From patchwork Mon Jul 31 13:43:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334664 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34A21C04FDF for ; Mon, 31 Jul 2023 13:50:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 94381280041; Mon, 31 Jul 2023 09:50:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8CB81280023; Mon, 31 Jul 2023 09:50:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 79418280041; Mon, 31 Jul 2023 09:50:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6ABC8280023 for ; Mon, 31 Jul 2023 09:50:57 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 33F8CA0755 for ; Mon, 31 Jul 2023 13:50:57 +0000 (UTC) X-FDA: 81072042954.14.8B2197B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 375EF180013 for ; Mon, 31 Jul 2023 13:50:54 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UNOMtRgb; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811455; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Rr2GRmUkRH4qcj8DwtxgJoc5E8ETtGtlZ90s5DNZBXk=; b=DiPhPNn6BBKhlguUF37AlT8F8HW5UQhRFRCXQgPbwcAHBJVp/Rkj45zORI5UZC+yMJxKHP xpYPkMYtNueWlIC4boFUhYDwT6PjWNQILLPKYnegxMeTQ381PGdIxD64XpxOVqJPOKRs/K bA7yNk0GfEZk7J3MGs3Y19UKqrpl40Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811455; a=rsa-sha256; cv=none; b=cKmKcmUIgQldLXV5pnGnH9kr7Ug7hKfbN934GqFskKpI/4fpIAUsOZactKnB+/4xgeD+NW hisHMMXQjhSqlflPCzx19x+TuEVlCvGXZpb9Biy5Q+AfK12MtH7W60jRwFTTu3eSU1VIQl VLB6dLY3g7raW0er54qk+yVLq00hptU= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UNOMtRgb; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6EA726113A; Mon, 31 Jul 2023 13:50:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E0F5C433D9; Mon, 31 Jul 2023 13:50:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811453; bh=AEKjV/BA0T20XbbVS98znUxvUes3P+lFxLNl3dughq0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UNOMtRgbah1mpzBWzzzA1VTcOb/1jrRV5/EvQZNOqPfsJGo3zJ16RUrgLCnNQG57q 2sTgV5SvIVLA4JyxIunB1RuU8Aqo2cS21aPekTcbBUdj73VHAocDOWCDk0G+nchj8F EcFFHt+kPZSQuTVs/RBELQ54DfYcQZ8RmwdkhFaKR4Noy0waoEQNa26AeZudwGZjJr 777z+Nkz6cbdBXEqjeKDMgCNm3xZxq7mqB+xRrwGH/DObCjAKerUVOH16ZBc1z8GkN /QgCpGhVReua4PGN4ZuozUfGEhimG5pmf+G668Vkp/bDpmjhxsbzwHtsfgPOjs1ux7 Xk6sBrmLl1OIg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:10 +0100 Subject: [PATCH v3 01/36] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-1-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4712; i=broonie@kernel.org; h=from:subject:message-id; bh=AEKjV/BA0T20XbbVS98znUxvUes3P+lFxLNl3dughq0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wUpu1yDaR36IlwDmlUq9r96GHEwjyTLGb9nho8 nyOJGGeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8FAAKCRAk1otyXVSH0F/fB/ wK6w/cAUGsvzFtYxqT0ScYoTc5n9vxFst0ZF1itibIGCn5WsS+4QfZMrYUoqNii+ZDKslOJH15ZSUG of4V7vA4EXKHlzT+KKEgcI9Z/yDD4mRoNm65Xk0L+o88htn3o/UZ7vVDiFPsvZXHeUjxJBgVoZjQm8 5lPDAz8KtiJ8SDJCBox8Y6Uv9x82YHEqWRqMyeApMk4PAKllk5v6o2az5dcbtI4QVMNdZmyYIRyQ1y 9w6XFwvIEIIBOf099ig6rOdboqXNOg4kQmNnYnj+XCr6rEFM2VOybjNlnAqC22QSjPrbwLYEbWyeqG DMbfZnUushtaAImMpCT4uinZbJi4pv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 375EF180013 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: ojma5wy9ow3tyds3r7m9ihie3fyngu61 X-HE-Tag: 1690811454-354263 X-HE-Meta: U2FsdGVkX1/N7n796oqkrDC8ar1lF8FDGu8MpMVT9HSrydiFTuq6yFQymR8W+Rw159lfhgxgRReIqZIASx0JunBdXm6f8esHf24M7IUU3rEf8nBpeWDXmpjCv3o5osWR0S0aABgXEUYwdIWvcEXSEPot2qdmFCKSku5ZXWpYV4otJGv261zLrf4TkzN1ZAyy7qhFAPXn9Q8TOCib1vXacLpoXUfHjn7WtNAgu0poQWZPmaDfufZDxU37mHP2ALdw20qp2ncXQsexXJs6nCOcCaJ/eyQUgG6ddNq0BNXLjogAoIMZVBV8nk5CeUJDPDlkm7glJSEO/hOy8B6eu10rMu2+iH47Qt8kZMwxhm2J4z4eAzr0EwOBCRW3HLXlsArokaHfoOuHNr0A3/qkKUQ7Kd78H82+16X9TT1dtm14biSuIw5qYj1MPgLIpkIecTOQDrlXjzuox91B2GH6LqTJYy+Wy1z5mtq81xK9PSJrab+rZCfrVB+CrT3qucgq1YT6Ey5luPO0kagCnM7GDstdCCFJJKAu0oTfA25UCbwrsS+N2oqA4ilvD0BZ3ZAIruWdGZt0DEH9hqTXv1HrmAK30GVeNNeTMPQKHdY9lJOuQaxW8ELppr7Y8NMW3GU+nHKYb6h4tPbXTCH4Mn93JHKkKu0GLmggwzwScrQCPuETCnJjDv1mFw7S+IDh8UPddVtL2DkhQtfXI9Uv5Cb/w2Zpp57CbKSCh9FHekLi1M7neufib6U27yV/qjXF+e5+pe9rKEBHE7C9/6fIKnE1E4NhyKrwBPL33u8Lypd3EOqcsxhoySJDWfeJrREEKaUJeIVTgBNwC5/p2WzKwNBJfYzeshNK1kWAp6UC84k7nIOQc++hA/we2lI3SI6zmxAfjBKKzjmNqe0WsY+eCLtWwfMEuvgDS1n01FuEJC3IBOY2WFy6vTa6nH+zbIa2963HPBn+bgUshxcosacrAFu2q+R /2lP3Ivn ZYfsg1ZN8w1/M1fqr4f1gDG4CGCk9ERVxd6D5wMIV7+NNEF6RwbcllFysAuO31Ek/X1j5Uwjsq0UzfDFAexERKw1CefNonsX+/iOXxqHvwoSMHAmQAyu/SKN88W395eMdmWoKKXRPn4CQLZUaZ0+9Ix8PzDJb+hWcFvWTY7HErCwfKoDbnsUtVK2DM0Yan6aaAb8S8Dk7lqAj8oTu2VGycK5l4k8sicXaeCvjb9IkiF6EwSAILSiUcZjC1uQtv+nrPgdW+OhBsDmm3ifJpSCGrQvPB8NS7v0Zq1hwVSFfuoTkM9eUp1svjiIDRmdBOBsdAg5aIGrdQFpFh1XxQujbbYeG444QdcgUDKMgDQLRQOyUJ6jgHk6kDQNPm+NVw6g8Va+YAZegash7mrwWuKN0HGG7vjK07pvJ6ZmLEmfbhkQj3YI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 0ead9d8013e8..43fe625b85aa 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3964,4 +3964,8 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..0de3d6ee18e0 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -305,4 +305,26 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 73 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..b26423a614a9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2302,6 +2302,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2720,6 +2735,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Mon Jul 31 13:43:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334665 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04C42C001E0 for ; Mon, 31 Jul 2023 13:51:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8F413280042; Mon, 31 Jul 2023 09:51:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A428280023; Mon, 31 Jul 2023 09:51:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 79386280042; Mon, 31 Jul 2023 09:51:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 68A48280023 for ; Mon, 31 Jul 2023 09:51:03 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 46FD714027C for ; Mon, 31 Jul 2023 13:51:03 +0000 (UTC) X-FDA: 81072043206.13.875EAC8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf04.hostedemail.com (Postfix) with ESMTP id 71EBC40016 for ; Mon, 31 Jul 2023 13:51:01 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=k3YNCVgY; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811461; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9EiokGlVijer87hj8YWJ1OH7aG1LYVUNBq6hLY0xJSc=; b=htESeeUyWR6997fKjU2DkByad4OykbkEaAZ7H/1CrtmqLTYYbmTKX76/wPcpVhMr5gdhp6 fdfkuz7cLeyq0Mz5CEDUxW/m1zqhI7RU9b97IUWEuW2y8iAlk3XtR1WkccC9zsIZGdZ7BF n2mmrUH52RsUQBx/wpF4TS5gDVAvNQA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811461; a=rsa-sha256; cv=none; b=uAHmOhEEsn3OJwq19RxlmDNMal80P7uL3SYa7QY0pEgpiqcbBHPftxcafpCOL93j7VpWPM LIusKvtXoaHPbSxkHXbYmVLRxEwWWthuQE2UJzInTy5tqAisRrJFM7YmWySrB21AKP6cOv zs8bw9HiV8QT2hnffY3XIzg3pVYUBHM= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=k3YNCVgY; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 914B261154; Mon, 31 Jul 2023 13:51:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A7CBC43391; Mon, 31 Jul 2023 13:50:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811460; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=k3YNCVgYLsgC7I6xYzEDFO+Vmi0WhkU4SktWcd8Nm0Vo89TlCvZBycZ7voKApGHEC V6MZkrm/40djJvKb7iZQj+PkClbQW1Lmw2/syzWw4I8zmblgwD5KnW+jTNFWVEjhFt Im+kx/njeqKjHQLrl6rI/59COJ/U6X2Z+zlzpWZb6tTkTPTdzILJ9q5X/oIZPfNtLx YsPUY/BmonW0TjFsLzbfUrqLBl9bQ9hHMSjHDLnHvCFVtDOW0+CKR3gPP8A/0N6AXP Z0V3c8QcBCOGy56LPU4SycoAdhbYULHEBhhR4EYmxFsP4FDmzn5b2wu0jp7rRJ8eYV uKV8NlDhdQDtQ== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:11 +0100 Subject: [PATCH v3 02/36] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-2-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wVRPBwF81QwuAAfHka+YbfJBsFwj9E3IMNNrus 2znQhqaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8FQAKCRAk1otyXVSH0DKpB/ 9pHBhjhaJjZB9lpMdNi3cp0cv7iYnygYFRTHP2i2jHJCFZWkjIM9q5ZGzHbz0XxziD2Jvfu0FQSK6U yoTifQAlyZyMgOjcb0twJlVDLNIvgiy3AuvE2CnpPNMUq56YZDqX8wMVDUXfr7I0B9C+LL8H14OGvi Px0q6QR2PE/xHeVpTwhUR7r6sgg455oDOWRZp6WWwtq32a8MEy3v/tHxADQtn+5P1OxfL6skkPINyH Qd4/Z8wzHZoZMqRunTBaJaA95Dxo6lxhNRuv32JApLGdr48EipVoC+Q7qGZNQm+SCKfiO06QoUiEE0 ftju6NNrgqaB/gxFusDcRrQAtMuqi1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: gqno5orrid4zdf3j476poba93wqz38ky X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 71EBC40016 X-Rspam-User: X-HE-Tag: 1690811461-506783 X-HE-Meta: U2FsdGVkX18oJMTT0/LKSXNg+m0tmwG/t36Y+R2i+xgQZXu+H1NVGLUyZtR7QFJ+7cfnhRBLlVqNodXmr/3NFz5EpcYnFrLCjND7SREaRiwwa20ffRN6EcysgD8+S8QNvOkpZteRsLT0clayGszD2mOEHF8Ssk0kIIMcP5DFRBofdTV5pdajDo2wq7mjO2XuYSTzrCjgYa6mvX6uGyuBYFYtE+/AsG31j74MrSBaKaSHTWBcjlvrPyW7pnyhm9uSi2+AJRqLQkCGQk02Qmnd8Y/3/d0a/VSsBfw0BNqiy3d/O4AgOBKaIZlMyLlVCwNljupIzh6sH/6EackgBwV1icrmZWXlvPVcgPYns4Y82rijKay3A6Q53kEK007lEZensTNVIqK/AZ0O/UlQrMOODD//gR+UVWmqlcPLHib/aGQXIO8TbIkqkVeCgIYRFG6ObCrIZjStwWAPI6P8S+ytKMG58fZUBHLaPNZqZdDG2tK5bJl44+0FjVxoTSMEMdSHmsGAJ6PCjlbmF/5KTt+NO7bD7ojKn7jUcaqFeEoQCJtDnjYl7NgWeByUliz9hPPZgyq3HIEr9Ae60gDvmaRzMJ81V5tUOZTJTPloO+XnCn4UUBILC1VGnokho9Gz+SjwZ+RzsIw30UjNhJbPUIF2eTWvL3VDxtOtohSxDkSBIFgdWOUrOyCoaV+IXBxzUlk6ovaxZS6zOysTXhdcXls+s94jeNKZ6kdLiLvXHImYMD+nu27rI/JMEIpqnnJPMVM9mAQaxT474qLSO6H3NAZiFVYf43sozhL3tYKh0ERdpXJJUp2J+Af97vyylrujQCKG9o+zzLyqdzQsArEcELhvKFQoWBy2oxwsyjGeAn6CAAnRUJJV/eGql93fTB68apKnmJADwxDoskBsyCbQtNeDKWndyQwdHpPhm5murEwoC2Z+1HQbJCoNpoWD0j15jCiKNGAArUq88vG0VLMwaBs W9nAaSUE iVvO6NeRg1g+zzlP+Edd9kfL73fFimjFOX/6oM/U6+hQIBhnS0CNfI1LqnlDPuYaSPEdEytQ33uqHL6jwEq6fAuj4sShKAnW1Z+vMftekNort4lFKM8LHQr4JXXJOfzRiU9a0yH0LX0JeJsclPWOPimnUU3BDiPAyeP+IAD5PxBmKqYyXS7uYcj+S0FJm0avOyk4jIl8o+N8/eWFQOmcYrbcq6a9z8jAcxWBDrd8dKOtUKWwFTwbN5dLwaBChvZ9eUsnyEZvrcSZ/tBHrGNDWMMyRqZps8M/69hWvRtiEZFWZ1Ael0mGA4FOpiTH77PbutJbjDiUAwvgN5PrfaKMUEY0UpiYeH4TlIuRfq4+Pr9qn6fcCQgHL0n5iU/gnTCoMNn5YwzIzI5K+gs5fhOSiPfeKE7XG0xZVA5S0OWAD7W/X2Ng= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Mon Jul 31 13:43:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334666 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E99D1C001DF for ; Mon, 31 Jul 2023 13:51:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65C99280043; Mon, 31 Jul 2023 09:51:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6343A280023; Mon, 31 Jul 2023 09:51:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 522A8280043; Mon, 31 Jul 2023 09:51:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 41182280023 for ; Mon, 31 Jul 2023 09:51:10 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 07BB180B36 for ; Mon, 31 Jul 2023 13:51:10 +0000 (UTC) X-FDA: 81072043500.11.89CD110 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id E8F29C001B for ; Mon, 31 Jul 2023 13:51:07 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ql0hB8s6; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811468; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=efWpO6kQZ4NBVvO+VRNIClHcValqnYdNn1UkQ+vSR1Q=; b=aSC+hoN9ybFmBm+CNFRoLozC5uo8LoLDjxgtM+VGH5g4di0/Ec1mEz936TywzpkCfGRLIg td1d2sWsSphU5ZCdRAg7fU0K6q7cSgCxR7AqKK5tKfGAQogJXBhkaGwc57Srl9c0hJiBVC jQ893/vhI/m1DAQOX95apeCPinlLnho= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ql0hB8s6; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811468; a=rsa-sha256; cv=none; b=fp+zc10KQoM8Cu9ti0vy1fI+UdjsLWZ+qfaIO9VjKEsinb3TTuPsPopQBBboILi90PnUFa kAIwfNRrmukE1wQrsx1s/XjMrzqeE/t4SVpuWAc0G+NQ50zTgULfddYB2zDN+qYXP6Kww7 7vo7+I3nq7ECoWeb0oarX6TG5CyiZ6Y= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2A7286116C; Mon, 31 Jul 2023 13:51:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6FBDAC433C7; Mon, 31 Jul 2023 13:51:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811467; bh=JKDtvlLgCbRxcWm9rtPAv0aBzdkLrhP5DYKE0inZ7vs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ql0hB8s6fPzQbhnSzij/M9BYj7CMg3zEw7Naar1cRWx31EklXdXr/XUe7db8Ojheq 0TesnJ5ZWztgKmSLIGGI9JAMNcDwsiei63Ow7nme8utIDKa9NP2G3NkABPzfHMOUmO oPOA+oXZKrahY402ZGtD0hSPNNDOiZ4T3BC15Y6wWnrGtYDRr02KamonhVuRGExjCf g2LEEcdOkY6rDPfXEJDECEKdLBHofGHmkWUA0h/kz6CDuvRAye/kGjgb+dXnhMcvXC IeNtQ6i39kKBMw8F+Z6F31TThVr3RxV+kTU5OIEx31QjveV/BPjg+oZk78VFsvrnEl Bz8Od21FJ4DRw== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:12 +0100 Subject: [PATCH v3 03/36] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-3-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=10156; i=broonie@kernel.org; h=from:subject:message-id; bh=JKDtvlLgCbRxcWm9rtPAv0aBzdkLrhP5DYKE0inZ7vs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wWfcT7aNg1Tz5m3Z78Kop80wUP+T4jaY1Jf04p NNmpEp2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8FgAKCRAk1otyXVSH0NypB/ oDlbXyvdmkWzvmo4uN7bxskA5ltPikfa1IWNZ8PAsgB3N9XpqK9YZ9TEgw08fvx2427xFxIftnjskf tYnD7uFsBdkKdHKfNKZg8ImtmPVYHPKE/qeu12fHq6J6UNDI2HPYom4v84AEzmZBJ4b6TlS9rhWQHW OtCCQLFc8BjQDO3oqTDxkg9GVxOrJu+NtmRPo7pFTOIVK2hN8DeFVbWUoJasacSrQAz0FblisAh4ZZ 0DkCy/uAmK/GFcGTR4jpxVeCmkkJ6i5U52nJnK4XvbJ4r036dxJQ9bQtA8hzgWuFUEQDATw05VrqLU pZa5IiaCJKwjmUv7vv7NIeiH8iMLfv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: E8F29C001B X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: g9qiacdter8jc3zgnq9bf99y6adcpiy9 X-HE-Tag: 1690811467-465093 X-HE-Meta: U2FsdGVkX18EuDUuPSfvncFPXLkJH5CVblz/x831DT1cbdv6LSbagkkwsxlKjRwfOW6usYgwq9EwHn4U19RVm5l3xCg90bVAvwWa+/uOtiM4pFEF6R5s4NbsklHKyi10DOxseb7iNAkF1YeBggAsjvz/5IUAdg2/0GxU8Ry8O6jwpb0Dy0wOgLH9FWsmuXYAKhwTVgULHiNQV6jt7ntHmfwTD6ZJT4F0jY4ssmc7IrJKRVj1kvJOGf+zT0tAGpWJq0y50ErwRRuAN0rTTjrJPkrxDkSj6M8C6zkV/6SsDNWC3B9+MvX4lzIQgc/M5rIMKK1Ej68IOzx73ovkXvjt0rAxhuPgy3c61Mpls3U6n6HTTBHQXdM6t2nrAmMOv4ujyoxrQ1bmje1oezxfz31RQK4v2GhBIKSpcQffuI5r5TXnygTpzd2O3Rc7D62QJa9kPTvnMb3h13ZEvkxNVOzdGLappHR7hfK1ewkOUiQl9VM0mr55Dr9VXfvIDKiSkNHQNEw7kESqQEVk6ehcx+ifTt/NdzYiOk3TKX8E1ipdOrnn7H9di4VEBfpjvHrwfZoEnO/mG1+XMaBHFoDcRf9noN8ML+S0KbK2EbI/EU2hevDBNRDTmj92tW/XJjmm8p0XMG8sQ5Nlmiacyxxw4fBG0rYFnG78Os2HK7XxXjibdaKsz0i99UL2haJIO0BFST6LwVSVQbfPmZme0CdltxvvE+N3c4B000EZcdiMFIq9ySAkBc7EWg2sn5M9udiKSMt+3xETWIZSK+re40yFRyoccxtgCr4nhaXUCwxVJeuVnrlC18umpXc3wZP+DKCs3ZWGlKQWjOLun1O8axEoiC+VtmojfOht30XNnqiKXRckBmPI1gTXo+u0TtRf8cIa7uy7jslHlfcklgIgwRESzDFA5eARBs3ytgWguFXvcZ4U/NoGEUCSNsGXsQ2w027/XJ2BJQBk+l5c4u/bALCi3rL TPj2uzfy Po7GbkbAJzvug1SfuWxnBbZdsvaDYIf7QEzgkXJjPV0OKpI9ziHOP3pZuGzQcPrxoQ5nXj9m9qCXHxbyv/I9Lc89nam7/LNcLAgqqsbgo7pslqdZTv80iOFmo6A1Hcp+MHdNQXPckpg9qcf75de82e1cjooXFLqCXNg13NFnXPIcy6FvEsOFsYgkJylfJtsiwfB9CZGDovzWDWJIHA+2W159pnVII9OgtFjlor1JH2N/O/qjoiTTpma0AS3oEHbV44mv1G7zFgCV2ByClDevw0kiHdrX27KuEKq5QYFwYr9Ng0+ixR50igd2H8c/kuUrWyfBFTJrjSkBRu3ijK+FLYgguLPUnsnowS+E8IYkPvxe84HWlqQILTe+UVJ4E8HvdN0Eh1UVuy2yxlen0LYmIU3kbOyr7K9g267uLsl/HXK8qic4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 225 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 226 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..33f21bbcc2d7 --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,225 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack for + and enables GCS for the thread, enabling the functionality controlled by + GCSPRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread the called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK / 2 or 2 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() will have the top 8 bytes + set to 0 and the 8 bytes below that initialised with an architecturally + valid GCS cap value, this allows switching to these stacks using the + stack switch instructions provided by the architecture. + +* Stacks allocated using map_shadow_stack() must be larger than 16 bytes and + must be 16 bytes aligned. + +* When GCS is disabled for a thread the Guarded Control Stack initially + allocated for that thread will be freed. Note carefully that if the + stack has been switched this may not be the stack currently in use by + the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set. The GCSPR_EL0 reported in the signal frame will + point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +7. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +8. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +9. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Mon Jul 31 13:43:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334667 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8312FC001DF for ; Mon, 31 Jul 2023 13:51:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 23E76280044; Mon, 31 Jul 2023 09:51:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1EEFC280023; Mon, 31 Jul 2023 09:51:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B71B280044; Mon, 31 Jul 2023 09:51:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id EF08A280023 for ; Mon, 31 Jul 2023 09:51:18 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id B1D9040B4B for ; Mon, 31 Jul 2023 13:51:18 +0000 (UTC) X-FDA: 81072043836.10.44C5010 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 97547A000D for ; Mon, 31 Jul 2023 13:51:16 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UNIlOmyx; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811476; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZjNg0k5JLv8meVnlQQnkT78Rd0wGAKwtkegHXDEiJaM=; b=CdD+VcbQWeuUIglJs3G6LE6tMJyKiFUn4vazMYb/nAReiHNpI0MASeQIR4xz5+OYjVNx6w +IhFK11Y9oy23HhSTsdnB0HmjuyKtpLNkM1z7015dhBA5rpsYCy5RcA1euoqSgOgvXfUTW 7FW/97JKNmmXpBGGLrsSaJly8uPIQmA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811476; a=rsa-sha256; cv=none; b=2LSgIQgbC/udhEbCZKtHbAXlMzEt9vgDz9tEHClCuoJRGr4gsxcHKSaXnkK4q5fjLTrekI Ybe+fTrAuFp1I9CnR1TlbqXN2W+u5EGKKXpwh2uqYfroxSEHVD2A9w/TFfWc+Se4FSUH0A HzLCe4VrhVlkJ81ov3GaInoDtkHIU6c= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UNIlOmyx; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A2B8A61158; Mon, 31 Jul 2023 13:51:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6ACA5C433C8; Mon, 31 Jul 2023 13:51:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811475; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UNIlOmyxQlsDGZJJUlqtBQ3pKGu9374jbAVXpf249MEPk/7xOISrn7LV2miW34Rap JCt/KtM7Z1890WzrDybSb/rdV0lg1nK864oQ1Xr+yw0hGvERsNGJCmbhh/HgKJYgsi B/IE8cXFog7znQKMJee8kLLxJhIdas8q4jjEYDEhZ2IWxbLZDL1k3Ajg/kfAH80SY7 ewY5JqHbjoPQ0U32MHJMM4U8gI+3v9eZLqS5ipEBAprGwZyINGZfhUIMpIm5bqKhdJ GmRXo0dmMr0LIVtM/RUi3JCM6bneJhkXdrK41dEx43Globcmw0xBTjeo9qrLGJJrQC lsQBTeRA/Xy2g== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:13 +0100 Subject: [PATCH v3 04/36] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-4-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wXrSTFXcgNytPlNbVq48jyprVFXs18BW465j/K XAkAlKiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8FwAKCRAk1otyXVSH0KzsB/ 4tiNeZ4UMeFymPGXy+vrRR/CeqE1Eo2278HuFEFxg/jAeMprtm+Q2Fj+OKMW0OieY/iQho/4q1MI2t Ryg3boNagu4L7zayoqipT6iYmOnTZEiXNq6Ay7dZGKUVlwDCQyBS4R3yRBqSg1zFTyW5PAdEUtU/lr w3P6Jsn2bcskmRpz8xfmU5xEO2/9EMipd7qtZkZmhUUOu7inLemxyFMVa6a8jGJGYWjMWcyDASadE2 90TEAvg02jv3I0ncnhZTsLPzhbwKfg5v+MajM37byix/EGh4307GV7NyPuhgbMBzdLccRPE7L5gS6+ lsnNZAG/7AcRFugLOeeh3M6KxrQYhS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: hydsim3j8i5jjtfjbjpa8gbr4tu8mrfz X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 97547A000D X-Rspam-User: X-HE-Tag: 1690811476-67719 X-HE-Meta: U2FsdGVkX1+B/nTB0jw4ORfTAi0qkUOTNW3roAyBWVgmIYhMLmxO8XHtP/mXr+i7gp+KnVhDzWc+8o19KO6LCBrIiACtM8vp1cJtCXgkLSwbgri9G6kTPP7zPStpRQoB+OlbDSBXXXJX4eFiGAcgMwefXkG85KT/7hN7J/w0zDIelmkwwyshQZfDGUqkz64kVyF9ut1VDM/9XLoSaZF3ShPwZV0r6V5xtUpBJx6FgSDPPhS/Gurk8MjGM0/iCcmjoo8Aab9rgg6HVjar/rdIPaZp0PESNfi/s9AEzqRM8Afsvn7UxbTc/SWMUBUMUe4+Xf7vE0nLl7uK/KNkq2X86yFJsTGRzXHTzWGzTLLgVD3f84gZ/Qq0jXB+WoYvGik5cVpoKyPRw7nyqcAQXR7a2tk6wSwllJNUaTEH3CnHNezYRcAiaccdWcbptQVFuiB9IEaq6uLV6B3VPWFUKjWWbnS305IWGzhfIFPNmC8lodX0adX4wdLbf+U+YHUPHgbLFC3N8euZW6tDk+3ANj6tJOV5yaa7vxwQjTIXfWM7ojGalLVtHRUqG5dUEuOphzIivTuEHQ9eJ/5hn0Z3YOAaEuhiSbzuE5OAeb4dtik6aa6EppxOL+H4otiRy+ve1xL4xOya5cf+VpV4npLOb5Cj8oc+lcsyAJez906tq/rGwU1P6QzK0E7+nJOy+Ndur/B2lhBu1nK09neEmsJY8jgny+H+UbNFIY3HA/O/foHKuC0gyYePUCFBlv5G8i5xGZioh3JTsEYnxznP2lZ/f6Tvn7lJjrgpd9AJMvq9Ezd9EAkWB0kOYBdple94DbCdzUnWhWmfTO7wbWOuwc2b3Psx1JVaAdUoaWJQ1KmWMEnHLLjmyq7xbQmXyYQocOY3/QYiuIopJqOvUfN/3vs+bXXG5RuzuD4k4wj6QeK1PUXv7L3rxxM3C8iOUBWwFi10w1mA0ebk7BOHh6I1zfdVHWi 8zeUEcrU eBmhNQaW2/hoFnFhhygKtMXa2N4hm+7NkXNGHgF59+kcBcaE16pTyZi6V+KsRaRGMxbWlOK7MZwU2UWlp6kb5mV07caAlUoB4pHQOgy6WSvQAkW/pha9uiOSBfvNn8BboEUJ2NnpJdsdqj27SqzuavCfTFOGqHgMYL3Y+hiwfd1ztynkZTJ+GtiapvbwYxhF8fENZuAyzTiL8pi8l9zrPMp6XfjYYsV2br5sysOD7yBsm5gRoW/BEiktGx11lg7z+xQppz7PxsIvECk+5zGiEAXz5q0nHo5qHPN/UHAvBcCY0rey57B3rjVQlVGaUlJqQTuMgateMxIsUnCOO2IrI46i8RvJk2pVncAHbjhezZA5Nqe0GX2UHveWsn0OgO8BLP6+SOxpjPj624Tvsf+577UAbfqaB70TZTJXA X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 65866bf819c3..20c12e65a304 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1780,6 +1780,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2010,6 +2045,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2209,6 +2248,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2268,6 +2315,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Mon Jul 31 13:43:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334668 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D184C001DF for ; Mon, 31 Jul 2023 13:51:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9DEA7280045; Mon, 31 Jul 2023 09:51:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 98EEB280023; Mon, 31 Jul 2023 09:51:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 85730280045; Mon, 31 Jul 2023 09:51:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 73A10280023 for ; Mon, 31 Jul 2023 09:51:25 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 3E5E51C97A1 for ; Mon, 31 Jul 2023 13:51:25 +0000 (UTC) X-FDA: 81072044130.11.978F0EC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id 2E276160029 for ; Mon, 31 Jul 2023 13:51:22 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lsLOZTpH; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811483; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=f1Fjfwmv9c20XNlM3MrDH4yBU8vPb3KKbDiNXIhVRLM=; b=iF4cSgbjUy9re61CDjqRZQY2pzsx08ubVK0TqmFOZJK0AAvWPsJCXbmHvIxXRDp1ggo8Oo ap2t/QcMesrmriI2+S6UPB91NkO/fiAOAdfPfHIJA9/hmpOerA+WgkwDrmNy8pntDF200E uId2NpFHOBY7Vx8ScOoIqvDxtL6r7po= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811483; a=rsa-sha256; cv=none; b=SNZ+/wjOCpQ8BO6LUF6fQIzmijzQ7LVumtkCPHzyp3hkdemkN2S1jTqStG1Px6fpy6wAYo UaGKF/0kUcColB54vPOS3fAI84nCvc01/9EukO2larrVVc1ZWbZw4Gt7Y9Uf+tY/GbTw/m /HWXVXKksbwzFdms9XcZK1/kq7wfG90= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lsLOZTpH; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 16B1661161; Mon, 31 Jul 2023 13:51:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 840A0C433AD; Mon, 31 Jul 2023 13:51:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811481; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lsLOZTpH+8SBzUiTw8HV48Qa5qh/ezBf0ELFVjs56JxaXGKdr28bJDtnWAX9B6Rvi 43U2G8PKboTs+GpKVHPPT/xl5ps1RR0DK4QNrokPeFaLkdB7LhOETYnUDBdVSUjWhf FZs+Z42/+MfsQpFy8B6gKx2wIBq8a7kZrZ2SnMiHQrzrRlxPR+CeA8Qc/BsG9+Q2Qg sS7D7wUVktidOErGrA5ZXAArW8pFw13I1ckiFdbYuJQmY7mUGxom54J7+UpZacVIQn xVQ0V/kkjKlxMd++2UhxCCU4SngpxJXMFuSKr0EjY9cApGzjwW6bY96nFxmk4hklvz 3Lh+i0j/k4tIg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:14 +0100 Subject: [PATCH v3 05/36] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-5-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1361; i=broonie@kernel.org; h=from:subject:message-id; bh=k6DV13RSkbr/e436II0jx5LmEFZf9bksk2EmOe6Nllo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wYerkhf4DlFAJ/h/2aEAXpsdOEqzt5SXJT0kfw k6t2uxmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8GAAKCRAk1otyXVSH0H3eB/ 