From patchwork Fri Aug 2 06:13:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aruna Ramakrishna X-Patchwork-Id: 13751140 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78C42C52D70 for ; Fri, 2 Aug 2024 06:13:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A2616B0088; Fri, 2 Aug 2024 02:13:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6782C6B0089; Fri, 2 Aug 2024 02:13:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 567296B008A; Fri, 2 Aug 2024 02:13:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 3A78B6B0088 for ; Fri, 2 Aug 2024 02:13:38 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id D89331410A4 for ; Fri, 2 Aug 2024 06:13:37 +0000 (UTC) X-FDA: 82406288874.10.F4DCD47 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf06.hostedemail.com (Postfix) with ESMTP id AD98D180014 for ; Fri, 2 Aug 2024 06:13:35 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=ViJ9Ym9Q; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf06.hostedemail.com: domain of aruna.ramakrishna@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=aruna.ramakrishna@oracle.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722579173; a=rsa-sha256; cv=none; b=QiScPVxQ9JH5VlcbeBVMC0J8n3bZn86skQo64xU9ayjzJZkjbHXl67bSVj2dQW7xA8CQq7 x5MaZMZwKrkJeODU7/1LBnmpJehhQ5N64BaLKx76BHjgSQt3F+wx6umuluQjcwEgWeH7Ut QxXvA+mH8dylUv+ZW5WW7CvUkndO3P0= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=ViJ9Ym9Q; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf06.hostedemail.com: domain of aruna.ramakrishna@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=aruna.ramakrishna@oracle.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722579173; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ciUF/eIFsWVQEHGUf3W5Z0a0BL+wJJ3TBjudo25Imuw=; b=JHDT0N6esA9ZKi33PAy+Q/gu6fop/uFlu7R9c5InO3MKcNXYkbOGgoYku3a1Cnm1czrDzn 04NDLE+9TDUJpGfHpaJBbp17oRSqhZxhjAnO/M5e79uhBgePha2uiJCmtcdsF2jz7AB1gF kr5Sl+AaolUx2AUFdhXVM7Qm8Kg18cs= Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4723fWOu008206; Fri, 2 Aug 2024 06:13:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=corp-2023-11-20; bh=c iUF/eIFsWVQEHGUf3W5Z0a0BL+wJJ3TBjudo25Imuw=; b=ViJ9Ym9Qi9P3w97cw 9U+ftHX+qD/zDDwIBRHacf8c+eAqZAC4dKNUtndgVVCp1OaaiBfq6B3olV9uyfEv xx8NdXrk2LJcMZCMYfAVxZn2fnscURSmW4dqXvoUINMsk5FVxWvC6Mxh/QhJvjkE kvtJuLM2OIEC+Sv7sPSTs3anbZVa0M9b4i/si24EcBnBTEBKV4ODIekknBjjCZKk mFBJKcyRyDPcEMfM8AWtpnZG0xq4q+NH9tgJaipC50D4pKqVNCgwO15bun+XCGjo hSMyx2ucgv6QcjrUSZPg4Hm5jHHQl41008cTeQIReaghqQtFXr+pmWDyWsIISH5F +UhbQ== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 40rjds8g5q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 02 Aug 2024 06:13:29 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 4723Raoe036482; Fri, 2 Aug 2024 06:13:28 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 40nvp16ebu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 02 Aug 2024 06:13:28 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4726BM9c012716; Fri, 2 Aug 2024 06:13:27 GMT Received: from aruramak-dev.osdevelopmeniad.oraclevcn.com (aruramak-dev.allregionaliads.osdevelopmeniad.oraclevcn.com [100.100.253.155]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 40nvp16e89-3; Fri, 