC+E0nS7WVZ994 3GgUpN99VS+7GROonlG4ege4AOuBszs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 43C28CE1708; Wed, 28 Aug 2024 23:29:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4A3DC4CEC8; Wed, 28 Aug 2024 23:29:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887755; bh=sDJ3u3Z9GTgD+BJMCVvapSr5AVC498rBoFZEsxgxj+8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DX1mD46P2pPRS1C2iCppJXqv0IYEI+EK6i9kX3ZrSVUX+Zk1uLKwfB+5bX9fekHNP /gooG06oOD+plp5RCyJsxxqa1ZgYXvbfU85IGJ5L2qcmOShO6pogn/JK9TtGvp3912 C+zMCvW669ckcb9xmfupvJ/Bplc/3QGWaArNW3Sew5xG74wBGG6bR8x5YKuO3Adwxx B5b6I1cncaLhZhY53NuSAcmEMvSDoGyS42sXd1St2xBOjiDgM7UeaKoEVdzKG3N7dW RwuD0tvejKCQXAZAtV8WLGUl/JsWkEj+BHOppLG3EZfdeSx6XBzKGt85hMyfnFA8uz 9YuKfOkytt4nw== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:22 +0100 Subject: [PATCH v12 06/39] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-6-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=10608; i=broonie@kernel.org; h=from:subject:message-id; bh=sDJ3u3Z9GTgD+BJMCVvapSr5AVC498rBoFZEsxgxj+8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J9lqOuUcvIfYj36g8oaBcHLkKY4AC+Qd8MRoeW zkpcvpmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yfQAKCRAk1otyXVSH0MZzB/ 9wMWeHg2mwMGmgw+KIetNIZaZdOLE/Z+97rwP71eGcKsLsXoqOlTP2r3v1RLancsZKCKFURSObPzeW 18PvbCD34ZjmbfwVNR+cqzkc2IwnERrDyI9Hf+1q+Dd6ufvamTbF1+DApezrild3ey5sz6RSZ2tcwI 9iezgv5Nlvxph7D4Sy31cMg8lBDMQpxW2v9lyKewl5BHBxn4dNnrSfVIuYO1rPQrCLoVcP+VnGDGOR yCqNnuYKQuKJVDckLLoUvnhbjC0fyvZv/paYguP223fpE6A4NtXhj4oOXWD7FnbTY4XjYLR89Y6gYs WO7QkRwdSGuiNTsP82h+2rCrRE0GT2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 19248140007 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: e8yiau19xak4etw8xziznqe7dw3a1jwy X-HE-Tag: 1724887758-949120 X-HE-Meta: U2FsdGVkX18jBh7O76bXAyQAeEN2nHuZYRz8CyZQer302WhsB0CVgwY94SvGnlDMUip/9de9DZBsLKtc6QWTKduAV4TdfithAbE/8fU6cvbL6E0RQ4XEd4hOfn/GFDUZYBCSRJshmYCBN4bSXAxn3CI+cgJOwf5VKWIqKteaGib8LNYtRfzEyTv1q7qduo+bqIoaDsQ1D96ulOfNY/hd0M/DME+3wpcpbrBu0ch/T6pNeD9GfTCcgTXXKuxJt0zfKV8wWKjSltfDhsZDLooP79jlj+y/FAErEA+R3RWUZf5qcQgqAezGNHfq/EvzMJM8bK04nMN0+U6DmPdbSy9enzh7mjVXpjUT/IzCCgGOJciiZb9LqqqdM3ZbCyZZEmmDlXkE3jFqMEkGdCaAXcu//UIYdGragHCDEiVyZcJtxRShaAXhBiigj7EfckNZRU/5vEKar5I+u9iz03NrUmfPNRYV4LLkwJB5EltjCkf9k1JVTGlAX3mKxhPvS8cDje1FoFaOQ3bNysg81/VdYUXfDEEMu6UXJVvGr+pYed4K+H3A4XySM1VUfenu+dljQTYRtMJkTw138RK4vk1cnBd9h+98OVEz09wnM6gX4n1ZVStireAzP38WpOuP/YjXINvpQcVa3nVVVPEWLdWE9IxP3Q3ISuEMMVOJF9rOUVnoVSJGL08+qzK011WI03IG/U5TYIkoi8T3xnx8fHqxM4UVdcIWO4Ol3l1ZeZTepFKl96HGaGOw1mTs0mWZFYQHVr83reAQkSHILpv9ui3aX6Dc4bDsiK39OMAyN5cObi5PCN5UyeAe7JaFNJhoH/9nUbSfVSst/ebsMolXVysv3Wb1sQ8B+5wsqAGI6cVPtUuzlLf/JgyMlbnI4PuWFpg5zA53UOYQaB1o3SZ2GiKFDCHt+X7o2WSA8WZZTeg5W7KAMx0imQy1mPAqb3XXzd0Hs37gvEsRCDQh+8exZG5DyCo vmiA9Ci0 NSKQgdq0hwnIdDsKvhsStEyjzlcgol8cFQz5B/nZfxAW1Fxsx/jxfZmLKDMfxfNh+4Q0wjRhMA3AQJlqOiiOvvuGVU+NU2JC4lR+URx1tyYB+2OddX60WfD4rYWiIBtSFRq+aFMTn5QkCVT1rMfHDwuj9qdfNm1IL6eeXtL4Ay0g/UBjMr8WKfjfj238mC14wN4XUF1NpfisVTKlD/2iaxYJbShrDeWY9QhzZdZHpc5JbBHqOywWQQakUPjVYGHK9eHcPwpWI3yJ8fOEowxXKPEg6jR6JurlTkM3tU1vedeBfqWFH8Er8Edz7MgP2drMs3PWnBL3dGWTTMapTwEjtGcPYACAiXjHo+ufrSyvg4Rlm4rwFSTAEDOm2S0J+XA65WwoCZhJIxOgvPKg8j6UTfo2OaCUGQB7o9go6/ODhlg/a9EMIlGPcOk2QlQyfdE8FjmdCXqQHEmKpq/rRHejjOu/OWw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add some documentation of the userspace ABI for Guarded Control Stacks. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- Documentation/arch/arm64/gcs.rst | 230 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 231 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..421c953a0ffc --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,230 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active the current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of half the standard stack size or 2 gigabytes, + whichever is smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + with the token type (bits 0..11) all clear. The GCSPR_EL0 reported in the + signal frame will point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index 78544de0a8a9..056f6a739d25 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -15,6 +15,7 @@ ARM64 Architecture cpu-feature-registers cpu-hotplug elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Wed Aug 28 23:27:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782169 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B505C7114C for ; Wed, 28 Aug 2024 23:29:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1217E6B009F; Wed, 28 Aug 2024 19:29:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0D0F46B00A0; Wed, 28 Aug 2024 19:29:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB3D86B00A1; Wed, 28 Aug 2024 19:29:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id CB8A26B009F for ; Wed, 28 Aug 2024 19:29:25 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 862461C4557 for ; Wed, 28 Aug 2024 23:29:25 +0000 (UTC) X-FDA: 82503247890.26.50B28CC Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf02.hostedemail.com (Postfix) with ESMTP id D0C138000B for ; Wed, 28 Aug 2024 23:29:23 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kNcQU5ny; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887694; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=t91UGAePWHVzNXHj3HuHAmZ3HW2R994gyYa2H/IzQqw=; b=xwpjfdeX4bdDSeAhBKEDItcOGDN93lRUmvKCkmU1oceaVhQnhizQ3T6sB1OsuL9Cc3w2Q1 fOXDeDpCd0UZ9y2heNFrtUD/78iBLRrI96zOdCq1VZmCwCaUIpb9cIrIrxTwrIbMr81+qe yqBM6Lm0min1J7Zsi0zgJ36i7Litjy8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kNcQU5ny; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887694; a=rsa-sha256; cv=none; b=ZM3bmwodWPp4EPISodAVe8NuvG9qVCqLbOcZHp8bV+ZVjNRGCJYsCMw0yD9wAqB6W9hjX4 AJbGMMdxae8xHYnGQznQdjGqZU+6exKGVlC6HLpFalraVELQfP5Hf1rPVsB0qBNZ4c7qBe IkUErzbkKUvpADWuSbUOK+efuAipeno= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 0EB1BA4375E; Wed, 28 Aug 2024 23:29:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB798C4CEC9; Wed, 28 Aug 2024 23:29:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887762; bh=4p/cwsbgBUzYKsL2fclAIfpUU9Y3uPXu2QlRekLj7SY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kNcQU5nyrsMetOTGFm6ud7UHZ/GnC48WWUDtMXTgWHntNfYUFLWWUbL9x2wYmUDTy x7lAq0JvS+9YS0FzCoPtxTbjpqy3dltQDe4nreFRosly12F+4B+Wb+N0OvQBsE8bQD UcMJcKi5VwuSPfz3VnTbOn6GfEtR23FPaLmt68TzAf1gDpvvAlmr0hc4FoH6g6T8LM dmi7fEHFLFgHQ/wd35qLqQxoyt33lXfh+qz2JE53etAKJK1fN/NYH0a+3sQkBQIbTb jVUc8RtgEhHBH+qzQiPpSMaOsGUxLEcwHNhLcC9cIUgM3x1hBKYNObyRW8qXnPl/7y jk9bBXyYZiSHQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:23 +0100 Subject: [PATCH v12 07/39] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-7-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1474; i=broonie@kernel.org; h=from:subject:message-id; bh=4p/cwsbgBUzYKsL2fclAIfpUU9Y3uPXu2QlRekLj7SY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J98aWl1pxIvDvuP+c4z7xD1MmZ369TKWVm31vC ZPKg71mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yfQAKCRAk1otyXVSH0DWhB/ 9LgFKRD1xzzF2u2DcCqEwfQNnsJraBn1ikyZXthyso+/206Wxdaj6j6nc8nWNfdRhZgLV2t+fzG0jo Iqy1hG93N0nh6yqsPqlIgSAUqDnBq8+GpuhxlQy/nbpu2V6m5KslRv2aoooWQCcm3+VF9uw8elyiEk 8K1yoV30FcvolqwyqiZIvm+S23v39l+nKYnW8QpvGSiHjSeltbT/rzxCHDZjG389l0YAM7lKEm3bWT BCFwq57PaZOdi/pK9ntm+WT8D25rZXmUhRtmILh9YNxOVifkuPFXQXHfD8Vu0zOZTTR/3kOWXQmrKC aSV0N0IHiwIlq88HTD622I9HTZSO2a X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: mtpd6p7obbid4hw3ft19ryff6ga8papu X-Rspam-User: X-Rspamd-Queue-Id: D0C138000B X-Rspamd-Server: rspam02 X-HE-Tag: 1724887763-166824 X-HE-Meta: U2FsdGVkX19A+kI0u2SXx4nBUf1XomujvrWq1NgNnAiEj4hv8ioiSWJ9iJa/7JDoadA/IzuzdsUlhsH+cGpUhdF91U4Tq6IBQ1u+e02e9lI9LJYgJZluX6D6xbchmOiVOC3KGgA2PE1BWf4c1MyUoU5EsuXoiJ/yfBgDhgHABaYiwAaeB/NeuVO2JALmxVzS6Ppw2vSW4hdOvSFcLlGQ4FGuIO6IN4JSyDLPEPnn4H0zeQ1OU737aol+Cnp0XnH5jqlKqOitVeNkBuVlBGg8Tapm9gwqDrg6UET0lZSYszwNLnuum/PZ+39F3lfFBC+W84SS/89PbOoozA2mO0naDKZV3gYxcWNQ7twybrn8KfxfDkR1iojVW51MefjexwdsfBGa+4GCNiD6bF+wJLXe75P+ihCc5ZUovdgUEiM+vk3A+1u5AJVsQOX6qnARoriZExonze+DB2XUeuih4gvuI0B9MlFQVTLlUURKQ+j8Fa1gZ1wDn3agmbmW7G7lezsrv7ZXOM6APRAMSe8xUyjxXDavYFsItgLWQtAvy3m7FTeYLIWKdpitO4oQO4nCUfe9XV12LlQKQCtpcST9eVnJ4YRzNvkU7HVwK2OSrrmnXNrAo2HvI543j4OW1lvrea/8n8gNM5G4xBTaVCWRodZa5xn9hMBTBi97w9XJ6zGWytI2ZEJ/I9yt9LLXZ+Bbr4+4EE5+lamZdZ+l+kkY2E4dAhmvGKZZaPs3RCXhTdZOdajMBUEo1Gcum4XXilWrxte37TWnr/crCt5tCBvqBKWldZohOKf25UuiHpDDbL+OeiwwGbVk/xC7rOVjsSoNX9isLGn3oz22ZeBeUZg+TWo/pklR7CSQpZNGhAdK8LTJhbEA1YqP/MYV/gNlIvzRVBF+1aMtklLcTNDkGoKy7etkftOmVFwigLhEh85bjQxZVlU4/X/Qx/kTBubIut+OyalnLb/0VMBztVeXxMhYQ38 6qgQwTWk eqm9Cl8b/nHa+HNeV2/fw4JIVL7TVUUd+SoeOE1hoOgUK8/ADuW4o5Rt42q0ni3zM6dit1YvLQFUnZcAZWIK3c0nBEepbTv1DhYB8PtRB8MI9Cvklx4RzleCKiI8oO0uxhZhhs9eOG+4Egjh+gr3sv/NE3EH2IXlDHdpqKliRB7Wjlknnn0KN3Lsc5N9szzrxQGSm6IfO4etDTzXUinzRiLRvvKRr0uhRF9YeXru4Wcg7T//uQx/3tHmKcVqSrZRSHjgbMox9oJ14AtfEfe6Gc2MPDg0/+aotgeJNWMS/naugPVlWey9ilO8+OfGi76vTl+pBzQvGsWpY/LONNEZjYRuXZe9aaqH9wikkND8uOcLywMhSRc//7Cz44Bat8MYFDjp7/siGwwgJcE0mr3ejXXqMc3Ja4cLcKm18mfq+Ot3QR2rZFJuwh4FFQzpUPtPCpSqWMDvIILb1QKIARHXxjJeyrw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 4a9ea103817e..b8d8718a7b8b 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -1077,6 +1077,26 @@ #define POE_RXW UL(0x7) #define POE_MASK UL(0xf) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Wed Aug 28 23:27:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782170 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0ADD7C7114C for ; Wed, 28 Aug 2024 23:29:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9371F6B00A1; Wed, 28 Aug 2024 19:29:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8E6E26B00A2; Wed, 28 Aug 2024 19:29:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7874D6B00A3; Wed, 28 Aug 2024 19:29:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 5C0A86B00A1 for ; Wed, 28 Aug 2024 19:29:33 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 0C457801F6 for ; Wed, 28 Aug 2024 23:29:33 +0000 (UTC) X-FDA: 82503248226.07.4D0FC02 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf18.hostedemail.com (Postfix) with ESMTP id 5A9161C0011 for ; Wed, 28 Aug 2024 23:29:31 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Cz73NrRR; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887682; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GDiBiDdYNq8ED9SV76L2yOU8C3ZBAdCKt4OCwHcTlBU=; b=Ns/PfA/gj3rjRHTP22ZGtQfCwZSubyqXce2fYbGaapajifgZl47dUihhDqUQq/lObB+9aX sC/OQIX+ecM/j1smixyjoAVQ9hGD/U5pqKl3MNmUSfhQk8dssw85+yNumA4ZGoVVwyZ+8O +zh/WPe/gPIcfSZlf7sZaHljjNmkt20= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887682; a=rsa-sha256; cv=none; b=AQ4BOSxm9hgWfnRXGMAV+H8ceAZawj2BimXakslWxhP6XdGEiBs+iIgUSvkyD1JDVzZpTY 7XFbjnWdH5uxlqscRnH3dr5v3V/XuMF6v3WOHT6hBxxLWCcpzExkVVyKvmcLlsZ92KAcwH jise4MrhvPVBdb2nxeo8D/17TaD6voE= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Cz73NrRR; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 418D6A43764; Wed, 28 Aug 2024 23:29:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 162C3C4CEC4; Wed, 28 Aug 2024 23:29:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887769; bh=aZLVmFYMLYBJTw70Mh617DMlgsxzLSY47vsY1KvY2Vc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Cz73NrRREni0I44pWymBuUuv9mgmhh/mGUfqrEXuZyPxUz/ve2fyH0krcqYscrFVT tMOutL24WhWgnJhCgesxrP6spfa7yYTQiyh1NkJ4fEybAKRzvszXmZCgUBQwkKq9sE VgxmZ+u1eRdYssjem3MbxO983nCGoTQEAqyVLgJBfYPRtc1fIuhg6WRtigDI2VyEFH XrEPmsGxA8cPld86cRPm+r/niGJ7uTzbtO9rQBEnZ/bdj5alefscSEt3iewiCuWYvD 6OqS1IiU1mcHmeogoCIioQU2NfnYrtgcNiVo1w28Gg/BYVb/Yt5Ewwk97kP4pZ1bf0 qwUFdbbcp3S5w== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:24 +0100 Subject: [PATCH v12 08/39] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-8-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2696; i=broonie@kernel.org; h=from:subject:message-id; bh=aZLVmFYMLYBJTw70Mh617DMlgsxzLSY47vsY1KvY2Vc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J+2A9wTYcmLu2ffzfaieFLiTCxyNWtiE+1zEeH 0PrWnyyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yfgAKCRAk1otyXVSH0LRGB/ 4rI1hq2nzSZ2Uef0emQbgrJ8nFepY+ZOc8ZtvCPyd/vbAbyXpSDqKwwqpAzmcYvvA7SJoQi6/acUeH Nez0Bb0WVz7kOorJZ+0bU3O0ls8O9LiIg9n8KzWaF6gKhLVVBSd93v0GcJsEzKzlGmwCstee/V0iSl N6XEkqzM1Yuq7s+VNhQVDgIcPU4VmjUsTG4M45MoxUWTh7OXNFl18Be3fp4KIL+xD7erjymuQeINmK lRSukIEzOGIQMhJZAfICsxu3SidH8bp5eKEQ0PDTJho+3qFutI1iKJeMEhUVjlebig3PMqx/snFbE2 QxNe3eRH55+S8miA6x+CDGEkrWtSsD X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: n7d8zgoj6s9itmh66kqcqmmsb4ohox8h X-Rspamd-Queue-Id: 5A9161C0011 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1724887771-311252 X-HE-Meta: U2FsdGVkX1/Mqykaw7th1w7F4ErSohpg8eYzJBP10wuABdspaYWjkZOUkDWXwYriWfwGQKUklMfq0qSMSPSBaQnBfMwMmopxL1GnxI7ML5e87B3coeUqrNZxxfBjvXNR+4+bjQgMkXbxJXq2Hxl9qgv0BBBTdd8FePdyqbEPtiVonhHVTP+dZc/TBLRR/WTfNr/JM0Qj0g7XMYinlXNV2QVn6xAm8PqukXh1qBwow7jOf1+kelDC3jztaAmy+IAvY0RaeMNsdB2GZe8Ui0Jke0kVoHF9J/gmX7mG0l2K2M0z8+Kt2W31daODSX1NRKfeGHlVvPMukyRQR9rkwYR4Uz0AzhPW4bneSU+upVzF71Ya+3+bOkvtZOq4Ba6WmL7muddgiTtsqpbF5bNoJEz/X5a4ZqTqGE7eynsAzBm9yNtpe/QxEROuSV/+967O540h4ifZKS+lkQECGB7mDcBamrdsy+Bz51bjyGjpWED6ioHhms+fEwQr4bIRj2KKC7Sy05pw/22qXTKw8vUglFPPnP9JYxeh4e6UfzFrv6CLD3y7FoKD3Zo+FWVjfmztpJILMDE0AVSjfKgHQ0o/yflWil85DLihtwSCvGrXYfSPeSmHlzwostXgTvN565PBi1f5xfTuzcEje7vnWkfg+z+N09T4fXrwbem5iczbQa/fGcsHgmoYnMG5luRY9vz6TlD7xCb6GDNijoH5ioTkbZ7N4YwM5QG7tidQyivgAJkbtnqgpGIxmvh+pPu1I9+dXceZTwBpvnxCSGh++qtitGS0BX5GAfntxNjetVSYUJ8WTQbwWFfRP8BsVA+9YUvoJ5i1xWoGpEMl+cLI1WNr30Tl0AZCcmPp3KgwiwF7f62rWQTCsSQvyUPCptOcePOnF4Q38hSfTV1U9hvt2UByG45PoiQgvlH9Ohzn6VyUyb/8CP0cdeeIsXJOOq0qKs4IoJYCAh2FyENjYmkB93W7ZY/ VIYsMfrV MdUWyxb87uhHdNHmJK90VJd+8NOQKBheIucL+qhSwCGOJsUopP5GZLNWeoPwtubvAp1X1qd+fs+BDNClTUFiJ5dylWb5oyqlC38ksQU6Zh/+YNcfWXD40+vXH3b/GJVWLq5sYRPGu8kZermrwSq3wXS01s+FD1JVO3d2M3i+IMccLrG330BjSYmoXzuYZTKTUSBv14/jPTrI/CD+ZOQg5f0JNJXEHthYefK6FwlGroo9iHVZSfQ882DGJGNTQma2oB6VRRkXFXSWdw7+xso/fEJ3fdsHizaNMK30LgPwWB2SLf99e5J7zceh3cd7RI/ShSeSjN3ZNSgAVIUGz5EVebBw0Hpq7g2QtztJnPH4DhBnI2tZGqdbJSZBT/VmPoomyCDQ0M4uRuLibkXYheF31MffX5OXgJ41W71IMCd/IsIP8bABb4xawoncQfttsvbwLhoN5IBxygFRRKt0XMtKoFniukw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 28f665e0975a..6aba10e38d1c 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -502,4 +502,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Wed Aug 28 23:27:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782171 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3452C7114C for ; Wed, 28 Aug 2024 23:29:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F1A46B00A5; Wed, 28 Aug 2024 19:29:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A1176B00A4; Wed, 28 Aug 2024 19:29:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34F216B00A5; Wed, 28 Aug 2024 19:29:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1505C6B00A3 for ; Wed, 28 Aug 2024 19:29:40 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id C25528020F for ; Wed, 28 Aug 2024 23:29:39 +0000 (UTC) X-FDA: 82503248478.04.2432FA4 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf24.hostedemail.com (Postfix) with ESMTP id 0BEAE180016 for ; Wed, 28 Aug 2024 23:29:37 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TQCBLNOT; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887660; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mVmkXPANuj1zmFdxUYAQ0m1q3qhbhMjfYc3dEWQndJg=; b=6DwwSDDpSjTT+skMuAgbSVd/gq8baySO5avcc1LDDxubRJRjA3PiGV47ZZxNxPViNl/Uzf 5fLrFMB5menNWC9OazPNFnriZY0o4rQb+18bwrRyfvDVACRelhBJ9LQ/nYO99Gj+UeleYm aH324696bXzT8fyZleEBoXooZLahMwk= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TQCBLNOT; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887660; a=rsa-sha256; cv=none; b=owIGggHzm+KfBHJDRyP62zkosd2Ko58A7wNviSDakUG7V7T8s46en1SR553UcuuRisEg4b rLI9pneUmnBxKk+S96ac5iu6WRjmFGeQQIqJRqo1sFNEH21K5J1qcg1IiGBfuiOc8jkoDg gQ61quIPkUDNOV5xvhD4O01awxbD4tg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 6C8E9A4376E; Wed, 28 Aug 2024 23:29:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 509A0C4CEC5; Wed, 28 Aug 2024 23:29:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887777; bh=0WRESyvBFvhlHiGA4Y8lOQoOddezzHHj49JAXCWn5As=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=TQCBLNOTt4uPoil78DH70AOWVpIT6LIQ5JGnF8pCl9Kwb2+T2aoH8vA75dLA88j4y KzL26gabHDxytCwlUFatG6fR1Zvr5uTqt2pShr3pPCTMn33PxgrgHv/pPqIxtTLFnQ Ey1twIbnnj5qLHrSSrYYGfsUjFldPiC+SUfCZAAFNmNW+3Xa3o4eriYNIwXnPNhtWI 1ohkI3dobfcvnJLKqjUPXbtK1H5vOU58SMjFghxknNoLATb+4juyD5w/c/Ag8Wp2Ci OtqF9pP5xADxmHSkNwnT2wu9pMyM7UgrrXlopqBfP7xPJ5s52DOIQb4ZQoKDa55z6X 6aqd4cZGM2Mdg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:25 +0100 Subject: [PATCH v12 09/39] arm64/gcs: Provide put_user_gcs() MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-9-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1159; i=broonie@kernel.org; h=from:subject:message-id; bh=0WRESyvBFvhlHiGA4Y8lOQoOddezzHHj49JAXCWn5As=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7J/KST71VyjmixMxH0mLOiq0X9OEBGYvS8Br+Qk rapbHhCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yfwAKCRAk1otyXVSH0IEyB/ 9dPMuvqOeex4MLAMJJV3WaYG8PgSfjupmm2EgWeN3PodFZUAH1v2ObWF8R8GWSN47b867WTbPrnUK2 E/z43W2Ch+wVpTSLr0+bF7FvoXBo0Zw+4qi29psoG61NIvksaICvPytuz4veHug8g84QxMfdgBrQJB waIKJHxR3e1CluOtD4ERbimgFq6MquNG+8P0BrwkJc8CIWY4jiqKIf2vNmE2qBHtCKZ2jw8/yPZqzU UMi4CggPBy3S2pqqaubqBzuXEUqXzrbZc2hnNo2XHtn6LVzbBO0JtSHb03LM2SRFNANo/InJvS0Net +SJZZSugc6TOvTjh1Xb/ZHbpGii1jW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 0BEAE180016 X-Stat-Signature: ntw4sfsgwsgt5c5hzuf99g9m8ngq74mr X-Rspam-User: X-HE-Tag: 1724887777-592624 X-HE-Meta: U2FsdGVkX1+mOgZCx437Xu3K9VQzHWuI5q7ZgG5A8Rs/oJHGitg4e998r+YDYyFJPUw9eKJUCMXyHRCaFd7emAlAZbx41Xrqgvvx3jBTWKOzbU9cfccnSJ9fvjXq5R6An82HDiRLPiiUyTN+FUrxcEZPTP0L7F3fkSRdPDPzQFOCg/RFuDqRTVDPlOIpMx/84nYGVXExR0fzhzqjWkl3jkylLeQWQMjxIRjhHjw3PrQ8CsnMBY9Qrx0ze0ARIm9xrycibsxVWHevN5oGXHIcIJCnkMmfbHij0sMJTaYgwgZSjuDLl6DvBRTgWBnvG6JbIPcdrhvHiN/Cy+2Akn1xCWkmeDAEcVZAvm5CWofs1RBV2gPpBuJPHCcvdysGMZ3TbV8Xq1bz1grHjbxt5vm6AGd0zlEbVFafnR+eQsAaQ+nTWENAOHsuT8e2bHIBKGhRzRUwF8/FciMqPLSjY7vNrQ4wPkRJ+ZtoKXNJqPvBVKP6JOS1h4LZhvXp2GAy2k7lawhnQbJeWbk4Yq2cI9wPRDe8FLtnzW95NEMe8k+XeYUoKFXEuH8qQRMYGxkdpRE2cuLItKrxxbCrfibAkKj8dEFhZH8PeKf9eHmJdLcQnFol90jvZfLgoAtqidPKuX20H6iC/mkl1y/OBA4BkNZVEFdMuOQYFwoBHxVoJO0zqlX8cocuBRjRF3m66jT2AH+7ehxhQL2R+El3cWu5CE1or4qXL5URlhpL1DUnGD43J7z5d/6dc0F047qrgnmOBp1Jtt0HqXuf8H5jFqx2Ub8yUXqKkL9gRCAQMUZSyNcG+6vNd43wg0PdmLRTE9GP4nGnZRuAYekMWdVqsrnC2+Q5LLAU1yGOmDWWtd7zmwKrx8lMat8FZ9GPdAcqm5LVOlDLExrYxkiNKe4tQqMx8pNVXftyam483jSYQiDmAiwR6usBQL013BorNHdLmfb/MVQLZaMMc/tVcaHNfveoj1X in7MY5WH vh72s1iOqXwRme5IGLV2Tt0i12WmRtmHTCgL4Hu8s7F7pkN4S0rFKKqm5k93TU4xWiZxB5ZBTJliDJGrU1IRxSp7O4X2qHcimRvcF2czdzMGfBKVRHUEcrtxh7zdCqegppHDaCgRvUN+B7JlKxZWultiiLky7GQrcIcwgzX+G5Q9R0z3Op1HOI3+MoieQfSXXgK3VI+NyrX5aeU6xdaHr7X8KWVFsFoQtHNP6pO2/pA25zor7MjPrDi2afy1LVfSTd/ZeakYuU++1HSsLvM8ZlAE1ZDP6iEbkiXCwFBbT2LH6fQXz14sr0qHyxMJpygcST1L22Wqzi0Jk6CCLafBmi+0lF+sZIiwBtphfVw7qdWhs0psU8sqH7oILaN2XLhtH5iPQ0Ih6lMG0h3gV6EPCORE4+qpicuQ6Qb7+YUJVwp2M3K++ehQrHetvtcduGYmy222PG1n6BjzjlkQ3da6nCoxaCa2i9dmh7v7CLKxGqCETBet/FFdn0EeyMog7sxZ4EcPwlzZiv0GdE08= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a put_user_gcs() which does this. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 6aba10e38d1c..ecdd47cf1d01 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -522,6 +522,24 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr, + int *err) +{ + int ret; + + if (!access_ok((char __user *)addr, sizeof(u64))) { + *err = -EFAULT; + return; + } + + uaccess_ttbr0_enable(); + ret = gcssttr(addr, val); + if (ret != 0) + *err = ret; + uaccess_ttbr0_disable(); +} + + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Wed Aug 28 23:27:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782172 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3ACEC7114C for ; Wed, 28 Aug 2024 23:29:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7FEE96B007B; Wed, 28 Aug 2024 19:29:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7AF076B0083; Wed, 28 Aug 2024 19:29:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 676B26B00A4; Wed, 28 Aug 2024 19:29:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 4A5F26B007B for ; Wed, 28 Aug 2024 19:29:47 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 04FD5C0226 for ; Wed, 28 Aug 2024 23:29:46 +0000 (UTC) X-FDA: 82503248814.04.EA4F1EA Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf27.hostedemail.com (Postfix) with ESMTP id 462CD40009 for ; Wed, 28 Aug 2024 23:29:45 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UTt5Z5R9; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887698; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=I0MAQz9CQYnsW+vxTFjK8uS/SVlHXdUF28PspKF8Xqs=; b=OIGKxfSR5ylgiBa4jb3ORc4kmfYwauqIuQ86InlWLEj4hKL8PBxPCu3/I9wBYHyN0oPpS+ 3j7xPpQ17OapHY3EgeBMfduLgoVwZoo8Fzt1y3D6Uc9QBCpBtDoyWXUaOxpi64zxHwSnP/ BO7Jbc1aXdpXGj2V9fcbSmdHQxIVWi8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887698; a=rsa-sha256; cv=none; b=shnv7Vcw3WOnXm8wKaovhoEO3xtU5ZRFH3IykgM8yDad2KC0u7vFvLl4Wz8anYOoJqm1yc W8QSVcIAvPIFJuAXRwt9BxDWT3Tw5GONNecrGCMo+g0S9dPKtKUv+rClDVhYK10PI7L8P0 JsT8O0QoXtgUf9n3UIZLnQlCVtA2eoY= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UTt5Z5R9; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 98A11A4375E; Wed, 28 Aug 2024 23:29:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79C41C4CEC4; Wed, 28 Aug 2024 23:29:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887784; bh=3PCkZcUSj968cQtTDjlzona7eSoMlRvIMvYTHUlF5zg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UTt5Z5R9O9L3+/5QwmzXLa0NZOyyFfOJvNEjdjsou5sYGYQDRTvuWaDX1alKAOM3r PlKZvIQsEyXMPw14zormLU4udP4t90TY41lquo/Zt2XZzvTiEF5gjVphHd8EJLzRLC P+j2++1e9WN6x2mQmznqNIwtsbdv55cIDxKpuSBIPiQBJhaGwvKJk7vFWk9VoLtfO1 iQ4uNzq0QjpqxWA0pLbpi4l9Uzg6snFZfoNbr/XjnMQEheyhlfOY5Q5pebN4ELHSCN a3gyN8SMoG2g2U7qkibyWiBE5onpK6paLCCsZiYsY3GokgRP7lgu4Zvfv2ZXwMOvog eMFKSeRr8WCuQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:26 +0100 Subject: [PATCH v12 10/39] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-10-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2350; i=broonie@kernel.org; h=from:subject:message-id; bh=3PCkZcUSj968cQtTDjlzona7eSoMlRvIMvYTHUlF5zg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KANWZG2hh16VubTD5fO6Rw8TQa6E+JpUOJeRjf o/z2jmaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ygAAKCRAk1otyXVSH0BStB/ 9JzYqvtihAZIiZE0UehfqFnvL+Y7P5f/SIYrMDhXoNsieqAPH5A7T5d8Y1bIohg98VNwdg5w4oSCiW IvqTzCS7J122yXyYslDcQpnpWDID1OF4fKKO3ctjEkmGQAKDimom7bPTI8CmN9SRcJjQ6MrUDDI1/2 NlkwdJFRKuqy9Ktus3cxRtOwnCM3oAys0EXB2tKsO02QinWHdzMze5hnM/eR7rdP6knSPR+iV92uSf FbbV4o2RswyXeZwGtddcBmDTDmG7C3KCNsn/C41uHvNHavqMOspSJMyqZy6kQUJqezSFaqovv4yZb4 EWd0RMJuEI1s5UNCl6/d+NUL5sxNZq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 462CD40009 X-Stat-Signature: eycd9wg8qo81z8f367kesa9oqqx9fr5w X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724887785-542617 X-HE-Meta: U2FsdGVkX18fL8JBXt5G+/LGDsjyCjadDmfGU8hUQ/fREnHx6rVJDF0zGoKPAj6wyblb7xy8HfwSZHzrRz/xPrII8+TSLj0QNOdUQcuEPxR1nnpuohsRpqnXRM7eIzymWUTn6sLze5b8CQRd9QZizE4MuqhsXFqhDc5uiOieIVQZFfkoMBJcSaeM2ILRz2B49qe9zREbxiIqrQ0BdP81/DN567jiK6zTEBkSkMZBFoKW+uppAseF54gbr1EuXbK+TkDiLOJGMhG7NuKI4JtwIyQ6W1LPhGyCvylU3iuhXewq1EIWpf70uw6AxUSBL2GD8AfCVwDteNjBofXP4XPPaekXfpO0iRnaUO6sAGEYVGq1JaG/NQzpmKg/k9DCTmNpYCR5/FUiizJhJegczPm83gHoxuX2L302WY3dhbQ0+ubWhT/JuRbIrOiC0YYwCchwOE2d9CNXh1n6Ler+l/JiEu++JvNKX4sNF0Ky5w2WjeorX7CvY51YuO/TkExQc7ne+loRt4v1oQnxwl90P5zMK8EI6y8AHUdWamMIqqWi/5UPynXQ8eMxDBWnGK/GK10Fnqej5wT5/Gt+GB51Ewphm09zNW8cCQXGregqSWpspav/L1zpy95U42x2wEBqZ2an+b7msTxiZ36aHdb5Z6eieb9v+Nf+RFKInHu+z4QXUSTikzManBebwYMDjUad/hhom8pau2tC2h2Dx8pxX+l9k37hA7NQEx3qVQRq9F7eP6lndNoXo+kpungltkSSBpc8dQ3nWsJKVb4/FW+BtnRGPMnYY8T3K5zCUKDStVOKPNsuvTg6PXkD4xzOIxMWL8B5/bY9tJuBA8+X2PzCX0n7QhA+lbBP2gyRRVz5w/531tqDL3foQuTIJBtFciT60RqPVOUBVGjczJM535/JxEskW3y02j/L+Cs4nCi1BS7+uqTQiarBqqL2VzY6MncewxyLNKmwOLB7M/aYdvpTmLY LuUknV9v rYafL/Ua63yaeExUFDEbnhjdoqdgd5wSh4mJM89dJrrVtYVsxx1ifXkuPVsTe8oojiweaYH7bL9Z16W35VLQYtSE0xMe9ZdlFxbqRgaU/4eHokezQahjWhLOQ+xcE68cchVfHif4EI4cpJMZKlB96TSPdbDfDygZzBUw2vfggF3/wxnOrD9ZgbdJnIrJrQ4bX/asecPX/tPd+C5a/jVUUGiFFWqB1BkX6pAHopkxuumBn2j8RVUmdtSWxz6Mpd4zT1j7YYShNJLAG0nqGxu8bnGQ4rHP/UHqogAb61HAEoWrZlnnT0GW+7Sj+B508mBs7tuDCK2NO4MQT0M9SAdnR7lJUlaG2pDTJxYspYJuA52xxm4lUqNj7zJX6U4rw70ISpvJhhRZG2CP1Hz7O6GzyECFjX8adHzwL4dYLYG7NTL7FXPwJcDkzv7PS0nU6S/KFXFcH3PqaeyQ9ri1chlSupJBpTg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. We also initialise GCSCR_EL1 and GCSCRE0_EL1 to ensure that we can execute function call instructions without faulting regardless of the state when the kernel is started. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index fd87c4b8f984..09211aebcf03 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -191,6 +199,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 @@ -204,6 +221,17 @@ .Lskip_fgt_\@: .endm +.macro __init_el2_gcs + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lskip_gcs_\@ + + /* Ensure GCS is not enabled when we start trying to do BLs */ + msr_s SYS_GCSCR_EL1, xzr + msr_s SYS_GCSCRE0_EL1, xzr +.Lskip_gcs_\@: +.endm + .macro __init_el2_nvhe_prepare_eret mov x0, #INIT_PSTATE_EL1 msr spsr_el2, x0 @@ -229,6 +257,7 @@ __init_el2_nvhe_idregs __init_el2_cptr __init_el2_fgt + __init_el2_gcs .endm #ifndef __KVM_NVHE_HYPERVISOR__ From patchwork Wed Aug 28 23:27:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782173 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83EFEC71150 for ; Wed, 28 Aug 2024 23:29:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 196C46B008A; Wed, 28 Aug 2024 19:29:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 147146B00A6; Wed, 28 Aug 2024 19:29:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F29DB6B00A7; Wed, 28 Aug 2024 19:29:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D382D6B008A for ; Wed, 28 Aug 2024 19:29:57 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 8AD5440233 for ; Wed, 28 Aug 2024 23:29:57 +0000 (UTC) X-FDA: 82503249234.05.51C70C3 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf25.hostedemail.com (Postfix) with ESMTP id 36E1EA0006 for ; Wed, 28 Aug 2024 23:29:54 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vG80HCEq; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887751; a=rsa-sha256; cv=none; b=HD1Xzzd0/RkvxBwK7XCqvDfeF8KrY5bypPmbk8wpORUSY/niTLgAbyfgsBV/bJhsE2uNXh jZHrMUlVrmSP3bYYWm4xM0psRUof8QKMl10IGr+CiiCmKr851Q+OyV9jbnKuk9+Kr4PejO D6UfFhdyskpVj9ja98YRtvWcrlwCK1s= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=vG80HCEq; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887751; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KcO1ZZIkk7irGxZ5aRTRizUv7fYLoyn9wOnJrxrxK7E=; b=vvTOfWk/F8JypdDTxdFT+rb6ldMbAr9/ubv/dqwXfp5YvguP0bZbfusYlS97+dArFtKYVZ cUxMf8a70iSI+aXZEGr6YznSrgCl5EY3o7UBqlyVFaW1L9VQScySke8jkdVaYwY31ddMnD AzeW3V10KTDXYKNL3/scv/wlI4WBkuk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 38E22CE19B3; Wed, 28 Aug 2024 23:29:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A7CC5C4CEC9; Wed, 28 Aug 2024 23:29:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887791; bh=sqQ+QKkmK52Q/49cSzsvA/P7PZLEWrgUxaLRjQV/ejo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=vG80HCEqvwmLnCMPkEsueZpCKLk3qtzddeKGLPDggKc6vRzBYEVS7ER5zmIqb1k72 NJ1WLhLlBb6yY4yclm2dLosi9ZONjWf9eYlc3C82IixUyhBSDuWTFQMAolAUCMkM9J 7SjJdVma1a2/j3wYaNDGWvEO5/vHkCsBgW1H+gnKDWcWZ9zsjhCM3a5ynw7GDeZEbI RYnwHTKAJIGplNTJjfF6wbBxz/GCmTcN4Htny3mZyzgJCqIMielS4u829nwbK9k358 Wl+yTMciBXNs+qpqoXOF4IimaaclSmXDpNXC1NnA2XXJfC0lOLhxIv+qaKPAwihBnp LgDRVDOFqlr7w== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:27 +0100 Subject: [PATCH v12 11/39] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-11-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2509; i=broonie@kernel.org; h=from:subject:message-id; bh=sqQ+QKkmK52Q/49cSzsvA/P7PZLEWrgUxaLRjQV/ejo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KBb0D7nRtPjG+I2opJk4w/nm2oBnx9CZM1fZNA klVt8vmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ygQAKCRAk1otyXVSH0FsFB/ 4jYAAOCvMcLn76pgsL2eJroEr/+4+Q1QK1oTGp2N5IIb1Gio3ea8VWw98RqN1INA8Mr//fr6P0TKYy btsGw20wDmKwt5jWc4K/dnC+VD8mes1LfawGk0hby4u5Ca7dMRld+UYbTiAZ+i6NPw+ncBK0JPmdWL pCOn8dL8Z2Czjd8hPQmEIEzbIjmzRjJQpPRYGtL1HNHJf3xYN3Tf5HJwqqcrk9Rg6BUiehboxjX8Q9 OOLqAkIsvVPSqD1hbZ7miFEFFWfduQ6zIILc0lwpyTF21OKBGEGL4Kb2q3rYqKOEUbOEeV0dawvxBS QcMYvPUxZ4tb6LAVN5gvIu9lP4qrET X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: d5a9wjwwtseio4txmdx87pbe5fbt88sx X-Rspamd-Queue-Id: 36E1EA0006 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1724887794-254738 X-HE-Meta: U2FsdGVkX19TIlWzroDaAwSJUH9H9fr1ZUmzl839LLw5vp17emCLvJ1uEkmEpwZA+7ZLkZRPnonjrnWYGyFsJOFixFW/OZkM6PBoH1asr+GACwmBz8U3oXfrJ9W5vgI9IHmP8tbO5b651iU8qIgdHVskduzY+/FSkaU9S/oryJea2hnQudbkdNw3fM+B3tRf/41BU0AZkY7rBSBKmLy7sUKsMvoO+kRFQ89tPAHDJ/9a3y5oeWfzJmTo9n95TrBCio4zgRo6V8ZNCX7zdX/MzRsCKCMnmm6M8DanWymaKKyl3OQddEpslZ4ZIRpq3Qu97BCf/InyKiZXTJsUjfmbSnma2UzW8maDnn5TadaND7nO0n6I8dWWL+JQbP52Gj3IGtFnLoTpZWaS65YsEJnu7E+6YJDccXlZEXYKNr8k2LTBXxrr92PmJjlc1ho3DzQNv/dSX2ULsbsTOnfEq+FzpBjDbZSX4OQ2gvwdZP3r9YBh8OADociNjgUYhqg3Crfog2296Copn407ywXjh+Q/Q+dLjT2sAhy/hAkdgIDyedGnxogzU+W2ynOh0GVoaNabDfYGURli2nDerIiA9H9tmBADRJWb1erQprqMnL6EhcPfxWDtfApj9w/Zv+SUMPpv+rb9XALVHFeNsQyhChhfwbJ9MLsUZdzfev6k1QH5lKYgG+hCrg/n7tXUpA9Wa3MnzGqor9H3oiA7F6hVrYpJlT7t4A1xfLVa5KMb8yM4t5Uwji6I4mXgBMC+x3a7J10bUYFgbHkfFXgxmgs8/YDKNlR5kWgtdaj2kM2c35CiRrBR5eHYVE3fyFA3uHAniNRQYkigkZ49f2lPUm4Tp9aBFUfDuMCN1TSllHfFOPJX1i8cgab92JGLzv6zZXYu0ezk6npIPX+KZLKqUhZn1SmcPjsLSy8mpERpfnZFsRkSzlhoC7STG+lzhdEDtAPYgtopgRFdGsrJl2hT7LtMTNp PG3DuQnI CxtGFdhlyOt+6GTSTe+KCQWKVrENPVnnb9bB6DtSNmxrQAp2FyeK1PZS6eLQD08yAPaeRHB+K2VN23qlYNDyf3A26O9LDbkyR2mCHB62AqJ2QMroHYIVdnOmfDwRkPIJdgyNaEcJqBgzSzMt0nuA9mwBZRhfaAlJdjGEetXk6sR1wwGcKM26a4gSA3f57icMhfJATdqA7+XTkBlS7ZR9rwKUxyW2RlORb7LCWNlZNP+Cvwpb9z9wnLjel+m8u9XQaQcLGwCBoCz81to97kJ9N/ncLebPUKqz3UXqZr9ROYcWJ37+/SA7zPV7qfucUDDAegETxro0oj859czHrj9zeKgBg3gxr/RtT3ehNYMrYfXMztdCrjgQkK/lRmDGIu18i2OoIVfi6goGP5mnD8ImUBxcUQ4qRfYcvuynrfzzGaN0ISwvAj5tt9HskxYERUQCzfIHJXVq1yW6PFsZtM3uI1tO6YA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 9 +++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 16 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 558434267271..e0f0e4c24544 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -832,6 +832,12 @@ static inline bool system_supports_lpa2(void) return cpus_have_final_cap(ARM64_HAS_LPA2); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + alternative_has_cap_unlikely(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 646ecd3069fd..315bd7be1106 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -291,6 +291,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2870,6 +2872,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = has_nv1, ARM64_CPUID_FIELDS_NEG(ID_AA64MMFR4_EL1, E2H0, NI_NV1) }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index ac3429d892b9..66eff95c0824 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -29,6 +29,7 @@ HAS_EVT HAS_FPMR HAS_FGT HAS_FPSIMD +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Wed Aug 28 23:27:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782174 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE900C71150 for ; Wed, 28 Aug 2024 23:30:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A46C6B00A6; Wed, 28 Aug 2024 19:30:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 42C836B00A8; Wed, 28 Aug 2024 19:30:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F4416B00A9; Wed, 28 Aug 2024 19:30:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 11C496B00A6 for ; Wed, 28 Aug 2024 19:30:05 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BF3CFA0233 for ; Wed, 28 Aug 2024 23:30:04 +0000 (UTC) X-FDA: 82503249528.20.9B838FD Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf17.hostedemail.com (Postfix) with ESMTP id 54FF140016 for ; Wed, 28 Aug 2024 23:30:01 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XuchLGfp; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887759; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5Z1tucCNQa+F9YdCKLWtuu4iQk+trJrcNMVomy7KTBs=; b=aqkLyd4AgSTCXb7TQMJSsTsCfIJRvPmVyB6vVsH1qpphZvurUVnjzGyWUjZDsVVaE3DPgM 29lzJ8TWT+xHJouwkOXKxkNvH1zjY1adOwvNsMt+TzmvQva8/ljKN9GgWwmyVvkm0x5thi 4WXlUyNMQ+t1cG3Kce7oVB91HzSaDw4= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=XuchLGfp; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887759; a=rsa-sha256; cv=none; b=u1xtCc1pRryDnvNB11rPq1nJ8FCWR96PMLNpjZT1Gh+S4q1x+T1ap1SGE26LAuhh2qn8kP nTlNsQC+QESwfghFiUC26P/oXhQ8bodcXOSmSe735L6mlqiLubGWCb/WyLG/KaAMMz2kw0 vWW3uSluLY+tE8z/eaB+23feKoBso7I= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 5C37ECE1736; Wed, 28 Aug 2024 23:29:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4708C4CEC4; Wed, 28 Aug 2024 23:29:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887798; bh=HBIymMJlJf7+ITwOhb+j59rN4WPQGeznsoeJKujezak=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=XuchLGfpg5OGC29+xUs4tplER41FbxWeXpPKVwAao9yigT9A0vzLu7atvegblnWF+ l9n0lbSiCOwQOVqWPFmMwZ1ekCxohBLhxIZlTDfvhlHMYoLVZI08jkKtMiKzUjmCyJ HXaPWb7Ph7Xw++l04ZvMGyciJbqPUY2k+kTF27pDfK8ghBeiw7eTIvye3AUkkz1u78 6n0WaZY6WuAU6cMUUkD6py5x0AXdt7mK/+Q5nxwlcrX9FL1hWh3+RdOSLrmFC/Z+iA VwV99HdP/CYpHb+hNifkAqUX+HWxIPzuli175SpswLow1sDMGQsJ6xewd1Eilts376 aMj66DaER4Yng== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:28 +0100 Subject: [PATCH v12 12/39] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-12-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3084; i=broonie@kernel.org; h=from:subject:message-id; bh=HBIymMJlJf7+ITwOhb+j59rN4WPQGeznsoeJKujezak=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KBw7IkueYw48dG/sRyNikrfDrnQy9nMXT3KbWR xXEWMBqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ygQAKCRAk1otyXVSH0CGzB/ 9FpI/8Nvj4l3e3y0PhdlgWD6cJmpnUTWZm24RKsU3fbtVsmMEvF3ODMODz0uFDiL1/lUe63cWHGkvx Hayy3os5dp5kOAHOGPUEn/4XN2M79ssNHm7FbaM6+IVxsHoWOQm6JNyQi2nae5oZkjwAdhs/mJ4JvI 1cVV/RtvTwu7irvFTTH7T2lXgJsyo5nQ9CkkSoetnG0WX5MeiT5WseOUdX/Nw71e5CWMAt3FZ3WVpw kULf7K2sNZigyVBgAFwDqXzzJF4vlIWRJTVbnBJ2yT0BSWPHSX1nKyIQ0rCEvUO4Nycaw8vzShgwMY eBO4adf8kEYYhFUkeNbsu+9vEwVFE3 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 54FF140016 X-Stat-Signature: 6q3ebms847biamnccy1j5sfffocy9s4d X-HE-Tag: 1724887801-564337 X-HE-Meta: U2FsdGVkX1/Azmobg6KHcg5wxGWkIvLlCxo2NqzRAk+OxeJihnyBNQLVjpEy7WN1U1Y6I9rKHBRgLdP5G3FcckWKTh74sR6tfbrV966UiDvIuB8FQ8H25glYqIRlMYcoNXHu+KzmXfT9In+gdoOiSAZQv4PgOqQ4fZLzoEI3rFEIun0MLqzGgn8jCSCDJgrbqh8hwphPQS112vX7zfQFmGLvaECUEXcuLFiMBPCSuj29XV77CNIk4wDm6oANMZhKXXaPYCQV+vwvkyI5qR0aKUgm+ZddKYgZ4kEnF3OC7xubo5ZY2Xr8+26sUYINlHUE5FuywF8bs5H2TTvKPhCeafZvgOgs6AYAXBcklAAaAELBAQILmLGQggu/RJ14ug9eTUgUnAxeBqDCLzXQyRRPam0Kh6xoGd2NNqOWLl379ehOMm2L63z9dZSjbn0Vf77V2KxBT7+qMVcy9YVAccP+1wEq2Hs+jEGX7AgAvkeM4JJsZvy+wiXRRrzrQF/0YzipN5a16WX3cKW5Eap/6Rq5zZ58yCXWR/clppnP/Oy63kaJm7UbqwBsJGJ2V9/w+vQ+Pij8PHzMCa8eRYx4wCszVcRDj6wUQCmNmbzFe5GwJmIXKoAxryMfYVVkgPyye2SG6drs0FZsVzk5Rn77V++OHG7vpLurG9HodaDbf7FnC3h5R8+SDdFHFv83HwE3gFsWt4tVgSZ8utFzC4CQmTeQnnrRAINgaa86GuzbCnZZdJxbvLMkeIsLVlCZtGmhEfkalw+YKAeywlqoPqo7dUmmMpH1ZYtIi6T9K45JkIWChcmGUdQYv8lSVhONijMObUE1dja33FAUKfQ9Fbe55qf0dxMrumikEVJhZxxhwcrTehTMp5jJN8cy1PjVnWzM8Bcgab0YlubMnLyuk3QSMYDBMIcjho+p9gdRkzREANTqyqeGhfZ0qHaAMS9u/nWp3YABIxFND44JdD9rsmrhEeh ddKp+fOm agXfmh7KuMAfBEE2FO0K+/Rkt+pO1tBzjgHPLoPb/EAgLcl9Awgsk0QY2hOur57Bunui4sko0fTtONCoBtEPdQhYpnPto4MphDtXXjUxC1vJgJZMxZYwZYhQHqmHZif9yCdvelbvGl4dtzp1453f6Z7KjKTASVdInD9AEeK1Wv44QXq4mEMKiS6AFIoI0trdSsDh86ECRX1/W1iirckxdVQYVm21xDf5/iGltWBOy9Tu2IsxVqhvjlkNJedg2d5MbDGSc8UfyDdgQlpqjEwlx2c779wLwGrh939QumcVVQmZ9mn8Np+859f8S9KROcSjCthz4GSxk47B0DXUNECiDMDv6uZKCzd9oyVdZXM/4tzb6cG/vNv2iCTIhi5N+7m5Y6tOdHpEcmeJxNqskT0X7imhjTa73omwF7VYf8bGwZtlgM+CriCw24k1Uw9ZQbNOiJX2N X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index b11cfb9fdd37..545d54c88520 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -144,15 +144,23 @@ static inline bool __pure lpa2_is_enabled(void) /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -160,6 +168,8 @@ static inline bool __pure lpa2_is_enabled(void) PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Wed Aug 28 23:27:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782175 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB713C7114C for ; Wed, 28 Aug 2024 23:30:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4CBC06B00A8; Wed, 28 Aug 2024 19:30:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 47ACC6B00AA; Wed, 28 Aug 2024 19:30:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 31B896B00AB; Wed, 28 Aug 2024 19:30:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 12D146B00A8 for ; Wed, 28 Aug 2024 19:30:13 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id CC79E4025C for ; Wed, 28 Aug 2024 23:30:12 +0000 (UTC) X-FDA: 82503249864.23.B8A94BC Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf30.hostedemail.com (Postfix) with ESMTP id 63DD180011 for ; Wed, 28 Aug 2024 23:30:10 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=h6shQglC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887739; a=rsa-sha256; cv=none; b=Y8uLV2gDRpVsidmSCJHBVY2d6Fc2tumdCswI9PwGy3QHAQI0PapmRFevF9GpQNA4NADkA2 p0DXRc55u7zJPZAx0nKIAwHg+UbGwsxP/85VgSJE9AuUykp0wyJ1j5046wBJKtC+6A444Q K3VZGw1sUyjRsMPdZr1RpR1F7JaohpU= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=h6shQglC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887739; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UIrZ6HLWeDtAGRNpidLLmO+r5ICiXu/nR7O9DEbx0XY=; b=dQX3drKeqHQEoGVI6HR1bSOTYmUbjY9km0HDctzt0pzGCGqNKrH+JE8F+4Hs9HxhBfP39M CicKmik+e1egiYOvYfC1yqA+Auuk2Dp7MN80usxt4D3NUCPXx/cN68EsGM3XA67gr5e4HQ bdqrjxVy0yX2Ec1N4W99HORWVkM0gUw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 2F368CE1708; Wed, 28 Aug 2024 23:30:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02F6FC4CEC8; Wed, 28 Aug 2024 23:29:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887806; bh=DQ+/lIqnw5gAspETmMxguFP3SMk6gUYbh+baBR7FnZg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=h6shQglCaEjIfYuTEJECgLX7lmS4cLVxZ5/7WqVoFrdb5D7Ce/hcrxVEtQrj4rVR4 CjkXTzUFDxo3k+MP3kYXPiF7Zf6LlOF5zOTZRxyUc6CiD4BGk9Gqkj2tLEQNuY/CWj tVZgYMNHmu1h3WH8kPaRHrEbMwcjJJSHNuOc/HcThupy0uWzseDVB8df6mki4sEV6A dKs8K77IC57vsS7LZTM88azbG+E3gESpYvAIZwASo9QVP+Q5NW/DinIeBkMl1sx7zK o7h6mnPdVrzJBvvAj1oKUMiMLJYm5WiXjkPTu47uIBshlBzAA9biECrUn/MX1JEOok vU57fRaLMiLjg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:29 +0100 Subject: [PATCH v12 13/39] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-13-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1576; i=broonie@kernel.org; h=from:subject:message-id; bh=DQ+/lIqnw5gAspETmMxguFP3SMk6gUYbh+baBR7FnZg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KC/Rhk/py2u3sq1Sq6IyAa28H/JCkWwuYqk/+i WZjmPvmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yggAKCRAk1otyXVSH0JK4B/ 0c7CeQWbofgjSYjTY0ueVTYCsxmNGC9m3r7+5bju4v637iOCojsNlg3DLCUWyOw3YXzrrbNW9zZ0dH 0kmVCJ+uifdZ3TJcp7w/fXoNJAyQjJV0aBj0a9Qv9B3oIpvQU9NZMkfeVwQ5+zkVI/u13qRDDpeYUP gIDHJXKhQ/cj1Rnz45LHx/uGssDgemHZkNA7x47Ku8ce4ltskMLY955Df6RLOnG98MGgE59Jc0uHbN Ox8V5SLtKLryDkZiQfOsUX/zOoZkqlqhox/0UBfebCkjWZJ9NRh7d8nl7j/BGcIZnav+h1LVscipli t53+wNbtpeU5VBt7BRlrgDb2TyZMRM X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 63DD180011 X-Stat-Signature: sfybef1o88tjbffsxqgw977scjomgmz6 X-Rspam-User: X-HE-Tag: 1724887810-149599 X-HE-Meta: U2FsdGVkX18N7lkPB+SaSLE2TgpAqXQb2DK1cCnwb/M74pU3dNRM4McU9kpPKNG8y+2iO8SkAUQ9lsjcntoS/807jcv0ud2fEH9J+9yKsprHo+JfQjqi9Ze8YnTK9EIeJxvVoktH81YQDLfVZQLcNviD/041/F9M4WaGdbGdtds+By/R5bkAqlDtFIf8ewOrWz+uHX6CUo+X6pA2PQ4Ri+OoYygEoHnQVWTHJxkeGFdX8e5QHu9r2sAp08H9GRiZ0WkJikwlE+oGF5EE6A9O99NTIZIuifsB+xUhKSUEaUxidvEApLTISwMs2Ba88AM4FLVmxLwqvwVWn4n3Ejpuk/Ju2/4g+TZn9e4+GM82n3OK74zxz+MsSNpNnXToN7PDvfiLBxEPP7osKJ9/V7xWCIkfYTFHgpWAGZ/S/YdNsjgZ3pMRSNUbo+KRHeQGsZ/sKTScNquU+9ppIsCDMeH5wUbjyjpcPX+HrUpakrf+LcD0Dn2QAKtUX2qcW5MQciyV9z6dxeEMeJDKE1DiY9nOtCcEwSAb2zsJEwohs9f9E4LV9YvKcP5Dj0zFvHKB05k5aF1Bup72uWx75ugejOZmnCmHrhLfxDJoso+b/8S70pJ3VqBuDcY1kBMYJQp5oU45hY7yVszDWcN/ca+jSueAIu90Vdhyl/nR849gFEeMJu4KXpxfRa2tKCnYe3/QAAvyzMFjEqZKywTzcwoAmv7MEZhagf2Y3eRuLqQS2R4nwd5+nikbZhQa1mdYq549vMRCkmxi8JKMmFK+LhKm6jSbGN3vmiPDnhBcJhwz3cf3Xow3ila3zub/+qWiOxbzBRH8saHE161YbqKfMH4txX5EwzOg1y0LyhLc+JHuOn2jkVcOY56+ARocXRuujrLsGLqrK8NWJPCma18+2GT+8jDpEB20mhEfw/q+3ojDW60mm/IYOIC4vO/945vnyRmhqdh30Au2F/jenFXrU0Kzh9L 84fo1J3p jRjQuu8vsWVKynMT/ad0gD0ihqhNkO5x/hVKTmMoZnZvCjxMNjVEV1eshxxqNfBHR7fYrFe68ZJCq97qUwEIpyurt2LCLTYx2XA9DAjfJTbrh5XGZ9Euqw9lIbT4gc6660EfOJnHnh5TOmH1RXP35VSsN81YJomPQxfJwWrPfv3Om5pKAPn684eD7cDPeQjvuQwSJcgugznXO/P8nkhIGstVOTs5gplPwIHHziIOPd1wAojZ1biEhy7ZRLMo/v+tM2oRr4RGlL13RFlYcNQFkSkMN9AefYhNhc38ityLgjjaTb/Xlu2uux+9ssREtxFeWiXcNvkQozsstHLaqbHd16/N8KQgP3dKtMnPBaYpWYbiOtwaAwhdxyhS2HbxRQ99YhfpMzi8FZQ6xtqQPWVD9IkZbpLZ40UNqgJmk86al9lE0ajxFVGn0fAIPpEsK02u64AG6K4tI+YCQp8IYh+32tl4yeq6jBT/+TKH6IhA0haBKhogAr5PXJjDKeHS5LTRJuw3dSyEUkhx3oBE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Use VM_HIGH_ARCH_5 for guarded control stack pages. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- include/linux/mm.h | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index e834779d9611..6a882c57a7e7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -579,7 +579,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page sl sealed == ======================================= diff --git a/include/linux/mm.h b/include/linux/mm.h index 96faf26b6083..c6c7454ce4e0 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -353,7 +353,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Wed Aug 28 23:27:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782176 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2356AC71150 for ; Wed, 28 Aug 2024 23:30:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A70016B00AA; Wed, 28 Aug 2024 19:30:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A1FA06B00AC; Wed, 28 Aug 2024 19:30:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8C0A16B00AD; Wed, 28 Aug 2024 19:30:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6E55B6B00AA for ; Wed, 28 Aug 2024 19:30:21 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 00581160337 for ; Wed, 28 Aug 2024 23:30:20 +0000 (UTC) X-FDA: 82503250242.05.D80D044 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf28.hostedemail.com (Postfix) with ESMTP id 81F10C0015 for ; Wed, 28 Aug 2024 23:30:18 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=csXIYlPb; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887730; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+UV0KNhy1yM4MCqy+6moJq4nXq6qKyYx4onoSkTfwro=; b=NntcsbX1VEkIXbSY6mZrvELHZOEdKdngfNbHhvGlS22N6slg5nRd+iACaresvh5w716WY9 Nu3fEHcOUZO+rDz/XiRyfGQLUEqlnT2UgE3KetVxKNc4Se4azcNPimhHJoOJVudhpGKBwf unxHZIfsoeQz9BuaqLwkMvG+Bo2WwFk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887730; a=rsa-sha256; cv=none; b=Y5kBpuz2pXAI81W3V3XVKyVqVTH7Shnsc6qCtfG6ZhfEZ6wXIVUecJ0f6olbbyNCavtkjx TwhfW5meZttAO+09+J/3lJvh36199mEdfyIMJF37Ve5yR7i6dBKleAQJ18Hs4zZ4G1Hxxq h1uO6uuiodNJMzN+X+63e6+unZD3Ts0= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=csXIYlPb; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id C1D53CE19BB; Wed, 28 Aug 2024 23:30:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E576DC4CEC5; Wed, 28 Aug 2024 23:30:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887815; bh=q8jtVg186GFJVIbjl1JCrkiZnz/oBLnR/HtHUgXvMfA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=csXIYlPbjsq0/jESzviJXGLS5PVUMwFyPcl9Xf8tCAU3CGgzUzcSXEOOGrzJGOi4n +LVpTfKWkimkyH2gkwgyYFLAqrNxMfByqvcuy0VRXO4vSBMDQDGRLkHTzLYPfpeOy2 AyEWc7lOsYqAfbBDM8Bc6mJym3P1TCGwFH6JYwLsXtYbilIWgJGJBuUIWwEF4ruBzk Irzl16KGJZap13BwqZWYzbzXWP+4eyR9laKqpNp69phFVR0DOgEfIDlzw09zIlvjZg aqd4HA+U9jzpvZJm3UVCJjQd5uoKjF5Q0gQa5Ttxa0UAOtqwlc/QdBtfEypp/Uxek/ Eb/XXqGaqeeCg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:30 +0100 Subject: [PATCH v12 14/39] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-14-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1824; i=broonie@kernel.org; h=from:subject:message-id; bh=q8jtVg186GFJVIbjl1JCrkiZnz/oBLnR/HtHUgXvMfA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KDz+A8JTqcELz4cAJ592v00no+g1aVltB8BmzS YLVlld6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ygwAKCRAk1otyXVSH0GfJB/ 49HQhF+L8EiPWM7v3hZ36OyfEAtuZYOAa7yxbdtNlpOsOKuJCieWaGUjCl4V7oMxDUXRoMqIYkJ2Y7 0UjpPJ2A/OzEmFWXJzvSlVo9eCTfasoJ4KB8k9tuDNt/wmQ2GuY7C+9u0ds83AmngnuKcfDeqVE0VW 8xDc5pxqMmvZE+kh51h7AXaa+kMQTlm7Dnb4gtNI554joq08SMIgk7fZKptpoJne0VPkT1C7gUBfTG r3ZYOx8kpQ6ZA2hstniXP3cfObhdDaqIBtvnccak5YaFOo4qP9sUvzJOoHVrguVBLRswG/5kNuET2U 0gXB7BzsUfSt94B6y9IbRGc5knJOAA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 6999pck77kzzg3bqd586bhexyfonmnhs X-Rspamd-Queue-Id: 81F10C0015 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1724887818-879814 X-HE-Meta: U2FsdGVkX19fgf12AS9SnL6w/36qkIHURkq1U/fqufCr5+QF3/LF9dGptTu13KASNMIF6gqSh/rUKrnxvOAXGoy9CYxL7qfosLgSUb6WBaVfG/5lJp0Dv3q957tKOR/vWnkvvd22JTHtVLN0blRievl6DMxpLkoBjJHhwGbLuLhYDt/Gw76ykvVD1Tcb0TznD8gryMGs4WIQQ0mrWTi4GG6is4LpyqSVKhl1fom6+jMvd6fjrWQ61jGTWgJd+0NNAtg/27Wn/G5EAYZC5jqH6K+ZdUm1Qkjh0LDArYSgQk0JUKFqiAJLhaozZG2GkVNi1uxJiow+h47ncWwCc6UEXVH047mA3yYbQVXEMUEydXIexaQI9LALGSVrWEp7tF9B9PSDQxJj87z5Ki8ZtVb2e9e0f3UgYU2VhsI17zxT7o+uiCFYSUmAEpkWDU8PBuYfYFKgbVMdP2vQkjy3GnCQNViBS0OrJygkBxsehal32mhgeoKW4Zzqiv0CF7+obqepHgZh+Mo4vrEAMy2PrVw6VPQW3rn6teIS80avuRN0te9TIRPUPdkyB1NewoHTysHn/9E1UbcxrivVqIhSdnADpKqRdEfQw4iyg3sMVSqyESRCrGXCFlo+TmeDmSPG8LVjq+MW7cxhGntRIFVrt52+wH0Gfxtg3ibPpA829UL7T25HckiuZ2khiJI/rJH1wkPgnDPP7c0AGPdAdlMYyhdGXooesgT1CYQd30VFksd87Z0azM7YVBlBJL6lr8YJyX9zMFGnSrZsdu+YUuDCLVdA4DDqIWWH6h/uoWDHKwOHmPpS/819oXX7sxEOCV9Z+dqb4SAkG4F862Y0zpZRx1UYvA2MZffKdnmOwsD9pXidZKVzjFINsbJ+HnQkYgkVSLlngirefmhiWw//QlYpWVRK/Ki0AKBCy39Y8oAA22Idc+5GOoWOPP5LFxmVWbvNOGD3ygCWoXM0rM+eDDdv2KX BthCLAaJ gBzbmy1lg9835BYIKU8tqSbeoafSONse2Ft+NYho24Ghzq7iE+aQ0808W2Rvld29BrYcZqReuzO0XkqycRrvIqbJS1gQRP0XIysglx9sOtOJ6+bCvYEKmHyfZjEsddQqcn7i8igXRtwFm8yHnN4Nfj/63deBn8k6kGG+JhdN2A3VycGldCjzhJ1wKy4+uLifQqEWTDVIFYlqVhzm1n7ZMkjhbFFLKiTbzjuZIytuknoEsOlobg5Ar3NcEEW8qpIfV9D7qHnQcu+ELHYBd//GnXMfTJbLEHYZ0upG+cewTIvTL35ImP73giYlkIW/qvZG0bZDFK/m+Wk356wcbbx73rPh/QLoL1OkYYFsTEUa4VU7lHBt08piXj1s6znqdFU3Rl0QwjibgjBQxcIZIuQ1ubXXC366ZAwlzltUErWa2Tj8U7kIQvCJ4TxN8LVsM5Vz8PeKlbly6juZqbFmyyJlmYhsL5A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 9 ++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..37dfd2882f04 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* An executable GCS isn't a good idea. */ + if (vm_flags & VM_EXEC) + return false; + + /* The memory management core should prevent this */ + VM_WARN_ON(vm_flags & VM_SHARED); + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 642bdf908b22..5943898f366b 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -83,8 +83,15 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* Short circuit GCS to avoid bloating the table. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Wed Aug 28 23:27:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782177 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C81DAC71150 for ; Wed, 28 Aug 2024 23:30:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5B5AD6B00AC; Wed, 28 Aug 2024 19:30:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 565B16B00AE; Wed, 28 Aug 2024 19:30:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 405F06B00AF; Wed, 28 Aug 2024 19:30:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 244C86B00AC for ; Wed, 28 Aug 2024 19:30:26 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id CF1008021C for ; Wed, 28 Aug 2024 23:30:25 +0000 (UTC) X-FDA: 82503250410.06.D9AE2A9 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf10.hostedemail.com (Postfix) with ESMTP id 1B5C0C0015 for ; Wed, 28 Aug 2024 23:30:23 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EGbpbyv4; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887736; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wmxP7pCO2uFjstxxAElXkS7ECXHhMWQyyYjcz8ZtiHg=; b=JJiai+i2zZHVdnG9Y8mksxEEPL+ndAkAQAefVwa/Ip7ii/tj9BvEYGDEq6WmDSEpJmijvs 9XdBzwtHTFJZBnl5LQKvNqp0T6ECwjoY+3I3wM7tc2PUFAEqnLKOwxKtwCEB8T2DACAkWF iFl2LGG9ug7n8oXhFV9Rfp2zKBT+1Eo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887736; a=rsa-sha256; cv=none; b=lJnTLNJH7W/+UlQtIFjJesL+rIdNk9U9FDvcJ0ng4eenPxzDYcW6nVqfYX1I6b6tB+IDmq IE5A8zdeySlO1Vz7DU3mRMqx9dCQfQph3GrAgc8rxuG4EaT5srgV/5dcfPlIbjGxrfX53t x6qhNQQvzPn48VC25wTLmp0MrC/qEwY= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EGbpbyv4; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 84FC1A43769; Wed, 28 Aug 2024 23:30:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A2B3C4CEC7; Wed, 28 Aug 2024 23:30:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887823; bh=2VNGjU/LjnznPsbE00KIsk9FNHX2/dkkEbGz3eAYf9Y=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EGbpbyv4WmaXgKZCqumKPyIsLwisa4p7mEKO13j2syZLlNrAH9g6YgeI+XYsfeWAx iv73RpNfkPubQ79VXABGb9LN9yrFgMuT9p/XQSowHPDNEsA5AvlYBIM0PhrkWD2/va FN2KRGUNxUaOe4H8FP9/3PV0zNq4WC9M0jHBAM4P9axp2/2nO2UuuTBMSTghIwPlCi k59xoqhAhh8XvJEozC6oUdoaVCGwfUBrirPcPmoGaFtwelWPK81Nbvj7mWtePIO4z8 BbUyJnTt3kvGCZfFknZv0IP5a7doGkATT3Y1aq4xe01Yo2MVyuxxBbCAlPzpNgkfCV MCrac4X8KVvhg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:31 +0100 Subject: [PATCH v12 15/39] KVM: arm64: Manage GCS access and registers for guests MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-15-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=8779; i=broonie@kernel.org; h=from:subject:message-id; bh=2VNGjU/LjnznPsbE00KIsk9FNHX2/dkkEbGz3eAYf9Y=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KELbM5DAIosOIiKrxUUZhb86v8KG+Ocbpo6yy3 SiwlwIqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yhAAKCRAk1otyXVSH0GhIB/ 4vV5nEnjExm4kBwq5k0nLMZj4mTVKRVNd+P5CXXaVZbtEoG4eI9Oss4k5Rf75FfAe36pv9XYwS7kvX EXmdSWvNTN6d6pykuRUgVcaNiVJTuKRSOIpC7fLN1becbNWV3bH5/g4i0n7oIbTTOowOBigwBSIYUK FcvUWQhBCITedD1zu6U8/8T0cliqG7DevqppZehzT98bR9BcpHMFddGxM6cGBMhNdWd5WnllFKryfn WR+73KYracqslCyUfSwZB2mG0Xbanv9yUHiughUBN01SA50l1xXEj6UsgHOm/yopIz8GWAzfKKRImh LkJrbUm+qMi/ND9p1sRATeidkZ2E3a X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 1B5C0C0015 X-Stat-Signature: ryhfa46mqxr6c14taesow8qz9bw651gn X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724887823-845985 X-HE-Meta: U2FsdGVkX1/QwgFAG3TqQzcLw5X1k1oCbHIthZ4CAg5lVKIrKZtQQIQrgPKXYcIWWRQkUbaJpDtj7zQs+g+XvH9n5g85hTomYxvN+xI5m6NKrlPrxjt/RhjNSPYK0dg53B1wFDb4vv0/e0l6XWaKZAAr1KxtRM+39wUDBOOkwQkoEeUcaYhmgPP9guMxG3xXpiimHuv/DTqCZgXKaelrXPtV5Z7TMHPp7AT7IHS4o2Uu3jFDEULqrpJ90Bb2LfhSKDLbMwnFWT1me/yY2eD3Y9NeToTXKsFRXn45XAhmj36qUw9kCAMeN/V1NXJzL0pGMRe4xILcCLoFJg9fhW25VrUh5mis5IMP7qvH6IcRpMAE9m6/DrsBmeGTjxuh9w6pCXtJZaVLmaN+2bZ8S8Tv4gV9uHxsXMjaPUk8dCQuqHzTYMC4vGGaemi5n4sk/Dd9irIy/D7y52zef5pk2Zao+vSLyuqFtSGch7TyvFdzMP2ezGrFrjYE0Z0cTtaW315iza6PQItGuj0Z9+MYuEQpONqHxegLpR7G1nH39ESdpqMsg90UWIw4Rd64K5ypc+Kiyw1jhOKKkY35v0WyPA0urxpuYxFK6mxX/7Wp1q2NCEdNZ85tK7FV5FNeK+fPfCeX3li7zoMDQZ8oYsLckNQfC0thS9DZQUGleMlu7rZD6tz9R+B5LnjozOOa6DrnPrvmmFY07y21htrulOCN/2nG03OtzNqganJIz+/l1G/uHCjfFLw/CKdNvrVHd21/pMbU5PqmC/bonGvecEFHasAt4IeRI9Gg50SV8Xfp5VZsfz+LnHZhjAwSZeD3dWaX/MiF6Yrcf182ayuwSfmUCzkw5oC6ptgPHQ6HG0ai2y2ABMpGZBsJ0tdyM60OyxHWj0+OkllmhyzggYi3Hzgx4sGL9zzWbmXF47hLVLc3bedlszJ7265gT+23lqYb3HiNMrJurj53PSqGEuZDIFaM90z smlo5uId fBWl2e3ajo5PPKbl264bibU01qjP3hPDTl3bCYm0Lr6kTVTFpsKRcitqzkCgcrsJ+QnRL/ipetI/nDvnlXfaXTdqCRB2CJ0uQKMs6Kd0lzN4iGeZaOEWRZPfbHAeOu0kqxrYYNkmbT/rwDwkQyh/rmV4lpnRQ4fLjVtoqDGsx+JEzRKw3Bd33EdNbML2MRtCdT7iYVWr2X1tF39ZdUuAq9lo/haITxG6JzeavMvMob4w95BWTW+pBIUEI3wjo0d57jvGBXyj69b5i3RT5UuIFLJeB6tUW2zmHee4/K+63UBfhn7INjxxMGd+V0zzV0MoNS8oNY0+RcsSB4/dE8bjLWis1S3u/bHTUhH/PP7wo/FRULXxXnvK2p8x1+tx5SGCAVmtbkaxcDOn2MMEbo4fq7xfc2cUHjP6wC6lC X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. In order to allow guests to use GCS we also need to configure HCRX_EL2.GCSEn, if this is not set GCS instructions will be noops and CHKFEAT will report GCS as disabled. Also enable fine grained traps for access to the GCS registers by guests which do not have the feature enabled. In order to allow userspace to control availability of the feature to guests we enable writability for only ID_AA64PFR1_EL1.GCS, this is a deliberately conservative choice to avoid errors due to oversights. Further fields should be made writable in future. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++ arch/arm64/include/asm/vncr_mapping.h | 2 ++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 49 ++++++++++++++++++++++++------ arch/arm64/kvm/sys_regs.c | 27 +++++++++++++++- 4 files changed, 79 insertions(+), 11 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index a33f5996ca9f..88d6a85a2844 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -446,6 +446,10 @@ enum vcpu_sysreg { GCR_EL1, /* Tag Control Register */ TFSRE0_EL1, /* Tag Fault Status Register (EL0) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -517,6 +521,10 @@ enum vcpu_sysreg { VNCR(PIR_EL1), /* Permission Indirection Register 1 (EL1) */ VNCR(PIRE0_EL1), /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + VNCR(GCSPR_EL1), /* Guarded Control Stack Pointer (EL1) */ + VNCR(GCSCR_EL1), /* Guarded Control Stack Control (EL1) */ + VNCR(HFGRTR_EL2), VNCR(HFGWTR_EL2), VNCR(HFGITR_EL2), @@ -1473,4 +1481,8 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); (pa + pi + pa3) == 1; \ }) +#define kvm_has_gcs(k) \ + (system_supports_gcs() && \ + kvm_has_feat((k), ID_AA64PFR1_EL1, GCS, IMP)) + #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/arm64/include/asm/vncr_mapping.h b/arch/arm64/include/asm/vncr_mapping.h index df2c47c55972..5e83e6f579fd 100644 --- a/arch/arm64/include/asm/vncr_mapping.h +++ b/arch/arm64/include/asm/vncr_mapping.h @@ -88,6 +88,8 @@ #define VNCR_PMSIRR_EL1 0x840 #define VNCR_PMSLATFR_EL1 0x848 #define VNCR_TRFCR_EL1 0x880 +#define VNCR_GCSPR_EL1 0x8C0 +#define VNCR_GCSCR_EL1 0x8D0 #define VNCR_MPAM1_EL1 0x900 #define VNCR_MPAMHCR_EL2 0x930 #define VNCR_MPAMVPMV_EL2 0x938 diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index 4c0fdabaf8ae..ac29352e225a 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -16,6 +16,27 @@ #include #include +static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; + + if (!vcpu) + vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); + + return vcpu; +} + +static inline bool ctxt_has_gcs(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu; + + if (!cpus_have_final_cap(ARM64_HAS_GCS)) + return false; + + vcpu = ctxt_to_vcpu(ctxt); + return kvm_has_feat(kern_hyp_va(vcpu->kvm), ID_AA64PFR1_EL1, GCS, IMP); +} + static inline void __sysreg_save_common_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, MDSCR_EL1) = read_sysreg(mdscr_el1); @@ -25,16 +46,10 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); -} - -static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) -{ - struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; - - if (!vcpu) - vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); - - return vcpu; + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -79,6 +94,10 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { ctxt_sys_reg(ctxt, PIR_EL1) = read_sysreg_el1(SYS_PIR); ctxt_sys_reg(ctxt, PIRE0_EL1) = read_sysreg_el1(SYS_PIRE0); + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + } } } ctxt_sys_reg(ctxt, ESR_EL1) = read_sysreg_el1(SYS_ESR); @@ -126,6 +145,11 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (ctxt_has_gcs(ctxt)) { + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -157,6 +181,11 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, PIR_EL1), SYS_PIR); write_sysreg_el1(ctxt_sys_reg(ctxt, PIRE0_EL1), SYS_PIRE0); + + if (ctxt_has_gcs(ctxt)) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + } } } write_sysreg_el1(ctxt_sys_reg(ctxt, ESR_EL1), SYS_ESR); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c90324060436..4e820dd50414 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1645,6 +1645,15 @@ static unsigned int raz_visibility(const struct kvm_vcpu *vcpu, return REG_RAZ; } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *r) +{ + if (kvm_has_gcs(vcpu->kvm)) + return 0; + + return REG_HIDDEN; +} + /* cpufeature ID register access trap handlers */ static bool access_id_reg(struct kvm_vcpu *vcpu, @@ -2362,7 +2371,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR0_EL1_GIC | ID_AA64PFR0_EL1_AdvSIMD | ID_AA64PFR0_EL1_FP), }, - ID_SANITISED(ID_AA64PFR1_EL1), + ID_WRITABLE(ID_AA64PFR1_EL1, ID_AA64PFR1_EL1_GCS), ID_UNALLOCATED(4,2), ID_UNALLOCATED(4,3), ID_WRITABLE(ID_AA64ZFR0_EL1, ~ID_AA64ZFR0_EL1_RES0), @@ -2446,6 +2455,13 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + { SYS_DESC(SYS_GCSCR_EL1), NULL, reset_val, GCSCR_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSPR_EL1), NULL, reset_unknown, GCSPR_EL1, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSCRE0_EL1), NULL, reset_val, GCSCRE0_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2535,6 +2551,8 @@ static const struct sys_reg_desc sys_reg_descs[] = { CTR_EL0_IDC_MASK | CTR_EL0_DminLine_MASK | CTR_EL0_IminLine_MASK), + { SYS_DESC(SYS_GCSPR_EL0), NULL, reset_unknown, GCSPR_EL0, + .visibility = gcs_visibility }, { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, .reset = reset_pmcr, @@ -4560,6 +4578,9 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) if (kvm_has_feat(kvm, ID_AA64MMFR3_EL1, TCRX, IMP)) vcpu->arch.hcrx_el2 |= HCRX_EL2_TCR2En; + + if (kvm_has_gcs(kvm)) + vcpu->arch.hcrx_el2 |= HCRX_EL2_GCSEn; } if (test_bit(KVM_ARCH_FLAG_FGU_INITIALIZED, &kvm->arch.flags)) @@ -4604,6 +4625,10 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nPIRE0_EL1 | HFGxTR_EL2_nPIR_EL1); + if (!kvm_has_gcs(kvm)) + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 | + HFGxTR_EL2_nGCS_EL1); + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) kvm->arch.fgu[HAFGRTR_GROUP] |= ~(HAFGRTR_EL2_RES0 | HAFGRTR_EL2_RES1); From patchwork Wed Aug 28 23:27:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782178 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56645C71153 for ; Wed, 28 Aug 2024 23:30:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E1A2B6B00AE; Wed, 28 Aug 2024 19:30:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DCA096B00B0; Wed, 28 Aug 2024 19:30:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C6A466B00B1; Wed, 28 Aug 2024 19:30:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A30706B00AE for ; Wed, 28 Aug 2024 19:30:36 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 6091CA9B79 for ; Wed, 28 Aug 2024 23:30:36 +0000 (UTC) X-FDA: 82503250872.22.51FCCD4 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf09.hostedemail.com (Postfix) with ESMTP id CD67014001C for ; Wed, 28 Aug 2024 23:30:33 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lIbQQA5y; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887717; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/WHnAeTjg9R4NA94gnNqoSXokboixvGT04BqXj7XRlY=; b=iNNp+ZWbpOe/y5O5atCIxLOHjNc5NPsKg1XHFpmY+hpZWlWhj8Ij709bv4lmHJVLPJsWNl Ibo8RwcDLsRczVmCvLMzGzODNnPpXATsyEONZ75L6YK5mc08dZuk1dMgvskpMeDoSfWdc9 tlh0eTcEiTOcNL6oyaXp7xjE+P1dwpg= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lIbQQA5y; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887717; a=rsa-sha256; cv=none; b=4VRvKlVTdRoPumA5835TiXD9FXVPfRyyu8kEIqx37ja5ZTMkA+vQyjtS/fP1A7qloqPVRk CZUa3+jY3W4izIP/Q6mHFT5yUp0eq6ncHLUzQc3b3bKwDAgljYc6wEaoBJBwjuJqST2dZa YETSkRoRYlZ6g8yGF0cMtR69pKyiA8Q= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 16A11CE1736; Wed, 28 Aug 2024 23:30:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 86F90C4CEC0; Wed, 28 Aug 2024 23:30:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887830; bh=wjYe9ivwzmH2HU5Bu/krsN+hRENYTgl1ATQJfRBTR9I=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lIbQQA5yebhqqE70nAuqgNR3tkh/f6rCrVtESiHZp3rzWZDkpq3TMxRtFLJisJc1C k6syrHZlg6DrCc8Kvoj9sUEy6VMLQxh3OceDdWlqMvMCkWUD7d982XWSa+OdUKB5ph fo+PchcSBoAEfB2IV7/rwPqOZNO0NGwQDZesbLUksruMraMqOYSnj+4h2qRlstYDiY JKAH2z9UL1KiSR/Cm+TDjnG2GJFsfLSQ0Lc8OzLdkf+5Gtb52gCQF+mMwJglnD0hoo ucodW81ooVhwrTweu90KLRFMCJaY2t/RWXgFbuFVDhg1GgbqC3wMbr5+fnT8TvTJQf TWBIiD9D8gnwQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:32 +0100 Subject: [PATCH v12 16/39] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-16-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2008; i=broonie@kernel.org; h=from:subject:message-id; bh=wjYe9ivwzmH2HU5Bu/krsN+hRENYTgl1ATQJfRBTR9I=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KFAReHbuS7RCcLtps3x4CwuXAzGuonS9h0Xm8V n2UpW62JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yhQAKCRAk1otyXVSH0KO9B/ 9/OcoGpxSpHi/K8N7HKdwcDjo5X0BCdJlr1zjFK6/Mc0oZ7PGJDmIQFdUqBaGdjfltp6Rwmt4m7RZ+ 9F8TvVKqgOkl2sPrIUZ69dfurycmVlEC+1l6FOrv52pOxuegJf/x/bkpQMRN48IJN4OxdmB2AsxWpt 5S8vVLmYFF+kWZ7YBF7R1m4n5Ui67OpPO52vXgtVJfoZ+XvmKvVChxUzTWZSjHLOY46+WVKOGb74a1 BN1pGHzu4cCCWTuG76JTbxEiK3PS51OmZPqnaXiGZTJaJDfd9k+wa2I/7UGGyXb1S6wndNiTyZvHqq i4rZ0mp4l/YuxFW0rfR7UbAsU3IVzO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: CD67014001C X-Stat-Signature: hungwb9jhknc44izk4rm6fhxpxq7jfwz X-Rspam-User: X-HE-Tag: 1724887833-635950 X-HE-Meta: U2FsdGVkX1+U2L3tLZOPM4zCHFyvSa9SD3KrOy6+01Zsn6RPj64UeoRFwWBWi9Fsr0IRtV5+JgfT205HifSxOBFAnU/wAQaKVCE8S1OjsMPd8RxOhZCLxGi+0LBEyfaitgmXw1rZh7NsNgb+FT01Ief7HqWFyD5CeeUT+ePpnoqHZ7W85wG8hcxQveMbFYMotDJtEN5sXExUysaZ3gM1ZQGc0YP8QgPw/izqdGtBceVQhoBg7p7EkpwEZGCgjaMdo4MRKdIJNUbTZGkNi7taG87S+SvMuz1ijq9X1MvqBg9+oXyjVCNVp+z4SuDfdQ0bBLMU5XbVjd1i0I0xLgmmuyp0BPDKz4pq+rmX+rZ/5qe/nLbc2NDkRkDIBq0PPX01BiT8iBNTHDwF2DE1z6NvCWb3bTso5N9idJ/ZxWz6izVhVRbYmUJPltvfYenSEJEPU8ecGGKj2uEC8cQv4jcpy6EJHtLSY4/UsdajNvm9duzqC2RvPoZVKiACpRRFH1fubGKCsgI3GSsoLreyXuPAUsiZWu94g+w3QEh0ij2QssS8zp4/urMSqDCtKa5njJExP8TbLlsti1J8N6eOTPDZVVG6P7pZjXq3nEzJhP4AtGOnq7dlQGZCOX8hknvPo0nLzFrR0PE1Fl40IAWBnDHsAwO15sjTTro21ehqQfWfC2wFcmY0Abj7dYz/7YpdR3fNaJUd7V9HfomP2CRYfrLlXUIEFqm1MmRAwVJf3W6CkS1kWmmlAERQWcqiY6p62eo8FNsrnDFhHp0n0jIvPw5R9TafOzAPBY96IRIWfQmAMrPmr4laNeAlcm7O2IcMsCfYCNPtzrwdvBVe6DdD7q+wew3zZPsEvmfmAXpVY9A+xCZ+r0fdRPC5uIlMtZibcnmBIVPS1b6p9vAPQP4RQ2iqpATlQVrxlsAFbQka/ZA/loX6oT/B3e+U9dPwD3I9mr3LgbsYQJHC5fhU0XJr0x7 DHS1lUN/ mv7mhK1XNZcq5RGfuJ5wejsD7Y7VbMQhwVmtGHaCsHa7WZYgrHLM54vy35SBldfLJ8zbIqu+YOxk+14MapmGwvw45FqaheayoxTm9x/UADvQQnBvCw+3QqQqPGQupOS9BRpZ5Apfs5pZFDhzwqlhPYbHCxR3f4/B0qDi1o/3nn1C7KLxOKa1Liz58Gg7l+NRBE1cJn5TQ964ce3qSYLMUceRtG8CBVWaWc1jvirqfV9zi+OCJoBhSNVPxuEUIB7DbkT7VxE69KjmAwwyb6KwhFwahkTLJ0MStqyvRuJ+vwyVu9oSpq9ll07xCa53ckcb4qpNOhFQaH0Kh62xtF0FyWXOJVo0pLfx0TlinJiHLoKwqF5OOlehHdO7WbR4MhwXLHP9ngTRfrfCoqDyC/pyWQHNmQGN037DDSrX/AR+JRhNEdzhA5JhUyHKCTcO/CY5ytbhSl0QTFo3+0a5LiFsFwaitMw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/pi/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 09126bb8cc9f..e6413bb8e6e1 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -441,6 +441,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 29d4b6244a6f..2bb709d78405 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -133,6 +133,7 @@ static const struct ftr_set_desc pfr1 __prel64_initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -215,6 +216,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Wed Aug 28 23:27:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782179 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CB33C7114C for ; Wed, 28 Aug 2024 23:30:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E42876B00B0; Wed, 28 Aug 2024 19:30:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DF1936B00B2; Wed, 28 Aug 2024 19:30:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C6BD76B00B3; Wed, 28 Aug 2024 19:30:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A45FA6B00B0 for ; Wed, 28 Aug 2024 19:30:43 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 66E88A01FE for ; Wed, 28 Aug 2024 23:30:43 +0000 (UTC) X-FDA: 82503251166.05.AC479F7 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf15.hostedemail.com (Postfix) with ESMTP id 13322A0019 for ; Wed, 28 Aug 2024 23:30:40 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=McPJdFXz; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887724; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fPGbq8mL8Md2E4S2FovS7cuTeGmusU6z1u3MSnZ8kms=; b=6cGpWkgU5mELzsoA8rZ5TZThmH6oq10QyRBpTfm8wb119IYGNMqPWwkZnCN9iwHl97izM+ BS3WsOWCRWWkZo3oNQPoxYBmnLnD9Y6Q18jLbAHxrkyUeoTFA3XSqDkivKx5qqPoHLv0rq hVYHtu7V1V6NpcCUdLkJXIZfcOjwask= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=McPJdFXz; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887724; a=rsa-sha256; cv=none; b=0+qJSMgmngYvHS7tLcyC4VXwW3b3ujF8MHMOXsdJiGXTJkWprPD7IS238AlyFaxuqlKD4A hvi0+1eIxLVd0+UfO2jUl9PKp1iHfC3RT1IGvtiQEMrldRj9oyIVfMhhultp06Lr5BBtXf haSeUTXt6/8rglGM/XEuRcejffNFfiw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 37E29CE19B1; Wed, 28 Aug 2024 23:30:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B304DC4CEC5; Wed, 28 Aug 2024 23:30:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887837; bh=zQNH+o8kM+xdeVC0pT4NYleLSSNgw4W1dqWM5aTo6L0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=McPJdFXzB7Xi2TgOFuGbob5FaZF8TacF/kohZkUNSHMICkKs8oRH000SUaFgR2+xG ldppZrfA5lQ+BAzPt68wEREuiHDyB7OWYNv7q3UtCeQMqKxNEONZHyblc4exoaBhQR WPM0DmOtpEzqX29n+FpeYRYvnu20aJTTFmmC50zZx6AmLcP0u41AG6MHH7tRx+75tE DvX6Nljuh58mbxhhLzR2+d+RwP6S0Hilmo+rCPrQgpEF0rt1l0r0/6ZIJaF57WL3w8 fQEMJ6c/T7/BQJ3DG6z2ouc5uGlAvDLRVUV/ASQlRzu/ZvWnQP7pUM8p4UpAninew/ 73e4D2AxwPH2Q== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:33 +0100 Subject: [PATCH v12 17/39] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-17-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3152; i=broonie@kernel.org; h=from:subject:message-id; bh=zQNH+o8kM+xdeVC0pT4NYleLSSNgw4W1dqWM5aTo6L0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KFye+Iq31zZE7cvUlDXOHm9yUIKSyEcn/sVTXF VxtA+yKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yhQAKCRAk1otyXVSH0NxnB/ 41/2S9q7Qq+yczFuuYwahqXHNSzMUqPuBcVDukfyFBViWDncG55aJThy4LSw3SZZmcVh13iFa2M7Zt mzYDZoY6CbuxqDBATiuyXvh5EHNhm1lLzOFpzB30bEIhanE2qGcYIyXwyDz6V2kjoVise5X/aOpYC6 +Ywrao7lzPfKuj6VkWeKtDU+b99eWD4y2puxJ1xgb9rfrOwEYiXm77oNgOCpD/jF0OOO5kdj+RXaLd zsTDXVyneyKa8gYaiNpr5FRPwv0FNJYQAqUJkmD4AYp2Zrxp6puvpQkgOBEPKZei/1E6O+1oGKYqk+ zqvUM1uMo2qM4ABISo+karAD/FUOfw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 13322A0019 X-Stat-Signature: ia1t9iocmdirkcxyymduyjibzcp4yg93 X-Rspam-User: X-HE-Tag: 1724887840-232982 X-HE-Meta: U2FsdGVkX19H1fHR1f+nW9jaIXxxSSwenI5K4vRiFXLcXFPDuPQTDsAEOT/fgyLtrdCN9tZY8DEnlaeBAcDY2aBKSKEBVbfPd6+EyShaYEONqfpFx9FmCpx/pDFR3fWgBCRiK88hR35IJa6GwTum/NX/vpKTFhQq32jlRt6cFS4TVAGpgiwNvwVtotYGu80cPx7ER7fAMlXNyHFLHGrDeDrX9yfxkuw9jIwDEH4cSWrrPxyGKvAIhtSyV1n5u2SVj52UbU2AthvUxbGAB2uEOrH6HwIhub6x4lXEBzRPjXuqWAHfgX3+BnIKYfcUWF13goE+EQFeA7EKmvg0/91pym5KeV+xdo4/HsTx+ZS0QRb6lHw8i6cXM8ypfNDykIQ/RYrcZMp0svIw/porTH1uBYio06TE+FUqzN8h9upF51KBkzuv8+5WUcLExJpFJZDbnBc6S8IER4x5zluLgJ8A/T62uEd685q+y37A3YjqTPS1pjGnrTqrycexe6MpHkz+H8FEc5yTkBOfpRdKtt1IdPtTtx3BFuEkU/wCzd34qJi6KSswDCH3cFZ3qg7qDJX+WoZsmaxg/n/Pkhkb1Z59ogw8y+gMgpv8uWEDj2Evmzo41oDmrCWysyk3JgnTUYB8lujFjH7M9fYaUcly6DdnyRsu8QjAa5BVVlnLoHm54gKRcKKG9zS8ru8ONSi/mtlvw8BP9coKWxfkjH9tvOLaaKIkI+ScP0y1xoi5jl7qAOyjuNgY3j37czdvU1sl6PvokDXdA9Lb85+w9zmCTfHUD17HO4MGb4xSXzYut2oibdZyCRTurrRfd51K4+4j+aA2qO1slVNga1wH3mDgaL2QB3Hulk6k+Mht8vJ0DStIF+prG923sC615jRLzt9CCXllQN13nb6El4jWnbHbVEHnJBbFR8ThwCaKgKAXNDABFfO4LBSo4ZWF78Ud1C31oLrcu5vVTJu2Wy3wkX9JTzY wFt8u+YP SnTxqJihu9+kI6n8HHX1RzKRMemy3ArQ7o8QuSWIN4iY7NW2oariOfm+jLtBRBc+EJhbMGR3Sb9cc+8EIca/+DPgxhcwJEFBEKfD3kGHwU8kRiJTE7Z/wX0hDIo6E5bPsubAOI2oVGeFP7Bwh0CSboXCvkSL6N20aLdhUAgTmMdKCksqN8SKMf7jPJIRif6bwFtc/WqgOmY7q9lAAbXsCm92jNE7R+kULw7BOhevqgcTNrmdPXe9DHQKzxhsqzrThPcT/yP34XW55r8k0NqIXy+7ATbhJ4jgiYTQvbMnTdA0N7v/Xu2Z4k+R+ubV2moqdMwP/WDjAbqqbKWLukXibeqOmSYvz/Fgld36qQedrEIi3NHSVOeSlPwbjXxr48QOu/THtSDMTVPrwKL3/niGlULgTatGOO2FFEAPU+NQmNI5RGzAvb6f+GXEW6m/JE5sxfxmK X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a hwcap to enable userspace to detect support for GCS. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- Documentation/arch/arm64/elf_hwcaps.rst | 2 ++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 8 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 448c1664879b..cf87be078f33 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -365,6 +365,8 @@ HWCAP2_SME_SF8DP2 HWCAP2_SME_SF8DP4 Functionality implied by ID_AA64SMFR0_EL1.SF8DP4 == 0b1. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 4edd3b61df11..fd7e162e7e39 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -157,6 +157,7 @@ #define KERNEL_HWCAP_SME_SF8FMA __khwcap2_feature(SME_SF8FMA) #define KERNEL_HWCAP_SME_SF8DP4 __khwcap2_feature(SME_SF8DP4) #define KERNEL_HWCAP_SME_SF8DP2 __khwcap2_feature(SME_SF8DP2) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 285610e626f5..328fb7843e2f 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -122,5 +122,6 @@ #define HWCAP2_SME_SF8FMA (1UL << 60) #define HWCAP2_SME_SF8DP4 (1UL << 61) #define HWCAP2_SME_SF8DP2 (1UL << 62) +#define HWCAP2_GCS (1UL << 63) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 315bd7be1106..e3e8290a4447 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2994,6 +2994,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 09eeaa24d456..2f539e3101ee 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -143,6 +143,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_SF8FMA] = "smesf8fma", [KERNEL_HWCAP_SME_SF8DP4] = "smesf8dp4", [KERNEL_HWCAP_SME_SF8DP2] = "smesf8dp2", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Wed Aug 28 23:27:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782180 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51095C7114C for ; Wed, 28 Aug 2024 23:30:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D0B586B00B2; Wed, 28 Aug 2024 19:30:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CB8DD6B00B4; Wed, 28 Aug 2024 19:30:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B33206B00B5; Wed, 28 Aug 2024 19:30:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 934C76B00B2 for ; Wed, 28 Aug 2024 19:30:47 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 4EBBD1603B0 for ; Wed, 28 Aug 2024 23:30:47 +0000 (UTC) X-FDA: 82503251334.28.F7F3501 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf06.hostedemail.com (Postfix) with ESMTP id 94B3A180015 for ; Wed, 28 Aug 2024 23:30:45 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="kmfOiW/4"; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IQfsqy8JzH+ilQiExgs5KAHSLtV50NSOs/yKZjh2kZc=; b=VEaVFs1wmiD5aMsqzQCKs4pq3BLryVE9GBSgzrqWTE8MTKEZD+UCiRmJ4oqQrj27Vyz58N 4LRz3Jrn7uP5U0+aX1w9192ZIN7UWOyI7ZiBcEnzemvu9D+0SACi5WlL6/kGuwYQXIbHW+ z6hCL7Z+Fivg7cqEJqQ7ul9ZRUJgVF8= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="kmfOiW/4"; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887825; a=rsa-sha256; cv=none; b=c7loLMnIRwCzqhdM8Wln49GmKCbRaIp6vLKWZRteOQTgPL6JgO2mHO3pof1Egy67Xr5x1O 7o0KiTcp4rfFSzqH5tnexrpZ7dhdI1r7+v5mzWPTWUuCF5SfLjfjP5QL8Xjt2j1kGDGipx gAZ9r2UXLW1IXhctLl8E6UgACBGvte4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 04680A4375E; Wed, 28 Aug 2024 23:30:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4407C4CEC2; Wed, 28 Aug 2024 23:30:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887844; bh=PtBaTQITr3z52qv6WrTSBzBUBAWqLV0rZbJfrlkxaFA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kmfOiW/4txRv5w/fbkuO8YXfOO1ioyOrfhmHBRMwS0n4qXx3DAKmK/NtYQ+Tg+W1+ 0PpeANU9CksXxRRth1Ma8P+UEyRW7edvwdKxiOP8KHfk4SEDbaPtpDB5uSfC0EM3ne bFTVL0PAyIzejHFvXPv4sEz1bEpy6OVLCoCSl8WVmKqNGqu0qRha9J6sArFG2fzUBd vmq5dE6JE+QvnP/1IRaEj6ROB+cdUvhP2UDD52BVI1q1IcIrfjSxy9TkF6lifdSnOq Omf/V9AX9f0MbnIjCSUUSlgdkI0YseAVhy7hOa9vPNPoF4/HygI3g7v1YHUfd8oWAX YYcXSsJ4lRvdA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:34 +0100 Subject: [PATCH v12 18/39] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-18-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6148; i=broonie@kernel.org; h=from:subject:message-id; bh=PtBaTQITr3z52qv6WrTSBzBUBAWqLV0rZbJfrlkxaFA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KGvS9QpILq6/wjT00Wv1Tfo+F6dj6EiOBuYmeH EBo0NGOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yhgAKCRAk1otyXVSH0Kk7B/ 40XEfvt9EsOMpvaifzFXfXurKJgF+8OoOsKeZs3NIA1x8nG9PbzXQ3whGeAcnLoqptMjCazYytuuzW 32bUAp6uCtP0HfVj9fYbOIFpF/zcsgvd/YS8gZXGBbygI0qsZdMf4J51UoUQhpR8Zce+8NMjtirE/Y 65JL0EUqMnN0ahKZmtqoQpA/x4AGGrVA5KvFiUIfRspO/dIgr08w7jGXGn+gKebrDTEctZkGptKHgw j9yqT16htcknt2fKVRQN6QIhJfb0KX08xmMj2unls/7C9Fk3n7piAkVToSslH5fsiQg3Dn6M5bNSYr t6wzSGFbZjtC3WE1uJGmbxFbzlbh60 