9FmcAX8XCOxGc6hnHhT+sSmRPLoo1VTaogIvPtvK109vuA3Mi4J7e8OR+wew7LNQZCFspKHyuNLS1R rTq1rCgZ8dABBitJKtqFOHBtIdqxYmLBkOOqiY8nwYU3Frl93OmnVpWlrGeaOv6l6UbgvC4MPs6JjT syfR9EcDbaezL43OCpXQoboq9SS9f3RhuETCMJ9NfdoSCJFFBxaQPHlGqissKqyIRYb5MpxBFQ24RV LH0PuwjDxl9bn0v9vRJi2DQuQYHV3uIbB+A87DHUWiYxp8MaJ4N+MMzcsHPfCm9ui5QQ6g/6hnGnN+ 23e2StffnVm67pHbOPI0IL4pC+i5+v X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 2E276160029 X-Rspam-User: X-Stat-Signature: 3wbtc33944ps5gym4dh1o1eeo7nyeobt X-Rspamd-Server: rspam03 X-HE-Tag: 1690811482-241001 X-HE-Meta: U2FsdGVkX1/tSnPDg1gouxZgF9GhMQxf34Z9UCY5xJrmpwurUVb4Ve5OC4Pi1EhT8Lr7g932jXh5lSDer2u8TkU1wENHk6jJwuu5VoZHaV+nUTxxcQxC5t6VxGuyCN+Tm3Fb1nWFC7QJ6JFROY7pzOUtzLw2urVG89cO0o4tlA76YXaajnYcmBA6W4rNiXIPgdh2KmyBuBBnbu/kELZZLDLeDc1cHZi4hg/xqaTL7I9skI6wCqgcFvMDm9Bp5/CI07MtahUH5AaEIdVgkDiiSOJ/zNF4Tk/n4ctlSOY2msh1wfk1MmBhlgcIqC6XIEs2KWqxd8IW/DzKGlc7txU+18XPzeadxKkmMOhMbATchRTupzSYtVLMkhjJFXDfB77i0otecqNVDmv59dGzTTFpfds6Fn5PRIy6Masx+JFcRnEZGXTEhwQLPcHpdl7uOU2zEvSzt0aESAOTb51hL/QiDipP3Y2xnMEoILEr6JwMaeNjkl4dVD6B0DVgcqYs8o45RjcN9tK8GCHbZS2RxpfbOitgqtRAruQdK72llVZ6o+24mKOPOLBm9gCoH9ZYPQSQDlRshUZXWtCyHUadypGT7EpT/y3FFXg4eft9dDT5SJoOdQ33ukYmnFaRHCzOt0h3bfT3Crliev2bZ2lHlL75qK4Hxu988sD3j7EzUSJJAwCdLprR/kFMjZ8euvJXa7UZCqmN1mEFkwIDAxLYt8028Q9zcX5lXHbYw7CZmrt7+xE4aCPbdHhdmPqFXH73bcgbznm9L+8xqxNzgagX2ijOjU2z8oO5EZOpIFxJSP7dLYsR/O1AqyRwZ596jQoL218iGZt4tY8b9b5IOgH8HxuV+jm2FYOghDOZ7ehhWbEPXJAGPiN9eHLhhVdasUY1nSxiPGHO2ToNS6zaf8IwG+kZy6wuBPwbEIgjlRxtiSdXDIHI9tyIfXHC5z4Xoe/BXKH6tnChLgjMv9XSa0+zV6d I4qbFT6v Xn4ezGwKWw8CvST2XXBmWIGxWdY18O0YivY2wM1k9ApQwrc8VYlGldXugcH/oB9DmtgWWnWCBrymUTJKDhcOhedjW0QDziA1Sv9F6toAfeW4qekPTZ/GzcJKLo+G42iPXnznoLEzwdrWsKzYWkMFHZxfG7CYSttrztPA7Of8XIl489IMqE1jbBOI21XMx6z04XlRNzj8EsyWjZtSREpQYcrPpF44iLKuxgTf51iGiBnWwXVLK33IfBCfp9ZpetUW+6ESvWRfSTumB4fgy1UrV8srEpSbx+VRSCDozqDNA78BzLog3dNWRFTHHGDX/V8aasjGtctvEjWsSExBVzxB+VsTc23nPwAb5n6PCWMSiiUgAW3p+M0fk26rz+lBlpLZJKS6TdNVom6/RELnskEE+0PQ+lIjFJMnkDxlHvoZQBfS+Lpk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index b481935e9314..3d7f9b25b8fb 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -730,6 +730,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Mon Jul 31 13:43:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334669 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 772B0C001DE for ; Mon, 31 Jul 2023 13:51:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C8E6280046; Mon, 31 Jul 2023 09:51:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 178AF280023; Mon, 31 Jul 2023 09:51:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 067E5280046; Mon, 31 Jul 2023 09:51:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id EAAF1280023 for ; Mon, 31 Jul 2023 09:51:31 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 94E03140A83 for ; Mon, 31 Jul 2023 13:51:31 +0000 (UTC) X-FDA: 81072044382.08.4A2227F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 5D72718001A for ; Mon, 31 Jul 2023 13:51:29 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tZ0mtVgG; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811489; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw9uk67+s5HTS/4C+7Hw36JUsrXswdGZ2FWphnKG6DE=; b=QW+e5+odXNBnOOK4sbePXldwzqXvRav8Jpy7kaOfQtvi1c2k+gM6cf1qJz6pX5NnepTbZq CqKn27HzBGgZvU2loflJyecYm4A8RXLAcQFMuOZTz6sL+5PVHxDpQewo/a1OrwfdOIGbx4 xUeyqzBBqTcxpndHstocIIGhViZAKbI= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tZ0mtVgG; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811489; a=rsa-sha256; cv=none; b=vLA0lRwxJHmnWBQEJWexW3uQqh4igfD1AYOecCRje2L2BoiMyGjTHWdLCGO9J17pJIrQ+U PvIlGDyFXmvhVKsAL8f0EkWXzc8Fe5Beh1ipWBRf/zKQzx440Ql/JlcT83u8YE38hMm9am X3dUtUbLErh0sbQlCZ4Q5BkVkZ50oYc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 55B3361167; Mon, 31 Jul 2023 13:51:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EDF23C433C9; Mon, 31 Jul 2023 13:51:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811487; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tZ0mtVgGDNTbsC0me9RZvJkswmBEIQcoj/AN5nwmGFwL1Y8OVrdc2b0XShKGL4r9s puDP7rOxTZrPVPIfRMkV6t+XD/3ogD4QHdFEf/0+CGcRu3JeYKhRYCCQ9hhmweu/S6 j0w3nftlbmHhm8F7JB13RqCkpZMbhMSeMRBcDZdlF7jTQquihSs0pgIub+k7zXKFT/ saYc3fjnQDqqEInpE3ff1lC+8+A4OA1bBdwl6OH2rwb4nxOr4ih/JRuMhp+DT+sRnA Y5X8Gb7948++cW+lGGs1Kelkv7tzQtKSmpcpAKHkzfT8l4Vr7Hop9eHqszsHMHVXU5 B+5rwOZlXPb7w== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:15 +0100 Subject: [PATCH v3 06/36] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-6-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wYrQknxcMFlI+zXyyFjVrqAyFbdP30d9e19GKh YDA9b4qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8GAAKCRAk1otyXVSH0LvYB/ 9nNuc0hiQ3DUndmYc0z2CG75eRkYkiKY1KKjiuK2A7oJzFhcasbQTA8d5ibJFwyccDP2QfoM8UJ7V7 vD6AivBvRHidGh3LAm7IgfoNE6g9cETUZZBe40ToD20JqWUQ/WAwL8VFDACP+BVZo6TWO1zakWM68H WGAyRdbnJ3ZidPiOG6EvZAIQtZcc3wre4PaJp7rTf0prFPBugkXDfFB1Le6GyqvuqxLUUFzTKckoKJ YqEV27W3dqNVQrCZR9K4HxBUXgvQ/Ldli4mpEOtc7p7MMR7sDhTe98w/vKoKuatsLmIOCvSDEB5mP0 fniuGIluMtAs+bPRvccs8MqjY/P9pG X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 5D72718001A X-Rspam-User: X-Stat-Signature: 44cu1jwwhssk4hw6673otc33xph888px X-Rspamd-Server: rspam01 X-HE-Tag: 1690811489-352047 X-HE-Meta: U2FsdGVkX194ZojtD8gE6AmGgqeQDT2gCWOYSR7SAEbwRq1S7QtuXORxaf1GGDjInkiHo3npB0zEQXdtaegIIYCA09BjBHlMH54fhEemqaQBAK+usnSgH4eup17N/qz3UX7N/EmYXRE537Ph31sdEo3H5d/fKdJR9cLNLVIpDOSJsChZ0/vRD6tOom7WA6pRf+nggyDsGcOQWMEf/sVRUKfMxg17HfqoaZKbvP6yU6Ig66jeZxXPMv7rxzL7IqtP8jpf8NtJLjYtBPxB4pDSYxUTNh1QvFIh3KOkpN9uq3tCQ9Jip05OENhJnOcHAfiKaIebHsN+gH3vUT7KZNJ2G0C3zszj663cqbKHKTLWmeixpjIjFEizjCRIzL2rEoBQXTehMc/G12ovlTFbw+XA4EkYYOokzbL7Q3n7oAEnoCoM+oPwiZJ8zaaGyaCyi7LXPQnWjKmZyPQcTg42RSX+CuRpmPP/krmldaGn+8wETKFNclfYzW2XrXZaQb0MThrlqVvMpsnqW1xloZ+Rxua3AlbO86uoyYUEzdxGjadSAQattFxolYZg5XZSM50MLfnOmoZ5+OlAXF3H3+GKqrG6K0z3yGE+hi5NuHS7cWqxcM9OnrrZcEx1iBALBoZ9i85vDFCoJSGClvG5WdurySMiMgMuC2w0mGdkrOtioPiT46p6bvX9MyfRDPpaM8obpwckdWXVZeECzxyYe4cp1z3sRVh5Dcc4INk/5ooW7pg7yQvwG7ZlnoDBoaT73U7ZO7qJfQZrhjwBuVBccFdN4cokGUUYI+vAVcx3+vbw3zBo1LJmQzV4E4hRApMZTlESBWl3RhS6wSWkLmlndNJtvz0rIW7dVmzSJkP1VVd+oHkC7IUqtuO7eI3wAB4ReOiWi53fE0miOvBtmVXomH53FGk5ti5aAr3IJns7zXFBxZS8Kr2EHPnDsf1Hj2TVvYwMT9mBClNaZTdkh6GoJVbq4if iR5kKIQL sFquVdxN2eBwI7uarNRO/qT4lkm7a66RrKOa+fUHRSIfGIxvubFwvoYI2NUs28rPXKIJ3Eu+5W2w70YQq3c/+TdHUDQLdvnJfh+UJIBP3pWzkO3ZVP3cHvIFx5AJ7T/pX9IOm1MkIuM8ZwioRcViTljaZda0bc/thT6fnBfzw/ZyM3eSqpfCOJ+lcK9dw137Vmy1uQVM5Ul1KNxhuplXtvRsJOlkB1SEm/QM2uBDwi2HudE4nYuH9fTZLG2oiKzlTP8WcZuJIpyHBJTKr24kLbNYeN/P8IpxEpB5oU/emyTS/4l445JbMAq+eMNVljAoI3Gm4rdM+G+ilKP69NVvmhWV4lXey8aqQtqYlMNoUFdt3QUP3rYfa8oHefQI6QNwms8pIx75Og0gM7ipbL4gKpf9+qgT2WYTHLzUW2ekMIl5AxDA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Mon Jul 31 13:43:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334670 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F90CC001E0 for ; Mon, 31 Jul 2023 13:51:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A181280047; Mon, 31 Jul 2023 09:51:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 15286280023; Mon, 31 Jul 2023 09:51:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01AC4280047; Mon, 31 Jul 2023 09:51:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id E74F6280023 for ; Mon, 31 Jul 2023 09:51:36 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id B3CC214027C for ; Mon, 31 Jul 2023 13:51:36 +0000 (UTC) X-FDA: 81072044592.27.9DD19B3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id CB68E100015 for ; Mon, 31 Jul 2023 13:51:34 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=khHWcmOu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811494; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; b=igHCT6fme5xXv/7tybD+Yube2vd8XA6HjZqyHaKajpF7kCgrXxkJwuNbz2+g9+PLOkEa0L +AomPiOzvQSownh0bdU4IFPjo2tsKUF7eNyXmNk78ZqIeBE61yvq+BvBNx+8FgYb4/HtXl tDtEUQId/kWZt3ZkpPxekaeSMJmgrfU= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=khHWcmOu; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811494; a=rsa-sha256; cv=none; b=KqdB4BZ5/+6JilKE8jwGqLLAbNfZxEmU4YVRWf5jzpPWHcEOkqrQ/Uvd/+M/v5HcLMRfe/ J99KzdhjsNIR7uUm8whap3q9xFQvXPzwpm4+hGZEAoFs7eQW1CtMJtXswdUEIrCOvm9jeG TopIjtw0qL6SsSoERexs65uaOxiMppw= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 048C06114A; Mon, 31 Jul 2023 13:51:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 191C2C433C8; Mon, 31 Jul 2023 13:51:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811493; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=khHWcmOuBjaxE6JfX6GKCY29ifsNWk4hwBIAjFtpU0ZtoFnNnO8HiOedg/p0qOS+X QjvPxW7wdCDJ0bV8bocXa05z28tQRD5qC4cFot7/G6Wfk+xgFnSWI+YrJ0NxGhUhzd 5946m10rse8O7jOZXXbv+bi4k+tJIL8D8PP/zZJrecrTo9/aj6s7j8bYufzh3fCH7K PMyf1ypqSVvSaFDjRlqwjA7yAx+B4+SMjsDTDSqQlY0NkwQjLQuM02V5ei14rww0Yi 0mPL6O8tAmmPckdqBUeFaxSCb8XvkuMs02vXYdQBdPm/dd5DDKRtOuQ0lrc5S86gQO IMaMlrmbjBYeQ== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:16 +0100 Subject: [PATCH v3 07/36] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-7-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wZKQDFG7EFJkc2bMF4eSCe/iZHqCnXTSHwFYE6 WnETetqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8GQAKCRAk1otyXVSH0CjAB/ 9j+3rmzIjlTy5tKEIChK3iUWQnC1T22r1pFnN8c4M5Nd8WsaibvRYbBF3EbhUZyJQdmsvQpZeY5AJ9 xiHNOnUw+b+9wwioD+caREB9fc5TaEqYGg22UEz786dKDsCbB93fknph1PD0ZW4CnqiRRvboDNuf9f +zfadgAbTpHSArpqN83t6fsLk3mVbGb8owzBVY+WoUxUIk8Mun3G3aQV1Xy5ArSNe0Swks3x9a9xb2 dwVkdmtzGhd9ihuKD1ex2bjSFy38IQFidmvngCD/KC5Ws4H8zF110fSGWDzVJ1ivGTpLOecnPtkBKv Mf0goLJ09W8M+KNU6Mc0G5FsKGd5C7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: CB68E100015 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: qos68wmnyctkk3pk5t9ef6a6rgiussjx X-HE-Tag: 1690811494-870431 X-HE-Meta: U2FsdGVkX1/MkeL2GP55TDqhGcqztXSpO/6/IVtdUK+aD0HfjuIu0Sf1cYRoQdgXotB25IVa4VzPGzGPaO7yyATJrNXDh2QnkmkjgeBnH+LbiQT2uTPOJbW/4iHeGJWV9DoD0/8BDN8z+OB8U4AMfEFSVs6damNkHOmlhW++sRPirIdJTbPYXXa9vwDUAKNYzRvG623i+X8FS2xOsCWbR+yKou/cdUy/HsekaVWjjgtpxnfcQsb0d9cLwTsslgZLwYHHq0qFGXl2HJZgAMP7qtlPRuKale5N0ruLk6nHdvBSWbLkW3HMxNRgLb/F7kqP2JkVs3nyarc8kSlKio5uI8jna3x7HoW7JwmWf1zsb9uSHBTD7qSLqmedJbFQWsYkrW2+1OmFr/9J4KXIsyEEsUTuvUrouhqzSdSNKfHep+yo8M9RGbbBNPuGIg2fo04wkZvniFfVtaJJB5hnXfsB3LXfP7dEVSVMvhiVxbv5lub8ImTmKgz7MNm/Sr9awYwwx5by33/VkSjRdN9xlDuJ7XKA7/31p8tK6ypJrZ66DRV6EldY4vCi+JcqYx2Vu0trlw5ymGl3oecav+fDm4fZmaqeBdPHeJm8X5501qXUdM1qhjWT6h/zJ2TlsECa8YGDVAlGeP5US8J+i28K7W88boLZ2jEBix/oYzi1JP+5Vt+N9Yfa2G2liGjJWj6+4Kwi3lZpI+96om9O2/qDPSNpVzH2CtxxJBGWyFsuyvsDYgNjzleveduVA+hc0tNkJSghJ1wI4YkFdxrZAmjxnCDEkl5OYtOlcK35J/KTiCfec2rhFVcJzM0dDrykjo+EGvmEF648Rj6j41eUMG1HeUbNDX8Xb54H7HxUCuwT3DrjDHCh5auS8piEWmk3mk+8KLARJ7w4BIEJIYoLnSJsj02d1cSDrtUY1SJbbxsossWx/wBAac2P6Pazx5syvhjzlWGfv2f0UV3idpO26gBzyN+ 2NszNO/D n6Fuij4P16CGrm7NLV8yGXAWplewTX4X9NA9d2OKPC88nj6uwTe9qOTKaSOhWcHlJACkWjKJpChbBe2bhS7DcN7RHrX3g5woJoOxRmDZ6j39q0lyJkYUNTZraVnfeHemI1ehcBVSdTp+EQzlzdAiniRkrBCBY79b7lqJlLWeg8ncZPX+leZBx34UgZKnrHbJPKUOzoeJVFnYbufW/iVeOK9lU6d7d6/JwQhaNCWX7pKseRm3bf8jyihEx0FJdwprgIkMQWy0vpamuA4jiWOarqzJS7qfWdFzO1gAIonIZZfA1Uey7gQbjfz679lRUB9CWAXHp0lHG3sCU8U4++EOrNLh1bZNoRAeDYv43KaOte+/V6g9DqFQ3X/qa2sLpbZiJk1lQpWqc/62tXHEhb4NYlUXlRew+KUrXMTkhECEKMEO75hu8VkrCjvAQvEa0s8rt6eTRg4kHs3+qgtuqLCPdck4BSg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Mon Jul 31 13:43:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334671 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A105C001DF for ; Mon, 31 Jul 2023 13:51:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 23E13280048; Mon, 31 Jul 2023 09:51:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1EE86280023; Mon, 31 Jul 2023 09:51:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B678280048; Mon, 31 Jul 2023 09:51:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EE414280023 for ; Mon, 31 Jul 2023 09:51:43 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C9B28B21AC for ; Mon, 31 Jul 2023 13:51:43 +0000 (UTC) X-FDA: 81072044886.25.4121162 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 40B0D180015 for ; Mon, 31 Jul 2023 13:51:41 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sL9ZVZ+I; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811501; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UsQ4evMiiAYwQjdayZkqlkQ8Zju2zsq0zDtbSV9Oikk=; b=1g31OnPcNOCaRycGMTvM0jZfEfsA9bVNpqqgydGZSlB7CCD0BYgOFSV+VjYwUvbxNoWoPK Xx4PSNUrAgemXid0EBHNwZgcAA5e5vULCtDSaNtirys0nZHZ59qC9eSD0fgMh4mnz88Wa8 KAk9DXsdodcXGe2IO+VJOF7sLL2qFd8= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sL9ZVZ+I; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811501; a=rsa-sha256; cv=none; b=UmdbaAYnCH/1+ZebzUTl1wbFAzZJdw4la2bGUCXQ08sGZ1qNNAFnU04X95rtsuxJdNUlVF 1ohRXGXW2a01lchnFXRHmw2TI8FeJegJRIKslAgbZl/KkjWxXYK4T0qi0/ZDnoScTTbZm8 Ffemvs6ndQaW7CYYQ0KoD5KxvpxSv/s= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 80F1161161; Mon, 31 Jul 2023 13:51:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42B6AC433C7; Mon, 31 Jul 2023 13:51:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811499; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sL9ZVZ+IfV5TNNEBThAe75AacPXe47GMKWaM+6wnMSYvlLERiN7oH0xmtqXjLJM+q F3vh1sD1XIlsGRzhgJmH9+eHn5w0wqCs1MOjE8w12Xw2x85t6YTU462MK1vVVBoiyM xxOGHm+ZMaZ3iFoUbHbF+3g6Y1L3Wk2pIpjMLkYOptYsmfETh0tDAPDA83WNVqUFUA yj5qTgHczPIGSY05nOjE+fO5fKAWC5D6EI+1LUX17helHTHw3gYnseBjwmbz82T4wC 6tYNo1BvwPbur4QOEBOjG/xBdGAXv36hjPD9zw0EjVuwPXwQTJVXdGAXFv4xGaaRp5 w1p1jLIgv5Zzw== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:17 +0100 Subject: [PATCH v3 08/36] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-8-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2901; i=broonie@kernel.org; h=from:subject:message-id; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7waihKk7UXo8TXOo9NMiupIexpEkNW57nU/vcKm Nkf1weSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8GgAKCRAk1otyXVSH0EZdB/ 4iWoqjttwEFMCRHpzpL+bj2bqtC386fhdYs54nZCwRhW6JT+giNFSeJpNqB7HR2ArMv/XMX76T4dka NsyaOJLQt2YiCpiBHSOQ8Hto+92KRJQ6BIC5LvV+nuXFvQwhvFawBpl84ZcQPBht3IlaCIDhWmiHbm oRDVyW/9/gAzAkevJ+CDDq9LQiI3ilWc9x5jkwo/4YA2lpdROL75vZFqkHe+xZQ7zMKaeY9VX41LIt qI4/sfihh5pXWZItaT6ffO1qf2hHZ9Ovbn1I1e/alf+URq9C1/tUZ62LhxRMYbXpMflzrqD51qh7qV BNLGO2cAsf3FiVG/pIkTlgS3regsCq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 40B0D180015 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: wobziutqctbtgh358rj1bw98m3ffbs6y X-HE-Tag: 1690811501-445030 X-HE-Meta: U2FsdGVkX1+IFke+T2BVdpa7ArqzKrxhQcpjV475H+p1nEq5ps0GBze5MXkr5ryqeo4w9pOZRuOMivMRyT8bfgRGaROl+WDv4mWm+46j6N9r2P3R6OjPZgtfGuqj7r4JjJ54CeAp/DAHPzeTH6TkGAr1ftKYbILygWaovpjt5wq0x3hFO5146mZeUfNgwy1xVIPTyXoZSDLUSQBReaNoqhZ78BWFSWps0nfe88NoB3ynKW/1LIZ3PSWrEUnWXF7kjEPVYcCMGSwb29JR4AmfyHVqHTKEBR8Y13R2FH7bRdpCiOQQY4lzJL+8SWBmwxKqm8dG+potC+AFvyul5Kr0+OkcJ/DhRFp0CZUaQfSkEmo0aikTfJXxfizqix40iJP9j77B91MX4M33SOwQgrkSpPXPp7Iz0D0EMDXp8TtU9g47PnskF6/Qqk2NgXX+kyET/07TXJKICNC/szPiU1REITMssiziT/fWXExM8KwAFWJqwuNucz4+pzJ4FvwMThqATVMVTubnw7yjxxbkY1a1v5hM74Uw7HbDxJGTgyP2iVA4GXEMf0Bxk8gDEjmE58XIKrmPZaNB1XC3MXG61ZVYQpJRqvBIO42rA0VxjDySG22abCW+QzzsM8+rlC/B8+dj7514ebplExnBfcmxtoJC/xH4ge+/k2R988PHKEqIImLABlyRKrudFngAJ4PF46BgCbLt/IaYNRNrKlDKKTTOFkAKrREMi+4y1uBrmS0hGcqf7Z70YoR1QaNyGiqG3SsrhEd/dZ8itxnWuKd6/X7pSbr2MDQNU0XpkjL5eN0Ei/MFnZLHAxjLNt1Ph4rd2VLGPO7+0K7U7SVHmgqzALyZwBnL1TLFC04HPLmnMnY7FKNH0BP7zgt8usm5qaOTToAVNPMZzZkNcsa66ZEqIo7yCYs2NctG+vMrPH1dMNCcZC51xwQITSe5DnLt/1vDMcYhwhAEyKzdCRoMwWMi4Dc HApW5wsE LnJlcAtFvB/fbsXscBjdvnFBfqHFOVhWHf36RyBSxGCvEDkDxVhE2jwVxeWssaeLlH07GxDKiYcXUA5rijnwyAdda07+B0xK4i/MZIXRiwzBm7T21mXYX0PaxuMC20+nZKMH9g3TwODHJBFbI3Vd2ocIFrdd68xbOAloDh8ZrHFMpPJ4Z/E7PACJQoQdEvJfLQcK7OhcXgmSwtUJldxV7GKY+GEHd3r3uMqoH7tKgWkyldfuMZsz/DV0R6G/rcw670iwk+xmDpeZp+wQFp54tyhQcSe2wD/nx+Sg4heMnD2CkXQf+sU0/gVELXrLjCFqPsnLy2+MLxlVTZyJ0h1S2kWVyAfNcLuo0OOqJD91o7hXiHqTzLgkuifkNadgiLp0FgiApfZGa2LIEhWW6hqYO/KJng5uLD+cEdDP5DcuEeIvh2/Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 96e50227f940..189783142a96 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f9d456fe132d..91a14a6ccb04 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -254,6 +254,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2219,6 +2221,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2715,6 +2723,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = ID_AA64MMFR2_EL1_EVT_IMP, .matches = has_cpuid_feature, }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c80ed4f3cbce..ab582f592131 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -26,6 +26,7 @@ HAS_ECV HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Mon Jul 31 13:43:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334672 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AACABC001E0 for ; Mon, 31 Jul 2023 13:51:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4612F280049; Mon, 31 Jul 2023 09:51:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 411CF280023; Mon, 31 Jul 2023 09:51:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D936280049; Mon, 31 Jul 2023 09:51:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 1F22D280023 for ; Mon, 31 Jul 2023 09:51:50 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E0ADE120B61 for ; Mon, 31 Jul 2023 13:51:49 +0000 (UTC) X-FDA: 81072045138.28.332D81E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 7046BA0019 for ; Mon, 31 Jul 2023 13:51:47 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fU0j1e3X; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811507; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Dnc2nP1HVaiEDoBVg12zB7TbohL1GVCNMw7SaItQG9I=; b=GB9i6BoWQ38rqjhVKfz0cs95jOiukuajz/fmVlF7hBUATdyE96QIeh3eIKponj1AqKBynt eqR3WtdR6ebBEzoEXDf+oPGUg+MGipYjejHgDSZ0FEKd1F+uA2c990dr6zNSRYkyzfV1WK 2DPgZ/c12WoHGKJ/Ao/TRYUnj0p1OTE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=fU0j1e3X; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811507; a=rsa-sha256; cv=none; b=0xcG2jJcrxfCeFo5RbpdFvMt5HJayjH763547kyvhiHoyLptP9tRzXqOF4MxY2q0Ms/ddt 3YYHNUHJC6oR8iBgvMW/TZ5AZCzmsdQvHNiBVud72ivj6EXSpVN7g97gqRgPdw6I2PpN2P It8YG+LIwIo90eRa03luq2aj/fw/SU4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9F5496115E; Mon, 31 Jul 2023 13:51:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E282C433D9; Mon, 31 Jul 2023 13:51:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811506; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fU0j1e3XEEFY14TiXG7UZZhtiGdQcVaJOs5YYn0d0HBv9jg++PBGs48EKbfXcM21l 1exa2fzWwz6nswa9PI/q1VsrKV/ioGKoEaCd/wFw46oyOJUtHDM9YcscznSQe1+tmV Yfj/BSODB+YRKETOA9JsiagBphdos9OkeuW+C1ki300H7Mwf1rv3XVT0e5RgzoWJtz QLiQsP1imT8hBwRQQK3J3LXTYOy4ncJHWWogdlfvz1fv9fNGX9pKI3ne5zTbVphfVR BuX9mlgRdBjuQpc+bIVOBRYjRJawSu3BxCF75Ur7aOl7pUy84mCHEyDGUXdad1zdWG 8EpEzINcwQlKA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:18 +0100 Subject: [PATCH v3 09/36] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-9-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2919; i=broonie@kernel.org; h=from:subject:message-id; bh=BgZhQzy1ZDJ87SbUj0QMsK2M0tcAHYl7N7+4HCzYWRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wbr9D6eCginZ3wYzHf56hBuWwZc8mFLlW1vs/8 Z1ZqpFmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8GwAKCRAk1otyXVSH0Hg9B/ 4wMMMHNGtb1FEiUwCCPHCM4Os4PV/T3eljuty2xS5W5ICxaxc76Uh51Yg1vF8LNyZ5GbX6eWv024IZ fPvKbZGSjK/wdcBZASJ5yDb3wMctY0oCPetxvOyGohQyDFm19bO9RLrCRtBQp95FEwQAPCW09YKfcf x7m57z+Ff/Q9vEEsT768+FUHaBidMwawFBpli5YWIA3v0/pQKrfHNZYJZczU3PjIG8qv7cOEUd5Uap +C32Mj1GeQ7KWadnN6L1QSkZ5e0lif5fB2zep4gnKvi4y+3vu0AVtldrsr6qoq9HEE6lN+QPHHRQKV sFJhQkF33qTeiMrVQY/1+8AlF/FBO9 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 9chj9ohofsao18zrgoj3h9cpyccjxj3q X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 7046BA0019 X-HE-Tag: 1690811507-643385 X-HE-Meta: U2FsdGVkX1+dQwNT4BUe4Yv7JNAcUI+ZIBQyfS6eE95xxFVfPQOXUimusSJNl8Uu1AfONsnFjdsn33cfiu4oMLtVLMiEE4rgCyfNsP9R/ozxtLEPYe1DOUDo6C6wpvoLjIEmjX0FzZRwQolu1SREUSguVKR0a5vA/9udjCZko6zMl9MONzrLdpz86dovog+R4wVKj/u9Tlw25f8Foe+23FzeIrj+vLAqg1VcUStq7M0Ois58obvaURPQ7Hn6vBKEks843Xg/zYS9KbjS/Z6LjiAqzi3Xe3a16D7Epo33WGIb6m3Id4I2g1Lorz70ne4Fk7bRL1Oz3b9n1lVDNWYaS5EW6GjygzIHsEVMtuJFSUXWfxRwyP9YL4eDlfq+KuqOaMZ6QyBXpCZzVcfnlte0fO67G+GVxpqu9JKPj5y+mTqfiwGEwqC6X+sddWN4LZUHswGWz0WYR7ghpprGxG00j67xlgo3UzRt/tsBOz/kEhxoYiqioD6yvoO39BGkx0dvKgcy5lX13Iv8FrFcFEjDvIQlWlVmu2zgs2uOeOrd7uCX1Cg5PRJOmdNli2GmU2ItAnLATPEpYjT8J66GDEsfPOuxa0SmPQ/JFlQLANWV3X//uo8JvnVIzG33Gkrgzw70sy9EqxkKb4r+rLk4yJBzg9dLkmqbBnYz5kLLW/RPgdDz/XnzHp22odnPvB2l2OUf0pftsD3oH00p3rTG+qUlE+siShMHzuXDFzVAlU+wAzwdwc05JEWUAHe27y0wuRzJvHDTJF8rs0lZaKxjLGP2Mh8E5d4ROQLdMbtMqxnai7gnJ0cqq99QTR/Mb5drUQMRdsvY95wmnSk4MklgXgQxmK0KUePSWcizj+MPFc2wojG0dbXbERYkm4xSMylkdOck70WAI+F88I8CEfvOsn7TdkUNRTROw2C3mipzXZg6NiTakETlzx1D6z6hCXid35F/GNyXAIjUs933hc8yzLy dF8Ql0ou fLymnrSiLpUFc/846cM0HyzRrGh0aveM689rZ2xf2ioe0W4on2dTnB0yCjMtlrcYasvijq0BxnRZa0zPZONkYc/emaobrhjERlHoq5V8b0V4AVXj8I13tKk47CM9Gf+K2K6448mqDjpNmYPJVzvgZ0f+qdrBZC6w6K1fT1J7gMHstjg0MaRyC5vPcq7Ro9+FyiUPPCe/Wp4izwZEGLIbbQueVhhZprybB5aaKg2iDibdLPPvV+kPG+Plrxqc37+AjfIp4SzzdxsaZWsc7/vwZ8SkerQv0rvylZAuZX5pGm5GvOee5xlalkDJIfpvSrdLsRj8EUfGkGQ/P+eBCU0yQZytMbLQWkzPk4cbOY+hGI768HoEwzMcDsMJpxj/7Lv1MyaPCFouWB8rq6dEJz8/lxuRV0QkNj0EvbK1+d7kfnKa7aUM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index eed814b00a38..b157ae0420ed 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -131,15 +131,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -147,6 +155,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_RW) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Mon Jul 31 13:43:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334673 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEFBEC001E0 for ; Mon, 31 Jul 2023 13:51:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4D62828004A; Mon, 31 Jul 2023 09:51:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 48687280023; Mon, 31 Jul 2023 09:51:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3755628004A; Mon, 31 Jul 2023 09:51:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 25FF6280023 for ; Mon, 31 Jul 2023 09:51:56 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A5D191A0287 for ; Mon, 31 Jul 2023 13:51:55 +0000 (UTC) X-FDA: 81072045390.05.4EE3AAD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 8D1EC40005 for ; Mon, 31 Jul 2023 13:51:53 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qXoeRFLM; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811513; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NBG0tU7kX2ozstMwYzf3BLRb/FaAIwac2wIDi+654YY=; b=Vc0YdPIXrzM6nN5rOcFymbw7LBMugnUUxQeh/BGiCeBAw8LIZYoZqhLbH5WG3Ag6BRLzut lk5pB8ZFxeyuAwKWS0Wo4TZV6/rI1EDq4H76QbyrK5TnwlxrAau1f1lO051xXY2xXiXxLe HPZdXJgBHMIoCZ7VuJPR9C0GjSAUPaI= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qXoeRFLM; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811513; a=rsa-sha256; cv=none; b=jZKfK2JHZhVaKC84vckKTsWp1SYyCaDnf59ffJXuTeWTKTKCDNwKZ8Ga7WxeqhOllhiYX+ 9/PuvPAFqHS3i6BD+R9dwABQ9UqxQRn7u8htW74h1xpZ9jw/eK2D10K7Kh6aTL0y6gdZIa nZlYbZN0TvIYyFipY6FnI2U0yhzZ3oU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B0F7F6116A; Mon, 31 Jul 2023 13:51:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A3DCC433CC; Mon, 31 Jul 2023 13:51:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811512; bh=38AeaFL37vV9MyUQ5JVKuM1gVCMvtkdVnDbNL3TTQpU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qXoeRFLMwwXBpDHEWa1gDstWXEEHjUcKFQ0iBfCJF2J1w6lcePBo/i6CFeI9Y5QVw GVJvkYFg05z6AIECrkSeve9cLXOqlYt0kz+8w064UlspHZkXH/XaawvmKRq2hWPc8Z et4Gq7xTDU8PBiesJLn6Tf2powPoFSO9Fb6sNqIp1XRmXacYZq/5dxBAmPv0uO9kuF Vxyu8Rs/4n5DM9RDgeztpMUTPDR2Cu+29akc7H14VtcOWvW+JsZIpiX88HA89Iid+i 7qdIOpWxhQCKWHZpGNSPN/zYk8IAXsVKjIW8z/xPnKA8fUCTNyPPIOTvHUAQCQtH6I 63sqWGnRy9cCg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:19 +0100 Subject: [PATCH v3 10/36] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-10-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2027; i=broonie@kernel.org; h=from:subject:message-id; bh=38AeaFL37vV9MyUQ5JVKuM1gVCMvtkdVnDbNL3TTQpU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wc+fxQLx5AMos/eVhTjWc+kjOb8LaCH/tyLrqi Eph2tqWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8HAAKCRAk1otyXVSH0J1LCA CGe3cA/HGImzb2h80srHaycpVWYUNkTTKJs5IlcA/d3k+PrXURJAKmJvdRi6ZLVPNZ5XWjFIiVpb69 0KZ4xEb8L2bsjrvc6dxtiON2Z6Js7joQzDwH87E06xwBZqAktGUNHUBYFljhSCkpO9GFmhm+2spmMj 8X4k0CTdl+z/4wUScg15dN73TuZK2imHZ8uzOpS5bBJ0QJKBPN0YbpzWdbehgpwonxUOeSfR8D6Cak Jeda+JA/v8A1cOTZq2iTG0Emh7FnW1JKSaEUJ1t7e0rTAKFEO6RJLp+kwYC0ILj8LpsMhL7A7OUzN2 XbVFnL7eKd5md/Eesl2Of3cxn+YO92 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8D1EC40005 X-Rspam-User: X-Stat-Signature: 5mcpjy71jd3ci3n6rrnebiodw91y8bz7 X-Rspamd-Server: rspam01 X-HE-Tag: 1690811513-463435 X-HE-Meta: U2FsdGVkX1/B0TPlq+wnSh6BqIcfc/lQpL0XK9wv5akDa9FezXaRCf7P5pcv4cT0KPY6wvIBCZ0WuGnkdC/+ppf82rIcLDdgO+Y67hm4kQS6odP5FYjXu/U02G8pdhVGfW5PJ18W4zsHW3Ny2nL0g/ymjeAlchoeEVZbbTsxOzkz/11uqqVa0AIZ2mM9IZXfs3Y/EI8xu19a+Z/dS+iHuGqzHhiZTB9I4QT66dKrcQVFOyEZzDqMaCCA4/Si3KENgBq3sdNeQmVOiB7DocMCzyY6BkuSY0jzb6GRKB9w5Vkr/W/HpoG/wvPEXN8nHx73WM/NOWfuDfP8g0wAFQCvnzBFgJbyUYoEdNXZoydxjeJvSFdo87ez3xIaa8b+yZIyPocdw+Q9rK/hoq+M9gzVdR9qhS9M/Y6Z4KuM1eh/NeBFltIW5z1wri1U2VoyMnBgNSWoNTyl02LsKsHVBAdmhx0NaeJHfH4NEnASgLxtE//c89swFmWiAW+E62PHKaKKEMG9IZsOb4zc3mlhbyrSzw/b2nWQEszVZS6KLJHZnPei+hS+egjcjTR2FkSeSOCt3grzCV9/AqaWxEakp8sjmnwELbPz2KKztcpyo2BcMyQe4e+h6ZsStjBdyGhDYUYSgNi8LQLNb3dbJUYB7+Wqe3VQUJvcIsSQtL1YJnJL+hsHuGDqfO/FTKfgMNgt8CjVfXUtTZGoY3RAZmkc9nsmziehiRU0BCNiditCZCxVAAQ9n5DdxkMAGUzBsnF8BsAouIONs1yr/TdBgxHV9jYZBo1G6HlZBBBTV2Iq7AuXOWH/L4BgGoMnEDcCRU9yS4tkmpvvRmaQ/iQjZMF198yzl0tAKqI2qW07RTuFeWd307GsGLYdAkscyF6WTO4yDjejUXjShXjsQjASxXkNfqXA8ZLZE48B0r06ATfEi3hgvYVZ1eydInScRyKupqclLcmEmrWTqTh6GH/Yhh5Xy7c ZZ3dFUjq qkkNITC6JMvsECn9mjZZsmEWRSl9iOF/1JLJQDJqvJQPMKRWjAUUVPNbTSenla1CqKlbFfQFFw4iUY6DQT9ZZStfEDbQqcJpTli1tlOwlwYb+O+HexaSCMFI+Asex9CixXI9+qbxcz1143HbFkounGAXbKYElb1IXtsrs816Q1W05R1paH+biHFCrdcmobx/Zx7PNnzualt58gWRKU/1cWyuriUMvILJwvLPBFcvqVToeu9Wrt84pfCzX804KY9MkCFxodQMsyn1Xp9SO9+DPx+YBadiU3Yah2uH1rmBmm6gBmB3humG2eXUajMgVET3uC+gBvfjEwLQO8SAJptsADuo+JLMQh3zLknAZrZE/dCNPbcPGsmt0tXegY6CEtt4ZejryIobJol4P0jSb9DAqvTYhNOiHjTAfuGQoxvh0bgmzbe4VxIpIYD1f5Qw6XqJh4XEdxeCl/BenwqEEIbULo+KJtA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 6ccb57089a06..086a0408a4d7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -566,7 +566,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index cfab855fe7e9..e8c50848bb16 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_X86_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 43fe625b85aa..3f939ae212e5 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -372,7 +372,17 @@ extern unsigned int kobjsize(const void *objp); * having a PAGE_SIZE guard gap. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Mon Jul 31 13:43:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334674 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5864AC001DF for ; Mon, 31 Jul 2023 13:52:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E73AB28004B; Mon, 31 Jul 2023 09:52:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E4AAF280023; Mon, 31 Jul 2023 09:52:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D39E128004B; Mon, 31 Jul 2023 09:52:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id C3511280023 for ; Mon, 31 Jul 2023 09:52:01 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 98DBA1A0AE5 for ; Mon, 31 Jul 2023 13:52:01 +0000 (UTC) X-FDA: 81072045642.13.2BB5701 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id B022D40025 for ; Mon, 31 Jul 2023 13:51:59 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="mSSSKzu/"; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811519; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RiRra371vnC/K7aW/lS3yxDUYWSr5hTseY8nLXePyV0=; b=KhBg3Bc+fQeREcsJ6/rN8+M62rQsibv+s8DnXB7kWPRlIjs7N/NhxTmaptC8cwKrNiOgJA /1NUjmFW+nYR6S/R/PTsOT1UCQoBIH1vV/F7moIQsKaPKzCZl+ChNcoZQ+4PvzVcr3QVHZ WMwnODXux3outxXfuQt4HVn+v7LUU8A= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="mSSSKzu/"; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811519; a=rsa-sha256; cv=none; b=vHECqM7MTCpf2KihnlmoeGfEidlxjunGLCDw+glIQS+AM2RKVHoIO8OOXXxYr40knSMgej 9UQl4t7MLLRlZYqTZApNC3iLoYJKzIpIZM6MqEV0Mjg47EqIonEpCuluam4QX5uJom4/DX mPQQZ8Vc/tuA72+Sp3YMAwugw0rFIrI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D2B2361138; Mon, 31 Jul 2023 13:51:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91AA8C433C8; Mon, 31 Jul 2023 13:51:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811518; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mSSSKzu/+QPBBakkr45wlX9iKeJxSV3cpcmQLgAc4ESbF/iG02+RnaTU3bQ5T4R1R Kw6LX+osxC9ep54R3iYjYNgQ+6DT6w7VDzmxi98o2AEGXQOppTzll2hpPv3eBxu/B2 rwMAkkj7K0zr+kT0apzE2k+Tue7Fgxe5UejX54nFqsn7yoFZPLCZJCkxh1wT6qRBxg wdoK63KoGSo5kBnLWsJAnOBxxKxS7UmF+wY79mBh/GPrFVaCENDT4L5MC8AbRw+wNf MQMBzeYPtbwAUNwOXLFT1KOQnCTxZve755M5cURARwYJUkYgPsMg/IE/rbeDS9hkit 7twM1r/XoxEag== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:20 +0100 Subject: [PATCH v3 11/36] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-11-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1225; i=broonie@kernel.org; h=from:subject:message-id; bh=viG5anxcCcnETy6WTEqLj0O+gpdZleg7ylSYSUDSWcI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wcNNzB4eHbwePmvMbzyb2eKoUsPKpySJhqxMYO VO/4ZKaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8HAAKCRAk1otyXVSH0E3bB/ 9kkSCSHClFMS8SVmSHhi/kdEidEpwq32cAUbFcwXkdeJjv/CrJsT5T8aku4YfmN1sY57bMYWiOFJCR rFY9qUYZhNPKyVK111nZII+nZtmV4F3UkxDrfeEkNH6xkOECetiv67QQOmgxwuMd6Mql/p94935ORh jgjiwaG54dImasHCJz8MxPQKdfrNGJHycnUS11u+lW7Vy0+tdh6Q90ATBtt0mrn8zi11TrpPzLB6lQ zhmwTiknW/gyPJFn9WIj1tzw3E3areua+5W8q1LF2N58SVUiovl4RgsSDgWKBCRuV7TMOgnVg8piHU Q4ZHM9VIPmML5AZAJsLnLlvAfvCar1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B022D40025 X-Rspam-User: X-Stat-Signature: w6d8ac8uha6kmzaz87ysxz74u1rcje5p X-Rspamd-Server: rspam01 X-HE-Tag: 1690811519-241126 X-HE-Meta: U2FsdGVkX1/ojnf51zktPR4KD5iO+CJwy5JdEoNy2WzvdAw4oB14KdAui06+cVe/30bD0GgmIDXMjnYRS5NQmb1aYKmN2jI2skVoPg7Awisa7htiWw6TAr65XzhOBNf1NYinQfgqeg9Nem7EkjI5nS9AIBkOsPSa6PT0t6dKKAVa0Gu9KDLZ7uIgtEaU2DZHYYdxHYsdQZJlKLlKGh8WPBN6WLeNz4OqD90s+i6QLaOMkBbi96WZIdE2Q2XeooXSFXma0wFOYkCmORw9ItOLUL49LnM76dpneQvq2cJCbfhL/XbWIY8Uf+WdRTitGfVJZUV3Z2vhFc7I1nCOEOED7pR3nHqOKw+5gb0dcayya06HPANc/fyL2CBTrNZDGlzUjF3DMBUKEEf5iHKmU0TewGNJ/w7LvQlyvRyyzXcVk7XMrh+Duak1pjS6GRaxpduitO+rcL5kn3+RELIJ4P3hTHydWWqNZwGsSSC1CCKMxzQ6nK3TRmXakGsVr9jZ+DZ5XMq2jx8oxGgLFPIgUGOJ8l7E/yzRWMSrws/EBPA8lnipbKBziCFkFe2ULRCEWSprR4WgQb2NR4uoENTpElo5bdPmUSm/3PPMuabARWqL4HuaZ4Ye1Q6lXGlN70urDVBwid2Jx1Nsd4+6q0Xw1hoP7SAoufrOH4y6EvMj7h2qpxt0aMVLTBdCE7S/rYsQ1fOYlP71zHd+vt8KBznwmnGjQDmPTduRdnqz7TqwR2dEohJiydcN8JWEMfFwRH9VFmXQPA4Kyslmsj8VI8kqd47LIPA9baaK99IVoEBO7+HizjRUBJX6h2w7DDs8GW+jfFqjBMWBS/a63y2IY6o870dCBh1lxnAybDECNqvEX3QjR/jpOVBhGsBNCiLgHkYs60M+0uSWG2ZF7MyzyvAIk/v8e05KH7lMnwTfmoN07QYr0A0I6GNBGwb8rxqKOHp/QFo81oFGK3qL4y06iDgWS17 S27+CR1z RMQ7Lxysz9LUw+R0oxgXCQOmH009DSAax9itV2y1soy/YmuiAgyME/L8jSpmQL4rPIrXn02rocsUxvvLPVNqANCYrrgCnqptBXUCjQawpMNzDdba+P74eirKI6fxI18TjwCfYPMh+/JamBW+fe53TCbIYFGtHrecSE+laOql1fJIoec3IyKJYk4J5+zc0shRnio550FmWJhTZbyy5iDWzi6roKVkIu3KL4XmCYFWZ0SbyFRdIgy/IQWon6deaR32B5QeZrdLSRnJX999yRO+mHJN7nBB6ULXzEyD6RCY2XAOhdi2Iq2avy8LbEmRjuN2me8dognuL4gJidLQ0i8fk8qnK/Zkh5G1h6g/jAL3803TKKm0vyMofmPDa3zWsQII5GL5ZNRO3x7mOJqz/043uTm+VQrpNm7oqMl2X9ylGlq0oKH4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/mm/mmap.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e2ca770920ed 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* + * If this is a GCS then only interpret VM_WRITE. + * + * TODO: Just make protection_map[] bigger? Nothing seems + * ideal here. + */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Mon Jul 31 13:43:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334675 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF61EC41513 for ; Mon, 31 Jul 2023 13:52:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D28F28004C; Mon, 31 Jul 2023 09:52:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 682A1280023; Mon, 31 Jul 2023 09:52:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 524A928004C; Mon, 31 Jul 2023 09:52:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 41E7F280023 for ; Mon, 31 Jul 2023 09:52:08 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 1113E1A0B70 for ; Mon, 31 Jul 2023 13:52:08 +0000 (UTC) X-FDA: 81072045936.17.E14CF9B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id E8D0BC001A for ; Mon, 31 Jul 2023 13:52:05 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Kxs//515"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811526; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qn2wictEWB8wzi6RrERix0h5HYhcy7w/c2/srM6xMb4=; b=c52edZCnltEBG2m3Q7kcJu3b8oJXJIuGQsmNrRVd8rzY4aueWPpDKMuRKPdUVwoa3KNiBO LwdRstwiqN4RwealCBelgOsyVKR1qDtq7suaTY8uTMBFq45lPAVUuZ+z0rP0YJ05RUmqBx 3/XvPXwcBaG+fYQacsCmtBTt4leGSsc= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="Kxs//515"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811526; a=rsa-sha256; cv=none; b=BwHWqgErBRDTQmWgM1FiW9qO5brXAUkylsVZjUvXUqO/VmHPTidpSTnnagC95W0ZIRn8Se LYDokSVgcSXEoeHEI4WZSJSAz/i1WPJpR09U1FQp4+GDWbQt9WRVJbLNe3ZIeAQkUrqn+h D1LVEYDw9/+G5awluwcKk3YnBAE88+M= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EAA8E6115E; Mon, 31 Jul 2023 13:52:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B07DAC433CA; Mon, 31 Jul 2023 13:51:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811524; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Kxs//515TNksXPcGsUDIRCuO56pAW9cLWwkKUQPCsP2AIbz64i9hFYmwcVYGmZT3N r+YswiYCvJGdHkcVgkUkvsvrQlyyoDzUHhrc8X1wxCRVQHlFU5ziNi2fk6VEaZXaon c/Z1IU6fy1geftvZaD6Iafk1rPVWb35djvnKcnYSz4Iu8so4SScQnV3XIKmjTRNrz/ bSHli6ey4nTdadCEpnsARTltNzkla9WT/2UR3DkL6lfWy+HWB0y2wdGRV8hFgjnnAm pUJsjtctliPEAIkBe7P8WpdBcRGTZWsE89qcBUsjjdy15A6Lf5Gkt7PAC7bKO5+Rb8 6b3Yc6CdvhMHw== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:21 +0100 Subject: [PATCH v3 12/36] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-12-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5343; i=broonie@kernel.org; h=from:subject:message-id; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wdjFQ/70pWXwHuzZQOS3hNAQ0GVgNF/YD1JvvG A7LHvI+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8HQAKCRAk1otyXVSH0ISkB/ 9nGwbEhPQagdr70ume7OfMMAEfa5PLORLXj5xM0+1YeUpDB6MbLGgcm17sgqexHf5BMVgkhYKBb6Dz FrT5GPossjEi5tmjucSgUqYTcdh2QlMr+YCgFLQbKo/mWkC5OZa+RZkKkyL99xZAuf6RUP6/8spHFO FLQ7wmY8dvb+sk5ofrVhZ/nqB3N3slPcY4Ffz4wDHDtfUUe7KiX9v2E523wbBvxpjoZOINpsbRlRl/ g5ppKJcD7UbVe03t9zbcci6dZ5MAKY/Fzf4SAXI37TBsYRCDfcnY9Qtpwuqyfd0U70I4OdA6pgGr8n 6981bnGJR5FGN71mBBtsMgpC9f36TC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E8D0BC001A X-Stat-Signature: itrmn7g6wwmd9k4oiqkkxhe6uh8gxzrz X-Rspam-User: X-HE-Tag: 1690811525-759795 X-HE-Meta: U2FsdGVkX18Zjmavb/acPFzPtBM2peWyp5IMegJVl5ucf7Qxo3+xNlkNF7CKzWV1YS+9dHVnlwptpQZq1GK5YNkR3xD/ssFccAsNz65R8k6z6NjErOD4Sh9p1yCtKAVC8lhGKYNOjwNIJ25pZPhPqf+YSHIS7uf4wUUuukZO1Ej4dN43mWyaOf+ePMevHFuz5oZZNFyDcUOurQC4W8CDB5yod58o23NLq/PPtU9NowVqu9/GjZduEejZtrmpodFtFXpBfUiNYyw//a1JLG6L5pcAtgKXYV4Ch1fPMbBDaAH4/ioXoBAfl/bhJSlvgKySib9OXF2jRu3lx0woC0JjrbEr4J656IGOZ5ARQ9lThvTr3+qUiyQWsTXDOfxCH/Z2kps5KG9cFS6e39yQ0Q1NFy0U1hFbAYTtLvyagXfshrf6YZW/qLzHtmQPqHYwAFP4BT/9/407jHh7OPTOy+OgCFUQUI5v3ZNzulLLimW3b0EEhTVJyQY/OI0kcgX87mcFDMF+AX0DF+rIiqLavDZtwpRX9ZBGVILxmPfPVFuqjCrcIXMcAHJJwe5MH2BhMOySGc6o84D6jtlAG1y0xBxUdwYzKTSU7wdoU5X7X079jUaPJclyVKSr6m0lKKSraD8t7zag5rtT4XUtbLVZNAT49I3pliQv0JcRlsQkd1xqPopsbu5cIcLhgiKzP4EptWLkyasttrEOJCcUlN8DVrYH/rWMCWhwePKqeNdLt71dOqPynnzqSE70g1iu4W2yhCdnksumX/v/GYtDJ9myJ5IwZQKiS1rSBYjwgcJMxT7okETUGgWZdNvUAsLzCrNJK/4SZWXbOv/d3sg1xScjz+zd35OowPIFNo8G4e3qzTOgjAc3TF9yKG8rSSodvASrXLDdE6mqFy4TIyPJHrNl+dR4Tj0A14XMqJci0vweFs5IlMFyJulI2K8EoZY2i81k70jkF0ybLsz8mAhBygVsiD6 w6jOCLJL a1/s8ZB1QjvAWdfHwfSFi10U90FqWIvjyb8AwD6sRPQvLDIn9hD8MdEAt5hqEXYkzBHZqil49TIvlzLdoLOGM+sgcgU97FoVKkpvdycMinYIK4yF7NrFzxLhZA+xw8cINWrxmaK3ZDjK4A4VQvSqhoCzoNNj3/m8VfkC08hChBNsvY6wMsSr6VVgJYsg2Eg7xpFscCSR2if2m5Va3cc7ZyrL78xppmiHCH9noVyZ847jxHmIKc90wAXyurV1Gwv4ehrwgtpMnRTqc6k0ooaspg/EPANVJFce/JnMIwXhMMv5moJkKnaS8ZHoGOLpXmKrfDnKyCPPLSdtJgWWXYOcxddU+rtVhmn8SRG4DVr0Cfwf947LfCgQjjK6WPEv0PHo1rguU/8xL++/0fnNK2mWpHaItYowiv63db7Q1HyrPeA0Dflw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index d3dd05bbfe23..a5bb00f58108 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -364,6 +364,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1136,6 +1142,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 2ca2973abe66..5b2f238d33be 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2162,6 +2183,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, From patchwork Mon Jul 31 13:43:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334735 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03611C04FDF for ; Mon, 31 Jul 2023 13:52:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9B92128004D; Mon, 31 Jul 2023 09:52:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 94192280023; Mon, 31 Jul 2023 09:52:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 830B228004D; Mon, 31 Jul 2023 09:52:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 74812280023 for ; Mon, 31 Jul 2023 09:52:14 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 0001C120B8C for ; Mon, 31 Jul 2023 13:52:13 +0000 (UTC) X-FDA: 81072046188.23.F1DA566 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id E9C11120029 for ; Mon, 31 Jul 2023 13:52:11 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Hhqg3Z7d; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811532; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9LAG++LcCcbbqp3M6GFrQpEMo349DKDh1KwpzFMW7o4=; b=sOY8D/ixGXgqWTptf/ROtg2vBd9PJ4EooC3PZZ9Qcg56vM2Mk24oag9+AGCT9b61zBfncD DFO570GyVtO8BYCVbwobtM6N+HpXcRO2fmMvnogKOC4S3QZsRw/zhFPLxu4GTnbzuZBmFs n8xeY1oYFZKE0CYZI3seJ6SDVHi+gUQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811532; a=rsa-sha256; cv=none; b=zHs97dBGB791M/iRm6dylWiVI5aAs21MgbKEHFlSIy7eQo1vthPyTF1xsJLngu0PldYxEG GwSb0zzwJaKJ81/MJ73z73Ih/CDMNuH0T/aUlNMJX19Z1VGnEdnzo6wzLMpJtaB/xFzI4d 6ypmlr3G6Vax6ri/RUb9GiRzk0/MNmo= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Hhqg3Z7d; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 117FC6115C; Mon, 31 Jul 2023 13:52:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C89A4C43391; Mon, 31 Jul 2023 13:52:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811530; bh=S97P7xSs7G2VtUJIV0J+B0XZVXkpwW1tCMSo+ZYUeDw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Hhqg3Z7d/EyhAMf3moTEaweiHx3aYObyY5W+jV7Gg+e/ONtT+Nml5u3ER5W45x8As kL/Jp8vg1VQ4xxmv1jZUe6cQysn5S8aLOFr5QeN842tvYAgFWN820I931NQCaaEq0U 295nY5BlmDrP7ItYkvHnvWvjL8+BzRSsZ4v06zrJ/sonJ4ugDXOILBx7R2DUeyNvm6 +nqamxJtNz4gxiK04NjuEO/H+uIz3ZDPIMWwQnTqGjnlsKdC9Bt+FWcK7cMks+PiFa b3V+5BlZ3IgR6eVB2oS4SHyoNh4C1KNe5gPnNu6AIORmMpUaalPMa5XbCzJskIpOGp jnHo/Y6+E/c+w== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:22 +0100 Subject: [PATCH v3 13/36] arm64/gcs: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-13-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2248; i=broonie@kernel.org; h=from:subject:message-id; bh=S97P7xSs7G2VtUJIV0J+B0XZVXkpwW1tCMSo+ZYUeDw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7weWKuhYLK5g91Ni37dRiSYGxns6ufLfSHeqxSp u+HyEtKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8HgAKCRAk1otyXVSH0BgWB/ 0SigxcON8rvEKPM7r8BZqNgXRRXzPpIAR8eyjhY4/O3tZ3Vw7BTTRgQr6SPc6epoxIeiko6QSnPohS aoMEuUsvZ/hWJtC+ZyouATC4gnysv7gkAQRLvTBCxdC8GywUMfQQ1f8PXujPq9bAvmsyv2S+bi/fbi WeoZz0CEXvbnzI+7VqeH1iorj0/ZbgdILbFfkCDb76Fe7gvCkdyKbAgTVR0MOI3H9V+kl008JXvFqm aBvL3Yx/hC8HBvTzshHTB6GgsuVVPNmRfz7iIoYhpb7T+/SqAvcIK76J75IixSZlUlhVcvQPMwhyot NT3uoBN0gVqkRdheAkghjbhBPdRNVE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: E9C11120029 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: mzuniy7t9y3nzpucg4ksxn3iagz7csnr X-HE-Tag: 1690811531-139097 X-HE-Meta: U2FsdGVkX1/UnNGlHT94YDJOJQ6tHThulHFNLErS/xMFSR1z2Hq/R0d4UOXi5nPd++WoIG659UKN/XiXU8jAV5V0Iiy9KEWwEbYb9pU4ITYdK5DnUpNNi85frXYVMdVBCkCzelwCjl00AlFaNKkl5kLrrZg1Nxl7kuxtM4/GB5fSUyf45LrylWv1UriPk/zDhC5+GjQYzYSJ/Jx86rYzcEV1fDxuZcCeJ8lln9N+HlAzISwHU+khOZHXiihWfNhpkA3nfJmmUccVvBaYuZ9zvQeN9hhELpSXQrCDBL7SKz/i/fB0qHQfPYtj+Y36G/pNh6UroR4LO47gynQdVlU2wvUN4aD3ikKXMwDPieM4lM0WJeRtHdwj+fBchHOri5Tw6M4f9zUlev5CLOE8j//RtaAhfMKph9JxjQ2OpDOo6b0b/8IEZMCZbhkEGYvqiiTqY0VpLRnIXx5FmA3nmBJTwDODxp88lmGUBrqS0Jnp7vOxd3n7J5Etymbt5vR+lm2yb2Gexo/RYeO1QHPVtMsyfVq8c1eypWUa1lV/St2XQxTwbxpj4jpo4AkH2w+ullCTbksucsve0MXKfxLedAyqCX4GOvqEbqZXqG0lNk7IC7dhDMCloJq7bVFdbPwVkaOwkV/415w3jyWQlyrU1KpNvXZZkKds9vQhm+uhbudvdZxey7m2PN+MzUq0JxYdSxGSq7L0J2ElwWrMavH0r3aEVoBhRmBCos6MxSrR6xBFyyxoxXngNLT3XVixBv8GrSi5Yms6ptBU8+yzvrKCb1/XJpWGZ5LnlZEn54yGFiuEs2yjpWRCtyvkVpNNcKGsIjV/uQrpz1JlNbzKs4MSO+j9JcUMNnsWahw5Qei9soKY9WAcVsTD6mZ9CJ8zQNvKqrvoFv5be8iX5B7Eq57ibSXKmmjlNIXpjl67gk9x0/qq8UvlUKUltFiNvxkfkEjJd9vK6D/glBylTp3UnvEzxIP 8RgtpKlq C1+6F3HxSW61zYtTvihVUv+oJRpIyxx4+xyLlzsBE9DpQX15P/8nmokeJUzGpHVnaIe5A6+cYC/h/kOKMTxBUVknjVxixy68CRlaXMLZMMnhc5K2BMveyta3O1S8YPRJQVcn7Q49gItcWP4+GfVNQYlLKY2KP24sVHIY8+fe4DJoCyUPjCgvlI1/M2oEGWLpWxofIPFTYDnaT28+wjzWiARJzlIIt33uZ+xjTjdlvs3WsgXV52ysFxX0zGngdmlDv5dWaQSyxbA8akNOXwTJawniK/bXl6COWIirI6bD9uo6k+0/jkMsPphVBpDvzD0o2n2TlUH0DPVs7rPX4Skz2U8La6stAXDHgo9qckq/+PeDxxN3/JuH/yFSizKs2L+mtAZ1uW/xpHPM5v+No0vaFF1x0L4Rd2/5lr21Y5Z8BK5FPq9U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ arch/arm64/include/asm/kvm_arm.h | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index 8e5ffb58f83e..45f3a7dcfd95 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -186,6 +194,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 58e5eb27da68..9c84e200217b 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -94,8 +94,8 @@ #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) -#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En) -#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En) +#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) +#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) /* TCR_EL2 Registers bits */ #define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) From patchwork Mon Jul 31 13:43:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334736 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A7E7C001DE for ; Mon, 31 Jul 2023 13:52:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 39DFF28004E; Mon, 31 Jul 2023 09:52:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 34E11280023; Mon, 31 Jul 2023 09:52:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 216A528004E; Mon, 31 Jul 2023 09:52:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 117E3280023 for ; Mon, 31 Jul 2023 09:52:20 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id CB1CF1C9A20 for ; Mon, 31 Jul 2023 13:52:19 +0000 (UTC) X-FDA: 81072046398.27.FF885B6 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id AD8B916001C for ; Mon, 31 Jul 2023 13:52:17 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qc9Cd3ns; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811537; a=rsa-sha256; cv=none; b=zRxUE88XwLan29FAh68vdhieZfRvEhkwCg3Ofh+bVwKo3oOCtrg3OAckN1pPDXOrin6de+ DHKtfQ3BM8hzxxCpDV8mtwAuT9tRZFGcTwQfFA4BFmDcFjh/TrEKEK4bZED+ihAJ6Rs/kD 4wqUbpFjRpf4Xm0xwR+pOWzzKOGa+PI= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qc9Cd3ns; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811537; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cBzGeOagmqKjhuaJYBJWsgv97GCqd8TKwDh2bth9VlY=; b=BgbbsByEd+EEiDcQiRw21PBlYj78cqG9ebPPxwmGj+I2kQ5WLA6+04ZHCQ76toHgvJUxOr dKWk8R+hOedZ8qvvrkqedXo3RAnxlW+vIo4TStxVAWyWZS+VPsuiDC//22UDCzQw/3eA3c tCztKBbi9Rwd4XHwV7agw+fz14cVCxc= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CD1CB61159; Mon, 31 Jul 2023 13:52:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2BDAC433C8; Mon, 31 Jul 2023 13:52:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811536; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qc9Cd3nsgAyvcnwoo8kjfvODViUMK/JrpplYrZmumxrpWFJkJgxfoQAAtQmXEy0Lk +BPICxB2b5iJoYLZwa0Jy5i1GxG9YIrojweNPdWyJVzG1jxxxRPdKVcGGNfBZEQN3d wsyQTHgkf2Uli6I54jqcE+RO9BXn+IUy/XBzVw71H52zCnwD+UnFVmUMjzhkXeisKT ndonCSJ6lvOmOBKfDsHnCf8OPCWOfK3Ab38QA5IevbVuoJI+Nd3ztF9g/4q46sXqwz 4ifG4jd0dqb7O5FLA4kXSOlehpBDXmsKLitwge5sUvbAwDZ3wl385xQYSuc/oRzuY9 NQbLtaaDejXyA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:23 +0100 Subject: [PATCH v3 14/36] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-14-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1796; i=broonie@kernel.org; h=from:subject:message-id; bh=AFWazg68H0m9wjDZ4noTEGRptXvqnY78FqkUfPNC3A0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wfsdqpq88pf21TmYD/kSPpHacilejyJipE9rew 1epzW+eJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8HwAKCRAk1otyXVSH0HDLB/ 4yUwsgP3uSC4+rw/h+6GLVLLbWnwEshdB3p5ype/gL221KLRVejx6eisgNL+pRT0FoOZasEebBFy7V l3F4UOacmzLSyAjRqciWaUncXUx9KC1IpVzU1S28E79KFcLF2vy+7j7EImZ8BKfvXMTxZGsE/GD1Um 9vmoI+8hK1BDY37dFDU4ybU203laJL21E1mO+eha2WzkwBUpZPwvvOADhgRsAhRugj9ZH2/+OVOO9i nKw/U0a4c7zTjo4m/ynqmyH4Q5Kve+hBrUTt7EX1y92BhSlWCUq7CE12LfbYdf5AFCm0sa+xlUQNy9 KrHgEE14UYJyMKjTyCJ53jOgHgF8Xz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: AD8B916001C X-Stat-Signature: jzb4bk85mdrezsqyjijpeg6s1ht6e4tp X-Rspam-User: X-HE-Tag: 1690811537-269445 X-HE-Meta: U2FsdGVkX1/kzKmvoQl4HSKuj67oC3LUWK0U0i8neym9+aDTNMghc9MOPPzfTK1YLJgGtsEbAZb0WTiPZC/Xu9ASvjisf5l0gKyOG3Y1aOpGaQrLMO+03iwS5knHVo1cb421WJlYvFV/w4DEHtbQ0YaDM2zGyX8CaZ04yinKBi/3K7kIKTwD9V9MhdbFVWqW+aIA06zOuBzqD6vtNt5abN7x3gvWLpKFbOLk2vv/U3Q6HLZHuZYC3XrMQ6rPKU8GIBUYG3h/VLME23OsjvP+vzmrlOyamhKfQHLi1j3mbbuwCXSKN5n9XXSck4znHjzD9KcXWmh52a8WN08x88lbXU0mQmss2BoSTjAqdtKN5xVoDZuKj31fY7qmzIhjWp9TyaHMZB0gJl36V8oM3nBBZL5Albn9JUHBXKRPJ2WLtFc06f2WabC934fZZpXIT52lU65JfqNzM3h245vmv/PD60s2ykwVLSOtXTdOUM+RJVTfVjQ1Dm+gWFU3ljSpBf5TQMzmmtVrJp09VW+kmdwO7GsWJw6BL4917Y57tqassSbgm136mn5Tlx06Owxj95o8nwVg2OLemjkH7TcOh7IFENwJBvZ8RbMobWGs9xT4j/ty0oyIQvbBUUxsia6cVPze0o0BI+OBSbQsEUPBEqEl/fZe2MlQNWygDfYp2QqH2IDFB6FiYa94qdJadgDaDX7H1w3CWvVmIoEqgFJgyHskkLf63XIAz43pdrH4oNvuW0H45FWFIpbCwBNoxHzM2LlOX8+AN+b8wIolcRzCiqGdCIhdK+vWzzFZh4NTFIzDEmI2qp+FjjT3vwkHTO+m36RTCPKseWAA1jdIgwa6y+q/GEbzp+2Z9CysWxz81W8Xg2i1bfIMbI9g7BxjYQyeileAOWm5Q2K+2jaR/G1Vmr0hccCQjRFkHbIlJieU33G1UZpp2lNESwAvo8IBra63Hl2qvSqUfxCikahTpvWqLZG 0QGUWkih +x3kZos8qXmZu6q7HhNbY+NGD3yEhvrv1IT1UghlJxLhlZGoSdhQx1ceeouQabeLM9/qmu7vo/B5kt+cIBRXOAk7Uq4zpfpeq8KvfyiH5Ku/mMWQSCkC1ghmfVjRi/1m/QSadeDKXxHqdYtp9m7TSvtFcuylJCvI0vRS4fnM0/XgTTrF0IbyY/pJV6m+YMA/YrKd2sBJGZmZg3t0ABrwIU3sQtRLqdMKDubppENm5QUxjxOrDCJYbcDp6AjjVtEERFjtpPz7dYoKVMT77T2ewa1UMfZu7yfkcSHBeXXVmpOmEpal+aAT/MDzfl5D2WSnr8+i+bk5OjDE36TBODboOTJfIW4GRAbWxCtQAduqY6gTLDZg3CJ0QqRQnxO/wHSc8h+R9dBETbCBaMf49+FnFBWWL+WMTULOvS09TveMqL89zK/w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index a1457995fd41..86662eed3003 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,6 +418,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 2fe2491b692c..49269a5cff10 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Mon Jul 31 13:43:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334737 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C299C04FDF for ; Mon, 31 Jul 2023 13:52:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 06B7628004F; Mon, 31 Jul 2023 09:52:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 04155280023; Mon, 31 Jul 2023 09:52:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E726A28004F; Mon, 31 Jul 2023 09:52:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D568B280023 for ; Mon, 31 Jul 2023 09:52:26 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 6D94A80B3B for ; Mon, 31 Jul 2023 13:52:26 +0000 (UTC) X-FDA: 81072046692.23.8D0BBCC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 32F7A4001A for ; Mon, 31 Jul 2023 13:52:23 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="QrkUAv/W"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811544; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UdUe/7o7abJT5BqbT0XR+lhA0UzLWbJEWS7DcJ5Gy0c=; b=lMjP+FU5zq2E0/1AsJNd2wSDsKqBQdW+cvFwkLW5V28PTGps1aOfUUHF5KbwFGMtN+xN6Y FCnErx5RiTurJXs9GGQQrxvjw7N3CufZQ1iBj5ln+4J09XHcnIA3sBx1yRz7IaoPLa0k4Q 44uut219JMOyZww3MG+dP+NV1bq8cng= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="QrkUAv/W"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811544; a=rsa-sha256; cv=none; b=36HZmbqH2N9ksqmiFP4z2PkT7J7SPP141Q9reY33Jj2Z4P30w0NCWkPAcZ5IGej4zy4qK+ CDQCKsW5BH3SuQL6Ar9jNgmqwQ1llze8SkcK53JPVQGP/O8SgSEJpB77rYqHBmPE8RGNuv IRYpG0Q2QcaHVP7ZhK0Gwg0sXPCmLoM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 65D3461166; Mon, 31 Jul 2023 13:52:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18347C433C9; Mon, 31 Jul 2023 13:52:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811542; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QrkUAv/W0nEQPufXRsBRT09S1vN1MsrhsyLx/XO9OmUHtWcHJSX7+yGNATPxVMZXS MRAvlmh71lY5c83nhcOd93cPbNBZNitx2jj/E3dySRlPeWDH9BNgohphQpJzN+Ppo8 ZNXFwiKV/a8C8tjKxGpm4qm23Pok5wDzyojLAMecNxTRr5STl9yzNetcm1HmECXI0C WZzXNVC0L3BxNLpxHi899QcxhUn4VAqPIVlE4LRshZldKQXFh0i5U9Wi2j8vcM/JkB uoZYq35+Ke9i8Md2EAj1uZ/YUddwuAMKQM4dwoZVLBOYrec3huk9QpAUsGxkICQIlp yUPmEARlnmHAA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:24 +0100 Subject: [PATCH v3 15/36] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-15-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3001; i=broonie@kernel.org; h=from:subject:message-id; bh=ggfCgbEg0UE7JP5CH6e+dKjRf0SerXD/ltcRHcZOEeI=; b=owGbwMvMwMWocq27KDak/QLjabUkhpTjexTSlzo3H+HfUrXWf8rP6liO2dtUd823deW8IcaRbim7 wM+9k9GYhYGRi0FWTJFl7bOMVenhElvnP5r/CmYQKxPIFAYuTgGYyMYs9n+qHTbKkasqexICpjxWfx 2rejZ71RG5mbPkW6UPHc7w4fLnt0lXsjqyyHWrejXXeXHT4NDgoouP5R4xxa3u8DFOc2GVMNKSmCOw ueew6GOu3ABzPceoPXdXPVB4zlYpwGzPvCl0avPF0/ktfLd6+UzMjMIe1EaLnH2/n+dl3BW+//ztm1 mjPgckO87+1fm3s6D03C77Hwz6RSwBzWpvjymG7rSIz3a17jNqyOyveP1veunVmv2fXj06cPX3twPK 66x/r3Dq+7bW2NGsfnXYhaUTIya/e7HyY/HjPq+sBUqFk5a7eG9evtVXuNLwmahpgqfMnyvi8bcWFn +M3ZB3v2mCnqn6VT+9SI2Oz+aRAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 32F7A4001A X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 3btiqwct6ucwebho8cafqpt6qs5fdrzb X-HE-Tag: 1690811543-775829 X-HE-Meta: U2FsdGVkX1+7LC9opPY/OtsIdP80tKDZqtnvkCR2K0IQHRhlx9U1H02+kFY4FJv2WycAE1DEngBxRkmXsPSUeXYH4+tViYWVBYRKB/eAs6FIL2hrID19fRGSb0NSbVX6uaqoBBBKy9uRLUo+oeOTjYR8iZxGVQMN2rOA/ly9MUNBMJ4gyMFNn6o2Nmtj5Q8q9M9HroaZgbcj8mVIyi8JKacrbntwQ5KQffMNy2B/YwVIuE2yaWpvq3HXUY38Wi4BrBA9jgaw/ePNwhV2GZOil2kfkoRWUYwiBhSLSM0m+aBaRiw91oRmLVvEVZNK1L7wV0uw0wcgIHAXgVx4WEv/MmnLPJyRsRtWc3AjPKG6At+RFHqIqKB8WBZfvaUeVZXZrYJXG82E4pJLwyxQl5zvw8soPLxlGGK+kAuvq+WBboDgcgNpT4qUcDXCIWVuUh7rC7VUII9QyPxAyFtCdfIu+IQhv3kIb8rq/bDMyLOoJENp0deONcuM1pD0hmXcizplosVMtpd9AOYgKwmUx5JbzSzZWcsDaE8mMu3w7R+6tW7FvU7Nqxy8FdC/OZLCXBz6oVpWzZ0K/nyG86lSoeqfqM/H1Mfruy+9ut+NoNxedOpwmucQhQf6LQlvLyd5FamUYN8ImYRY4PcmDoL3dTez2Kubv1FDqTYOP40Cmk4QWWxA6FPqTUkChdVpPICB00TPmewXSAK/phzaIEMH8D4ybsC3ZvtcbuQTJFxoQ6DdNsWLlXfvvAMAIOWP7Qz0R30iz2smsMomy1VyL/bgqLD5MvEn/D+cXkhP3Vh0fNTk1HoHZEm4dt5Lup4Ux1eX0hQJ6Dv5sEL8SMpZziqVYVjgsnif7w4okzBPqsqHzsPx+7GHdyaWOcwXwD2EoMTfT6rTC1OU559XKTZPwkVBtbExko9A9DtwV8pA+jHhnkTgMDWM6kyuFJe/ygHAHldOf3GqBZT2XrXqPbeVH2skVoL a9Ceu+ym yBRS8Rs/XF44xYflWlhkJPRQLoMo/9LE8DnTUyzegFqFBACelfyQ88ynuo2Hc8VCf00f/qztT+hfVQ6dzZx2opyX0TiTM46FgG4J6gPBfOzn2Z7TxLlGfVxdScVvDbe7+cKcz+jcP0gFm2UFcThT7MGYzmXl4TF93xbIGX1l+Rt26C/dhgpycT3Jmxalx/oKUxaTq+Na5sP2glmPt6eOU3rW+cr1HqdNa6d1HwqFIYspCe+92Lhei/SI3NO4kbmu+Vo2/YgoXiF0u9WhVmvbUv+tZjTOGIAxd/SJqgWHyZkkoxr/tlNk/9gO+i7i3ThOKHKSEU6KHZiKkb9GIPXSqzjolE37Ga93MH/PkAE7Ej8QvxFawSlvIg0jdpZ85mZHm6XpktL150Gf+vOK5f63lqOzsG07YG45Yod80iBMzNMJDlRY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 8c8addb4194c..75f3960cad39 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -305,6 +305,9 @@ HWCAP2_SMEF16F16 HWCAP2_MOPS Functionality implied by ID_AA64ISAR2_EL1.MOPS == 0b0001. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 692b1ec663b2..39f397a2b5b2 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -138,6 +138,7 @@ #define KERNEL_HWCAP_SME_B16B16 __khwcap2_feature(SME_B16B16) #define KERNEL_HWCAP_SME_F16F16 __khwcap2_feature(SME_F16F16) #define KERNEL_HWCAP_MOPS __khwcap2_feature(MOPS) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a2cac4305b1e..7510c35e6864 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -103,5 +103,6 @@ #define HWCAP2_SME_B16B16 (1UL << 41) #define HWCAP2_SME_F16F16 (1UL << 42) #define HWCAP2_MOPS (1UL << 43) +#define HWCAP2_GCS (1UL << 44) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 91a14a6ccb04..7b46e01140c4 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2840,6 +2840,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 58622dc85917..451fbbeffa39 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -126,6 +126,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_B16B16] = "smeb16b16", [KERNEL_HWCAP_SME_F16F16] = "smef16f16", [KERNEL_HWCAP_MOPS] = "mops", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Mon Jul 31 13:43:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334738 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37BB5C001DE for ; Mon, 31 Jul 2023 13:52:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C788E280050; Mon, 31 Jul 2023 09:52:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C2826280023; Mon, 31 Jul 2023 09:52:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B17BD280050; Mon, 31 Jul 2023 09:52:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A1692280023 for ; Mon, 31 Jul 2023 09:52:32 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 71671B218D for ; Mon, 31 Jul 2023 13:52:32 +0000 (UTC) X-FDA: 81072046944.26.4EAE042 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 836DD4001B for ; Mon, 31 Jul 2023 13:52:30 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=c2PCj6t+; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811550; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GVW/Wb+UQgRbZFsiBWrQq9WDN9Jw1tFXrIhcblQEjIs=; b=zBG3PMBQ6Qy4Vjom2LLRSkgYyX3JAuywBqqN9tDB9dHna7CtPNd4UGdVNpEqilJ5GVYPv5 Ja12fwa3QNcGQF2BDh4Bh1iVh4S5W54FjLPIwX8DoLOynPCJjgTVu+I4mQnm1jdOPUCa24 0FabQK77L9NX4pqeSIHV8RkVpX+cAOo= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=c2PCj6t+; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811550; a=rsa-sha256; cv=none; b=jolB/2SFgd2rvjqxygp2fab/vVXgvadeTJKpoa6E1J0oLhi20hVkcZ8wDuYhdW9HUGF6ie TMoj/YF2icM9KSyqJj06Vpy3Ckk1TZzHOtZKrNuSAfblWMe7cK3nCn190DNMWxZSHCtZYj RBlUukxdBXWruEviTSksZ43BRdDIr5k= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id BD4546116D; Mon, 31 Jul 2023 13:52:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3FACCC433D9; Mon, 31 Jul 2023 13:52:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811548; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=c2PCj6t+bB/6OlIwo8Tpv5EzvoqPZRN7PFTpzhVvReZ9cXCysOJzHp2TnfwcN46qX rgb+Ztuniedy0S1vMlqSZMDErnzPXdUYNZ1c17JM3+NbAxAxn1i6mvVKQPBLWLU0LD NHmVpcMTyyNfN4M/uck3wgbHbt08yAivn7xV4qrbFeNlyhVNLCTr8eVob9Z97mRTJ/ MW+JLtQutKhoMl3qfeLbEsdLd7NwmQMrGD8Ugz4msdBnYpJXVyFq8/I3IxpIH8/UUw 8xeQ73YgNGdrRCBFdDnz33kXRqlhKSB35IlOLWWVDoQhjOV/rCZ1do0lRpfrEgNpL2 1Y9kmk1XHEjsw== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:25 +0100 Subject: [PATCH v3 16/36] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-16-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wg3tbU/Jvi+aBnZbgu1wIt+l+iH6Qq5kpWaVbp uxALrEKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8IAAKCRAk1otyXVSH0D2JB/ 9kPL7Cuf95NJv1AQKOpMb/HS6lBnOqyovumdMehBGZCgSicHfn0mP0FLjCOdL4m2inLSFGncZVXtBM ZVjBjrivFLu1pQT2ACgCYbtTShUspT4GZBFKEZwC/rvdpCCJx7egz4NCw37ZFlW4Go/NXjpfUwNARt V7cHKNTJsRBhyyCpsNCi/DCpjc7lrsvUaShC2ZzB/Ecy1MqyKQhNdVNMQ3as3B9PIG5pDfc2PeFx6U Mvz+UkxgUQnnfoOHPJRvKoGf/RzALWBl9TCt/fJ7EK5e+Yh6TgXD4qn2B3rO21BhkRIfRd7LQccfNU a4PLqOVnYRvb1MAB83M4E5HC1/i1MF X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 836DD4001B X-Rspam-User: X-Stat-Signature: br8kf8sm6sdermjt35nwxwt4ocxcxck4 X-Rspamd-Server: rspam01 X-HE-Tag: 1690811550-650568 X-HE-Meta: U2FsdGVkX1+EcqsUJeY7cqyPgZot3NAqfKpRWMEEF+e7R9Wl9lkDDnZ9Wy3tdkKmnw/VhLM7cF0ix0XMljYaY4tOGAIdFFzbF8cNEy2BVsJdXGLl/sCTKDYJ2YRhfbnejkGcxTviVcup/izKl1c7TKnC6yOTYfnaC2JYbgb3LqhmSTZSov0mEMVDer9gs0Wimo893DnfTsWlfqT3LKuDL9o8fJGh3QIXBKKaMz0mg6nmL6VBaDYXOy8WmDkFPBFcfG7zs5dh5+rY2aPC3xgYeCp81+KsScQqw+NPnVutGAPTctSermSIvAR+xhIb/gcbW3fBYCDaudPV5sl1ZMzV87HgjNIV7t4jDie6CIQTaBDoCbVzLYF0TwGcCsrhpAyBf/teX7Ts0rGZ+y+2PwBxZb3ADobAAQQRdCdnJWs4ZrRbukJiGJSV+n2vhyB0nr3RtECJbkI3L8Hdt+xHJ9KbEYhD2eNp75lz89ZHIxZLdlUI2wXxKXKsT6cXYAQwBSH1RZH6cg0zsMGxsWbIvssDhRMEfImVZydNuYCUYk0VsAASkw6JaPqfVcEv5PkQlMpa6DT6Vi2NCClXPchzxvGXPMxh+y70wm1EIjhpH5iyd2n6XjZqVZ2l2P3a/YaCcfXkZH1LNeP9Kg5a++SvcNadPkrrKIg6d2BiU4+/mgJuEfuN0mbq/BY1u0sGuY0pGiMPevxR7RpTDsh/4cNWo6PaorUTVfkQ73gM1SJ/vYHcx1NHN+E7xvhO0io4ktuvGEyZe/gXxLI5j0w10ooApnl59+ROn48tkHiuGMcydfirbIDyPX51rAMp/k+pzOA9Par3nAVhbk7WP2pUvg6LH5kubv7LeGz4tW03fpkZRFRA0jeYYuikDjocg+7NX/wnl+2wStAibBcyGSVKzSmV7H7gzzjarMfCLheBygZ/srNn4Ac/RbM5S3eOlYGHBuKU2RGq2gzuP9I6WRY5P4HWl7e sQ2/Tr9a fgfOB7XaNDC/o7tFrz+bnE9c/YNaRODIOLikW0QNinR5Z72TIdcAOyElB5hAbkeODfiBHF5TsA5NP3UfW9KOgrNeypcNGNUUJEsAoxCBjqn4vaHGhElPz05ecIktHxnarIM/z2hCBKIKObzfnjRy/FkJZhVXEoom3d83U+IciC0xVv2mDxwJIZAHDCAcdQtBzUAyK95kdJXI4ChaqHn3RZVs2exloMVU5iln2Ra8RvG/UAbH+S6MBg08DCs8c/mCIRv1trrNdybaKm28OZUX/1J1XUmFQtJYHjNraThpHPb+ZKQN3LBtjjdxx++fP0OCsKNnRaUqj1M6CgDTt1GaPWLegtImKm46bMB1SZTjHxTV+OtBUgw46LC+9DYp9lVdlzBgzLX7qebAuLZP+YQaAF31KexeCNlr+3MOkLIMM+Flf1ww= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 6b2e0c367702..4d86216962e5 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -400,6 +400,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -442,6 +451,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -621,6 +633,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -701,6 +721,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Mon Jul 31 13:43:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334739 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37D17C001DF for ; Mon, 31 Jul 2023 13:52:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C783C280051; Mon, 31 Jul 2023 09:52:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C2832280023; Mon, 31 Jul 2023 09:52:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AF07F280051; Mon, 31 Jul 2023 09:52:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 9EEF0280023 for ; Mon, 31 Jul 2023 09:52:38 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 5A623120B92 for ; Mon, 31 Jul 2023 13:52:38 +0000 (UTC) X-FDA: 81072047196.30.B10532B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 8531F40011 for ; Mon, 31 Jul 2023 13:52:36 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="bmm91TA/"; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811556; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DhriSxQor3DCGKL2zl7My1a/kfJpgsRjjKwA8agrULg=; b=KEUU3qkHkxuRS6iot7vR0Z7KLHGlzaE138zGOIXOp+8AC7V5ZfyQ44z4a24hQtLXF3cyIy sH1d/CL6A8faqmRUpGETpBqEMv4AHEHPkKL6kh0wkXWum+qiZFAFFs0oohzwjadDke3qnw 3dpEoCpR33o2TyruZAMatbzHyfJ9x/0= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="bmm91TA/"; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811556; a=rsa-sha256; cv=none; b=ZOyqrZITKSzd4R50IjbnzljSexY4qYvIiKwxtfX9CjVhHJyH9q8Y0zKB6FUeE7WlVsmpRR 7dx2WLIMiK12UJfiRMKdm2LsHnAXatrUPgKHlKqnF82AqHT/lpDDCc5zOvoOcZLq9t+XWc ViQhEa1o99HAoYv787X158QfdNP67og= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9FBCD6115B; Mon, 31 Jul 2023 13:52:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A00FC433C9; Mon, 31 Jul 2023 13:52:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811555; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bmm91TA/wsaZPU0/8wE66pnfaNWaSJdQZVbqyg3+SSOShzdh0ggMTWS1FEAC8/NxK olDE9hRIYeFcpsqtYbtxT9mAS1hff4uLcoSdxJtguNtWeqQs/V4wxTl570gn1ndoZd eFqbL2i9VUFa5Q7U+ZyKcfdkwFLF/DloaBbZ7+y+DOmQM1cxJzkNGFeo1nVstpdwzM afv2h8zB6/rbNODhkZAd/WU5Nf38ID2g6gff8Dk/bxjUXdKwpIqcLMOE5hNmSb2W98 QatGmPLu2OnW0BCOwH3hZbmmzSODz6YMFJCxHpY5zrzMUJt3DrfnFvdoYANLDanfsF /3ft2eN+AWRgg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:26 +0100 Subject: [PATCH v3 17/36] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-17-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5613; i=broonie@kernel.org; h=from:subject:message-id; bh=Qk1oAglcSxLTK1OL1yhAbWpcUwaL4dga6Y2wJZdhO9Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7whzsGmRy/nIppQQzz6Nju8+l9OjAbrBNJUqFYd 152B5w+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8IQAKCRAk1otyXVSH0F8nB/ 9BMXz+0V/6xYz4FAymiTLZwdJwh0jPkGzUNNQ45BqYlDb+x6M9e0xKuUa7+TytDqYicRBsPjo7Klds +Q8TfYSMGxTMvIRDH4iQMdnx4H+KQWvInDHoHh4Jb1lXG469AvJYqKX10Z7foIXDivnKVlhaoE4AXr VPTmdHvr7KQzC6NablbK0C1oy2iyVr36ptY/usiMPdpTv+3AyEuguLBNcpheQBotMdb5R3dHlIqwxO jn9rTcce0v/zhcIanMJv62RMbmz+8h5s97uXmiKyR8E7/LYsJeZ3dO+rl6omtuOk6F1V2bVG96+D31 NQNAplzBhb0gclp1zq2dRARGuU79VQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8531F40011 X-Rspam-User: X-Stat-Signature: zfp9diqjtezad8qn7n9xtuj6bjnyz9nx X-Rspamd-Server: rspam01 X-HE-Tag: 1690811556-312766 X-HE-Meta: U2FsdGVkX1+cLnaJJ0+DBnJYuCDooz1OzG+AEglX5mtblB/aALu/NUWGoQYhy46yUaNreBczm7xUyHbrRIpO8Y8GDmx6iq/wuCwZEHcDXZx37Z0GAwt2gJmP3ywdt44r5ZmXBtMipdEJVD1jRsa/AsEhh1O9HUkwfxRSkKNoPCqZNGIOKxFpyX7iaDzqoK61YvXNMprg+r7WBqdhQdtBLeEp8jPLYQ5h+JesqbldMkEasMwDa9mccAAmgS2Z3HhatsyevsNuo2PVwnpoq+KiXqtL4Ql25jTho0GWWV9Q0wZWHEh23KKxBCr/2C9CHty3N8GscIJpKxkMbDO5g5HGkhVwi3RZ9G2oR+DR5A7Lfr8Se87+GczXZUpQezybyTv8NYQmTgGMGL4YeSLTDf1ZQxcoO6bL//ouR75k7bJ2ZWpA9VW1EeCNUcATo3X+HHZ//ixd/Gu5flfI+QCQHQeFhR7xrGeekzr60ZWDBU8Aa0nJotIUeNpJ71OC98zumTKyoEA5PEvvbueVDASOuD2xvBNQyL3TmMSdPYLSy1Ly5WEJWahjJaJkmvOhlUbsrHsHWnAWtNo2T5MAc6hEDVtsZrlIYS5fykO2BkkFKJ9IVPJt9jjCwpzHDKpvJlFuBvOrW7jD1Z4mSWVmJ7kzfgSICPRtqRFTm+dvusXw8IKlPGO35dgGLlGB5uMkymwsKU/6BzhXo3N6qoNwmLkPHgtr31kHlFusY0o+RdXOSyEqU+kmU0yQ25tvMn8ileEqkFLW0TWCZCvVk+7eX5nCJhlMp0Uef3CaYYJtHWUejjP4GrXYH1bgitQ+44/bCtum1Njqb6e/9uX2PhkIpkLlEhVE8KhygrjeAMyU4efA6i7ajGvbBqh69VEpqZjqBkyxmhMQajFzhvtIN5LaZeVW0yrd10J2jH5TN8H+5LVkYV6RCuPdkyVGdyphKdYrdEh1W6vdVN4tS+LKZxAT++e7DQG Qkd/oP0Z ouLUHh2iMHmgqa5h9ULpG7QzQ0fHbjtDgRY1e16PYFD2GQvU9LdKBbkrIEKtsffukDRt95Atf2LdPajmAJA1nTXYqKPnjhwIDNiXGPZ4SBn+RuGTjmBIijt0Gt0yQqxfRSqFtuxJLUz3iY0UhhnQ1BGNuSkCYKIH7jN9PBK3+Z1O2lKBbkODGdcNqjihtnoanXWDYeIHBUk30gqwcHkCPcvE6egfQch8hRdGd4HqKRQLsuWGO+hHKKKa8m7I/Hp69JwIH7M7LyHEu9qsYFfILo6/FsUyE/FT/U7jzT6mdSI8dINxLfmOFHAX6L30M+faU+r2k76fh7nGmFOaoVbbx8i+bT+3uCFbsfJnDlDxu9Qw7p06C1jdQT3ozcx0/rGFkm0DN+OxZAvzUCzfZqHqcnMdTvWsHZPTWbdkmy/YTUA44vUg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 78 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 70 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 3fe516b32577..ec392207a475 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,18 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) { + if (is_gcs_fault(esr)) + return true; + return false; + } + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +615,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!cpus_have_const_cap(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -595,6 +644,19 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations and from EL1 writes to EL0 pages but just plain + * EL0 writes are invalid. Specifically check for this since + * as a result of upgrading read faults to write faults for + * CoW the mm core isn't able to distinguish these invalid + * writes. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -624,7 +686,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Mon Jul 31 13:43:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334740 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 556B6C001DE for ; Mon, 31 Jul 2023 13:52:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E26B5280052; Mon, 31 Jul 2023 09:52:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E0707280023; Mon, 31 Jul 2023 09:52:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CC524280052; Mon, 31 Jul 2023 09:52:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id BE178280023 for ; Mon, 31 Jul 2023 09:52:44 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 7CBDB120123 for ; Mon, 31 Jul 2023 13:52:44 +0000 (UTC) X-FDA: 81072047448.02.49DB0AD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 5FB3D4001C for ; Mon, 31 Jul 2023 13:52:42 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nUk0BsJX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811562; a=rsa-sha256; cv=none; b=M7756J0mUvjFDSNVGPqqdt4Jsx5ejPAW1AQU7lQUh5vPvL6NtJrpIBU8ChHbc24EeYBC7j s+EVRrCrY3NNMTW35XtdlXppYobztX/M37SLBsugByyPK+NfNlGI/Mtj9XvVHNzQ0z/CbO d49nf95QVKflaPNXX5mKtXGWS9WbTi8= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nUk0BsJX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811562; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=sAhQux4ErUwiAv3XkaoNHj4MussaVgrlpmB3FlGsirg=; b=Ap8LPmwG/tfWiNz0CW8JppEjK8qB78TRSOLAGwcrv0HYD9Tc+Mmjc31qYY31nxCBxv8Zwj HV7sXKJyTy6DRX/fnu4c4WoTwkcq2jeCdR+HQjC8V36SYU3iCuYDDVLxiIvYZZKUqhuxlG O3gOkkXKTigpA+Vn5o2TloIf8ozoYYY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 66EA861173; Mon, 31 Jul 2023 13:52:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79A25C433CB; Mon, 31 Jul 2023 13:52:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811561; bh=QhfMLGzeDJZ/KjsMbq99IZf6UTeyPwLI/WOXtKz/xL4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nUk0BsJXU0s1I4leTvg8rC4bDYjMMx+p1+j3yJKOLs4A6VuGfVodKZuWtcVnwg2OL 5+SWOfyZsmPKCe6Vl53DUl1Eufrkdfq6zgLj76BRtRG255CH7FqSswlZmGmt4Ay0oJ VsXpHgKSN+qs2jWU2UGduM67wjdAdk85zDCicKgexGBqM90KlzY+2Vo2K9pGkn9epm 218kpDVtqY1/1cDuNPUogIF8QDOn6rjqfTwxasU7EQKFBYaw0HUaBt6bLOWVQvwzOT 9RFdr6pu8IiRtrDQDV1rh43t+iUrdW9lmVgrAG5tvhD8it+g8+aUItA0keeeN2v/20 9jiPq6pLGJdkg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:27 +0100 Subject: [PATCH v3 18/36] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-18-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=6697; i=broonie@kernel.org; h=from:subject:message-id; bh=QhfMLGzeDJZ/KjsMbq99IZf6UTeyPwLI/WOXtKz/xL4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wiExiEQYYmGW5bOfHv0QwvjYwMvtrTn/88VolH EatdS6OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8IgAKCRAk1otyXVSH0IYxB/ wIBMl6d/o4Xuqnfx74a5ikmy5L3xxSHIO/Uciy6Z/Ap/wY8LvgqdZOaJ8eQLp2YwtsZbQf4Tu5PNqw /xfHGkpD0UAJQ0IJi7L274j76pZjiQd6AizJC90lznEdR6UpO+qQhy1BkBIcup80LMBNCM0W4DyEjj /j37wIWK3BoHV+Av2HZThDmuGdjWdEDz1NBQ0STbLxUCfSG0PdfKZkwf2HaTvUpmsTApVQxloR4tEM dtxGpOAUsLx/estLAp7eVtgR+fJJ20sykZhsHJHXP+417YtT24fKIjOnDhAoyn5K0m6kTw7pq657pL 61b29SQVPYAc5qKwXrXgRxuJGFPwgI X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 5FB3D4001C X-Stat-Signature: hqpdnn3cm49muq9c48gwhetr7qpr3aue X-HE-Tag: 1690811562-969178 X-HE-Meta: U2FsdGVkX19JR4N9dlvgRVKK2KtK0bnGgrUbCA1zNOXaMiODVMQQHKCJG5EolCUOlzmiK0jS1EiwmOOQO9HTUluJoW32XSKI5eNdiaZTj6OeCGncVW6gYzo2w8PI+ZIIefxwhQbiI1WMj7R4/JntngzEnlVMf8f8OECFyhZqpfnp5HFrRN/TpTu1eYc6u5S5j7LZuOmOVNxSMO/GhyXOt4yVZAFvyi/U68QlohrwlXVr0BLBNqMolmdHXyKy+0f7p3u5S/GkkRKnWVNJCPGZBB3ONVeXNMZmCcTNoiE9Iok8AZN+iniJ5Y8l5V14l2WALRpz5H8blJIZvTuK1kqKbM3XO5IrSbKlvDwqU+1zgNR7bftEIqxWN7bfqr73bV4SiIKEA8925NDHLCkc6v7gLtsBaK4fhsqqwIV8dBq0gk3Z70XcctkIkWIZasBZgwP39QX0f92vk8jWzTGmytb1YcQCSiWLSqxIyYx7pdGFFOjkOQhSGed/NZMK4+Crks8Qccd77n94Z+ofc7PTwjZv+91NA8p5u7gyYrIkbDyoGGlLSFoYuzm10a9VTsApe7aIJk7TXSra8wRSQBzFJRwubINV0WwLochhZ9NAO0En+t0WOg7PmUmmcR51iXzfOe4FEzTj56WPqI8ebyM1Rlg5Zyfz+x+lEVNE8gjEM4BkKBomFoIKKyiSxLtJCbFY1NaU7c9At9l5eKxyMEhMX6Cn5O9F0EgWQVjdYCGOCDum1h5MkcNXEz/3jkuYWXLE7NSKJocInclk2XCAH771sAPZBezx1Y/JQNYHRr+R7yDQpOjskVX1YBOZp/AJy90V1Kqjw13dE6lD6ur71R/CAJJnXv/rmPKbS5JT0o39W9XgOgVmhUZpenWzEuZn1VuTXaa8UMjMx8JsZSYu6rjFTVBkhqPW3iNj44UmjuGCnZMT+mOaTh4jzXQoXjw2ahUV8rAQm4EBUJBNhmefJ4WBEHp MFophyG7 V31VQKjtEv4trK5AtncS/GOatV17h6L73i6BVUFopigL+rteAJC26q7idWyfaEKND+GXw955INLN6IR/8B3CdFXkl27li80aC4qSiU92SHAmtpO7MBZ0cii+Xrk/n34SA64Q1y79UIrS89lIHqWbd0/B4MERK5Q8w6XI9hTXN3vU0fUjPiMizjrUclhBAIYTdlK30SVjRV+bnyjLRv0wNmttWnQn4N9uhFQwBWkKR2A+XjygGOoA9/Bgax9iIwxyNiw41mO8s8AyYaNWUiDNoEKIJU5s6omSHqKOropV7OFcIQCKx1Sp0BGENDxfb3Cxjx1stsFokDe6fPmzfnmhMql7nz+eAkNm8hnxKegwNcHUQDiYZAOM6VsApMRYeTAblmdr/eWj4YktG5KqglXOyM2VJgisEoWyPRjijEujOKtjbeIZOgtjQH8vL1wkcjiXwJDi11qI537KTD2g= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++++ arch/arm64/include/asm/processor.h | 6 +++++ arch/arm64/kernel/process.c | 55 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 +++++++++++++++++++++++++++ 5 files changed, 125 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 3918f2a67970..f1551228a143 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0fcc4eb1a7ab..b8a42471aea3 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,31 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (system_supports_gcs()) { + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); + } +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +494,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +587,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Mon Jul 31 13:43:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334741 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED9BEC04FE0 for ; Mon, 31 Jul 2023 13:52:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8807B280053; Mon, 31 Jul 2023 09:52:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 830FB280023; Mon, 31 Jul 2023 09:52:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6D1C7280053; Mon, 31 Jul 2023 09:52:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 5CB9B280023 for ; Mon, 31 Jul 2023 09:52:51 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 18E6C1A0B42 for ; Mon, 31 Jul 2023 13:52:51 +0000 (UTC) X-FDA: 81072047742.02.E2D676B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id E7D184001F for ; Mon, 31 Jul 2023 13:52:48 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VMvi8sHX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811569; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=z/Hfqm3gSkub6VfcgPGrQbJE+2xTyC922gBSrpwYMhs=; b=2G30omFKJJhBdbIYIurS8zVFnYf8s9zM7Fi/6HGDNdGiyT/gOtBu13cwPYEB4IBO4cw2uI mu7mY6e4jz+8+Ir/ysqb11ieKSdvILKq0yHumCbVaDUGbRf79HNQjgSuVMqkVTQBhFv9GR BsJ8/s7OO+Z215BvGqzNZkXUndGGtw0= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=VMvi8sHX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811569; a=rsa-sha256; cv=none; b=cRVMvwwpyroVy0VPrGiY1juWe98Jxq/5tx4BMKA4ODffm9GqvTuzBOalSDsHCbQ0tegGjk