02 Aug 2024 06:13:27 +0000 From: Aruna Ramakrishna To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de, mingo@kernel.org, linux-mm@kvack.org, keith.lucas@oracle.com, jeffxu@chromium.org, rick.p.edgecombe@intel.com, jorgelo@chromium.org, keescook@chromium.org, sroettger@google.com, jannh@google.com, aruna.ramakrishna@oracle.com Subject: [PATCH v8 2/5] x86/pkeys: Add helper functions to update PKRU on the sigframe Date: Fri, 2 Aug 2024 06:13:15 +0000 Message-Id: <20240802061318.2140081-3-aruna.ramakrishna@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240802061318.2140081-1-aruna.ramakrishna@oracle.com> References: <20240802061318.2140081-1-aruna.ramakrishna@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-02_03,2024-08-01_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 adultscore=0 mlxlogscore=999 mlxscore=0 suspectscore=0 malwarescore=0 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2408020042 X-Proofpoint-ORIG-GUID: VCM5Jqh7_fwRhudywwKQbXduzurqnPn8 X-Proofpoint-GUID: VCM5Jqh7_fwRhudywwKQbXduzurqnPn8 X-Rspamd-Queue-Id: AD98D180014 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 7k87f6qfcctu19f6s3bfg8cxhi78wi9u X-HE-Tag: 1722579215-785375 X-HE-Meta: U2FsdGVkX1/4uWTSUh7QHtkOSgReGtnapwSQPwuznYkhYQiwXOOP+Y85zvJZOa45JfnFgO3SS/xdxnMKY/dCbuIu5RlwBXacqGOWGLghTZvwsNSYyIMAs5lR+rUNyrLnsye/LGgOvyZlwM5OVUxNHLutzhDDuZDF5JOmnMNiT5xWvx8Rudr+bkgKEm02Z0/uAqOIeSY4o459z4U0IOgHylzeECIB3zBZMZAMCGfnSHSGMwpNvutNA25RAYeLfIBofv53kGLJ0KEeZKK5AkeKpRrlPCp2tfB0VwAyg4HwSD4YPh7N5doTHH283RcEmx0auyw2YwViUFIOwrtG/u2qLKSx1BJV4OVhwSPeGJN2kVHkZvctagNe8kc7RaUxUTaUbwl3PkTKbaR5SwMVPDvmKhHtsJQkDYWEm6+opPQPnsF+WmCOtdQt3mWgZ+GwIuMzaR+mU+IuoQgGDTTyyprHqwEPw1wTJrtZKVvLuoQ4GODeuUnIvV1tDfx2E+R1sGWyNaOZKMn1Y0Ov+O2ExagNgZ3Af3HstfgbZXR681Slg6mIxXDinU8ZJGuiqF4hAOxVjPIjaGlX0U5+laDOux06J0akCocLjhdE8Hwfvt0JjjqEp+yJ8PRN/SM08Lg7XzGuGOkmG0yWtuz+3t6FsmdK6jw0CPgklk0+Rv+cOiWTkxtSPurnkM+nsyMFsjsnuiJGiIwHzRIw4WhirPzu/VG65U3qv6d4njEZ+nbiZbSlixLdHF4qfMweth8PGLusg+eGVFgeuk0F5ZNvV15uWOecBK62HKf4cFA9fOCTodzp+eUGeZvCWEQEZ3f/ewLalMi5u3saUb8kkz1sXZK6CF36tst5W52LS9cMt0WGVel46JIwaStCBkVFYAkyUrgVqxTI7OPOfagALQK2qp1+XnL229WrZTDla6h430ep5duw2hL3B3n5Bkd+dQfAzTDHHR9JvvnUT6AqiN7R94E0E8w Iwi0UDSf o0fTKEeVNbmgHiW4M+XfKfoTpTM5zOIM1zQvT+kETWo7IqfTJWF9XFHliTbrO9y5yXI5SYJf1Gok7q9gV640zFgcHsb4lW296I5Gke6o6PMVyU1KzJrt6sUSm9AN1im8tfid/X78VcK12BAhRUx9F0i9LqClwWk9aj36apB8mTR0WtmMFCbm4pEsCrfKQebkZDdVIpfEfWF7LbaN8sg3FHO+HaQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In the case where a user thread sets up an alternate signal stack protected by the default pkey (i.e. pkey 0), while the thread's stack is protected by a non-zero pkey, both these pkeys have to be enabled in the PKRU register for the signal to be delivered to the application correctly. However, the PKRU value restored after handling the signal must not enable this extra pkey (i.e. pkey 0) - i.e., the PKRU value on the on the sigframe should be overwritten with the user-defined value. Add helper functions that will update PKRU value on the sigframe after XSAVE. These functions will be called in a later patch; this patch does not change any behavior as yet. Note that sig_prepare_pkru() makes no assumption about