From patchwork Thu Aug 1 06:51:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aruna Ramakrishna X-Patchwork-Id: 13749893 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4577C3DA64 for ; Thu, 1 Aug 2024 06:51:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C022F6B00BC; Thu, 1 Aug 2024 02:51:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B8AF26B00BD; Thu, 1 Aug 2024 02:51:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F59E6B00C1; Thu, 1 Aug 2024 02:51:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 5DD176B00BC for ; Thu, 1 Aug 2024 02:51:43 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 0E3F112092B for ; Thu, 1 Aug 2024 06:51:43 +0000 (UTC) X-FDA: 82402756086.28.12D3018 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf13.hostedemail.com (Postfix) with ESMTP id 0768920005 for ; Thu, 1 Aug 2024 06:51:40 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=a+LA9C0O; spf=pass (imf13.hostedemail.com: domain of aruna.ramakrishna@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=aruna.ramakrishna@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722495096; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=G5mMnDpkYZkQxM2Urrt/xYeOk6eG4fznj0JjVcnQXi0=; b=DvGJqVA6F85qrSeS/nK1GXxIhD/atgjsJgrsbnaRnvIdV0a5dQF2Q9KOgA3BlUxt8shGVw bFr9nH0cNXUZ/qzY2dKLuqRi/L8EeAypUblL4QS0qd4x/aAtDroOOlJU8xxp9yS5v552Xi Ivo381JXIz2t/Xy4QuMDSTcAYn1W6xc= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=a+LA9C0O; spf=pass (imf13.hostedemail.com: domain of aruna.ramakrishna@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=aruna.ramakrishna@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722495096; a=rsa-sha256; cv=none; b=MeQLC1NK9Axj5redSqOucuSVR0LWyuqUP07upECIX4AthXGRlrUHjM15RqLi5bi5Yav90d NabkqUn4d2IOTtemEBw9mgLEecOiISSRmvOCzvAGSY64uVp1L55iSRm9e7p/sh7+y0uXul dikOvLZa60jh+E/jR1vs4kejS3ZUWt0= Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 46VLHDsl028382; Thu, 1 Aug 2024 06:51:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=corp-2023-11-20; bh=G 5mMnDpkYZkQxM2Urrt/xYeOk6eG4fznj0JjVcnQXi0=; b=a+LA9C0OzpoxyhodA zNIjrivRSPsRUxXGWQHrCV1zHsDyYQOVq5u8JMuhIK/i2+vYgsgiIhu8osEdO5Xg GXq5+A5Nzoo+bOTtwgkHdW4ytwls4WRC/235TyFuJxv78fzoRTTn3HRuIv6XJZUg +bfiIUOeFQoPjAjpD9jattvyDvq0OhSWlbk2aaKlU8NezXdzELTMvqcb0vzJl73J DVp7bAz1QQ9+Ilii/6IDxYcit99d4DBayucq+XGyLZThTP9BArE8FNCijUrDCft6 lgI6io136XS3BwgBvkulF/J6P4kU+qaErd1SHl/vE6TUSR0XFkCGLvy1Pqh48uZ+ wQqJg== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 40mqacs21x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 01 Aug 2024 06:51:19 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 4714uHW4030801; Thu, 1 Aug 2024 06:51:19 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 40nehveh7r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 01 Aug 2024 06:51:18 +0000 Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4716pHNG033596; Thu, 1 Aug 2024 06:51:18 GMT Received: from aruramak-dev.osdevelopmeniad.oraclevcn.com (aruramak-dev.allregionaliads.osdevelopmeniad.oraclevcn.com [100.100.253.155]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTP id 40nehveh6x-3; Thu, 01 Aug 2024 06:51:18 +0000 From: Aruna Ramakrishna To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de, mingo@kernel.org, linux-mm@kvack.org, keith.lucas@oracle.com, jeffxu@chromium.org, rick.p.edgecombe@intel.com, jorgelo@chromium.org, keescook@chromium.org, sroettger@google.com, jannh@google.com, aruna.ramakrishna@oracle.com Subject: [PATCH v7 2/5] x86/pkeys: Add helper functions to update PKRU on the sigframe Date: Thu, 1 Aug 2024 06:51:13 +0000 Message-Id: <20240801065116.2088582-3-aruna.ramakrishna@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240801065116.2088582-1-aruna.ramakrishna@oracle.com> References: <20240801065116.2088582-1-aruna.ramakrishna@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-01_04,2024-07-31_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 suspectscore=0 bulkscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2408010038 X-Proofpoint-ORIG-GUID: LKVdYd-c38gWL3NEsFAaQtglYu2fHkGe X-Proofpoint-GUID: LKVdYd-c38gWL3NEsFAaQtglYu2fHkGe X-Rspam-User: X-Stat-Signature: cecap1g4ho5tehiea4igekfpozs1tnr7 X-Rspamd-Queue-Id: 0768920005 X-Rspamd-Server: rspam11 X-HE-Tag: 1722495100-57159 X-HE-Meta: U2FsdGVkX19kuKxof1wKXey0vwj4e8bdCoR8idA0QAzpT0ytxbRtgIiJFdGBCwxRzpMOtDvU4JG4f5xtRQ+vlh8j4DktnpsIK/oss5Kn7bhnuZvMXnyYF1NJEVAxv6hu6a9+wsoUOJfE9q8qDgsNvSL80sArfBO8+ZASrrjVnTZJXFzVsdW2sqKfZOYiDZqCO+XheI2QjawLtY8df+L4xpx+NoHGU+WAd/gBGfITFmaTNmFnYtQaHKSoFhtqjtLFGlBcwQWhwlPEFNE/eGhskh8bwZqFKnl+hz+XULGj0ByDe2FVCSNvHLnBwlyOfO9ZAHW0HeweV6ukMftpLxcFuxTp5FP2zDGFVBl4Kz3rRGwSu4rRZwz/VG/Yqf7Bxxq08dFbFi1R7ZWrOQFYe/Eo5VFWoQTqMyxV7XqoOr5M5wh1ARThbq5o7/RWYLQgZzgezILqboPkYyqX9/sn3QkE1zx43Y0VvDCpGmy3dZmcBLuDiTIyIo4Sn/EB18S/FAr1pRr77Bdx67oTJcTb8vWuxPdnjOgy49M8Ic+tV7nEjVJ5gSbcJo6t7AM1Afh58papk2iwslDjrNX843oNXVRcREN2/SJHpXqnGFgj/vXvm8vYvgn8BrjyDAPLkVoDgQ0SPEavSvOt2fdpaAB9TVIL6CWRdDQzgh+teBveLMTreNQMT+i/+YQbFCuXIYGoa1+3F4NyRSmRlJxJtTZoL8lWasR2bpLzo+gnr9u94g9iH2xMasBakcjmhQ+l/BG7DEeVkgfWZn1G3lQQlNE7xRQyDQDidRinU8AYFTMdzle9nybXHY7k4sCjh7wKKfANJouOWiQ/eloRNK1MGWFkCHCK+AYb0iNfdEyermGaMj3AIMCVrtNgGRcS1qA73fthBS9C4p+ea5TiovqQCPi9ee+y5S9e5dIVn/C/RHJEx7X4T9haVK8FWElteWbd/THLt9Cq5pue1uGpioNCp5F8OVx rXBusnev uF7N27MoA/8X+IcZDtKsOgb90wNM1Dz2cga1X7++iHGZVe/XCRDgcOKKvDAKxG8CeGR+oxAvY8FyrH3zBoXTC/5eDzqBhC8i/7D/kz0p+CbU8RK8HYT6wi29AEyD0la2SllrveaZDg3/ZSHHXMq1b3rOAW8hcK24Ls5TNFBfwoMGMg+7VBL2F8RLLSxeFJf5Fd6vJrrEBIPdH4BJejaoXu7VnIL19WDgpqYma X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In the case where a user thread sets up an alternate signal stack protected by the default pkey (i.e. pkey 0), while the thread's stack is protected by a non-zero pkey, both these pkeys have to be enabled in the PKRU register for the signal to be delivered to the application correctly. However, the PKRU value restored after handling the signal must not enable this extra pkey (i.e. pkey 0), so the PKRU value on the on the sigframe should be overwritten with the user-defined value. Add helper functions that will update PKRU value on the sigframe after XSAVE. These functions will be called in a later patch; this patch does not change any behavior as yet. Note that sig_prepare_pkru() makes no assumption about what pkey could be used to protect the altstack (i.e. it may not be part of init_pkru), and so enables all pkeys. Signed-off-by: Aruna Ramakrishna --- arch/x86/kernel/fpu/signal.c | 10 ++++++++++ arch/x86/kernel/fpu/xstate.c | 13 +++++++++++++ arch/x86/kernel/fpu/xstate.h | 2 ++ arch/x86/kernel/signal.c | 18 ++++++++++++++++++ 4 files changed, 43 insertions(+) diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 2b3b9e140dd4..931c5469d7f3 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -63,6 +63,16 @@ static inline bool check_xstate_in_sigframe(struct fxregs_state __user *fxbuf, return true; } +/* + * Update the value of PKRU register that was already pushed onto the signal frame. + */ +static inline int update_pkru_in_sigframe(struct xregs_state __user *buf, u32 pkru) +{ + if (unlikely(!cpu_feature_enabled(X86_FEATURE_OSPKE))) + return 0; + return __put_user(pkru, (unsigned int __user *)get_xsave_addr_user(buf, XFEATURE_PKRU)); +} + /* * Signal frame handlers. */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5a026fee5e0..fa7628bb541b 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -993,6 +993,19 @@ void *get_xsave_addr(struct xregs_state *xsave, int xfeature_nr) } EXPORT_SYMBOL_GPL(get_xsave_addr); +/* + * Given an xstate feature nr, calculate where in the xsave buffer the state is. + * The xsave buffer should be in standard format, not compacted (e.g. user mode + * signal frames). + */ +void __user *get_xsave_addr_user(struct xregs_state __user *xsave, int xfeature_nr) +{ + if (WARN_ON_ONCE(!xfeature_enabled(xfeature_nr))) + return NULL; + + return (void __user *)xsave + xstate_offsets[xfeature_nr]; +} + #ifdef CONFIG_ARCH_HAS_PKEYS /* diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 2ee0b9c53dcc..d04383793676 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -54,6 +54,8 @@ extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void extern void fpu__init_cpu_xstate(void); extern void fpu__init_system_xstate(unsigned int legacy_size); +extern void __user *get_xsave_addr_user(struct xregs_state *xsave, int xfeature_nr); + static inline u64 xfeatures_mask_supervisor(void) { return fpu_kernel_cfg.max_features & XFEATURE_MASK_SUPERVISOR_SUPPORTED; diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c index 1f1e8e0ac5a3..9dc77ad03a0e 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -60,6 +60,24 @@ static inline int is_x32_frame(struct ksignal *ksig) ksig->ka.sa.sa_flags & SA_X32_ABI; } +/* + * Enable all pkeys temporarily, so as to ensure that both the current + * execution stack as well as the alternate signal stack are writeable. + * The application can use any of the available pkeys to protect the + * alternate signal stack, and we don't know which one it is, so enable + * all. The PKRU register will be reset to init_pkru later in the flow, + * in fpu__clear_user_states(), and it is the application's responsibility + * to enable the appropriate pkey as the first step in the signal handler + * so that the handler does not segfault. + */ +static inline u32 sig_prepare_pkru(void) +{ + u32 orig_pkru = read_pkru(); + + write_pkru(0); + return orig_pkru; +} + /* * Set up a signal frame. */