rvmfTGixhNVXtUHieZsZl7a98yfE7HW7TPjVTybLjvHb2F5duW1rdxfWnUh+Ho/1iT+px9 Z70wduyCCrH/2O2kl8fw+DhuPz7l1mU= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1931D6116E; Mon, 31 Jul 2023 13:52:48 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 944B6C433C7; Mon, 31 Jul 2023 13:52:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811567; bh=2KK/mGoHJbatstMicr5F2Ynx8xFfeN5q4Dmfeo7bTNE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VMvi8sHX58ZXyBOhPTD8+q7Yv23XoKr5OFpfWKpLb9/CJDAtoBYlVDdu6BdWzEFqi w2tgFqvYg4zzd8AUWczMfb/JGQVTFaxvjvg5w4/uGe1qgCemzYCFJZm36BoSHwgZW7 BsJCphaezuns/OVDgcowDYbyRCK6MMZtiPDe8O/hewfusWOy8BU9DqAuz5wO7K/Z52 Ey0thCSUtvNS+itveyx8N5iWof00Pv21nh6QRWpb9rnvIViFcPfrPWiSg3t2CEloLb 9xlEEGPCkB87/PtSQ58zy2dRslm9VYS/XJjvpiJXfgFbLXC/Vu7Bz4l088pE0PYiGm jhOEpN4IFbJwQ== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:28 +0100 Subject: [PATCH v3 19/36] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-19-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5142; i=broonie@kernel.org; h=from:subject:message-id; bh=2KK/mGoHJbatstMicr5F2Ynx8xFfeN5q4Dmfeo7bTNE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wjgR17AhihNN0JKCnsJQRA5lWhOmG2X+8nWz97 RDaryBqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8IwAKCRAk1otyXVSH0LAHB/ 9u3vp9EyTwc6A9tBQo66B6wZrS85yLwA6aHJ5+gYtDhv578YGAfS2eOsDSt7jvA5UlJe7FJpt2ghGB YYo3sMNaI0IqT3mDwSPC1yq+i9xzJvYb8shJR+9Rtq+wainEXskBH6PPLr+ohN2G43AOoQnlYOyCcZ lWWkfyNicv8aIBMbrwN/20iq1uocZTxS2HjQHCh9kG/QbAfC53jaJblqEghI7kLqNZsh3FaRb9dkvj i7HdHEUFAkLXsA0BolAR+u682Kv6HVne00fzZ3CDKawCyfRpOxvYUF0aEUDXdmWeczi4EsNtfOvyAO TP3h2h2wojkMRu7jwgRY41OHoJTRwj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E7D184001F X-Stat-Signature: d93ygjw3uakqgsk4h754uzpfu83347dq X-Rspam-User: X-HE-Tag: 1690811568-920180 X-HE-Meta: U2FsdGVkX1/JGqVQxXtJ4rmLD65da8R/yU6yelJoIofNQ0C2NHWVvUqWNy2OF1DiNnNmaX3CYTjrMcBNzbCwQxyaW4Oucypw9AcDPBd3aCcyvNnPfWi70HVrc416J0YNBU3aCnJqRRPenJK2la0D3uhnnz8wRalSVGnQiVUkLRyg2716uz1awbXs1WArYYB0of+gUhfRE4OuR/PMm7HoJtQz1zW7e4YBBQ/PKYBJX7ZMuNetM2KaagAlduqq/7l84hW6bWb2Zk1btptMhSCt2jJICqM7TgCIRmFLnY4NjjuQGr14PRYWpPvIqEi1kMb/SbsffDGp7r6MoQ2hj6HY3Ez6RATrWtCFs6d5uSC8pYhf1BPqR5x03jhYvDgJlTWaeadFjxmh9VRHiUMCpq4ewJSDYSaIo6clujQOESIh4DmG7RgeuJ8DnrD30oYhdVWCZqNiPe5AFkJd9zloEiRoNZBQVrij1zOpAW6HDS3/c4JI3XwwIRyj8mnIlBgrTJXKW0J4DV30yJ88G7/4ArOLDxBgC5ulbhiMoj8p/7fsJQ0/vT4WirhhjOeLlkQR7gQk/t4JhIaxnP4yndBbrTMh18uDwUJRMTk7M4+vBD69n/3KQcpem2W7IDSoyUh71YqjafOEXyZvCAZLi/HIcagvAavjom2NpUC30W2h0ahYO6gBNKzBFttb6ncvCvQANvsyGgtd2/RLN8jNS+LDO3ICdEcTXcAE/QhQaITzDLAmqB7eFiyOAoLwIUzIP0GPmOGaJrJHqpEL0iC4vxpy0IFCZaM+RUxfOKL955Etx7enP7VM9WGTl7OAizrhUaGlW3uLnxkCz1GiS81iaGeF6OBCZiCz+tL1C4rbwFAKFEt3ao6NVHuzMuqxYYtppeA+6z8xPabHSDQ8Vzcx+rKG2wjSSs44HuV4nBYReRhTUn56yWT+ODYTqq0pnT51W6JPY5pH/OXBfppxdRBknfO4MOi HNGRWVBQ D+vfH8dKW78+j8YASfzNtNaENYEtdaVisvvi8ghdgg05cQ3/5i27WnTQKLg1FNdp11avSq7MhzV79CxHW0qJRDn2tZJXLqKsnFpGB+Z+Bw/NlIs88jxK07qcIucqcvV3JhY61dCw2h2zKGSt9DsUx3zIUuMpdyHYw0PR0sw32MJ+PMn6OQOvkmvSvfgCQ4jabSRa7i5UQm7VbKAHkVrAVSSfHiFmBu05gI07RbYG0uO4PzuvwPfFINw/3MuCMFUaH6TN2OIeYdWYZcdGo4JBEKDFoMKj3QoEdSgGN25yBGz3FKrGburv0fiLfGSezG8XD9mpRFJ11uuXeCW0jXSF8f0FEk1eRhgy/giHIHZKWCo8tEVpHCL1Tg6cR7ev5F01DRJqUskdk/pEMGhkV2DyS4LOMG8AF/tNyt7uPKBGNKA6UK2w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We do not currently have a mechanism to specify a new GCS for a new thread so when a thread is created which has GCS enabled allocate one for it. Since there is no current API for specifying the size of the GCS we follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. When allocating the stack we initialise GCSPR_EL0 to point to one entry below the end of the region allocated, this keeps the top entry of the stack 0 so software walking the GCS can easily detect the end of the region. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 7 ++++++ arch/arm64/kernel/process.c | 30 ++++++++++++++++++++++++ arch/arm64/mm/gcs.c | 56 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..4371a2f99b4a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -58,6 +58,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size); #else @@ -69,6 +71,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index b8a42471aea3..1de6371ca2d8 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -284,9 +284,34 @@ static void flush_gcs(void) } } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(p)) + return 0; + + p->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + gcs = gcs_alloc_thread_stack(p, clone_flags, stack_size); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + return 0; +} #endif @@ -368,6 +393,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -409,6 +435,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, clone_flags, args->stack_size); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..1e059c37088d 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,62 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK with limits of PAGE_SIZE..4G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK), SZ_4G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + unsigned long addr; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) + return 0; + + size = gcs_size(size); + + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Mon Jul 31 13:43:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334742 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F207C001E0 for ; Mon, 31 Jul 2023 13:52:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C034D280054; Mon, 31 Jul 2023 09:52:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B8C2D280023; Mon, 31 Jul 2023 09:52:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A53CF280054; Mon, 31 Jul 2023 09:52:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 96C86280023 for ; Mon, 31 Jul 2023 09:52:57 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6BDE7C0271 for ; Mon, 31 Jul 2023 13:52:57 +0000 (UTC) X-FDA: 81072047994.27.B5492CB Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 26E16140009 for ; Mon, 31 Jul 2023 13:52:54 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z1BVV+Wo; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811575; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CkR4LcFi/Apf+N3CqhDJhcfTx9Wd0mE1G4u6yDFXxCY=; b=cTCbwAe3siO7HX4o4gtKaPtUop5DYrtMy+D2P+x0/AErHIoFyESZkEi5HFzUb37qUk8vwj +ShCm6YgzH00/LOfx2whB0SDRbhv7qSIYdV15t8qP1bu4xtQpqXFRWqSCJZ+X7J2eexE/q Vd+rIaIIDNdlfYonxp2xzeWruQKflYc= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z1BVV+Wo; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811575; a=rsa-sha256; cv=none; b=BcOrgyhwEnBeD8ZpFy0YIUHyh5134uSkeaz/SiILHuVtmlW6Dr53eo6P6h+3SQyevYeYfL 0H6RqgOPWOjuionn7Ltkjy8umCQH+QDkuAVsPAHNiXrFKsg0U/VgVB5pjY+jKg5z0T2yDY /5eE2pdbL+UKPxpIdFG4RjMSPMZ/R8U= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1F6506116A; Mon, 31 Jul 2023 13:52:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CCC75C433CA; Mon, 31 Jul 2023 13:52:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811573; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Z1BVV+WoiISG44vuf+yNrrEJ3lepb87j8BSAC7D18wHuLFOiLhTJmgo+lPK1uFdH3 PWJ5VL3FwV0Vs5mOFFgFlUXa7HhqLN7OZAwCsYsfXH0eFjv49CfSxlYGpXbYXN0LmL AnLGY7Eg02OGSUgrRYaAh+VXc3VEinn1uzWMlXQuzP6jEldwDGeH6ugluPm554Da+W twxXzWrKygNX5cpe+6qxkqN4sFgckQi/+PBslWc9hWVltH+COE3CJQvWpc6WVkGP7b 5Go3e3XqaKy6KHUt0grrcIYNOTuEDitWbBmzJWSig7gpQnZejKDKyZ2Ln6SVb+TEDb iTtJ3vLjmwP4g== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:29 +0100 Subject: [PATCH v3 20/36] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-20-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5673; i=broonie@kernel.org; h=from:subject:message-id; bh=3y05YgLEE7escOOoGXKTI0JE3+x1TY+XK9aZf0p3Mn4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wjRyfJARDicgaQa+rUUelSKV7txVZfjf91i5FU 7Gf9oieJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8IwAKCRAk1otyXVSH0GV0CA CBKC30YIr2//j6qTO0xw3FKffU/RYeVeGQUh+quFg5ID0HytytsBazb1AF7KnVcoLpMSG/3KKSOzh4 yYglA9WoQSph4fR2/3ApIaWp0xiI5ulUZER6fcmENKJyA8mxZ3kiZZdLHTXjA7S0+ukdR8bWgOtnQ6 wUlDZPuo+/oJGtPV4M88F1oARQ2DDKCXPKU+43tuQH/jp//xFNQ9JxNQHtyW6XWJ7+xXc+AknVUdXk Gb6T8ANJNXnS/lE9/6z//d2UoRkoK930s7ep/Ac6KrqhCtycNu5R61+AWu8Mq6xAhmHftwh7OAf2T2 6Zjw+UjGEUcKnSDVyxIL/IJqqANQJ4 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 26E16140009 X-Stat-Signature: fm7p55qzrohsi1bd7ep5jo9f9iun9971 X-Rspam-User: X-HE-Tag: 1690811574-597601 X-HE-Meta: U2FsdGVkX1+riLF/UKgCUbZKEaxjled4TmUXp5/JHRkoHLyG6atX9YFKkWL9QtIKRgEgxlfvDl4TLCf3oJi16EiJvmqGaTzkKv06BMuQ0fYfjKJRxWGKmNzmJPzhV4kNRGxmfFUxa/+4t5Ew7uYkdN6mABTwuU4n67Kb64tUDtRoRaVfLbrmkHI8JUrZIX+7Y0F8fnYdHKWhIC1qW8+gRdrD7j0kyX0GsonBqiHrKhwjNc9EEuLMCBhqVS30ODkzvJY692rCVOr0+F51X6Ip3JODjAu03yWBIh1yWhKQ4EA8qonuT7uuz7sg1dzyJ2h8RsYiO1i2rprf6Z81fBgcHLMcLu4XX6Vk2qyFyC04k10aANKD9OqqVvwWXofGwdSPpRvwuvUdCl3suYxB2CcvK/ajnWgmDRExYUJ+9P/Lf4vTZ81s7WtSlcBEO3cP2h6QfaBSKSBu5ffE+XxUsYAvoH5HD54QDe8UHHahBQ2/3aaUtKluFuU9jWoZ/ze+Kfs8kuQQUWqNHakXktbbt9fqcVo3UULVnzZI8EkMTM+sBiWwswPuZLyajDYmrwhB1Eb2BRFr0gnzvrZX0Icp1K8wUuOJ/CDub7lPZNfqBuEVk/qpG7fFGHKk/xonIai0/ZCfAsM/jdEuIIgEYjDMnXy4Nvz16CkhZBMfpKUGfLiOEDk0mFCqOdeWr+St6A6EaDFfU1SSgQS+3df38498ABPrYtkkebpm9B+ZG8RqIvDoDMIFrTbiEwiP6OMgcOQd96Uw9bX36/2+o3uW5Jo7bbrQNWCQr+AJpQ7rd9kySHpx084wophL2+I9xvvL+giOATGqzYhmKRGfbkT4fusxQCaDxnnAgqB9cDAEyuf6lHLLLKdZyJ0fBxmYE2vjxyEa6zsdgkV2q9l3bpDVH83WW05q/Wf9l9LIw9s2Hr08rRO0jrh1G8b7SpSaXg5OlMtJb9z5nWmn67nUY/QRFdcRK/Y FDWos0Ay S9tN+jLEVlbBURKYkFNKO/6YWex2pspejQHjspr1r/teWKCot6yJD1cQO6RrFGTxjRcD6WXeS7yskRBDIcEk7mNnaikIDUIKNmfppoCcVz3zlJ1he/JOjTtHl8RYHWXQNlGiyBeFMrlLM1WpnJ/Vfp6H5MQIZTQ5BazZqe76h5MRe583UmCljqI2liwxksiDwZuSQUZw+JRQJnHiOSYZhSIgm6hG4oMjQ2q/pPGsxLNKTsNcBl81bY8KloJmAlTGUio9vasy58RL/kU07PukXvTmr21bzoj8G6vVhGGQURsBpHsgDBGMIMZr7HTi7my5q/BgaYOxsKquaK2DgKKVTSTQnqhEZ9YkccZD1LXnmzRWY1ca3Py5g5GgilcV4WaIGnp2bQWmWg61OaQM9uG9wFZ5L6LXedPuxwU+FwQuZj7HX4Bg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..c150e76869a1 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -61,6 +64,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags, size_t size); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -76,6 +93,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f1551228a143..e4255749844a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 1e059c37088d..64c9f9a85925 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -93,3 +93,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Mon Jul 31 13:43:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334743 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2D76C001E0 for ; Mon, 31 Jul 2023 13:53:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5E843280055; Mon, 31 Jul 2023 09:53:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5988A280023; Mon, 31 Jul 2023 09:53:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 460D8280055; Mon, 31 Jul 2023 09:53:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 365F1280023 for ; Mon, 31 Jul 2023 09:53:03 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F2DF740B4B for ; Mon, 31 Jul 2023 13:53:02 +0000 (UTC) X-FDA: 81072048204.04.F9A371B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf04.hostedemail.com (Postfix) with ESMTP id 27F3240016 for ; Mon, 31 Jul 2023 13:53:00 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=shhLfXON; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811581; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aGcCrhfnO1dSCRAUs2DXmf66G0/RvuP8oXDk+bGaZoU=; b=obS9X1Bmi4PKgK+Q2g7W6343Agifb+nz/DzqkJEwrp3bRs6WecPVLeR7lPaR0nMudlrvib PmNc5gZfPqyWEBN9S49pc+4+lzozS7TTGb/aMEbghdPf3MhiR4PW8LpU/4PcU/HlxBHeHb nDoiYWvjrlhJp+S56whqk+JZxwbPdLc= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=shhLfXON; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811581; a=rsa-sha256; cv=none; b=NE9bjCTI9cU7ef5N19vLAQ3t/jg4vojG6EeaE79gslIBIUeJ3rlQGpvVryehuo9Vwx+kOL VcUazAOMozM8wD9f42cB/eLGdd1c9FH+zUroK13hCmgHDmmUy6oTyCL8z5z4I4VviatZKW lEZj5IuMQ6W5IoLp7G/azl4zAlba5X0= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 47ABC61158; Mon, 31 Jul 2023 13:53:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F14AEC433C7; Mon, 31 Jul 2023 13:52:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811579; bh=oiakJxhCl2ggQgHDbaP+YYLLswWzPu+vDfVc2y5agDo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=shhLfXONrD7gHZBO7m+2z49vwn5GzRsy2KXNcCDk4JixPM0BQvMlex5+9seVKDJki RDMuPCCtx9Wz1exmEA9ClSAGzziWkaEmHc8RmyUbojImh0ZceWX/4r6df073qf64bL 74Q/WpM49Aa1+SbJKQ4JgrTsSrCufHEe/ntJQaETRNCjvmzETFtne/a7yYkQa/9Eb8 JxaQC/Ja0JxmwA+fuJIdihhs1N54g8TYcCfMFunAwalfXGTM7QMkfnBhBs//Pgpnni G4Qfxkp0lfP8zbfoIaMItADvXfApA18JM89fnL5nl+S2wParMsOZi71/obXOaUJL3F HCQyvysFvcuxQ== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:30 +0100 Subject: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-21-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4500; i=broonie@kernel.org; h=from:subject:message-id; bh=oiakJxhCl2ggQgHDbaP+YYLLswWzPu+vDfVc2y5agDo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wk+F/effdxAt8nq8/+J2Zqfv8M22clTXexRbtm +dUzabmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8JAAKCRAk1otyXVSH0KWDB/ 4g/NTnw2xFRrXv6VABkt5gU3kmreBShLqMC4qwulg2G29X2TROpZEeBXMk1Vrk9Ew1gxOkGWItEwBc +1J79evyy115DlzwTKBwd90IE5GKU16z/gLDI2FsZpS8489O5dQgWyZwW09fo47m8qu8+S5qIkEVl9 Ak2JMvUqfyb8YRc6jxY1VvGBDuZf6noFHZMhkPsB84HpoY4AxDXcjnnOnCCXT6SckjYcbuyazxmV8M 9KhX2iIAUrHutlQQv0c4a6GXE6hwejr5bApXRfOkJhsnYdn/eAvx8yYHRagoAdIm/M6/L1hA/KKhBm Am2S4fiBHUkxBryH/KTDT1I3J881oN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 27F3240016 X-Stat-Signature: 5rhd8m77prmo6q6mg88k6k1ab1e7ttth X-HE-Tag: 1690811580-359882 X-HE-Meta: U2FsdGVkX1/RBwLvm7NSJAgfUKFQF691qsWJSvIeFCvCFg0mDX0p8kU3xji934fygVnJfJJ57DuS81youMRA0dkBXSHgDm49Q9iNRmPoS7pmiSR2CmarjK7XZxZJUwiRWz7CVUkmgNlDY4EKT7AO8fgrSE1mqp/kQ6vmG8zPg+jqE7pzMBL9iCMPrcjRxCwXfmyqnL7lKuqVORWvIePBXr1P1bIWiKEbWRxOwzWaAqKzVjrQAYeE8KG3NszI7xtIwxR6ZYrIu3yI7Y+OiL2958GEOsSJDrmcuxfcw+dChyeEOUlWWu9YJJWowuFG3lnmDjlOFN/inXL6QFpMqKSutDwSfRmvZ8F7E638vRdkOjZXitswgsA8MBLHc6D2oqZWRkzNFoQQI/Y7BTYYnpY09nEIwLN8yxnwf9gWRxdBkU8A7N8ExvrvF3WxXk+/boZS4U7V92EDUMNy7RbRIhfue2yO/u+bNCp1M36sdvPYEQ4rO73cfTYe4JJWb8K6GpIaIRT+r/6EASWqTg3dk4Yy80/88/yfvjEX2WjqxWCCsEd/fIfauOzn0joqalST7b3GT46CZKz44bI95v+CMSAPfCqsJcKQB8nldgTtwEkNqbjJhFy+HSxyzjuyLA7n+xdg5XZDgJfSTE1vk5KcYsE8cr5OrzGcVEPP5kwGA2WngdElISTAoHLEk4GfBilDh41whYisotb6O3o4taHIltLPH58+0sA8MOXw8oIaQJhYKhDsw6vjLqcrczhVVcAKBfcVi9mahyDLddDjZ6GN8nEVIGdeuKPu0uuqtdTOgKy+GhLci0XF2436kLKIurdWT6WKB2mHwft4Hz5yVoSZT8kN1rnaIwT0KaU492ZoAjgEH6Gr+NoDMJuF5V81Z0g09fxkTpdIykCZf8tBHJqcpZKLe4Pddq/9KHGVRxMvhJuevsD6Mviu29PaoHTcDYI+cuegaGyTVXkAZiBS8O/QTSL ZIgNQFuX djHWeaA7xTpMr84iX3lE/PjLB/o1jvKmkW/PiJ3KwYfJV9xuC9YCAuAXwVSU0aUwoqs6aV4Plm+DPt1fkuwwDzzk0U0s5DYRlUE2k4dySbUHsWRcQvvkOpqV4C4kVLf5rFAfMjtKlevpaK43KNxbfKR3m4GrjntnFrCrjj0HO0AeNdqZWR2oq2VEPMMG3Sxepe3KTXwImSAFLGVAJ6OiT1FhxWYhCK3GvL+l2E/rU/ps5oAeExwppwcZcC3omn0QiSAN5ScbECqELaEIl/tD0lY15AzGhVMXESPDxkgfTSqYKTH3sbDOqWlJseZH++cKjTJVnK3osRHVotYPXZ58hkiTNcDXqn6oLiEqQzzVjfflCDNsDYD9RJ+4hyS1Q4KngSlype88fG9Oa/J8rzi9C4SQkj2GW1zLyBjU4aDgmidhMocd+yc6J30WGuQT8Tre5vS+TWUyMO2VYPteeonj2dxg/Fw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64, initialising memory allocated this way with the top two entries in the stack being 0 (to allow detection of the end of the GCS) and a GCS cap token (to allow switching to the newly allocated GCS via the GCS switch instructions). Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 50 ++++++++++++++++++++++++++++++++++++++- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 5 +++- kernel/sys_ni.c | 1 + 4 files changed, 55 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 64c9f9a85925..c24fe367e15a 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -52,7 +52,6 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return 0; size = gcs_size(size); - addr = alloc_gcs(0, size, 0, 0); if (IS_ERR_VALUE(addr)) return addr; @@ -64,6 +63,55 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags) + return -EINVAL; + + if (addr % 16) + return -EINVAL; + + if (size == 16 || size % 16) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + cap_ptr = (unsigned long __user *)(addr + size - + (2 * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + ret = copy_to_user_gcs(cap_ptr, &cap_val, 1); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 03e3d0121d5e..7f6dc0988197 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -953,6 +953,7 @@ asmlinkage long sys_set_mempolicy_home_node(unsigned long start, unsigned long l asmlinkage long sys_cachestat(unsigned int fd, struct cachestat_range __user *cstat_range, struct cachestat __user *cstat, unsigned int flags); +asmlinkage long sys_map_shadow_stack(unsigned long addr, unsigned long size, unsigned int flags); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index fd6c1cb585db..38885a795ea6 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -820,8 +820,11 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) #define __NR_cachestat 451 __SYSCALL(__NR_cachestat, sys_cachestat) +#define __NR_map_shadow_stack 452 +__SYSCALL(__NR_map_shadow_stack, sys_map_shadow_stack) + #undef __NR_syscalls -#define __NR_syscalls 452 +#define __NR_syscalls 453 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 781de7cc6a4e..e137c1385c56 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -274,6 +274,7 @@ COND_SYSCALL(vm86old); COND_SYSCALL(modify_ldt); COND_SYSCALL(vm86); COND_SYSCALL(kexec_file_load); +COND_SYSCALL(map_shadow_stack); /* s390 */ COND_SYSCALL(s390_pci_mmio_read); From patchwork Mon Jul 31 13:43:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334744 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B23DC001E0 for ; Mon, 31 Jul 2023 13:53:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D89BB280056; Mon, 31 Jul 2023 09:53:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D39D9280023; Mon, 31 Jul 2023 09:53:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BDA9B280056; Mon, 31 Jul 2023 09:53:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id AB0D6280023 for ; Mon, 31 Jul 2023 09:53:09 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 76D6FB217A for ; Mon, 31 Jul 2023 13:53:09 +0000 (UTC) X-FDA: 81072048498.19.51D783C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 47AFBC0025 for ; Mon, 31 Jul 2023 13:53:06 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ThBRfTxy; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811587; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=avf8c6NriBeIYSdGAjlnwqo3ghTBk5MRIK9toslm/jw=; b=no4TsGrCGNi5KUxQrufW7L9rL2JhYqxD4jnZFsEmER3+vXGmCCwsdXFserR046y1ZZJUDv y4lHusDJDc8lezzMGH6HHK4IuqFiGl1UFJELYW9xkAMm4eUPyfXtafkdXYe94e+xcidspd YAT05/q+wLRgLDr6AJF74DV48Q4s0NU= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ThBRfTxy; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811587; a=rsa-sha256; cv=none; b=G9BfEC79IY9ONFiDy8TncTdJLthV827uMiX2j5FNAxIhjZgQDyolijcG5PuY4D3lzo9dtc s4TGFlHaKsUzyakBOytYch9vKcwDuXWhrCD+fPf7CUeh96e6Yyd4DbKp9AmH22Q49jBcZA eEBhG7M2XCRlEZEHnbAfpDjPiI1HAFE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 644BD61161; Mon, 31 Jul 2023 13:53:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 25219C43397; Mon, 31 Jul 2023 13:52:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811585; bh=vU3mFonZ9R73efM5GL7daAlkx0Z/33akBDEmJa7xPQU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ThBRfTxyJUHe1I2l0nxM1YGMx6WZrrEdMiPD5MpQTuLgKMdsDai2Gr8sKme3ak48A rP7sd8iHklr+W45QIPUqQNdELTUgH7T2ACMraQ3j0HUrQphRMQBkvxLjlD0+tFSn9d L+m+cDyNTpoSSAhUlRdBePVSQQmkgxR6ZdsD2jfMs3WwUV01BhZjKgNcwtzdoLWSdH K8ekXgElFpK3yGasj3wpDL9KIsovLJjSoSpzp/EvJWZ3Ywy/uECBS20dAzxTMacvZK jJNiFzCEBACOY3NlfcjG1WPxZzkn3bvUqXaBXxEaPwoU42B9EEbivClG0G7S2x7GxO 5UP7WX+iYdryA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:31 +0100 Subject: [PATCH v3 22/36] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-22-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7272; i=broonie@kernel.org; h=from:subject:message-id; bh=vU3mFonZ9R73efM5GL7daAlkx0Z/33akBDEmJa7xPQU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wl86FNMVr1AUjh2gvXFT+OJryfoieOoJ6T3abs FiAVtkiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8JQAKCRAk1otyXVSH0KMtB/ 9FQa9dCt5b27KoCa6C+JGLstKIIHdaG+N4kizkMbSj8W0mTMFJRxkU79XVh+ucxUkVBOZJbPg1PuPO pa11uuYJ3f+NCaAtfmbmyc/PWiRlcDVOsCTGMzoPugRm72RnouFOTLCodjJG+kWgI3wyPVSyaNbfeG +gX9+GPJcn8lQZwP1y4FIPdcKLxKgxecGqpnS7gKCccHS7Ir1GCo99z+KGdciTqBzq37L+SzqU03L/ WSa5xdPIKKHYrJ2Ux9997gJMETS6MoOpbLORPrd7U52AndV2MLrWey52kNak/yxrYfG80NJoeCcl2q Bf5HGJCPIwO/LKcnEgXkDCMFzI/Ixb X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 47AFBC0025 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: uhyfkbsfawfwdbhbr8ebhjszsmepf53r X-HE-Tag: 1690811586-976638 X-HE-Meta: U2FsdGVkX1+iIOR2kQNo8yauxjm6oVPx9ymZUsfabKrlzzXjepJS2I7Vj4VgJavLkU9vyxlA/aTcHHDxc8P4ZHMGC9MovNUS9FNAWCPQZo3lAOOL7Lrwe59oqmgsz89gbUVan4QmJ0ONBkwoPtuqL3m/2JFzIAV71btnmROdrjGN669YNjpRz0FmVvxKougjYvYnbZYYTaPZiW7b1qA6ElXHsX8JCC2uHtsztTgvGEjV13H4YNMe6CJzoqrT1dtW9DvaFjG3zFufqPt3hTe69LOB95SWVUs1MkqDRsmuVgKitAMfSDeEKl5wjGpEMdfTXeuNygwpCPc/uPIVZBCF2EjS/kigReZm5cF2b+hbN+vGJFGHbgYr0t3GRNzzBvXgDGnYJcdOkRRSwG/UdSmA+6Akhz/BYtyfZcLJxk67SV7H+XICYZHbxOc3aSBUuxWD0ajkJ1uExRevQPf8L2AouPhUo90WOPKnl4wxNsI78vehOnMKq3O4kwGOTh9GXuaeadnIhE9FdESQ+o5yrL28d35v/ISFPxqCouuDlv79wRlLin8pM1+aFMXjNp80y/wGL6ok2tTRKlQ1bd8t+ZNj5iEFAnydlUorErCAOnRp9tfGOe3stJSe3TLTxVTam6BLBbb5eF8FTQIVNJyyvlW3HgRipQ9a4Xm+R5CblshA3pRSjW6q0i2DKPPnj84+NcDEZ/IWgDDUkz6FV4YIRXsxdMHCITCGsGD7JmiRyDQFbJ9qxugJf5oAQ7DLXt2iAHIJUi2IGDw0D0X6kQaAJZlEYWAoi07QCn/Jpnf9ouJZg3azzY0hwjtx4zHy+80yYL+snuQVpc4YOa7B8dbFdhka/fIIeaqJ+kMKc3DmDnvdPJUvoiPWG4Q+yX6531T6u8BwYS2SnxZc1YyKYoaD1LqEYp9bIPZggMswP9xGGbakNLTVuptcJXIb2/SMnt2C03l4rpRZxO2CheHJlQONt/y K6I3sINc uObJuRrLAsoDQzoCFVB2YpDLouw2zcpqvdb0a/y378aiSq4Loylw8XRMs/MQy0XMyQjVnSPHc+nDYS2++V3ph9Mtvf6FTPrKJJN5YvciEjIRbecgkZ1xpRFDDZ5YfKxCuYb2creuLwRETk/P6TeXwewwuhMczZlgapsM8pnHJ62pNq7djWWkr+pHaLpUeOJf9m9tFEM0ORChstynLfgLqhuDZkcIszkkJKMZeefVcGR0VT4JhV+LwcGeTSyRd5L25Pw+v/G5i/WJliqK4c0c+hB0wXOym9b1bF7K5F2fdfUZjIJuFi4/+jrj4UQ7iGjKz/BncKD67MnxZlPJR5kHWuOPkEKwQL7W2E69nfruQzjXxywgiPVIvEw3uBCuk+/1qMTMiOc1m35FCbrCSPyyQvh33GtpgCRdH+rerTD+h0talzDU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set which we add on signal entry and validate and pop off on signal return. Since the top bit is set address validation for the token will fail if an attempt is made to use it with the stack switch instructions. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 2 + arch/arm64/kernel/signal.c | 130 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 128 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c150e76869a1..65496103d462 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct ksignal; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0df8cc295ea5..1c31be0f373e 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,36 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) (GCS_CAP(addr) | GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != GCS_CAP_VALID_TOKEN) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +846,45 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +911,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1144,52 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + unsigned long cap[2]; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + cap[1] = GCS_SIGNAL_CAP(gcspr_el0 - 1); + cap[0] = (unsigned long)sigtramp; + ret = copy_to_user_gcs(gcspr_el0 - 2, cap, ARRAY_SIZE(cap)); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1197,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1237,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1267,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index c24fe367e15a..2aa31a3891d0 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Mon Jul 31 13:43:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334745 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FD22C001DF for ; Mon, 31 Jul 2023 13:53:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C7886280057; Mon, 31 Jul 2023 09:53:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C28A3280023; Mon, 31 Jul 2023 09:53:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1836280057; Mon, 31 Jul 2023 09:53:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id A063B280023 for ; Mon, 31 Jul 2023 09:53:15 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 71F1180B3B for ; Mon, 31 Jul 2023 13:53:15 +0000 (UTC) X-FDA: 81072048750.26.8BD79E1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id 5636D80012 for ; Mon, 31 Jul 2023 13:53:13 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oCYcF4qc; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811593; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Tv3ZQTe1vq0gXi/ckLnsUDbjI3sqm8avbDnc9Ul9ahA=; b=0qtKO4jPTchxBHFFOmjj1z6PNZm8bD9eE9mT7I4eZn+tZelFAXsu3P/y0HzBlEIWFS2o/G 0QmP4RcX3WeczgsrXk3Dc8SSbg2ktY6Qw/CiYQl5hFF5M24R3jm110lYVXHSy9cqvyuqrI 1n/Omv3SzeSXpFBG6SFRr+zRntpURqE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811593; a=rsa-sha256; cv=none; b=2+msGAx1EgNV6CDpmh4bKk8PuiI5Z7zqIRbEsUibPTGZ5s/C51kMeB5Blv6ksI6BVvo3Mc TVhuye5mm9WkXTPvmZHYONqQZtXhGI3Qc0/m4VhqBAK5vxkXtreeczFAQ4qqtjlRtwEHLf 1Ehn0lmlULZoL1wpFMKDrbESCSit9MA= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oCYcF4qc; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8B5886115E; Mon, 31 Jul 2023 13:53:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 45C50C433C9; Mon, 31 Jul 2023 13:53:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811592; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oCYcF4qcCW/kcOsq3hrnnR0SifSVnJItIU3l2Tp7ESdSZYmvCrsxPDRcNzid7TooF ZX0Z9IZZXjbe8GbrIU2pCqtjvrkUFHSMBNwgdqaxRUoZN+dc64l9TMYsRg8ADR78V1 viUEIIaKwW186ErFMdBFZnQfctS3YdCai73rEhPRciczpG9lGaW6mFZn1JoAV4wQqb /S/hPPXmHEIAPsPJMGnxJiqUkGH7iGYeue3UMs55PVEJIfhy5K1pt6si1ppb3Dw36N wbyDCdOhZIpDRLpEVWzdCEXndBHK8crlrb3nsGv5BwP3BSDHpPA7N+4TMZIxPJ54CN M9Aqiv25izMiQ== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:32 +0100 Subject: [PATCH v3 23/36] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-23-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=KnBf3819XLYZd+1IcRnGIifcqO5I4WiAi+2WJjL5RP8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wmfIBFkN2niYmy8mVjiWaU54J+vhgsObWk0GYb 062RqJqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8JgAKCRAk1otyXVSH0M5UB/ 4us3Hv7/mq8oJ7CemwMMqxY+8U8Ycd/IcnLB7fHMp1EYS4OOcAq+ibq5SUjyCU4Yd6R7n/9AnXX8Um RP28au338A0EqSoxuXQ/Hp9NB8+HntNy7QTgZ/m/NsvXeIaqtg51rX7j5u/MYZanGILIuebzAXQF7w 5NBmE9320eckXzOyxWW4wr0OdEOTLUFJCGJe3+Xw+KYsIdvCjcVmLGhL0ThgWaDCZZlbOC6AW+owyQ MCtk2DGkcQRsic3Gw/k/Ak05L0XY6YbX9bPQedPBbLzmJSvqtfQ8hNc1kjDau7gHX1jY2vkOwDkRY6 p2BwW2otdDdWZk8h7RWHPwUEpq900V X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jdq77b67yzmb7iisjef7myh7kmj444zh X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 5636D80012 X-Rspam-User: X-HE-Tag: 1690811593-117028 X-HE-Meta: U2FsdGVkX18S84rLS0cBClXBYz9KOuvQTybGxme4MnHbSX9B89bqMKid+NJgDERy/waP+rly+XAWYBT3xvKK6wv37vTy2+z/0mBaV/xA58jZlkF/0S3U8vh9Q01GoHaaw8GfMgBXx2FsylHhy4PNjqZSivEnHnjynclv4wEmeRYOGU9SMShS4UjPcicK4L+dvRdDcXyCmUcDJVqTUFoF6qZF1E70h7l0IzYNuo4t7WGAMrTMbh8PYELEWlkVRazQsXV3ahNuT5a0Lkn9qGFV2DfjQmszC1D/wJLmlDMal58XXoLw+szwr2vUw2ylFrlef/UlxHpkDzpLjXvuaH95YxcOQHu/27dyDIfJIfaYvdW3v6XvZ7Q0GKNF5J2uc9mTLcDg9b5KmEkgj1XotTQOMH3St8RPzFbE/D7RaGkLuB9hTtI9eGErOX0ywzF0egu8EW4deTFIAgPPiuMf0c/KmwJJjWj8K/sU3zXz6qEYWGTNddx+uJPR2bEjs6lcAqKJqbcb+9fqX5if2gOJzJomKyM4wyU8hD5p1WJVmdemxZOwk1cLP+8T+3uBWIStwQ93W/yQEZlxi7ldsOu0GyhNP8lwt8lSuja1iEZTiXquwU4mDoUQROsYLJgonLukDH9B3UpdKVeN7xGJQ5Vn5gr4hiKDHwn8q5hY/jJ0ZVAcbF+I0Axbin52xhzTqag2YfPoUqvBTlJgREDfPKkiTuvHJorBQZDkJZy8JoTBNo4mHPR//HF3EwiuUPWTmoqk5Mzg6rxQd1WmziVd2oZEQm4jsjy+XrseVe9SrWnCPBs5yA+CGKLWsPwRHA69619bYN+Ti20pmdRzqufa4QHUsF39rNLlHthJZM91ixC6M/dzMOaZlckrs/jtBvG5lbw+vp7YfEYysJHltznWqdPyGaPHx+oQUQwytXHBRkm5lsz88Rpq2hHtl4wq6CfnzQsCEKVMbxe1lhXNx9JxNLbcioS p1kEChw5 b17VcQxWa44Tx635M5gLlJlftgXEG/M96RXd+bqAPQuxPyzAacj/YFEapud2sZ78fUHOKWQAmEFTOS6qHmBnHD7bHVu4R2ykGawxD7gDMdb3Ja804PKuwyO2HqytyvKu2W0gsgjacmbsp9IrHeMCGZYJ1HwBDy3OYAncnyBNmP46gNmUrINcXQPY8EdbgZAROGgdLg1iYcHZi1owBeHQGaZKXifW7m96RK86saWEfiuWW4dj1gGQ6TdfnJZ11bd18to+mVEErNcdkrEYhPJcdFrxnUuFXA/ZmfU3zaFh3NHKx4H80+9fIMFHsEb2Dd5I8pCBZpus+7yZmZrZy9ah9hfxO81puwjgHY7M7RD5o+BkxJOczfnvglsY2s3M3sOYLfywgOyATsXLSoYPDkkvLcXl1FBSAPm2NGuaf8wbU7Z1JvxU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 1c31be0f373e..4cc0c7928cb3 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +700,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +795,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +925,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -948,6 +1042,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1041,6 +1142,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Mon Jul 31 13:43:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334746 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEB8DC001E0 for ; Mon, 31 Jul 2023 13:53:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7C959280058; Mon, 31 Jul 2023 09:53:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 76DF2280023; Mon, 31 Jul 2023 09:53:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 60EAE280058; Mon, 31 Jul 2023 09:53:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 50A71280023 for ; Mon, 31 Jul 2023 09:53:22 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 25EDA1A0132 for ; Mon, 31 Jul 2023 13:53:22 +0000 (UTC) X-FDA: 81072049044.30.BEF1053 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id C7B601C002A for ; Mon, 31 Jul 2023 13:53:19 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="kf/VAjRu"; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811599; a=rsa-sha256; cv=none; b=NaE0Ov5aSYqQbpQ0C2454KqTxPh5TrYyLnewnxHf/0Oh4gpaW/MBIkcSoqbkJg+wavNnrf B8J+e07ggpks/HCYP4iDpcsblkRpzml0d9LR7QIxagPnP4pmC42tpDqhPYOVQda0xjCiLg 3eNXBsdAhNYoCZLRQMcPL+CS26XpMr4= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="kf/VAjRu"; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811599; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7Xh0jTR0r8+ize43vTl6QzYzhaS83l1nMVxt1u8Uym0=; b=or9fDWaLqdN2x+6XfGsnD3N8mdIvtaF6Pop7Glvr20J8d6HfwPqXG2K3qufh1eyqVqVRVJ NnbrQh2eIFltRRvrbJLBCibn7S4Hzxl28zQD8wPviQPlNjAp3xJsEmBefdfx6/PmQStnzD EcEYwAtgd1Byl25LmUfXGq9emoZ/hZY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E52116116A; Mon, 31 Jul 2023 13:53:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 69939C433CA; Mon, 31 Jul 2023 13:53:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811598; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kf/VAjRupL/UYNVna66864hPZC0Z4Zps8RjmLNer+U1PJK6oGmFsQaOtCK02JyGdv TAYEmlR7L4KET3/ZQYs1qY1v5dW7eWU4d3khsopy26E8vurcebl3y081rG3fZvixEX gBDynhbsdDsNL6AzP4eM31RJ58adC0bBqtc1kauXH+qXvLajnttVgRqAujjmFg/7pP NnC+CstD86v4WdmpKd6+J5NgufRREJZhVdwDx1i2BPnJJo+uNLRDauvvIrMx70/kPE OiuQR6474eL6tfiJG9/g706rDV1LW6oa9HDhu00Zo/DwwsgenArvnDOCXoxUpPfTIb 4EAFzhJ9yvvLw== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:33 +0100 Subject: [PATCH v3 24/36] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-24-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=0QIP38ZumyMQzrMYtc7Z/0L/bXiC+1OudC2zVRODlMU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wnGgzojpN5zdFSj8GBe/e35MxJdmr5azLrGhuQ zAaJd5iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8JwAKCRAk1otyXVSH0MoOB/ 9aNcLSaGjWPcqT/oKLsWBclSvFItKKdzMbWIkF4AgS56t258sb8yBM6z+7Dvip+AsyM0oW5wlzEYqk LS3Hdcp1Cs2/4MEIYoaXRRpmE77HgEeb74JaodRxOak//j0CoirqfszxxUy60R/6VTlp96Ssoau1S4 Mjt8YYQjztaXCE2Yx9rgh6zOudXzm7AQxScLFwfJXfx4YXd53Mv3xaIE8U68zwRJhguXpC7DAOBVSe wGzAwWZ+8Kuwb/3HdQ4iT+qqK1s4ZVBelTlHSqHJOLItbVB62fBEwJNxhIGYPoOCrsUWs/V+xjoYMP mi3MqsudHaYzSgIlovD2GVKCeh0a5V X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: C7B601C002A X-Stat-Signature: bnfs4tg7mj6q3jbdmkx11n18zdhcgb5q X-Rspam-User: X-HE-Tag: 1690811599-795383 X-HE-Meta: U2FsdGVkX1+r3pPZwkuwXJj/OZoCi3533OeeYnm15eRPpy47bXVcbldxIFjj+wH4yM8axCQIsFOJrLBAu3AVOe/kfO+qlRebHasttu5UJdRTrx5Y6Ux3X84ZvyGtO4H5GR1h4hbKzKkEJIkf9NVxRnLszfY3ZnJX9RxQBABqdDougJIJjMpHU5NjeiaeI5uBZVI3WrAXCCrVq6ox9Kn6+ELRWsd4fuOQwssx+OimkRP6wZbZFZT8h9BqN3BDMlFGrH70hsHGRqD7wEkDOkkbt83LBrT8/tR2VMrxStlzxWLdUCYT5jvtyekOEgKJXb9NPY7NiAQ9na9dB1bdjJCyo5RsVWvvi7Bw95/4gxRrlIhNsix/jCT4YBdsBD6IDR6DLed9HXdnetOyUcrBePvkgRmJ7bHXAK9MUlway7JOOfDyJcG6roV8YohrcH1RY6XH2w7PRFLXzomNXNWUrNOA/6zTAIxLGiO7Vj3Uv8tL6f0DlODdwHxaVXZbNmpONLvd8TCg9AiKyisXvvWD2KE3wqFkG7/1L3gcVzFIE98AE2cYVeHnuMj5ix+KZs+/LcgN5+DqIsJHVXDmSN/iyk4wccMm3DBXxmJMIX3EwkFgIAQGecY6P8QwSchiF4EZxWsSLPJoiq5Ns9nogv0VKrD1qDfFHdBhkfHYZ8qsngmLL92PMVYmBQCpQI4xHEBDuxxwmHQBtuZaNE5jbXtQVpMM8HQgwsTnp2YprTLZiNRNqmMGoHaA0bNsb8kUQ8xUdEcdiURz+IFv++t1nMGZNtyvRVL/VJOzJDOF55t17yMLBIhGQlxrddpnj3ncqu1WgSmDI/1kuNid5ZzZMelS4W0lZbg+S+s0oxRC3LBp5HntbUiFogUms1MDjO4rybhmrtpKKNALyc2t/s92bv2QwnKp+81l6UK3O46KpHGAslxdzPI+yXxD+tqZhVW62UKOCg8HR8GzRi6fQ7esfJ93ILp XJCK/ddV SuDfV3Mn391iR08YbvsLFK3qbb0gCZvTEdlxx4tEb8Q25iW9BADcWpYynLy1/D5L4hk0H4xHZqy97pBa7XbO21Y7p8s4zfW1rOHgmchQkx0SEQrXTNeCTONgXQcWr4OnzVf3TR/eoDw9lDoXOPnrMse/kjH04gYaR3blbWZ93L1HWT7LgUZXBN4XjtpZcv+xVYyOSAqCcMMXobr5XrNcxPV84eoGr9Z55oZXRCfAbQ0KFg6fEJl9IcDDWKSzn2r9n+LpV74Cj2cAX1qWNP0sbheenpHXZSf/heC2J9CN8gq8RYuMS4a97joUCqa6Ij7NduUL1KAzAr10l+P9x497wBmjU169LM8fzmPEQaW/EvbfGNB3w9itWv1QbRl71qkCLM6Ppk55pMs5r9HXMvFKWpPKkK8EmRhYH/rvjwCTiWsY86lUCPRUUwsO+HhHLJ7Do3YGfToQw5I/kVIE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index d7f4f0d1ae12..c159090bc731 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1390,6 +1391,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1418,6 +1464,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1568,6 +1617,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 0c8cf359ea5b..00f698a2ab17 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -438,6 +438,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Mon Jul 31 13:43:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DCC0C07E8D for ; Mon, 31 Jul 2023 13:53:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2DC36280059; Mon, 31 Jul 2023 09:53:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 28C19280023; Mon, 31 Jul 2023 09:53:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 153B7280059; Mon, 31 Jul 2023 09:53:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 05C61280023 for ; Mon, 31 Jul 2023 09:53:29 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C1B82B2188 for ; Mon, 31 Jul 2023 13:53:28 +0000 (UTC) X-FDA: 81072049296.09.3E7352F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id C1C5580012 for ; Mon, 31 Jul 2023 13:53:25 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nZYlPhlh; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811605; a=rsa-sha256; cv=none; b=tgcroNHcJGRIIglUo6IoZ0dG07UcH1tAM4PnX/71plTTgYHosdq1no1mk6sBBu05vyYz3x 6jpoWibTA+iEiP55kMmQWL3DBOm0HO76PYbrHXg0Lfpoh0DY/Er3VLDzt5/yrHMi7Tjp20 LNlMGYs9SIl7uo10JcUZrcEJTJipNCw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nZYlPhlh; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811605; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=BnTPNnb7vLdvFR5WbrJlLKVTi36UZPFC5Hk16d0IDAo=; b=jJlefjhBy0W3NsPRpecdrIygEv2u79T9oK0C1Ol2vSTZiERtmRMkNVMK6XQghM8DcSADNm aaZdQwcpIV/O3soxhrmsXOJdUOqPFpku38qSqvE/IezUDbngd9AZR+QnLvisWzludKcbhC 7Ca8+g8NUaenmXnAJMvQgZ/JFsBPv0A= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CEC566115E; Mon, 31 Jul 2023 13:53:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 909DCC433C9; Mon, 31 Jul 2023 13:53:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811604; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nZYlPhlhjG2e1wEUfCei062MQ6Dbl9MfpeOxtlNby3v0voK/nj7N+EFE43JqQL5Wj Hs+p8A2tPXTny2c0NtxjgW+c3M4oxb4wc8WIG7tYH0TvYSaeNibc+wtlNZb6m0eiZT nITyOLlHdb1kCbgDuYgvG03K/DJCPIPSYtvfOgAj83T2kpc5aXM4HJ5jgHB5TEFg0T 6b2UTVk00oNA8JYYQ0yH6C0pGGkSz8r/rnHteFUub/w194oCNRHAYv+MI9Oe856TNL qn9c0Dtz3rc7tjgn/VHNe7PhELqGqzPCzLAepLqr16IwopZhGucEbInKA25AVHiUtN 8fRP8D8j3smag== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:34 +0100 Subject: [PATCH v3 25/36] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-25-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1334; i=broonie@kernel.org; h=from:subject:message-id; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wnodnwjqoZK4muIg3jEUoRCGxezol4tgSrjmCI O795jHiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8JwAKCRAk1otyXVSH0MnuB/ sHfu5/n7b6sDdSTxDSHao/3yji1/B37g5tOzIcJILXPiDb3SHONtPUBN5opqReBE9DQcr+x0YI6Rkk jaJ4E5v3rXaHapeBP61QyIUI/8IIT146hHME6uvN2U4/budEmwshhRg+fRdusyAq2/VBIHsG0KX1da LZ099j1sMmvrMIKOrT2bpG0z98HXoIu3bz57PbEyiABWyHtIDeXiKt/QIStz4OVQ9hWYFZBjfNlzZa 6/4cBlW8YGgvKS16rKNTxnMLDhROElcWbnnfxdNpw4VknEPzhsdrkvkHTxnQ4zLcFoeC4yl/NW7Swa c8XQF5EFbcdiyln3+fENM9B7tSzFF8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: C1C5580012 X-Stat-Signature: z4tcz3tffbanc8ybcjzkcj8gdt5gxogj X-HE-Tag: 1690811605-522697 X-HE-Meta: U2FsdGVkX1/MSAEQvKMegxnATOArjuTBU8pFKBKxPaTbmLQjbO1JtUMXDIY/hkQMYFypoibj8+QqZPBzu9KJFjUtb8nNptGdLtA/evn2CPoiYv84aHzLGrvSD8sAu+Af67KnSjCCs2KmB2gwzYRv5emnOfMwtWKITHAKSwjDPE67Ea5ocvG1x+X9x53FD3Q+7dcM9rhMW+H2V075cQM3DM2Gv2mLuQBA7+Zw9Xa8r1IU9KlevKMigSnLKknMIEt0/X90qzyVvVuqVyDkrmm0pxCG8nutC6U2yKwdqg8WL+zv/qSGKu41dn4xoSlBJ1tKxEv1NGzH5cmysU3uC7tdUGxQ7noTOnBQ2ZIZQ6/BJtcIjFjaYlA1ZCD4T2oTFTgTkAdwjtsJonjxkePEytoDc3MDDXSOo3/yV4yEPooypxnPXs3W6phRTk10M+LgpgMgBtw8FaLnTYAhlzLOOvlBdcwimA4T1DLrlfJWALNH0iAWHhsN4aW8TBAdt6qtfo8h5dTcrDAuh2U80MKK3xAxF7mTrDD435CjQ1rHat+WJwCeZJNX7E0DRQX/bh9PCzO5dxEeTDNa5hV7UJ0rT329PmUC6iUoiScffEk6wo0x4id6fnNZNWAQRrgowzTDe0ZyfJR06lT09man+kc+y1xNjUMzIxnmn8sWOeoV5bTTNgUop5LOhggwfoTJwFM8HoTobje+RSZig4CyjM7evdbB8wJR/HXlKDsHFzr2A/RC2Z9QbRz6yxn73xHYXWgol674X5BellWGc5k4flr7yt6r48MKFe9xV2USMoi0ie1UUCyTYJhK42rNnnoVrIruSfzQ8hZR9QEAvYciuhyHP4Ep+k/whsPnh/dxvmhwx6qv5T+2x3Q9lnQ5iAe16R/KmffuyLyGfVUDT/W//xxCgC3PKCY12i/+jltDTEAagfH1+evXNTSWt1A7FrXq2Hvaly/Nhk7Mk7k7JqdkSRVj83+ 3SuvoR8f wE7tVEtPTx3KhBlnjTPZBcE4kdHEnfxgHA0/yUzcG8qt8oKBZuSG/vgY5WCIsHpO2id5n+eAxtCFlWUeA1oKfuvGWoL1rho/kgw0UGDRLcvSzCls9DbNeIKXpVhMrBZjTNWF3+bi910fxsTwyyq1Pzju2sjpmYIbejebuuBCbEQlgoxnV9AnWXkz3pgLcwGSTCOIQoVMfalEYrtbZoKJYKjQ+fXVnAvI6yB0XhP1vey0T+2OkSgIjiwiIzLOXAbksQkazL0JBfgSo1Yo1LFV9W86WgpI3kEImNfD/Y2mlaBJepIn0MmO5UHY8Mx7+TzRIYj4yjAyxe0IdC9CTyZkYKztPJL1TX7nRpTYO7UKpu6MmnWy4sxh4q9TEAREv9o9T6F68QytmRN8vRk3QTJTDYIjlVD71uAGSPI4D+aMGr5ecyfA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2511b30d0f6..b5ef1a698770 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2093,6 +2093,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Mon Jul 31 13:43:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70F96C00528 for ; Mon, 31 Jul 2023 13:53:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0DFDE28005A; Mon, 31 Jul 2023 09:53:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 09041280023; Mon, 31 Jul 2023 09:53:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EC11D28005A; Mon, 31 Jul 2023 09:53:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id DB8D1280023 for ; Mon, 31 Jul 2023 09:53:33 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B8644C012C for ; Mon, 31 Jul 2023 13:53:33 +0000 (UTC) X-FDA: 81072049506.20.727EB7E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id D13104001A for ; Mon, 31 Jul 2023 13:53:31 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UZFz5zJl; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811611; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6f2sHhBx1jepR/YNA5SyNc7wOpOk2HW/TCkILD2DXmg=; b=AyXU+1OHEO2JRyjnP45/waGdbLcxPHtxG/oJfXAU0B74QfRxSwxFPolAPUjVRzEprNUPJM yEqOX6Uijjs3vWMKc+Y/8zp+TIuIYiqywwj+R/+b4jUSC/3PzEteIrgBhJkCBt8Sp1Xuk8 UqxOCWWJMXr9lF5zps2O+/1UD6tcSuQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811611; a=rsa-sha256; cv=none; b=iDz77hrzWIsGbRxpxZzg7RBf1DuksPLYesffaHAHey6ldUYgdW1S+MM/s44V/jY1PZglUM EhhChO+2lO/SJQMuZGlC3C5KXebc9pQD88gz6fASsjUED/ZR+3UINlBAQAIBy1TqntCrM2 v+mlfTa6CESD2nA/OLCZCW2wI1tjeXI= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UZFz5zJl; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EA6C161158; Mon, 31 Jul 2023 13:53:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ADDCDC433CB; Mon, 31 Jul 2023 13:53:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811610; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UZFz5zJl1rGYE8fD7JHP53kzdgO69dJ63VOmzz7bUb0LRuW6i+ZcOMuBP5jDkeRes 0opKxX8qDYyU7cowwofSW23tP91yr2be4yytxli0fu8+qJNaTuoP6yXPE0BzQ/2HJd btw9ri7qVDKqBxG9CDZa4sEC+7NsK9s1eXRoR4LIR9/02JoljenLgYA+nviZBBpIy5 3WFlQYKikMTaZRg8oZMHE5jqtdU5WWNcGod+fL1x8b5uRW6F3CV5PNvRD/qGhWtYMe LA9Lwu0Uo9+P//db7CjlsLxsv3amgMixYWOFazIc1PJp2o1GXXEZWoko+CJfn3Bb3w 3CdSUM0Hussmg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:35 +0100 Subject: [PATCH v3 26/36] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-26-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1205; i=broonie@kernel.org; h=from:subject:message-id; bh=6C9vpUKzxaC1YPufnnUpE8qHeuHqYjFB9iVUxK25t6w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wotwwlH/8oWbi9bhoozQqb9Mmh8Aqb/FKJVt4Z qCjBxyGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8KAAKCRAk1otyXVSH0IsnB/ 9tm+woi16lWLPQgMUT4tC/eRXlObR5g86WJCuPogQIpgBdTwwdKYR98ce07K6N7QDtvGAeT+3D7cTe JwbWzUZOYAUDAbdVuM2yT2WvrhhTVVromril0fKmh5LaOewRZNej29XwphRZ168nYzkX0jaCK1z6/5 KzEm388tMfPmjOVOtet36gYdjmnBWBSD79CpbZUDTtk2Ld5YvAfo01QDVQde95o1Bhp2d8AFYXkUv2 uzEGsFfsW6vn3HxjeNQxJYuDfaHcq/wCJPt+3WGavHLwqClwxZLMG11kK+ZbZpSL/0sJmUeHkQ6CRM nb0Zdkh3/BvB5mcAUTCYuK6uO6A/F8 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: nrxqtif4z68frp4xgwkjqhbk6uche1a3 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: D13104001A X-Rspam-User: X-HE-Tag: 1690811611-835394 X-HE-Meta: U2FsdGVkX19FN65l+Z3C92jOpGFLUnljhk6nkL+BFpBvhEPYSyFwXtWAiOzYcgrKXU3M7dR5w5vbkGTrSYWJdcJODndF1GG/LR9htWFxlS7LCOp7abgVrWUUbkJ8jmarnIAjff4E+E2BiT1YpEPSMvXyxtfWgkpqEzuI9dPqlZAutYAia+4TGEtYtRFA9vnnzYOZkTHKlpV7y6iGMAr+D8nrThXbtVIMKVBMO9WXz5yVgxNFWnck3QF3wZTPcaGRL9jnun16J8Uh1dEg6jX6BXR0Apa3cMM/PQ7teuh069heZi/OplZiV5bGz8/qwE4RzffmgL4pz+I42b2+k7gByT+RiaVMkbRfvE5pXK9EjPfTvwiFH4S7WJEwRQwhIYbeVEaM9SAPhArV/dOxnIyEzKxrX5tU59iv8KIH4cRziJfWFEQLZbQx5nPQsTwM+Zsl/oa5FlKiqIWRJ2iE96yXQqyIxtPtKXDbXJUmDuVLCeLKIeSDKR30EbNFVQm6WlutImW6nc2yewfFr+EIXf7BPPzNpR3NXQii/72lTm1A6ZCTlHPeHpbnjvR4u6PV2cDRswdXNjRvKUXmqxZXZ5baWEncBKttEM9hb2bbTwUE62fPFteDsAG3wJtb62W6voG7Qi186U4T6Kaaf9a72tb0+/ni2iRgoDIb6RjLsPcroG/oUXy0fR021ObFVE9AxT0ALwbdaLUskvofbL5YdeU618/ZY4auHy/XcH2Z62Xh7NqSkrJSyoUvvNhWV0XfRHvAYuv48NjATlm2Ao2OgZC9rh99gp3RRA/cFmaFjMrJMLj0WP92wLozicUFNwIpgypEK2jm3qk/esA/jw2o2fIVFJ6yVJDTTxZn29bLzLQDzZcpcolxPkOVLoM0lNu1N9+5SHs9ktdaanGOOWp2NZDLGtyQg0X3Cl1E4SMAgCBhXlgvP8FqXqV5TrV09WkloToZesFg+9IXKTIjU0rYTmk J9fMPHfB 2gYPzX5Uo51N4HQRzPck+el7QRPH3ifONHsq5eDXObbY2hp+uUqt3C+KaIsivBsrNq+ULzP9GsvBaz2/R/xb8etQq1X+v7V5Zbr4kmMmESmHNSmzdV9P+dc51tDz0JZEadrYJVIoDOrgT55ztxT3wplO1z7i4dytokYn/MIJfFbHnjRS87On+g5WMqgJ0yS2JjGF/kc6QOb/W60eJXbvxORThqtFDLytdnSHa2n0M50IDcIYABouZrp4QlCb9sIU3zVw3Mayyu7wWN1A71Ezfd8KR1G4dy/3nT2MVGCNplNSABa1hJwK/gbQkLOlSH4oO3LstLpCO9ftvfXMf69E6Fz+UbwX7AHcLAK5UpN2+7m79dvHDup1RHjPJGC3PW73VKnOO3upc9pOKcnuwQfsQVeHVTq8vGKiYZa4iBveiovP0tUA9HAHDkY4kym8oms5PIMQ9KGNpLbVJz8qZ4h9l9eboxQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d4ad813fed10..38844e4c5aae 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -39,6 +39,17 @@ static void cssc_sigill(void) asm volatile(".inst 0xdac01c00" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void mops_sigill(void) { char dst[1], src[1]; @@ -223,6 +234,14 @@ static const struct hwcap_data { .cpuinfo = "cssc", .sigill_fn = cssc_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "MOPS", .at_hwcap = AT_HWCAP2, From patchwork Mon Jul 31 13:43:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334749 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6EA95C00528 for ; Mon, 31 Jul 2023 13:53:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 12DBD28005B; Mon, 31 Jul 2023 09:53:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0DDF0280023; Mon, 31 Jul 2023 09:53:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EE8A028005B; Mon, 31 Jul 2023 09:53:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E0378280023 for ; Mon, 31 Jul 2023 09:53:39 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A886840BF7 for ; Mon, 31 Jul 2023 13:53:39 +0000 (UTC) X-FDA: 81072049758.23.FBBD5F9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id AEB9118001D for ; Mon, 31 Jul 2023 13:53:37 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tl403dLJ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811617; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; b=dDgCCBriHyt+Ksv3mFhHA6jLA7Q9IiXvpFlc9RQwnWUc/WtCQ3Lhyb3xjkTVGhllInAzUM CrZI/LOr1mKcqT1lD+RBb8jr0RNDSz9EFpukobCjcdUkJtptnIyQGyZAQWZW5s9Nzhf1f3 LX0UhDk9NAK8H98dLXzPn5q0z5Opvug= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tl403dLJ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811617; a=rsa-sha256; cv=none; b=PtPcvY4o2fQD63cWmiyxnHYPRIc9L7OPEc792nrkBI07QVIYFpR749f6kjhWn4KCY0lIAl S8cDa/pBdnjrucjNeQ0rAQudPqLvOF6hqMIbrPbZjp1pO+tU0Y+lZezpymAQhU5ixFdh4D pVSjgRc2SlIyWOS/1QblU16zFUTZ8oM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B89806117A; Mon, 31 Jul 2023 13:53:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CAEDAC433CA; Mon, 31 Jul 2023 13:53:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811616; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tl403dLJF2hiL4lgfn1M27YQC6t0QzZ26RnJZA3dqdpknBMDGeNe0afBztul4JuVn xlopjw8Bomjs0svJ9yBOPrJL2B4+025U4LSRKcvbWB3RSt8HiOcplPy3if2ex0mH0E a+QVYDlphFzL7mzCQb6XNi5UTNk9tECa8OjdoaB1MnzTCR8uQ5sc+nRxBN6EAEt0EG dq96F0cZKlEJgRnQwNS0nC5rMp3zAnMEhMKNoq8OjeIP6BAr04rkVD62Y4VCWCEfeS 58/VGJiNeNKddzD8+cqKbqsbzyPN+0eh4LRqubPZ4Tv3g1TVi0jLixt2Qoic8bTYkJ zoMhhmuu66A7Q== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:36 +0100 Subject: [PATCH v3 27/36] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-27-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wpe4d+jUhnR1Drf+zgBDN7lxol6j07oJ2Scvw8 hYvLjZ6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8KQAKCRAk1otyXVSH0JD6B/ 9EjugsKK1CPBzK9oHH4oicVJXLFEs8Pn02QHURdLgCmbAD6xaJkT+dMEOtWyZkNPkWK0mWvYT6Np+o 3Y/5uHLx5ub41CEvqg20Ocu5QtHnv32Lpk0/xv4fnXroxcY+kYM8q8a+jPjDsAA+x4M/D7M5H+dK0v Yva4qD/Bk/SRPSN6Y58xyvl08S7/EfwSC/+2RxyYtZpegun8pJ04aMOVpR96hotYt+v/EGQ4zKEXI+ QyZxAwRtdbD8tsCnL+yanDCkGTMZ18iXFpKlV2/Mv5neQ70JnhpsLMtIIzKZscZH+9QoJvQ2B0QLLB dOpJjH3haZv06cZ/k3cG/WIZVqumia X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: AEB9118001D X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: qwm635c6jw7zdkeg6p6icmchbp3bd3gz X-HE-Tag: 1690811617-871400 X-HE-Meta: U2FsdGVkX18npS3Y3HFd+9mDB3QusTdDEN5Vwx8hQufZbybAdB9Dmkcl27LhgWhqNd2ihiPjBNDeg2Y6v3lJRfM1qGOX17G5o90Ma2VViik+DVYHzz2R6C8y4t32nGRoVBZPr4LKZVuJ3IEIoX5K1gCzTGkdMzYqTy+ySBF9QnbBkeZ8oOmLYO1twdffVGTfPH9KTl/tkgw8REjxNthDecchVlRzlOwspUhlHsdbEZjKJV6kEOI5A+qi5l0cOXYSgWCavKhFY9NhgNL4Kx/sry+bfZxHV5B1PBMqrbIy/DpuPAGC84+dXlL6eoY2Ni7/8q5j+muRid1/Rwq7z7AApKliqwVK82OnPWbPGW5BdIW0R2MyA0s+LEzvyg70AHLIgVESbn8uZciymROaIgcEh+jGRm5RYiRVI7uqTgycy9GHYGq+nRytOOa9tm5+M94yDAI4b+1eRkis/ST2cVe75DRUuupJLxbL2vvzdDkOUglyEsw8lgONT/ooxT5S4ETtmdsLBfo90v2V/8NkqKkNrf0QmDGIZRlsWSlO5v9fGZ70X67WWXxDv44SY+oivqe0tAgAZDhl/H5iZ+aw2PyfNNDWARnWC9qewKLbYsFhf3Ios47OO/T9st5H3YLp3D4eRaHhKylQRTSNOSuHmg8MdsE0zp1cdIkK71vBl8m2/jP+OzJ4PZTjcF5Cm1AwG3ep9jrvTohnyQ35XkNRYtsiP98MF8RW5hmu7KSOhtrz7D2ufXaBX6NmXFlGR4y7GiYWBpUN21rRADOQNPpHJf9KUPPeEuxEM+usZylHWIq4Vd8hxP3AakIvvJLJYt6rv4MrF/vNquOLyvmpY4+17jxEGf3qgyiu7+uAWKcIRqvgTtbO43q7eOQe3BxCvu5+8Gz5G0yPS9ASphFjqq6zWuNDtcuRq5XtTnw+3bxUlgvexXLDGje4gMdQi/bwa3vMSKPpvzJcIarjWpT5P9CJfM5 QmkB+1Vq EvXEI1KFtVx+/bKi9Uc0inarc/MVxN2O7Kj64aNCz/3G8h+ZQO9FUxEovYJDrz8pUyCvtCvCqXJMbGtkU1i4QYA3iJiG3+dp+8d7M+sKvtfuEquX4DkwHMbn2FLbdfSU3v1msLfNAlGZ6JGVwPpBp5HtQuXlAi/FzVfkAdi1aZh4JxVLIzMYQDVOaWa86DyO/AnUHe1i/iIXJoLrkN3HAZPUj1NPmTdCBxE6kKnEOs7CHBVIQO+OPKP0kITojy+R8bK82qDhM5DlrXQuyegr6K46WFEEt7MnZIuhMHizW2Daa3Q4LJJZO5JFVZmJF2WsG5OOLnFk3/CwWqWd1W/Bbcw0ciL21GNM2i5rlf3Wl05lQO/W3PU3Dwf9KSyyw6fIFsuA2HV7VCFer5KnojujtXFvXIlE6P6PZeTCuq1YiGFw7f1o= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Mon Jul 31 13:43:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334750 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7C66C001E0 for ; Mon, 31 Jul 2023 13:53:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B09428005C; Mon, 31 Jul 2023 09:53:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 460C7280023; Mon, 31 Jul 2023 09:53:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34FF528005C; Mon, 31 Jul 2023 09:53:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 27270280023 for ; Mon, 31 Jul 2023 09:53:46 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id F01021C9422 for ; Mon, 31 Jul 2023 13:53:45 +0000 (UTC) X-FDA: 81072050010.26.DAE69EE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id 265661C001F for ; Mon, 31 Jul 2023 13:53:43 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=O9K8zuiN; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811624; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dq+jcN5GMg5Lle2kiMLPNS24YEsjylZTVcQUjBnRNs0=; b=SK6h/HaveXZj2A/LHnuFCsMXPfOEZUxbxd+mhK6R6tdfKrVHddeU8A2h5XaU8d3FclGGq2 ImdxwVSDAouCb+EyG/CM66OH5W8QPk1rWwYMBedHbA7DZ952mJDS3UTGIA427AKa9xXkzH ZhQcC06LUU3ssaVOEH943XRKNw2OkiE= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=O9K8zuiN; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811624; a=rsa-sha256; cv=none; b=fDr00eoLamEyWw97f+GLHyfNXAc1p3y7vuvP6zsjxG+bJuI535OCX3Cs/BhRHbboki620+ tVOzxG2WVkZBQuUqQkp1GBQAhIiWZHpgvE7X5RhLyYCMCWYQ9VpXgB/K5nwM1SUslsyHou qd+cu84Ubqq96vNxb/xxH46RZLyWAr8= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 51F496116F; Mon, 31 Jul 2023 13:53:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03A86C433C8; Mon, 31 Jul 2023 13:53:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811622; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=O9K8zuiNB4AX6jriKk+IKc8QqdSKHUHcFfrfwmc3ac6QbErQDo57U8FZvslXRTDVC VakvGu1gY5FavBmVshV4STYKEySuvYK2PhJzfRRtBFQwP73F20wQxDUjJCXfjS5Ul3 IJR1QtLw0jt/Xpjl6fYKua+esGpsn79HEGA5TE0D+fgTyjDWQsoEp4hDsmJQhDArXL 5HfjetwT9sjfk3O/bfLXbm3wYwKWbJ3FRGTtR+bY/GfRci3de9KisArHJ4Q9rGA/Mz cq3HJtkwUqzACrXHQYk15esmEhB68D+f7nlj6oTtn16rvtHQHFb2d9+WPc+f8PTT7U OtITS8mqcfIMA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:37 +0100 Subject: [PATCH v3 28/36] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-28-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wqgR9k9UmKVeYwbJCXK8DDVrg/O/vUKa8AJPNk 2cx3qISJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8KgAKCRAk1otyXVSH0E5ACA CB3Cuwt9bhshDd1kAHz2FXtQ94bJICeYI6XIl030VoGhuTVoW3KYurlDA6diyyqgMMdF5rkd9sUkHV KrnDyP1YNHd1RypHUGYVydit6zCkjK2awBOF3QLDq3MQ6n8vcp7Pho0JNrRRVN8MTVmHtH3qCayMg5 /rLJHuuwFHe6FuT/n0bfidwh82okjuLRxurloD/HR46gwf0MdSzvC+iREX4Cc03B0XHEQW5KJ9ikPP jpDi60CqWMgIQT5omDltBaFssfj3ig7DVamif2hfibyXwTMczsFbfxnoFZA2QlmqYGM1TPZtRMGkRd xmpYzpeB1OwkckX6g6lclBeDXikdBy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: yrjg5pcmtzjkbg5znmyunsk4kayfhq6p X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 265661C001F X-HE-Tag: 1690811623-715853 X-HE-Meta: U2FsdGVkX19JMuvEmNI42qD4muV2PH5Q7A2x6ocYLGn9IOAxf+DhiZJq0jfGhz76BktkUiOBkqjV9ydx+XG3rbcifgf5kBV4xIoR8m53RIaMOzEau2Kvw1brVMiDOZhHgbSOnpb+jJtEXCfCiFeKPhNC0X7++6syJ1xj3bP12+UWczXtPPHcBkVXcOqY6/I7dbMpkXBFB95c0/BMSSEMRcpb1raXAEc8Uk9rB/QW7uKf0KShOK0QQ9U71z/bMuS+tcHhYo9hxcTgYTBH59R225qLcMnNM0NmgJeAqbOHkRGulxfXp31y2A/aG64jdOZTFOL1Mrlkmx57ZWbRXuQkG4tMFq+cY8bMh4qrqIpy9HQXqZYy0SshO0m7rR/JhlMOR2Ek4if4cWgoTG3lr8lW40i+pdcjd9AM4uViqTAlItNhpnsey6tqdzKvnlj+Hr0dTJ2AZW0vbCTokoY/47Hq6BSy7b58Jn2ZxqExvdkUXUskfZVLG6/1rBcM7Hh1FKNFIe4XhznErO12l5jH+eayA03DHEqto0JNh4EQekCBHMvcMdVBr08roi0sribAYmpVExMvodw4NW0SdIkn9czFNIkh4atVj0Epxlz5sCEr2TriOxeLjPA9cxxWsN0yOx/84Xp4Ayv+q6+4RCocCmUoMK0g402eTyccw5L3Cj2Hi+0MvI0cim17CmiVEFBwnV9MloWug6kaUdc5tH0qYpc9LEwe5JGYRjruLxcgesFJV1qZSKsCACo8cmDN56EpkOPCg4dBjl9QSBHIW7s/ok/iwewOMAjqt9wfxazu7kd+aHRlVJYsaGiFWTk5WKsl+WtdmOtylWvanCs7bLXzi5ZRKT7ixlN+aYfm/uBmThfOMi/QFtLyZtn0XIDxmQbRJewTroL5fEWFoADKu4d2gt2W+WFfVvNhI39j27Wc1fkLYM321/T1LYuFnLks+5B/e7YeppjrMjUSWEGZbxtFTiC 8GOQPvEb rfbPAloR4T9sqZbeAtFp2wN4OGcI839q74jT2rf3mtmg4OWOTVaXDdQBclA0oaY6HfXi0OqEogpfnUCv3KEds9WEKEoSw0ObJ4YTrM+wbO+20oFPNVxsP61yD4AfLcMTyJieb7BqVEdbDJAWJAg8UC54299wc2uVycBDVthzV2j9XvgwLE/eYX0aNSv6Xmby5DbJjaZl6cVIfAjLH38xgxrdPwOHYw94+44KxvNwOkM3BsbHDaA8cx7adxv/hZ/UARW7jskiiX3Y8TuAPk+1Z8EOtwpv03Skvy2KUfVpUszv1IZqWXyCEMFwVaqoudXncGV8VH9liRResnbE0NhNBQMdAuFwxfD8pZIYaYCfQQ8UdPv3oeFh3b9hAFiyiOp/kEkxZA2FvrXecJqs3tPIkMR3Kd3k36JEUxRyNUBN4q/7V4K0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Mon Jul 31 13:43:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334751 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30853C001DE for ; Mon, 31 Jul 2023 13:53:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C795228005D; Mon, 31 Jul 2023 09:53:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C29A5280023; Mon, 31 Jul 2023 09:53:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B179728005D; Mon, 31 Jul 2023 09:53:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A156F280023 for ; Mon, 31 Jul 2023 09:53:52 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 36D471C9230 for ; Mon, 31 Jul 2023 13:53:52 +0000 (UTC) X-FDA: 81072050304.30.51C6097 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 69DDE18001F for ; Mon, 31 Jul 2023 13:53:50 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lKNxW4L2; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811630; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; b=Q4bnXCPoQJzo2yjdL3Z1kcNiGXoeFkwSwVSZpgA1m+90lCHOcUzHlt/z+fpSQK4qQomb3b cPFL5Sl6oaOvH+KQBx8tuAmBWj+Jb9hdwkVc7kvVRuPL+cbitRBuXcKxHaEkyEYwey/azn pchRzbteq0hSsyW4rmLJvyOQ5EnRLWc= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=lKNxW4L2; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811630; a=rsa-sha256; cv=none; b=pC8NHoCdCRFSiPQxVM8Ht86vy5W42xu08X/FiUxjzImRH2xY5On8Yy6i2YIwVMmjYTQOp7 BCJKNTPa8SO4RMB5313cm5b6NHRarquoxvtpNfXPoh8Jg6n6BTcUNgyRofOksD8yNV6S5B hNvQzSkXLCeon5DTeU/6yA8HRg+neZs= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 79AE16115A; Mon, 31 Jul 2023 13:53:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2DD39C43397; Mon, 31 Jul 2023 13:53:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811628; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lKNxW4L2tfcDqraAr6F+eZmSso+52kd8zPLGqPLF7s7q7099ebmcfKMNRHP91iV/G xueonqLxvZa/pD9BkvH/MivJ5PcOeyUqPkI/ksqjIffYeV8WuSn4farpdW5PSSYU7f p5zADzGaQjJnXkFuAxqGeFcuSAql7LhS5Zt+K/NpxLBR0Ke8YJ5xmEPH7Hc3GTwIm0 58EDdrSVQ6Z8ZibxBrl++4FeXu4Kdpf+z9URn3CvQsQDuGYhIdp1o8llmkLEU9l1Sr A6/gK15baetyOYG19ubBXBVfubyeInnRba5KFhaWsyho+0qmdRgrwORxtMJqE8Fwc1 sNDOVQgyCwi8Q== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:38 +0100 Subject: [PATCH v3 29/36] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-29-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wrJ2MMKCplHFo4w2qqAyy67RZ+wtID1tflTa1/ uaTYBWWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8KwAKCRAk1otyXVSH0IuOB/ oD/ulWvA32HthWh0oU1DvnYa32FuSCyjtSBAepaH6LfBjFMSA1fvx6PxD32vTTjAp5nVpTQiRrbAE1 3X4LRViyLC1kgFSWgNvcY79EmKBJJZzxdbySSZZCrcakqc3KkAaEOoJQ8VMvN3e+69VXx+r7rxBBBt IJZnORrlLDhDxb06Ae8LHHOf5rhQRZfQB90Iomm8X3gsOXZTqYtHDbZkaUhIhLjIrXtgsOH1pyWQIN sTgLU2qRNBfwsCSPNr3gV8eczbcQD7AjJJIz/hQVu+OSmJkT4IemNRTzqg+lTtbytwoEFhoIz3ukLY KZnYL18EEQc9x2gjy7OmhnjjF+Esr2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 69DDE18001F X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: msdhd3yamdx3qo16wmcjwzj6xauqaf7j X-HE-Tag: 1690811630-86469 X-HE-Meta: U2FsdGVkX18Ovwlp7mML2bZhcvsW0fUEoshfseMXqJPOcHtXAtpaDp8NGQLk8k14g7bgt4AIbVOBk/oLhKUcmUUqyQ3LbarGiPeUnYKEqx80FI3CyEQFHzEjN/IUhGmNF/zhkurXR/tNILSsKdWxqp0jwdfw4GL1CqlJAQQjZI97MllkJc68GvJOGNxzuFeH2oTQm026BqJK11FJwUi9tDmcRYivHhJ/op5wbkpj30YHkzqDal3I+h5ds0seOYFX0KOLq758P9AX8lI8iMK88Nj+jsRQSvBkwPQUUyvRvih8GDNhbtX6fzTjyk2O1cj+JV6wf9RgPsqMDXT3mQnt7O8Cpcz2wg1nawyQ+KhTLK1tzrwknDPY4y7ij+2/zaDN7WgTsR76wh1+HQ9JTxnBWGa8HzXU3m4Csd6y/GJLWwrjY/Vlx2eGl+rrfGVVFouBAsMJS8N7s3ew7sjSvI0GFrFwD95/YR6bRxLQVQ2XUWXsUz6dTEKoORX3LZ7cOJRl3JlqrMQlXCdlhRPQmRPDa1Cb31csc9g2RguDwpNmMHiT/RPCLXBRVVoBW5Ntx27j7zNT0A3kHhHSTexJ/z5vmZbPwgmPoZv+oCU2skp7bcJfZ2FRIST3BqgZi8n6KlhKXEa8YnvWIMyIYG09NnfLBnyEBBj2R3KkO6sXZFh+7vYUFa1Se1f1Xeweq4R34U/WoMly/pyDLR3a7K9RsaXs1GdFbcB+4qQnmDjC5U5MwsYuz3pUHu8+KCAnioQ/7lCQcozkW48VrYJVdip6z1bhUK7dfc1WU/9d+Ygr6n8Y63OSVRkZEYcl8G3k50W+DcCBoE6b94bj7wLwSqVfgM2Pd9dGx2wAadvfF8rFeje4prBLHbi9vTxz8guuh/TDsjk1BtTAhZJbCqlOHFNIIfhMNT+hLSpP0yC3kgKa+94irhNJgvZdCnRBFWKtrqenH6Axxpx91ADBAIWGKouIzQY F6yzNSb+ AQbKliRRmTvec0QvET/AOuLQCZk3nVVU5oEi3c0jl3kKHzaye9DE3EjEKQh4wS4uqBkdE732/M6VN4EvFklRAiO7U1dyYJF78nBCgv1ax7b6oYxRfOm8OGgCAjfthwsBVVcdABdtqUzgQp7729vSwXbbbWsrHJ5Zfa9nwkB9/s/Ymj1za22TN9M0I3vMgZJ0gL3bPgOG76UIHcB+cd0aL98mzwz39/l5y398HMaeng8dBEbwqzHZ6QV/2JwibS9LphiqNZGLEryGbQcC6ZEpvL3fYevwrRFgUg9zZ9nFrzy5+7Anm1oFKI04yrXll5aGUarm24v/D91erR3t62B0TdPAw9jVyCVWylyY3D7C8g4xxtaEf9DSoBj0G99hYifG6uObUUjKey27SLk8HwGPWPeK37buOe3+e7SGDP59KJvvItoeX9NgrSpjXkqRuoHGhKOsOYHoIFOXhpdUPrH4vHsUeUA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Mon Jul 31 13:43:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334752 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3826C001DF for ; Mon, 31 Jul 2023 13:53:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8A77C28005E; Mon, 31 Jul 2023 09:53:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 85804280023; Mon, 31 Jul 2023 09:53:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7473628005E; Mon, 31 Jul 2023 09:53:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 661E0280023 for ; Mon, 31 Jul 2023 09:53:59 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 06BB71C9A20 for ; Mon, 31 Jul 2023 13:53:59 +0000 (UTC) X-FDA: 81072050598.27.A7F61D0 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id 9AF071C001C for ; Mon, 31 Jul 2023 13:53:56 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="bJ6uhN/V"; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811636; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nDVR3fn2xd0MNSzIh34zJUX6KbyaSvUYB+1ILixlbyQ=; b=47NHb+obRua62vCcgWKgs5cann9e6cEaHG7cV1ZuMPaKXQ6tVxVzufYW7tCGFQOf0LE2s5 w8EWzpOGbu76qhBzG0pxlXr8LVtth8mhUODRfEd+20ssYEmyuvWGpAMO7BB8ywlmG0P+fy XuZ0KTpMaRzhyRRM9eEag06t4bhFEGo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811636; a=rsa-sha256; cv=none; b=yJ0Y7dK0P4vUvMxQHzOCNCxvkTEoqQmQkUpkPmuvxXCRmuX54vr5vk9qAhX346xMvEB1S4 Ny8vmidmHauGFX0s3Wk5jJd7Om+Js0JduEpluMS3d/jZhmDmqXFLpvr7DI7mO6guNgzvrk JJ773FHkMkYaH5Fwpj8n1hzVeEedgTg= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="bJ6uhN/V"; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AA74A61158; Mon, 31 Jul 2023 13:53:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 586ACC433C7; Mon, 31 Jul 2023 13:53:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811635; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bJ6uhN/VlZIp0R56Ffd3wDzi7jaN85ppo+IAx/PWWeciRbqGrjJI1R93hQ+Lb1vqW ope295R798wN3CCPYDI0JAB1ZRQw8sMtpNvV92bUJX9VMAgQXubjFhn7M9QUcolv0i ljef3V5JDycrHeOYlrhpLwE1po61OVC9eU7RtsTQz6ejS3nwQ0eUdzNPreeWy8C16Z WVZVb1Z2Vrx2rRowEZtJv7uJ3CpvhyYUzvpUy9J6GnohzMh9pU0G/87OugDzDFCy6k yzsDIYtYKMlURX4hMNX2NCMUNQJDYuRgN+fvXWqBKqGm2aMqvuJpapBmqxkUJkudQ2 Qr8C52EQJNo2Q== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:39 +0100 Subject: [PATCH v3 30/36] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-30-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wrH0zwUuk7FPnLzR7tRFGoVnJN7Hd044By70s2 2lIh3teJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8KwAKCRAk1otyXVSH0O2BB/ 9USmKJiixGJgPi7T9rMsCaAQHXfYlrvrDXEBZw/NQ2LXUIpyvAQ3JIJG53quYjKOoUIpkMqGZ6Fy1s S3o9MGdqZQ0MhvXK/mUMy52Qhd5yGt7RqufPocJXpdAh5gTy++r0uT3bUJGAmoYx8iexZS8KPokD02 b1jOGp32ZHyYDos+KKE4b1KYHPCoQCtqa5HKmZ7YE0y438FEg8CNy3BLcgrdBCbBD0jpCA+U77x1hd MSv1bd7haQfERVvOZIOJSeSOb1IbyfJtuWmictYPS0M2oEffiS3sPBPl0a4ATpMcPYrP6oHk9Wf4s0 RwFxD9NfNNdwt/qeYb81OFY3FK1ycQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ccs9caaysdedz1d4ou54bd9eha3q44jr X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 9AF071C001C X-Rspam-User: X-HE-Tag: 1690811636-9990 X-HE-Meta: U2FsdGVkX1/LhzdH7aOmPyuL9MOcz4oxKO+R4Sf3f/5TXxJ1n1xDnO9BNXdvAE3qugKsIHotMeAJQslFGFnw62Dh/M6gaFHqeRwwsaJAFcH83F5bCKy5uL3f3Vsd1TTt05/mc76BcPcd0K1QojucDR1JjJp5GWLz+jv/WEGLem5sLQ8c+utoYRLzl41gXsa8y+hO5HgV/qD+xketM9GkojUZOsjDRzM0MgKB0T8YJTcvMRsiVufC1/HTy7FktPjbdVmV+394gTjmyILDX8zz9+8YHbNJAGTkbvK1x3HcgP/nZ594fUNem8eC6uA+ggFI85FnCNAjLjRih6i0kNnSWtgkUnUNQIctEdiqmWA1qTm8tNvuriQHzpm1qROps+w6fEMiUMGWb8hbyymISTzl49eGcGHktX/pIsPPrsCkF2CF80PYSJL+LIUKJYEGuoyNAgW3j3VVnSRsw94bM+6NzD1kUae5lM6JFKtkOMCv8/qdQ3cdLpGWXHupdAEzn3voH5g53mLZ+Ou3W/AzdVyvHdiDXJIIzQjdYmj4m7ShsYdgPgoqYSL4mBBiD0fjPhR9JqSF/bAHLXbtH4+sdsDFV13C/gKl8qD0c5CljMl55aYUMQwAzdaOeRPBpPO+84suokpoetgQsTQHpxrmE/ThZtiCHS7hRt3P2qqG0hAjDcdNYsc0qaACB1rr1w6/pSZIhWRa6/c1oWpozxLTSXrcmfsaeud6/yGnhdtNTbSWKpIZenPDbtV331BHfFqpNYy8xzu/bzZBpyEy9Ea968oZ4390NOZ7dPX/Bo+x+Nu3mDch5nxykjREtbKIL5MCrJ8LtuXvWQQNlLFyrTt+X8Izsjyln5FdrLl6JZ2FW7aN5WmfVvupd6xL2lSmOodSDVzMs3dpLQ7plw8kzYmIIJ3bcuyMSTuWEMCsbuXY2irtI/8CwvR2BrO0TfQaaXXkk5PRZen6y6TDar3+MA7B27S GO5xt+iK gZPHRjNIXdZmw4owDvJRFRPJj33XVwqFnioEr7M4WLuW/NuU1zct+CnXokCUXxfaVdumRguzcagbhNWCC0eCnncWi4bRPx3lg/JMB+HuE7G6CRZUoZ8sn9yjODdLW+qArmDwo1B7x9pLdYpklz57Jq37tzQ7li+Sn8iBEAXJh0ABU1VWezOfqH41eoTxF0febWTkXiVm3wR81PP406Cj0B8LAFQpbXSJi82YwjbImS6iYooikDPo5MNhhTwBl3u4dfXATVfoN7LFoR1M5jExTA1kgtdzAwasoQA55U8mRSQVWCvcpEbFz8y1jECwQG0aYmVVoI7+T+eR2/lBMDywwG+JaavLh72l9oElmppyzScURJIR/gD+FPXpbcXT6D+9XZxEdqQOebyePSxnxSzFstmjqQTFRk9BK7gs691W9LzyRNgA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 222093f51b67..1cea64986baa 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -16,6 +16,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Mon Jul 31 13:43:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334753 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DFD0C001DE for ; Mon, 31 Jul 2023 13:54:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2B4EE28005F; Mon, 31 Jul 2023 09:54:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 264D5280023; Mon, 31 Jul 2023 09:54:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 105C328005F; Mon, 31 Jul 2023 09:54:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id F3185280023 for ; Mon, 31 Jul 2023 09:54:05 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C7053140289 for ; Mon, 31 Jul 2023 13:54:05 +0000 (UTC) X-FDA: 81072050850.03.D42AD6F Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id D69DF180017 for ; Mon, 31 Jul 2023 13:54:02 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CkbXU+0W; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811643; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LPEExQ1Qk1Ez728TN65UkW7spefPs4z4cACz+EcOj8w=; b=Hf/xXIKaa9MGhvlnYP8DXF5XMPuTUINnRmx7R+4DPgu0tV+Pu4bxglFvk4y5cNzPkK/zWy HQzQPOB9OjsxVaipjo8Ypc21vVfAGPoZMD0USe1BR1X6/U2vS7jAyHBwAKmwMFN4c+8Go4 XTZN2cNnI8bSxwa6lDTUpTS4xnYB1Ik= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CkbXU+0W; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811643; a=rsa-sha256; cv=none; b=C0WMoH+spEAHrtGxZ2mZAF0t93104SmFCP6URr0OG89SoPN1z30yOGlReecz14hpFt2LiM JRgl+kR32bNoEz6hSp8LfZgAK0FV1bh7DJ7VfVQ+y5EyiqpjM5vgKRD4LETeIme2CMKmZ1 GOcgrevPLnNBRkucnxFoFsA8jCMR+bY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DB3E16115E; Mon, 31 Jul 2023 13:54:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8C014C433C8; Mon, 31 Jul 2023 13:53:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811641; bh=PDX/i4+fFmNinWArKmgCBD81AP/VqydBiUWqO2kyXWw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CkbXU+0W7deCpbveSn2wGrGWDtH+MSZGnyFnH/sSqNlKNlLoVMm/HjQB9UlrH5QKB snvkFBSsalSDTU+G7Iw2SEhY39266mHGqRxbK7yN2rxh8p/PlU6bUJYUisihBEY1iS YFslWaq0pTbaxQg7fC2mV3KxDO2Kj71OofUFShM3B4JOAlT4u5i6xaQSHNKjyHKmPL j2k4buyauRtM/IW2wqjvCQ2X5wXzNORmS1iOhrpRwufBoWet90r87qSuDFm3YRG5Ky BBAFw+yb5P+h9rf2y+pMxyqNsxqoCLSu0+DBgqxCzUObiCX+bdY0YWJji/5KR+XEmL Z0LdKRbbwPNwg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:40 +0100 Subject: [PATCH v3 31/36] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-31-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=12863; i=broonie@kernel.org; h=from:subject:message-id; bh=PDX/i4+fFmNinWArKmgCBD81AP/VqydBiUWqO2kyXWw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wsF0uNUBq4KceKR8Qm0fr8ITIBKR9DBRO+DcaJ ttF3oHaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8LAAKCRAk1otyXVSH0LzpB/ 9qMlGhEd6ZktSKllagjoSBLpuwQtfDLvgxo57oMzY4Sd6gQ7/479FhsnNorKCGa4IeNOr1irs0c9xo 3cmVK3GrSE9t+AZO5TmG6O3kyZxOStbcpKT3Pfy654UwO7P5jypZkb5zuiG8eIkXCkGPFh46kiK+Ak urQIsKGyeWKKZmgN7X5SgtA1VLpK82uL6sL/yqpt2Pcd0bd8wUb62Mr3uXsbnH5JTz99W8URTV1gcn hj1dbfQFL2mNlmyF1lCNf4IPiEOvgN9lcONHL76FAY7W5uR4g35VnAvyvQOtrXcL/vuHaF5mmtVPq2 o3za+p0X2YBT1yiw1tpmXINsv+EvQ2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D69DF180017 X-Stat-Signature: iijk9ns19n5tg8qebpcdhkfbtgg5jt7a X-HE-Tag: 1690811642-875104 X-HE-Meta: U2FsdGVkX1+Nr0CDuuSRFJghHIXQ9ZNo4DcbGoJxK/wI9A2zucqCkT6nKt6cDey3ACr+v/B2gQ4ZNL1VWGnWG8LXJYlax+9Zmhzup5xBXN4np+fFekOQLjnBuUQLQz63ay94IO5HM3t8svNvIX9Zap2BKFaGbi0BDQyveODIu5qwkbLEYdAn+3HGoCuPC0WIWkJ6e0codauNfgQhPAiSUL9NfY0+rnVKuKYQi8w/gQZVD+J0qe9DDTKs+Zu4MHuBOdPkwL4o2TK/img0UQPae7oEBd+ac+Sl1bo1sPYtiz0F9yaVvbYb8vDeIwW/SAH0F/r46D1xQ0syl9ccSYclFbdZB3AflEi5B4S11LU/HamfOKViQnq46O2MDcN0ZZRR4MxRW1dNsvVyblA9tmqQUUlI9pXMM/JhVcWopfF5JprRL/WYMhDm4YWEDsT8pAE8xGzkV6rpal9Zztl3b5ms/XacInpG53qWEXowxVNoO/qVhJIqywTJEgftuhfBn51ukKS//uDo1z79I28/SmG5o+l4UUMqx3f7DJH3ERX2gUDBVpNMgy9C+aaTf7kitnhglKERZmCG664rhC5CfxEkBq+DIzGq4oyfQV9sjRc4LV4x1rKR6hv0djwZGJp9m4rp81fUFH8ykEQSrJ5Z+FYkv4xTvwNuAybsBYKW8XFaGH4bTJIkkKYYojGm4pWB4W+/B1WI3ydCho6GMTqSUbT5bhaJMzu1tDfpxJaMSnzzuJyGzQMOE8akCFcD+gRwTJFq6sEXieO98GJalhRhcVWvEhkfyceSsMNL7ZitsN4ZTXhuncPHtMnnWbolBKjaSnuyjF935mGyTDokBh9o2V7l2thPmHYEvbmh/een+T1mg4DEGGkGo7tQlNa1/LzplMW0kJJvvereTXcHRIP4lqd9RXEkTHhjDZLi9zrDApGRZy9Y4V2ngV66DuDaJtq/Cb9YUHlOh77EDGwM68idxzw xG455v3Z m45Teqec7iNmLdwGTWUqHeVNNmV50PEbYaRXj3PfnaugvszlSCI2Q7MTlZfWIfc7xbzZFPW+RmOySYnfjvnHnviq5QV1u+HetyyL8wS30diN6hlRygqC3S5+n2M+gLMtU+4jGPzT15mKX7xZox7BaTuAk3V1hy77iVuiEgRJZ2WeFbO30IDoMw2/zIKZ1yvHsfDAQssstK06YpHW93PMMaHedazS6L/prlds9mnkKoPiuWZYqJ7LKzUvD+kj3I9GTlnwDI54twg9ykAgLMJuKTca6kSnLqWhNvQiMXTsjOoZYeh7NRLVQeWOnb8aNxM0k51jj497rL50Y/1ruHrX8Vqbbtg33QtpbqacRvVdJuOIjRy3YI0TF8Rzm3SM/npgvOc/DBH2rXXsyP1Td6zcGt+C1KAUmRuQjbH6M5BvSKa3ygAE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 17 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 351 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 87 +++++++ 5 files changed, 457 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index ace8b67fb22d..66877a879a9d 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..322c40d25f2e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..625258e00302 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,351 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, 0); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..c517f1a710c5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,87 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Mon Jul 31 13:43:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334754 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D0F4C001E0 for ; Mon, 31 Jul 2023 13:54:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A31B280060; Mon, 31 Jul 2023 09:54:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1545D280023; Mon, 31 Jul 2023 09:54:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F36B3280060; Mon, 31 Jul 2023 09:54:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id E296E280023 for ; Mon, 31 Jul 2023 09:54:11 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id A02FB1C9203 for ; Mon, 31 Jul 2023 13:54:11 +0000 (UTC) X-FDA: 81072051102.29.5217737 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id C2E71C0018 for ; Mon, 31 Jul 2023 13:54:09 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=H0xO2+I6; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811649; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tCFRg+ZIYUcen1CD6PU8a86NKeLxUh5MmXklL+xwqbI=; b=RhfNKiwBysPpC/aAdH2iCRBh3QZU3NEaoimJQeEOgfDuU3LRTzFZX0Xrvik15BQ1mTQtzg ZBWMtHizIG5TJdjbEvLgR1MDp04rUijyqzCBYPQz98LbDFNGH6MZZjq4iFRcCnfTvH0Gcu Gjq0ak7j0/0yWq0vyY2LVa5H+2meoPY= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=H0xO2+I6; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811649; a=rsa-sha256; cv=none; b=q7+J+bAd+gWYATdFtZVFm5WQl/b1F222ouduFmJ41Ab7YYD2Bz7/QljudTP81QaPi7YFZx Yt9zyJILoyArwKGpci1HWyWhfjwo/FCYf7/7/rd71d+4s5IPuksuR7KbIkJDY9dniJYPnO U64KmVWD/RLvRE1zswEuJTntuq0V+BY= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E047C6114A; Mon, 31 Jul 2023 13:54:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB4ADC433C9; Mon, 31 Jul 2023 13:54:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811648; bh=PGgvfGg3CbAIFUY7UKf17SduiHxpyL2+GpkRD9S3PBY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=H0xO2+I6KDub4tfX+MflDnYB0hG9WGc4B0k8BYJII3FLO3sfEY4lqwbjgtkDXqgzP Z5i7SZYHC9C+TWVyh+rTYSYrhdeYGCM3cM/A9z468fVjJtvC3CL5DfONK+i4HT6jnV zm8Y7RFRVBwd9bAkIPow0HwoqHAQMWK2cePYd2K6aP5n0knMUr1cnVotNhZgtxfiY7 adLRYHSnnyaRCDGZAsnqf/6Vjpp01gvxkUuliGRHRRa+fla/BW3czdGImIctVigyj+ tma3+pyDX0r8J+FuZLYD4/yLPHuX1b60hHEwaHStZ02vMv8Rggmpda6Hu0pzVTUESa QXGfz2xk3A+MA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:41 +0100 Subject: [PATCH v3 32/36] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-32-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=12527; i=broonie@kernel.org; h=from:subject:message-id; bh=PGgvfGg3CbAIFUY7UKf17SduiHxpyL2+GpkRD9S3PBY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wtQsUY/vnws4bZT9T+qPNQ/sIWUPOzYZMwGZby 7QNuIX+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8LQAKCRAk1otyXVSH0L0qB/ 9ib0II0sBok3kl/pPLCAaxh5vGERSlRDxDYE764m3nwzFYD476s3ivlQbdLSOX6ye2gYjKiVA3pO6B XACM1YLfm7QquPfOXu1nEaNVzapJCeBkot7l9ZNnZRfbqlkkKuWwQK7veqGUtHAYcsLOUtpdfCe07a HamslQPJL14bcFpB6RLhDTHJ04y7mIi/jpRlcav2LVzpL977hyEsHzWxWW/c0F8lWeGkl5li+1/SJV sUBa+lmP9vS8jOGrc0/9gksCV2AgY2MRE0bU55poW3ajmRXlCdl0lyHdGIoRmoWCuRETclOu/3YOSE uSeyOia7uf/YprrKiKwamqjdQak2fR X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: C2E71C0018 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: y688wd5dwtwrjraw9q6q4o5ejamaohbt X-HE-Tag: 1690811649-90819 X-HE-Meta: U2FsdGVkX196neMXgSlu/yZOuZrSEur5v1RMn6ALpkN4iiqXqQC3nCiJKc1Kx6By8aKsJclykBD6ys5xUZ97wrESw5+eizHkVUQOewb9iI60H4rRlFQ1GV/7163/zTZ/+0hK0vAfvOSius4t6csJ8QaBrTMy/ISnOVSf7obhbmj73+6XaTpVJHv7bCQ6Yg4zMUzNu4URoXV/SKgAa3NwfWucJ7Bv9Cbt6cRbIvEbG6oBxnXv29TmgbveGO5/XymQMxYcc3YTpHW0y6hfDFp2BLuVRfzJgtd2jJ54p2/uGpji3xV49/5Hwqi5CAeJkNZUnWGs6K91ID9tumXbT17Tu96rxvyhs05qE1bBqtgbkxG+1/++7+m0actqP7eP3W/Fwr4CA7WeSz+X4/02N6+/gTqIlV3RjHMqdgM5e0kvS7UzIiHoGeY6QybhdJsA2GZl0Lm8vWwtFh0VNQcv3zItsgUs2FYPXiKE0Cnp5UIMCUofQQ26gMX+bKUZbSMk+kwAi8qqShodZHEIwDgG7sShE2fr9TlZjr/QjN/SttRDcygmXKTG2iM2muqMzYphFEVituOfell6XDFzyrKuYQ59zO/lZ9Pya1hh4gjb1vIxgmYvNbG0SUAVwnTg7jjTUk295/wpn/Au95rIE0Zn+AMrFiw7IIkcr4k11VrwRaXRUJou75cRbWQG8orNrKvJkQvAorsL2agyJ+W8uv+WT41hTUoSHkJPT8FMZqZwDpng/LuD+nulbNcOacaFeSu4QOueEl8iOnnmpNF9xkXy5LzdynoH73+a8ndXGitAGNEevEv1x1rZb5pVspTSDRHvIH0G2ExIkzaHjYhs/okcYjG4NqAb6md8N8ncJ/+oEVK1cnjfPj1tmHcQi4mlrKZu4Q+CAxGmskAvoG6ISAHC7LHr8zeeMi9mRxYTonwShzBOBXNGB2VvARq47t4Vm/2wfCJvDglXjiH7iJVBWMZ8P1j kgoj5tMl XNy6t0VlTwyG5LWu1sWsdHN2c/Oq5TtIiM1xOR06sWM5sRdJtqEXghQ860z2ChY40l6O+jRZpYZ6xlIFVlOz2RkSIv/A4h1adlBSWUWDhqv0wGAsrEYQeTPFBY0yGOzb13C+H8wIZkm74iczTlnyayNry07NWs6D3MCs8ERRiVZs/5FsRa5KlKGDUcI94CiFbMTw4VUl04qCGSXTCjW2Jni5iFPLXhtqQdmBwI+3lJRdK0eed8mNdM9AG2HRbkzeKUShq15s6mH7Ue33CFx6ZNjoOVYXndlmjTDVTd6sgs2buPtDWzUePDqtjaXWcBu9nhfrWN+7giIqL47pnSexuuwa564tFWeHYC7KPsogD7wGMKS2EFETXNT/zB7tLvIm+TQM1G8RgvlWXOn7Hm0q1ODDy6JGT0KJGZEWARv/pvhEaCo8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/libc-gcs.c | 372 +++++++++++++++++++++++++++ 3 files changed, 376 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 322c40d25f2e..31fbd3a6bf27 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..a8f58b9c3f4d --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,372 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static __attribute__((noinline)) void gcs_recurse(int depth) +{ + register long _depth __asm__ ("x0") = depth; + + /* No compiler optimisations for us! */ + __asm__ volatile ( + "stp x29, x30, [sp, #-16]!