what pkey could be used to protect the altstack (i.e. it may not be part of init_pkru), and so enables all pkeys. Signed-off-by: Aruna Ramakrishna --- arch/x86/kernel/fpu/signal.c | 10 ++++++++++ arch/x86/kernel/fpu/xstate.c | 13 +++++++++++++ arch/x86/kernel/fpu/xstate.h | 2 ++ arch/x86/kernel/signal.c | 18 ++++++++++++++++++ 4 files changed, 43 insertions(+) diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 2b3b9e140dd4..931c5469d7f3 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -63,6 +63,16 @@ static inline bool check_xstate_in_sigframe(struct fxregs_state __user *fxbuf, return true; } +/* + * Update the value of PKRU register that was already pushed onto the signal frame. + */ +static inline int update_pkru_in_sigframe(struct xregs_state __user *buf, u32 pkru) +{ + if (unlikely(!cpu_feature_enabled(X86_FEATURE_OSPKE))) + return 0; + return __put_user(pkru, (unsigned int __user *)get_xsave_addr_user(buf, XFEATURE_PKRU)); +} + /* * Signal frame handlers. */ diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c5a026fee5e0..fa7628bb541b 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -993,6 +993,19 @@ void *get_xsave_addr(struct xregs_state *xsave, int xfeature_nr) } EXPORT_SYMBOL_GPL(get_xsave_addr); +/* + * Given an xstate feature nr, calculate where in the xsave buffer the state is. + * The xsave buffer should be in standard format, not compacted (e.g. user mode + * signal frames). + */ +void __user *get_xsave_addr_user(struct xregs_state __user *xsave, int xfeature_nr) +{ + if (WARN_ON_ONCE(!xfeature_enabled(xfeature_nr))) + return NULL; + + return (void __user *)xsave + xstate_offsets[xfeature_nr]; +} + #ifdef CONFIG_ARCH_HAS_PKEYS /* diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 2ee0b9c53dcc..5f057e50df81 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -54,6 +54,8 @@ extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void extern void fpu__init_cpu_xstate(void); extern void fpu__init_system_xstate(unsigned int legacy_size); +extern void __user *get_xsave_addr_user(struct xregs_state __user *xsave, int xfeature_nr); + static inline u64 xfeatures_mask_supervisor(void) { return fpu_kernel_cfg.max_features & XFEATURE_MASK_SUPERVISOR_SUPPORTED; diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c index 1f1e8e0ac5a3..9dc77ad03a0e 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -60,6 +60,24 @@ static inline int is_x32_frame(struct ksignal *ksig) ksig->ka.sa.sa_flags & SA_X32_ABI; } +/* + * Enable all pkeys temporarily, so as to ensure that both the current + * execution stack as well as the alternate signal stack are writeable. + * The application can use any of the available pkeys to protect the + * alternate signal stack, and we don't know which one it is, so enable + * all. The PKRU register will be reset to init_pkru later in the flow, + * in fpu__clear_user_states(), and it is the application's responsibility + * to enable the appropriate pkey as the first step in the signal handler + * so that the handler does not segfault. + */ +static inline u32 sig_prepare_pkru(void) +{ + u32 orig_pkru = read_pkru(); + + write_pkru(0); + return orig_pkru; +} + /* * Set up a signal frame. */