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: facizq9s5upjjt1swtpooa1ttyfwuyhs X-Rspamd-Queue-Id: 94B3A180015 X-Rspamd-Server: rspam11 X-HE-Tag: 1724887845-465463 X-HE-Meta: U2FsdGVkX1+N2KniJb9SY6ZJnEYmRRYCwROR2u/L68c/Tt4ifZWt/Qli+I67iO6+R8pDlBG4IGz//mVUXDhbA/Iit/9ikJFzFHrbo7czM3K2YhO8rNdd1GXzt6C7conIH3zypmqpT4JECv4WRe3e4qy24OXYmh/qbAjB6jPtl3NVBZpBNVivxHW4RIDHA+rkcouj+isjwiygIjAeBOUBF3pUBXSSpS4PmBMw/T/G/aM5f10uaMcyPa2TEipBKcD7f5KQYRp+3y5uVPp8eTHX8ObRii4QXM17DurDZ6Jm6En5rrbisNIOSgN2+ffNwWv2eSsiYksHSlbFIc24STq5S4jZhDFZBkCNuT1g57gNORoOtn76VxNBamVHJLAJghSspLRrybyq95nhyK1A81CMLRTH1WiztIwMl9QwP9UalGbzhajQg1iwB2Wr+Eq5LAjp0W2a3oSfVtLNQ8mgKySYuIjSgCTfUhi1SDFbT3JMbZ6QrXMVn3dSKWEZ0NWvhUiFICYQ/D2q2YZiIE4KpuMpfAIwaqSB+Rn33tcfIHI858JWhZNRpYghf+jjDTnuPVdPpTaAV5yYQj8NwHJnBDUlU5/wTVoFQEePcINRs6F2+mjatTVvcBfdJmrG+MALojYEAG3VK68wpLZIQFV1vOTpcDBjnaDCPaqQiVYfA/BLYM3cdIjKW1dGS1Tdh3LYbtx85BEo40bVTkJ+PUFM7gGz4DCvLEzyxVxQX7D+lVe2XYci4Xri1d8sj/U82NcmECYej6svtrWyaibpYKEwauzjIZ4Eb7kr09id/y9/wqJP6MOb3qBcdbot1/Duoo6u9bN3wObIsBWsaiqPyYErDHbmkV+gYsJ3p35HSpMVTBxApLnfWkO/A/yr43NkZmcvtjuGWSJEr4EQTJqfQOPGxEpKe1rvavFd1X/ETJgGpk62krj6w5hPpLRzn/forh48psDihgX29qguTchkmtmb329 k0KE3X+g Jk3zJWiJwqjLZrYG7vcFmEnecENQT2pIhg4KuMNCPVxV0wiFs+fae2dJWhs5UYkDPQu8z4JEzHS0l7Fo6VrdLDmbRhfqI8p4KfWhS/+MYECmTonjyfaUpRuKvp+0BGLfea84Lp1j73GcLkO7OwsMntq1pwvTzZahoX3jtp85h2/5taRmX8sK+2SCBJg+sM7s2kX5koArt1P8IKVP/vel5A16qNMxxSh5bkizyhIA1nL7GOh3jlRwNMX3yJs9wRHTqz85439wcxh4MqhTzvMAJyYnxBCenjRo1OqTbV+NUm0oPML7VEPWx381uHzkLeQGaLdjk9OV+E2E1w/T/QXWrupnW7KHK01Qy1Ru+iP3xL6qJA6kZRj2hn3TTRT/ui/e6QUf+GOiPMd3My4zj4Wfh/5zCFDy/CzgDs6vkm787my43LqfLH2frce6krQE+8srXwY1b X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index 56c148890daf..0c231adf3867 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -385,6 +386,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index f296662590c7..674518464718 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index b77a15955f28..54f2d16d82f4 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -463,6 +463,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -505,6 +514,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -684,6 +696,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -766,6 +786,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 9e22683aa921..d410dcc12ed8 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -838,6 +848,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Wed Aug 28 23:27:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782181 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AFCAC7114C for ; Wed, 28 Aug 2024 23:30:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F05386B00B4; Wed, 28 Aug 2024 19:30:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EB47A6B00B6; Wed, 28 Aug 2024 19:30:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D576B6B00B7; Wed, 28 Aug 2024 19:30:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id B20186B00B4 for ; Wed, 28 Aug 2024 19:30:56 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 6525212014D for ; Wed, 28 Aug 2024 23:30:56 +0000 (UTC) X-FDA: 82503251712.23.F9815D5 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf20.hostedemail.com (Postfix) with ESMTP id 724321C0009 for ; Wed, 28 Aug 2024 23:30:54 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uyWnGPMc; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887834; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NMV/kRzJeW8S/470YG7inwVF+ADji9zZT7SwtwOSnz8=; b=jpnlK3WRiDp031T8gPRw7x4dca9i2Fng5OFvYrD3mSt9T+GQRZljmVUTuPxzjeDvugbEoA itbr20E9UgTmCBYIjx4juOYW93ggc/Pxr4Lmr9BuT23HuMEnSSYFDUYTxisyVMlZ11dEAN Hzi7EIwbqiXX1993C04uoF/hjksawR4= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uyWnGPMc; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887834; a=rsa-sha256; cv=none; b=Eix1z+cBBrPRzDX7qEKos+qdToHeW4zN+vhRACTqPe7VKYbuGW2wA+a1KbcRHzAppENRLm U8QT+pC8RCSvT85PFDTgiZu8OTAHSYKxLR2/KflyH707MeLo7IrIuorCd+s8XgIDgttN4o 6ExTF+uJVIjiP2cxX0H9m3WFaRk+f5w= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id D741CAE3F20; Wed, 28 Aug 2024 23:30:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0A19DC4CEC7; Wed, 28 Aug 2024 23:30:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887851; bh=cSumirTUCRKtD61yeizpYh0xonxdiRS3lfiiFjRSehM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uyWnGPMc5mbboXTpbrmBI2+pKq2ERDPePO/pWj+dJ8UdkJsjFTMv1GibdnvNPRrqK LhIVbe51O7O9wuGxaJdBRYoAZI5ZPpa3xd/lCfZvxjN9uIt9LbdeGWaDVp78H58pBL 3/PhMftTH4DGf/WeV/kzJCIsWTq5JnMMxFZUfHhzI4KU/Og46scJoRfm4THyKV8JR2 N8AmTBjtJDc3tcsYCpbYR4fDxTF/s9CDk7VKR5Ug/XIGhvrWuoSUbmbbTbg+XzuWb+ b9iEafKjbkrj3n/IvDe/yqXKdhLC1Ai+FshkX2Nm1z8iqIkwjZKhQE6b81bFOf0LCH ct/X5e1Ccf7sA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:35 +0100 Subject: [PATCH v12 19/39] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-19-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3656; i=broonie@kernel.org; h=from:subject:message-id; bh=cSumirTUCRKtD61yeizpYh0xonxdiRS3lfiiFjRSehM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KH/LSvLtk/OSdB9E9vHbRin2oi8cGJ9yFB0MM4 9vjv3rSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yhwAKCRAk1otyXVSH0FJUB/ sG7fdRQl091vTLIo0rKV/SrbgEQGvseRyunCN4IYeMAJFfrGVdDik+4m+kIlVDdb0gP3NxYzDhefV1 qvaLLyVRPPM1c7xtG2zenPFb+DHwjbsl1DezAlW8Wao6tNn/Pc81sxORQqNkj6E9ioBN6Syp1/qlmF GV5TT468xhXKCFo/L6KpkpjR04b/YWSYSR0L9iLt14j+PZycnJ9nY+VJ6qErjUqwib1yeHgNmpyYLS BWfP413MvtH7XYLF49lq2ySWdz2lQPdxMFxoERkIxk6jff3Af9kKYIViqlUEYf26mBILtkqxQ77AhT pH3hZQedHoun/Da8CGckiactQxvubk X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: yuo8pmgxi5unjwrdectjywdg774qetka X-Rspamd-Queue-Id: 724321C0009 X-Rspamd-Server: rspam11 X-HE-Tag: 1724887854-722654 X-HE-Meta: U2FsdGVkX18dgc20rkWqzkoDNoIhQ3pPEKEU+d/9ZNHO3WqlZy7My29Vk8S6c3v7asKCnudDqDyppQnX5smG9YSF0EC2WyDTbg50KzFr6ZgtqjIx2VeLhMd2h5PKR0X9S4CGWPUyS6i7AjDhp5IdVv7MIFpSagolakAPKzanU6gs9hrG+zGwY7QaSyYBci97c1sO8J86+0kdinGjmKJl6b0hAP/1hwQFmCMb3mMgDWhXikodPoz4gi2tZ20dpLpY8Q3nBIq+9kObUys3r2RiRVAys1+iLWi6kIcuVh7zRh8q9KlIuFdCBPMl0tELhviZcP1M5hJb4kELj1q3j0EHkbTHe9m2hdtUWkBC95l/Cq24Rd5U6lmhdMmrEmsvnNES4K77Ja32MGz8x8E7tR56UKHqv0Z4KpEBTFWi4Y9/jbuIvImlmbTkhe6l4ySw6a2gEOPXCbvMk+BK3cJwyYueQDkKAaDQByKd6qp+LIx9PE54T6jLxjwVV60VnEf6ivff07S1Rox64018/Uu0lGvU8uVN1zSMYboK2GeBeVHq2t/g4Rao9R2RkSV9phTlsHYNlGeL2H5K2nRMuZ2dgbgEGdxRvBH5r23iAgMjRYMKM2EktMmXwEGMb1X6UqjOXOUS+oUprHeXyUkjKzS8zM2/26Yv80K833fu2khqsBnQRaFrYjVzjtDsxmQdYlHQ00HH8nRZl5WPbpQyp5TRND5+ztW3Fe2AMgD8f5DTYwKcr5fC+8y628/bUmLWXcOtbqGx6yn+4h8a2+7AvVPukKDkOwBXQ/1R3LCMMQ0vFiMLNFD0wAorErJ7PLB83HAxpXoUpGZLcOuBLBFWVGYob3QRaEz0iJjcR/kJhSnRDdYkptcfiphbqJvY8L/j5jssSucqhcJKULma6HdUpqRCku/LKu44w/TIQJ+DAuO0zGU2WTwPX4tTvbHJisEGkiBowXi8qCCEy/Tdo2Jx0n9kZYt bkorVcgk CClInOQg0Y5MS2gEeEVsrhnP3/b3+Hm8rMJnjzYO77oV0wrpQm1g8SYX9UdMFPKlHYJFPzbOPN19PkvTVNEbSwWPJB36QQkd5pMFt7YcJGWxNuh+jwh+dkIGWKU0JQ1Su6yi2RJLvuYsG+puDZhVLqfKUJJeuU2fj4Tr4lisfPKNZEPDhioa2KXPu7nv8alY5vgNWD61/8zP5+ztaXz0XDWawd6hNaE/NidGv6JW16yi4eULe6K3LXCvYy6OMlVBlAqcEynvjTfiAqE4CmAia2CDQqJ5K5dbcBTZi5erK77pZV8RMJS1yGzLUMcJqCDLvhb+6DcodCHZbXSTitsouqFLvdqr/LQKdAYdW4X1iHuDxqG8QdWV2q9wYj+fEoHut3ZBmYgtt7RJ7cDRDNfYcLEyxQaxE74pd21sQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- arch/arm64/mm/fault.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 451ba7cbd5ad..387f991e6e36 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -486,6 +486,14 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + static bool is_el0_instruction_abort(unsigned long esr) { return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; @@ -500,6 +508,23 @@ static bool is_write_abort(unsigned long esr) return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); } +static bool is_invalid_gcs_access(struct vm_area_struct *vma, u64 esr) +{ + if (!system_supports_gcs()) + return false; + + if (unlikely(is_gcs_fault(esr))) { + /* GCS accesses must be performed on a GCS page */ + if (!(vma->vm_flags & VM_SHADOW_STACK)) + return true; + } else if (unlikely(vma->vm_flags & VM_SHADOW_STACK)) { + /* Only GCS operations can write to a GCS page */ + return esr_is_data_abort(esr) && is_write_abort(esr); + } + + return false; +} + static int __kprobes do_page_fault(unsigned long far, unsigned long esr, struct pt_regs *regs) { @@ -535,6 +560,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* It was exec fault */ vm_flags = VM_EXEC; mm_flags |= FAULT_FLAG_INSTRUCTION; + } else if (is_gcs_fault(esr)) { + /* + * The GCS permission on a page implies both read and + * write so always handle any GCS fault as a write fault, + * we need to trigger CoW even for GCS reads. + */ + vm_flags = VM_WRITE; + mm_flags |= FAULT_FLAG_WRITE; } else if (is_write_abort(esr)) { /* It was write fault */ vm_flags = VM_WRITE; @@ -568,6 +601,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + if (is_invalid_gcs_access(vma, esr)) { + vma_end_read(vma); + fault = 0; + si_code = SEGV_ACCERR; + goto bad_area; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); fault = 0; From patchwork Wed Aug 28 23:27:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782182 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCF2BC7114C for ; Wed, 28 Aug 2024 23:31:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F2C16B00B6; Wed, 28 Aug 2024 19:31:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A2CE6B00B8; Wed, 28 Aug 2024 19:31:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 344E46B00B9; Wed, 28 Aug 2024 19:31:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 14F2C6B00B6 for ; Wed, 28 Aug 2024 19:31:05 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id CF5EA160390 for ; Wed, 28 Aug 2024 23:31:04 +0000 (UTC) X-FDA: 82503252048.28.783D3FC Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf08.hostedemail.com (Postfix) with ESMTP id 60B4E160008 for ; Wed, 28 Aug 2024 23:31:02 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=otQuTQdp; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887764; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=J6LAI+ZlwqQMOAu0RIgpDy+aC8j7v5P0KzGEmRwNRO4=; b=q3tB7wX++3a4kt9a6IiOjh5r0WYR2zH0v0VX200eKfWGA5Wcxj7Mpbj9DTJIeVpidBSlt+ +Bd7cBwa+FMAgXEeFu7jJcx6bCBJkq7y5lynOzSvO4VxLu1U7C13ZDt3NUJUeGZ6CBmYBZ aDNKNlZp6/qJB/2+xTYZ+xP0lXVD9wI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887764; a=rsa-sha256; cv=none; b=x7Dli80l75Vmw4KSBSfDAjI996wkl71OEq7Hz7WeUnzflRAWn1Z2aA7jdD6fIoUZ4VrXB+ aVBE+itKAykzeLQJap3kLpXhfP01aKe7HLgW81ZE7FrxqxPHlzHQYVFxSBwDzs7bU4oVhJ LTHgDPZPzLhPJouH3gKo906evxG/3P4= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=otQuTQdp; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id BD8DCCE19B1; Wed, 28 Aug 2024 23:30:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 33925C4CEC5; Wed, 28 Aug 2024 23:30:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887858; bh=sydLriD9HWAooq5yd+cFzuUdkx2R+cx9auWZHUCA7fY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=otQuTQdp3wk4hcDOpjNnIrsQg9KwhgaBu5nx/u8HDL40Y7pR+jwHY9XxR7ZEWI1NU NRRvw9nWhLQGps7I7wTBCL9a4JyiewgCme094HrHD/rbMJ9nUSr2fBWGMwSgMwJgPA z4HXz91hU69poRSngzfP+0sDDBbh6yG3aLEVdY+LoYb/5zZPUpm4OY0Lu0HZ31ZC3W vv2AQd1cOVqNYUN/GO+VPnymTlwZXqzN70XnQzAVhseCYLdPW5EqiguurR2SqhPTGu 44udrqET8WA/QduW7M/ojCL8+5xJpTZtWNaLehopKUxmyXauNsX48h4RCD1uH7QFA5 1QcvwBWd7x28Q== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:36 +0100 Subject: [PATCH v12 20/39] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-20-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7225; i=broonie@kernel.org; h=from:subject:message-id; bh=sydLriD9HWAooq5yd+cFzuUdkx2R+cx9auWZHUCA7fY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KIKy2R7h93FkcxSJ/JfAGC1aobAQmoB1N96ecE blTmFraJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yiAAKCRAk1otyXVSH0GSaB/ 9gxycINt4jGEeumEzdfCbt1p9bcOTP7yN85Ty0JiwmkCl9PI+CjA8zGVZph/94PzIc5flRKldAYMqf hCBFkL0f+/lxgMmZ5gUQS7U+FGEwCAHAcw9L+4mtP0sqt6SGcbriQEHK8FpJkBwE41vHrjO+LEEoug jJEGciaeFVePAaCgtS4Ngbi325zdvvfp3ADSjEtispU3e+oWL0ZF8yxPXlBlm9xSy/doD5IoP4tfET XGytk6FbkXpLtqCteSaV9DSybym1c4aqlEsaWmwlYo3GoEjHwHnF+z7Ej1h0fCtEyw1Z6UnFEtVL66 AvC2vr7F6fs0bTjLe+ljshUsfu+8oq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 60B4E160008 X-Stat-Signature: wyrm6wdhoia1c5y6rrqenzedj3fani7p X-Rspam-User: X-HE-Tag: 1724887862-267439 X-HE-Meta: U2FsdGVkX1+AdJuiLrnzgjgMnfBKQWGs++ipN5ap2eZO1nAmmtDu2iWWKW14EWTQZqvoGL1bzWcsRLYJSuXVySzCc8Qc5p8xJdNQ5Dd7QSsAqXmPd0ATkl5W8VzxMwSVEbfElyoCFzMUDwpCw6tmNnURBokiGqUVZoPIxpewAFsOrvtS2L0uBh0DX6mxhJGmC/1kG8aZ9WBYndBnp+KEnN8LJnA/piwhUsg3IyMS4abwkwk0n9oGK9PJXoSmq0WPAS301lSQlt1ZcX8IPydOC6EDp+O8oQ51w+kGp/uP/kmLmjbhOCvyZVTakh5aA8xl8an0pQm51PRTbWmbjXtTuYogmJ9Dmvu7GLhviWndBwVXbvvVUSXOBjSrervFK1wuJuUznPZ3Wz/dhskLAXv0gV3Hl7v5Jo3QORGHoHhh1+oZjm8M0XngnTCdvlOvPt63xSNBtqrHjDU0eUJBjisYeA1kife8z885LBEwVGGGmcGtlmBfxrI2O2XdLxwlFf8aVVWowVrQGYl1I4nCEkMd/OYRPHTD95ZknCGvDg37foNE+HYJ8EyGPG6EqoCDIATYzZ6LNNSN+R88A+TyB/qZ7CE58L73Z/qmqE050lQKXviq6H4jPvXtklJWXYi1IrcNvycS7F7XPHlLR19EFQMfbj1MAGSuxDfCEkqHd9dhqRlu4hfS68sJ/kqRednVg9tQNewNUSvDHUIM3FEbIfrTHiW6rsKTIJzq60+QHxt8xFEA/CJrq6qt6VlxP4Oq7Q2aA/aQCHqh1Dr4e+AtWVIIOWi9c7JnmbpHtw+9VZ56+b7c+32c+84QfJspRYUMxWQYHUQxEZ9k1dqamwbXPunzR6iRkZzBPVx3PppjOGlECie9AiX9LBkUASoPJEqJuu5lDr8Y6PcwoOpnLGLhjnUM3ejBgqzTLtMlE8+5qG1878QDXY5LMM6I9kik3URV4plFVVms6PjgixonkNt+IUp ak47gr6B H4z1L2unlOc82skPD0/uOsAZOLfyo79Xc9Hh0fXDpytNVSEgWqHdgj+KbfVhPGNc7ZBBQSsA+AcLH6ZPpkU1ebaU8TJYc42WvTWNAQ3eqYcBloc3kbY7Qu9zUKoeqHKwF8sTggrTS7xle3YLF6LICjlh7V6os9cjOyxSvBPrJVWRL4TiIkIUaOSklMxKBuuuu9nVIQaFD+c5qT9eErcUlpxQV7sy0wMC/Z3ZKSCxThtaheGeDtB7i2ZiP34Lqpjoy8qmx+O6jFLtw5bbJdDP5Y4ACV4kh2q7I5Bo7ppWdZ2kOTyOnOT16z0N+lk0oXLUtDwc47/QITr8lZ/5uClEi4smMGN7jBqMAvM2hvieMfASV5riXlS7vluSTxv6wm5sUpVRyMex5AiSyroNYoFqoVOu2piw2uJRDmu3K3zGLy8OyXF1iLNusMaUFMS+WRSS3wljScLw+XLRpVfgnWRb8FVCOrA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Reviewed-by: Catalin Marinas Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 62 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 ++++++++++++++++++++++++ 5 files changed, 132 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f77371232d8c..c55e3600604a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -184,6 +184,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 4ae31b7af6c3..3622956b6515 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,32 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -471,6 +492,46 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + /* GCSPR_EL0 is always readable */ + gcs_preserve_current_state(); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + if (current->thread.gcs_el0_mode != next->thread.gcs_el0_mode) + gcs_set_el0_mode(next); + + /* + * Ensure that GCS memory effects of the 'prev' thread are + * ordered before other memory accesses with release semantics + * (or preceded by a DMB) on the current PE. In addition, any + * memory accesses with acquire semantics (or succeeded by a + * DMB) are ordered before GCS memory effects of the 'next' + * thread. This will ensure that the GCS memory effects are + * visible to other PEs in case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -530,6 +591,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index 60454256945b..1a7b3a2f21e6 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -11,6 +11,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Wed Aug 28 23:27:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782183 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7351BC7114C for ; Wed, 28 Aug 2024 23:31:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0397F6B00B9; Wed, 28 Aug 2024 19:31:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F2C8E6B00BA; Wed, 28 Aug 2024 19:31:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DA6636B00BB; Wed, 28 Aug 2024 19:31:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B95D26B00B9 for ; Wed, 28 Aug 2024 19:31:10 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 7C85780210 for ; Wed, 28 Aug 2024 23:31:10 +0000 (UTC) X-FDA: 82503252300.07.1C9A0CB Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf22.hostedemail.com (Postfix) with ESMTP id 8B250C0009 for ; Wed, 28 Aug 2024 23:31:08 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mP13yPt9; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887751; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a60SLytywbIllR3a2exYWzAT6UZq1WIqVq2AukFTKeA=; b=Y/ht3ROL8jUXxKEoDuS9JMo9cCqIGfOA5NZ0kKJM0qT/7hhuUl7xjyt93iiLXH/HHPK7du 8RmVBk5gKR7UL5kyYTMRwA0pa17rqDLFFrCzL1vIRTzVtDVuUjoWhHm43cL0CGi3p6/+yH 3iOeLI3Afp9uMRr0PD9Sdo7L9eVQDh8= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mP13yPt9; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887751; a=rsa-sha256; cv=none; b=QRYAhAcgsizf2zORdYqkVp4++IgJHpohBuNymm8J7H7T7YfVB01ZZ5UKPEnq7KB9iS2Ecp J83U5TZPhR4Boc9TFDFIXQ6chjIOqUke2Vs5dhRVy8uG1qOoMjKcj4dGyq6Qj4z3QM0fP1 fvl+SjcUuSPAuu4AQJJv20s/1tYoEn4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 749F1AE3F03; Wed, 28 Aug 2024 23:31:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 55C61C4CEC9; Wed, 28 Aug 2024 23:30:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887866; bh=r1EPj2HNqmDTMAGJCm8ZuYXl6ItJtVM0L7jZMyZ+dfk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mP13yPt96U0NJ8JNGBGVVgP2AVcIQPF58gZXM8j0Qy0kQa8jYYDC5VYSzfyDFEl5g 61Veao72PGikqGnoud+HUsiYZTclcPIDUbZo+UCKp3elNPD+z1QjmxY4p5I3v7VFkY T1EOk1nJd5zpitaaSNM+Xw7iszKf/gxjxoc9ZwZx7DSjRCZAPxRNgMQgXn2um572RJ 8PeCXYX3WCB10UyDizQx5bBu3cjCPmKJ1/RWippRiQMyBX5kQfT2hqVKmqiYeQVF2o OxA17g1emtKnHYIekmQp1NlcayCS7Sk13SsgrYqwCd5ERaDnDwJYwG3gno0nfT4zVt oZBqTUqd2wVew== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:37 +0100 Subject: [PATCH v12 21/39] arm64/gcs: Ensure that new threads have a GCS MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-21-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6471; i=broonie@kernel.org; h=from:subject:message-id; bh=r1EPj2HNqmDTMAGJCm8ZuYXl6ItJtVM0L7jZMyZ+dfk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KI/5/EZA8otPXJTG4eAk+IZZZZk3RvvbHfAmvN zK4Jf5iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yiAAKCRAk1otyXVSH0PymB/ 4klnjT1lRlENsooIrfLx8Z6FCqQScC0UWLZeDIMhUJOIuVgoKoHlu6qSUErmQ/0oVXkQQ+742PWItM 5rXuixBT7PpQtlBRhFbhu1vh5dh1xlFFr9WAhxGBo5AS9Pc+K9ban4ZPFw1tXViKYBaG/QWHXqS9ZK OohbPPA12F58N+WsDHitR9kMB+hBKQzgTwBVWVFHLLaVCXYfFvXqDY4C/+sRMp7Ht+Qzvcv+NzgPn7 oMpHxAwV9HJXFzJ7k8VtlUhmVf2cDWq8mEY/yrMcMA4kE6HC40emJJm0H+L/1osaoRJvmoAEb6ajCi BQB9EXlV4kZhXUZqH/RlyGEXCfMSP5 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 8B250C0009 X-Stat-Signature: ow9w9th1dwaikxuk4g8ztgsf1agde3rn X-Rspam-User: X-HE-Tag: 1724887868-488149 X-HE-Meta: U2FsdGVkX19g6p2ymm5VRrAlShcax0B793Do45c5j5h8LZfIBL8BVmqy/R3dWP116M0vuZza/jA2aZKyx8NA9nHEmTJXHQHXGnYlRi1nSYPOQ8wd5duMY2EbqSrQgi2Y+XPJMQGtFbB8J9qColzDTmP4F4tgUGSgKcr3+5dszunfdueWPVGD0W8hEGPf7TvtQrMaL+KlZaK7/osNbEEak8ZAgOP7rTnuLhtz3szDHjp/Q0QzrXrrGtgLvmEtAVvrKMtXdRMncRHb6g8uk9hBThtHAbRsWt7KKSCr53Z16/owDh024jLZgDx+GDpKHTNmtZ7MSURz/ZnmuCL4NJaWJwdiHH+A7UlBSXeohRexMtfiV7NUOWjABefW0kcMWOiOtl7ghd01ZwhOKoaVYvTpIEYsBt0lhr8Ra8K0oGtYflmR+daUF9Ere0igBdL5cub08G7oJlQEpNKRdK36UEk27o8EBTLcA/i0+GVeHOMJvBj39be5XFLW2DqaG43m22gdxLeQnD6yuLsuoHn2cvwsqAPvCPLBZwsIvb5hw3+nLZ0Ckpgfzx80g0x9J7QX0t0ZRi/i69h5V/kYRLSkeEgruH7JWLcCHhJR7VfTs0R99s/d4B9kobwNqzwBmmnXarB0e6xGaGXeS1XhSijh7M1RdWvLOd2Pd6E0cN4oKlUWvec2ThPYscAnk7yi7HymhElpHFd80w2tZMAS7kykwQvWrwA50HVC1T7APprySdjzTtSdPVovZmLPRVwAsbrZcznaALBDcddsj+BpYAHkfzHODa0VjmvHYWFEMMSZMEvW8ZoxyFKjqmNgzlYsflbz5gy+grYw96WRgeHjpdWDxnCh/yof908NmDkpxhgnidkOl/wB1o2CR2SWPlYH1kJehJ0L42iU/gqMT7nWpBODLe44FP54OHmHBmAeM0kMNHUWOE0i+zrLxrAo5UB2KIcI6x+dpj54R8pkOXR4/f+9PbZ 2vNuOalX Vxxc3mxFU713oOmtmfibb7nyeqJAtkp3S1a9QdYanh1/mRZiA2Zxvv0OMiPfJI45OIrpjP5W8gPGLiQkrncBJ2xli+G4XRkQdfZdhSV6m+hYEvqI6c6Zh/0bVHGUzYCXQIJpM7EvPD/3T0x9865skHcCZ+YgEHinAiz43RKOrmQbg9vLPoUEgQHfIlw4BJUzqYi1ipFgUrkCcgxlzTNkdlFt+x65u1rIMm96AmRfmMekreXBIBdF3x4qfEuLhA4aUWtmZHWEd+cBtY8rmISqPaLJ2EYmCh5+Acaj/w//lg36ZirVQiIxYca5EmrhdkFp9gwfnPByN5BSxuncF8YBV//PIyVZDy/bomWDKjJt0xBmv4f66BdnGWxuwIKLAVCG4ipTh8BNTLUfMIEz+fq+hQn8k61SZYT54fOc3tGQvZSWgszvf4T+XWZFqwQKCil0Zg0DH0G5D+tZSnOFSQ5yZv7Og+siLueSD4Ghv X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack. Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. GCSs allocated via this mechanism will be freed when the thread exits. Reviewed-by: Catalin Marinas Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- arch/arm64/include/asm/gcs.h | 9 ++++++ arch/arm64/kernel/process.c | 26 ++++++++++++++++ arch/arm64/mm/gcs.c | 70 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..c1f274fdb9c0 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct kernel_clone_args; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); @@ -58,6 +60,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); #else @@ -69,6 +73,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 3622956b6515..de59aa16919c 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -285,9 +285,29 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + unsigned long gcs; + + gcs = gcs_alloc_thread_stack(p, args); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + p->thread.gcs_el0_mode = current->thread.gcs_el0_mode; + p->thread.gcs_el0_locked = current->thread.gcs_el0_locked; + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + return 0; +} #endif @@ -303,6 +323,7 @@ void flush_thread(void) void arch_release_task_struct(struct task_struct *tsk) { fpsimd_release_task(tsk); + gcs_free(tsk); } int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) @@ -366,6 +387,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -407,6 +429,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, args); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..6e8a5e14fff1 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -5,9 +5,69 @@ #include #include +#include #include +#include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + unsigned long addr, size; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((args->flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) { + tsk->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + return 0; + } + + size = args->stack_size; + + size = gcs_size(size); + addr = alloc_gcs(0, size); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. @@ -30,6 +90,16 @@ void gcs_set_el0_mode(struct task_struct *task) void gcs_free(struct task_struct *task) { + + /* + * When fork() with CLONE_VM fails, the child (tsk) already + * has a GCS allocated, and exit_thread() calls this function + * to free it. In this case the parent (current) and the + * child share the same mm struct. + */ + if (!task->mm || task->mm != current->mm) + return; + if (task->thread.gcs_base) vm_munmap(task->thread.gcs_base, task->thread.gcs_size); From patchwork Wed Aug 28 23:27:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782184 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5084C71150 for ; Wed, 28 Aug 2024 23:31:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 345366B00BB; Wed, 28 Aug 2024 19:31:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2F60B6B00BC; Wed, 28 Aug 2024 19:31:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 16F166B00BD; Wed, 28 Aug 2024 19:31:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E87256B00BB for ; Wed, 28 Aug 2024 19:31:20 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id AEA9AC0208 for ; Wed, 28 Aug 2024 23:31:20 +0000 (UTC) X-FDA: 82503252720.19.83DBFC6 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf01.hostedemail.com (Postfix) with ESMTP id 47D814000E for ; Wed, 28 Aug 2024 23:31:17 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Bc/RpC67"; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887791; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=trN0bwgWCrt2s0bN9s51hne6hAIkbSUsKjyfnnLRIZs=; b=MfXF2WDTY28hTqkus7nb+Mr+P73Ig0rBDAuyz31eleM9jDk1wv4ZO5VLfqlkaSWNr9/dhp Quaik2fj5t817a6IqRnsklWY/03Z24S6+67SX6swrLUsPZXh4rDeeZtsnzGwhFFScYr0oa JiFRFOHwhbwQZTwvTlhonUIfJQSmIpk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887791; a=rsa-sha256; cv=none; b=vxtP+mWiNL1YDNMC7Ze5cJqSHWQAvSIUm3FVfvc2ujL0KLZQed3eIOi6anFbHGKr8njbR9 f3lYUd0nMAUQqZMyMzyv/VNgnCR0CdT0pGVvpjtELXpyJ3ENvihV9QEi5h9ZboQFgWy9u4 7+fCMAMtJVGYbj03EeU0vnOsU/M/Z68= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Bc/RpC67"; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 9E667CE19B9; Wed, 28 Aug 2024 23:31:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E79A5C4CEC7; Wed, 28 Aug 2024 23:31:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887874; bh=0ijNiQzhoIAXFEDYsJp9uHeNGvTgXKJ1zqFM87G9Jt8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Bc/RpC677KLijpq5L1mwxuEjcPOxDMlns/w6h3nTEkQsc8NSkM54ik6PSpz0rreAw i7vXPmYknkw4T53VJg0kQRwtzWoRGLfaP5DSAswNQnNtOCusxEBTMTlWJM+EZtAQme Vg794qYQLOxMf0yC3O+j9wT4578W1V+nUwWpJzs2tAgIUHMOSh3NzEpEgtfvz8OPg/ r5Jmsd3icvjZyQqAOQFxGHY1I9dvyz9NsDa5kJQvNJJlApdPar5vr3KKn9MMHas8+6 1Qdgg6lmYYv9ELl2JsMrwHD64pJ62NDs3A7G6tfog0qFThFHrU72z//DRt7fcm8X18 F1qgEMKmqZnXQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:38 +0100 Subject: [PATCH v12 22/39] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-22-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=5764; i=broonie@kernel.org; h=from:subject:message-id; bh=0ijNiQzhoIAXFEDYsJp9uHeNGvTgXKJ1zqFM87G9Jt8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KJ2PiHQzUI060g+R7OT/DKtDLyYjhFDPLtS50c RDKOMWaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yiQAKCRAk1otyXVSH0C3zB/ sFuFp5t3YwHnFl2ww5nQTiFYP8ihu9YkkTra750aX3PXt7y2fvhObybZdkT/vut46tpb6mdWZ3TSBA isa/lhZj082VaF/HHcfScdST3/MUe6rsq2xGxJmaRJDXPQTe+ip/i23SKZuhPGOvAip9wbRxiIGjjE Gkdz921pVUwTQYKKenm/sSRQCEY2x7PgDvfmo3BLyMXPmNIQsQfsm/zjI8Ip6WJLr7KE5ijSj5G53n 3umJ9G/zETJmEA6mmmM0MZyhCmSBWLwDPCx+LT5tGMxqQ+6cStHtQYyuXZGinBoby1t/A8u7QMOo67 K+5WsK7e7Drkyfbvx9haesxgJAnLt8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 47D814000E X-Stat-Signature: h7wrcuejbmwn4qqm74rc8o54ob74w4s4 X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724887877-734732 X-HE-Meta: U2FsdGVkX1/06pLTyuJtoFSHssK18Geny6MnPmJ9sfzd8PjVB18rZ6B7q+Es3b3mBPhW1ICgh4wg3WW01/+s7+ea8z5kN0rIl3Y0KpfUpVJM/n40qQi1sJ9FRVSQl42m+vr8K5J7FUgF1+q+Qqos7nkAvUapV11yBw2SsuTXnMDda0sSelCK7V97pY1o4MezNlruF0tSn1glbFHn9HFnl9pLvaKGesnbbDFT8CuVyAh3dnK1v3htVoaWTjTMUwfSPbZaLm8S4A767+xTS586zXax5cbdyBhDRaIaeaHkj8KKYNgbNXJHvLug7Q40vY5DwvWGbWAW5vrHzduXvEzOix+lFMHWoc3klflv/VD0c5rPyn+LLiKyexiI+3VCDdcmUu019kNMBMNAyWdlzivL5JNyJJKz1JIC/579iB++dmu7SlsHsdIjQJj/Ms9c8CmSXPyy+JSof7NBRbqcmH7Qzc+u+vGyCtJFJapeaRvfc5XD4Ys/mDM9ApbxeUCWjla1MHHit2yYINzPRjhqSVS7aWBF4imc74UGgMZgCh81PfIf9jV8Wzb7rLWkkVLWZMWLPUt7Ra4DCYy52MQeHPSccH0dq84JDL/jtMM0LGbI72u22vTzYWNnk2S64Gs4RrxBvU5/4vBWFohPF2EMUdLhJjZXWqQIWu/kwV5zpAsONhZp/Q558+zTvV7pqWH8YYgiWuMyx8uJ++QsETMSpz3gsPyVlXOVN+LoKIhtix1Aq1K7pzyjTUbz2BuCaTttTgRp/f8JpE13HQ10zC9UmC+Z1mbPANgYd8E8KGNW4zaWUG3WJLi9scGvhamBAT2HSp6SLvT3NY+8AZ62+BNZxApjgYPVn2Zl4DifOFf2c7W+Ks/aOz2g9O1zVgoqFoi1oT6KXHOx0aHwQUPJWjllN5+32Wowa0z1wSoYMfx50YxbI/DaQxPLOMAcWt4LRYdDjaK6GUPmZSb3jQSYbtXIWYc SMcbBDpb xsUd0Gz2JLZYpNCjBMI1NW+e9jH8LIS8pvic6i1tySECMOrUtC69vKbMDKDycM8747Y3zaM9TGARP7BUcAbHSX1xCjaeIlEMLNqkscnVP+eg4zdYHO3hNOrSxutM7IPIWM6aiiwUAHgttUDU5OE0VuVmJjLpZGy5kylq7QCzR3X9NmPVqwgw6vy/igStKJIA9JtGMEby3qKc3YPUC4J51F4JpO7bMpxa59l3a4FGaPNr9eX3N69qkFgM8KYTWt4oskkjit6990RgD+jy8DvNS2iJU4ikNBf+3F9KkvmmiL45h9/hkd3FoylRS2AhwYCoSyFJTRpmU9iJ50m5WQ/oKCl9+ZJwIqaJsrw1dPoJ1OANYgvPjDQzdvVotZfsCDX+FyYZlKvb7DTMsPllFziRLFnD4unD//FPAlCqe/O3UnYUT8fL5B9Ad5ibwHvIH2b7XZOBo4K5x6LhxvwENKyjjzGygxvkvXsP94n20 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Implement the architecture neutral prctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbitrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 +++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 79 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c1f274fdb9c0..48c97e63e56a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -50,6 +50,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -63,6 +66,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, const struct kernel_clone_args *args); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -78,6 +95,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c55e3600604a..58eb48cd539f 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -186,6 +186,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 6e8a5e14fff1..979e02cece93 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -107,3 +107,82 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE && + !task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base || task->thread.gcspr_el0) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(0, size); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Wed Aug 28 23:27:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F2B7C71150 for ; Wed, 28 Aug 2024 23:31:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 012986B00BD; Wed, 28 Aug 2024 19:31:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F03F06B00BE; Wed, 28 Aug 2024 19:31:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D7D306B00BF; Wed, 28 Aug 2024 19:31:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id B0A2B6B00BD for ; Wed, 28 Aug 2024 19:31:28 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 6DB92A9AA1 for ; Wed, 28 Aug 2024 23:31:28 +0000 (UTC) X-FDA: 82503253056.19.1817F3E Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf08.hostedemail.com (Postfix) with ESMTP id 049CD16001C for ; Wed, 28 Aug 2024 23:31:25 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fovBxTdh; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887798; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=F5TVaIFO1g+ufkveFc0wCFhaqsK/O9Hq1qeL3Y6nyLE=; b=jcH1yvmRqXzaFP0jQ3s92DeokWkk0w56489+6M2a2aMU3F8A+JzXDQQ9hvaUm+4CQCYYJJ IOV1p8Gw2SqDjXoEU/4Lh1AZJCFJIiGxfCaXfFVC61hjHcSnPlxz5Dc4/TdE4EvT8LvBdc LH7L+f14gxIFA5qNyuOO1zhSEMggNwY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887798; a=rsa-sha256; cv=none; b=68qrzm+KT94qyGhtQ+f/ufz7heo91+ocC7m61EhnQRp7W038lU/nYcmCnRjbt1pj/tYXJQ 5VBY0K/d0gUdjNPfdav+80pSC93tQ4JwbINYX/TLOz7kwaf5ItRbDUzie4hjC8rNy3Qyeo dekfKx+/8FT/NOgQUAthujVvVpvPaS8= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fovBxTdh; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 1ABF5CE180A; Wed, 28 Aug 2024 23:31:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 38069C4CEC4; Wed, 28 Aug 2024 23:31:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887882; bh=QZaW0hCLawS24gfsrOh/tioIJLs0ZSMp+GQyLn6Fkyg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fovBxTdhiD2VqYg10EgfUytuiZHI0AoPc/51GcFsjNd40/y9kJ89gK5C6JqZ+uXAk J+9y0SvG8fBAf/r9+hJeLKROupJ0IvBIkJAmdSRG/VSulTsQPHsmOBhhvWIF0BSAkV gIT5XmBo1uMl0Datb23vtxSiWJnKrQrKC/ygiCngnSY2HD5bLDu5dPhSVnUoebrmvD bULwgQ8WOce3MUoBxGlGZb4vz36yk/xjlSVuKzvFWtLJPXgIdN97N78FQkMXQSlqt7 vRJhZFShmSy8+aV/L3BWwCytVYSKv3zdGbg24IFfjFYvbauMbS5mMMYT4Xtghrg0C4 2lrilOvILazxw== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:39 +0100 Subject: [PATCH v12 23/39] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-23-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3111; i=broonie@kernel.org; h=from:subject:message-id; bh=QZaW0hCLawS24gfsrOh/tioIJLs0ZSMp+GQyLn6Fkyg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KKThZ/6LRaIIP82jKaeHi/u1K7PI3KtMSJ/Eyu a0lLpT2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yigAKCRAk1otyXVSH0PJmB/ 9UdvhfrTKb0KEJxHdMW577qcwze1tFePB+X559s8pp/SgfIA+XNNhYVab1hTQHpVx/ibLczLzsUhgf qtIoJ8wh9/MPww97uUH1ALY8ZN+OM3AuUyEVSIVawsSdoZJgKfehXQ4tSjW5pHxmsFJk0pDVUCtKD6 zMjRggMvXV95HoUi1TX4UJWldJLrzu+TIcN2ZuRcMBZtDsfaRMwr2I+icr/ctzLoUv//gGO/xR8OvU eLtv0qDsbSE2+fny8IODbznNRjeCa+RSX156PyHJYffrFGge9CTM1MKO8yJorXsiu7DsHjW6QuDGb7 PUuXQqdl47bIqXIaufxHO1zjbaiEv1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 049CD16001C X-Stat-Signature: r8cbcgzchbi77b48xhuefg4ha3jwqr4r X-HE-Tag: 1724887885-957745 X-HE-Meta: U2FsdGVkX19qztgdSH6hk7Q8soSg7Asupga+owkYTlWge81a5a7bFYrnI1qTysyztWzlpPytWZxxxLrfIi7MJDwyUnOmrnpGzeGL54x6ZSqW/egKwKzoZPhTZ8kzPpUu4b4LkTeIzdK0foP31BPbPDkLr0ulSRFJeu49YkEsYvzMbrONSGxV4FTLtD3rnhB+qufj/Yknd3QGqdEty2dEc9vdtXoHFZUQDNBBNSOrUladasJXYqISHDEI+V6yA3MdIm2pnXg679Kg+Al09M3NLbRZFSFIYLxFt9gfY2760Q9fT0PIrsvk6RiKf2itImMWkB00qp/ae00NsSH5PNHVOn136Zmt52i53Ur4RweSexVIuNi5N8CpyqglQhJSIsry0rdp1sR54Q2OOmFY0FLzJqueV2cE1vW4Wmgt1cs/TXwH4Yvba8WFOE1tg/UeHGMvuatYdsLpU1kRaCjjLE59SrNWcsTlqcdrNDcghGOukIV8MDZBp6e3k2AHeJAL9ORS/0K+1t1rGTOUvRT1e1ssvHOU5AWjSDk7/2493GfZfWXKTU+FCvfg7P5pyBYyYv9A7fq6QOkGXGzmhLiHIiu0tcv6GynMxX3BUogUB5vURLCeALHdjmm9uqZTwbf0oOK+75v9k80tE3Bc3rg+/TKzwxBawzAN7JSCdvIJEVl9iRZl5EW54GA+wBIIcnIra18oc0Nb6GXe9D/jb/mJ13RdHBRnBcal4pyyNSHHU2bk/UKEbCU8IP1t4DQs2UPUJmtVKf6s9frJGAsuYMEOjp3uBO/MbpmJUszuN64+jsrHEisxbR3gejYpvbx5AXyQK+xsBMJqd8wZfo5eOkB9dJ9ZpfbLNLfkJW1a5fRXzFylFYHKu5WFUdeJv5EusAdVnhsYkQRIRtuuJSLkzmI0/sH1JE5EaW94jwc9HOJbe92Aq9mA2V0kGP5ydHUKnPEpyf32byl8I75AlwHFBJf3Lmx mpOwq1qB a2+Qj4KUeXrAM6pOG45KZU9/MvvwUdg8BeTpaa6ngbMLNJPyG00MtIkAyxqrz8VLnY16QXhPqlV6P4WAr3h4tZS+hpEiuyA99QrXdlWbyxfU3C3HthCEVeyXf2zl4s9Vt0c3hEEEl6fQtIhg1t3D5v1QYeDA/GvvAeHPjdnIWWaHwZkkYOG5ek92PCUepAPLnFyIZU+qzrB+J7GMrfVWreATbrY8E5/jAvFlM7xBWkOV9fhwPtRJomIHj0Ho+16u9Anh9lZe77E2viX/FVPa8WJ+Z6me6RSfLNbS55Y2hfmwJakjSte1O6QlnEdNB1/jU2mryPCPcQq9wCsI+hPh/0q0MU+/84Nmc3QDkZF4diD/vJvDoRy3wLDqGAYNCOqfBnnBF64jlyeW8yKBAUkN1PdsteK4OHzX5NO2nJwXcP50zR1magEItsdHMi1qU9U4vZWh0ghrLDLxsfMNqKKqEdSUYRsyT05T3s29Qo/kDu0GKkmbWhBSTUxNodEWl3tVpTaorL5GObzBxn8h2BbakVHLGPQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- arch/arm64/mm/gcs.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 979e02cece93..cdd4a9d7ff7d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -68,6 +68,70 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret = 0; + int cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (!PAGE_ALIGNED(addr)) + return -EINVAL; + + if (size == 8 || !IS_ALIGNED(size, 8)) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + put_user_gcs(cap_val, cap_ptr, &ret); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* + * Ensure the new cap is ordered before standard + * memory accesses to the same location. + */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Wed Aug 28 23:27:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782186 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 426ACC71150 for ; Wed, 28 Aug 2024 23:31:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE3436B00BF; Wed, 28 Aug 2024 19:31:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C91E36B00C0; Wed, 28 Aug 2024 19:31:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B0C0E6B00C1; Wed, 28 Aug 2024 19:31:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 913B46B00BF for ; Wed, 28 Aug 2024 19:31:32 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 4D81A1601C5 for ; Wed, 28 Aug 2024 23:31:32 +0000 (UTC) X-FDA: 82503253224.18.87D785A Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf11.hostedemail.com (Postfix) with ESMTP id 850CE40025 for ; Wed, 28 Aug 2024 23:31:30 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=J7J9R1Hm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887870; a=rsa-sha256; cv=none; b=SwzxLvkm8KnLk0gRKyLHpuR7FwXCad2TCzySeJQf9zSBZt3/QvVp7/VxH3C35Cngeh6q7a f8hED5GeJbudIuLS6c6uMw9rLMBHuC3ysWkqxa46Kk75Ed2BW+nR6asFv5U/z4g5UCjVDH yJwpeMGYPwFXolwaoaqCD94y7F3GRKg= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=J7J9R1Hm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887870; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=woFi29Ic3NKT0oPJZWm9yJguMfryaF4NHFIriOu8wW0=; b=c7MkVNtJAnCu1TUJ37ToDNl05j1iiO/KlkGvNxJ/gDNEYzJ0b5J0K863mY7qzqnAdomnDk iVQnTAsvi/J0DWEMac7n3/4tUXjbGnmLgWTQFOuCIqmFiGQm3DEWya2dXEWq2pzeS9UYjG DXUbQ3+qvpwl5qaZkMejLHJY7ObJpGU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id C2095A4376E; Wed, 28 Aug 2024 23:31:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5646C4CEC8; Wed, 28 Aug 2024 23:31:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887889; bh=+XJ8jXgS9Q/t0O/27yyohfB1kYxr9cR86IJPKVqMyuA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=J7J9R1HmRK2uQJphZsFFrhZG8WoJb2PivA6h/tSdyXDveMEQt/3jG5mOBmHZq5Upb JG0Nhibcq3a1Xme/CMBsl6LgeNy8kncdr44u8JjmJZ16bXOIR4c7BSb0HiUHv+54E3 r4tl3xASvp3Ya72gLMGs21/YKLh0F20b+cnF5sS83r/uqm58y9tonOwraIOKCpTlKk nUCUummr9I5VXWwx5sNcGJzKZ+2GzO2JnNVlafginPT1jGBWygwaFbWn3uqZFoa47F ce0ObWLdvndrBmm6LFjEJNOTjW5IQujs3YB04inwproW73VWt0DVB7zK3P04yRAkLQ IpbMLwewoLZzg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:40 +0100 Subject: [PATCH v12 24/39] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-24-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6711; i=broonie@kernel.org; h=from:subject:message-id; bh=+XJ8jXgS9Q/t0O/27yyohfB1kYxr9cR86IJPKVqMyuA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KLj4E9jeS0/p1fUQxHTG2unNSC0YwBHSGzV7Vf XcxSsi6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yiwAKCRAk1otyXVSH0HSNB/ 49B0Lh7Royj2a3FVRBPmf7taMKXnKzRw0Z6Azuu1tSiQJPB20WNn+jqT+g50JZWs6yGK6+adSJwLFr Nq5QLjqJvtBAvQfiAyfvT18YeyyaSddtJIiKTb6KWmPOlcKIzEWYoL3xNOPBUX7frVvltUmIMq/emC 7LA8YpLQQfgcWdwEfUBbAVknmxHPMCboK9oVPQC4NWhKOUtCxfhpYsih7cFbgm37/Es3kaT+nex9j3 9I8/9VT81QVZxXRkr6D8NVBYK4w0ebnvDCMIINcK5DClNfdUmsLVs5M/kvD6hWaJ/vsLc0LVU95g4B DlHp01h49dZzRJaORURaSFvgJyprA0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 850CE40025 X-Rspamd-Server: rspam01 X-Stat-Signature: oiotmfesh6zejjnh1h55jb5s6un3xxgj X-HE-Tag: 1724887890-485727 X-HE-Meta: U2FsdGVkX18TSFsTZgQrW2hvn8VnbE8U6cCAmDsUojtAk/qfmsK1FoKoAoyqDLDcfwm9ctR4WF6f2FoQCwAyAh+OU9M1dlnfgbkstmO08uLMxlxWl75r7GvKPXjQk6GyM/Nefx3HarQ4MwntisenzMw5oF7kqLiuG4Hw4d64XeTgHpqV2nsR7o1hRcJ6zmTyak8Hy2Gkzwr5AmYHL28lB4qOzk9DEhTf/mvcFvmj784uH83U4VCCZt7JdPb9x26XQ6Z6V5KQAUyjxWnE9yLl6dZgfInY6eQzQRLJ4HZHeOJ4WIWZb1sVRTMacgy4NuYKW7kSVuqNbttEC0E/7Xkmr4Qg76ajIY3N4sPHcTtlzQlvHHNMH9ZUsuN1KQea/5rFBgFu3tsSnyUntlWAQG9T3eEIaYCgKdLNBxsXeFwwnwJ+8l5KSX1Pgfucdg/BcH10AGKNZ3s5tWSTSNC/LZk4zwq5/AIJgh20UIPeByJ/FMwgl5xw1QJiZabgJ1PNpa/1QLSJpSnCz6bBQVsMLiC9uvlRlmtkBs6RVziW176aOBi/9x+XlBLWT7+ygE+aHm78k9d8evPbHMIK+6YCaXLLho0C9BuF8bPC3HdFaMXyU2MjhjPu5wqmP6Lv0a/IcC/Vzf+r9ZNp9OwEuO+9tayISo7oyPmJkoWDIadqfxrovnqWXA6C8rQCVD7GBz6L7jiusdNi6EQLGLXowyJ9QdeAafIjOf4VOVhNDzH4hej5bczGZGsL2gdLy7gq6XavnCp14DxsSkjVBGBpjU05g/g48XdYqGwW5bM13RyCAM78yRWWrZRolVCDBZfrTTsB3ISutw1opkUKOWHIW++jD5ceuH7PCwwOO65zcKcxJbAIDWB5xOVzbEZe5v+m3D9typ8j5uKrljp3u5nDj2BbTpLl9PcIBvIaWEQPDS2RLcne5QwO5Y+7cS3VijoCpoA3gKP+vaRimcGWigQLMFFveQ2 vDGE/4tk ePmDEj6rDpT4vdh+4QJeLIhcizkCiaR2T2pl4RLHBe91JUDzqcq1TNMBtW3UK/TNpU7PJoUelgdGDpPCjDhnlANr8pbWVevMvriXi+8VXBCo+qx7/WF8tkKBabICIsS2p2CkXd/Cj7oXkWaf7cyRIHDCnP6G0NaFZJOoeWecczAHEQOUQwjAGmfMA73XLDMAK6QJmNklCx4uyxd7DRQVi0CCYz8kk+i+4z2ORl1KCXLsmv80fydk6LAB7rjPYwvE/pShufPbIdnusO5Y+NOArCqT+VkHYOcy2B7Z+8+SmSONeZNAVTW78aGBl4mUdYsR+ulMKJuzx5cl/P1YzAn5q0WveHdyJVv5h3pms7tJ8Bw9qbMzuzdsJK2J4rQbpTKtUyJ7wbT2bj8y/jOy4+qSkEfL2qliLBQPSjutrjyw4wDrhxifOI8X+q1V61MvES43KYTTW X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set and token type of 0 which we add on signal entry and validate and pop off on signal return. The combination of the top bit being set and the token type mean that this can't be interpreted as a valid token or address. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 1 + arch/arm64/kernel/signal.c | 118 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 114 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 48c97e63e56a..f50660603ecf 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -9,6 +9,7 @@ #include struct kernel_clone_args; +struct ksignal; static inline void gcsb_dsync(void) { diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 4a77f4976e11..3f52ce11f791 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,15 @@ #include #include +#ifdef CONFIG_ARM64_GCS +#define GCS_SIGNAL_CAP(addr) (((unsigned long)addr) & GCS_CAP_ADDR_MASK) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + return val == GCS_SIGNAL_CAP(addr); +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -860,6 +870,58 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + unsigned long __user *gcspr_el0; + u64 cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Ensure that any changes to the GCS done via GCS operations + * are visible to the normal reads we do to validate the + * token. + */ + gcsb_dsync(); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap. + * We don't enforce that this is in a GCS page, if it is not + * then faults will be generated on GCS operations - the main + * concern is to protect GCS pages. + */ + ret = copy_from_user(&cap, gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * Check that the cap is the actual GCS before replacing it. + */ + if (!gcs_signal_cap_valid((u64)gcspr_el0, cap)) + return -EINVAL; + + /* Invalidate the token to prevent reuse */ + put_user_gcs(0, (__user void*)gcspr_el0, &ret); + if (ret != 0) + return -EFAULT; + + write_sysreg_s(gcspr_el0 + 1, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -883,6 +945,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_sigframe(regs, frame)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + if (restore_altstack(&frame->uc.uc_stack)) goto badframe; @@ -1130,7 +1195,48 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + int ret = 0; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + put_user_gcs((unsigned long)sigtramp, gcspr_el0 - 2, &ret); + put_user_gcs(GCS_SIGNAL_CAP(gcspr_el0 - 1), gcspr_el0 - 1, &ret); + if (ret != 0) + return ret; + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1138,7 +1244,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1178,12 +1284,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1206,7 +1314,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; From patchwork Wed Aug 28 23:27:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87BAFC7114C for ; Wed, 28 Aug 2024 23:31:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 198336B00C1; Wed, 28 Aug 2024 19:31:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 148186B00C2; Wed, 28 Aug 2024 19:31:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D09C76B00C3; Wed, 28 Aug 2024 19:31:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id B151B6B00C1 for ; Wed, 28 Aug 2024 19:31:42 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 6F7E3803C9 for ; Wed, 28 Aug 2024 23:31:42 +0000 (UTC) X-FDA: 82503253644.13.AA06126 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf23.hostedemail.com (Postfix) with ESMTP id 156C1140003 for ; Wed, 28 Aug 2024 23:31:39 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mU25rA27; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887813; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1qWyhHAuZcYS0iDTBs3zX5RdOM6oeW6S5H55HeP26vQ=; b=K93kBwCWPNR0m1Y66s2ler5YmigYvNp9NL8QmtglB61g+0RLvfKZwt2FIyqYoROu1zmGUv B998OU0brUJwcRENzLO5Jj0HruDgCXZZtp/yCfpsbiVS9Xebc3ueBn2eZDWC+iSwCf6+Jq qiI7HYB8Z9Q9xP6Vp6U60JTF8SJJBlM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887813; a=rsa-sha256; cv=none; b=zdFM+iA0G4iM3dbkBJ35Ur2tdU0m+/sIf2lv7uJd0UZPBL7rRcBlWezP65GweBN7cfNNw2 EMvJbiwqrfZ3GyQCdhuSJ8i2Qgd49+y9DiSvpATjKMbwdpxDmVajRdmI8yaoSW4UHyXonT 3f1qM0/ZF8s2Of+cs/xL+pR3S0xDce0= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mU25rA27; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 6900ECE19B8; Wed, 28 Aug 2024 23:31:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CFA72C4CEC6; Wed, 28 Aug 2024 23:31:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887896; bh=73C3smpBK+UnDqakFPuhaJzLufKqaiexCIFYr/fa1x0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mU25rA27yjAUF5W16xtWcEV6nAyCAajNvImZSqLFWynmrWqAxF0lu2GrxyKbXz+Jb VNNi7LOgmLnAB08yS3PLQ46AhOnNHx9dWmVGkAzj8adagkORLMrnhVjzFd5/yELW3x uqhzDZw0JSPrx0OeziFzdT/PwmXxmLzsmLtVfX8Yian4Y8LfwY/cnUJS5fHTo85kPk YlBLcqXZsGsPrSYVv7++Ll2cwTpXz5ZaUS2FIELm0BShIt7+TDSZuZ5ktWTxI8baRD 7+n/xwagW9tCHLj7hYz6naaxc0Lx7vHyrQve1MPX0JeNQQQs84m60x5k9nkg+/fb2x 5zie35lHjz+Zg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:41 +0100 Subject: [PATCH v12 25/39] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-25-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6128; i=broonie@kernel.org; h=from:subject:message-id; bh=73C3smpBK+UnDqakFPuhaJzLufKqaiexCIFYr/fa1x0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KMtztuBk31zqZisL+pxTd1y9CxV6vFGkXr1zkr QLSfPm2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjAAKCRAk1otyXVSH0MPJB/ 9wLDGvs2zJBV6dYauqi3g2Kp0xDAFNgnGNlcMrp8JZIxION7DrvKdDFAwWyG/WNvmTtHTd97lTBOcp dzi0E5TyMfZKY6bogTnXfadhUgoehzIRtu9OTeRmGeiHf29qFns6JtmeIHPlezvOE8owkiPlmBDapD 7tRHMok169p4iNbYVuVyMM/i2JSTIVm+Sb52QH6/0hDJW5DbGjXMTINncdkO1Q53IFDeI7x7o/X04K 5jAsDnlNMzXf/cP0axq6Mlx4LcIYh5RKxoy9HERGlDD996QwoEVeQ9nZJ6ZIibVleUMSgLHfzNhgA4 wm+Ma44vBnN+MCRXHAgtoEH/yMVG5H X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 156C1140003 X-Stat-Signature: tj585z8i58cycxhhefjhoampnh4jnfa5 X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724887899-155957 X-HE-Meta: U2FsdGVkX18mzb/jGe7qDdDAeFetU+MZgzSCkF1MRMoIbAkB2voWCtoVm1Hi7mtwYm4ym0hs7sTjjs+jG4uSkdXM1MucMc0hSb3A1/OK2u64xv/qXHe0oYX5cwzW3RBp9SEg+Mk/MfhLAv9R3PCo+OGHVSFpTocYbIsV9LLunSeHDlTuqcqEJ3JXSwibmoSKzgG8r0t4Up2K8R4+gzLe+Nhu0zbrz97p/6mrqdkq41I65sTJdBD5d9qbJw46dnacfCp5YPne02y9XiDIXKvpeRZMYtZikIKdipb1v60hTQpGj1f0tE1RYQGB5V9xSExcEtrfROjBmkGXjU1FLi/8Nn+RxaXkyL0eE7JJntRRiznHV97VkYrRbnaaLxEx8BwBO5VAGvNY39OpY2GEVX8nmNeGL+YGiJZZZHMSayrxmyrUAvB/xoPsUpMPwMDPCWKwxSgDmWAG+0+ZYsyfU+SPRIj/Td/F2feyvFCbSRzLdDdHmi8jIyqzFuhfqtxFmZ5FDTJxVarjuFFuQXKciBLrg5ab6W631S3OAE3nBKQak3WXnTp7lIIGK3ZJqzhZpxeLoub1lLTLaOL3DFnI13vCOpryngEVp1TeDfGD5hah6ONieJPAyRspQB2iU2UO2wCnTkNvD7ZCJc/R22q8sTPQJKSvr+rX0BBQxErmEb3FjeQfoZt85LWQpyhxi5xPXLsdtwQrGzrSh7c5MSfmsiqGms8NOyeVuzwXbQJ4pELiV2m/WuMSR4FnyKaB90aZw7MdQTjxq7/OfsJh6A6Tg5YNXvx9aNK5fQQSQYsKMc1VdgA5xVBijfUgOGJi4r3ObagIvS9RpDVPhXu1act0i9pJljccq1FesPuXoHrS1puJhrnjR7XHkdrwsSwyJ+z2zLP9QSJj6vfYHSxYS/596HPP2HFOIWC7UQ5GmkjbUi0CmG1iii8/tUhrD+xZg2ny/d9Y1/sdvcxY6N9VVH3hUCn XcCabAYe 4y5mMZXujhsB220ptgZl7RwxDqeld01Il5yStbkQtYwcG5OjKkp6rxvuZkf9D5LpHYJ2QkPyhoXGUHf7i/IS9FYzcUH0RxQ39rMHBOwb7LS/vqs3H7lYdnjUCKcWPqkwXGMcQQwKdam2ynnBr3P6hO4+CNDJCrYPJhI1B1x0RDI3rTap+ip/OWD6xVr8HM46JYS5DSNr3PnnIFU5JGvFjf4XdYcFrnkznGNZs2r2o0fYoCb6h/c1Dhu/Wz3A68jw9ptAyl3I149MzVV7OK6dn52y1frNCF+VERphQDllQ4wEToFeuCbO7cW656VxspFWIX+PHYmngAhP/9BVijLarkgoxjv2gGMZfXi71 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas Acked-by: Yury Khrustalev --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 109 +++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index 8a45b7a411e0..c2d61e8efc84 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -176,6 +176,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 3f52ce11f791..dd2ed27b8bdd 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -66,6 +66,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -195,6 +196,8 @@ struct user_ctxs { u32 zt_size; struct fpmr_context __user *fpmr; u32 fpmr_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -614,6 +617,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * If GCS is enabled we will add a cap token to the frame, + * include it in the GCSPR_EL0 we report to support stack + * switching via sigreturn if GCS is enabled. We do not allow + * enabling via sigreturn so the token is only relevant for + * threads with GCS enabled. + */ + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(0, &ctx->reserved, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + write_sysreg_s(gcspr, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -631,6 +710,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->za = NULL; user->zt = NULL; user->fpmr = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -736,6 +816,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->fpmr_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -855,6 +946,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -985,6 +1079,15 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } +#ifdef CONFIG_ARM64_GCS + if (add_all || current->thread.gcspr_el0) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } +#endif + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1085,6 +1188,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Wed Aug 28 23:27:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4155C71150 for ; Wed, 28 Aug 2024 23:31:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A1CC6B00A2; Wed, 28 Aug 2024 19:31:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6514E6B00C3; Wed, 28 Aug 2024 19:31:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4CAA76B00C4; Wed, 28 Aug 2024 19:31:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 28DED6B00A2 for ; Wed, 28 Aug 2024 19:31:48 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E1305C021B for ; Wed, 28 Aug 2024 23:31:47 +0000 (UTC) X-FDA: 82503253854.27.7BFEF93 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf05.hostedemail.com (Postfix) with ESMTP id EB423100007 for ; Wed, 28 Aug 2024 23:31:45 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rGArz2A2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887885; a=rsa-sha256; cv=none; b=PB62a6QEZZQaPN6BHHbt42yKzqMtMV/Mtmad8/CXbaypUktehNwkLLYSR0t0bD0klJBz7Z YUia04mIXgr76ADcxEhBxZTquaf3f3HOvL0oqhX1gdTnLEP3yaeAlaHlsIt6of0UKvBL/p 6HBX0OqTgY5cggVrMvVyKbJ1akLKRWI= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rGArz2A2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887885; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZXC7qmAPK5+ytFrjeQwm551YGqCp6yCcAp4NbbBoCVQ=; b=0SHnIJJdvtxWahdNENdtyoVlsNEYa+gppF6htWna2TTmPNn7x49VGjFW+v69cP2ixAlG+v rQ+h4mq3jm98NQoy4zqUnxQUVL+c3qI+QDDxg5nEQ36J02+z6h3eyv+7lI23JfhG32G1ph 5LSutyiWRyU6krP/9fZtwwYoMjODTiE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id C2ABFAE408A; Wed, 28 Aug 2024 23:31:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F20DEC4CEC0; Wed, 28 Aug 2024 23:31:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887903; bh=jioPgJdKS7IGyoJt/boupHCVco/oNVrYySiKZKN1ka8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rGArz2A29GItyz/quN6YxeYuiZ+QrXS2XdZFy/GvHk8zWgO3/tsjI9MVkHdky8RGO BZeTPWsIbDO+8kb9fv2UggzcjMvOSfN3jqAplbyZrbdk3Rf49oEyd325drsqTPvCuT vKAMfaT2xkx+rjE9spVN16a+MIMzn7nItV6kB/8OO8dzgW7eR421KKbCtLJTeBigkn 44G2IFgwZwmonZBqHJ7OIo+qT49txs8SxTh6byC6OUzQ0gxoaZuc5UGhmFAOOLwaYr WLBIlVzOCpIXtAkW5RVWaq3OSWGMnkOWfK5Vw/iyvpueHXdpxPRhpoBky9IfA0tyF0 0vWP46QST9PFA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:42 +0100 Subject: [PATCH v12 26/39] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-26-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=4197; i=broonie@kernel.org; h=from:subject:message-id; bh=jioPgJdKS7IGyoJt/boupHCVco/oNVrYySiKZKN1ka8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KM2ph/FfEKgpcW0wvMATZEzYmq4o806SdIJLKM p/IvoeaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjAAKCRAk1otyXVSH0Ar8B/ 9+RGHdBXSYYgzOnBqq4S+TTWvhRdGSHJ1qWPHSsZCBIfGwsxnpw1puM/g4wOzgH53HXVuA1gdUJDR1 d9HbJ2xmII6Ezt+M6UVY7iUiF16VqyQkLmf1gLXJ+P676ou7AkCmPYPhpVNXXomDhveK8H+e8tDKaW 5xUxpxwd1newUKY3nzxSB6kwot372RIVIEcO/4pAtavzKSRJ9Em4myWUyTRbdq8gIO5YMaLd6oe+2i sqMXPB+enSafWqWkcVmzz/NyGr0R8abgwg9Rgt+9HSIn6exkH9sU/63NuhaF7DtKbnDwdtjBdzUI4F KdClCiWBh4Ayl6wpeGRlKB/R1Cqbrg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: EB423100007 X-Rspamd-Server: rspam01 X-Stat-Signature: okbrmd95ib3mkwzy453g6jygk5s5ryem X-HE-Tag: 1724887905-113054 X-HE-Meta: U2FsdGVkX1/wHL1cLFVWLPDl+kQWVAEbEr+kxuwZxm7nCJ05GQKDHlTFc/ZYzHpN5fkZey20JFhqUlmm27pJD1Lu86Th9JlV4Tx11Z760EokSSSoZAOUZWfRXB6ehYSF4Y/AZK21cCOo8c0a4iWfntKcAti0U2JFPi4Ux+/+m9IQtiNviHCHE3C40BW5ghSQLLtagxk1xrUFFWsBF0L5SQfknm9IEHu7J8gjgqj9N0tYqXQVYgAWf7mR38cKl4FSlLMxJoGhvA/wmrhIO+0IuJXRVcd9IqWNFYCC5WitasbcPIOt4FT1xbF9Yz92+Z19qgOrP33O4rdK1Plp0DCwy8FvLKho5+3KckdH6oR0waL6hMqL/hHTu2aFaWnZqNCCDn9C4bRg0nRF7N9m6y6KFHHDtS5BA0CiAbUI/aa6DMfloguzzV1DGSmtygoAmvxkwp+ktr+SckQ6u6pF7z/6TR8G+jhTcQiXDaU8l1hV1N1IyBOMo9BDWWQ2CIs1yBHcbR/R5pP1jAhkqk9vhUkQvJcD5NaayZmE69BTNaY0sekzM9NPC0dhAAzUlyCCUMFsFNXhLu9PG8TrP8sQRS7dk7sHzx+Z3ExWFyMeBecx8tdcd6+zbtxCw8QRiikk5/qoT4a1oPTRc7Py0U+Qzu7yLC6lqZHzlCBNs3hqpuI0ouEdM7/FS+LS4lCAYUCN/Un/B67Hv74Uy/BtLDMYBDmtWqUUHF/qogpKOlD/OJ/fd9HlSLrEgX53dP7TdcXuQb+MXSabL9+/A4k3wkh0od6ArrF377lDdTQM4dPNJwrrdnO7WO1rR4hplhRyIbAeaHAul84DRLlsOq6skkCYj9LmsRK7rsPTOOGnV5A45Gjeea3usF1g5x2AWfpYa4bvJLZCUZXfeLKk1rB3pzmqb1HgqhrVxRmzjnHsMs7vT7Yf1p31qdnBt3fdnMV3y2ZZkhjZ+XWz8fy8avde+SzLSGa j062RCoV CskL/yTC+Ij349zZ81f6onbdph+2MSPHHRmNtAIugBAQNT5schbM22xiM+5Iwn9mzg/2SVsCymlwkoqBzLDYV3ao1FJaSIy62JFmjMNMbblHRPq6sbIOz5a8kWySqlWhnkGDAKvozK3oSYSx1smZMKF9pqt/d60SujnUN4LBYgc1KPnQzQ7/Ja1dwT+CI/XyzJUvCGXhuWi9h/h8nLdXMQ0mj2KdC5pm9BbPphI3HvwdNMGrvQem/k6fClQuciI6VnIMq4RuY25B96d/vWYlqDBB218a29LDJlxxCv8xj1rP6EYA0Kv/UOpE91d1zWJPh4CdMg0S9Q0nB4sYgXIUttq0pkcf/epaxg+l+zXxdqpgAhhxQk9rumoFNbhgkpAyX1dCTLeyWsijTqXhMJ9G8AvTrzDxf05g4uA41PApvy/remgfId7sM9nkVTPY9fUq5Ah3zBLChYICZr3pJNyX5Y0xqLx765oDmbWfZ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 ++++++ arch/arm64/kernel/ptrace.c | 54 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 63 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 0d022599eb61..88f525b0c4fb 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -1440,6 +1441,46 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1469,6 +1510,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1628,6 +1672,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index b54b313bcf07..77d4910bbb9d 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -441,6 +441,7 @@ typedef struct elf64_shdr { #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ #define NT_ARM_FPMR 0x40e /* ARM floating point mode register */ +#define NT_ARM_GCS 0x40f /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Wed Aug 28 23:27:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0BF2C71150 for ; Wed, 28 Aug 2024 23:31:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 47F0E6B00C3; Wed, 28 Aug 2024 19:31:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 42E756B00C4; Wed, 28 Aug 2024 19:31:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F5FD6B00C5; Wed, 28 Aug 2024 19:31:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1020F6B00C3 for ; Wed, 28 Aug 2024 19:31:56 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id C718916013E for ; Wed, 28 Aug 2024 23:31:55 +0000 (UTC) X-FDA: 82503254190.12.0C64DBA Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf16.hostedemail.com (Postfix) with ESMTP id D350718000E for ; Wed, 28 Aug 2024 23:31:53 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cmxwoYiP; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3Tra5knfzCmZfSHvN2+MeAaZE6X3clgI7jN+/jgVLsA=; b=2+L40ekukaoBAGnei3DhdpPdrt4n8toLaFviP9vj+LDjC2q/gQx/lZm15xm7Xf+ir52tKg rYspUcbgMT5Ec2btVM+mVOAQKYsLEPv/wMCsWgMJr0qr6O8fw5sdaX6VheSXIW/IYDkluX Y9jPj+CAezf0XRYYtuwCAVQ/aerTUbw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887825; a=rsa-sha256; cv=none; b=HKfTY/EWChhPDoLyPs8552NhuyZ/9hHNgLnNlUgm8XYNd/reI+7YWjHZPNxGAUQt86EYJR jkXgtp3bWzVlkILSfnpwQ4oCUMWABu+ukvi3BoP8WeN3Yyj1qfa8FhRf9MrIxTLh/YBXO4 6JutpzKQqL3FOgibPNcwsevbUDPCcZo= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cmxwoYiP; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id AC3EBAE3F62; Wed, 28 Aug 2024 23:31:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1FA6CC4CEC2; Wed, 28 Aug 2024 23:31:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887911; bh=beFDrtDyIwMIQ+9ZnRJrXKiqbsyL6F5ZUs+tNbRY4bo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cmxwoYiPlqAu3PpbAe4bGKFan0D35T9aFz1uyLOo8UJeOq5mAHsWPTyVNiP5qq+QF 1bJmwFkWzxk1xeCmgEZjTmbPypjyB2wMPlh4/9IEsgqdGpkxmvUz3PCfJH9PueVAL6 MKQBMKGgFzhwPuS8beYHyGbOiwMhjcRUsKrtqTZHRGCrVw+kmWWj1h9HXwUb6w3RWV FYKB2GvPgAUY/CCdj7QhVw+qDbhnzLjrekLZU+8Q32/0IagdbBbZuMFRTV3mEFcGaP m66+DiHgGeY1Hu80y6yk2xG+bH397ive8mzSUVwJSrPZmFjr4FhDO1y9KjCrF9iyRT i9cYNNLgL2fWw== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:43 +0100 Subject: [PATCH v12 27/39] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-27-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1518; i=broonie@kernel.org; h=from:subject:message-id; bh=beFDrtDyIwMIQ+9ZnRJrXKiqbsyL6F5ZUs+tNbRY4bo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KNVB+3I+jq6y04asLcwgZ/MwTq5s+oa0mg+YNh Yfgu4RqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjQAKCRAk1otyXVSH0BPHB/ 90dYgJUIMJYlO9HaX+ruyrHyhuRC2pGtl9VBK2lNdeGXJ6Hvqi4owpgy/8/6e5omy6rq70EJZcWYul POQSUjKOHIw23YuSNSZgnq/G5o/jHmK1bUc5Vbn/iSGWK+Qdd/pAYigxHAfQZv40m5SgkAm+/vKLRP Cn4pGEJ7bm1AL0CKRoMgGxW7lo4EIWCdJDkr6hLUENHRWN15nlW1jpIfgtrYVfTm+AN7qx8NuUyjwp MoSbOf9pQqmotQKVb8unNR3EsDxcpUueJxVZgR9sSM8h2vGjIfeXq6D2SF/qtFM9p7KvJAd/F9OMXD x31o4oXplu9qcRnov3va3/52q6tZ/o X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jc55yq89fiio8jz6uxxr5tajxwnm8h4d X-Rspamd-Queue-Id: D350718000E X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1724887913-503738 X-HE-Meta: U2FsdGVkX19HPxmqdNW8QPOkZ923SRklYxO1tllu7emSkyd37PVN9yP/Mi3DHNqYykTZzRIuOAEN5aj3sFa39YLY4Hn/3hlUqkLdh+dAaR3C7QOYnLI1ClYy8TSG0fa4MQ4Bl4N7FTEc6RPUq8kKpvt91wfov8GTBwoEJ70crjUmba+yy2JMbooXMge9VYIGgTuIUmHRANClF+W6SO9LK/KdStyfpyo1lM+ZTjUV8yDtfhTlOMXRx3FgZysXUFrNXj5FJ9qTFzOqg7xM/QZrqm0QB0CVfAWL6DGZZnkKdo5OduIBwOyiMz7h3xFSejE7HoC1HPCg1Cog3IDk6iiAo7+2cYKbenEijS8fatb86GCYLm47yGrhOUSKaH7VVwoXgIGEDseDIHN8KfcyHSU1Yq71VPDPKZO/pgIkYlGqBKLFMUxtXJOf9NRG8uSGVrhB+w0RRYy2FwLcL2pCrqhe1vGFProLoi8OpbbEjTHbas6fx6dwsEs+9OQxpPEw1dgNPggQ+RJ83LNl2nyhgwfrf8RivBjQCs4bUG+5+kxtX+yXip437B5E+nuIiwT27pV7yvfXCF/MjEVvLmq9LPBKowKdQXIkJ3hMDfnzZiDeCfEpQhwejf6V4SPr5pi/3Uk3EIHwuTgqTUw3eqA443UkdXmZrYNs2hP7Z9zfpXKG/tuwOzHsR5Kl/0EcAY89IMjHYJ8E8qVit1AOAXxa3zgk9n4ggmwaW+ru3Fk0Ec/wV5NBDuxmIZ0ImRqa1iU39ZORioawLrx/JJquYyxLQFUCdR2Ex7BjBxYQU+y56sLpWNpOFKrF8ZPCRHKreA+mgCFidLbhp0TFr9e+3Aj6HVnCF7csyPrb08f4ntI7wlseFPTuptU7h5zxDoxAPlav+51IlRGNx8dWCfu0heEpR40FPwOe/4fBVbpuTNytJhXH4I2x8CZ+SVxloQSQHZGXVpO9rar36DxoVTwJmAmMjbz H+ONJgmo rHcdul1fkXMDFkPmKuWMJY6Gg9TLJGHUB9lhXZ5TsEe3QTwYxNE4KSYUcR61kbO9XoX6SsFOtkr/081UavWw5TeVu+j5t5ilWKuo2gYxQ7Oum5WdIwTxEFokdSw1TYEO2ujmyWxykYTLHAvXQNg8UGPFoDGq05/AnzD4P7AXYOfhZvonBL++3r97CdkDGcTqt6Fp9v4uIRn5+b+kMVzst2m8+zp0+Lck2y3tBU7rAPWa8xiNy/6iuh27Td4oNnz+1s2H3bVs1WbdhnqrmImQodJZays7K2MShdh0YLxOCJ4xGGYSCQi2nXoxRkSI9EQKvgGECz4eSyJQW1kNrYaTHhx/p+IZOn4TgjdCsU9X7tjaiIAUobEszHfyMiBN0rJxf/wKDZDLoFMzkuh/IMCr0V0Ywi+4n8/kf+Macn1gF8A/1cT1mKooFq+ijg5yafM0l3AsMblvEzIgliGm8pX060qkfPg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2f8ff354ca6..3fa682151c8f 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2137,6 +2137,27 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + depends on !UPROBES + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Wed Aug 28 23:27:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782190 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A0A6C7114C for ; Wed, 28 Aug 2024 23:32:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D0AAC6B00C5; Wed, 28 Aug 2024 19:32:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CBBFF6B00C6; Wed, 28 Aug 2024 19:32:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B351A6B00C7; Wed, 28 Aug 2024 19:32:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 92B456B00C5 for ; Wed, 28 Aug 2024 19:32:01 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 515B2A9AA1 for ; Wed, 28 Aug 2024 23:32:01 +0000 (UTC) X-FDA: 82503254442.27.E2E0429 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf01.hostedemail.com (Postfix) with ESMTP id 9BF3740011 for ; Wed, 28 Aug 2024 23:31:59 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hjwu1NOI; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887847; a=rsa-sha256; cv=none; b=1jaDm+tRiTccOPPmf+wxenEvecDMRpbQUmBgc8RsHhktoEDY4e4RELSbLyAV4BJLTJQOzM /ccIxrijTLpunhpy9Qsd07/QV0v7YWGoPAoxenaehuoCkf1SObyxnB3b7A+HFmWXuAQeoH 8s/Qo8IB/SRZjltRxEKPYXg3UsM4OGk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=hjwu1NOI; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887847; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aS4lN8Lf7oKQdpx1+79LO2SK6e/x1FgNnxnRAeW0uao=; b=BR8cOwDpHvOKZd8/PX9xZPu/n1Lp8cgMW36Wk++DGokRqslJAsJ1QnqZ4LncE5uZMwz4lJ PYmTtiGfqilhSukPndyVtZFiC3RpBLuP0ip1/G40GYu+2AT7bye2PCi8hQCWnkmiJPB0fJ yXY5t3RhRdQsRhfJVHg9gGW6W7CHhJY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 228D6A4373D; Wed, 28 Aug 2024 23:31:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B375C4CEC7; Wed, 28 Aug 2024 23:31:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887918; bh=aFW2qvTAUk71Nq29FR7iqobh+ecvMgae9gmrzv39Zig=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hjwu1NOIEmtm8Z7u72gZ6JHpkwB5gkUJwalodRKF8NUXnKJGIEb0zJUYn0XqEtVsK 6eir07YTJAN930R0rS8oXPsf6PMfQ9EfkaAWQ1dRKOa5wXBUnNDnZaVRhFcZay/PDH o/emvel+ObwFHeJv5S51ipjvW8LPa1xdsI+eywNUXvOC5+9MncYTnDzs8Uteg4EfVc yuQM05fKSpjDRx9hshHQz8ztRMRG76+LOxIH3PymqWyy4gwdHZESoB/tcfmV/26lB+ qTA10jQeMNmWKfhwrB7LyxLXvrqayRjUqWp7rT//nr67E8BdqSESxF6eyGyVLa88li voHyn7VgIlVTQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:44 +0100 Subject: [PATCH v12 28/39] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-28-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1352; i=broonie@kernel.org; h=from:subject:message-id; bh=aFW2qvTAUk71Nq29FR7iqobh+ecvMgae9gmrzv39Zig=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KOSj/YT5ssZcKeVNxIRh75CfX+1/LJGwnNPsEb KfxmaQmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjgAKCRAk1otyXVSH0AjAB/ 9IIDCOoIAD9cFmgd31fBocKw1sDdzChCEINlCN4R0b5mrluwuKvPLbgBxP96AyAIXdOfycNgOfzLkX sEBtTYbGIRb/4+k5PT5XV+8RvrJUQOYR/upipwFuP5naV3G16qy+an11n090xuLfuaBy8W/ImD5z82 ZIIS8iof/mQ8HEOGmIyMAz+DDNpZbIl40V+PgO8ZXNOHJjj6kCUomP4kQhbcfb/AvtUtOuo5tBYbxs 4Wr4Lb7KhW/WNKTnUD3EBFmzIQj/TGOJTSMEw0BUVChYxdHRy+U0lpcFUxuRK30pAxHy3X06v1Pnm/ Gmna9QTiGgP9kprUoXL7dL1XvDBs1s X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 9BF3740011 X-Stat-Signature: heogafyted9wz9h67n1womowr86ecktr X-Rspam-User: X-HE-Tag: 1724887919-262821 X-HE-Meta: U2FsdGVkX19Q7vRRCMxjTlL+DZbKoet7NjPiUzVg73yPxYChFN3sJuHYBxv2WPLcL/BOdS9sRvqI+5z21PmBekawWG2NFuatz26ubEE7Ahkj06/w3IcZiS2d4NHy3Zj0Xa75JhSz4KaTGaDMlRDYkSVgLiZld4yatMBH/1VQ6vO1dfeZEznjwH0RVXMdSZxTyMIsMtsddwDSvl1yOXezVm/lRCN15hbnMSoCRWZZBPfnXhpx/bV+0otRatuoQmnz3Y7sY3Cz3bgCMQty5X1DYf/kkyqPsSNv5JUKNkQO+enRhRBffSGLthYOQIw4IOAYnXXb7RydtdwUP4Wa96iQv5L0KgGYmO4i5jFpWJ/NSOKIlSQNnhhM0eS+HhSs9f/BXl7VOrbezuxbioPBRhQq5S9sggQKrAg/YOu2auh2pTf/ewPh6LAaTx4xTILHwvRa3pvevEXNINIIBQ+ZuPzhlFmF8BgnN9BNDpiSK9Mlkoy0/vsQSZ6SoEw2HUl18rl9/mY+q6rSwm15E0MfWdf17Jeja06JohjSxCjwo/76zK0b++ZkJ+PxFqrQr2c6tcWh24yDOiwQs3RbCWvtrPU5OB+gwrZExga6D6EcJzF++Dz/I+GVr98ed/CwYZlTcuNyxMh82R35q4u37ht0BqnXD7p4kzaJ0feAUveNFys//s4b7LR951oglm1VQEHG4h7I3C0CpsDub3XrLsDJZ+uWEJuhEPF0rmTneTd2J7FOT41w8BmtT45sqWWmd5nytdhp9aBABM0ba+B5Oh7eZrvp/mY+qJ88jk0QnC2qgBxcPIe6IoiHQEjGdxfMCpxhUwCdY76vb6W78IqAc/diSPUlMStHvr4BbDVYkEIGGEwBbTIgFU9FtroZmpAbVLLzGkwzMiSY8Ao3ec7RUcRWL60jYInYR/nGLJbp/gwXOYscJ8JkQlZxjGS5asyPeqo03aTvs7Goe1mxN9peJYc2a0V 2JkVG5c/ ghRs3r2JlMAkpAvKDf+/Q+qcQNHWJW5JheS/dSTvTdbLviBoWX4QWReXz4eg7ZpDVc9tZ8AkKyibM0wW9i6hfb+eVoy55yMreH2dl4izqvlNemIh+FBVefNTCZRGcsP8PoWIds3UfNQ7YCY+Rjma92dFs9VnYnQXhx6DONLL2YeVm5w9U814ahQHPpAdey25ibgHZbfBZ4/moNY5BAXAbXyTHyMH0BeGEzk/u8/J05HMsLc9isYSfvI3Dz4lQG1tx9IdAShOsqTLADWyE1rk0JoA36i0BhSpaqBRPU9SKZv7gr4mEhAkUoVZRSVxwb7UCeM0JRR1ETSGD9CGTMrZwTQ82PeOvHQxrZOGi05Km0M/WOQoweeMp9EbvM0PjufMiypqVtGDkZPfyM2JatERCTQs3LG1nb87ZozzP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d8909b2b535a..dc54ae894fe5 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -98,6 +98,17 @@ static void fpmr_sigill(void) asm volatile("mrs x0, S3_3_C4_C4_2" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -528,6 +539,14 @@ static const struct hwcap_data { .sigill_fn = fpmr_sigill, .sigill_reliable = true, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Wed Aug 28 23:27:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782191 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5358C71150 for ; Wed, 28 Aug 2024 23:32:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6CD126B00C7; Wed, 28 Aug 2024 19:32:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 678B16B00C8; Wed, 28 Aug 2024 19:32:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4F24E6B00C9; Wed, 28 Aug 2024 19:32:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2DDA26B00C7 for ; Wed, 28 Aug 2024 19:32:09 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E65D8C03DB for ; Wed, 28 Aug 2024 23:32:08 +0000 (UTC) X-FDA: 82503254736.17.8D8C8DD Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf09.hostedemail.com (Postfix) with ESMTP id 3D9A514001C for ; Wed, 28 Aug 2024 23:32:07 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="dJ/mOv9K"; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887840; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ni0Kxk3yWVfTWSbrVjjhIlms208eOmetcRX6FMFodsY=; b=NutdgPXgUHvJTB6ea6t477yNvlw8r1YsMPUB4qKAXZEMO2OrN6FGmp5NfZrL0pZkh3BeRl wcb3rYBVSUup6vc48b3Kkjj6uT49cj3WVZgsRlU+gNon9mfi+2Z3sTITdbhfRlM3lIINso FLr3Kl1kXmhesKd4EvUlVsDRK5t5++k= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887840; a=rsa-sha256; cv=none; b=Be09LFr+LpjDdLv2fQLsCN3A4z31AIY1/t6mb2gWLCjscvH78+UGgYErolSfqCZiyv9fk3 tKOVs6cMnHwjzEjBdDiCMbSsy1z0dMnJUGxamBYyLUFdF7ZUscU/IFletbOewykGbmQ5hu Nlo9RUb9GeZow9fwRGWYnzf40hLSrbs= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="dJ/mOv9K"; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 94EDFA43769; Wed, 28 Aug 2024 23:31:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 317C4C4CEC5; Wed, 28 Aug 2024 23:31:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887926; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dJ/mOv9KyokVDXmrKaGF7gLW3dPjymJfn9vb85KHKRfDBxzmkwC9ADfonFPZ8smil lVUMVMuUNhhbJ2NxXXFiIeiG0zG95/TuIBKwlFGx2wK+hcD7RRK/S7lFFHB1bLWYLJ pIcw0wRbfkrBoTmDs3+yC+sYY08RX4IbXRpytuGpMalbpANP6nNmpiUZcRqBAVbKD4 I/8UGpU799FHgqw4qxWC6NDxnjPQCuGK99PHHFd+8s57C/va7Ua/t+i8aKywtq2BoP HasJA19H5ZfYEKlcC98VNm6g9mtHJCdXm+ny1GTBPZByKD9izBfLIV8zOwby2XumUo cSauXnMCy2+6Q== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:45 +0100 Subject: [PATCH v12 29/39] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-29-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=broonie@kernel.org; h=from:subject:message-id; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KPgjRA+l66s77QyY94j1U0r46JzOAjWBQoCK26 nUTS0oaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjwAKCRAk1otyXVSH0KV6B/ 9b7oXkWayuyQxO8M+w9SB/jK8Qt3ogM/TMwIBuJV0cFLhWUSfPTNC861LHRMCk/2uyI18kQ4HJFFmK zIYR8Gsv8zWZm6Knr+I7wWnw7WTE5o2QAZvTWO1AkuNLaqaOUDXnTdFYRoaqxGYooEMhq0WAO7GPPa ESvcYbIe4d9PDSE0ImczVbNpRQSWSvaqU46/0aBaE9oW/xvO2ffowyxQCG3Cfk8RIStCOEDAy0Vg+I nvCFwDnHjqMGsUM4ezhR/wNa4TkdNCn15xcMCMElvGL7BnAbEoNJhPJLlW2fHh9ENCUmxcEHJFI8pf 3bdOHXG59TA2Vbi6nJCYC9DaxUSNyQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 3D9A514001C X-Stat-Signature: 7x9dfkggxbsm3p7d7kjt5p15tusad1um X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724887927-854711 X-HE-Meta: U2FsdGVkX1+bm3/ZDQ2bgahtzEfJ5QCJqg5JTxvdqaxdKuKYlLkoIml9juL+Uhgdq/5ZbvwzmLcZGLMHK44oEVT39eFU0D96vPwfgvJp3X95lpWamkiEmN0bRyWR0xKfK/kBETPaOhEkuAzRjDXrbVR5mmkE8ikh2QZlEwLOJKYK0FNDOz9+MEe/yZONoqOXKR1CaSZGXLL1CCmfxRxCU4xP17c/kT5zyh6hQ5zSLThJQtlH5gTlNvGSnSf2U9emdm9sk2pVfFi14LwfHY+J66NXnsb/ivRmhDixE5522bo7APh0Qng+u5MNNyYeqL4UvthKVeE1/25lz2MvWtXj6x3lNCL7q1AKHvZH12rz8n20NcUPAjHVZZvuEshZkmELMUNEONwXB5INSO3vn157p38J3YVmbemyrhDDd/gp9u82ZijRZscy9PnfOh0S+91VZS3k1CVjUB8Xq8hv5EaixevGRqxRTvp4AcLQ8qwijfrHJ6XIWmpkxtGjJAtPtSYwTFaCcKE1tHMa0irqRYljnl+QLxKajVpug4DX2RXv3U+EwKCa+cZnelXqPfxKFtA11aKj7y3VEg59Xg7YLBNPyPMRVVRnAoHqUOqc2D3zNsSfxgqZM0AUx+V2BMWwDx1FX491/mMVuJ1BaRfus8SidpNxgYMIA+RklhTZr61wTicXFkH2MrxB2OLbP/GlY1Biv7HYHKFZ5pe1IBtLmotJG3Grdk600piPz+Py0nRsh6nlGKHtLO18uz+xcErieXWOpWMPTZIN1A3NJtNsm+HJRD5ojsDA1bwfFLOjBhBzfOrKsq2w6STuYfqDPRwNDmfHU3sm+Mbpqq9eIna7pX/dIR0NFgIZt8sTcvdxUFPd+sM51GmxRKFfN2gbvDhwXzepXSSUkk/OuOsIr2cRLj8ZCwiAYfIOmHqE2KklTwRXxx8pekoCJMpHjwnCwMla7ZIlYBeWOXE80zphvGB3zAS bVjPcdNR UQVSzsRGWSvFgQLV3lym7ngWMderwSigNyfdj9/WufKjnLZHAndc4RUAJhxLxmEWpVDDWuCBMHl19pXF190EpvUZWM6aOzT41K0DSl2jKQp1fqtIF+o/uXgbifxtd4Xh55lBWQvHMViUrk/STiUezVpQWt/hgUeUmISODryEiDFGNgHGo6L8aLnBhMRT0hwsJKVhPhk/la09TnfM+i+2SKINwFN1/W52XI+C9Rf4KemyaQ/nqqUkNdu3DtM3AxE4o5m5UoHhFqbI8CoYFUfQOpXzdWm0Sgjksb1sDMcXhiV8wwY0/aqLBeol54gFmbQbMLYbVvnzMpoFqLcPGgpM7sevhavQFARi87XhaXJx5nV+5PZL3MnDzIrZUKV1HmfsviuZYaxypkOfLWeQqNxEepRSBmUwt7lpqlaUF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Wed Aug 28 23:27:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782192 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD4F9C71150 for ; Wed, 28 Aug 2024 23:32:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 592E46B009C; Wed, 28 Aug 2024 19:32:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5404D6B00C9; Wed, 28 Aug 2024 19:32:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3BB236B00CA; Wed, 28 Aug 2024 19:32:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1C3CB6B009C for ; Wed, 28 Aug 2024 19:32:16 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id CCBD740258 for ; Wed, 28 Aug 2024 23:32:15 +0000 (UTC) X-FDA: 82503255030.16.748336F Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf13.hostedemail.com (Postfix) with ESMTP id 2122C2001D for ; Wed, 28 Aug 2024 23:32:13 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KySzo6fE; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887835; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5eBWEluxA75mkTzkT1Wn6Xubbm059W8B8emCrmFOIYI=; b=eZoGZzu7DZoZvtUkHorVdTJb05g38M1204cIHgjvo7jHoHdirQH2FqJ0qG/GxccgwQITDz r+PjMM3jB8pjO0i1hf16DpCmVlZW/M0j+h3+bJLcok8Ev+CB4tzb5MH9EEypodjo/Ffs0F /qewoj6iwufa9Uz3VbHyccwtlsCADcA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887835; a=rsa-sha256; cv=none; b=rcN85KuuR372ghidd8ij1h3GYQ0Qe7LxmKaZQoMC1FuL7PbxU75YCgH0jRLomR0w7FcIAP LDQ2a8+Z9n1C6Gk2+47GKHMaAyKcm56sFlmKDqVmRszb7MCtH2nPtFLu4JbLo9axUVNa9l +uFx1LyHLKMMbRaHMg7ycll0bdDXDxk= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KySzo6fE; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 7A9FDA43764; Wed, 28 Aug 2024 23:32:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62000C4CEC4; Wed, 28 Aug 2024 23:32:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887933; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KySzo6fEyGp6BdY8PWhoAsZQF6vqUh7VSLnZwGJ1fwxLBxYSUE6Tisu/B7E3xs7+M ZFbDZ7V9wkzu7u5edVGxo7UjM8KMNdINV1mdfgmzwdJGXm5Z2m8QQDX5sZjvuH0HLk mNu+vjgjcZ9akS7fRBq+XNJAfx/0CT3udWjGSxizDFivqgELQ3HB6IXUdO2RWtA0Y4 QKxn6wQvzIpyJcOOOlBqnekMqXNj7YR+UPNHq4Ojrq6zVczenjxVSV01XK1KCmvr4c DHR0YMZyJkKx9AAw6bJoY+nG1YSyNBRfHPHv7N6zg7HwBB9KytgyBIfLeDxtlQmTCy CTOmxZ5qDjG1g== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:46 +0100 Subject: [PATCH v12 30/39] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-30-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=broonie@kernel.org; h=from:subject:message-id; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KPFYLLdbvYJ36/sPVXE+bszL/qVS5cGfNf4rAP mM7MTASJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+yjwAKCRAk1otyXVSH0EbnB/ 4y0ip7sjbKvII3BGHj7WUTHeK1dYYsWhBq1j/1glr+DDWAso8t4RQzQrL1a/FPa8+grtUzHdfutX0e Fcui/LFoq17mWEoKRQgiCFYct9B3GRsBGnfQcN0UL8wTGsVEMnrufFzFh1HxFILItClusMV++GFZ7N QK7+IcAuriLa4+yVD+9+Aq0G00uUw1wA8KJPhNQfyIwi3S2EOfJIWZeniJwrmodcD83Q1ejYay9W/V OS+5GTWgUQnDIwxOQ5K6ABQwG0I8gmH8WLsS24uJ2Nk8jTz5/A3hDpUFhROo46g2hvNgunHICPFmum JFGtZAUdyJTkDlppOJpTHrjbRNWXUC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 2122C2001D X-Stat-Signature: t6hbsrfeoihcq8smwetfiimus6ssan8g X-Rspam-User: X-HE-Tag: 1724887933-514672 X-HE-Meta: U2FsdGVkX188eBD7eonZGoInHQyMfcjD6qnXb689ZAbuoyQ4dW6pDnwbBf7/KypmWBL/jWOjpFqt04RwPGPsyZ6ZtoDECWylxfWRtXXC/0n6JQaup99XUsejL2zTIWTHL2j2TvLstwTg0ah4TYqqATZmNwqQQFAfZgUmx6ogAP+YptRCQBmr47xoejZuTdiaEPhiYSHR910GBgYiE1LfG85e3g/jIBIO+sV834tc2ddyEEvhFuHZkXlEJSgAgHmglMKciGA7bXZ9IDV25ftNNbTvPnjBFIbvPdt4JuKYAtaIeqplkH3mbv9BXkCbCgrj3DN8jcOKjiL+OClu1QxYMV7sgb+TpVujh83pDzp48pxMg8UANDVuzymwyQKspRgD7qRQuCjdSLuq7V4e66KxsUkETEUn67UmjPfJnsvj8Ts4xeewnn3ejMitejxDW4DMdGaFZKYABW44D7tM56Pximk6mbgBxqNGFHTEyd03bd6oKB8QkHLGlm1QayZkmRI8DIzAQYbdPzSlVMExMacVuIUbFghnB/r/KV8yu8HD7F6N0XCshZbBEoAVtZrWp5cjPkJnU/8XOJeXodN73TpdFTx+n9eX1teHT0MPVtY56bwvMhbU79O+IIankyShQonZH1Ah2WLOELhkfDA9SM3IpNZk1LYcWBCJ9KpjDbSsXZTpBVOx4/gZixXx9epfK3W92nWWzrocjY4EMzEFwEk1+RmukFC8RiOWn2Nzj2Kti7m3wPBD/gNV3zPsOXbdMx68SfbtemAR/1sCrATpoIjmjBo6kjdzQpvvQn9jcc8Kp0LcBnmkS9/YYKIHyr6eGNWjUnFbTuhIVNZ9CdHu3b3ZLsAp7ZiqGqM8VX2FJXqQ7U0AmkrOgxTNba7xMzVZHMOcuWffZIpvTfcy/Uu9ie54KcXfOlqO7yOAu1/vbcAuXGGwS2suVqulz5cBfu5nHhNZECd59Dpa98St0tEQ0fw 3lUPm/3q VlCAwrXUP5gRIWmaryoT/nV9Vw3dts52PNKzBhlUVaHpqVZj1H6ZstgJhZBeVdPVeYOXZAMG1iA+J9vxccTdnp0M7e18lp2FS16Fmr6sCo+Jw9HFAUUXRL49pRpripT/wNkhr13yDf+mXO4nv+rYr27+GR+R2hrxgHgh7bTsiTYURxGC6CusAbQ0enJPNaWySPi3h239mMQ20C58nFtFZgtV82Os62xMbN7ixYVFPmQNroIVDuk0oAFTQVU2hGeF/OzURZUvn47ZJW44oUTMw5x2hLLCpDR0khdwQsSZZzOiiiuFzP5j7isn0K48uVNjkAym4QnmYxbtMpobxrao5lrJfArwHhPg+zisWtaPBZb6fASIqLuvyZcV/6msX2N0AcY756peqnnRTXvHV0SrXdCb+viAw6QJyI2tD X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 674b88cc8c39..49d036e97996 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -217,6 +217,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) *err = "Bad size for fpmr_context"; new_flags |= FPMR_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index 7727126347e0..dc3cf777dafe 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -20,6 +20,7 @@ #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) #define FPMR_CTX (1 << 5) +#define GCS_CTX (1 << 6) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Wed Aug 28 23:27:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782193 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF81CC71150 for ; Wed, 28 Aug 2024 23:32:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5B8706B00CB; Wed, 28 Aug 2024 19:32:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5672E6B00CC; Wed, 28 Aug 2024 19:32:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E0FE6B00CD; Wed, 28 Aug 2024 19:32:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1D5896B00CB for ; Wed, 28 Aug 2024 19:32:23 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id D276D8021C for ; Wed, 28 Aug 2024 23:32:22 +0000 (UTC) X-FDA: 82503255324.12.358170D Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf04.hostedemail.com (Postfix) with ESMTP id 2658A40014 for ; Wed, 28 Aug 2024 23:32:20 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mYJe13cC; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887823; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WWCcnUoJjrrALxAjBZhPpvknZTOgZ9IOR5Q3O7LGZXc=; b=w7Io8o3F/J5efnol+1Bfopo09/FSMxAIj11PlDC6nIT/fsCCTYIQLp+UpexxyxPxn82KCe KeLexdp7eg4hGYINIskJ0vWlys5iREMX8k509jQ1z7ixsRMhsBww2OifeJMT8SKZuqoPXf 2f6ESa1ihS2esGxcdSA4D1fMrEk6WI8= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mYJe13cC; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887823; a=rsa-sha256; cv=none; b=eGe+Ycjfbf47KfHObj0nV9jWeh9JONni+ERo6Gr+RfkW3jmKqPbQ3CmLRKV1sAh6B84Nxa 4IuUZvmOx2WubzyIr1gsrw7i/iMOUk9+8UuS5oJrD0/HWqvgAUzGXvfVs+UVSuLmmdwfys IS+JkufPT/t3GfA3E4wy1WB8SHzmp00= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 9AE0BA4376E; Wed, 28 Aug 2024 23:32:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85AF0C4CEC5; Wed, 28 Aug 2024 23:32:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887940; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mYJe13cCUAHARL1CWqT1BgfDlcv7adYh9FxliVzqNDnkENqaEdRFg4gf+QU876eN1 hTLNncMv7W8Blec6WcUB7/lhi2h0t7oOjnOymS0lB/SZ5DYbrZyIP3o9RQkwJi76CW nOUNkKcd9i/UVkj5GQDpicO42UUBmWRl14SRpEvuUez7693SZSrlXx820LTYxLhA3N RvMZOCAoOlJ3MofkWapQM5llTBnqGhM7e8lHUhjg9AdgZo376ndy04e7pva4QNGVcU CyhcXVg1/vjBp2PMrSmhwxQkHVFv+XIelOryNNaNGtnv6UbSLUhBxVRbvqLpRIPw5M BC5jNKj3ovaxg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:47 +0100 Subject: [PATCH v12 31/39] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-31-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2693; i=broonie@kernel.org; h=from:subject:message-id; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KQCFbH8GgemeGlaxEGmkFQPOyVAW5zlSKGCkPe TC/SSHmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ykAAKCRAk1otyXVSH0FYSB/ 9i6Gf1wBh2Mvivv3bYMVyB8zLutwqFWzWS40EKXV9jJHHzGP8C7wWEliOWcRmaoiT0REmwwUKXEyTW hiyNKOSzrKj3G4ba1GPS+2v63FX+qk+BxwwErnk9pKTQhcVqMDV0kdbzYPvH1u34hcXi3mPmAGPMbn 6ggZ3Is18d/MeihAfiUMf7JR4/DgLw3ofFxDzIhZ8GjKA4DWZ2vf8OeZ8MpnAjweir2shXMLmdNHGN Tz9NVOM4VQd/FoJirFf2s1reQYDUPQHxixh+jpz6YZ5JgaFcHl8VSG8ZOcpyfW/kjLJlGclny+Tgrd pEF9KRG4QWSf7NfmUESIWRK3Nb1731 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 2658A40014 X-Stat-Signature: pdniuyif4h6sqhidj6i1pr3kbz88akrh X-Rspam-User: X-HE-Tag: 1724887940-516962 X-HE-Meta: U2FsdGVkX1/T8tGvuuel/70UOPGTtA9cDlZH5clAIjVuo2Upolya+kHx2o9x8m3wHx7NNazy1Ofx5j0hkoNTRFQ/7PgTF/Zz/dBzclS1F6LsVw57yyVf2PbJDjFmV3GxGPy4LuNNU7ENvD+oZgM7FPODAYaBXNOYICC3SMosXcpc8Fn9hKR/1Y+M4iY5jd5GyD/smuPJdsT9U+OmSy4fBJE3FuCVtL0Z6iSt6XXGqaigddg4SUFEtjZatTS4VJa+TpBEA6tpZ7FEVDJbI7iE2t1yEOz5iMRZ7QTCrDM0F6DKeJZNddnf4e+3/IeSN2n6JAK97X2xX1C4YnaS2FovS7pio73KQnp+xI6nc9X/hb9AXze6bl/NJJATZU10GSPovwOXtQQS5+buS7mfFN8cue5G1epiWHv67nGB6oik5653g5BYdIPtuBh9CtoEglYxDwHO8exy6TsCGF6Av8PPm4zvZop3pLUZE5eOVyKGcrdxYqzzZ9drsL7H3Jh3XOhIgN/cW575U3j68Dvt/R0mJ0LG5Rh8unkdx37EbxNTEucGtVFZ1VcckVn4UdZxjsKxY/mBv0vfXmb0YTngGZRnilGPB9ljc4hLIX1vYN8OCi0VYd6LZs/M4bhBI69p96Wpj6YPabRcO4ng/lbybg+Bc7sUZJfRTr2AqJIlLaH9DOLqzoAhzQl0vB6gwYuk4P8q8K1L3XSqd2vgVMR+l4/46KzQmGXe+dnRpy1EsOhq+PNFpQ3K5SBMkevqvc9FRDvXOFeRvAtxoraj7oyPHxZ6mERgYv6HuQi3wW3fQczNA7Pj/+HqBg25TU5DOwt6lhkBpoklLtwcexakxpGGlcv9DXoBhPLsrjQhZvK7bo5CmLTWUUp38iDaR/oTfSAgMzOF2eKSpS5zA1k5lVSEf3SZGTCPB/GwY7HQUN6nD1G6tqstYCymhZdSz8ZhXD8WoDMnRMw0OEtJacsnVgQ43E1 DmpxDFMH mbsfKscTHeC5Ub2SZafAWF4FBZF9431H7y3zM4aRLAh+tBG2S/kCbyggJsGb2XVBD7LQ8uG8h/mvXw1vBCJBVXDbcNbnYn8PO0ULCBrMOd/ia4zQcjJoteTPmqmidicFf8DB9zm0iCkbh4CNXmF6qa16Ssi5wD5lLghGUxcSTuVmpGU+bGBAXsByG85dDsMQxuuBaTmEb61d/zWyfiXG26DePd1fpb7F3AhRl+K6pj69V7fk2NxdDysw3HXpSVUll16QnC7dIRlqoBRfkpoSbZ+r6cmlypdhuMeyMe1D9y+RRj6DY+iNVkdNmIwTOruot9hs0sAZpVVHRpVxksSQ9lMkR1HRHpZs24Q0PmMhH/dgROhzfTRtZmi1UmaiVhJiy4xYnVsqQ1C+TcZd8AjV2jMgTz+PM0QN/USW5+Q77P3UPefjvt0tKZaupXCiIc6yWzZfGhBJB/uHMTWo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Wed Aug 28 23:27:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782194 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62963C71150 for ; Wed, 28 Aug 2024 23:32:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E427B6B00CC; Wed, 28 Aug 2024 19:32:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DF2346B00CE; Wed, 28 Aug 2024 19:32:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C6E0D6B00CF; Wed, 28 Aug 2024 19:32:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A69EB6B00CC for ; Wed, 28 Aug 2024 19:32:33 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5BCD91401FC for ; Wed, 28 Aug 2024 23:32:33 +0000 (UTC) X-FDA: 82503255786.28.651AC1A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf02.hostedemail.com (Postfix) with ESMTP id 0C1F980006 for ; Wed, 28 Aug 2024 23:32:30 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Yo+G3Y1d; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887853; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hj3WhFaOCpjNcMMrW6j26CW97t/N+Ei51YtOEHgyON4=; b=pOdtvZdr8NX/IXLlaXxxXvy+bi1uM3MfrWfXi3Dib6tE6THxfWjTYYkuW++bN/sCirYtmu vClkZb1SSiCGdsmMydQ6AWgIxG0V8gkjBdiviImuGZGFECf/02qf8ah+Nu8EM36nnNO0sk 07/3+AKkzcEKBZydq4i62zxban1HKnA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887853; a=rsa-sha256; cv=none; b=NzhS4FUmctPFUJtkBBsTW2khhmVrUxsCOPTSgxWYBkFSLt0nGOaQrYCzjZ5r3O/w3dpSVO HDtfOtYNgyQPr2cmNqjhp1EdbXrFq+W0YQW0joXXSnyAaunRrXHN+0VDFuN3i0DeJCrYmI 1pbH7QqxlLQ6qaDyRIs49aH1yZ90ybg= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Yo+G3Y1d; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 4E860CE198A; Wed, 28 Aug 2024 23:32:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AA4EAC4CEC4; Wed, 28 Aug 2024 23:32:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887947; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Yo+G3Y1dv7GnDX5sTlqu0aSf+rtD4iD5Omwol0K/btoCawqfOwzBtlu/HePFln7W6 pj6wzdFJOnt4abXEezeLTU4ZKXpXANOYv9ZN8ZHQjmCY0wMFEyERMFvgug9TH+Ercm R8X9NBSg7WUi+Uom8Ll2COgb/TOsYjN6X6+eFIYwN9j2KR88pf+DxOUX9FIQByJBl4 J8WVj1AJoqZWzprXHY+zH0PMi172fhNqSRIqYYBs5pIv2l8xLT/GrXQkEeceYPQ3ss g4oB5A3tvV7hBEWpQheTYU/lbUEJaaXVwRAs1Kk2/uKKNHzDqqXRefnUYkCKe8kNQ1 ZUphfckErBZmg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:48 +0100 Subject: [PATCH v12 32/39] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-32-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3656; i=broonie@kernel.org; h=from:subject:message-id; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KRKBtlJjI7Gzj4Vuot/p0NBuCI/yCs//ZD3kBC 7c8tviaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ykQAKCRAk1otyXVSH0P9zB/ 9nEW1mD6eVDzW51m2iIGMw4cv6+muKA/GhCv+TWLcwMt6FV9Iv6c/edDtVUfoyc2faQhNydiZk/K3X fDNMrAoRVooJ1ArIhS51lDpTUtr9Dk7IitOwDJUl+tEX663nYtvucH3Rc3+IvfYo/s9PEZR7V8SlAQ 5iDiW+7JHGh57hlils5zRUmPnhpI9Z2kJ4ee7T1EJ0a4WBIHecsjo75r9GJbwgPIlIMujN91W2EfT/ 5QnLyYRM+cgh/ypnViV6wSegKwH8GYyMt4aYkP8JjQnaWs+VMsUZ7KwpEQPz38wfl6xD09pLrvzgDa GkryFgfNGXppQ912UYnRMOdJBaQJB2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0C1F980006 X-Stat-Signature: wiqfsdf8wid6r8w98qc3u6r54zmwr83c X-Rspam-User: X-HE-Tag: 1724887950-995250 X-HE-Meta: U2FsdGVkX18W2hA9Lu8/sIqTGrF5nxb5ITmHLNopU00qCAFp8s4yjC1mqfF6YpvFRn+AlOzUwZ8QYISf329+2fd/rhj9S9pGObMiWER4Eh5bzTzxnj1Y7bxNeM6VHChfUViY2RaLuNrQsn2SnFWhJcmuw8iePqWWsSIHruSsAE/2i93hBuJshAeYH/U2FKLMqIAKjujxAhXj2mDTz+nc7XTMmXSNlO+TmW/qTaN7FQvW45Y9hTaaYnLiSwreYtm2poE1ThgSiIwOWI4RsIQNCfJWAOra4d2EMUlO2EOLXj0DgOydLj1R1uZ6+6dXDgq3Tz1wbRcSxqS/MMNAg4fMCP8cl1XDdew7aiwNBpzs8Wxu/QiDX8mjkHl+WKyRSQHNQ8PMuKZY+Zl+2EMBzy1+ufJyUo53fy3mLcCvUtjZosPpWxILSVloOWkFyMVePZbWDEv6UR2aq6mgwdfJBdddLmNOx2wnHT9dYhyU+98JWBamJbREWhMgu1QSlAVwEsw0VYx2zSiqpE5WQrSDen5LFvQFeOLxVhLaB0NWquld62dRKQvUmhZOd212XN9DbPqwnTKSh6CZqshUWQrvHw3hregus/zzqD1zYqZdW/pCsuojoKMub679rPRe5vHRpYOegVUVlwoNH+4BQZ7NnRfXIhv4qtNNgmsU4T1to6vjX0MVL/F+qLAx9/KZ2ARvfMLcmvj6ttFCcKzpJkZsXtm7bgTWBdEoRU87E9i3teaMnilo01ljOxM9gCZ/2M067722eLX4twogbr2Rhr/OMeY+un7UO1tDzY3YUYKIpNBwbTjoEKOA8ytuR4DPfdI0iyXpLZGQL35x3g2uDJIgfEgc1eJFD8EeIvtBQ96g2goJvZJyQQ6MXvz0dWUgFEPheiLMNe2/2B4q2nAPUyVwCvkOcjqPKlOP1Fm9Iaq8xfKQE+x1iaHkPnZKeAAYHYTZMyX1zX0XfC8uL+faCcrvnFP jILzPdlA DoI64Ur4TwEwNKsQ3oi33+zBSqsq4mJ0FbRGyAl7AOLZiHLRvIZXyYQ0vLUVgvxWs5BzNsY6EvC/uVYNAJ1g8+YlpcfiDfROBkglGOkf7ef462HHnRLueTRdt29dnsgkr1QajPtX3P6Qx2EcR/Lylqc1HvD7ZEC9eE6RMmFIgPDfX9xNB5dUsso66PYald6Bj7iXuHlVWS0J+nsTZrKu5qWs5V99Pu3M+qf1kc9BXujZw+zvzS9iIyo2xPDdPU9j71DN3WJJkBukphwI8LQF1iRfO12SgNVcKHvqeywMmcGyMCN03xbafdaFYwDIhEEb6vHMaNcBPHxzK1e+/TiTQJ5Jdoh24BDxYTUynDXECq9TXfATXPqxDoW7eOEmmgKYi7MQfehDBONoNijdfMx9nJGGw84SiHhh1nir8 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Wed Aug 28 23:27:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782195 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9850DC7114C for ; Wed, 28 Aug 2024 23:32:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2866D6B00CE; Wed, 28 Aug 2024 19:32:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2343C6B00D0; Wed, 28 Aug 2024 19:32:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05F336B00D1; Wed, 28 Aug 2024 19:32:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D0F6D6B00CE for ; Wed, 28 Aug 2024 19:32:37 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 8BC7E12014D for ; Wed, 28 Aug 2024 23:32:37 +0000 (UTC) X-FDA: 82503255954.07.336EC07 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf08.hostedemail.com (Postfix) with ESMTP id D0A92160005 for ; Wed, 28 Aug 2024 23:32:35 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cxSf4O94; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887886; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3Jha9xXlI6eXPmoCvZEt3tepTTT+aH8aO/t6Ev+AFq8=; b=oNQAVGX+drTlCRZjhA05UST6chKMQcJfcBtzjpkmRtuJj2j45HYKa8EMZZInr2wjRuzVGu QeoleXzCXNNtB8P2VbdUdDdi1gfhl36dginziEEwInHyp29U26lnbiXajLs/d2/qyi7Z1Z WwXcBTuBKaTvjk0CxJu1CzVSMghjI0A= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cxSf4O94; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887886; a=rsa-sha256; cv=none; b=oTfLHLO50EBD/Y5dPDEsUEZlA42U7kuvVH/Cbnq6hH1R+KfctesemsTBJarbf3Q3f11cQr OYTxNGpjPlhFBfU5wzLgvbfJu1Lhx1EFkCujGCWHFF9EZKvrsUWO6VXknd7nWj3PomNrMV gWoNdrrc1ZvIVorO6awnxiP8PBXt5a0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 1B25CA4375E; Wed, 28 Aug 2024 23:32:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DACF8C4CEC5; Wed, 28 Aug 2024 23:32:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887954; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cxSf4O94F1eH3o/2BnllG/0BPkvXEBEzBt7jjuH7L2L8hvA/lkh8pdrKfs6ApEiNN hPgG04r2OiVRavIXpzLvHKnytZaR7XdJFgoYsl5y8tmftywDdmOkPbe7kOK7QhiHG0 nYPQIl1WLu7DSHjHhbt44C3MuAlBoDrepQdbVDwwqfrY7GTGOYZy8mGTbaQOJ2xBO5 AlifmyHKv0kGvch8x1TaioUHN/WmZt1oRVPllfpP9up9dqC3oug+soQG1joNMvHkWI gXUYUgAbOihnj18jlfO/PMlJOh58umUthCjPk2hvD5I2LZknI8+S83T1GB5nJYkJY7 BJ5GVJ8SJQhFA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:49 +0100 Subject: [PATCH v12 33/39] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-33-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=13330; i=broonie@kernel.org; h=from:subject:message-id; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KSnveDL7rWzLUTjyjTw6w3NJZABx8+3KWwNuXU x806AmuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ykgAKCRAk1otyXVSH0G9lB/ 43dlUtWzXE7zOpFzqec0tAZskNDJIasj2E5MpOu23eQ0v+FRQhxfQAWZuVALDZdawZSuMnetloqfcG U9MteH2/gbshZiOUiQsUFd+yNm+QZ07RjeDO+7+2rJLymEHyOnWaijRnzPLXzSsHOCpIj54vjuORfa bseDGsx0SziyE0O+Avk+f/5r9P98jDkNbx4DdkpOSMlWbFQVx6OTeC5ANMuB4DDLx4jf1Gelrdh8kc 0KhZNMS28c4ypgqEBNfiGg6j3CWlVm7ZaUbykiEpICKOIg+TL/jdK5Ci6bOwYyZ/9d/7R6znXC0jc5 GpTvE2A9xo5I170ScbE3PmlHLIAB0k X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: a7n7nyzz59f5wbzhwhxftiqbrs5saoie X-Rspam-User: X-Rspamd-Queue-Id: D0A92160005 X-Rspamd-Server: rspam02 X-HE-Tag: 1724887955-836725 X-HE-Meta: U2FsdGVkX184O5/E6wtqtLf7pnkJN2NkwYvnOvm7wWB6OylpmyYQ3VsVuNXZM70mhilpUuTCvtE1Bn5W5QnC1C3Zljm5pqITNqvhWNW5aRKUIQPMvruuigJns6fkSmf7reQTjX+1S3T/PvQCdRK5DPu2wU9OfbkXaM42/KUNbxnJCFhMQbjc2fH6qmQFpqNQlUQkT3jbuCoqsjW4mkqZM+ccw4fBYZTFVBem7dEBfhEb4Ke0ieJXzUbBLij3vKFS3zrZX7U1EO5oWvCrodn4tF+vDXgHdYN2S9N5MWnxBmNWpQD83q201bY0UftCSV3P6OznVU5wk4fc2KpQiGZ1abosm/za5L+rFoL9e+ctEcwRJHVsedEdewl62TZhbQ1TZidwrP6h9cXdvrP4lHogUb/sCwPvMIqXTr5VGVogHJGQ4VVNO/ZDe3Ur8aeuupew4Bx9OuWkjFiVINApISqDDP+rBvdFxjOwrWY235+lhfUj49Ac9ujLcEwqrjTDm8CMADSbQNSO3kAKgMvju004UXMJIVbrP8a32iMRD9U/1j6j4J8qEJHGRtkK7QBT7UvWUnEdIBKwBDVxLJ92j9rNdtLmZyXqGFZolcycT7hlJ26XdXA19dRy6BVJdYC3Soq/MgkX/NXc9AdgF576l4OO4qO5UHvODzdUiqIYvR3B0jIRJ8IDdzKsVarjvut4JXcfrV0MWNcjToF1uKEKAjbBrryNi+K5CK2cH5VaYHrWFZ4pQH5slHvEERj4woKLW86Vx4T+t31WKH27eDc4xqwsmQGX0T6dNU56hSR19KpSy3agF+gsfHxzYOodnbV74wolcdyFCxZqWKFdQVLqqHi4HzJWm7WM2GoWeeRftTqtK49jIQV/Sfq8GfUoeJMIjb88RBuof3YY0jDN1OxFQyx3qt1Hl9wblfiG7lop+h93YmmXUH2Q0eXuE/yaJ5WDva/TcToj8RFXBdayEtXKpDx P7JONqnn AHzc5G71zvAcgkX44MW4OiytpKMwnsDTxrVvfVzBZWuID9wYUYvheVynhIEeG+gMBLw2ecXHlYYk52zfZ28sgrBbVz8gPDUTnK3XkC0X5kSIgKMXEO62omx2LJGyNgd/81ASdHKRjId8J86dPOcB9j9z5RUG2Sp3rlhrdcxdG/vvBnf9Cr09ULXb4NPGm/u5OdtcQCT9GkHM51Aaepfxhyu9kvCRuyROcMx9TY0ySB3wxyvv2+Ex6/Zxd8ptEyLInNR/s5GcAqiyWzK1jLS5AlQdMabtKDzj1mwst8HXf/4kJdmHIEA0DRLxQ2VZLjeqBexYuzLoT/+sfvYcINF8lIYNdJZSopJTNoDVPnzYy/PSRe87KoHxETD7TtMYBxPet5iT3RypDKz1KvHWtJGlUSoDFgDMPNTrn5tgY X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 357 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 467 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..3fb9742342a3 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %lx not %lx\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %lu byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (void *)((uint64_t)buf + page_size)); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%llx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%llx not 0x%llx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%llx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%llx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %ld byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..1ae6864d3f86 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 74 +#define PR_SET_SHADOW_STACK_STATUS 75 +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Wed Aug 28 23:27:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782196 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 956FAC71150 for ; Wed, 28 Aug 2024 23:32:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 284226B00D0; Wed, 28 Aug 2024 19:32:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 233626B00D2; Wed, 28 Aug 2024 19:32:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0883D6B00D3; Wed, 28 Aug 2024 19:32:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D97416B00D0 for ; Wed, 28 Aug 2024 19:32:44 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 960D31C4CB5 for ; Wed, 28 Aug 2024 23:32:44 +0000 (UTC) X-FDA: 82503256248.12.2575043 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf02.hostedemail.com (Postfix) with ESMTP id DE4C980006 for ; Wed, 28 Aug 2024 23:32:42 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=K2NRVxCF; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887919; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UEFjQWymfL5Yan+pu30W1k7Ik0DwRmMFhSytFiVcHU8=; b=7IuPiTFURzwpUU3/N6acXcgimHkddKcvAeX6dTet7fP+CK3o6lPiidahN9j1pJBML8Msop i1tE0hisWsLYqfNf0ZGjAgk+ZxFl4kMUl9qpCIkjkaCQ4iUXdQQQS9e7NGYT9M9FA6BS9s m/DRtF4fBjQuT4kKLjANnDK//bVMbY8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=K2NRVxCF; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887919; a=rsa-sha256; cv=none; b=dY+cxRNH8l+eYZDzqhaSL8aEyl7x+j4SPj/LlPVa6snzVBAsdqRkvnmj7FHDuZDOBzk4FB BzFhHqEHn2aYzlVLjs8XKr8+33rgqW+KUkVMYG+eAkty5kE6UoGy7fEOUUhXpnU9tGrve2 HuzeDlYFqGbsYdWpb2H+qBoFS/UsAmw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 2DE4CA43764; Wed, 28 Aug 2024 23:32:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2B284C4CEC8; Wed, 28 Aug 2024 23:32:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887961; bh=/1aoc04K/3audGzDCE94EV+DlAIqMn6XW2k1Kbj3CDo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=K2NRVxCFW+ygHRgw1tdM61X673TEJvtEYvKfNNE6XL/SbceOFbbbce8T/Fq4x79tp +f499AOUIyD1D+Vse//21pQjhBBpeTab0ACDlWtqnitJB+ddZt10HNrE4dk+qy4m99 F2PG8jlzQEhcdckRlLUxKKA97v2uwswm6+0QnrcJ3LLwUKsbvu+VV/8Sd/4ueeIBJj 86fuiXdpZXr5ZoEADyXF6kVs95NMgnDadqJnB318ARTroQgocdFgabAx9Vxv/hWXmO TIlEQjk948boRlg26vkX/y1XXMrdzlpfSOm8Rqcr9WAmNmfNJdm4OIj9Zi+m59hmMG Rnys4dys8oUyQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:50 +0100 Subject: [PATCH v12 34/39] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-34-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=21135; i=broonie@kernel.org; h=from:subject:message-id; bh=/1aoc04K/3audGzDCE94EV+DlAIqMn6XW2k1Kbj3CDo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KT+4PwfkO5OZSgSSFtf3ZL6blzymd1Ya6nBlB1 0CkAFzeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ykwAKCRAk1otyXVSH0IsYB/ 44ldEWBi9rIepuxLHHwWwUsz8rLwvPTeHTHsg9tOnozehTgG/UHd9NRySKsSWEMYFIU0Tul3G8WYvT CxCrql/1YyWJbKfAOLSuCKVAE39BY4fzYX4Wiath4YeHTIac9vqeqHHDrNpEANS2mVxpeSbWvKWtgK sdv2FTLeaZmlSll1vXgvCrCv1MWs8N8tTdfnAxrIgcZRHaPU6Lbn9E5bYnuPl+dLC+/dxSru4Vx55v 4hsDc5nRxDt18SmuDiqahsygERy5tMHmqnJ00Xij0IHxw0nsrLuYUSS5jk9ACOvkLuqHy3DRGTXTNc 0cxgCKHUBydcnUyKIDFhTpYvEKtIWx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: DE4C980006 X-Stat-Signature: zyjzc4bumuwaz3yr194m8rq81mqw8zna X-HE-Tag: 1724887962-182246 X-HE-Meta: U2FsdGVkX1+GTABsw4SX869fF5XEyWKpRxZaPPXU6cVsA6ZmIrkLgCaKJ/+OiqrKGqbCtZfTM8Wczw2DZxsHmA2PJ+v8KgsZxu4d9fhPZhUsjKqIKnQuuw5xLFy7uYe0I65mH3sdwYeNz9LJxv8WsAUGcZCD7omfLi+QN2vgP2fFCrrq+QTfoSnNnMXKq6HxJmaKckuyFYNQMVRCYflPb85E3BnUIQxKGtaW+DsEFSkZ1rlD4eMmlk41vmQH5eR0KEQEufVfRRpNKLycLoqvBdPeYz5PERTkvn7tLvvEJc5mFI9gsk7nOLBcPEDz7Mb1hw1GTKsUxXH+hjWmPYnnekkk6f7QTaDHFOBT5lT29UfDV2hrCMxgBz/Ch3mb3fIvUpitp2LJ7oURXj/8CqxybusaPDM8hCyub0M56k00/F165A//9EIbmpibNCftREts5BSbpyyNqyeq5Pr1MkWAA6xZmX1M16hQXVmtcW4j4BQFNPsRLwvbNX5bwach6lhb0wbxSiZuBOELX862/YYU9kiRhMh5D+C5sO82yWUzaZiryZ4ctBkWQez9kuWOcCIQhVCyIskt4h2AXWkiwRXjS9XZk/HAQ3oYd2eyHo+8qHRxA/iMHFEhR7LPuQ9p/ONBtNRhFHATiKyKcT6jqDedQy4wsVsiyx7YQWril4+bwy8DE/WPCq7vrHDtNkjvlown1Mgd05f9AgVqNmgSC0WKZx5Stw95m4Q41w2dzie4M5yDE2/fzEt0VPfl7DwFHE3yzsMHk/v20+hZg9fSrumwkKz/6BMggxJjkVoeX8WIR3IncUHkalMgU0MAyKA7UfLlsba7eiVOFq5MzfDClClW5m0nKYlS6aUFmEyfOf0xdP4KaaVDhzxwQInd/37y4bwoEmfemZmzx/ungKKgKrjXZVT+ViKP+QgNUHDfqGxH6wuib8gwxiQJSklKYHN9kpmP7oflpHPjuMl11WrSnpI rw/sbW3M Y6gmy1ZSwY++fF3RNI0c2HGfy33mzv79iXc/k8TD5+07B6twX5nQbwD2KV3eGUxS4yStHXE7/dXwDtXiqa8CXqUZbtKlwW3QrcfVQUWmrcfke3JZUaoa/PcdrWbItcokhXHJucFNCLlRr38RIHgwQnl4N93mWPQVTbkkVivpg5UODzde2GWql6lxVFGPbuyICWsfAwDKzib1jMeWikyVWmgDTDqdmBGJzMSu+Jg7RvO/iKOb+2324+OnFiAnXjwAnNQjG3sts0kncWWcfWI58F0UBbyfwyqwX1y3FTKT6dejhqOGcA/febLLweGvwLDneXM/FvzO4Ulm/0vxF11eFBPXb1vXjblfGUyyOjbS8eGqqN1qtc7GMLASBI++RM7qKgf4GvfM0zaG2uLHziWCrCF8eLq76Y1B5XTTD X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 728 +++++++++++++++++++++++++++ 4 files changed, 742 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index 1ae6864d3f86..8ac37dc3c78e 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x40f + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 74 #define PR_SET_SHADOW_STACK_STATUS 75 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..5060fdc110f5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,728 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %lu\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME %s", + strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP) %s", + strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %llx, locked %llx\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, val); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + get_gcspr(), orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %zu levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %zu levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Wed Aug 28 23:27:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782197 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B130EC7114C for ; Wed, 28 Aug 2024 23:32:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3E22F8D0003; Wed, 28 Aug 2024 19:32:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 392848D0001; Wed, 28 Aug 2024 19:32:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1E5738D0003; Wed, 28 Aug 2024 19:32:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id F2FBE8D0001 for ; Wed, 28 Aug 2024 19:32:51 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B60681A08A5 for ; Wed, 28 Aug 2024 23:32:51 +0000 (UTC) X-FDA: 82503256542.27.948B72F Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf06.hostedemail.com (Postfix) with ESMTP id 04431180008 for ; Wed, 28 Aug 2024 23:32:49 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B8sQUJUd; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887852; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qeTei2+Rv9TmGzFj/jgAMv84+i3cbC0I/TqETm/VMk4=; b=Y7sSK+SSNszPa7DO+ldRkutZKwmhzzBUEr7Om0LCm/nnFGxXY++bK89Mq4aiqzRpfv/aZP LzavdMSquI95sMFjR+W7i7ojwx4hLtB6WBOVSbvUoK4h6cdRKr/GmAl74BsScmZPdZaakR qL85droxwXeonyE9Vit+Uvfl3Z3+yyY= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B8sQUJUd; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887852; a=rsa-sha256; cv=none; b=g24W1uLF5F9M2Wn4ojYDrI2Yxcupvju1SAHg2QfRzjJfaCKXlk2w5pxQmkYjS5Nqbcq3Xg gcoXTivUQ7c8HpYkVUGY27gOUsQUn36DkuYs8ACvXMND3ZaYr6yjY3YcSj6h6hvvqIDrRj JHX2KjCzTNucrmV3qMGC7dJlS7JxagE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 5CCBEA43770; Wed, 28 Aug 2024 23:32:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FB1AC4CECA; Wed, 28 Aug 2024 23:32:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887969; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B8sQUJUdJrIq3kDN7sUh3HHu0mhJ4Jd+UrRgHYpWc27Eed9Nh0hMsK9hSUY7W2vHy 1r/+Y1gJyV64pvptv1GSFq3NRHVO40J5KTaGFi6BODVolyQ3xt/bFoDyo3bBS2iEP5 zqldseG7AMiZSM0nqm5M73VBv91Zy5W9kAOphbTsAK85NmjicWVlNNdyqZiyGbpuSq RMMmnBBi6nbbWOxJ3Q7iumoHiKOxoQlk1CNAXtlDYT834bgE3i4Bos6WTLhIg5knkb kmbTkM36wW3DPbGuE1vb/rtaqTYYAuqTpcKDxDc7Y0knAul81SjC4O+ML7w7UeDhka EYW6WtESbPUKQ== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:51 +0100 Subject: [PATCH v12 35/39] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-35-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7382; i=broonie@kernel.org; h=from:subject:message-id; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KTTBzejW12XGn0R8A/TgK+9iUS5Ghlf3XF2oy1 1adAtFeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ykwAKCRAk1otyXVSH0JJsB/ 0eM7WVMsUO+EFuPZkhQZskgNdND4fyOirkCOfMx+RFthoSK5U58rOgDeQQOWc+Zf6zTSltu90zvySL t+c3PWaUjfuFq/K8K4iH0y+nLkkPWEykIuJI4Dq0zq0fV9IPwOrnm5b4bvsIk7/torxDwqE2rowOKz FSv1uHI8g127V3cNTZuORqXY+4IOZiKJwnqHhkN8K76Pogl9D1En4SfJwZlgPNOjHWasevIr0xVQBj H+KeqtPacUHlBUREYmsaOb5n6MN8UGUDRavtrSETeuaPjhvi7EjUD4fqg3zErL8hdsfj/OkF/rMDaH 7FUyA5Y9hSsggEtuli7QAylvK1ug2G X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 04431180008 X-Stat-Signature: zw1fb8fznxocuidpzctqop4whpyhcxoc X-Rspam-User: X-HE-Tag: 1724887969-515980 X-HE-Meta: U2FsdGVkX1/GgyRs95AT5HxV1CpDV0dTZR3DapxMRDly8UmQIVGDDmgyYlvRwcgzFg78rMrtiUmqX6qGgmRH1pkpWWlO7Jn2O3EF22pgwB3L1VdsLrpoT6/Z1y1c8JUoEDlL+GbGn9LAXNBxeIMtcStKXg3ugBc1k6O9ZLApiuFlM3JxWIGsdx7YAwQBmMGgbhsga4OgXWk6PI+OM8KjgRqxIXGhWspdyg1TAClyQQ+9jiY38FTp4WT77UGY0lUl7rQuQxYHG0GeHDKSHL3nxgyyZ1f7/HsYkofesEl3YY1bgr7QUf2WunPliS00EFR/m/YR8KnhvkqFyWxSrHP4Jp+gYcKViF9imNav2eCYL2zzIkgKAfvOE7FW39ZR++3+VB29SBaMQZxTCqDT2Bm5KJiX2f9kndqXtZ+JhDrR99/Ql81EzYwnUQarm0ugRAvMqWIH/CruIuumhM9k+w1JCo9LqWH+8wsOJXnoLd0TB6pOU1/rZ4kli6LbtRzDKlApbmt9K8U+2rBH0novTbHzI5ngotfNShHRduWSr8A/zGWWBK1eNuz4prUkJZaJ1JRdL8b/QXo4tsf08q9tQ97RARwpzeGmp7a4tFxy3feOTzRc9uu26EQhExPXrwX6gk5/VjzoDxNQI+JxWNHPW2cymJlxNbOh+8KIKoBWZiYIt2My+AZ928KEQua1Wsbhj5jsIluUQYsOTnkUrXLp2L1hfFpzSmdCbx6SSVbyi+aRCSGp84T1VrGSwaqYSdENEOQbWY9PwdbJT0oRdEYtYP4Hni+IdIRwplgGvmVQyIcfEtGOfpCkKcb07GmD8iAU5WPj2CQHwdtiiMsrlu3MVvAbyDzLSlxlnzi7/0E2S4HwJfx2T+adfGXiItIi2Cv+YiWWi0fszgYAUwF88TuPumBB2lpukVEoylocVMxGabVwq2QofWC5foM6xMg+kWHJu4ua6+ELo5RnA1kdfxCzi/S /HfkiWYw y0Cw4/o5ueimLHFtWANO8CkhgO8Ia+g5T0fKzoq2v08JKqStjGR56kjBTG5TA2FN9kdCj+s3TsLPNSMa1HNUKWWF0DnBIfnJjU+EVaR/vMQdHvsmRv7bXJGRUwd3ga2DpNJPFgyK3ZLH3xmBdjqcb22W3AazB9Le97kSGEtmo0KLyZ//h4r6LdcXKjCNXkfFKaDd0uAD+F7NJwTK1wzLrxm389nN1YQpDJPuj4sWv0rQQMC8K7ukxNm91uDJVzTzAwLByzJPyVpv4QJ8saXaJ6CTdJrphNduN75uGGRF1EI8RXjE28VgAW75g57zg58SIvW+9B0HruXBdbKmTYzmW1V8AudKX6+euGMidx5vS9ivY9pc5/Zr8gT34ShyRiu8r2Msz8uED8wfAhViodVmdhX5Kh6xcL7qEPNcj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Wed Aug 28 23:27:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782198 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FDD1C71150 for ; Wed, 28 Aug 2024 23:33:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D20C8D0005; Wed, 28 Aug 2024 19:33:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2818C8D0001; Wed, 28 Aug 2024 19:33:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1234A8D0005; Wed, 28 Aug 2024 19:33:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E3A6F8D0001 for ; Wed, 28 Aug 2024 19:33:02 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 96F8F1401FC for ; Wed, 28 Aug 2024 23:33:02 +0000 (UTC) X-FDA: 82503257004.07.CE9B493 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf19.hostedemail.com (Postfix) with ESMTP id 2FBBB1A0007 for ; Wed, 28 Aug 2024 23:32:59 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GYq5zp4A; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887960; a=rsa-sha256; cv=none; b=yVxbQq2zZctZ2817ADNvg5nQQGhc9vR14ox0gw/SH/0gFv6z04NqdvZe9bS/DDlxJ0CTA5 D/IFRkm6KeSiuts6oD3IpTBB4jO43lI26SFFW/uMCZgUcu7jFrshj/+5N1RLg+knMjixB9 SOTb7HwrZdUx0qsk3OnB7MY9w0LHHaU= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GYq5zp4A; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887960; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gBkkGTg9iwkURdLLuf+UpkR7ejhULQidz4/W46P4K/c=; b=N4OiJPxmnngcsnKYKjF9tGXtZiSUM3IqFS9KaL2Anaz2CuI00itxAfG052sWUebQDanE6O sast3eHwxwUhE1it/pXJxDfg9C7l9N5KWJIvJxLHSB0zVHm6X/H/1YKlsMqlbEF38o82F5 gCrK0Z5rar+wUz8zLYDq+yC1RYLoepc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 3256ECE19B1; Wed, 28 Aug 2024 23:32:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90B94C4CEC2; Wed, 28 Aug 2024 23:32:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887976; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=GYq5zp4ARBBLvku+zr8K7nbe/Z26xIL4sDSEhwukKAY9CTJisEXgSbKK9qBLT0b+D 5yiui6uSbaK5AHvg2S8S8B3xGbl0rZGIs2Ju8sdcXZDAcbpKh+Ln2e1PmWRAgBmbQv G3Bg7M9jOfQG9BNLoXUg0yQKbiALiyXyEkD2jTBnD99V+ssGnEjBXKdEFvMuLFR4sL HQp+oKNJM5nj8rjvhTwoTux/5xIx0DguBl/cLKqJXc4btbJb5jFlMDeUhof2oF6OAn rztAoW5g980dbDmhIFK7uh20dm2/NZWiCTuPVMnYuaN/UG4YKcVluWuiUUWXUNuCT+ amWfSguYKeKQw== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:52 +0100 Subject: [PATCH v12 36/39] kselftest/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-36-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7642; i=broonie@kernel.org; h=from:subject:message-id; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KUYRmJBlbmpbYBp+f0rQKzMsVNkGHf0qP8TZmx rUuSlE+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ylAAKCRAk1otyXVSH0D00B/ 9lTyOgYYb568ieqieccZ6uUcbs50rdTn223Cs8H8wBYmRBYQfQHvNNtNreyg62PKEyeNssCUPM3JpT GTZNx7MqyjWDVyA+hhIYC8T9QIcHoeEkbbHphBPBuoXp2ImT1K1shFmRNcRPYf459DaN/rbck+eEVS dmPDKysqMLB3iTXMgSvFJAGms9GrptztWEMAbXcj7TgnkX7dwgmApgrNBZDbDBDKnKwCTCLxPWq3zS rPpNPUUqnaJl/8wYdWJPIuXvrUHEf3rELMrVOi4Qy2Dag9nQf4NJk90BzlPkDJABb3mt+yuwVT3eX8 wUWn7RfTptyeD+Oq8h/NhmRHXQQ+PM X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 2FBBB1A0007 X-Rspamd-Server: rspam01 X-Stat-Signature: j364w771qj3jco8znt3cckoxn1w9of9i X-HE-Tag: 1724887979-111052 X-HE-Meta: U2FsdGVkX1/hoIfYqSMv0KdrKEL5YoXlcf8s7NoWSiIfyjQ1zdVAzkMRZCEc63pFON9X/1aXGOKET8y6Bho2g9hWBkSyv1PErutOpfGxgUzE2isGsBuZ+J9AWixmX3UzVaLZtnEcUJHzr1CmnGpXfD5CS3EMjSLw7GPMlWh+2BgIbpbc3aRsBcD3FHnNXwvv3KQzbFS3+duZs1wXIvjdgYAKcVRh9M46atLUYfP+BO228wWZDh58R3Hd3ELkwdQhKP98T9r2LShvnFLMcT1xM0N49jc17FHciPXyGq1PspwiI4crWYhUTZ+Wy/F4E3kaWd41ykjdKPQCR3wXraGOGO++K4+kND/SUaEIpDD1KU3XSRcYcQZpILe5K8JJQ3r3U5+hCnUZUP8kLkwu4fLgm1Li7XelP8pu6FusZ/z8oKz3TOJTp13kjlCt/+sdL+HYdpIhpQW6aXrC8HH+k7Q8u58mjSqa5JuZovs/MOYM/iFZgfH3IR0SrlFj+H07BxSYfxeQEF/hAlVSDxQApXIWrJBs2fTiJNBlc/TvjikxbKFwp72c97xY87GUV7y8+gYu/k7CLfYQfZY13YY3LawoJnqSffIEHkbbitHggIbP8vqKXYCLCN6VtoDGuHABUAKQt47/5brZ0KoxF2rIQVRG0co0smTzr/iaYKT4YFG9Uo9QYOW6DIWwdsXLDt8IMpseHXYjiaseu/LdavuOwOwGfOIJF0dtd0KmTMMf09DroyY4BitaIEakBI0n07vWzdRz3yEYPjO9/+zH7SgWGVY0+PW3rKcc8giX6QCOP13n4Lsix+5z/sVtlxdj+gMw4yb/92Qpx336HlGtSVGCegQBQKNV4oa0kfbn64e29yWns6vGaKIaOJSGnVMGn5aTvBj7bqhdx2pmHEK5+KDLnDjAZSgvXVtI9EswD/+XJG5a28hmMtKLBbeE3JyUTaIflgIiqJ2o94w4CX2oERqJMpc MtbWoRjt JI1aQdUW6y+NGzIoko3wWIRkSb+SCF1PQPbfj4wVxkIJGIyGUYbszwtWB6h7U+zgrwEKeF9TLh8sJ85z5sOaApOhZfeYhJ5pCxyMn57ATObYjZI/UHWhNiMVo2GyA8+tMH8/lhRKx9OpcMqr9/P9mpVchUo3Sd1rf4FIi9pSOyKZ+lOoN9UZEy/FMexouBKqimvyCpMQWDcLJVO0Bwaz4RHofcreRuPplNSP8fVERNSsTkprwm/Q4hH2QwKbMUaFnfd66h2wMwOp+4K87NmUeq0CXHW8csS0OWiN+f+IM/990ElEuoLqsF8hyHQCI9FCveBm85vlXJ8jQp8jSGZeb/6vs1y1dXYSkvWR6U8xkutdaUdkQdRwFPdRepFR0mYi+s2AmEDjVHmWRmZDkuH6FiroXgSIpG0AvSOoP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 62 +++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 88 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 ++++++++++++++++ 5 files changed, 228 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 1ce5b5eac386..75d691c13207 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -2,6 +2,7 @@ mangle_* fake_sigreturn_* fpmr_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..6228448b2ae7 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* + * We should get this from asm/siginfo.h but the testsuite is being + * clever with redefining siginfo_t. + */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..b405d82321da --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + uint64_t *u64_val; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + + /* Ensure that the signal restore token was consumed */ + u64_val = (uint64_t *)get_gcspr_el0() + 1; + if (*u64_val) { + fprintf(stderr, "GCS value at %p is %lx not 0\n", + u64_val, *u64_val); + return 1; + } + + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..faeabb18c4b2 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Wed Aug 28 23:27:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782199 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8748DC71150 for ; Wed, 28 Aug 2024 23:33:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0FF048D0006; Wed, 28 Aug 2024 19:33:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0864D8D0001; Wed, 28 Aug 2024 19:33:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DCD438D0006; Wed, 28 Aug 2024 19:33:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id B81F78D0001 for ; Wed, 28 Aug 2024 19:33:06 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 6FC08A0336 for ; Wed, 28 Aug 2024 23:33:06 +0000 (UTC) X-FDA: 82503257172.19.ABA93BE Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf30.hostedemail.com (Postfix) with ESMTP id B0CC780007 for ; Wed, 28 Aug 2024 23:33:04 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lTHbvqku; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887940; a=rsa-sha256; cv=none; b=5gBox8Op4GLhtKlqJXqsThVMhxWo73aBuAZab8UOaDP59lj5NcBALpZsZhKwJjhLftb+2V kGcI9t5j8eaTbMYH+lnBAnU+ISkpBHeB1FnujmP+i7oQlVZldtrGVMNx04K0nl7CYu01QU wL42UnxNLGH2UoVqFkzBlKDVq2uBm6Q= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lTHbvqku; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887940; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ATGQv1Fy8tCwEjrXqi4sVPw1g1DJeBETlNX6hQiCSiw=; b=XUJmJgV28U6DFsvFl20x/0X0j1CQv4syYN4RV3B+t0siOcmujYqCxkINKlCmVxPU2qs4Uv NxfvJ+iPcJUiA+IKVmTUfC4F6+ZyDP240RqujzrinGMYPCcLyFlEM1QV1V9DyQifAzZJlU v/5kkKGXXZgCw4iWMY0IG/dSmxMNjzw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id E8E29A43764; Wed, 28 Aug 2024 23:32:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD8C5C4CEC5; Wed, 28 Aug 2024 23:32:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887983; bh=jSXzBeczkE/zmgGrav1T+XnCBgKzY5Y6eHZrGHb1C0U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lTHbvqku6Vs45TVb23vFlMJymzHzWmb51k6h79X9goZu0s6NW8tOqZid8Xcn/vNpi Q4rUCJuGD41iFSSgoLGMNkKCwYWtAkavkt2upQl4J7hfYkd6iIxd7Wcz7tlLhO1Xec 4nlI8N+xpdtL3jDlgJq5hztFj6E+R2+yW9tVXrYdY62aufbD11CuQDrr7914Wja9XF YdMxE2vTOCnF50uoO9W2YY4x6PXcSdEoWAg/4A6d+eR6ElxeV+h9vhh85JYWXwf8Ai Y0R+KZQTYRi/SlQ1CdZwyCvujW56bcJClSQ/jdFI/1MsSLh93spXPnb8vJO+uyMBbU ArkqGYeHUsJBA== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:53 +0100 Subject: [PATCH v12 37/39] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-37-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=21194; i=broonie@kernel.org; h=from:subject:message-id; bh=jSXzBeczkE/zmgGrav1T+XnCBgKzY5Y6eHZrGHb1C0U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KVKZbtaQLZ2OS2xU4Fe6YnWBY+i5pLT5q1VmsF NHGcTy6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ylQAKCRAk1otyXVSH0JFlB/ 9fxwGqVR1J5GIjVRt8yllGTZlh57SUV6GF5L/m8caMtuGoa+8MNS4KlAiMHIiy4KoMWLgd2BUCvJrB SnakqiZOwopGz1yc7wc24BwBTbaojMKyTC2etZuXQWorri415/r+OZLAxx3cH2C0Re8qczgZ+BCoZF sZNTFRXkgzxB5GhqxzHlKvmASeYETPHdzRiroZ3JqG3fBs0FXPDT8CXc6ZIo8LlczK0h4Y34p/fb2S PHWRkRw4dFcM+3VvZP8iMCtklUQve2kyHzRV37j7tNO+Y8h4pMv5ijltTbAJufy4M3NbJsqZrRihs0 FASnP6ilk7rHcvmUJ4Ohx/HFz/6G4Y X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: nwcpikqh56pnpjhyz4ziqtn1j4mkh6cc X-Rspamd-Queue-Id: B0CC780007 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1724887984-460563 X-HE-Meta: U2FsdGVkX19dw81yS2S/bcQFJzUhvQLcdA2y2Z7+3XqGs0QRyvb5HpUy5ko/NTDftMlisv8JCYAGC3Id7+IxqU/4aaO29fX4AcRkCMTH9sNTT7kp/BfHGb1P1wBz/hLJU8gGqIfYE+A3tF6duFGnxj6PQ4343KJH386CoZWomHy6Diwn3p9zg0Hqr/tgtPB8KUc4LgE1+Z/VkKus0dAyriZnvACMWlKYfo7rga7A3bTJANAOlXdXu1ZyprW5BPtPuJq62sYCDKg4laIWWL0uSW+Ar7x3srAQKSEgkKLvg7astrmFFzgAY3dWe3OoH6f2hZzleeeSV+tN49iwcbaoD6hotDF0JNZoYe//C5ab/e8FNmMh2EShB5y0uOJ7lU35ipj90tEhc60DfNqiVjamESQhDeAO3G1bfzq5LEdKBva+979ZFEOh6193r5zirIr/nxV+aRlE/FEiqWZ6FcUx3vE1tnOPTffdNaDGZw+Vd1j/dywBJOdYp2I6mjoWQg+iRCg6nZL9xLf2AltBI6w/MCyD9dhOBn/3E+XPyWe6azRjd63WK3ENY9qzG3N7D8maPbkYs9EBVmomCP1m82xPiPqYImIg0aC4x4l48jkJTTCtwAKBi0yi2QIp551h5TkiZyq+N2/Wb4skRRWmw3Z6DlYz9UUrnL/H0Hds8EZLJutRo/uFO01gLH0P2QGOLOtjHEpstv0FajeK/BOOP6m8141n9TSGPMbL1g9uwbQ2x0g4lS+buQYilmP+28u6+frnD/bWPRdfajXEeX6ZyKzpLTZbwCxVDNU6j9t43deoqUZxQ+VD0oPAj0taW8j8SChmwoqZFtCp72wQrWYB8gkohxnKY99qh2X/Ajn32FK/XWnFwtFRZzTDUJSkfU0oGa+EhWlzfen987++o7a6dVc4fCqEwfNOdMHKFdcAWRRs1T1hC8JjaVRyaqUKYCFshrVAbu2JIHJExslQaOMTxu6 oHsp/Nko IKL5y3IXdlRTjappMg+Wxx5TNKu/azLs98MJjYhqZY+/XXRdv8EAYL39WjWK436NHWktGstffPhWhYzdiH0iTTQLdt9XPvvs/yni2K7sZwsW5QQVoJi2celgdEq5trujCXer+9ES58k4nhbcPz/B9g7SbAqbml/n2fmiBnlwnXCJKr8GCSOCQvYHHuLEe9ltJFFOOzU647DeFpQV47Xk3wSdjZlMuZafjRgnLndIvdLCtp+yJV56XOe5+cp//2gaQTDoYJ4QXiHPpWcI69rp+Yz+p2/Ex2xWjgFBy/XrPMg74hFvDTc2geVp7qp6qlp5XDpZ2BjS4JiJwZhDoyRehgg3QN8YZ+lmRdOV+PfOy0HBu0+jkRJ19zYN5vFrCuGyvWJusPYL3swTtFTk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 530 +++++++++++++++++++++ 5 files changed, 848 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..b88b25217da5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endm + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..a81417cd6f5c --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,530 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_finished(); +} From patchwork Wed Aug 28 23:27:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782200 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89A69C71150 for ; Wed, 28 Aug 2024 23:33:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 174358D0007; Wed, 28 Aug 2024 19:33:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0D4B28D0001; Wed, 28 Aug 2024 19:33:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DF4D28D0007; Wed, 28 Aug 2024 19:33:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id B5AA38D0001 for ; Wed, 28 Aug 2024 19:33:18 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 74D3D80215 for ; Wed, 28 Aug 2024 23:33:18 +0000 (UTC) X-FDA: 82503257676.01.9644630 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf16.hostedemail.com (Postfix) with ESMTP id E459E180009 for ; Wed, 28 Aug 2024 23:33:15 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ae63hpQc; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887976; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=x4bRDIg3FZYF4TjRB4Ac3+0Hb2IaTqNwKYJSKp4sACo=; b=JwUHvuoGWka7XjqCQz7EyFx+9lVyHBuciXUnwrhETWfyi7UmY5qWLALi1Jh3veY8oT+tZs 8LCoaVSkm5vHYv7vqUzXmrCpYZbfL8yAID0j7pE0R8zUjbce6s60vQyICmCkqe8iNlMSkz 2c0qR85VosrqtubCocDUFbn+ah6D/eM= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ae63hpQc; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887976; a=rsa-sha256; cv=none; b=YpCXr03i83lUyScLQYkaLoWHwWlPsfbXE/nOgI9FArIoSmv+U6Qm6L3O+h/w9cybFSu5bl vRYW/eS0b5MELvWLM593cvwxY17crSwQp8yr6Ou3BvG8rEE2e5ajtinmORBLrwbATISWgG 41BKkPTY0yOrcGu3AyyhzIj7nLCr40k= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 366DDCE198A; Wed, 28 Aug 2024 23:33:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02EF9C4CEC8; Wed, 28 Aug 2024 23:33:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724887992; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Ae63hpQcyPKZ+OyB2jCjf7Q3AnoM5TNRSI8R8RYzDv9BC7hP+nt1Q2SM1NKpAHqOI c5KrwNMgLPQv1anl0o/KtpOeyQsef3CuzOu7zdTdhUp7lugl2BT7E7dCzli6x7cujp JtM4I961TOcW0h32E5nGs3SR40TblIRzXj6Om3fwnG90aP0aSD1U/6bvJEDFMw3fr0 qdZjuRpcEAadGa1QiPHS7SaEYEeoOu8eyc+1FAw6z9w2KQkro5OUbQGb2NS1PJRpYa DE+9MhaHU8EeU42cz4Kv34RjFsAPkUZsAkrXA7zyJ3oRtQYCT+H+mJRllbFrcd0w3T O+YnuJQAVDQBg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:54 +0100 Subject: [PATCH v12 38/39] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-38-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3151; i=broonie@kernel.org; h=from:subject:message-id; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KWyGmLb/5LuHUW2EcxIQm9C/uO5snWMi3VUsMB 6zop08iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ylgAKCRAk1otyXVSH0A8fB/ 90Be8aaxkQLS9HasukOKepFvom/7UIx7M/ptMK2Zg+RPc2bfuLZarXTa2aeVuabD46J6eJ3drBNTZe UzB9H/Y9Hy3YYvuXNFbxru531W0pnyk7IrRxZcIR9nQFYMukgwApRPRHUzGkt2niM9+7zKoZD3lrwW FqmHWndmLgnmzOxQh8OJLfLLjZ6ZplaVJLfh+sVB5F5KJ62HidxsYJvu58cK+n+zWkSc/LKMHBMvtS dUMHZhi3Mdju6Y87YA8T/3rxBWrIuRrC5T5QkfYlfclL2RgPU78UVX6ZyVULtKBp8IcW3dGsi6wrYp qv/N0YcGoAy2dscZaaeXyy+t1pA3wz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: gj3a75u4awd7npwfqw33djf9n4itbn3a X-Rspamd-Queue-Id: E459E180009 X-Rspamd-Server: rspam11 X-HE-Tag: 1724887995-180388 X-HE-Meta: U2FsdGVkX1+b60qC5VAEM+IyYF0GvQma7wYQBd+OV0vrwknuKmT61gTzpazXWfhfjuyDs5T5Rn4c4EciqlQn1owFUV2cUkaAIBX5swRzAwzLgR8Sz8Dcal+EokxHKb60EvIfeBa9FaYfkIhp6lYYEarcMQq/IAd698puJQDWDVF/sFrZipaqgHVlynSfEuphYGgJ3quaEskspk/U/BQObbIfVemGTGYt6AjgaxkseTe/9TMWA9duSaNccm/2CaUDXgG2j/N2q7VgVTqhrpAw/Wby+h+3eMF7NRHG9zsYgcamtLWEOHYtvFiMSfNj7sZVwEraH54a19bD09cMmLynYyo1BnymS8TwFzTox8gSLMhiicBJ/QlJ7NrQPG1BS6JapBoHPArcC1F+khcFvS/pskmprjKwL6NSrwtp23QzFEKI7cqMQjM7Tc0P+8EORZX9MBRgTNdDuUNk828BtO05dymywZ/1g8SFJBjGEnVFguu9N9UzCg/w1a4sqYz+Hp44oVwGs/Wq4crb0DR/r7+9pjaoJ+MjkJ5RtiyaRxxjxjjRbaRc1xGNm/pGOA4XLm6zGwJcm4U+YMP8QSoCXIJZ6aYRzuGTHd5PW5RyQY/vGkP4wvEdgq8RJlZ75pk+v9Fsf+VClKLM+Lt9VxsmYSimNOydO7dmgrCeCt+gqjdBBstRiGxO+OGmnf6r8vFRQAz5UMeaB98AM7gf8c5nJuvIR/d1tYKnuZQCftCYAZJjGyyqrSqSVstIWLkNCTSePtxUMSwAtekDYO9mNGH9KnyfyusBuFrlFBe1mXncxDjDb5Z/Qu8weevMPd1ecrxajAGI/3w7jcjNLG4GNzLc49mWY9AuxWg587WuNEH4JXOQ1xllvikdqkPSUXm6IuEHWwHsRyGOJXjOoQqw55zulFt8slosRS1hMPOPGCBEXLGidvFEDm2g1t8qDxKhOdPwUHsjHeXmMPHNWbVIikXdc1G GVF5Pav4 uhcKxjV7gWxBAkUUt3c3rlKLhdNLMwo8kT6HKzVTTF466r8aAX0qjudikNjvghfOMA4eYAZ0zrd45lDR2Ocq3+Ql8+IuROTcClBG1YOl2mCSwl7GlUUeNYIZMQ6PinCUwwtxeYRIuKeW2LAsGP3/AFUM6VHUIQQ8fNRp2TH0g3ANotMMwg3tQu12QRLhF6VTvegBKTWNzHK3ttBvliEqb26kL9ZUWLbeWG4t+9uLZDZzJyobBSJ7fwDrxJcJYTwFFnpx1sPCK8pAT4TGLl6Z0IQyFQEH3xDj49RicKmUEqyR0S6hPQaVGAIRojEGK+GstF5nAGKaoxZdQg/B0ldH867lLXdQMVv18/nly7hQRPC6hzTBBaJDtfyolWTxxRoykTvr6t34p3ceT2uWHjc5vQmgxGX+I+YAM6cST X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..1fc46a5642c2 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index fff60e2a25ad..2fb4f0b84476 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 095b45531640..b2603aba99de 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index b5c81e81a379..8d9609a49008 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT From patchwork Wed Aug 28 23:27:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13782201 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23B78C7114C for ; Wed, 28 Aug 2024 23:33:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AE7B76B0093; Wed, 28 Aug 2024 19:33:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A73156B0098; Wed, 28 Aug 2024 19:33:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8C4F16B009E; Wed, 28 Aug 2024 19:33:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6779F6B0093 for ; Wed, 28 Aug 2024 19:33:27 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 22E8EA9B79 for ; Wed, 28 Aug 2024 23:33:27 +0000 (UTC) X-FDA: 82503258054.15.6409171 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf01.hostedemail.com (Postfix) with ESMTP id AC76D40011 for ; Wed, 28 Aug 2024 23:33:24 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=T0sYEOxH; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724887906; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zpawyuS9B9pFyqPLeUbWVN8Oj0MRjkReuUsUVFsBJLs=; b=XYnxfKFuoM6AzJBsyD0RmA7X+cC/oI9GWfqTeYq806rV0t7NYBvovBj7bzGiKelP1uAUph JHjdWMQuf/b/gE68LHKy7SxDa8Cg0B4GVFzd2JBdNTO1kJdZ0FoBKQnm+kUlbIJHilE0Tt vwTyqgs4aienUO68XzVfG9EfT2dM500= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724887906; a=rsa-sha256; cv=none; b=rYCNZIrEm7t2KttogWOqLyrTL2HCvwU4QdBTHc2P+B7uR6JaHUF9J/fONbH4T9+WSyEfo0 w6drhgKiJhuDPhe3Epj9JdD4qsuSBR+hcG/ISCshvfxgEdoQUMLcpDILciQkJnWBOuQg5r EMuNUsj9EFJqlGy4Or0iW4sI/0ikXRA= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=T0sYEOxH; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 108F6CE1736; Wed, 28 Aug 2024 23:33:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4D82C4CEC4; Wed, 28 Aug 2024 23:33:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724888001; bh=W5oN69xYg0RDvkVAq7OBhN9me4eHC7ENTR8wdYTObEg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=T0sYEOxHjFOttsTVvHr8nAQOQ8BUsl9RMPHqa31RJTgSFSQ3TIGLapA1WgRy3jLo0 JeODpovNuVdL80WVrYGVso4DyrRRO1DhF7kWisH1cqnFSCydDl13yVhb0nu6HT2C9z pD4UgF4Dwo5Y9nuYKXJogdufMhh4W7BZO62+McXl5vR8L6zMt1WUITjQLRzWcA7u25 SPgM+2tb0JJ+WBn06AztAPJ7FrM5sNRzveVcG0IubW9dGdUc/PlsWeypUq2fHpf0Gp pQfD/DxG1p/Tg1tfKVfxa1CicV/MXc1Phv0Iyv5PVg3YGY/+kSdolqCbHw0513h6ea haeI2WZc6MlWg== From: Mark Brown Date: Thu, 29 Aug 2024 00:27:55 +0100 Subject: [PATCH v12 39/39] KVM: selftests: arm64: Add GCS registers to get-reg-list MIME-Version: 1.0 Message-Id: <20240829-arm64-gcs-v12-39-42fec947436a@kernel.org> References: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> In-Reply-To: <20240829-arm64-gcs-v12-0-42fec947436a@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2418; i=broonie@kernel.org; h=from:subject:message-id; bh=W5oN69xYg0RDvkVAq7OBhN9me4eHC7ENTR8wdYTObEg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmz7KW23WvfTKbuTefeFx8re+CMzCUi4CC3I85X0Hw F+Tp6t6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZs+ylgAKCRAk1otyXVSH0AynB/ 4zJS/fNzXaknnr7WJBxyXZVPJNEDNBY8rJlOhiRC7JR4N1wpHshMVJS7B5HyeOhJWMAuD3mR2CrV1d r4v28SEGzfR4d+ILf+hgZkeIgrDji+0MV4VUdT+tsjQyzfTjj8tJ3F2CqTPAP3N3Uny4OsuqLSWzBp hlN40ZxT2iqDEbKvGfaT1sz62nwxmh3r34dtmQBwKzh0I3Y2nYIK5zGYUsoMINt5Gtov3e79ziMDIT AOI9DcGFA7X0dQUOWVXPLJxkZnXLGhBCT60jSVl0d8qabxjn+iAigD30fNz+DZi1Y79Ar5nZoztoG7 adadSZsjbnTs20zCvlACDXAlp/hVa5 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: AC76D40011 X-Stat-Signature: rm119ft59qhmfkr11ubug5s9ugpauozw X-Rspam-User: X-HE-Tag: 1724888004-718667 X-HE-Meta: U2FsdGVkX1/s8yvRwE+NaON94Et2EfKu+psjXaDiLl6E6C4qjBqzC6+SnzVvl78F5LfA3zBnuFKD4qfrYzUDUKwhoc6y+JY1tUHOYCHtRPOUvHueX68Y3Ts4Ri9418yqtbsylQm+7gYJ/+KhbUw56o1d0tURJ849SpGg0x+wu+HijGA3+EaMkBkFSPsP+cClth9JJUn2q5Sdm5Bd0hB/+lJPEdcG/x2pLWDFykZcyeEgpd1jXWbnkTc3hnNZdzNZZGUSKJGyEhTMnsvr49128eo7EV6TnabA5wo16wuKvtDrL98evE41NsPyJ+cKxcl3P351WPcPC5JHMDAy5Si6cozT/x1rB11TppZxVuTT/OV3+8uQ7qnJjA6fOqUlXwVGOAXBA4N9ux1UKonF6Parhz6iesbVN4BRlwUnHvDW1l8EDHjNbI+KBt/QTj+iNVQc3XEfSoLWxa3+Cn9EgPw4p7XAcYWKfx1Q+3AOkTstQRoCxRp9x19tDRuxhD7V4QgGjcpVW3V5J6b+yo+gK3qwR8gKI8JfekCRB0UhoSgoOz66pWwpBUEpK74ptuZu1ZxHHYJuGy90/DK3Debtd4h5rIxLZYNBnP4IlvfKMkZCz+Xo4nN0jsO+Xlrd73HDqbS7tqTmQcKEaN+4H8ZFaXlyqyip9gPe5Eyvk7Lc2budYyMeK75e80he14nA3Yxa1zmZRskBGVjwIDzaEUOGEo4DBx8t1Ob3fvkV2OPAZgrKn/5YrMp5EXR3ChVVNfU+mNs+ZbqJiO6+HMShVLgER2JRVSor1uRZ40ILer9WReTl0hLtpOsfRGC9LqzrC+xJKh2u6aPo+qtCbwZeO187+sWaz9aW2FQNBr6giFY3FlOkKe8Ck48j9eCwMRiJnNb0Klb1NE7OpqIBDg0YqHkD8VLBgILYA67p5A+yeHkErITjL68A0bkw36SzNOrS2mLdSGs7WfgYLUt/n3kVH3JdFcL 7j/50vsm Nxx/YB/ZV9Rn3d2hv5IuRrE57kQY2qqEGAquiDB7PkD7R5isWAspLRwJswdyQDTneqEwNeLgPzD+Oa9OofPvmJ/mOnuAW8LCyf00ZNoPh4S62/S1En8rN2gBIgRwe5t/8tUbwnOAxr5ptiJFIKI5ODNX6kAaSYJX8ggXM7vB9m6TLv5bB6COjY1M3mS7mR/kWiTC8BnFIan99BQEnQNOWIQ9z1IQhh53SYN5P0AsczqG5yFNc/013zItPEuQp+CQvtRIeoWeSawjyOt6AbETs31jQ2R+54HaUGCLtwSN9Ds5TK+kPrbgyXdQ7SwMx3DXp2hrGJ7pnYl41G3mq71mIqS4b/E9ga1ChpKkdEHJAc5nX4NY5s1rMCM7Ksg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS adds new registers GCSCR_EL1, GCSCRE0_EL1, GCSPR_EL1 and GCSPR_EL0. Add these to those validated by get-reg-list. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/kvm/aarch64/get-reg-list.c | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/kvm/aarch64/get-reg-list.c b/tools/testing/selftests/kvm/aarch64/get-reg-list.c index 709d7d721760..9785f41e6042 100644 --- a/tools/testing/selftests/kvm/aarch64/get-reg-list.c +++ b/tools/testing/selftests/kvm/aarch64/get-reg-list.c @@ -29,6 +29,24 @@ static struct feature_id_reg feat_id_regs[] = { 0, 1 }, + { + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, { ARM64_SYS_REG(3, 0, 10, 2, 2), /* PIRE0_EL1 */ ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ @@ -40,6 +58,12 @@ static struct feature_id_reg feat_id_regs[] = { ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ 4, 1 + }, + { + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 } }; @@ -460,6 +484,9 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 2, 0, 1), /* TTBR1_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 2), /* TCR_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 3), /* TCR2_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 0), /* AFSR0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 1), /* AFSR1_EL1 */ ARM64_SYS_REG(3, 0, 5, 2, 0), /* ESR_EL1 */ @@ -475,6 +502,7 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 13, 0, 4), /* TPIDR_EL1 */ ARM64_SYS_REG(3, 0, 14, 1, 0), /* CNTKCTL_EL1 */ ARM64_SYS_REG(3, 2, 0, 0, 0), /* CSSELR_EL1 */ + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 2), /* TPIDR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 3), /* TPIDRRO_EL0 */ ARM64_SYS_REG(3, 3, 14, 0, 1), /* CNTPCT_EL0 */