\n" + "mov x29, sp\n" + "cmp x0, 0\n" + "beq 1f\n" + "sub x0, x0, 1\n" + "bl gcs_recurse\n" + "1: ldp x29, x30, [sp], #16\n" + : + : "r"(_depth) + : "memory", "cc"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() < + (unsigned long)self->stack + variant->stack_size); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* We should be able to use all but 2 slots of the new stack */ + gcs_recurse((variant->stack_size / sizeof(uint64_t)) - 2); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + int recurse; + + /* Skip over the stack terminator and point at the cap */ + cap_index = (variant->stack_size / sizeof(unsigned long)) - 2; + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() < + (unsigned long)self->stack + variant->stack_size); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* Now try to recurse, we should fault doing this. */ + recurse = (variant->stack_size / sizeof(uint64_t)) - 1; + ksft_print_msg("Recursing %d levels...\n", recurse); + gcs_recurse(recurse); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 16, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_8) { .stack_size = 1024 + 8 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_9) { .stack_size = 1024 + 9 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_10) { .stack_size = 1024 + 10 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_11) { .stack_size = 1024 + 11 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_12) { .stack_size = 1024 + 12 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_13) { .stack_size = 1024 + 13 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_14) { .stack_size = 1024 + 14 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_15) { .stack_size = 1024 + 15 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Mon Jul 31 13:43:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334755 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBEB1C001DE for ; Mon, 31 Jul 2023 13:54:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5C1A4280061; Mon, 31 Jul 2023 09:54:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5722B280023; Mon, 31 Jul 2023 09:54:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 41375280061; Mon, 31 Jul 2023 09:54:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 32C38280023 for ; Mon, 31 Jul 2023 09:54:20 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F247140BF1 for ; Mon, 31 Jul 2023 13:54:19 +0000 (UTC) X-FDA: 81072051438.06.23F4880 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id 92D4812000E for ; Mon, 31 Jul 2023 13:54:17 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RMXweSck; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811657; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XJbY1bFU7w0cPaQF6eYkdTRefgro7AfSI1KvzwfLPNE=; b=Us6e2hZ7G2zRPoMQVW/N26gwXcGEzpyAG0qfXWc4M8UWQWs4NLaM+2Gd1i6IGPisAxTuBF g/M/RuOkPoeTeQOn7tyz5J4KpPPyKLjTHvHcOqj71Hs0rcE6NyE2ZjjZ+K576HLU93u8qn YPdqCZxJz0dCL4q6kudAXpgAqxvDVCs= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RMXweSck; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811657; a=rsa-sha256; cv=none; b=aafde4ol2HCCGzBF9Y3eZ49AVVasRuuZbl9sysLQwTlNG9UxTb/THBKoOJJNFvpiEC2aKQ V0ARsSul5ARHDe+Y1/5kd4ZpX/LAoB9IaluvWJMj/997Twaf/mjCU+DRLDoLyoNs+YBL1c ZJUkLxsVxxwM0kiX8aPktGaTOnlQdMo= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CDE5561158; Mon, 31 Jul 2023 13:54:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF9AAC433C8; Mon, 31 Jul 2023 13:54:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811656; bh=h9bKdgMYA3yorcV7MRrWgctU4KZ0wYlnm+mQUdEZpv0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RMXweSckzauEJRb840x4AR0huO5H7yfavmLxKVXMyd0CAFl7cpebVFEWGwuAXaky1 lJaIksXE4fig6jEP66n3SV/fg1xV3dTuYVk5H56hVYGiHgatUOHCaiZHkyiyE6q0Ss t1kkRXARrsD+tLy23IYMwBdqAdz5BeWeailItHkX783fxwjhWROjumQbUtu8o+3BK7 /CCF7w9PcE/CKDVSIkF2i8rvzhxzG8msvISWclRugUmc8j73wfuvFDhNHb7rMuWklM fKd2AL/JE7wngUbzXuTt4vqri66yQK7n280kXCUA53H71dEV/0TvepbgPDHUdc776x ylgsQzqHK1CrA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:42 +0100 Subject: [PATCH v3 33/36] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-33-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=h9bKdgMYA3yorcV7MRrWgctU4KZ0wYlnm+mQUdEZpv0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wu00InVhHIHLEqB+nwnxI5YpOf/1mGfldLVoai 0tbFyUqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8LgAKCRAk1otyXVSH0OElB/ 9LnvPQwszI1MaevBl4Tn7mQ072S0+MxAgoweAbOg5GV6xMyIMVxPyAc4DBgVRO9zaMOxjjs71zeXtG X6U9f52BKVDC0eUjSZPDmUzTZXkldN+FSsJ73HIJgn9Zm+3uKg1405ELAchNX7h5EXuuhiaHn64vh5 B0P3JGaNUEM3aJoj7GXZnBzgKu/1c3tz/KsmZWAQDahhlk/IgtAyMexjfoJql+rdLUE2TejZlwtHLH 1zgVP0O9964VGMx0OM/d3nFpGYp9w10RIwjSIBK8hOGtwiYG36rWaeK7RU0IvnSd3ZLHn/cXLJU823 J2zx0JCRxTUoc7b+fo73olJGThBaDG X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 92D4812000E X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: bgey9edrtdqa4hbssz1w4ztqf8846jpo X-HE-Tag: 1690811657-683442 X-HE-Meta: U2FsdGVkX19Z6BYS/B5z8diJMAWf7ZIc3bltUP3wRSpI7nDz/+kyeI+DFNaTy2zCJRQISLRfgGa7iAbfT7b3D9EvsMi4+OsgtI78nmlotAeDg2bgVGSDfYxwlU4bGNjDCYg744X7LAuAouPMH9+UkmXyMuq2Li60g+PAHVRpk7+cZ4fnSm2HeWXD1AqzYGzDhw2d0KWprszrXnUNfvGWb1ezVIXM89LrTg5LCYgUOLT1WiHtsJJM/k7pCI7ULpq4B96uhBSenciEpFElC0j6BBs2nTMeAgHBNrzaXGOtUpTi5a1JEuRC1iHwT+17wYFpdpZAh2swnzO+tGqZIizzjwHcyXvnhvheRtITGWGQrQ1SbraH+rz5NT94+EmKw4xwgHxRsefLEY4WV3AoljZgl7f6Nrzo+cZg5Ag5S/txEqEr2t+4y648yb8Po+CzCasPDZFWsc5m0IybJAQyo2cH/1BaS1O1SgPDEZR6UIUUF2objRmBX6SvJRt54Q4LwOhkt1VYOBXBBY/TydMJFqLLiSX2pPftODGpZRXdJYJb8a+82wYMRxDoujVjWOI/+EKzjGuu216MlWvQG0dvVjLD2bCVwWfeNjfS8is3EmK1r26yCnxE3A7emYryr4nzrxlTI9PW9IVCc/isKTy3e8KrLE42r53kt7NEG6+RkplNcrDFnnu0JJ7k3UK083omgaFuRQBbjBlA0A+QxU962Sf1cL8/iV/47bX05E9h+Zpmp4/pfmgnq2JQj9KWpHm7AMpSYLbUCaNGyEl8h9WSRIthqLNxFfLCC3gO3UCYMwo3tCGu9QXwMfOxHKB/m6m1Me3doHfBfgeY1y9gnDCCRnAaSpOMN6rxUsbGZ40KCaTf6fnrdlXLaNjLfxw1VeXqWcuXpZ88HaBpRfpUEnVQeLIgMe9VfY5YEkaOJESRVgnX2E+rInDIpQlTcDaGPswdNpHlFQIaGCL79Sq7UhyV/JN X9vMa4aT c97iVBNj4iM3KDps2qbjOUFnGYqz6qRzy6HW/SH2Tqjn9uTHVr8OZdEuZ3K1ifUSit+roayXkTq0BEHnGaA6gwqnAuzCFLrZumh4rUNB8wruNKFYAqELXx3xYsTxbpqxC4KQe/48jAgr6KpiFNpH6x0jVQ0E9YPioRcZvuQdT3vurf2WweO6N6gCAAPKCT1mSyHGvpTraUblqHSVnIEXkeRcQCvEagfsZ4gvHRqaC8CBrHJW3A+yPfO2YQZh27h3nzaG6VovIuy5nhLyNqZqdF0zA9vRen4jYXqwzZSScJ/O3HjFfIhSBzdCrPeKe4z83prQJtkhcCkxJ/9RYVcmOpBj8d6icwrgoHq04pVPDJ4U2VyfqiHMOuJx5Ls0EQXvkSuMiRJDVO44nEQhufMni3K7Bfx8zKWodt7b4OtTX33w/bEw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 31fbd3a6bf27..340c6cca6cc9 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Mon Jul 31 13:43:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334756 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FABEC001DE for ; Mon, 31 Jul 2023 13:54:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C78F0280062; Mon, 31 Jul 2023 09:54:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C28EB280023; Mon, 31 Jul 2023 09:54:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AC9D9280062; Mon, 31 Jul 2023 09:54:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 9CC74280023 for ; Mon, 31 Jul 2023 09:54:26 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 125E3140AFD for ; Mon, 31 Jul 2023 13:54:26 +0000 (UTC) X-FDA: 81072051732.09.C3239C2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 117AEC0012 for ; Mon, 31 Jul 2023 13:54:23 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kw3hhd+W; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811664; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jIwMC/bqbkUcFEJdr7ERJSD27N7UwacVww2kxw5A5eE=; b=6cBFReFw8Bo+1BWUNfrK0II36/LBIX821XM5OSlaYXUWJGVpmiS9P0TUFGQoVo/KmP1Si3 Jjh1pTA5yo6kQrMP+NYv9z7VPsySBCIXANfc3vNs+o4M3hCyVfgVuUHT0w41f5rvzfuUlF u15TKDrNZPx9FoWNaC8/su3ZLt4dl0I= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kw3hhd+W; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811664; a=rsa-sha256; cv=none; b=FRbLyjLINQzJSDIwnm6uBC0cJy7BBa8CnApPSr2I65FDYdoPt7vc0YQnZgkrNgfLu5kuqG qaaEEJlGliFaPudD0AM3JwV2mmkCgCNNNE657e+MIjuT7mVz0rjftSjcf+i7i39H73Y6gQ 4OL1YDtd7/XdoTZek3n5F1GRc8UDy0c= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4D2BD6115A; Mon, 31 Jul 2023 13:54:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC64AC43391; Mon, 31 Jul 2023 13:54:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811662; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Kw3hhd+WX9MLzVFpr22q3LqhTEmxZh0OlPoHBoOX1G2vnJUXWOMwrIXqm+aSX9ZyU /CU0PQSZoULaUYtUj9z4sQHRm+c5u02laaLHEYdw8lYb2ffZiISwuJqHm2ahq40b+x P3dt0QRHFZIYzYFzYE6o8fH7I1VMhQsWZj3atIwZ7hIKc+tE9IFOCNKK1ru52Qbs59 6P/zHY1KAkwt3+NwHZUxRNwCTFqCMKR+N8iv0RpDsQ71w/LKSZtJRIjyappFBCDA/f 3x1GzcfRyA7+ocJnzoGf/llypWPxME8EDfkvm+iUj9D/4Sz2597Mthu6j3cQKrpWrn Rc7BsDVUCdLJg== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:43 +0100 Subject: [PATCH v3 34/36] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-34-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=7313; i=broonie@kernel.org; h=from:subject:message-id; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wv8We5fZP68KsXiC+BYtYq1/Nb1QCPjr/7P6B8 dImx+H2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8LwAKCRAk1otyXVSH0FyRB/ 0To3HPeMeF2NrSpf7mSwmVdjY5x9l/WUkCWt9lUFA3sVrvcJ8wrR3ovZt4HvlLasxnadEW5FHD5lmN h9wbucrQZmZoDsEyWUF1pAMCtEgYVqSGypih1Yzc2v1uEQyQH0mZ/Pdsu29MMRCyEyU4qfgDBfGy2B AHbEChssHX8tpX0gmTsmYD76wKEP4SE8afV4tTEv40OE9vOBCpy6IFtmiNBioeMkzfpgsZ2o8gk7PO kofWYx3nBUc9zRh2i6HjTaqJL/PbIV9aTWWInp8MT/kaiLwq0YenM54K3yRq6jrIpH8FUsl8SOTsOW vEPfyYlJqxmyCZleASJ7dFMW3463Mo X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 117AEC0012 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: jcg74zbgijimfujst7hj17d9eccxux3n X-HE-Tag: 1690811663-654347 X-HE-Meta: U2FsdGVkX1+jQ0TMxjBWda6XS72Xqd1IH1rrugMw36BHYALWEwhtZhm7rKthCHqIsnVI9hv70QxQC9+d7V6BXs8jnEbheYEhq49idZM75efKmdeK72B+PL/EsWxPQZOx0HURldK/x6RbjNvRVK9JomYm37IZQJkSTy3ht3falFD92POUBdWd3xw9yXxx4lECSBj/3vO81BrRezf1G94dYLED/xhUtOuiarA6fV5IG6YyaIuBBnqs966TKuwrhUmV25OxYLzTa1TmSQBluQz1tY7yURqZdsRnz+IM8WoRgs8MpKXaNwNUh3Bvn/nOvYn3nQX3z4QFASUmInHKxMv5P/rCubPq1B/HatTzBo7OVfC3W+UuQb3xM6Oc9g6B4msCcRYqq+t9uXwh8CNCTpVR1oixY0Sx/bVEpuO15OpopSe/vK9gwgTwR0Sfp5xk1cqk7qJU4DsKzll/Cl0y8EJitIqxlSgNREJmXlOcdDlb7ESJlfShBFKCrK9dIhpAWWL3TPLZ5+enTk7uDO3Cd/l3swweE7pKvdc0VpbIligEUuYWTgjwNVVhBtc+vGiFfrAQ4PLKehOmgVFrL3w6ocpFLk4yAzCTBjYaDSdyyxMX8a6ijB6RaOgHoM/oTjsDUwasZV7tBodOAzcbVTeyiFE9sfCxK+cKoOsL4F4/onBZBYrwHPR8faI5EVaNX7sZ6rkMbWZOqO9x8T/pOlUnHB/8DTkpA0RpLRr4AGutnwaGps7wi6J8vVtdO8URXhimdRrjzQL2TAE6AvLG+hj2OdoBxsVPTkiHMrdriwPnMVkrpcTtTIK1hme7oXy1MpmHjbtiDN2Oi6yRiltgoMd1JR5xNIqM6v5dmWF9wd1IILhd+TzQvENmtuSEYeAUlq7Desu4+dSkcLYoKiQzd+zDQ2D4/PoLkppA/u1KXviU4U+ZryiGZGL/Gy0UhAWtGRYZbSybHW32z20Jtem9dUIRhhk 0Yi+NPA8 rbtD2+kNZWDNTv7b21/L3oIAZ6mmF+h8P+ZDycPXHU12xe6lAmMd1fjAZfigcdO0CO+PcQnohDcca62g5yQhiV7ZH8CJOmgIQrIWOS3cb6l6kpQp2pbxj97j2lZ54raQpDTowAaqkeirE0TpZX6w2CiQva4ntP4CnFf5cXCfLAra1co1HDlaPDL2fN0x6WcPlId5v9V8KCkt4o7jNO9kxRZcDKteJGCof2uaXmhOlH5cVfLxknMAyHEZVvg9NCvngIqcZDbq/ngG7IN09JOvEBBgfwG7riT0hyhmjQzu40Ekma/w2bGenc55MyizrxafuoJdqbG3LfwaxQ7lx8nmeBBePiGOwNiCyJ6umerqK2Nxx5kncq53acs9/xmupCvQIU8fz85/i/4JvwjAB3qXW7AhhIBOqIcgjydktADFBUv99SMp0KYwr0Dv7G1Xhq0hHfq45okXk6l2sg+0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1cea64986baa..d41f237db28d 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include "test_signals.h" @@ -45,6 +46,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Mon Jul 31 13:43:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5138AC001DE for ; Mon, 31 Jul 2023 13:54:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E7541280063; Mon, 31 Jul 2023 09:54:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E4C72280023; Mon, 31 Jul 2023 09:54:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D13DD280063; Mon, 31 Jul 2023 09:54:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id C03A6280023 for ; Mon, 31 Jul 2023 09:54:33 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6649640BEF for ; Mon, 31 Jul 2023 13:54:33 +0000 (UTC) X-FDA: 81072052026.28.16D0B9C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 754EA14000D for ; Mon, 31 Jul 2023 13:54:30 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=heETywSp; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811670; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aYIjy3ipNKNLsW1sW47qBbh40u0FQJqrAIZProQuDEM=; b=ffiFQKnqKIgpMsuvDRBseJPqeyJ6mifkS/ZJ+StzHkgULArOVG3uH3Zxs4lAEi9ywZ8d1X +IoR0A0z2ewppp3IvkhL11cBXCZfEb81GfVMfy3RKbkZ7H1cg/9iLKTdFFWkwj11Wuk3/W SyzX40GGmTWgUPXiNvg0GQzzvD/eR2g= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811670; a=rsa-sha256; cv=none; b=BqnCrSMpMc1V2FmVb54BjRn9+5BPF71W1H+B6Hv7AJbodNMEdC4rrkVZIffL/JrZpbadGM DJHgRGICVVgjHFRatVGLb9E5jnA4fKlDrtFGSJ6O6PUGrzaVH1uc0t5kAeD5LU8us0PrcQ C/zsNQIlQp0FkSdMFyzAd3pGj1UP4Hc= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=heETywSp; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 76BAE6115C; Mon, 31 Jul 2023 13:54:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27C62C433C7; Mon, 31 Jul 2023 13:54:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811668; bh=209L6vXZZ9V3zass9PS7XY458aWhaISl//0H/xX5Gjo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=heETywSpCRKS0swBAMwsdbyvUS591L5FUKnhAZiN+1wQj56Tmzjhbgu6NnIjIxKTp 5CdHd/0XygFaj2e4IgDK+XIJ9jbUY/Tn3tXMPuCJGjBcBY4F2xiLEjHnqxx8+2ghJO MLZH257I/nuIqMaguSy/Wv9VPQH7wTvCQjS1B2zzUk35LhiWNeTmMyl9yfVPZvV4+O GB6eE2nv5nA/9v5BP5zTr6RmXsn1tlpJ8+xFIH/Lj8V1elfAvdUgkMYTxO+f+OQJDj GJvZGyFa0nWjxy1l/yXxEZB8HFAV2buDa+UZ3DXi7A3/Wi44PupBtQW+9sKD22rFLq GPyMWUKC8aiRA== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:44 +0100 Subject: [PATCH v3 35/36] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-35-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=21174; i=broonie@kernel.org; h=from:subject:message-id; bh=209L6vXZZ9V3zass9PS7XY458aWhaISl//0H/xX5Gjo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wv0aq2F5HyoyjEST/OaGC6UGpCZkQ2i2EbOB1c ox8pfQOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8LwAKCRAk1otyXVSH0Cb5B/ 9xOn5qP6iUfmnoIPTZxOfu+nVVoHwOE9qf2WfyMkzDLAImP0qu501MFiKRibWu2cmJVqJTSLNd6GuE vsuldY7wQTUk0ieITZ/X4hzapGN7DZqer1mFyaMtrHuyRylpF71P8370RQ5BIFbQRu+xPUP+gqFewz L42jeAyRsXp8oVDDVnUrnK1+mMQICkOtGO224IZkZof3ldpl7XNj3q+0TanVv6wy2pjkuOvljafi8e 2TaVfVMoh5y/SWqZsPJVf/lUT+Q+nzOSlqvtiqP4pSexjJIygUXbz7j/QC4vM8TtSL8z8Mv0zzXLrd CPbncxXNYK8s34B5IQuxOVUcGlXNPS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 754EA14000D X-Rspam-User: X-Stat-Signature: gqqjpq8uipshxxoeap87hdeg4hp99twu X-Rspamd-Server: rspam03 X-HE-Tag: 1690811670-467435 X-HE-Meta: U2FsdGVkX18hKijAfgcPugaOyCflMhxXgXpjz1v1zz+JmXAuEBdm4mBW1hQwYSmxyZmQHVV26ssKPane4zkxgigb8yXNwzE5T5w77nxMmGsTqOEryKmfBX4a4LbcYn5xrS56aChSajZK+xoROJMbt7nwb2DLWgBxSUNzUY994dbnBwnVsYLJyX6GF2T9Rm2R7gdoQ1x6dWD6bjZz4hHuziKiVwy3VvAzpNUG60rpUxNOi0y1JrvmfbUWANNS+2Hv0KJN0zsUs2oJZ5fdcXvJ19kzGKpD0/u3F1fXpERCZ3HpL42fPJBTcEc2IB830RKjLJH1KbdLzcJHa4rwUq1BB/pL0GAGUbF7a3rIt7bw5wIHNw4gneJI0/9AD8ee2z7+9+em8NWoRfAm/ybhpJplcmFkSsmeHPNby/wXk6RsujiiFvPX0FAQ4h8S1eD55klcmrDtu+D1NP5gRw2Zei9moMLH2wbg65hPI4E/GoFhWSpudPP+8q/bZ6VG8nJKEUYGO5qTIZZgnHNDp61Ou98GDa55egiJ8bmM4zQYm1pfCeUAgDIZn6d9+ETYFBImN1k3rqW7ZC9PucfimhzjH9BtgjglnmOt3bsQiW7fQQfW5pRTKy+/TdNWvh73D/LUKMfs653pXBg0MXjpu+2z3HYJhyCcy7sJlfg3elOyR9RTuFQgoucipi57orwDAC5kgY42VhXhQX3Db/jSdKoum9/v/xcx+wCU03CN1AqI+2pDu8s6xS4jNGihtGohZdLqn87UD5e1CsFAzctnsVkzD5Jnwe1Tl4WPKztZt3wb7J8IPK5GTeFnv2u6MsJvwDpL0lTnLi4G/vv4jOJNZX4O63NUCgl5l2PxlWL5uGfCCrrxjnOGH6zYLbzQf1aVgzjnbqhtU8cNueZSpGPfdaUd04UqQlBNvCEx9zGr8+ruUaNS53TMWdGsbGMut6KJ0Rkz47GIsN+F9MqHeRrwHRt6QnY yr1BPDA6 fC8wh5G8kaT9mbmsyngfbeYYdHoizlgto+URBeXXPMJEm6qdx1xRTiO8ytX2avGgOBqG2nVUKfZ95GtYMVBaazafrXQ95FAOhfZ/R7oKgJSNeg3NfVn0KX8g2g7jUVkvtTdRB8V5ATtEZ1d1sdbr/OnyvrQQ9ugy5+dk9lMJnn4iDXyoXFo1FnF0zP8v235jgMY1+cFO82gTjIDMWtsCQCWvt1rAgYzVhjGTuk/d7ycJ24knT2uzYIScNIa52oowfq2czEfRyRKyilLSmQC+FKs85hNN/Y91FD4JAShfuBP6ugmGXEVhHp7L0RSGhId9qehSqJbVyDywKrZHGOJEffxmLX83eaygx9x5qsPeuY50uVTCf/ty+K1ta6tuQocUMUcIhQnGsvRvqtJjYPT9LxTlVQKz7QYvnkFyDrzAT+/HS9dg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 532 +++++++++++++++++++++ 5 files changed, 850 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 340c6cca6cc9..747aceb906e4 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -17,3 +18,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -static -include ../../../../include/nolibc/nolibc.h \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..4fe8695333e5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endmacro + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..23fd8ec37bdc --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,532 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_print_cnts(); + + return 0; +} From patchwork Mon Jul 31 13:43:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13334758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29812C001DE for ; Mon, 31 Jul 2023 13:54:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BDCD7280064; Mon, 31 Jul 2023 09:54:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B65BA280023; Mon, 31 Jul 2023 09:54:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A2E0B280064; Mon, 31 Jul 2023 09:54:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 94C6A280023 for ; Mon, 31 Jul 2023 09:54:38 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 733EE1C97A5 for ; Mon, 31 Jul 2023 13:54:38 +0000 (UTC) X-FDA: 81072052236.08.EE1F146 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id 8421C4001D for ; Mon, 31 Jul 2023 13:54:36 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HyAHUFnA; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1690811676; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c422h9hePWFZGXVEyc1SJULBUM8N+meybf6z8umXg3Q=; b=abo0pIu6a1b2YDiDz4wgBti8kAOffYxKvgca8wDBJfgetSG8TBCAXb4VPQWu8dSE54yZ3+ ltXNTzLqo5+j9BrG1ZWuHEVcOdgZrdFvyOA4F9qPpWS4ZdBW/cNbajvdCAOkSQFzYOvQYq T0jRfZMNO5ROkU0pn6szIfWuDy3h34I= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HyAHUFnA; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690811676; a=rsa-sha256; cv=none; b=8bHOkoNlNF7SvCtqCX9ScnmWT5644gwAvI03CKxG73hGS04ZTorCt9CHYah4LPN8SE7nMp wYa9vCXRtaan/Ybfg+xlXqR6Lmr+McYFqNPkPmSjeVQwNBHC2wO4TQgRubZ7nV5ADh/dkw bLzQKPUySaVE4qEy4ZRUU2aMEWKlOi4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9632161158; Mon, 31 Jul 2023 13:54:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4FCDCC433CA; Mon, 31 Jul 2023 13:54:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690811675; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HyAHUFnAoBom0QscdVUThlaenRfRJNHjJi4pUFQt6fi4OceNUG2x7+Fxv8wi74Hqw QRUL9N5YXGPQ4uFBGPWcs3iNCbsR9FiKa8DQLjF8X0N3/RGocVPsljC3mKSD+xd6+L M9FBHJrbsBxv40rc4Uy950yo3vO6FEROOSWCRAKavHF6jDbda49RiJK5k7kVhkF4vp iivUqIPVfFFFdvUBH7wyRSK3o60UIqKj0RbaQcXeu73jOGBbnEr6NbDLe6mPCMhBif oXlIbZiT3f5QoDJ0khYc5lKBVfyzvkYFET5gUENWHoBWxSg5P3MbbPAmeGGNvSj2TC L3puIhC1WPl9g== From: Mark Brown Date: Mon, 31 Jul 2023 14:43:45 +0100 Subject: [PATCH v3 36/36] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20230731-arm64-gcs-v3-36-cddf9f980d98@kernel.org> References: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> In-Reply-To: <20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBkx7wwuaNHiH/sh5dlS0FVcNvX1DXqSpJdJDB2Ri4e iAhgMa6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZMe8MAAKCRAk1otyXVSH0Mp1B/ 0a+OKNFEJ0bztbW9lvAaTwmG1BsE4DkLYJj+vztq4EdwjuzZ2sKbuAQxCrVcctCfGJyoDCe8GqOWJ6 kvpPeNhYj7QUkoRLgNyJ7B072TG36hcpuBLiGoXM6UJoE19BZmVj7JwKVFXj5QyNC764GpgvPfpfRo +fx434lX+B1wJTFgGzBQAFrmBTItmcEg8FOzDy0nOLC15FpK4ywvATHTfZ4RBwC7U89hqK7/54g64L yI9I5OWAZDyTbXPqQi40k87aQ3ttphHmtn3Kg1xBZO+10EWR2Vjh88ikRALs5S/ZtYcYAOXbBhrM8V 6l/GNj9nQU6x77IOKlayvZxRfjMmSW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8421C4001D X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: a3upjakf65q9ajt9pwfxq6w8jem33hkt X-HE-Tag: 1690811676-918997 X-HE-Meta: U2FsdGVkX18y2dF4j7qqwbuXlkKKoERwrXk40bh6Im4f2/XdRMKpZhNFvcbOUxlSYkJf7csmjBqXs1NkGid3/ilJrwYuzfCqTFxFXkF/NeqWS5v/fucbEAd+iQCRU+wpBYMfLoif9jZgcVeeIg4oKOzQaKnn5tb7TG5xgLJXo8KN7EdYs8clfafflBo3wJx/gAKGAdFSDPn8bC+cvnUeFqh5qTchigm7T2dTISfIDcNYsba7darCq0W/AXBg88UEQiDlXTH4eQ5Y3Kj1sOTo3aPMQLR1bfVCRX+EvAFqq4w0gG5VcDbjc53Pzj2it/itIkUqprQssFmC4OdHTVVUT5Exb8loEsxxAgjQT2LIG2BjQMQeAFCZgYUAj0FQOwGpvZ/5m/cfkHYvWfdD2mQsxP76G2eb4oe7+MdK1lDK7urp4aSv6VcDTohBH9iQXxyFw1cJ4hcJgpCcsX2zocwywkxup9y+cx/ipXffql9qOWdChYcI5ZpMKGZkQbtsPAinz2BNCB+YD3k178vpJFCTdA2Wgeq4EtGO6UDb0pzKh4VA7doSw6uAtGk1+xMVHdQkri2K2TDRKn9zPBQXUQ0v6vy8xhElejo6BvkJupNkreuexxLDG8SiJlRsflCmAi6KbZimRG5djQ+0ObMCx/dYg1A14ZV2YMe8q9p6TzGoXI1NyuhmAmLL5FQV8F30nitgppaTn/c/wa9L9vUqmkwIpMfx3YV9hgbDqkbStXEPEVnGgoyZp1rg1O/m1eU25Or+qaklsoTUZzJ8fcC7nTgRSjLnYr+lmk6bSYusAyAKLBr8wA2FMFmaaspbhu9dvPgcK7jh06OC6VHGQ2FVtALFFyG2+o06rdcHPvra3f3YK1GZBTilY9ghAjANHkeNKW4GAJsbZBjLW/YPrFwu/7GrTQD1NsIOAZoU0WoisIaAc6PqGv61otXCItCSL/lDxiWgKRRYm2U3ykn6gzd8pbC XxMP23YG vHFOWJEOG6Ed2avNCVMsg9syhXbB26IZQnDJFK9jet8HJYzvaxQWbOKi/aobvx2s3oa0DXA4h928yO/XsQpraz5eYrG6xJo8aPk9XWrYcEzWAkZZg0G2Yaq23rSrssQnVdUYWjDyxV1eVeHgxJ3M8Dzrys7b036hOpmYSoNkfUeAB8h8cPCj/h9XM01ZGnNR2iakA0rDf9sdH7lCl+wPYNkbLpjejynOjyon0JZ0+yW2KJVVeoxmBSLUh+O1N00LYuKeqE858O3HRIV7pMdKWm+BHB+Ogr8AVSOpgopwb3KAy0/kb9gM4ZRwnYpR8mDdrARIJNkXT3s6Gmzci5+nuRsgYJIlZiGmXhFMUXZbT3crqD8KF6I83ByZQofyH7/A7/8j/mK5t9ea/ewlRl+CW2nRF5EKakv9uZwa5ZD0vSNZ/3z0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT