From patchwork Mon Oct 9 12:08:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413502 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A369E95A8E for ; Mon, 9 Oct 2023 12:10:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B05FA8D005C; Mon, 9 Oct 2023 08:10:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AB66C8D0031; Mon, 9 Oct 2023 08:10:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 97E5F8D005C; Mon, 9 Oct 2023 08:10:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 894EA8D0031 for ; Mon, 9 Oct 2023 08:10:48 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 53F90140216 for ; Mon, 9 Oct 2023 12:10:48 +0000 (UTC) X-FDA: 81325806576.26.8C2B2FA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 8069B40015 for ; Mon, 9 Oct 2023 12:10:46 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Wvv+8fQi; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853446; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DbuZEnfEz8N4esDWlO+EFArbZ8jBkVnMQyeK4BYbEVk=; b=2dNqJzLWL4UnBL1VvPFbwPoR8XIeIz4VxJBEH/yd50QfYtVLUDPEQRXsCuUEqNW3X/fuSK ZL8BnHSpKC2hZjUHA7Q4nMPCVg85b/kZV8N5sXhHLRZkXsNIRVj7PhKHwlDjhJOw75LF0w SS2z//cjHj+BRTIu+pvVPEeZ6k3pLgw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853446; a=rsa-sha256; cv=none; b=Yy/9I+LQVdXC1szd1rsFnFSBwoSMt2qaLl3vp03xv+T6X8z4R9GIKQlPpZ1bbk/OUPtlBn qlKjgJBqTDPnyfvj31UQfd1+zUX0oCEPiIVBQntXLJ8k1AocdZWw3hTDYah36Nt5qdTSh2 dPLgxA5JdZAGEDv3VbQpYb6I2lL3uvs= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Wvv+8fQi; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 89E0561077; Mon, 9 Oct 2023 12:10:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E26B1C43395; Mon, 9 Oct 2023 12:10:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853445; bh=pFAvrTvTUMO0xGKH/cMXrv1R9nlyUOOKoHgSKri2XFo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Wvv+8fQiJLsDyPC0NnM1Q8ZyuLIaTwYxmV4/n6iYyTSFm2c3s/lXYiIujtfqegWR5 i+6r97yeEFEr4SuiSg43kWLmH09n7ZR/ZCXoWJasjIzJx+djDmQqsidBxXjLgKIpdW USEzih2i0SA+mKWoVY+bWCbYYsuCJH+HUplm5UojKv0lL6UF4DGA5SDT+CacuA1WA4 oSm8tkPSZp0qife0Ths/W9nGm12sWcn2q+T/WK1q5JrOai/DPDX9Umpa7nqzfrVypG J6NVP/nkQzGEuN9PqjtaHLmak3br43uZpGnq2WynrJw6MMDSVcTWuk4mRX6DuUaqiF +7pCIfTCF7+SA== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:35 +0100 Subject: [PATCH v6 01/38] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-1-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1303; i=broonie@kernel.org; h=from:subject:message-id; bh=pFAvrTvTUMO0xGKH/cMXrv1R9nlyUOOKoHgSKri2XFo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2RRGngkj18F3uCpZZfRd1ocU0q8HRquWAvC/i8 MLyCK6+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtkQAKCRAk1otyXVSH0IgWB/ 9nEEL548GJxcwR1LGdSjepOH5kHepxay1tzf82bn7l9zh6fQGxR6ix+aOPOcIC0mVUG3uBo/OqUafc JHsz6EEkKKkT+8LEz51beTFl4qVhh1Ow5Rk0OEWXlvnnu8ZQObqqFwMY0PNRfSmOtzpFrAOF+7cpg3 Sj0Yycn8U5ODSu3bIWtjprRbW0HeaYkWpU1J/rMGOVpT+VVlXY/Tac108UyzCQmmIro7sCHuaLNBpW UxSMVsEAelZ5K94QPG020QQcQvtmVVBOG1zhZOUIWPgeZ9WuB8xrR237xwNy7kMbaxY9AWSb7Jaazz bt/kuflV6ao5nlq/P4VKE/AulNOgZm X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 8069B40015 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: 4omk3osr1shefayawpnx9wpu4u943hqa X-HE-Tag: 1696853446-268587 X-HE-Meta: U2FsdGVkX180mCJH4OUZFmYh5R+GDgSC077UdgZuZGK1x4JFq2FSx871uagEqXBv0gceAzoV1dby0VF5330fjBLPzEqEu9/6uhTx0M31D1zntKX+oANNF+4e0V0OK+XNxCUFqOcI5Nrd9nBeRACfqo1pgWbjmzqJMMDcoqwV7hLmAESTL+VRWULGd5vLusMFG2ZuUFMRMWk5gZV1WbBQlg/UEv82FKBrzgKeJM8UHeabOMGBG4i++MVh5jaodHPY3VoulOQkjqylxvr+kXjCxsdiEl98+p4uuu/jUnGDETAha78fQ2dtXx6niEpeG2zKg+0h+8PiPskJmFKgyDNdhPVBuBNHgIqBMPuNIo1f5suryRT1crlysEPaIIYGJ+hZG/xKgWKgC/bIA5N5BO9KILz8aG04EHzRMFNrfM3Hbd4lRZ8DbZknVdJ6gaXInGB+ZVWKybonhlj4gCNB+niKRmP0fNvGzoOZckNnj7Jgw/LQfEDNOxuEOcPk81Y9Ee4rD4euQjNJ1JD5B5aKFbQxq/GIojOrp+a+Z99P4CpCYnMwgiYvDPXYsf2ngJUrfgPTYO6mNtaDr5Qbm1eKSuk1euhfWmKwdSpRbR7oQYYKIPgA5m/2LuanZ7jpPrKdG5CYQaGkAbyA6Eq7IkVDXdThbeiM7v+DeNn6jWykL2geLQFSFF33ROeK10ON61BWaRc2qJ/ysANOSSQi5nnZumLMTUY1Qa4nq4XIOsO9gBBzHtTcMEdbsjpGduq2HIaLu3UFjAeJX90jP9Y1BW7LKNvmH9fI7K1bWOEHH9R3KcYJbHhxXrPcbBAyz7Y2s9tNG8Ffewy3obN7WQITd9gOv9RMZ+LCsD7b6qetWO5JKNHVs4ycCG82nj9gEBkoMseVXzcqM9+UW1RhkyGIXlabiqbynsl/hrWA++5mGWfpPKyOgQyD54H62wypp6WPjXcTlSFxiy9oFR7HkLsKoVStfvZ 9VwlhKm/ yP9aCGsRveXqK0bHazF5PZb2QjKcr64KRi225S1fQKdHf3LKbzbuvulIU7ZJF/Q2gaE9/YlhE4O3xIpNDBYZYDUI0kTm/x+elAFU53nXteADHKrnN2bPHBviN/00On1SamOBDSMmQfzp8JuaK3wkkoYmRJT/Xuj8r3eQWGDuQHUoKNNqkxOXbWhjCTz2KaWm0WBZIBCyWcXud0wvZWJe/zatNMJq+eGfuv+EF56+tLtUTkRnraelt4LGaJvwhq4GTbDK4NE07QAZvgUZdgbyX3rMTBZS4j2L9QrdiBJANNQhljaRVQA1Xk1NJAiQJZiMw3QXNLhkgFVc6deyi+yN7yC+aHHbqq6OW97UmuKeY+HcPge3m2JtAaYnLmg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Mon Oct 9 12:08:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413503 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E462FE95A96 for ; Mon, 9 Oct 2023 12:10:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 81FDD8D005D; Mon, 9 Oct 2023 08:10:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7F7C08D0031; Mon, 9 Oct 2023 08:10:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6BEF58D005D; Mon, 9 Oct 2023 08:10:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5E38D8D0031 for ; Mon, 9 Oct 2023 08:10:59 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 394DDA0212 for ; Mon, 9 Oct 2023 12:10:59 +0000 (UTC) X-FDA: 81325807038.15.459713B Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf09.hostedemail.com (Postfix) with ESMTP id B2544140015 for ; Mon, 9 Oct 2023 12:10:56 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KfaSEuyt; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853457; a=rsa-sha256; cv=none; b=00F0DQvCxZD1yzMQ1xRWIYFy0VVoeY2TqlZOkxQaPW7fV9Ma8rao9fv13Rxt7/mrED/YNQ sqOCo+oihx0nGCotUm72LYaFGd9/JxBJzwdPLssH0o56ry+r2grVMAPnM3ydd1F0/ZI8aM rn86WYWxaM7bAjRTkNbSen+UNWdn+GU= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KfaSEuyt; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853457; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=q0vW1L+wiKigLLdRngIN6DlEYCHVoVSTvy5zJrxLdhQ=; b=UaucHzfnOEt/obi+pm4OIsJbzX1buqsho3vg9A7nMuan/7wS40rLgEjG7Kpi7OcfxqRKiO +IaA/94CYpJD7IOXl/Q2msmdMe3k7heL6Wwwd5J/I7uiZMkUx9cL54QP9n63Ep8If9vQVu pPBHiGd61CmrPwyjH8ralIVJKDIddUA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id D7256CE1376; Mon, 9 Oct 2023 12:10:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A42FC433C7; Mon, 9 Oct 2023 12:10:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853452; bh=yZCoppzoGnZPmAd9Kauu4UXsNYRCsI9CR42S+W5etl4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KfaSEuyti9yWaWrEBf3akhOEHiu5eb2yx+UnsZ18vCm+Y1bC5B/UAqx0zLltqo+ip 3fHLpAwZPY9dFL3cvPerE8BiKh4Tf7SSMDY/ry21LIvnJum7TuVkBK1t9+nYWjOmwg PzDZUnCMEWbKgWvT7xDv8SzZK3GYR5ASxUwMXngtHUQ9WtFOp2/K6geP57XBi8noQw gJb0b5s6U9MHI5YpOdBbj/pQhynDfJgbiAmFAyJBPB+8PaaGprZ1DXMCwAmNJ/xxx+ GadTieXWjIHaAn/GKtUmG7bDgn90LmltQnMaPfmoZpAYO1NBhXSwxZF4uPTPY7J2Z7 g7Jb8R0d8hCxw== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:36 +0100 Subject: [PATCH v6 02/38] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-2-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=4712; i=broonie@kernel.org; h=from:subject:message-id; bh=yZCoppzoGnZPmAd9Kauu4UXsNYRCsI9CR42S+W5etl4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2SDvU9dypsYcMutZwOrXCms75ZIsrxzA45vLCi 1QP1N8+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtkgAKCRAk1otyXVSH0FD3B/ 9+eSR3IayfadFWaepYJfA2rkRAM2ngjlHgiL/7/n61CQ9wpdWs9fxUO6kwNxn+agL6L3TD9bZMvpDq zqxzfCD8PeE/IWYexVyudu4VaT1aCv2c5XNk2gJdwlV5rNduptKeYOHOxX2rl2u9h9dmFYclt5Rz6V je6RdJkBXzraM538hH5NNEGTwaLMGKoefu3DWIOjw39uHSvwIx47NvNc0CpKlImqTSlFr16tgHn8wI 3jzVYmQeL5F/VIIXydcFZJ7JxU2MpQyK2J/2kcyacOyrGr/zhzY+3kFfrLoMDa3Q1nwBQHVHCFn1LE yes3qfbGW1Ja8ku/1QEZdHg70UNsH3 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: B2544140015 X-Stat-Signature: 3n3mun5pjrqyp73gu7kmdn51w4ckkqrq X-Rspam-User: X-HE-Tag: 1696853456-705581 X-HE-Meta: U2FsdGVkX19pjP7eIFEABilV+nUGHtoXMF+UsFgiEr+wbXcmTfhq8nrZzq6tx/N8cd8o2wr4IJAsGksGlGDGPO0xN3lWOqgS8odmgbrZ4/kZ5vR7I+LtBpfLnjQxuJ1bEZ3rgxE68Erm4oOsF9kYiXLNMewKgUOO4LJGkUThVBOrW8AHoH810JSoO2OzrKH42UtKRwaWSdi34EFKtyzdQJ8W1/r8H2uxcfo7nH5xfEuJGt/GgPGDTNYovnFHh6zZnboVMhZetMHNRQfPHMJDotQffavgDTbGPkuBjmAE3ORiP8pl0RCRfIuHFJlufDEggMCcuXTrobWUS+oXoXzeY1Owsv3X8COzVMqj1nYQiMI9ScF7A1pVSz2mFCDKKUfBqWuErM3ICIsoru2+rVP9L64T9/YbAtXdxPKMWP7lXfiKGoMPMismLEWMGhFOn57SzTJXnAjRabVX9myQ6RjBRW+o5YJn4ntXMiAmbRhCb85mBh/tIR/eZvcwcWMzdpdab+/QGjsasIYKRoWzOGt4m/9i19a3N7kSsYkxUz6YJrbuxkmm3z72M7mLtiJsNZN/nc8jMu1ptDiZbejaWayb/oNZQJzqK55ikwcUFV8v5UuqT3iyGG/FJp0vT9wVpyj4YjTDfJL4RzxaiXMykh/pCIu032bKP9YJmIz/+zORgKtrhyp7ch1TcvjFfSoST+ue0ievw1+aoQyRLpGgv59AW3QA9D74IiiQGFFfHJlWREP/FLMo/4uOyfvuSJ/jJVJPm/7SvFsODoC2wUk+ksN4/BkLUfgNrA2A/Lag7IA2KLB+ZV+hjegoeFjMX1n0zsUC4BMMO6Np/UGq6T1b0Ybs488/IpZRJd/RFGc+lySaMrB9qbirGntaKl2LSif8MXrMeKpvAdqoA4LjsgqwV2fPyQDlIto+KV7TK48oAZATTXRkyUvPZdctY9NXL5IL5MyIfnO3U3yuRy0nlbdsqt0 G2M8VzCx 2aE4c/xX5dY//BpWWt62I5OZTKU/zfpIETx2QKYQ1c6OL7N6cDQvEGtCwKX4USP8YxZbIKzKE3p3zOGOR5QLPOLsvnUkmF+pzk8Rz1KUHuclxyk5CxIgcJZA9Nme5o8q/oXYjwAiXnL/airoqjEQjYptoiAttmjdI0jJjTBwydW+XRLpQyh4yecliwedxjtbDcbHXy0S1gK1wLa/wzX7mUAOTzKlQ0rBDMrgMn3apgLtfDDT/MMagN91N49+G/U+R3s6wx3bo3mE23+FXFg8OrFgBU0Nq8aD+/MP6fWkSmiaktip9fP/eBxp7GjEGtNZXF25X0wTnNwAtTBo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index bf5d0b1b16f4..1f0d93151a36 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4062,4 +4062,8 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 3c36aeade991..0de3d6ee18e0 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -305,4 +305,26 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 73 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 2410e3999ebe..b26423a614a9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2302,6 +2302,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2720,6 +2735,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Mon Oct 9 12:08:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413504 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3697EE95A99 for ; Mon, 9 Oct 2023 12:11:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C18F68D005E; Mon, 9 Oct 2023 08:11:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BC7C98D0031; Mon, 9 Oct 2023 08:11:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A8FA58D005E; Mon, 9 Oct 2023 08:11:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 948748D0031 for ; Mon, 9 Oct 2023 08:11:02 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 6DFAE80207 for ; Mon, 9 Oct 2023 12:11:02 +0000 (UTC) X-FDA: 81325807164.11.EF5BF9D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id 91A2C80002 for ; Mon, 9 Oct 2023 12:11:00 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qVvakmNa; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853460; a=rsa-sha256; cv=none; b=ngKSGpZzRbAcoiehxkA3Tcwlem4egdizfXjMlv7s+RSB6BMyo/RDIgQr1h8g7Y7wRhGcYb uPVqf5vMDdEXYgPt0uayIR/o51RTiuNePljJzPbgTTP54VPUZ+H/tZpX3yfPxjwESHGkKe EhAIf/YwB4lTzvCr1GAizkkWObORfBg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qVvakmNa; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853460; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Eftc92tzGiQj0aHfUxVATekDiO3a5YAUrxQjTHWGjqk=; b=XZ5qojFJiaSR12fct0PU+wOqdfxVn6l0AJsovPTn5qPfxZY6xcfyuaf2CTu3wSLlImCTgH KgvkOmJVBHyY9KXTJXdLLqpsOMl6DWUISlNkx7GSkXh7wL+v2GmBOXMZzbVk0W+Qzo4UNU 4lLtwnKeq8xbYPrikVMlgxc4kd9mzb4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 9DC636111C; Mon, 9 Oct 2023 12:10:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B3D73C433C8; Mon, 9 Oct 2023 12:10:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853459; bh=uElqfQr2KtEKDlB4Anquq4cFfJfq+1aLsyIKGyzwTJE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qVvakmNaQygpJZ0uePjFrJUrtsbzrcfhstnJItES/IVtru3NeGfEp0fGQksQC1DWF tMpQwgQ65nxCY58ThrzthwgXTnIc8aWuBUqCFMiTj0PRBWwCAGGebOZnZveIv2rrvk XPwA2URNcWdhmQLqdteoSpVuvpN42XibMqMLvqmmFtwmicQMYk1NMZEzhlLUUCF/md r+nKxA2Vy/p0f6j0IZcPikta50sb12/VXajcIhynQjhQk6kZDtPyif4nUIRajawG7M QL7Hqud+AA0HT9n5SyxHxQ2wtlbkMENYDlSQpMemYVKshIbyzuaW4W4Hi7tYQlYr6w 5ZdC0OBCkOkoA== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:37 +0100 Subject: [PATCH v6 03/38] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-3-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1759; i=broonie@kernel.org; h=from:subject:message-id; bh=uElqfQr2KtEKDlB4Anquq4cFfJfq+1aLsyIKGyzwTJE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2TBBNpiyjJLhMTZGrEExOLe9h6uwqTYHZeEaaK XP1+sAuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtkwAKCRAk1otyXVSH0FWxB/ 9zuNP79aRqxAABj4AUSSe96yq38SrHY4j/bVNYrQh9rMPH1RVp0FPIw73yWeMrrO1QkGkFkDYCWOWG mVVT2KLXAeczKvsbiTQwi0+0jWSMTCgW2WiBenv4gjUaI1cZhDOFaFmpbXydGDST/L0tgS3VsKCbRp I3YW//w083fjMYclQWfH7/EPPDxR9SFHIS+mSQJ4xOKlcy/AZVYzDGweA1kVTrbqbY4SMQ166v51Kw K76x1ZQScvlzZggJ+gfra/Pz+awJQu7tTrsrRuUlgkOTvGektRvIgbswUBnuAHryYS5CYGduRUrwHP pAXIQM7vP8oHPKeWRA/VojXac+pwhj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 91A2C80002 X-Stat-Signature: ikhcikrcibr7narczmucp8h6ixe5p7kz X-Rspam-User: X-HE-Tag: 1696853460-12339 X-HE-Meta: U2FsdGVkX1/C+xVp+Tp/p3Ly2sFFo1jR0GzoQjrHfqg8HqWD/pge9JhrO5M7FsGJTHng3LPEDsEFS+L+szkurb2I1InrcjZPHoWBcPI39yPCyShyeqQ6tr0EfJc5HAENIkNHe8xIjNLXvOg45A/kB2a7XO5YyjNawdg/liLhmDKE4HDNSD/WHpIfMRVdAgHwir1epnQf6TZsCyr3gLE5H/1VuhgVsVlOftCmkEoEi6gXcxFb2AFprldj/n/V9l2Pzz750ygIaCMUi/lY2vzA1CTg2umuDfO5O90RjvhbcNwNlTlsPKBf7bYFBpu/xVunGri8512njQlmXKe9ynzDfapjo1bHbjE7hBJLllxtNLVgDEoKxWblp47dRo9CmGkgOYIcDHaWPFe0YXt/CNB+22Urw2Y/0ALNlmUxyJWT8UeUz1icxc9bm9QjkID9ZnGb6OmVyUXU2uPO6plPlQxiUeXxCmsEFjInZPnMY3YqeWo/FzXcmv170qhPDOC8CQulY5NhfJs7mTWvaYwj2Vp7pIZr2g9LdskyjqbFMYjTfZ5GSLSUzM+nbeuCqIunoVXOGzz6MlvUIxxFo/ciuP5LxMLxKeG6Ru7MjMxWTPaYIiKo7zu2Y7jdT0wEW3DA0fn43SvS6+nLGZlVemVnCAyJHXM7o4Z3qIYDpFOlsPYI6pChzMyhFmGL122E2NBc19i9RaRuKS4IAQt22iTtU5fxynMNzhFWnLwzslgFegxxSScFMmXcRi45okERblqVhXVulKa5sNMrW/R0jLXpzhcOGrfR2hnPusD9FT87LdIW8hGKNO4QyN1/GYq11Bt1FUDxBWdxhVYv6ZCSBOI89wyx0XyrKUuw9AEFdVFyap3VWCR8lzbYwzAgU2UEny9Wkke4SXXtToppIZIcvlzzBxGx9YKgGci7TlNKpp3WFOBZSJJYtVEjxMx4d5r4/740xpbeuNDGxbk3CY7PA9bn9CZ 7aFjU5aH qLwMwB0ic/hq4AVeh4fR4PByK5vqVGipwfsqIP65DeVAXLaAIN54VA5enOAe75RqDKqu8fVKV0Jxb/Z7gQnB59F+6n2dVHsJ3OAgWMH05zPkQns5Nw+3/ksLS/wtE+IPyuvIQf8VD0Bj7bO6WXwsYzG2/TI6XUICQJCUE/oHeVOdY2gKRD6qQ2dHrGYr0ULGlbM4ozNqWc9ewOmk3E96z3G7KiMfkTPG+oZ8SGkT+aMcgMbg9rcBDCkCLoBsgNV8/Hz6LhANlinAQWT0hPowKKIr99LReeRukXz96juhAWUN8KEF+x4nbgVPsENqBcxidmQxE8aqwz0mFDnRuQ+8MmO7OjqKpIbTI0GKZEzc9YLcJw+5p7bBkPVIAi7eGWME2nK6W X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicats that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Signed-off-by: Mark Brown --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..d6a282687af5 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Mon Oct 9 12:08:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35151E95A91 for ; Mon, 9 Oct 2023 12:11:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C3EA78D005F; Mon, 9 Oct 2023 08:11:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BEEAF8D0031; Mon, 9 Oct 2023 08:11:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ADDC48D005F; Mon, 9 Oct 2023 08:11:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id A07A38D0031 for ; Mon, 9 Oct 2023 08:11:12 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 6F99D1CA6BD for ; Mon, 9 Oct 2023 12:11:12 +0000 (UTC) X-FDA: 81325807584.09.3544C89 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf13.hostedemail.com (Postfix) with ESMTP id 0C7AD20013 for ; Mon, 9 Oct 2023 12:11:09 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=L0XZBUaO; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853470; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9EiokGlVijer87hj8YWJ1OH7aG1LYVUNBq6hLY0xJSc=; b=xb87sCG+TO3kI1Li8dxWrQPa38oJwiQ44miY3FOFOwBWqgnaPLFJNtc8o7bgdwn/32a1ez VUCpe4VHLyyfOUi2buIL/1d36+xZ97nzqFen+YhIUdTCCtdrFikt3eJKnjuHFfje6w2jiq F8fkcwCkeMjuvyHraU3lA+3SLzRwOoo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853470; a=rsa-sha256; cv=none; b=Cke4hehWSoGqoBl93DpTkq0ATdv0QKXIrnCwGMfawaOl7HLYrGeGHxBef3uBSyCa4sO6Vi NWJ87495ydBRneApI4+H7TbWh8Cx3KWvr/+I7hj6rksps9XC1DdVNekpsrQuZBxTeYY6gO cWC9EILHSJ9oXjPatUS7pClnjaWc3h0= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=L0XZBUaO; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id B92DDCE1389; Mon, 9 Oct 2023 12:11:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B81EBC43391; Mon, 9 Oct 2023 12:10:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853465; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=L0XZBUaOQXf9y9fsjxiv9eVVR1prSeIrYHJDBabA/g3k+G8CWfM8b33trE7OnKpn0 tJQfJ9ff2252fM07wZUSgLSpa7vHahVvLQ0ecavPAIEALPtz4WXg3avclmJQ4oAQEc ZQaGkO1pG/hwFeXLcXIKsodAVJMQzaf8/WlwBn2af3j909bI30I/fAU+x6FMr/sT5v xAr/OpoWz/xn1Fn88pdwdszlfvdlL0jLFH9368oejjf1kSwcWyjPm9fIwL0fCPqe6G yo36ILgazK0hG9aKH9TqWM7ehe+hvqfq2IWTpacLv+BdZnzHMs0v4G6TRwHCN1GWUb 3D1Fpox6VX5Gw== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:38 +0100 Subject: [PATCH v6 04/38] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-4-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=Z3injfV8td0LqFLeGew+/6AX1Y4kpAJIpTs5MPlZTRs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2U0MFICh6d4ltR364bbYSc0w3Zc0T2/uWHrmEL Sh9o1/CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtlAAKCRAk1otyXVSH0C6TB/ 418l04NMHU5UE9J1q5yLrG6ZJ2AnKPW9f3cHymnObOAisPsDelPkiMUmjXFq4hNuDacnZhdJOcllux So0ITDMff85io5ycrx6ps5TVQ+4q+hM7uRvQOSLENJOdoWim8AdvhRz5YOz3HoHt29/kemkbOvBRuy YqBfBZrdxTreYRVZXVinGijpDXHFJch6kzmjWNzg9HdLhos+fjGBuN4LYLT8O6sEF5qxehDFNn8ORt XdTDevlSf2Pwa0/MEdKyjS4HcfDwi5v7SixX1a5YRtuO0cwC5RlEvIyTiSRid7hZafvk2o+mhMa/FG m93bsvu0JONpaPuvF7SF8YTGE0o6mn X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 0C7AD20013 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: azga3mtfimr35wteeogojqsseiqcmt66 X-HE-Tag: 1696853469-716717 X-HE-Meta: U2FsdGVkX1+FABoI2ZzbeCLdZu2lgOUcmDaO4pfHoybXgwL0zdtevJarPP2NGDvdb1pXoCKX/iew99NumD+W9Z1mVFZ4PG67/T2mIjBLTe8uzZ7MzIZokUlOin60HJi2F/Rg9qwFR5hbziwHe4R0i/Rvu8RtKFKd4pOAmF11Ktj22Yoz1fprkH6gD9uh3KCuQNpJvBrDkcb2AqgKIh6FWGLoQslz0zdGR7qeG0Vs7nXXHxxb0NwHy8OzVjHx4Qxm1KDGjmyF9O1F+IM5aJSUkbywHEi49Ae9UIMJ4u1ii521vIZwF4PrQkBGcYDvPVPWFefWrDL0tfoGXEHs+Rl5Rc0pEye5tG60eZgVrIa1vH2/4E0XLshVaKS07L5MEcuQgOr5y4UdWwTV91Tkz21LU6WVWEmlo7vIdV1moGRxnzMDUr1k2VrJ4sWBy7YT5jk5sbsBK+xJxXMrC9syNaO5KNfj+IN1X/L1viBDaZcdNAAJRbwfQYbdwXU646R4z6rqdsR99GzpM2L54q2lOg/qMpg5ttBZUe7XtntIfa6i1iIOKnOY/G6Z/rUt/uTGPSDRInb6DONgsjWUHtTj4jiQqg/2NVfeZDdakAej3eqz3fpRh00Cr7m5kgfQsDUhpLCgu3akLlnDDXrhoGvfD/ttdqGQNXFP4eR+ow2AZjmerk6AafAF3AKdaG+x4+wqnkzzbiQM2r/wc79biKoai9/qnyKX3EyTznpOF43AmksiVzqHKbv8i/cHd8Bu9mlpYjcMmPbjgVmx4BkjuFbBufPWJmnsurh0fUVpub0TuuO2tGbIhSsH0rqtPn7mLm71lH95JPzTzH/K/6LRMHTvbU34OjOmLArtSWgQEoEoa96RoaFI8QU2TPBfyuLFyOAcqoSs/u/7KfTbEBAvdRimUwex370tnjQSFCy3z7acB6CqIcJ4OgE/yRBc0KMmU1JP58qBNQfumuX6xqVziGAaycs WNt+/iCr J5Ob6eWPymFQ8V0DdX7KrkvSB6Ky0UZDPtTcqTD70rao5C6HRgrwlhUTinS7H2i3os7vLtOqfSfuOJqw2pdB6i9cI0zS6HJzthvOSqAzaQqKGbxuSMFisqVWfNYi2E//DWR/vHNCNpxXSQqfC5tBPx7RcTm5evesUCVzFyHiZ0VF/T4A+cFVbRc8n8/CEHqJRqh5jas0zo9zmbWbu6CVtjfmYGOxV0PgjJWeJ2bawqXtA/AAMhENOJ5x3x3SspGvVruuAmrF7aTpuixeIrWr/vXnUvZdQ8gq6Ot3CjDEQXrLgvLJQuL4cihOSMTUtXrGjyJSaVEmEF268UOU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Mon Oct 9 12:08:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413506 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1062E95A91 for ; Mon, 9 Oct 2023 12:11:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 38C4B8D0060; Mon, 9 Oct 2023 08:11:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 33C858D0031; Mon, 9 Oct 2023 08:11:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1DD9D8D0060; Mon, 9 Oct 2023 08:11:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 0A2738D0031 for ; Mon, 9 Oct 2023 08:11:16 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id D9C86C01F1 for ; Mon, 9 Oct 2023 12:11:15 +0000 (UTC) X-FDA: 81325807710.30.8957066 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf22.hostedemail.com (Postfix) with ESMTP id 06EF8C0016 for ; Mon, 9 Oct 2023 12:11:13 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=WYDMFukv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853474; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7vx8l7BIhry6HW/QiKfbIbLtUs2Mt+JNVlAs/0qPdmc=; b=UYcZcyjqj+716Qbu3atJsn5mv/yZOiPi5LX6wKl24Wi2E9fXlNICjrkQlc33d/WKE9UYJi /WQ0EiatLcgm1egHcf7tz3RXiAPYkpdXxjv+O0ldzktV0sJVYAxYzsYHliIMpfkHNoV2Pm moPzqo0Dm/D1/VeQoMCAXsOM1g3jCE0= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=WYDMFukv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853474; a=rsa-sha256; cv=none; b=sftiGvJRTbEXpThk22nUXP1GoH/T8FGSDDNS5tP5T62y8zGe96J2+hJ6iEvvbrXcJ0F6cf RK15EsvLj7V3uzmjdM2AFY1sxDZxNIJdvxRlNvm5HTtI+gD4ERRFhHtnd9wyzG1O63y4Sf GgJWh8p4HQl2fhv567xt+V3dH+bTwlA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1E8A661120; Mon, 9 Oct 2023 12:11:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60C4EC433C7; Mon, 9 Oct 2023 12:11:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853472; bh=GW6tFZWZl4ksg+VfOphohAAwEsls5gepRScgQqoEh7U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=WYDMFukv7T9m0gMiFkQ5un6OMwLhVJimW2LIo5ALSUynuUA3BN3iGHuIw5DmkJDzY k+BDuOFNTjKXkOt8Yd3D8zx3MpYSAk3Fest+gz0rfAv0ZnbZexhf2bjWk2+99vC9Fp ao2wUiAu+Ad79Hr2wt1jP91YbJu3+3baB9WUicAX64ukgXMe2AnsJTq4q7w48knc1O Ry1utt/HlblW2/s3d5cpVCAzqhqA0vCEc6bHGsDd6oGBoaCZzWQrIv47DUfAorw9cN rUVlGjr2ZD2fCBPjDgmYJwf4oUAHgnVanfCnz2YZen6YrwahEs7w58luv1fS7AfRwf I3afFkL1Fr2DA== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:39 +0100 Subject: [PATCH v6 05/38] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-5-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=10618; i=broonie@kernel.org; h=from:subject:message-id; bh=GW6tFZWZl4ksg+VfOphohAAwEsls5gepRScgQqoEh7U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2V+3mYikR8cFIXNlZcjKefFNtUq1uuNzWrG1qB G9wE7YWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtlQAKCRAk1otyXVSH0PtVB/ 40rIeZoVm7wy/nb5awPdQQ5FvdmD0JN6HvfeTSnKlc6ggxMgjiHYH6iBxxr2A93OTNgMQjUmvd5Szr NC8w0ZWqvgvVMJxLeaiW0EALtP1mB5YlsUPKsATpJBHqO54E8lYx/sB9WNhYSA718Zqh/WkR4sIjoW izP7RXq9bX86HEQj50xhAXhrfXQDFvS7j8DbP7vAKlY2/Y8Eh8ZGuasiohkWjX0IrA1L+JYFQFDXRL 5BxEvc3WnV3+rw/s5t1bVEF7qjRJdqfRqcxg7phBJlrbh8DWnEN6V8TYEh7vwOCp1tf2+L4An2HU9W /egNrBvJiVDx7qwI+unvQ8tgxjAyqd X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 8rxnfa6mim1y53ujcgn3azed7on59hmu X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 06EF8C0016 X-HE-Tag: 1696853473-643163 X-HE-Meta: U2FsdGVkX1/Auo5wGqoD2/7QLNKjZuH/jQbVNaFCfjX39xiQYS/RJCPwSwNiFlHRgjpMFYanoG7PudxZ/N+79LbRvYnpLBJ+aH3PDXJW2qrPQsQkETbuP6TpowTwuSgnWAwFMeUOuOE5pz2kojnO1s+p9CTwptFNKzRA9i2TPwyPj7aes3DT15rbKGxiqMwUO5BDVGKPIhBGvQTVnDwp8+PbcqPwptSX7cwAz6bmBfh8JP1fbrpWz3g7ox8nk3jM2zvw5O+z/9tYfiHIkYxd54BF5QPl0UN7npDM2TYT6XDZuH/E5fdgBPSPrl3pBnqEj4binvuUmFwzvNvJ2XA9IoO5FXaEawAXiKZGPHnideejhCpW0PV2KuAZmKsYPGq5Gl6YkSoJ/v9xIuyRtuqts0dwruoO4QECQaJpVSHnRyz/+5RPD8A3zsOAV303saxa4htoOkpk2X3Lz4Zr/D7CIlxBnFMHlQEHLnszi1qc8GfmLS3sktfl7IJGEjrcfHefRc9qFchp9krmsxdbp5b9n+tEOv/FRPAPFJ9T81mLVlIxc7BKEQzwMgkLJos91nIggbdlKWRAdZII28XeCXLIKuJYR52hyYXn1HPFfwWfd3CchUdtGAVNVCrehoDAm/8C5G00yd2+hJJ0bOybgoWxZU4RRB1FtnP5+6RXdh5uG40J99XUOU9GCz3H8XXuAcc1MteYDsNVK92tzzrhUC5DBGown7k/dJ3BZWc+AhkYUAzSb+z6pa9mJ/vMi7ne86aupkWeEkmg6B8gCLUcbUunJRPzp8GVp6xuS+XFUBqhOjGIcjZBA/NM5Bf4q7cGvR7fkI3jhOCWgmcQzCURYGBNdhJUO8bF/FzlZw5Ie9RJTWudVuWxvp92JIl0omTLjcfTOCWRkTkzaCkUS2G/8P23CFbwZiPqI8TJ3XXw3ximtWg5XnjMIPNIfnVFayjL2mfLHZBirKxl+GLpT6e/iUN OAPFICdk NyyRfDOy5T1wOYnwHjvGOUvJlF7ux92JZVnZRDDVi7t1WktvqJYI0P2MQrLzR5zNWPwk2YsJhmPLhnXbiIM8TFnVFAT1TWgmvu/TFDWu1p8mAZ6/H9fMHAvC6a3Bq86mgukdtR4OeJfXhxNIOM6U8LyPpXH314f6xdt/GW2ktmU+5/HK4BWf9ERLlffpYg9+kYF0IwWIzY7cTDk/o9oDnHtb0GKrmxc2Qgis2Hu0I2VR/D8Hn4kpwhnoIZSp0OjHKL5dDzLKgbPPvwKdSWJFdgWaihSJcb/WzD6hC7XGCNkFJJ0BU2oO+Gr6Sw+rOkmWhFQeyniVo3+br63Y= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 233 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 234 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..b3bf1404013c --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,233 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK or 4 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set. The GCSPR_EL0 reported in the signal frame will + point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Mon Oct 9 12:08:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413507 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C80FFE95A96 for ; Mon, 9 Oct 2023 12:11:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5AFD08D0061; Mon, 9 Oct 2023 08:11:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 55F768D0031; Mon, 9 Oct 2023 08:11:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 401038D0061; Mon, 9 Oct 2023 08:11:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 2C1648D0031 for ; Mon, 9 Oct 2023 08:11:24 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 064D81A0217 for ; Mon, 9 Oct 2023 12:11:24 +0000 (UTC) X-FDA: 81325808088.14.B271002 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf18.hostedemail.com (Postfix) with ESMTP id 097231C001C for ; Mon, 9 Oct 2023 12:11:21 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EpeMe9VE; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853482; a=rsa-sha256; cv=none; b=V5kO2n+H1/+mnOIFMK0tmt9tXPH/DLYXBGf2e73vXzSqAjqhLuhsuBYwhQAx/Hlb0ZpQGx 7thZ8DXc0r33xgpht2TYQCYJ4NkNQT+ehcxmoRkMHKc2YhiJvShaC7tsY9AKPYyJ9PL4hP 7OXjjxo8LOyso1g6F6LRVfNLXGIDcjc= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EpeMe9VE; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853482; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ub/wGGRSR6UzAejnau5vSJLue0+ws6bAKxSiVDOpdRc=; b=iUaSraX/ZBwl7KsEwp79hjAJZ9rd0rEkKJRHnJlYZqHH3P6+I/I7CMBmSfT8UteLb0Qtrs zv9rrziCeoCjUuIFj5wlQVZ306x6jUYHThCouwP59vu+IaIjwaH62sLNqK4BAFOZmP27Zb V00Rg4f8VO5BmmFgTrebdNdCk2qEhLM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id D91BFB80D95; Mon, 9 Oct 2023 12:11:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 20477C433CA; Mon, 9 Oct 2023 12:11:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853479; bh=DHXrkEz4uaI5EG4HiHB3b7Wj+xS82Cz4YUQVewuBUzc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EpeMe9VENZDj/tfvQ0h0WPh3VgDnpa8FPfRzTsdG29A7YqkP/rGRcPp4MReNm5Mqf XL+dh1tkTPB4tmAkGuvvezJZODKRqhlqty3Gtn7cSpzoHSdWiFys190IsLcRrA/qNQ XecFycrJnK5IPz64+hUm1PWC3XJhhkNVwgYteP1WFXK9SUK6ZNVHzk5fT1f7WPjvPE Lpk8pYGgHNsmDAPmrjiXzMhb5PyHYMJNl82tKcWBkPNT5r2VrKXhOHOt33yjDGk6eq spHqVknye6EbUuzvHgibZv9XZod9P3Km4O2q97/kcRhmrkrNvovuJgZXdp2FZqKihC brKSMTrfvdrtQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:40 +0100 Subject: [PATCH v6 06/38] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-6-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=DHXrkEz4uaI5EG4HiHB3b7Wj+xS82Cz4YUQVewuBUzc=; b=owGbwMvMwMWocq27KDak/QLjabUkhlTlt1Pdnvex9je8cc6rS7n+7EuY28QjQVenuUqu+v39/67u v8+cOhmNWRgYuRhkxRRZ1j7LWJUeLrF1/qP5r2AGsTKBTGHg4hSAiUS7sP+VElnKb/E8ODlTp/RMWX yO53Ph0HtNP65adFrrXilwX7k1Qt5A02hOr5hpm+XUFWeMHa6cOGYe58P+O4Yn5295ttf7iqUu79+7 n5QLcajt/eKb4X7v90314LuXjRJWROgsEP+dlBBzs6HsQ87ixSujmj8yVfGf0w2PjjueIPGYp9y+uo Hltcxn9cmVJkeO/P7lda1206ejrkdqKqyZn/Ibz2WVYXC6Jlfy//+0o4cCTv/q2K99+/ObppUMhdZn V7uu5r2//UZ/WGlIb+NNjtmG0V7CLkV6mkHXZH2q/68zmbUn5PP0ZV02uRzMHSsdjqhdnFL4zSgoYL 2G0E2bRHdOcQGVI26OP/RjLf0TAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 097231C001C X-Stat-Signature: euwxa9rcmooqdqxubbgceqqp1gswjdiy X-HE-Tag: 1696853481-453514 X-HE-Meta: U2FsdGVkX1/oACmAEkDnqeP55diKEhDMVqdNhxBQEHVaDjvh7m1ZRmi8TOTvkFd3AgakgVupl9vIBB6JaQkQ2s7/2QNqNShfgdOOCsMAJTNfzazYctBKunLwbVFCK+hYfI794Frb1DEuEx9a0t+SG8N3LICz9lS6vw7EA5iFI3aeP+98JGPLxjDuHUYy9AIc+C8dLajhyuBeFdq54N8dhsCmv1kSyMI+4MxxsnDqzZ+lMvvGlWzEkZsRpdoVoRdPXFZdK07WbcSI26cIW0VudlIpjoq3fJL4c4fCxqY7LoyE9XtC01CwgQFAS2NIk2Uhkc/cQQ0UvMZbtVCAFOnuHR6gN8Yl9MVu5OSh8JUMNMIkxOh9GxT8aoE0vh/sqD51T53qjbsdseOMaKP8fVAcP2+8ViCy5nXB6wFM8LIUnf3ksPKCiwcSsNwzHITDl7FCe6tLh2e99KR0r+J7HIgE8WMmtMBReyg2w8GrLsXW2xXmblT5TuWG6KlvintzxBdAIykUyTnDcLxadk8LlaPRdNwhhra5ByrMbYbF+Np3/BHk2Wz/QYQ/x44TdjwUFSFA4YOplZbjFYplN7g1Yitg3RH6p4forbsGSVtULwJXz+CTp6oBUJ52yIZSIp3JOP3pZNFkBmkM2zkyso/mP+b8+U813ppvqYA5lWTt8FNK6ycZhK0tO09pAJO9glbsBKlF3455CQ9VK7I4H/Ty24+CgM6PBECqRZKCQ2qQ2lSpmA8RqxmBUH1iwhYSJpp3Rj1epsyZMiCE7M0MOvnermF2gP2Sx8onPqgot+f9DnGLEoXfQHTY7b2xQBV668DaSSCJWB0OLfAeJqgd+OaVglRXxVX7Dt8DMnxtVOe3LeEwKtTQHIV1eBqYop2TtQiQwz8TnYGoKcQdv5VcHyEPMzVc5bGwUHGwe9Dmntgz8oxCk/TvIfPgPAue8mPxdKXtK7kxYZxg4mi33MPsk5GMJgi n1ip93dQ ZtiWvHtJmIScbwRzcQDLAnTJdSMlhvAth6JwkvL7gprCKNxaAzudozh1xzDDx12Fp1IaGHrhNgbvEdi69zBRSfPqfE9q+AzuUfTG9h5S/fZXSMZgrTim+E23ziX4GiB6slMVNNfiaa1pzGAXBP9kE3sW+1gm4IcqSL4jQ+8RcS3KbgYURNzxQ4en+sBDkX2iT/FnClNNWoJE7SRo/zFg6RkLspidfzOspBPrQkUER4M3pie5+46qftgif8Eqw27lOChoXysAUalYE0O5LWU71k4Pn2OhDTjnNRy18NWz3Hr6T9ZB7zgA7e/tw3lY4hZrG306s2GRLQQ7Invg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 76ce150e7347..6872bc2c26cd 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1784,6 +1784,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2014,6 +2049,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2342,6 +2381,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2401,6 +2448,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Mon Oct 9 12:08:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413508 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53215E95A91 for ; Mon, 9 Oct 2023 12:11:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E15358D0062; Mon, 9 Oct 2023 08:11:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DC3E28D0031; Mon, 9 Oct 2023 08:11:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CD9DC8D0062; Mon, 9 Oct 2023 08:11:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id BDDD78D0031 for ; Mon, 9 Oct 2023 08:11:33 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 876E6140235 for ; Mon, 9 Oct 2023 12:11:33 +0000 (UTC) X-FDA: 81325808466.06.FF556A8 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf06.hostedemail.com (Postfix) with ESMTP id F3B28180009 for ; Mon, 9 Oct 2023 12:11:30 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uW2YvwkT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853491; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vC2JPAVWIYLn4Gtm6DpcKM6hN4sCG/C7Tc4DVCUhKHk=; b=zDx+IupneDq4+EVU86ufshhrtlSaKWEqmmzbkVuM1KFwT/mY6B6Tz3BVPjDxdzu1WaiMIf YA+NKmbmqDJ4+JjOOrF3vyQs3MfHwM4AjZaSGxlOiftiZik4X9M++LCqCxvXwLFnDUHGu/ 0Fjr32jz2RpXB3w7EK0dMnv+zpRaLRY= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uW2YvwkT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853491; a=rsa-sha256; cv=none; b=hVi9JajOWvi6odVgedQE2ybJ0CZTHmPt4LQXr6cnLlGttZOUubotD5LYzp9O3SLZ0DDFTg /J0yjIS53mBNfcHTJOa7JVobVKxGJ1ekHMqJJztKpGAFp5CaOvyib1cB8Rna9u86plNI/G N2L/hucNCq7qQ/avycxwTP2GNnDgHPE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id E19A5CE1391; Mon, 9 Oct 2023 12:11:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AC675C433CB; Mon, 9 Oct 2023 12:11:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853485; bh=dnQiLWCQEIWy/Xq7xUVmoEvPZ7/L9XTfsPiddNnhH8A=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uW2YvwkTEs3ksNnBeyCkmHvcg7Hg45MTQOrvX344Mz095Y2nBmnaK61KvKyW5feOb f+HQRctmZfEFAzdsuUP4ETQaCQOOmd0zQw8Z4ksCz6K9hEhCwCPfvutNq6j2WD6vmj 4pZr9m/47nVQFEVwotHX0Esp6jxSPTzu8BCaa0T9mYgV7uNgC2U8xiw1lhPXIW7knn ELoN/tObaoGVa+rdJP5Z5qYUZYF3VtUWJEpFVOSJFOS6A9HGzHFORbRPu9ErGrSjQC 8zpmiTl07f7AolAPvTFvKuOG/xJLeHqxbUiM5buTP5J+4fA3i09lEyQKTacVUD5oPS grZRCB+QM3npg== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:41 +0100 Subject: [PATCH v6 07/38] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-7-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1361; i=broonie@kernel.org; h=from:subject:message-id; bh=dnQiLWCQEIWy/Xq7xUVmoEvPZ7/L9XTfsPiddNnhH8A=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2WHMOtW7oALvhLQJzuMUteJm/EdFfby1ez8IFL vZyYW8OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtlgAKCRAk1otyXVSH0CRDB/ 44i2mEo1C6AV0kBavJlNrHUoe01OCdzz/4EZVGIvfLNMche/CoZDy2oB/+y3rrHCMkeSEwFG4KcFyC VnY88Rj9OOm0uZVKN9lUzQ9Aboh+Bi3RgzyK8XcLr9nza0lytLsRy9LRhol8LKzq3qVAiv/79KB5mQ 6qpMbIMPk0FLn6qsC/iAjW/tbSgEmSfH00+X8llt831T8OpphOjxb8HdOOpRpV34JrA44UIyFWAtxX dkrGQX6Gpxd4DhjR16V1xYXaJiITXqvrJ1xhJf43u7igOOFiEW7N5vuix/L6mtmFwahxXcJFwM7/XT FmiKMyTaKx8MiwzpDMZjLMwG5iuqwL X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: F3B28180009 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: efjqos9z9yrkqz6ixi3keo5uyzwe9whq X-HE-Tag: 1696853490-419181 X-HE-Meta: U2FsdGVkX1/bLvAnqA8xLXCMgN3UARFQO3vcztZAfmBeZIbBwfHIKPacl/kaKa1S+c1vekLRKJawjsJswuYRPFFBH/ow5Dw6jmUuir3GNBToy+dRDBgCWwxB3Z4JqkfDWppp0EUZmEA9OCwNXHe83Fch6XXOg3S7x8BLPvmn6VodKMb44gkh3oUXKLBWcqNItY9Zgy++dVzWwAzsv+rzPGEZTIs1L1Gko67gQnOYkkYQGn3VM4iXkCGrYRapDd14EFyUKKl+03E4GMwbJRUn9+dGD5y5wivMUxZ1psmnyqpm2h96ekW03RHADKUu9AnFVPSgNZze2ZtpHxGzf7w0+44B26h3oiQEdOAoVd8tc/kombCHQSrM9EXQcFrt3aLhCup8xZiWWuPy5Sq7ZM4tDtW3WqaXnylnHWK20fLRFwW30q6t67CWnvKTtcUVD949LSyf3m+PCGhqpdCTNGE36LlQHqeNr2JFPJHwp6SKqJRmO17jG64rgZjqJUlMI4FqasrXhpYTdbNwmCtVkVzIAmvPEoNElIgWb95KXrc/OkDT+kmfRFaDB4V4deQVhfaaT4tgVz37u4hQwvZ/1buUscHLoU0P37zwhdFKTYb00C9vU+fd9geTetmE3I+COFjfA2Tmjkj0JFaoDD1vEsDGjzMpK4W0bs55F8CRmp3YXlpt6z/jwi2FllFW9LOkHnwP1bOOOWXOwbLZEzR3OPwm+AzVPhPePJL5rKno80N0ahBLxplvHj2qh0f89fj2p6+yzKrZQ8TS8Ob3Ra5hVN+WciRHxt6Dy3Gy2K+tTMINRa3B/NwkkXB1HqHVqfX+s6mcjhbVUJ2vHhjBX7VIwFb/3JlLDs2X/Dos1M1F3xt3lcbVI2PHwKeCX+cK/g2s2dRT0j7fOlLP/CRmvguEtbZIoRQanQrx6C4Tzz+rUt/TipV3fizKkRUQE08lva+KUMw5b4AqgYEeR7IroooQ+88 puMOq1f2 tTv73dCc0wbE2oA3ItFqkQSE5g6Hc6Hgs6ntrO+UyP7vGo+jIm7azYiFjmXCMfZCgxjoz960Z0AKR0W/IBH/dz29T0GU1uv4U3hNqtuQNOvvGzJwA3jX+kv3m58lj90rijAR/2MpoCjTnxJcUBcHsKOkjptTxhOG/PeOsGCUQfW6XIobe62VJyns6dgsd7aBtSlE1oL3juqRQugK0ZCtR/DbT554xMcLsPWKwNtk7brpaU0BQcV0Ah3njue5c5NRTknomqVqua3GFY9lCp8UOHbDeMjtGYin6tMc0zQrCsOVyaT6Gk2JwJD2B1I5U47IytOJ/dnt5GLFEWtE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 38296579a4fd..6a550781d71e 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -994,6 +994,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Mon Oct 9 12:08:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413509 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3F33CE95A91 for ; Mon, 9 Oct 2023 12:11:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B54ED8D0063; Mon, 9 Oct 2023 08:11:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B05BF8D0031; Mon, 9 Oct 2023 08:11:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9F3C08D0063; Mon, 9 Oct 2023 08:11:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 8C97D8D0031 for ; Mon, 9 Oct 2023 08:11:36 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 691E3B484B for ; Mon, 9 Oct 2023 12:11:36 +0000 (UTC) X-FDA: 81325808592.28.3C0680B Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf05.hostedemail.com (Postfix) with ESMTP id 70C9F10001B for ; Mon, 9 Oct 2023 12:11:34 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ATlHVM6A; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853494; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Aw9uk67+s5HTS/4C+7Hw36JUsrXswdGZ2FWphnKG6DE=; b=uB5aiXesojXTQAPNrDme+kueycbiCiPwHy/DMgx4lUpzlffZOXhDlXhhvTvOQhU6dRClGx kzmlcMyXx3kpRIjdROL1jp6Mcuf6polLrPCnq+Fr9IRJiwGsjRfMVhc81mBhmNEz72UMBv 2gO4RcS4K0LK48sHcgBfv7sjPwB7gcg= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ATlHVM6A; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853494; a=rsa-sha256; cv=none; b=n9x6+dfMj+M5rqGD9vEptHsX679GY/bCEypTnHbeRJoF8PjeSYoPB8AMKKpUptGxRGorFG yKsp1qHJDvN/Ko3OMK3LnQ9Mp9jQ6kBi8/vLOBEboFp6EMehiZHiIiTiPPoEKvIqtMBd7M JNLuBv+7Q5BriKH6KKiyyHR+KuexuwM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 20255B8106F; Mon, 9 Oct 2023 12:11:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5217BC43140; Mon, 9 Oct 2023 12:11:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853492; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ATlHVM6AZeAPwZROhTDwJAXvT1SullAlI71Vn91fpb40hH0HMjTlCj8nJbcQ3Ud3N vAhVspCDOeDsjgUAUBTNGwGZTHyokcbBzVVVErlZF4gaRCHvA8132tfS0cYpyz7zso 71qgrkpCNYoX1KdrSBTd0nrMqNW0UrLUB3WheJ1j3Kxtod1a3ousFlJ406c1t6piU1 g2ElyABWAZHRc+nRTRI776ggjev9EOJbu2ipxrPSF075+9nWfWD952VGnmTcu1crg0 Z7YMy8L5LgmZwKM9Yix342mpSS9lneIbrD2Co0e1PKXQCoXswDTriYD68tGfTJY1IF 3nsQDM/pqU+/g== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:42 +0100 Subject: [PATCH v6 08/38] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-8-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=sadX6jRs7DdBAThhpdGK2D3phr2V3dLQCMXle4b8GlY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2X6KvSDevFmNU73sRXi3dVSic6kb7utwq77DtU O9AtxbeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtlwAKCRAk1otyXVSH0PJzB/ 9bjtfdH/kreNste9Rhszz++5TtrXwaf+/u3cMsmbyDsfIECxfrMIwsOBr1iJ61TV0lhBla3gTWKzee B7mmzi+ozphCNHbM0MDRz0F62SQzuaeuxTGQWp7rTUbtm2aMqwK3vOlXDbfkp7E1yyMaHz3Z5xh6Tw h8d1vRGZv5sXyZyDBBI2aiEO6lThtTrLozvtuWQ1vgfWue+wjzrq1aMDgiN8IeAW1HmSGSYmliogM6 532osJm9A/FjGeWX/7VE6UK1Q45iesDwGfzySGm0oNzW9Uex8YR3/NTmPzJ2zulrHA/KnIamunKmUR uhxZ729qwQ62A064U8mJ4OD4jGhU9v X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 70C9F10001B X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: maiantjnua4qjqxi1iq79n4g6kwj49ri X-HE-Tag: 1696853494-633142 X-HE-Meta: U2FsdGVkX189qfFfTry2i0ajLfYsMvsGZgURNJZC8sliiZPs9hTtPvXdfTz9bZ/c5WNAWOf79Qi1QIIb8LW0ReRITdMqPjPmLWCvKCTOVKiKHXHmaeSIJLsDek+r0zXPrLInIFQUPDP4gxFLFGsWoCeXoY4I6fhTut+TNo8PlYioA+4yBPgP8h1KXcvV9GjljNwhTUEds7Uk2V/SkEyag0V8YQgl/lUVhxxrf1G03ZVdyoSbNdUUAguD2CkcDKJeWbP1SiTDLL384b1qwVpIag6DnvPpqxUxZJ3Ssiacfcg2IjMYPH5cZIMVMWkaFlQCIC+wDPYgQYxHuGp7New9D+ncVQYuCz4iDo+dt820zi2U4SyXAXk2gUBEvvjIW+TxZqjXoD/qeLs3VkNvFFDe7BFx7KuDLg64JXW6VKr0JS3THxA6UxptumhHH44is1UXdd/Q1t3B4ioUpdTwny1yvS0YOJTZtoXZzl6yj6kV5e+61qzkr6o8lUBZMvLqr1SK1c8VcpeoZzOGrh826PPFFKcfSeH8Oz3YXasZHRgx9Yyn98BDe7kJSlgc776QF/B6pYHK4qiXhcj6ls1jRt4NtJCU14GTVWaFvwejKEkHa68rStHjZnnpScQJDuSgTAs/R9DKrGinCmvwbD60OwYNgUwv/6Mmi8fUj2BiWjWfK59Ap95oISIYblPJdxZJWmeh1welmemdpUvgwsC59Oc94KricooRELjnnJILv7iSbcC6tRoHq7wjipKzqO5PTLZeTQer46yQKc4PENJ76PymMO3zAnW5pX6UaXJ0RI7KvBoVqWKxegoLHU9JRookuj29eqWn0glky2csTftOgM9nsnAJjeJDGncLhpLr4pUW+rPix0ZUILyRW8ok6MwIIo2mP7LAY184HwKWE5MBa5KIQGqHw5r3dq8vrpkOG4QiW0lM+elsNQx2RX83n2mj60H8VwdLqwZNHXij+0oBAxv U/iUn7Jw B0Nh2YGskv/1Hw3E34SiNPNoDrZYOmqgbJhr5bHpXlHk8ielp2W2cGS8kpDcGVP3qHhqzjLsb+Wp7r2Umgti4NJSJLx9xZJP/xX4qDBkdiv4Sjb0JU/cSnZdEL/4HzD2MMpq+CZz8t6JYcM/dnITgrNDEYh2l8874KxJ0EAszF6wjaGQZvEoBnW8ksngfB8D0S+RXr+HP3kXn61i7PqMEtgYAjQrQMvJ4iORa8V32jkhLiiwuqpy6ppyGZRPTEu33DS8KSECWGwdoKDn0gbNz17Worb17VbVDe46+zaTWv7WZV2K50tw9MpHPWIVbm5IX3zrlwnD1rJVr/X4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Mon Oct 9 12:08:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413510 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B42F4E95A96 for ; Mon, 9 Oct 2023 12:11:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5132A6B00F7; Mon, 9 Oct 2023 08:11:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4C3846B0104; Mon, 9 Oct 2023 08:11:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 38BD16B0106; Mon, 9 Oct 2023 08:11:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 248F26B00F7 for ; Mon, 9 Oct 2023 08:11:43 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id F1E741A0215 for ; Mon, 9 Oct 2023 12:11:42 +0000 (UTC) X-FDA: 81325808844.15.CCA19F2 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf27.hostedemail.com (Postfix) with ESMTP id 08D2440008 for ; Mon, 9 Oct 2023 12:11:40 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nRXCf3IP; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853501; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; b=EC5LQ8fm2vljFGlBZrQNUL5Suq95Cj1OpO5HVrc3J+CTz9l1qJwKLt0wjFQ8doQo5MPXY/ c4LonLNIFq8rJEtrgt1I1+yjC12YCWA4Bbxn/TFqDfgKsXtLan/hba1T5jI5Xhhx7P0NMZ W30zt55nLLBviB6zJ9YlGZT8nbc2lL8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853501; a=rsa-sha256; cv=none; b=5CFupwdPVFeVH3qAW3sJapparxi9f9FPGY0glvSzb3uVOjCZm7F2UqL3NBDKxkqXrmAHRZ Zxv9VDfa30ZYtoLe+tdxD91RmcZ5KH97q87fZP9IoCzbO+XhGTSapFeysoU+dS3xxagidD dkWQprFtjVBcxtPKjxabqBPEulMlLD4= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nRXCf3IP; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 6E232B81135; Mon, 9 Oct 2023 12:11:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8334C433C7; Mon, 9 Oct 2023 12:11:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853499; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nRXCf3IP04mxomb59+FPqFvNeFFferKhb4+ll7uI89/W4+e78a9mJLKf6QHmmidyZ 7z/5VLjrJo6vvICYH6T3MNNBcCIhgo75AlS8oAhFsH1H5oXIAIVbO2GHLOc9Eql7EU RuYStvvqFpSYuwqfKGoTedCsXt9rmPTpIcWvtooljyquoQ64vzqW8B5Xu4Y9r5G/UA plNxb2NEue4mStms8VLWFaRhrYwe97jxi1zX0PuJQe0xXV6B9IJkAYchVqYB3jLDBd FnewL1JOM+NuyhQP2NYJZGT/0b8pkoa2zX+S21Dg32uCsDkp8n2wdKXEvkGQVMCCsg L0ZVIbqvSMc2Q== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:43 +0100 Subject: [PATCH v6 09/38] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-9-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owGbwMvMwMWocq27KDak/QLjabUkhlTltzOS1pv1T2Ztq80/z91/JcylNk5K+4vYp581J1n+ysaV t9R1MhqzMDByMciKKbKsfZaxKj1cYuv8R/NfwQxiZQKZwsDFKQAT+fyd/Z/uYTmT+1qcLE1xGh8jeb hqPLTWviyYlseUlDmfQ9vbuD8gk/Pf1ojqStkZFcHrH2p1lUdbGqcYKC/RsBUN/M64lfmh38OyE3Mr EnLz5fQW7Y7fWZa76o6UzRE1HqMlE3ftmxPv+HShlMf7ujvscjo+f28EMz+qyLjo+lnMmW2Hf1PxRM 1+kw0JjCIbH2lJrN7LpCDYU5O4YsoaGfaQgBU9P7w5r9Y+L89lv7X2k92ETtOEVLf234Esp8UNwgUf rpjy6tV++VelIc4+03NYfzsKCYXMmBfmO8H18gE5O3X/jzK6UZsO373dcnPZ0Uczlshf5j62av3F96 xcV1zy1ynv3fr5hcWvMqn2UsGLAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 08D2440008 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: 8frnx4wosbfoo6x8wxapcpmdy1wctcoj X-HE-Tag: 1696853500-708471 X-HE-Meta: U2FsdGVkX18bEZIObQANhBzDL40IdeclPLUAAHUeAGKqAnngr4jMp/1K/rwDjc2IPUhr3/WJz4rc7HmrNil5CIJqowueFpUWedbBxUH6wwYq1FWHKj+mT81bMgYwhTr6FhLiKPUjgMBLiEj7zmiAV2MgaGsStGpljmjHooP7SRWqGkbpxkjujhtALZMj7Cz7NwiDr6vnRZBbG1lEXWwrFfbC37byemJfLvhwpNwkmrxiG7JyYWy8dNDD4nE6VfrZ9uylXIJ6XedBQ7yjdUBNELDjqZUDP4sM2LacEXf4HJSwO6NjEATf6aI01oGat2bKkPxQI8h2NQ/OlI52sGzB8QhYbb7upuTITzftvaogeZ1yA5yiSz8DU13j/4FYUVgokqDNs1hqZfz8kIexfWF8ytcEs4gy+RXcAS8zDHevUXrriPDVFrcGuP3YyHOxIEBWXMW6ABbt98YOLpoVD8srw9qPVx8hwlECds8tmyafKgrDXQPae9L/E+7S14AYEx58OQKkxE/YH0OWf/bm/9ET/q4gZRTCGHQwReT9n28xboMT4aUYEg0es76dcD09F3jx0ziiA/VJ1PJ6bDSuBVacq4v+fosrjhtvcv6ExbsO4QOYCjgEn8bYHj8aduc7GfGx/2/xbDUYQgbtdi2QG4aOitE+wMKixOFp6zlTjQrm/LNmjPp3ycgenH/kqIJGRLUcvUksrW41K1r12EJmMJnqIlRihNZwL44ijQE8oXu+VAfnhL0BMUlkJtgDc8QhYaLgWDq1ExWI2YHIrccCLUFHFN/WQEWKZdwv4ZRlFZVD0ZAtwIVZG/gtbzAz1ZuT+jtewJnl+HoV29fR6sX/ZWDFZB9vxYd86zO7zLxUtrpnBfA4OqNSbLW36ADz1Riy8Hxm80qaQP+8o0MIUoVeQoyYZn16JpkY/3eYzUriVFXd7OnQhH0oRgCJxq6pWJOHRAJ6VkNzDn8To0SxXf0UlRy 9agXzyHR jnrcJ2KJe1ZWdW1IWlB8VAgCNNxtCUV7DPdDseV6UyMW/ZPvzZmboWc2CXxT65wiMp2pZ3U5zHP769F5VMTNxcJGTvdKu0l3GjUewYwngsEAAho+pBDXg5D1SsDquevB+ONYTx3je4MQGPX6vSA/OFL6rrVnhzugTwa1nS8/wq34pjSYFmGaONKsUZQG/CYFsV4AhzYjns4T/IzjPabvtAvUGYiLQ/KpUbngYBbKQAPkBp8lvnlbfEp56EmbPONirKItA85z8fO3OCD5IcTKnKcePFLeOYWKWCpEcdGq34jREAF8vsBytEh0hXLJegVEFbvaXKJ+UQ+EQcIPjec43yHScnUv9Rs9Sq10oxj61ntdY7g7mPI1MaNFZSw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Mon Oct 9 12:08:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413511 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBDC4E95A97 for ; Mon, 9 Oct 2023 12:11:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D7266B0106; Mon, 9 Oct 2023 08:11:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 587026B010A; Mon, 9 Oct 2023 08:11:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 44ED56B010B; Mon, 9 Oct 2023 08:11:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 35C746B0106 for ; Mon, 9 Oct 2023 08:11:52 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id F17F41CA703 for ; Mon, 9 Oct 2023 12:11:51 +0000 (UTC) X-FDA: 81325809222.27.2DAFE3E Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf27.hostedemail.com (Postfix) with ESMTP id 821234002B for ; Mon, 9 Oct 2023 12:11:49 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="rP9e/pVE"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853510; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/Zs1p4gXcfRJjLPLe6OvvtG5B7qTRT6IlsWnjCwxGRY=; b=TKL96iHxzAAaeUd7SxK9w7vU97TTttSKkAbi02jSVpoicRWLwIX+BTqhRlx78EWvM3CLZE 938+eRxO+YAV3QzNkmqQST8DNMSjXeXnxvl37ePERyRSCTT65OtqItacat3zXGSHASGvRt i4z1zPbEwPwfbERQX676hzuYWFhGv/4= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="rP9e/pVE"; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853510; a=rsa-sha256; cv=none; b=BMJMmWjzBOSdfANpCUe0zCh7kk80yXh3cQVkjGReGnMDpnm48Flg2PFgeln9m+Gdh49SOs YQ+cU3NUt9oA8gvyq1FtJdHm9L1mlTScAADhHqut+OBciIs397ZDQj5AcmmJ4ecxQIX6+M oc5CZQzWm6Vz7BQm5WXX28mtj04ELNY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id BB587CE138A; Mon, 9 Oct 2023 12:11:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9380BC433C8; Mon, 9 Oct 2023 12:11:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853505; bh=XR/JPTU4enAJ4pcvH8p8vc1g83S1au3eNbsnIb4ywnQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rP9e/pVEU1XRIjj2Q9uCE+vVJQiSYLoJDDmvoN3Y+fxV4PDyb0Vs8fWv5dE22EdGz B0vb94hqvciW/TEsRbokha5ZqcprcqYd4Usrcmcr+y93H4dv3DKJAP5z76Exn3fa8W QPI2YjyCvmt6N7kiuo4tZXT3emLIL5NPZKALokimQSPX+EFbD6N5Q642tmTnWEAJKJ 7VgVCJPy4ZM09WcaxWoJv7Zi7JTkaps2cE7IhSdwgsbyuLYN5uaWHbaRut0htOs6RP au6TpCRBbjfRQmVcgQG5R8QCGK7+4xIbwmdWHVFFsdzFe+q++lxMpBhENWv+eDo/c+ wD58DJP+NWIbg== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:44 +0100 Subject: [PATCH v6 10/38] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-10-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2903; i=broonie@kernel.org; h=from:subject:message-id; bh=XR/JPTU4enAJ4pcvH8p8vc1g83S1au3eNbsnIb4ywnQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2ZAGHqvxhmUj+PJXN+2VsAYfmovxTrEoIYjBrX 2bzDiHWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtmQAKCRAk1otyXVSH0LouB/ 4jMbLZC7D6Zl9Jb2+lm+LeAvBZcAupYd70rbx+3xkuxxpcymaCTO3zxHXISjX1SuQqDXdZ2Qr7PfGU AD2rdudrC2wAVWtVlIuvD1s8iyD5b5nIqoiQrsYKu1s6UByhZnLIrwDq8BXPLFUNVBkwd0pMBv4DVJ OSnLTLI6pOfw2BRvIdml05y4Axyxu65IveS3S9NiO7r8GE9M/+Yjsv2UB9TfMCca2oJdKaITbH+0ht xPC1Vr58uRUI6DwnycYpnuE4Hl+w2AI0CrMHY3eiChkjo0rYQHBWfhw4qqpUKruKnfZ739/1FkLGqb XWMGY3i9fPM/PuQFxByz8YwPzG371T X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 821234002B X-Stat-Signature: b6ixp4syoy3soghxqzd7pbdkpigs3jzg X-Rspam-User: X-HE-Tag: 1696853509-450081 X-HE-Meta: U2FsdGVkX181YnZuPWxl4gF5fwNFxR3kIXsg5/o3ca9kp07LUwJTaEDP86TNpIGlI2IV8FsP8Bi29tSJlkvqayeKtAivKDaK9pPCBjPqaVUY8rlGWhvorcU2zctc0Jecx5JBAOFxaMGRrPbFr77SAjze4qzzlk37XJZFe5GMgJKG76QS5pPAvndC9RTDTwjL0devrvCxKQbYVVNuOWRUlUv+v70LAnQsSUacw2W9p35oifTah/mJyemt/MpQCfbijkiGt/z2HxNeVRTyUlgu7EYU11sIi6PhAFgzXdd6rSGkRC0E627YqT/ZEhG9DRGDhbJhc2CTi5GdOewRrtdhdT7BFhTOymsov/+F2DJdxTEmmsBsxI+TdpjY6tZEiqPdPfsaS+n0RpXvn7Ib+l/cDdGrVfpx9X/38dmQn1dWy/5UwPc+Gxa0iw2IHpMJMFofj+qVxyQUhMXTAvxX8hEV/8Lx4Nb3Vhot3DQT6dnf30km2RlxKjDw5GMi3FoOa8BUFlXtVjup3A/MGQJh8/0e1U8tGp4CZADzg/aq0KmhHM6stc9cKaRgH5PP69diSHsfk3tiylfebgFA2+g4NNsXwDncf7nIsJb8vWXzpfiqy7naF98WbdQaezBBKJQ11VMJUqy220vuYIZJQZmF6KEep31TnTKd3FAuZJs7dY6j84viPmktm/LRaxX1OetXRjVnzgCewoRj/AITCrbf/PuQsRBxxTuVqWjKNI8/JxL5zCF9feRXQ/sk1tqC6WMOkQoRm+ay8CTrtxEaIp8c2PCtZFMVnOy3H6NtADSX0vs7K+mJpqaULosvsjjB+xU+JU8Y0dKgg4DL1M8ocKvQ+lDw8ykg3AZFBbgE8qUmJGo21qmEuL54I23aBg+vd6srk6mWBIk7jolUb48bLD22N1XjZFweGD9jCIs0r8sSqvi8ifI4CJuzPTiTstU6Hg/QsnrH03/y4LSQyPdl09OJpmE 9m9u4aMH euYtWCIyN0lqkvlROj1b10rtN7Fg2KMu7hPQtcChBV1860AsJcNDFDpUId9mYZlVtVmk6myAUQt5z2ZWFFW1I0XxNBlwjGjHAHY6BygMKmn8Mo3KhDyu1/DS5tI2Yd0MmZArtPfkVFLV7wcqJ+2B8HlXGrO3dDD6cLP/Dh/yVXv3tvxNngKRobtu7r9GYx52YWbQK6R+yucu3D+mEw2gcueH24yTUdMDgh32dloJWBf99/iHDogUK3sBmmRcyH3kdAdx2YTXvFAM+VWjnUXlRRx7j3Fl1BujJt2dnpnhxzFh2E/dOJUjo5X800ZZSrWbVr8G2UfMJYX3rUBw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 5bba39376055..4a5eea41f8ed 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 444a73c2e638..e247dce1759c 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -255,6 +255,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2220,6 +2222,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2719,6 +2727,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = has_cpuid_feature, ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, EVT, IMP) }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c3f06fdef609..9b470b311f29 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -27,6 +27,7 @@ HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT HAS_FGT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Mon Oct 9 12:08:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413512 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57066E95A8E for ; Mon, 9 Oct 2023 12:11:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E89026B010B; Mon, 9 Oct 2023 08:11:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E39B16B010C; Mon, 9 Oct 2023 08:11:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CDA306B010F; Mon, 9 Oct 2023 08:11:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id BA3BC6B010B for ; Mon, 9 Oct 2023 08:11:56 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 7F5CB12012C for ; Mon, 9 Oct 2023 12:11:56 +0000 (UTC) X-FDA: 81325809432.06.D0AA300 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf12.hostedemail.com (Postfix) with ESMTP id 841034000A for ; Mon, 9 Oct 2023 12:11:54 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Edg0MkiX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853514; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cAuWkRf6b/jGEAz7q4RZSQYiNZF0bp03IMJiZYXPxKI=; b=MLSH9nZkzOZ9Mpls0LjA/GAEahtQooCleqRSeMx1sONAY+aNY2I0n8PHRXX0jyeh12qiE5 1mcSndf694W41SvU9Og0fi6Yz+9Aa60Z3tQp4mvLRWal0DJ9Fxu6BcB+XpzwKB61CZttfR wy9ft9kNBV5Lbtpcaf8TL00RLPKsJE8= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Edg0MkiX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853514; a=rsa-sha256; cv=none; b=MY7m8GRCi44n8O8fo44iqh0gL23IucuAmPaHn6rjyXaqWoBqjc4aL+nGtNgOeShC60fsRR Lv6L9XJaZQNo11XfbBpYo7xuIDgkW3QtM3GFXmzRi0wUCRDBNxV1xWC6QR/795e5fXaShY 7IqwvxN2EHz7cs5dyDDJ3K94p2Pw87s= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 0D82BB80D95; Mon, 9 Oct 2023 12:11:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B865C433CC; Mon, 9 Oct 2023 12:11:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853512; bh=42MhIHJYoAESIQOg6Faf648pZFSDD4v6BdFtVSfz3SE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Edg0MkiXTgq0915C8p+R0ggtuWzow4Y1+CyDxlrdLxMNLcdP876Pfi+Z4iJaoh6Ii 2yar+LS0z1DWsttaTGOfOfQkpzOpdvnuOOaQS8fYdA3KJljRY9GhfphtTKAGquocrC 0tiN3n9LytAnZ8oHKWq9YNpf77rmGP1otZgx157zCHs/aDF9t2Kv5q48lDAki8lD9G wuQ+d8ZY6ju5sVJX+UnkNdLMtNw5IlNsqJFhkKrpEkuGaOXgwLHSEEQrcw/0c8iDtF WalKM+IELiCcWgONrK/a5o7fg5/czE0+2IXgjgjrpOLdG6cWRdwHsmBYJv2hdAzzmE x6DiVLPYyCH6w== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:45 +0100 Subject: [PATCH v6 11/38] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-11-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2918; i=broonie@kernel.org; h=from:subject:message-id; bh=42MhIHJYoAESIQOg6Faf648pZFSDD4v6BdFtVSfz3SE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2ZJRM/idFdS62wSkMToCjd7iU1NYZRbt5LlFz+ CFhJnEOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtmQAKCRAk1otyXVSH0IWBB/ 9ziSylzGcu5afgUxGvT7hjnE7Uc44cyH5zSZbtg0jtpfkjqQEuCg/+aUmduG9pHKiIS13aD+T0OsAM tv28vqEdVmh/ont4bU8MGEfTdaSBvxCUX6+Gk05UBUOF1vhGLRKuj7XKWWvOdD22A/05tM3jepQ0Au T4Flrh771B4GAFJ8jT5r+ARzgqeSIyDXjkFMMpAtR/z9UG+OFIYep/LUqxo8wAI8e5LzzwU79iKrgJ Uz9oEPRfu/G69F6okL5SmJn+heGcKjP2qmT8OB52h2HmvSaGqVOFpysYgnwztsTNa0P6LU+2JO2PI0 r3LrEVJzW+5tdSZupMleqt5dgTwb7V X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 841034000A X-Stat-Signature: m418tk6hg5o6nxkqnmikbraqwnyfbgpz X-Rspam-User: X-HE-Tag: 1696853514-634886 X-HE-Meta: U2FsdGVkX18gxvst/bsVUrsDlSETYNnlREqbrHsxDWe3mtfmvuyy3kSvSwZssb2AJFjOqHpXkWV26IIoBvRVgfwdPEK8VGUhWyjq7k5S6mgtmuadOoTedLGZjyJ5l36FojBBkr72vPExDDA965HTNvUdoIvVr5VI4POEEeXjT51M5akEEvPiHB1ZZUCjcyZQ1d+jWYAqyFQ63zUzWSvG4J4yUuBDFmvI+ctrttQFrkXpbAebn3QFZFnLWNsXFSp9iTESqfBTk+UTCqtyGqRjXMIwz0aAACV+6lEf/tkbco05njmoI1w6NkQxHwAstw3zYeCwS6SRzi2ybGkIf6s4MIXpoQmVpis/NcAW7WGZHO69VrDrNt0CTBL1qcywn8xeR0ulP4E9SLOt9Q2KBcGnM+j4/FZAYJs1QE+PXAxcwbqGAxcAixUCKgsI++Ie2vDWeSzpxNZa7vPp4h74xqPmateChvmx2e5//S+hJE39R8I3HJC5zvsfRVkhboADTY/ISnrCgay41shSB7zThjezG+GlqLh3QqtfeyqgK9W+wiK57SAcuaFbGS5eiHk+3wAu9Knb002ASstcQrRWl6ojOHmO465YVOm0pGGobhvSIBZQDQEjAqhCgTm/JanaOmgWDBNgRfVtm+jp6BXQeCGBQcJQAYkKz0BhF5URVdPdoNJ1ejQhP0sb1+sf4xk1GibdLEEClw4AeRs5taDwySt1dLin5d+HVkJS37appJH5kPtY2D/ZdwLGhK9WHnXp6LETqY4pVUOquDrj+w144Qo5Znq4J/H6cYB/xdU0JoY2BaGa8a0LCr/KeIXy1yyk2eDmSCyRW07RMnygZH+rB0mD1LoaLVJjL+AvrBT9vDiqYZ1W2GFcUKtzTq3JmVv2vfeJIE2qOmzOhC8W9zC4nWy1C2VcZKRtI8IEYwroMZsCtgnezD3GoiHaP8JEpU0g5gumA8BrHrDEiR9hKyd3ML8 AfwAEmcT iTh3/5zxF6kXt62iIycNYYHqrs27tPV/nloe8W6SNht7s+YqI/F7TD5uQbNpLtZ6UNXmxz5IMhE3LQu3My7Bi6GLZc3A7qzDv0uzRlrm2OFIQye7TlO2zMvETe8vdusuUL43neYLCC38U+xxlqn6ThuKnrnO16SMM343nvpfrFcsM4pe5LcYv/l9+mjlE36sLicI49ZMCAUNpnryaTjNA/LGEy7qh2VICrkTC/gh6vjc393sm9mWBwLa/BsjGjP9yFjK0OyZ5NvYpsBqaCLKZpdqn96hvaWSuRwxZv9NbVgbziclGmdkCT6MXnVyth6tmJP1g2mMUpOeCCPc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index eed814b00a38..d71474d0d2f4 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -131,15 +131,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -147,6 +155,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Mon Oct 9 12:08:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B309CE95A8E for ; Mon, 9 Oct 2023 12:12:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5134E6B010F; Mon, 9 Oct 2023 08:12:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4C3E56B0110; Mon, 9 Oct 2023 08:12:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3B29A6B0111; Mon, 9 Oct 2023 08:12:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2BF8C6B010F for ; Mon, 9 Oct 2023 08:12:06 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id EB144B48CC for ; Mon, 9 Oct 2023 12:12:05 +0000 (UTC) X-FDA: 81325809810.12.F81558A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf12.hostedemail.com (Postfix) with ESMTP id 7B5D640005 for ; Mon, 9 Oct 2023 12:12:03 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ENONym6L; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853524; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=p+wqVi0mTjianUtT6+zisfY7F5xVo8/h+3xtMlXnM7o=; b=eG8G+pEDNKTk8UgA6GuByeEUXIH9V+KbPmpu6ecOX8zcHWrG5Lz9eEOTMem0OGwBL0tmPM r/TpCQW/mU5Y22XtLCWAFg/X19chLmHgbKghic+v0zosNvX9OqKGhJgCkZg7bac9r07h1K CXpaQ2Qjhyt6qy69tAEpI01sG4fod8o= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ENONym6L; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853524; a=rsa-sha256; cv=none; b=nXpxmS5PydULngRf+v6odM0nZMb3H7qyVhdVW734H3zlKwLHgJuzKDkciZCNqgB9/tYjgU cQayyzfhdHfmdPuJY/ap9CpR3buVNV7wsAnullBBNKpdiLQOzeR6ylon6aWkfs6Nx7cRKE V7/i7oP1R/CNLW1Fz7gw0LC7yPo33SI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 64BADCE138F; Mon, 9 Oct 2023 12:12:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E0416C433AD; Mon, 9 Oct 2023 12:11:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853519; bh=zDATCw7GkV4as2xIWJbM5lO/ptaSO6aC4Ay36HJrvVc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ENONym6LxarYigzay1mcU79+hI/vAoV9b0fyw/J2UUuwzThWjoEsUpd5lkbA5Z4K9 P0/CV25CwF+cAdlJvnqs4FLOJ71AZpQHGjzgeYsO08ImaCjN2qlN1BUP8PHqIGKOXQ WpPk61fewqYUGFsssDoC9aSSwPZyJhjkUCFZlDhQ8yPqKCJZLKOpL6emCCp5a+Nt0F UiBPnweFH4fMygG0qDGzAA40oBFFjm3hJQIPQuWZaVzH01aIpiymcfVqNdS7u0T4Vv UG1ntzuihR5n3QwqjmpsnuK/iB+fLmz4UFUxHP9y0RRrp66Z2ME/lzF5xhqIOyc6/T Qq+H9HwSESlGQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:46 +0100 Subject: [PATCH v6 12/38] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-12-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2033; i=broonie@kernel.org; h=from:subject:message-id; bh=zDATCw7GkV4as2xIWJbM5lO/ptaSO6aC4Ay36HJrvVc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2ay7Z6vBAn0o2n8KbXYYUHM/hfs9dGuBEwzhip d4LBRGmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtmgAKCRAk1otyXVSH0EiSB/ 9SbJ/RyLl4aYRdiZA9qvebhW2OnXSpQIYBFctQA1wlLoaPha9i/Ik0Vcc88mJxHtw1nMccHURGYhSU WCzpcB67v4hwl5zXoXemcvWBisselh+LDaTccm9Q3IeHsVH9qWHfOrV7GNYlzp2ZOhI1oOhalEzIxm FQ38pEJXorEZIfUyQJmBFQ7eBGdhU3kGlrCmBmdSrsXwJmRVdUFxY1e8w6BWvLbvQ3SZip6TI34YQA 743qUcrWXijdl+JN19YmwtPdHkYckOX7l6DVS9xao5FEkQAk1Ig2lKNDNuMLRbaDa3OP1kFcEAd+/7 Cm1jQ37tmyw8VT8okrsaLiHFvroO5P X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 7B5D640005 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: gzrzzsgkirqtypiiff6inmsbs9mupdh4 X-HE-Tag: 1696853523-460582 X-HE-Meta: U2FsdGVkX1/UPWPrJ0XEVkcThazoAzthR0rXw/FPlCfURIxPIJ/pVRkEOUeI/iKtea3mqbo0KZPZrjDAbA0i0yO/A1M93gLID/z7mvNNlYtgpcbhifwbVkUa8elHyPlqnEauOAESFD7dZrTDmTlucsRpFebz+NUsJX6g1GcRcQaMciZHGi16n8a+DY1H/jsew5tLrqc7v2qu2y96Rg+RjVw46dMSdqXCUj83nSMRg27Q98xKVOGnyUOXGqB1DbpziG8cTYAK8O+MgZ22Egiy2GMjmvjJb25shNdOvzgpUAkeyFaI2dpA7YCAXYk7fQbBNhjnYgo8+4ko0kcQQjLSoSLVS5GWipmZnvtmWv3nzabiK+AsYyQKwnl9AvG7aS0X3tWnHvRs9U4hWF216NG2+k+MgYogb4fLwWNnwQvKc83x1Nj8qoTD2PZiAh2A4sacutE3+SN8pibYLmnU97gqaWep/sZ9r/WWz3MI97hZl0Kv1lkuC4wxyfGoodBnh5vSozC7ZohovqGHv3qO0KC6ykDQbRiK/MPWIRRCs5aMkVl0BKuOqH5VhO5OezxesHyq8eebwn/r40tN+5qbzxi7hWlYRj2bzAYwEcH10VG6+aVfwv6hEWNm4vx+YSjxt2IPQI/HuPENhirgm5CHi5XBZaxoMLgtdAXWrj5hx+LlGmajx3c4OlKhXGph6j+5Rx/1GJvYqQaCkA0j+xrxivs5VNfisHm/68BvWWxyK4iomnfcemZej0n7O0qTZ9tQhqj2ugmSYCAgYMfIWCLmb0WDVkNsmpGDF5+0ZRUSGb+VGNjaZ0w6CS8vXym700z8TsjLVEbBtTbbMnvPb/lG8RjnngpG4aatKtRGKJhxcLqqFe2a0j+k67AFtxYvDJqO4gcoG5tPptI9WRYC68IxBR3wqMbCngx5/28hWaUdx34QBoqniOqkR9Nhhyi3bYV802t30i1m1NxfGZX5e9na4x+ Pq9O7jjb evBquN4lxJ6BMjehsaJpmx3iI98/VPlxhT4kDU0yhoLWXo7ZxM+FK5NeD8qyQFP+HfbuFQFyvIc5szlOYikwrDGpaC5NT6qcW1PkO0uhrhTBEYuzTF4OU+vi9cT3ka8sTIW4YWFdJaDW09jtdqpJVwUjWjw2cLTIcxBLZ5jtskVML4J7WUCS5NL+849p8AYZLfra/EmqFOIXB21PuU1PQHICEoD1tlxP1qXEr9J6OOm8IVIa0ospa6c2xDM5Wncv9lbXYmbYMLtVzdfDrLcwAmQHggrzp0hvQggFkgp5/63z88DsVbTI1wRxc8N79fvxVykQrmK8Zta/1Ca6hRK3erLNJEZppVC0BeSup7U0swVUukZMP/Jf0HkkK/Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 2b59cff8be17..9f61f34afc4c 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -570,7 +570,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 3dd5be96691b..c0fb4e8b3bbc 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -699,6 +699,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_X86_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 1f0d93151a36..9649a1942dda 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -352,7 +352,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Mon Oct 9 12:08:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413514 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B240E95A8E for ; Mon, 9 Oct 2023 12:12:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 95AAA6B0111; Mon, 9 Oct 2023 08:12:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 909BA6B0113; Mon, 9 Oct 2023 08:12:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7AAE06B0114; Mon, 9 Oct 2023 08:12:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 64E8D6B0111 for ; Mon, 9 Oct 2023 08:12:10 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 3BCA7C0237 for ; Mon, 9 Oct 2023 12:12:10 +0000 (UTC) X-FDA: 81325810020.20.3E898E0 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf04.hostedemail.com (Postfix) with ESMTP id 5BBC740007 for ; Mon, 9 Oct 2023 12:12:08 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cZGxWSXv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853528; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5/94qsXxPiDesWnHBcESbMaV8t4xzhpc57K4atm/SE8=; b=POAnfqDN2onAHIhNl5A1Jjm4MI/rpi/sowbW2aKtVFVJtcfwojpT39SyFA9A+vxbEKp3i/ DAft2o3cO5VpRpZe5iUgzM/flF8WnwnEXonwTzKT9Q7mD557YF85HcYU5rqmdKYPCe3+pC EddCg306ZHJjBciriabXDVSm0dS/iBo= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cZGxWSXv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853528; a=rsa-sha256; cv=none; b=yZouGZmCm9yR7vtdxkO2S82g/iETDDz7B1BP4zIrTJhHDZ3QxPydCs9x1HijqvPYICKPta p/E4hwfAzUZ3sEqUn8/IF3RF5ZSoDTOJk/6JzpRGZwV5OsMfPHFOAPpdzRDNr5nkkjdIY7 IMKfJ4bzC2fv8wkA1rIkCXE18So7bdw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 57D1A6111F; Mon, 9 Oct 2023 12:12:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 17B99C433C8; Mon, 9 Oct 2023 12:11:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853527; bh=nFe19RrcDm61i+JVIJSNKwCFAGBQlI1oN8c03/2+1zo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cZGxWSXvQ9p+yKwDzwrWzB8K+WHJgYHI1Erz8lZPQZUjIVKP+bVL6Xl9GUFpktBxe hxdvoPWujKNy0cokSw4VRdpvpwrCR38nw0uDO8tdhtSCc2Gf3hqYoN5AVuGG+dtFXl B0oqdGcPg90/Pll34H0J2fLgA8jEabIHpRHztOFrhc8NklEPwg2oOIPH+N8m486WUw 4lTIaRy++XwgJJdJGGOxXbGqck3GBhTXmKln9du8EN9QggrY+v5LSuXXJ9JPUe35OL 9A2hH/x+I3R/FaCj1jk9DBSfuO83Q9lo++fe4hpLmO6s62YW1iuQmdEM1f7jfEcvxY DFhl7UE1FYSYw== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:47 +0100 Subject: [PATCH v6 13/38] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-13-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1837; i=broonie@kernel.org; h=from:subject:message-id; bh=nFe19RrcDm61i+JVIJSNKwCFAGBQlI1oN8c03/2+1zo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2bTh8bFfyd2r4ErvGH3ueKxYkR2qokJvrjYIHe d3kV+mSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtmwAKCRAk1otyXVSH0GQlB/ 9cpjBNO3Hkf17J4ctj7mZ/0x9xYzjeURnc3L7chNJsl7kVZCHJwsK3oGMSJuzBGHmA8bm5zbKxGdHv cIzNzCvwKKPP+GpZ4iV98ewuyU2DUhLI68aHjVxzw1a5ilduYukZQVlSaOEhzaMWfa3JrWfON37j17 U0ypx1Dn/X62XIv6vRrnZn0kGsmi1oyQ8xGTxxuW9KankfsQ68FXGsqRGt62v5teQZoIs5VHY3mdD2 MyBLR7qTYazUymR623R0tIYIiOqlfKTrt8pcRb2punJmcVyjApsuS5jnzIRiB2CsNrWsSAbIJO2Jug J/T3ncAFQKv5EOKNpQTGTowHJvMb4F X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 5BBC740007 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: qjc9ma5d8fr3iuky7j95twkuh87fdrpw X-HE-Tag: 1696853528-103622 X-HE-Meta: U2FsdGVkX18x4X14xB4Hi12XfaoND/+JefOoLH6sedvtvLKaU6POmC/T9F9DxsBPrjAjDlo0Ic0yH+usmwdCLnIx4zYL8Fy+u0XT12vRfKcotdDRlbOxpTFEXtGSkeznZHqSJqqQxcoB+z5itaiYWQ27zIUDXPUCcvsOm5rOOOHE51E6lqIOCwoNBSOlKKKIR1pzD4QKi7z8WtxvXCBf4U7o+K3jCT6Bqk+jh961ckaAxu+DzX4GPPI5UtBMK7kyEnmTCppi/wYrGijyBT96KbDsf03ssEqxvLkfSehFMbIeqmeVWlz0VOuOEMIJXd1pJpxaU8buggLsmcqcdRnR7sFRH8eN9RiFodtEDaeVufuP1dFa0dG8P0rrHe2/NOpCVoDr6VfAtk0WUja9Tp0utVVguK0bEBvnKHhqcL355A91mJRJxrOl0JCFN+t74vCDQpQmXLW3diS0Kp9RbAnjYLKlsJVRyomd6kTrgbnCvXLFE2D3WwH1+5j5c1aZf0gxE1uxwmnulTk4J9WLKa5i0bAt53UpHSTtE+7wG/AOrmy/6SgFmRf9F8wD2nNzZo6P3Hk+uhKI4D77BUc8/KxJpHijKTcQTBYHsmRgh/4SJD5OqYA0YZbQPI428MAe27Mr9sfz0fjvAKDZ6mtGrpXb0i/h4pbvaFwLUGPVdg66OduW2nYJxtbC1VarLbGcZzn+hmMK0cdDOFTwRWEj+Y7j7/eOz49WG1oFmRL5d3eiIWT0dVinmD6ejLkCUA3J8k9jcMWDR3vWX7XUpEonIwaNTioLqzUCrfacMQ4wE0f8OrbBtRvMSEiOKVoO6YYnwGPnjjdS3zjGAdwJKJAri1b4jb8I99gGMpP+fS+uuy+/N7938Opzmdrimdiwe1B8Jwvu52elsN7DoEZKzVAaIAyoIPloVPwgPuxdyc8iDaD36UyNxdlO3Z97mxTVeL4mfvGAGhppELTrZA43K1tT9j7 b0Yz2IJu dxMmjhmuHcypUIrqhdYVFWHfeDmdevt4bj+0dcVxwzR93xC3hISRNCS7nv3g27Jts+RJjzzMZbVcGU+KtxzhpXViaGPD4WQWvUw2h5wJw7aT3Z7fykQUVvPRtWcrv4/VCbQNv47uHQfSWC3SC2ME0PEux9lgEE0Y5XX4m28sQb3eIxjqtSr65Be0I0tVw1MHofKirVyjrQKQ/SJNbnvlkjIU+c3KN+OoOcFFvh+BWi/kk6zwVKJMQZm0FUHqjKAJ0AiI2iICEfTrNYAJIE4KxhEth7rQfcGjpIxrxTMauB0KkFKC3Syk0Km1RZ/WjUICJ5ac/bNl4Ve8pURU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 13 ++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..6d3fe6433a62 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* + * An executable GCS isn't a good idea, and the mm + * core can't cope with a shared GCS. + */ + if (vm_flags & (VM_EXEC | VM_ARM64_BTI | VM_SHARED)) + return false; + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e6fc7ef83ea1 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,9 +79,20 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } + /* VM_ARM64_BTI on a GCS is rejected in arch_valdiate_flags() */ if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Mon Oct 9 12:08:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28E3DE95A97 for ; Mon, 9 Oct 2023 12:12:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B7CC96B0114; Mon, 9 Oct 2023 08:12:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B2C8C6B0115; Mon, 9 Oct 2023 08:12:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9F4316B0116; Mon, 9 Oct 2023 08:12:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8FDED6B0114 for ; Mon, 9 Oct 2023 08:12:22 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 6520A801F4 for ; Mon, 9 Oct 2023 12:12:22 +0000 (UTC) X-FDA: 81325810524.27.278311B Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf28.hostedemail.com (Postfix) with ESMTP id 55331C000C for ; Mon, 9 Oct 2023 12:12:20 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oLL83hbO; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853540; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Eq/mP+v6DKOR6BCilCnjg5rN1B/30lmNoxTaKLNsdrI=; b=Vsv4/qM4mv/L1ymNq+S4rvEw3CfrGjz32iUfPc1HRfzU+/r/+swVMdCQ1VW8bBfYiIqjXY Cgyjw7lK51SYrgt73iBSott6D0jJD2wgimUsmYsznhrkf2N4WArp51RYwDu4VIAnGuyMId zyzdpvG5tn1x3f9MpC71uvchfBGM+1g= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oLL83hbO; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853540; a=rsa-sha256; cv=none; b=BxBhQnKU48tQpiaxVGMQaO4xlYrSzeDv47RQEnK5s5t7L8GRGR7ZQnzIBly1qu0odWirxF lY3u6OuDMK/tK6Cmj2s2y7H4iV8w2nN81D+/3WsV2mKIVP3MAJQHBGje6f8jDx3m847x3g gUu1YCI6NoDl7QEWjA1HeepvyuhR4o8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 10638B81158; Mon, 9 Oct 2023 12:12:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB78AC43397; Mon, 9 Oct 2023 12:12:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853537; bh=DQdjfUveIhNPPqVwZdWHihE2VRq12xchEABLOZK1HfI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oLL83hbOmtscSO0PxQD/EOaGE8Qiz0tIqnzyl8bOMqgdll6vJb4H0So35c8Uqf5Zk vbhc4U3bNiYCFO/SgDmgoq8LM04Z4CqvaO4nef/FJsDYoEAK0CQ0glCjepZfOyAyzA /05mCxwa25QrZU9/38apir4UreXWuyiWYGvq2uSCKszXVR3ssIxUa007qSxBiHgqD5 VHPGYDdtxQgaIWydtQE/Xt9jx20CiKjWtvewAicjumFUedToaIJ4esyUrAGtBRLSfn eXYIJfaDRomsREUt1rkPGVONqoEyIC08t+Boq48Y18UYuJ5KRKzp3HnXLABo8J+sih hXrxCwOF3ErqA== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:48 +0100 Subject: [PATCH v6 14/38] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-14-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5343; i=broonie@kernel.org; h=from:subject:message-id; bh=DQdjfUveIhNPPqVwZdWHihE2VRq12xchEABLOZK1HfI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2cOqMxsIngsQ7FiuAEwC3vODto57yqr+sncOIg 3t7fey2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtnAAKCRAk1otyXVSH0GtQB/ 9fhqJQfXnPsmSl2P/gBGshXyv7rosoPImj6rUaan7wksa2dTf7gj3QOMeHTLXvDbMr1yi1Gi5Z+H3t //gR/KfyE59kAN0X/vKYxVGfrMbjsNlkaUIUjEffjJKIB/ZoSwP6lbeXYAyobxpYpx+ULJLO6nVVYp mrJCOqwHPRM2sqNmcz/xcsyv+Y1XssOmEAhCTLa1mOkYPEv5Foxot/R6kGBtAJ1SaIWg/pUWEHI97j JZ5rvo7MWdE8Oo2E+PgD3UvccRZnAa8vthv3p5pNg5f4u4XDt3a4ycdfxektfciAh9kSWzCSpwOxfA YDdSstN1QUiMhAGJ7SrcsiFSRIDKFH X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 55331C000C X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: xhefqh3y57defzte9cp1j3nfctr486nn X-HE-Tag: 1696853540-374574 X-HE-Meta: U2FsdGVkX1/dqtK86hE50HLFW8lxgaAVODvEpiEJFWPlCJ5/1aOnFBJhIeTpumG4DVxXYEDMII84WlJL8d/OmvJnAOejotqHLOtgzSYP0/By3AGQhwnH747Vo7x8rqX7ajG2Gzj3dMJA2VS7JHvXEm3z45qe8bGGZHjbq3I4tGm58zWdO9qC1nWuCrJ3PXfYqscLwjOEyhmmsxbLHknjjTrQ19vEhaJBpp3uCoTdwBQmjz3XR4AEox3PxUVPosVtLVOM8U60ewobMiHaspWa+KIvWi21DjbcNepE3KtsYi+631+XI2P7HOgBKzQzvsocfRhDakew0SY40bMOst61XXMdqx1ZpFiYq3UAoy2s5OKTSaC1ahcf+CHGt7EIycCAugP5rUqVTe3ukrR8OkhrplWvKs+mdfmJ/vfpmLqGbJ4UN8uhN6glsjqfVoaTukaGqVM4fT9X9If/fRtdjh0Qwa5PO91YoLofETZ9pGSJfN2U1HuphnXZ8G+6V5WsMDQueznoeiAn1A2bfXy6cFl2DaPizPq0tcsQgweNcKpFO5t9Zo+JLkUbBFtZ9BEoV2x94+FbxoWKxuFqgfa2rFNWCigfINkf0nsy5V78O1QZGK15IdgTtZy4KjoiNCYvlYgcCBxFJAVZ49Xmoe9UBmTdViGglBuPI/VjFsEkyISuQEcnENmsu9+NR1dTGI14DxhXqJ35Caci41BsePHBF1nbtNdGBm7Cp38ZiwEF+Gn27viwwFDET3e8X1cjJ4EvhXbcNkphKofMavxu0bOsyy2OXdLoXj4MQYAHujh8EAcjyxCEPhABUWwZo32Eiqt65rM9+l1JkWu7VVBQpkGoYHdIy8CRPJ7ZVNhiJqnZjflIq9tlmZsEzf3PDVLY0znKy8FFgIBSaunh7uSvw4nNmFRIdGpc8340+d+vw0i60Kh54Rb5Jo73VGrZidVKLfriFQpkkZHiBhiffKaly9ALmaG WnCtjxPq ENJGBE/J0S0gp1MJXkK5N/PjfJ3LfKSwtd1R6yPOIZJP61qzH5bUF9xICHg1b1fM6QS1BAK7z/RV2S81BPSaWu0oFMVGBwhDCLjoxkTr3+5Fq3pmyzl3MA9fNNg+A1js9441lhBmTN1s7QEu7lbvTRHMw321Yi/n861BQmfKLZM13DsSfcNr2XBS+pRv5vzhIRH67JHZNkPy9caEJTNq6qQDkAgQ1YGhpKMbfwR3chmllIM7cN/g5vAz/uilvTCZLEcCcjCZ6SnB+9YKyvJx1MzOCsjvZJxEAHsHHAH6DEDpn8rXWpdWoHM3yUOjrMqIe2V4uNrU/p1jGwTg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index af06ccb7ee34..7171d4c7e5ed 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -365,6 +365,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1142,6 +1148,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index e92ec810d449..dd8966d52f3c 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2164,6 +2185,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, From patchwork Mon Oct 9 12:08:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413516 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC903E95A96 for ; Mon, 9 Oct 2023 12:12:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 588946B0116; Mon, 9 Oct 2023 08:12:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5396C6B0117; Mon, 9 Oct 2023 08:12:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 401296B0118; Mon, 9 Oct 2023 08:12:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2C6996B0116 for ; Mon, 9 Oct 2023 08:12:29 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 06121B48BB for ; Mon, 9 Oct 2023 12:12:29 +0000 (UTC) X-FDA: 81325810818.20.B3BAA84 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf11.hostedemail.com (Postfix) with ESMTP id 07E7140006 for ; Mon, 9 Oct 2023 12:12:26 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=j9U89MV1; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853547; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=9L/qLqBtAh0CT0/a9d9JFTAwYj23uTsA4POYtvvApb8=; b=j+OdufB0qNjp3rs5Uaj3gaseCET8CVvSiZJrG5kOCX1KZof17C410P0y2/P4RV8nQ8k/R4 HAAxzOfuvW8u6oxESWM8UR8p8m2W8XfqGFwFZYtTBGfyzD3GmOZ+iYVSIA0HeLwGMly+xn VWfmwy94Z89dfjmGPwkqdasBztA0gik= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=j9U89MV1; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853547; a=rsa-sha256; cv=none; b=te5+DN+Yg/KKztuNpIpgjV01OcvuEisrxuVkaI/Z2G1Vdo2OGm8yicruQBaFFMdQipBsOw OjV5T9giYNmk+53H6EdH76g9aBgwfmwFAalIXBNBlAP4KscfIV6YqBP0+rrDkDGdTD4AUc QEBjzhCxGXjZODoAV9EXzy3bbeafdho= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id A9016B81145; Mon, 9 Oct 2023 12:12:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD389C433CC; Mon, 9 Oct 2023 12:12:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853544; bh=HYoopujMYYx9DIwWQ/56zZgOFvuBdtqWANEIYJVZJO8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=j9U89MV1GBU5jOVOLZpCSQry22wWl///VTwFucF5T+ppLeyNlY+ijNsKStJjX34zz TKtMy0coDvVyA+8ko0HqNYCUMkgHFACaF6LEWpLS1QxmhzeE9XnEjzyQ0M8mEULhOy LoDl1uMcTq+Z0BPqDawgEjWUIaaGtEiTfAuKnfR4txzV/sle6cv7axr7grDcYKQzB0 cMUl8mqk7ccL5ojvydYfH77A8erbD64hcfT3XJ4LIwDDSLm8GsFaXNsL/c0VGUO7LX elVXN6hoTFeVaqLLe/WXRoRAuUJPbwwSWMPqVxC1UU5DdJApxPBpYygj5t2E7gAAB0 PKRs52LSefP9A== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:49 +0100 Subject: [PATCH v6 15/38] arm64/gcs: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-15-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2250; i=broonie@kernel.org; h=from:subject:message-id; bh=HYoopujMYYx9DIwWQ/56zZgOFvuBdtqWANEIYJVZJO8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2dfP1gHPRa8C0+dKhkGMXquypekN26lEUP9onB zh3nmgqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtnQAKCRAk1otyXVSH0GamB/ 4zkdD6yWJZ6LzOyEnr8Hw3FnF1NVfnuu8/QcW8ibj5rkATYPiavxMq3LPm07WlulO7ZtCP7Gdeg0GH kDP3wzqx62horUPdFah+l76lfzloOsBbU39pySCg9LZVRsnjG1FyFqDV/K7qE5GDRondjc529mjnmW /Zq7/3B279Cu8mPCyA322DF81o2QzFuyQqwCwR1f/nvr1kKFH/CAFqJR1R1zfkYTz948CaxtKKewpc 7k2FwkiXhUAo2OyVo5APZZQ4cGYkttf6x44lxUYW5FpwU9Okq5Y1aiKcdQ3ADCFCe2kgupisipbU4v oMCEU+UrDbK8wEiZ/6nPcObFK6gRMN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 07E7140006 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: 7bey88e9cmut1qchdiougtexruzdjbeg X-HE-Tag: 1696853546-872136 X-HE-Meta: U2FsdGVkX18TWl0TdwAKuMWtozTbF8qDZZWvdqehUIHtXrkIYNQ4aFl+f5xY/qKFwa0s5nT+YI8cmexw6jaXsbtZfl9eLFjBL3rZvHSiGxPbKTRZjdULWhP3Y//cVc4F7vBZU27coxe4RDuu5dtPHIqAn/WKskVxkuznPRmsu/vHmY/F844vvTRi+h3LM9fDGhKaspgANrP71qCXd8khXKAcMgbqXnwHrOZKUry/hwygXLoGT4WBnbe8mjxmBA4SDh4yUC10G0N8mjWxNw4bNMqoRwZBrMyxnQteGnPLJzJMNs3048yUl/nQHk0mp2jeBEHoKR/znS4SCdYxYs+fx/KvKr+HV4JqJgOEF+ex1E1bGbEsbPYvI9AqO0rVvzgXadombg68q/oI6MSUpTdmovX+ICq552LnDWwnd1MvGjmo8lsM7CzWs4R6/kpeuUkxg9PIaFtdwyGYQ3l+SWG7swLiGUcSir13bzHoZkDT06/qk6xU54YBBaxRDkroO/NFWBAW3xSmpXPHsKwsDH56DFhzYXaCFBSiOrywkLuw2SexhL752mvL/OwOC/WSyGJvHPqWeIStLEklwJRZG78AL9pVoio5Cnn7d2rtqt6sQghpUZ2+IKkwbBWKdB1uqstbXg2IqaO0n1W9B8u1IKqljTN0SlcJXyJEZEOnJgOL4M+OqI/5LoBXT2lLdDP6vp797RQo2vv6tHSvRwDxl0JNjgZHF3teS3TbTzFVOGAXd91vqPEudhy75ybI2Fw8c84HwLIdN5eMukUAlY+S20rTY256jioMgSA7WtOlI1M4bxwhoHya6/279AsaHfoSokgfy+pLd1Zhzvs4OhsPKtMkLOy0HA7E3Iwo7erJ8rL4vQiS0/0/w96G5yP2jbq8Px7kXXEgLS6VIxLj1+rwH40iPHslLd7UWM/fXVo6etb1pq/OLO56C9OfJEdmeVrT8k2fyU6YyBCYf1hYWPhVeyL xkA/sv7y N+UP68iivpXPJDn+f0cF2WNs0KwPt4jF9IsQ0mt6aTiBo/KBtGPTpvHJYIzyP6vSY77ENrbcFN1eJAm1NJn0bm7HjSPgLJSeH3HqoY5/onAQD3M6KOpDe13hKf5wyigk7z4mrE/yrSb/Cbfrp5qRuKt9TL+ZD59Qr5Bn4tasCVncou9tOmzNzTO/h1EcO1VQ96fqXaUqCMyCoXnkm8n/8rw20IGG4svwyMueDD6xtzE7xyXeyc0hBmgFdApcbk9tUAxjzTIbKMogwcA75J7qL4uU1bhGLXyDoRdLqQ/S+SYpgds27xvwKas0AaJe9D+U+NJlNfzQbGbKTXnI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ arch/arm64/include/asm/kvm_arm.h | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index b7afaa026842..17672563e333 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -190,6 +198,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index 5882b2415596..d74b626b829a 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -102,8 +102,8 @@ #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) -#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En) -#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En) +#define HCRX_GUEST_FLAGS (HCRX_EL2_SMPME | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) +#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) /* TCR_EL2 Registers bits */ #define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) From patchwork Mon Oct 9 12:08:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 484A3E95A97 for ; Mon, 9 Oct 2023 12:12:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D51126B0118; Mon, 9 Oct 2023 08:12:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D03476B0119; Mon, 9 Oct 2023 08:12:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BF0146B011A; Mon, 9 Oct 2023 08:12:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id AFE516B0118 for ; Mon, 9 Oct 2023 08:12:36 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 87A424023A for ; Mon, 9 Oct 2023 12:12:36 +0000 (UTC) X-FDA: 81325811112.13.5C8DF77 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf05.hostedemail.com (Postfix) with ESMTP id 7D7F0100006 for ; Mon, 9 Oct 2023 12:12:34 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sQev2RNt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853554; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zwxRBQqN/sYfjycdFrNYqttjbdgy8h6Z6Lt0sqArAlA=; b=qioYL5RyKSaenaHgX5n52J64LLpI+kKxsI6svLF3voCQ12tpLqsw4YvfFWnmBOh+B6m/dE cwnbuJoMzY1Xn+DvjiQieNIkAhnYzePO0s6c9rEl43UdlYBGq60HNJiWVrPvnV4YjySukY pN5iFyQOwuUUXClBw5itDF1v3Kko/7w= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sQev2RNt; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853554; a=rsa-sha256; cv=none; b=m2eyCg4eJoNxSh8kfwm9W3Xic8JvMs/VWgdNf1RIqk5z+8TbS2nUUg9x2fQm0/e1GbUCkS Q4Jco1GVQWjKg2D3pjzbibaVlvR52EXtTOH9a/iPaYByScAB19Gq0mEiKLb1RMsPUi7tYs CLbW+Q31HL0rqbzgS+22BangVswYMLM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 0B64FB81151; Mon, 9 Oct 2023 12:12:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 694ADC433CD; Mon, 9 Oct 2023 12:12:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853552; bh=/vPx3SSl+mfIKMquypHtEKuBIXlpLAB4iLa0L5RlD3w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sQev2RNtEnDEFPBmWkg1aPYHogLgGleP2M9edpa6zdfjrOm77CPrvQi8niVT3Q3XA PmofI6bdrOe3jo465oZ65rqQozZTbERNjr1JlgHm9YKvcfsq3nEWGOY27pZmgfjjyY dDSMy7U4xKkDc8C60A7VbrEkW/LnelkzXfGdxcDiA0l3rymIJ+ckAVoGbH5xXkvHEN 6zP+9swYon2IccqrGEKpcXv0rcTceZlfZ3HMAZiaAMgZ4Bk4wkuyPEIExSAnXIRc6s zhy1goGSBeOKhYpRqjCoLzuKbooaSsK4gY62IJDkYR2h8CzvSzLQp21Fv5NqJLcB65 0bMJuO/3HSw5A== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:50 +0100 Subject: [PATCH v6 16/38] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-16-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1992; i=broonie@kernel.org; h=from:subject:message-id; bh=/vPx3SSl+mfIKMquypHtEKuBIXlpLAB4iLa0L5RlD3w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2drxB++QScfidUv9L+xi632YD4JcSnKHzTsqVd VSQXvKOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtnQAKCRAk1otyXVSH0A4PB/ 4ipjQMsBwdu2UD/vynqchKToRd0kqycl2G6DpsLfpWzFXRwRKSxafYc9AJV0lZ6KMxJHds43jisMvV JanLIXBScLRN2udzGEqwJxIOrJBqqd44dzshYankAdncw0JSQY6G4yAhGSytSv9bNgOzDeKTlAsmV6 6NkSgFh0Oi4iEOc2ROpLbOMk7/0IfTWjwEtrFMc+CFnQjvhR6BQ7Z/NuarIeE9cTd/KsjjJsHf/vvu yE89uLbLzKRtn5yyZsZKUQGm7gFXI37sKp5lcnx8lZe81PNtoBftCEicoN9GK9nWuDtwQgrd9k8tLi qhX2miMaBp7oy6sv9dTtWraYtOdYPx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 7D7F0100006 X-Stat-Signature: 5iwq5e6d5rjgpnqbxkbwngwk5j4u4s6o X-Rspam-User: X-HE-Tag: 1696853554-359235 X-HE-Meta: U2FsdGVkX1+Lsm8XNbImJPs7mZT55tMiuBdR7mAPUjgVmGVrXLAJa7gjWy5pvVVa7xOMP75NE2f2xTm+J4yV0SAOzEQHt7XaXgj5xNJ208p/c//6NUhhQFGi5AkmY52OQjv4jhDKElpTkzak8ZZbW2Q4ougtUOy4eKHNf2xjKLH8xFufa+FNILQVbMrSzaeA12z3nzyMAxOx2N7tzFo8BdPf5js8x5uDnObd9gvdfG4oXeDpnMCu1fRODhuztaHBr7uZh5PuxF23MVcuxo4uAZ5/2kxWzV3qc5wm75GK/1FJnSINICTkuLRKr725+E5o9+4ZctWE6tvuPsLxEvG8ZwRoHIUf0HzkvQ3DUg8SafS+5mcTnAurJJDLTtXYHM8vouRNmDFMTNoSxkvB/6N7lxc8dlk1zQdn6SgVvl5VZbmVv4XbPGN8eMHUCY3hFjurOihSVrzR0IItOsL4NRrqHshpXlmB2lU6NvtlYqpBumzwpz+dnayrMV7lePlIGykoKI4CnuzBgFcOGIPzCPaXYRN+XWXiKN0Z7VMVOiuv6EokyU161/RmQyncu5UCY0cUZKdifItNRYlR9ZYBTRJ3Eg8AQHRAd0t5pF18NJmVwldE9Gl8wPiaByqE4iQe7DtfTU0TEuQBJ+XEaZSoW1e5Rko3LUn0gZWaPoJ18bEmBSSDjFiGjfkzLp+SwS4ttKAyOBgZzCp/9Nvp5oqXPU4rsahwHtD5nOjZlGWKZsTllQ2qO/bqW4VBjrDAxEk3UPnULgW0iV0RA/UD3wLWQ/oyPzgtERHDSAQsfeeWstoSTf9ysYub4sjC7m7clgQPyXvslQ6V3w0Y0x1G4rVK4qkIZysTQZ/EaryGLlvX3tPZs0HhgzSAoivZktyfE+sRTiwOx1YtTKhfd05dXBZKa5i4y7CH28+KDHjGU+aY8qzVLEVkfP4hND/uIqm4T9ZXYUINarXNZfasfWnBFDgEkHZ Q3rF1HDm bag1edc4/7PcYsTFjLj+MIdw/h40C757dY2kjtlIJwaVmQYgT4Vn1H1J/QhS3Z33XXLbQpLLY9AUASDKgkxj/tgxjtc8f6Fs4zag5uUrn3ZHNXgaF62RDF+eO7TFS7R4QVRSca5M9Vv/AHSqTFKDQ1nX7cMly6t1JCqmWIVW/V0WSDftr78tzJBNuIg0uRoLr/G8wjtRb1cvf4kwB+083YZoyGXFGdp3mkPhWxecTX+y8skv6sMrKihYIMAKk1slrjZHAEIbks0qQ0OI9l6kK7j+lCnWv0ehyY4cUtHvJ6ZNWxXex+ce05HoxhenMWfOEb8yINXHqMDHgIHo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 0a1731a0f0ef..7afea5f41ce0 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,9 +418,15 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication + support + arm64.nomte [ARM64] Unconditionally disable Memory Tagging Extension support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 3addc09f8746..cc059ba39d58 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Mon Oct 9 12:08:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0483E95A8E for ; Mon, 9 Oct 2023 12:12:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 450736B011A; Mon, 9 Oct 2023 08:12:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4013E6B011B; Mon, 9 Oct 2023 08:12:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2C8C96B011C; Mon, 9 Oct 2023 08:12:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 18DFF6B011A for ; Mon, 9 Oct 2023 08:12:44 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E1709B48C2 for ; Mon, 9 Oct 2023 12:12:43 +0000 (UTC) X-FDA: 81325811406.19.952CEA1 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf09.hostedemail.com (Postfix) with ESMTP id 01C14140002 for ; Mon, 9 Oct 2023 12:12:41 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qbHBXwJK; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853562; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LQIhCraVzpMXBYTq6hVA7xdodarb3uwbd7PqwwDVRIw=; b=krkagjIbUoV24VTmazfZsBJuXRd293CmZfzs/cCs8W9uANVCz6c89/vJpEOYb06qSe+WzY hdRLCV7tU+Dq+Fv+ttPQ7PUJx5QVS/M9Gg4cwTpX+a+roSGAs3Rp1SHm5dLOzt8Ai03BSo zyF20kEVdSopiiJLub9jhjcq5uZlrKg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853562; a=rsa-sha256; cv=none; b=2ejKetMQyvZz2TCAXMuqKyDd6uxk8A6kFXQRxSlJEo4eufiaqSNevOOhJPWo60Ha6x4Fn6 IX8x+/rYOFYcKrOqzF2Tc0qGRCtMEXnEy/7dvVcILZ02I810FRV0yC2HfwuKF4d/jkqzIq ANkPvqOJiXyUxi2feW4RRlMG+5eZ9TE= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qbHBXwJK; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id C20DAB81135; Mon, 9 Oct 2023 12:12:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C1EABC433AB; Mon, 9 Oct 2023 12:12:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853560; bh=lvoE1O3P70dbe+mZ76dqPIgfPzAOQeTbed5LhVnXTzQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qbHBXwJKK6WbkIpHZVNNuR75YMWz6B1rlWgXQGomiLIBnVf2ZbBp1dMC0ZMOgBEor 2EF/M4CxuUDKzhTkgYFMt2wKxY40qj1uuIf5HvM4Yd2qcAqbdokdvFm0wK5Tv+3Vfi vDukFgrzMMfwyPCYvnAe/jatMV2NZIUenzxynOCuwBNxnT8XV7mQIAhodVazrt8BGb KP7yKsLjSQOfd10jZ71s4gTznggZm9Je/wNUcYqFWSUIYPvsSIQ4wV3eddwp4bOZGR 3y2hn54HnEP0BPy6BzKeM5VHL8ZDI9dspK+4Jzy5MK3NrkvTCCVt6sz071rB9ad1Ql yhgZjrJKSvQ2Q== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:51 +0100 Subject: [PATCH v6 17/38] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-17-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2961; i=broonie@kernel.org; h=from:subject:message-id; bh=lvoE1O3P70dbe+mZ76dqPIgfPzAOQeTbed5LhVnXTzQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2e97itUFbmdKM/AAm/oWnm9YAweKpQRndIz6MZ nS5x0VmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtngAKCRAk1otyXVSH0EeYB/ 9Q/PNyvnWiW4p9UMFv1tk22XH72fXtr+z/uCzMFO15lWzaMu2s5nb304MeTiU7E3qiL9sx6GCQBB7K BkhkD1KNIyCu140HAsk+JKUr2XlTIbR/t7Ec9SDoPKKtasEYd1FagLldM6jZn+BfLwR9Rq/LfE03jW GBJXSo6RHjSPSkiqNtc333VrTbWBknLn5MiUc2szJzvRaGccbjSwn3U0ZtidN5MC2+Ddx4yK5Oc8lZ gBKjROMbML5xWREWb2yXxSYfDBe2tKfZSn1ctZNFHgN0YtorefoswvPl5MM1wIcnGN3+PQyzUPI78G MzzKoi+Db2v4RN7Nur25rmi3/QsEPU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 01C14140002 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: zk3j5e1irz693o55or5r4bxp6jkgc98u X-HE-Tag: 1696853561-782206 X-HE-Meta: U2FsdGVkX1+ZocvSh0Soem45BjxqAgojijM6C2P5SNYgVGLH91+begUmRMK8bSfr6vvOEuzxnjdx/0xnbHBWnuXzzsYWxotN4FJKoW5NblK5ovIFCFs7v1G8izeCnV2YRF7DR8d8BCJZR/+QiT5er4KvCwgg/oeWPTxxCm2nVZqY/uCxNHMOmQIAMGsNaT2blXiaeBZ/I1+lRgLuoqCTF9NbMpRBX8wgr/bJgDSlUdNVlq2Rn6ax7uZi2254da4+SNNqjcnTo3S8HLf3HuYQVFntAxvqLKDeGox+ZMiC3a/roerqxDcTmGBoJh50dYhbyGMz7elxEHr3bpr5ps7qe3G12T6t1hgBhfrYKt+OYrM33hnNSsFeBxlc5uLNtapZNcOQAhLlE/j4kRYlQd8EmJAxFsR4t+paFVK+TwjGOExZoIAdAztXczjWwh1UzBdlGg+NMat/BNfUR8DDMJksA/0nrGgYCdPZyqYCtCoN/Y3aFxP/TZXM7vql6/1HB+MVDMhgFObNg6HnWBYmB32PIU4Q8gSHiNpom7cwUyK8cG01TKNw8EKVhY4xbZEtFblftEh1Oi1nBzLycTv8qWMw+9gf0pBHms7mxxzyHICkt63RmnrnPYrYh4/vVE+Cb6Q6vI2fAsUCNEeqBD04G2sfDo8pCRjVffaPLjHdYCNda+XTVirbhpRGMfMv33MK4ZNKxalCDUvMEtKBqfM1vMogUGb1+7GdFoBKraGz2zY+DXpFdVFduM9s+Os48Lt4HfJgScAz4nroYwHY2moq6jGv5rApsz+/UyF1RX1vSDU9tJUFDcVgs6AH1YZGU5lCyACSuIpeWGFZ794hbj4QxqWwggGjMCABVGv1f9hIjI4ORwUDPN/7UP/i0VY86Xdw0KDydgHZN0TKTSIIGrDGIMAZWL4JmvETNiGvXn0rel+uRVWfs7NqpSHsNlH17kfWDnFJkiyI6O08urp80rtYJPS 9P5kWqtR vHz/mQ0QIbAY6prITiSknwozjvEUMiAG+9QRGbCBFGm4neltwcGiL3HIxObyVncfhLUs/Wob2L1VNXh68iAJcDEU+aJTgtPkGkef3HPNkMw21+tJL/yqwGMGzlA+ZmXWrDXxqlB6jForLG7Cg+Pv03i/8aaqksEE417tp9GTT0+gsPkBmYQ1t8LmVFOtX4LIDTt/BW0Wnw3aZfGLm7sMrATtULf1KYGbCysjJxGyApWQV4LVvIuu4FzWk+MKDOQ5vXm30Qlwaf2sqZnOJ6/b4lx6geWqHZ50IRcSB0A96qEnoKkXvI1bqXinD9MpYLv3RZQc0QEFA0xxiS4w= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 76ff9d7398fd..5c9e17a3c8d8 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -308,6 +308,9 @@ HWCAP2_MOPS HWCAP2_HBC Functionality implied by ID_AA64ISAR2_EL1.BC == 0b0001. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 521267478d18..d4bcd1cab698 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -139,6 +139,7 @@ #define KERNEL_HWCAP_SME_F16F16 __khwcap2_feature(SME_F16F16) #define KERNEL_HWCAP_MOPS __khwcap2_feature(MOPS) #define KERNEL_HWCAP_HBC __khwcap2_feature(HBC) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 53026f45a509..5c0932bb7842 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -104,5 +104,6 @@ #define HWCAP2_SME_F16F16 (1UL << 42) #define HWCAP2_MOPS (1UL << 43) #define HWCAP2_HBC (1UL << 44) +#define HWCAP2_GCS (1UL << 45) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index e247dce1759c..114876512172 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2844,6 +2844,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 98fda8500535..e99724c9b440 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -127,6 +127,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_F16F16] = "smef16f16", [KERNEL_HWCAP_MOPS] = "mops", [KERNEL_HWCAP_HBC] = "hbc", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Mon Oct 9 12:08:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1047E95A97 for ; Mon, 9 Oct 2023 12:12:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6E8B36B011C; Mon, 9 Oct 2023 08:12:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 699686B011D; Mon, 9 Oct 2023 08:12:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 587D36B011E; Mon, 9 Oct 2023 08:12:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 48DBB6B011C for ; Mon, 9 Oct 2023 08:12:51 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 243A9160229 for ; Mon, 9 Oct 2023 12:12:51 +0000 (UTC) X-FDA: 81325811742.04.522FC79 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf09.hostedemail.com (Postfix) with ESMTP id 29FD9140032 for ; Mon, 9 Oct 2023 12:12:48 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JV5GeEBl; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853569; a=rsa-sha256; cv=none; b=ifF14oVFCTFQlu76KmhSqDLJt4uhItGaxQTamTOxKnD57bY7PWnCOzkSH9xo7UpI6j0n7D XIwxDqScFWvW6CruRbwTEj4t5svkoQ4860UfxtzYl/inBiXL9IwpoWBHMyZaysfsD6oUlb dLjOx+4Xj9t8xMKASrM3cHTRa4CtC5I= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JV5GeEBl; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853569; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xPVQvEYwEoXQfBz/kFyvyUzuJMZzqNAnZxG3rc7czEQ=; b=ofK+q99GRI9WAUPVBqYZcQAznWSnmbjTC0avnXAT4L4ScJ0vdcbFsvRVNAFpZm0jXbPG4w CJmpOC8rJiKTibsXI/EdKjp12B8m6jrY1o74MD4oacBEm1ieo3YsTENslueBg7oXn6FPjp smfCzyH9Qd4MMDz6bBhqklbV8SipglI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 8887DB81145; Mon, 9 Oct 2023 12:12:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 793CAC433C7; Mon, 9 Oct 2023 12:12:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853566; bh=sIXiMHqGT53KOfswnAd1tnEcZ0j0aXrKTuf98iIbpAU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=JV5GeEBlJhSJovOYlr9LVRaAEDTP0w+UILC7gn/T+CmREOnxo/15rVH2H5B29mcyy 7Me6PJ6ziPknbDa6vhOalgsQtJSh1R+Uevgl6EtmR0VXd2YnpTdHGf1gbu4aZfU2YJ mi9haE+Mjrd/z7jPoPRR0GuKrzD2GVM7uq9vs4IEBgvxmObSW+pPqTYJ+pL1Eg3I5V aF34C/Gwl2lS1YtI40+85xBGssAh4u3agUaBM3SnFVcwgTCtNSGoKOEioeEgFznaS4 xWabbOFnhdC+EgBBI9hJMz8d2fNQ95OxabxbNX4CqErqPLcso7muq66u+NG8ypuEzP m+436lfAVY4+Q== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:52 +0100 Subject: [PATCH v6 18/38] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-18-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=sIXiMHqGT53KOfswnAd1tnEcZ0j0aXrKTuf98iIbpAU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2fgmbR8ogvFOWuIBQXLZL/EI/xdEFTBW33fk9I jIPh42iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtnwAKCRAk1otyXVSH0GCHB/ 9mrJqknBMqEyHavL9Xwwy1/do6TLd3nJsr2NHNNb75vImTX45rZzOAJGX1cuPwoH/mnx14L/0tTiJq Wy55ygcGfkLEn52PHv0jIL8GSBrqMJsWIzynC4I/pjtzoH5RGPjgKNiEtjBma6FnKxqo4bcAN5Vg4z 39hDxGjRNmRlugF518e8CxGly/U6GERIPZl5P5GVFIhW408whh6jikyaYxbkmHIHWs2SXLrTI8EDIi sf/MO9nsCrD8bQpXsRVYHBOhUI0s4crj0y8zJJy2LESmOrlCWvzJbHl9iaP+SfLRGVOcDJ7XSPXBYh l0/kx5/dtGQuSCmkX/GkJnk6slsSdI X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 29FD9140032 X-Stat-Signature: 8n8wdochmzxf31dwwmerq7ou6krespht X-Rspam-User: X-HE-Tag: 1696853568-734979 X-HE-Meta: U2FsdGVkX18YJWuaQeB/g5DD9Uu0+HpWuu9FYolXxezkfyhFzm9cwohPKEwM3ruoyAM5SEuVa0jq2gurKRY/w9K31rEr3t2ZrCixUp6HZaz6fTbEulayR4tCsMKBBhh2x9++IjDhlAkXzwk8/Bcu6oUUwg9otQmgz2Htg5fkDN+TvKeQAENLpvphF5cIanq1w62U1YjWNRreM4JuaOBTuEdxTfAdMnW/x1uBOMCOuY/dvHqe2vUd9JVnSvwmuONz40c+Hs3ZAcc2YKWlooryt5wfHZh7TyIIAEgsKzidP6XVUnC+u0rOf3nWzT2OH2G2YaGsbuuXhJRX0WLsMKc1WgjFU4eaL6yK1wqRIPLBFJ+AZ825A1hZ//5Deoc06s4bimnhDOsaCEJIBYhwFuXkH1XjanNXJ466ITMGkFOJaIZhnBt0u8nRvTyWZCOD8rAHNlyEcTTMNfY6F+yUELK7Ck9BC+wZjs6J0impgUKbCpJ/RT5b00N08l/Slbt3H+uJ0ARdO6Rhypz41Whf0a2Pw/gW+GT5s8DHxSN3etH0EXOWsKBjDHh1A1Wcxlx4db1EBM4ObBDtvfBBiYQPDtBl2L1kWJ5E1smgHk2dn3+NsaAbfEN8fkhcrw+w04ASpBlc2WzsgnaT0+NUNti8JkPKzp8JMe5gK4mIPnvnzA8nu8k362AQ+qErWru2gXGWWuD2EdNsPHw3qppinCWfHW1nWwEXswANA08hpz+VUhTe7qR6fpDHHnChZHymNSdz+R5vW7bslIgJCW0EecMubmkPLqaXv1kG+BwF1Qi3nqDMgMnmShyXnDkJJU0ZxCMc6mR2D1v3KPmG+b9UX5VmM85Hvgly35YJ01xHsFzZnoqjDQhomzZxy+aFVoOUQFBdUCML44TY9ts+WJmLa2nZ3qYt1FjXynMq1qNvVqLq39MahgMyMETzvYERpebUUJboapCIUkiSyGMAz6C++4CrG/R Km44kAnC srYtu9tsDUjwgjX29LpNoIgd+17GEm8nN1q8pVTfAF/aYYgcDFw65Ad1D692C5is87Oux6IZdAN9DdNpa3JcW2LIIh8Vf0LV8ZF6AE9JtLcOd2nA0bO2ULG19OrPwWS7AL4JJGa9FaBwy+gXVNNNh5QdBNlKkuJTwSOcX311xE01LHH0+i8wII28Z8/OManRtxx89zja5xLZIR8OMOXk1QMJfv86uQCH2Y2J+QQhiHl4YJnw3+TpLI0cACOe1UuO2OpvuQ77SABlpFxtHX5gQZY9HRv7VYqzDfxxAShB+Dad45BHQ785CY7vVNROpbv7InRpyYMCvtRlUgVE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 0fc94207e69a..52d78ce63a4e 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -429,6 +429,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -471,6 +480,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -650,6 +662,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -732,6 +752,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Mon Oct 9 12:08:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CE64E95A8E for ; Mon, 9 Oct 2023 12:13:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0CE406B011E; Mon, 9 Oct 2023 08:13:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 07F006B011F; Mon, 9 Oct 2023 08:13:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E87FB6B0120; Mon, 9 Oct 2023 08:12:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D6B466B011E for ; Mon, 9 Oct 2023 08:12:59 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B31D5C0209 for ; Mon, 9 Oct 2023 12:12:59 +0000 (UTC) X-FDA: 81325812078.22.F157104 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf22.hostedemail.com (Postfix) with ESMTP id 350CEC002A for ; Mon, 9 Oct 2023 12:12:56 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nidKzb6K; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853577; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0j/+HIFaE2o/z1yKRjnc+abvdKycGUsLAaTjGp+QI7E=; b=lZnaxaoVIYPsCO1qgs3rgWfjw9CJ97LWoJlHBEcYpwopCd7mb3gklMsQYcwTJIMXjuHwdC d/mBEaz/SGuJfCfvqWVlwQZlQ2NF6nO+8Xcze8XUl2KQOi5o3SpXsDLso9QoUnBTJ+Va3Q WR7GSySAOB4bP1VxxwEjYYiIuAqYwqE= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nidKzb6K; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853577; a=rsa-sha256; cv=none; b=6Rzlwsjo7TbEfqDdPBZ9CDuzTbmnJhfrekzwkMcdKgHtJDOneHT/5dBbSS7iSOi6baR6YC 5evEbkiXXp1+0aE52eBipRKA0ECNlnRC5FxI8sI9hBBI4v2W9nUiizKo6Kx8haxrwq/B7j qOESbyzIous1LgkxQWUCdYphBQSwhjA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 5DA0BCE138E; Mon, 9 Oct 2023 12:12:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B76BC433CA; Mon, 9 Oct 2023 12:12:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853573; bh=U1l0Oub8DGXeBnKIw3SOas1EfStDVYy3cBry+b4y2KY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nidKzb6KjaupAUNRQ7cqd5mxL//1PZ7Zr0fs9cUxP2Sqp3dUEAlrgp4LoAr30o55W U710+3rdLZ6ZzwuKUFNq/3ntxIVKLkn5Jp3FYJJm+pvRYVzp/jJUgl7V2Yz1NgIShJ PV9n9kGvXyWc6fCUyE/z8OmzA6pXnJ+ZP2i9eETmkNDUMu8lIrog4PNrjVYVbd1/tV o8w6eNqVhOf9GYYIjrWmGkApgNbk+6ArtRI/AwjFPMBBUz3+W2gE+vMZrCvgFrig8Z oM5dG9qkqa7qk4KCOugY5ojML/qLd+Hmu0zdL5OTwKi+A0NGUy01Ur8afAbwIxEHgX QxYQH47PfwqGA== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:53 +0100 Subject: [PATCH v6 19/38] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-19-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5679; i=broonie@kernel.org; h=from:subject:message-id; bh=U1l0Oub8DGXeBnKIw3SOas1EfStDVYy3cBry+b4y2KY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2gzvC6/uRznZqzKfe/TGEH5CxDCcE+V/5gJRNL +1aTQbKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtoAAKCRAk1otyXVSH0LU/B/ 0Ydu7yT5bbYSp6sxq/2tFGycuTvi9kpwlvDefRWYOXy0CmFYrhj7uu3+ALG2+fh7QzI3l5YiwjNw7t l1w03bBgoR9OW4hW4J94aGDQrIt9ZgpRP0eROtCgquKr4tFxdD+c/BVIumziARnNX8LU4HKUb1oe/5 WrND2lz3GpPjyo/ilirjaB/GhzLquoVwzOqINgs00dIkV9jp0cfBZqdSQVopTDVeNOB7lKhRJJIRg/ Bn9VJkcivmoT36Bxq6ij2Wdd2U0mhQNPQkxxpeFhUJvmxQ0Tgljc1tOOSl2W/HGw5D14eunK2/jhmh +SrtxgjjbNtrL/kg+/sLkqxk2hVxc1 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 350CEC002A X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: w3yjjqqgspozbfzwm7o8gogyuiwqecmj X-HE-Tag: 1696853576-633563 X-HE-Meta: U2FsdGVkX19YL1IeDIpEWs6o8MPErQQX61jT3tiYgk2MkooZhpFMjzi8KuvEcO7iFjT/cx1Vyd4fZat0phkxCOpDjZ2nTepmXUYjvg+NpmrfhgAR85BLVv9Rmx/yleoo8Iq4EOcwaqNEN1R6LdC9MRl3oMiD1fUJ794DD8NaW0/dJg0jgdP8w5quVK+qsHx8fnsjXS2LrdSVNCds3YGkTzjUaRHWEHcUCoHOn5WV3vhUTWhXGoeGxDa0wTBAcB8mB9TtR8zRJ7ZUU/UlNN7DOt38uhXIPDyt6j745Yuu99t1v1h6wKUqTV+Vdrs9T75FtMu+yFvn6/R9ACcQyJSPVoKBb2aGlKBrIVkIVRjv+0veutJjaZZKwU677F30OPqD+Cy/JnGKiqzjvHAL/8R3vkwg2lh1FTIl72fKmMo9dzqEUPeYi+p6t1dBWKV2nCYklM1jrvhSmbZYkTp7lD2cAeoHbWl5pvpJih8Rt2fYCGY2kdezv1fNlEQGGzjCU2vwj5iwHXOJ5iowrSzrrmvoQBxyx9V2ClhrwdSnVLY0DSWcSz2sYpRR85Vmy34NJlKBsFfNjn/iX8LAqNR1J2FMlQkjlvC0xgzy1aSoae4GD5BPoQLA38BkKu4Wrks/jIlMwR8wqHXPSGVjk4273Cb91uGm3ae8rYvt9bSas9fQ7pPvk0fDxp8cJcH/xTE1MX2wiJg2wu1b1famykbkZdD1aSmonkWmTNp1SwXbfpXoibwUiHBbSfCU9LsRriH/ZFyoC4uIUSQvdnjCVAmeaGj5CDQcGKfp80R+tMGg6v1R3+Pmr1Xf4yCHat7QVRq2vzNryshW9ybgW7MZJ/k9RSVtYS8uSgRjbfS7twsYxOH+dpT2Wi7mPQaOBsCt7zt9ZXoSF5gYT4owmvne8wr6fw0KYZHvfKULQwaosbeLjuibltkVedlQu8tTC+DfRV3UUJGiJx8aFZrcJ0xJOXC8TCH /wulSmVt BCfmfTxB0pOxoqM7/ZYR2yyzpzGubOMeawePInBTcU6n5k3R7iML/cUhJAxQqAWhgsUQUkNCz+VPLRdu7ra92VkT4LccGURbC4ung3aSb058P7fo7DAp8uSDwCF0unpWyBpgRhaZfWHkLXJjgRg4mQ+cwLoRL84r8OOGdHCTcyFpWOiK3ZfOyaD67yJIEgeC7yUnuW8oqibib+FK/luU3oqVkb4KxihDUXDoeWu9xUxWhDoiwkBW5OARmVQcJuAJyy+xj7WtdTIoe2xKRCQr/0GrQPGx7pvKRzMdP5qQ2sb7xwSMNttBDc+GXfqSDj3qIW9QvzJVx+6Mr1CM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 79 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 2e5d1e238af9..9dd143df4483 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,18 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) { + if (is_gcs_fault(esr)) + return true; + return false; + } + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +615,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!cpus_have_const_cap(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -594,6 +643,20 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations, even when the initial operation was a read, as + * a result of upgrading GCS accesses to writes for CoW but + * GCS acceses outside of a GCS must fail. Specifically check + * for this since the mm core isn't able to distinguish + * invalid GCS access from valid ones and will try to resolve + * the fault. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -623,7 +686,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Mon Oct 9 12:08:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D662FE95A96 for ; Mon, 9 Oct 2023 12:13:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 737646B0120; Mon, 9 Oct 2023 08:13:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6E8386B0121; Mon, 9 Oct 2023 08:13:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 587F66B0122; Mon, 9 Oct 2023 08:13:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 469C66B0120 for ; Mon, 9 Oct 2023 08:13:04 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 24A811CA6EE for ; Mon, 9 Oct 2023 12:13:04 +0000 (UTC) X-FDA: 81325812288.05.9BFEC13 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf29.hostedemail.com (Postfix) with ESMTP id 2EE19120003 for ; Mon, 9 Oct 2023 12:13:01 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iKhWOUFK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853582; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=D1luWdQjCGgcA3yRUm5MGC+7IT3wPpdU5A/8hcfglQA=; b=jKYCKHaWKZb17poED2Y0VpCp1cwQfH21tVsregl5rFqU6OEJlv7AUhH1PETTa0wiYlmaH9 hz+1ha/Ge8QCAH3c6523Wh18+pG5Vm935RuJX11sesCjcbwGYfDvYbJ35SlfHAx8tE0ddG R0RGVhLsbq1ork980ZxUJMVJfqpDEDU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iKhWOUFK; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853582; a=rsa-sha256; cv=none; b=8ZG/VMa9dkKbec9zOoVhhE8ILAX7TSVIgSUZIP79yNeSbF3OWZNfsjW3Mld+L8bNV9Olxk PK5Yw9Ch1tquOsPv0Oo4s//bvPmHPpMdBzuYMiiyBRzB7cuWlFQ5G3+g/RQPYlx26UilZC lN9nhrY/tYfFllRkQScLD8ZIK8ghY4k= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id A0754B80D95; Mon, 9 Oct 2023 12:13:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1240BC433C7; Mon, 9 Oct 2023 12:12:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853580; bh=PsDxGrHqBjHeoGwMKffcey2x+5qoqTXr2+aWdiIPZRc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iKhWOUFKZmqlPTCVntQFX3sftVawRKn9CWFuYhr1HacIW0QavY+74JLMYsIYeJNlh 5zE1wF6oyCriG8ouCwlBUl9VVUfFWlZWCaEXiFiIfbOgs28bt4ZmVgoSAoCS90M+py z6a5f8Z+72aCubjm1ZgHaCIw4uvZQDQMrK6gG8/wENb///QtE2n0X7CIt0zJZ3JAGA 9XJAkg0glYf6c2Z+wQFxF13Pt/h3zRtUtk0R24iXd85uiTglkBjQHu7NEz9uVCrBBp Yum8sKNjcrN3WMuyW/cV/hlv0dT6TDDm11P7zbHMTmqCFv/RO7SZ88ioxX/v9kOYm6 4bIaVcBgqkT9A== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:54 +0100 Subject: [PATCH v6 20/38] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-20-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=6699; i=broonie@kernel.org; h=from:subject:message-id; bh=PsDxGrHqBjHeoGwMKffcey2x+5qoqTXr2+aWdiIPZRc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2hbbP3VnYRsnb17lXU/A+9RkWvZGWWlHoKGK2+ qeseoAGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtoQAKCRAk1otyXVSH0K4AB/ 9+YBAaqYdbu7vj+lMgN58kY+vS5cul1puBFzMWybte5jONTfDRc1nanSU6A9YBwF32L4/Rwrnd5CvU M5UHfjpl6liN1DtXHDJ45kbOXiJr3LPLqfYBMUrlSt1FWJUUiNwS1zh2KzzgfHBxDipRAwKw+DWQDt tsKt7RIXqtfeJBUiw6tsMzIi0GsyGjma02uGPzTArfkULqyNhm0UhXKlh5VcEWq+aiH/hq+JmG0xwY IPcB7tJCZU/87LiZP134XiiSZXEBNSY6KceFUjtceNJu0EKVXqGpg1+mFwF54krOMNgcTkgZ0mVqeh YS2H2ubIwj+yX4SSSs5PDiyXntB0YF X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 2EE19120003 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: 887mi9hp93xn3x9y3shwhcduee3b9bme X-HE-Tag: 1696853581-463158 X-HE-Meta: U2FsdGVkX19ydKZZBTwktb9vomvCzB1dJp53cjgExj7r5AZbLZUdQYG38OSCIfL1AWsugY/ZOZSUvGSJReSAD3YD4ABhUcwD4WHurBU4fKHoPI+SRIRL/7Sg/k25TAMyruT30mkYO8e8YQwWgvRqwkOPJv9auoJjqCQG0piPHsTCpkg3G1lCwGUck/sEVUXQyO2+CDMGQWcHMYtaAksk66LBhrC422QJ2uHlSFxv28oF/cAlkkIDklzw4GSvt3KUs9pKVSavWww4NQ8jRMIYgHTCqlZj443/dncD/uTeJYLcPHMOd+YS3LEQoqcIepUjadKebv2h0MakzKPVMPVXs/cNNJE/8wA3Fmj4HvlJzsXQFuS8TnkjsFYGTn27OhP/1goR8N8gyMZTK1sXkpqCTIuFv/aTc1iBOV8mEq3iJa6zLAbEOjKG99Nnq8Wxmcxeg18PnK/mSvDTiQjYQQyOTf9Xq1/g6t7EQa5hUW64IaG0alboOO0Z+1zsU6SM6OtHZfZkMBaDOZmg7OOjMul0xUpb24X5uWPUEEWca+fFSTBEIX5+QNGg39YZWkL/Fuj21Uzo5a4HwiSmnr55IF0C5uPLowa1uswDozPQZ4+kEeeJmXK/+yzOnsAUIzVnYLEoGaxH4+4wK+RDEKFIYSUn+3R07QRbyTSiTmd1dijUxqBzVgxdY1wfQHua3kZVMSk6YVuPgXrgWWgoPSyWW8v4ZXqEmbDeZOVKRPZxCDY6H0R4GybEz4jWsG98fXqkx7u3jNKO1b6cysNnsuoDLqJF5kuOrTRUiSsNy/KfURxR1eSO4m7tW8zaPtADfmg2MBxfqaaE142INZF4UjeOkXdeIH30DRLIXBU2ZcvA5g9KMxGQ30aGo0gwIxJzQ/m01rlELlpENu/N/8WZM50rIvErDgP1d7ckwhesu5jPIjdmne5xhVOU8X2PSstFEmf2g0zQx41/UdgjK5cgO4WaHWU DA8YXpzU isOb5eVklJF8sWk6dUeJlJBipeHqUBSSZsOqUkhcRRluOHyrFgZFEgHbQaN+g0i+MfVc0VqsadxU7dbTk2i9/ClC7FcuzhA9QU2KCfXmvu7C0SF++Z/ltrnptR/seHMfImAkeerPnFbqikxu3XiPpRUOgS+GKW+rDNDeh8hXTLz7/76XmI07CyLG2XvDtgvlJVAOoqYKG2J3OmOIzDQPA5Ly0DR+lPM4TFhFuu2ei988z6mRyLuzOh7ZVtrjlEO0W84ge1aBdTz2AaTPIkWTwV3KQmHVnujDgyJuycEycYjc00Ogblh3A34p1xHbgsxeLDlzU32EXVh8m8fkOgXRMfNZfjNBMMYllD0ztysQQe+PONVH/pV476Vg/Og== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 ++++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index e5bc54522e71..c28681cf9721 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0fcc4eb1a7ab..84bac012f744 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,32 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +495,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +588,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Mon Oct 9 12:08:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413522 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42706E95A8E for ; Mon, 9 Oct 2023 12:13:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D2A2C6B0122; Mon, 9 Oct 2023 08:13:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CDA936B0123; Mon, 9 Oct 2023 08:13:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BA2806B0125; Mon, 9 Oct 2023 08:13:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id ABBB46B0122 for ; Mon, 9 Oct 2023 08:13:13 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2FFD416019B for ; Mon, 9 Oct 2023 12:13:13 +0000 (UTC) X-FDA: 81325812666.12.E590316 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf19.hostedemail.com (Postfix) with ESMTP id 94FF11A0016 for ; Mon, 9 Oct 2023 12:13:10 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DfxThh3J; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853591; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MEl4cqby43N13Mjcl/O3LJnqEXj3XGhNXgxotEKCoww=; b=8HZofBC+xdF/EP31Tgme4IjdJZ+Na7iSA0jgZFIdJ5Bw79JwXMBiSIDX9UBgBwNMMQ151A rYfeP90SuRBG1y28CwYv8jSk8yE/OIJuQPztNdNUBY/fjub1Nwk1xSwpNPYjjBeknD5DxS hu3IutyUbNqPwrAdKqed0QTBlRhcvhM= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DfxThh3J; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853591; a=rsa-sha256; cv=none; b=cVsIpVKm83w+lLOtrU9/rzUm/0f+EJ7k5VeMj/D2gfbWvr8LpIX20UfV5NiOWVPcLfd28L 1K4kXdLRX6aWJeXhPGOH39LBjdGYLGnhHULwbvfNgh9f2IHm8jID+D4TQ0b6ED/47OpGL8 TzSdcIDhPk/c/whyQIJOfN8FnbNYxQ8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id AF30FCE13A3; Mon, 9 Oct 2023 12:13:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BDCB5C43395; Mon, 9 Oct 2023 12:13:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853587; bh=E2gRzIKAAZCXusVDWf1D5bQzl21y5pQx3M5rhoickm0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DfxThh3JD9h1tOr6J5VYdfQd4aCvkngudYG5TecsG7vkGYuC35Q80neOaDu6Tbny3 rYdJcf4Z/S4JZmg0CAeSvONbOti9zln+C7neG4Vf86ChE2Mta/qf372narPM63V8O4 pZi4HYe9kK9lHF6zKKaF0kBs20M2CYaBCgk4jsg9kxvgh0WEJHKqussFVu+wD0Qj8l exXX68bKmGAEYYIhseFueDHD4rEWnEt73UlBhpnZkZuSLkYwHg5c4oQOdDCs+D0oa/ J4AFMlo42agVepPlqtIEifI5v6p+Zo7ia5shuBI5uCm6cwApjChHrrbO8MZGL679q4 EJZONL4I72DXg== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:55 +0100 Subject: [PATCH v6 21/38] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-21-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5172; i=broonie@kernel.org; h=from:subject:message-id; bh=E2gRzIKAAZCXusVDWf1D5bQzl21y5pQx3M5rhoickm0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2hQ86d3PPUInKcJHG5iSyi18S/kyJjbjGChV3k KtZIv9uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtoQAKCRAk1otyXVSH0JBVB/ 9gNePxI0Zw/qlNdC1P5YbfLS0mCs1hDryY8iNHtyG5iv6tWakcE03on8SkNYa2TyeV1OydkoqWHKuY f0o9+onuTPpxlE0M5XeF7Q61az2uZqpJ/6mGH3zIODsz+Md7CFkp4qYDMn3uPFn8uVZLVaY5FuC1Nw WueTGn9bybX9TklFREMnvNoD4RlGceACd+YtAfCM7bRBHlSVXxstlgfgW02nqRgMJu9K5Hh9T3yB8v JAlVMUr+LBseMtXMVVQGv/aeq9AYUoiv/IDlGrOe8xQ4u8uDYsJ5lIvYLv4whZcFxEa0YW0EwWCDLM 4YFrFzSM33KvcTwbHPvv/8tHTE17Pq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 94FF11A0016 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: qmy8gu1frcnpyhjd7amp3hft89zedzuu X-HE-Tag: 1696853590-398579 X-HE-Meta: U2FsdGVkX18n8SDEWubkzCrgDmMQTjEwMbjBrtIggLChjGshRZbKE8sF8tGnLyL+GHuAkUIrm7wWWkU1gjPx40eJ9Ke1SMZfoLcXUgIlIEYHNtKf1JojzKOFWErUawTKAtTkH3pjpduLlY6c0f8ILPH+Y7vaNjriQpnXdSeJbtREx3rZRf7GEfEl7RBQw9OcXHtqmZQB2fbHHYAc41oSsEB0oRBDAa+ShjvfMGpKAV2cq/MWvTfL0XVS0wqvwdlrsMtn03uKHTxfFOr5BlRsrb9PpNlrBehTgpxt7SmZgdB6vIjLRZs1Qf1YP9jZL5mmIRSp0gBweDdGN38pZQs14wPbHGJVFHuNI6xnC0sIanmHMn+OClzRLqw8IS8rZBdwM5uXJT2PrgWz6lkivX0c4yQGW38aet+03ro+uK8P3FaRhQuVwj20gG9hQJqlw7QWKivOZAlKXypslDskHJjqHTjtcRy3PZ0Ei0HdifguQ+6BDtIMSR5MeQFuOAQHiNXQH4/ISh/StOezPrP+2tiXqQrmD0yGVn0IWDb6L6z9QaPZNr/VxI+KAsQk5OBE+L0hIbHRjdM4cOHCUxSXeC2LuM5dgNzpKG36ufnjhGdKg59ypR6YdMvC22YklULFkiZ+lzDVx9c2UIWdRTFLwXrUCZLGIIzZY6AxCDi8nqZmRUbYvypA8EHW8VsO01Ortkh1NklZ0HahIBa9L1NbxXcN1v3YMzvPB5NRL3UDh+G/nOf4Ev+MkWNP7G8XPghvqg+TIUz3PQxii2SKiSnauehlxDfk1sCQgOKzxoSXuRiGXAYVNqMmS2/cRgx/6GS6J5aikojW2b+rh9qEYPQ3hqC+vsW8FDg0FT9n7sIYGaJbbjgTGLcrMxwy9s1FVxx6GEv6z8ar5uBelzNY9OE028u3/ThnA6J7IW6Ogg96a9R+5T7tT/WyDU0lxkxyYnqYi9uAlGMwSn5uwBCiG+BumME TwPiwoWh PeQK7p2tdMq2RvT97eCdaAEtJ1GV5LrsPmdEp1izroFqKUY9o0Sw2b2JFLEaTdGolLt5xWMsF6Tl9cdl4C/Ba3O9N25ZoIqdoCiB4QoEBjM43PUsBYyOQNr1r6Q23DJyD8J0YYrb1jW85WBJSFJqZwLuFBzVxzzBU5RlmBODS0eS6YwQ4QyGLMcYoal3VBpf6ctzKx+y+PO1Wns7Xm3jgLhvUrNamg/wdmwYEgyUiMBVTt9x5+b3QJ4E0YlyGw3Dim1jTnHxzZILJBZiN5co2dt5pGoALnG5y0rPuxnBptlKnqcjzTsUjr8k5Kab46qIf9hYZKLzoxOH2IW8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: We do not currently have a mechanism to specify a new GCS for a new thread so when a thread is created which has GCS enabled allocate one for it. Since there is no current API for specifying the size of the GCS we follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. When allocating the stack we initialise GCSPR_EL0 to point to one entry below the end of the region allocated, this keeps the top entry of the stack 0 so software walking the GCS can easily detect the end of the region. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 7 +++++++ arch/arm64/kernel/process.c | 36 +++++++++++++++++++++++++++++++++ arch/arm64/mm/gcs.c | 47 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..4371a2f99b4a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -58,6 +58,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size); #else @@ -69,6 +71,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 84bac012f744..bc4f73fb0713 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -285,9 +285,40 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(p)) + return 0; + + p->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + if ((clone_flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) + return 0; + + /* Ensure the current state of the GCS is seen by CoW */ + gcsb_dsync(); + + gcs = gcs_alloc_thread_stack(p, clone_flags, stack_size); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, unsigned long clone_flags, + size_t stack_size) +{ + return 0; +} #endif @@ -369,6 +400,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -410,6 +442,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, clone_flags, args->stack_size); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..cb0a64bf90af 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,53 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ | PROT_WRITE, flags, + VM_SHADOW_STACK, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + unsigned long clone_flags, size_t size) +{ + unsigned long addr; + + size = gcs_size(size); + + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Mon Oct 9 12:08:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C035E95A9B for ; Mon, 9 Oct 2023 12:13:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 05A556B0125; Mon, 9 Oct 2023 08:13:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0091F6B0126; Mon, 9 Oct 2023 08:13:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DEC1F6B0128; Mon, 9 Oct 2023 08:13:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id CF4A66B0125 for ; Mon, 9 Oct 2023 08:13:17 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id B139C1A01EB for ; Mon, 9 Oct 2023 12:13:17 +0000 (UTC) X-FDA: 81325812834.16.8EB9DBC Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf23.hostedemail.com (Postfix) with ESMTP id B2101140018 for ; Mon, 9 Oct 2023 12:13:15 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SvQGI1I6; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853595; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jqqxR4XARW1rUHakRYBlw+bU+9kC7PaRHNoeI3Q33yI=; b=rvY8Yu/NzP+SOGTsvyr8ZrXiYpujkYnS4OzB4xBf23EmZYOQxg7F0ZurAxwNxt3lT8in/W ts9AvS9dNUKoD4lMppS7p8HlcGhT/I3b+CkcK7+duKnUB9v8nXw+o7ch3dANDOviOSL0NN wLMbBsVE8bu4E1I4WTgK3YtsPiOexWE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853595; a=rsa-sha256; cv=none; b=ueyfNGUJRElPpVWPFkvs3ycgzSTtCIUMZwvA8sAxBfBpJCMZchK5abmgq0A9K/07FCrLgA QGXWARdPbN3jBDiH/s6S+WB9QpwUxO7acwrVa7B93B8jUuZ+fi+BKFwnBHH7sNS+xROifQ 7931oKqczsb6OuuoUJQBZzcelRAxU0g= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SvQGI1I6; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 3B98EB81145; Mon, 9 Oct 2023 12:13:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6314FC433C9; Mon, 9 Oct 2023 12:13:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853593; bh=wOX/VCidy7u5iRp7jBzI1P7kDYiqBOUXs9IWPVUSObE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SvQGI1I6auJECsA5HNnZPnyfUEmJKB1kyHPmG4CVELIdmz23aGqtIEB5AHqLotzYw DxAAxMYBdToLGpdI2/CQy80sFIcV/M7qAWyaWrl/YQO6S6vMNpd38WALdW1/EGT8T3 F8B/Z7rtlUrTdyCLfcVSIolqwMwlzDUC38mIndIltNjwcRtyiXoay7wMMmiVyZf59L UWahtjJyBl8oYTy1+YMQ/XAUbdqrjnBRON3Dfak4y4Y7RvwJ/NXQOcUyT691wrVa9M U81w+7IDixDnVa1+qAkeE5guZkm1si0HgdS+qwia9QGC6W3BJvYspxbYMJMbXmjuCQ O5/inc6lIA/KQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:56 +0100 Subject: [PATCH v6 22/38] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-22-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5673; i=broonie@kernel.org; h=from:subject:message-id; bh=wOX/VCidy7u5iRp7jBzI1P7kDYiqBOUXs9IWPVUSObE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2iNjKPEwjokbez9Es4G4AUiv47sNRTtzlb93Ez Z1ACm7WJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtogAKCRAk1otyXVSH0OkuCA CClNtwZ/5fUorz1+MZqrsmriqbf343Fpy7PnkMNDhInuESIyi8lH+YEFCHTVTEReGs0XmsYL3fT/5D r6escX4sKstyFt7b7YXL7isYq2Q9gFysn1qt5ZJ7GMYZY42ZwzTiGaq6WNEjGIqpSu/7SueXHVU0Ff 1j8wvEXjR/e9gZIdBRAOC4XLa/SIXyGmzu99tgPMQcRB53xwIoJ7RRFWPo6Q89+1YSdzmvAO7oXn3o xUPcxMoAD9BxPRgyNM+kFpWmcBZhzvOE34UoGe5t9lyl/iH+2oYmvGAaZ5vP+z+qv4TL6KYCHC1Hv3 /gTZiJAz/IlR9MGyN4GKzPWQ3KGIl7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B2101140018 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: utg6353j3up5h8z1nmqjjrcomkyddct8 X-HE-Tag: 1696853595-674519 X-HE-Meta: U2FsdGVkX1+1Kxy6w4tXYDcxr8vthzhiR96/+SHMLZs6QQ0a/IuLfuetcVZc1dtWJGnvGNKMtlhuLFSA8rNldJg1orYok1irv7fUt347zYrGV3ukGKPRq5OHim4HKX8rDCoBAIl9OGnV/OYSB17sefi1BXeFEbUCtwKmp3PimDsFqPDPCNcwZMNyJUHZ9oCJd7tDgdDIFf3P+YjEIdQoQBOQw2+wMqKUPdec6m7m+4gwp7w1X6AGgOoIGyR0H4Nnf/fBs+4Hgq7xgjbd9RjvJR/n22NKxmqf2q++t7p6lqmM0RCUxNufLvRnxKXBe+J/yOfGD8f+CWFGQHMLgzalg+L52qVfnsO8tVpiuycqo7mZTwJ8bTJ1FxPlF2wxLbMvI6AmO2TXgAqLc660bYv21x/Yd8WvG0FR/rO+htdE+dgSUiK8K52UV8uTY1WF3hnczL1eb0WusQUHqaA8fXW+ls+p0mPmq8rrW7Psh2ngZoMUNlny3eMtvvy1RlxTgwZ/Z/XBhYcdJxGlpPCztsBxcOaZBPPRX75GQIRE1lCYHwx92JVHbWGc5sNZ1yjLzKeA2yASZhjntBIn22gY5cpwvDysB48Zs6OVXCVO9+lPwCktN5C6NuZT/JNGMhe3+5jipxJC6S+VpbotLwhwW0euuYHsENu9PszkV1Gbwg9PvB/2wZmog0CI7uA+5nTyojA4i5ev4hq0wlEsgnGVNTrwS0fHBeD7zMVgbw2PIz2vLW3xNGb9g4VDYpHULnZoMJkpRWeqJqyRW6WIk2R/MkKcXLj+uDbff9AAWkQ0v3g7jNDsjSPWY2NWyDP5EZMBcWsu9EpAwYIlXL3aSN0wMq3XVWY8aCi+o9hh+0DLu+Rcc+k52gwTSXdOAgHt4hyntmgVK4oSxQ643uzHCBxPfG/8Tkc1Rp5UMbBjLdvrzjmMYFbrvGKNa7jirUADDU2wOWgDz6T2QLRsqALthV6OUoS 1iqD1k2y +NO7wjYk3sQw4iVi3T6XY5fb7L0E5DuFBd10gjWf7tHptXRLSuyWDhMuh5qyPTXvEpAeuLBP7SDgQ99NFqD5Oc5cQikS8NFKPo26gHyuVhICgyiOYrTQoRX3NizwHZFc7yeGJRh3WxJdTtJ8NfcwwV1UT9rlLVaeb6mPVZaCK8gM5wwA/ElIhKsQZJIIZ7BcWwzr9OD1MZ0cFhFiMy2/loNUBd1pjTvbGCqUWyDv7hoGNi7IUnwXJppVzorxlqx2TPTlbOnMRHZqjH+TSWmgXUgpNQmaYjXzayJQznIh82FRZrvC1EKamZWBVg5VNjsQt4mKdQOuVUsHNtwc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..c150e76869a1 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -61,6 +64,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags, size_t size); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -76,6 +93,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c28681cf9721..029d20ea7878 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index cb0a64bf90af..2b2223b13fc3 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -84,3 +84,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Mon Oct 9 12:08:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413524 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1A8FE95A8E for ; Mon, 9 Oct 2023 12:13:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D91F6B0128; Mon, 9 Oct 2023 08:13:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 561706B0129; Mon, 9 Oct 2023 08:13:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 38D166B012A; Mon, 9 Oct 2023 08:13:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 204686B0128 for ; Mon, 9 Oct 2023 08:13:24 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D5C431201FF for ; Mon, 9 Oct 2023 12:13:23 +0000 (UTC) X-FDA: 81325813086.19.21E9D8F Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf26.hostedemail.com (Postfix) with ESMTP id D3418140008 for ; Mon, 9 Oct 2023 12:13:21 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=P9Wr3GwB; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853602; a=rsa-sha256; cv=none; b=lzZh69nykYRV8EGnLztNkUpEmipz6waiNlKPgzZ3hrrwui3BJ0ZFQ/3cC9z9YAkDEATx8u gGkfgwIUYXH01WT3X7DHcpetfvN1QB3vbzlzGYwQjEv8oHEhHT64RFiY1H3uN+f57e7j6O a8ObPK0xxRY1vzeTV/EiGnPClHIWyes= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=P9Wr3GwB; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853602; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6KotjAoDnZs2PCdh9/49Gr1ApcFSCw14MR/5qoXQ1Ak=; b=Apk+WKCNazOtJ6HD9SQozeSDftSDTalFwwblbOJ53+CDeRlQRfuPQFy1fOZ3DJF2Rugh+I m4qNA9s0VAbTB53ebGwbg6E7m2AiPUMcEdZd0kC46ujs5G9SW0NlDVm8/EtsxOc1cpjfUj XgmuBuqDyn1gMbd0kxiBXe9McaNecjs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 767C7B81180; Mon, 9 Oct 2023 12:13:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F1B94C433C7; Mon, 9 Oct 2023 12:13:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853600; bh=3LBLWW4xqQTJQMWYb4R/QtsJnugqlDnd+PiKUkXUjuA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=P9Wr3GwBII/troV8sSInqN/yln0ljfppZkXdgNhIKCGeuz0U+TlKktncbl5ZuxSMv cnpk394nCZYhGg+WD14CECDK2jkgemmwg8G20VX0LL1g6mMxIHRyeNlnqmDEVtF90q FFnSiMH6ROz3jBld7EZvS4hDwB4543EKyvQn3nPsVhJgRvqC7iQWtpG0sOFbuAnMBT LBXq/imIcLMJd16TUl76v7FQb1k2UBT3GrPUzclaABKw3F6BRix1Mzo29TqRnDPDOi /s0ZaDRniGtOGopTrCBS4zdNWTWfqkkUuEtxPQPhazgXEJ/6eXVGTZhcViuAI1+kAK qKLQBhIvkHUow== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:57 +0100 Subject: [PATCH v6 23/38] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-23-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3956; i=broonie@kernel.org; h=from:subject:message-id; bh=3LBLWW4xqQTJQMWYb4R/QtsJnugqlDnd+PiKUkXUjuA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2j1jSjL4UqyUBzIdyarA602yL79WXmOoB+6YF2 +t4GvA6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtowAKCRAk1otyXVSH0OvdB/ 0cqCiubP/0qwNLxtJmoTPf6p1bC1UgC7rcfqKmhkCd3ObxNQocCvyScqT+Zaj16RTzDpOXDqZSIB+9 BrdW1iVbYEFacwOK9q790fpkvdNJM923UIl37uQniQ+XDYGEp0m8l2d7e2FXdSmYYYStPDfqVFlFQ5 u8LnB9Rm5+fGvKmaHq0N7GysxvUXggg1pDipsule1LrpYg4qM/Zihw1G73FZvyOwwQu3C2AtqoY0Cl bJD/fSzTXuIkTyIpGuDSCOOUbYASGZeG+DWm9S09GyiuJze3FKWIu4QLAEP05tQAWoHi15HXplsOdv hL1ncvYBm5iYfM5gIqIklqlJUYobpg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: D3418140008 X-Stat-Signature: coc7x86ah91efbu1m4u5iiujzraira1b X-Rspam-User: X-HE-Tag: 1696853601-183753 X-HE-Meta: U2FsdGVkX1+LHxfJNO4gcqS0JNkQwGV0wxX+gtQnPVKt7M7Cjne8J9fVu0QWpqTrGFGir8he0ubRP/z6w23PcVB559YtCi2P7QfnZeYNMt6eRdAZTR3m1zOhp7bl/hP0jZLVeZSXKzRhgmLFi65astD7WA0wsjTSwacYlSPVxWeEq2oT6PgDgTxPv+SRUoQ97DjG1dEOgGN/nGa9rMqmJVXSYvSssMR+bX1AYVnQNSvp3o59fWy+jH++NH8WrrkUyalAMg5H7DBXAGXeYiRH5CVuVtd2qITghS2kn2tZSl2Wo+ML9pg8Phz+fH7e6wEFLvytU1uEEl7KaUOzgqeTsHzQsfRl2d457kl9lYOCGRQtSpNWfzKCLZFTW2H9KUC4nJgbuRKPEowKxG1sEUe66z9lRgc2T9KYUJ8Jk6zq2EpJGZeBzYpiDRdkGSn27EEiuU2XZJWPviVlgWHu6YxtqpZB8qfvvHf4+Ju0v9pJ5dxImbl2ejNbBKDfg/e54xzd+f9sCvBhUe3vczSSmBcC+zptVNEr9FS9n9WzW7QzOwAmC86JZAge3minE4RpGA7M/HZV4/W9fWm0tWt8TMehzl+BBfaIkMOI0biiCczXPwHWeKCILWcfReAsnjwKdMiBC+X9owXgM1yske9gHdX/RRzuMnGXNLNelTmpECgnP0CcnZXfBCnnCKeyq5Py7n3q+bIzDxjlaXHFx8OO/9SwmKXZNBwFbOTT1SWpn8Svxg4olSNb2xo4Qrfwb5EznJxA8XGRiv6xO+j0Dtr8qYT/dWwUYlhZV1PpIwf+ZDhWg7WOLpL+c0QsFo8Yz5y5qwcwlvz0nHFXuLsX+8rxo7fgsytL0b1xcZ//z4Gl8UjGltix8xRCYUg7WGq5I3xsf0oUFzpcNhnNDmSr3L0GmE+6Wzs2BDy3TGhKtE90b0LPwTr+9KHiZY2BbGoddxY2QscmgGB+FLrp0M1SgQiLGAP uqm8mIi0 OyNDeJDSVITxhjiIs6f1ZvUHSATrCLKHe/hJw19xL5eXD1Tx0zpj4kJF4AgVRF2zF6AmFhfcUKUaaK1+V1s7bTCXiFVudze+EuL8piAEAPyS94NHKZFPOfrPjQ2rJnnGMhmFmAcGGT/BZiqd/DLyAQJY5Qtwcg2Z/ZVxJ3Q4Bo+14UPnqbWRoVCmCRp5vC72mAzo2f5RtsZJDi7JinHJ5S7XEtgPv/c6zqmlHlYDpYtcclQuJWdcyfJwb03CVciViNxlEgpYCr9xuO7zucTJ44zprSCIQtemmGOYYAo9FSqKr3ES+4mOFUCwJA7x6Em41i0gJpwxkXvBtKeswCg7v9oLhzkI9vgHHqhHAiUkzG5TeAVvSQXCTdmvrfsvoCzqTZvmb X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 61 ++++++++++++++++++++++++++++++++++++++- include/uapi/asm-generic/unistd.h | 5 +++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 2b2223b13fc3..c718ac4325bb 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -43,7 +43,6 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long addr; size = gcs_size(size); - addr = alloc_gcs(0, size, 0, 0); if (IS_ERR_VALUE(addr)) return addr; @@ -55,6 +54,66 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret, cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (addr && (addr % PAGE_SIZE)) + return -EINVAL; + + if (size == 8 || size % 8) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + ret = copy_to_user_gcs(cap_ptr, &cap_val, 1); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* Ensure the new cap is viaible for GCS */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index abe087c53b4b..203ae30d7761 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -823,8 +823,11 @@ __SYSCALL(__NR_cachestat, sys_cachestat) #define __NR_fchmodat2 452 __SYSCALL(__NR_fchmodat2, sys_fchmodat2) +#define __NR_map_shadow_stack 453 +__SYSCALL(__NR_map_shadow_stack, sys_map_shadow_stack) + #undef __NR_syscalls -#define __NR_syscalls 453 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different From patchwork Mon Oct 9 12:08:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B90FEE95A97 for ; Mon, 9 Oct 2023 12:13:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 53CD96B012A; Mon, 9 Oct 2023 08:13:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 49DF56B012B; Mon, 9 Oct 2023 08:13:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 317D16B012C; Mon, 9 Oct 2023 08:13:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1BB5C6B012A for ; Mon, 9 Oct 2023 08:13:33 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 0254D160210 for ; Mon, 9 Oct 2023 12:13:32 +0000 (UTC) X-FDA: 81325813506.25.CC9BA7B Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf12.hostedemail.com (Postfix) with ESMTP id 780304000D for ; Mon, 9 Oct 2023 12:13:30 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pMylGXyr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853611; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rUEG4nGAsQAZ0VbH73GAqg7H3KivhvN8wmFC4M0PN+Y=; b=uHQu68upH36XZNnJUSkwp7Np6ehwJMheHAWPQMxql7/e8XLh2vXP7ZSa+Qu6yM+tyLLr2t ZfKr0k13w31DQmy5CEUrLKeb6ShsxqPEAoCZjGvXIp5prrnh/E/+ypr2zPJKGEVSmsQsQ1 9Uwjn9tnPdyxM4nknHb31o4Y8qzoZ1o= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pMylGXyr; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853611; a=rsa-sha256; cv=none; b=HPNBM2KhTj+qgrZ/GwDXqYQN4X5dBYN0Ac10GfyLu2B9mvd2kTbJcQ1yqXR2K4PA4gNEBO e+qQJYJjTf9+x450Im5G8bswStm3Z+g1l1kQttfElgsZkhY250/yIIj0RCzmvHYhuLokfQ ZqfGqiGaBDOdg727KxwkN2u9SOFh6ik= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 8F998CE1385; Mon, 9 Oct 2023 12:13:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93E3DC4167D; Mon, 9 Oct 2023 12:13:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853606; bh=ZneLmCePUg63/qsSwQjRgo0lJ2wvCQfwcnIhBN+HCvU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pMylGXyro5zpDCWMajUKC7BW/REgEuYKhID+LyYyH5Snn88sviH2mVDG1LqC8DhHu /rb3/WdsVXascc+TWcbAaQm0weKwc4RHZ70ncA8M5m74+GC0jm2FIhgPg6BqEGj35q kuTxVoxUHtlFJ9QB3Dl73QTk+6rSJuXH0kFYYc1iRpFuROKh1KF02HhMwvl/Nb/E8r 3FtkRwb0ogEexxNWpKAKd91RoNh4ExK9KLLNAqVDE7Va4WbOOIh3BJPaA2pvYJ7dwB KE7Jq+y1W0t2C49fls2u2nbbaiXVCOSlnCMtM5nhqTolwzAwx73/nnnUgm1BR+raFh aeDk1sl/8cbfg== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:58 +0100 Subject: [PATCH v6 24/38] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-24-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7272; i=broonie@kernel.org; h=from:subject:message-id; bh=ZneLmCePUg63/qsSwQjRgo0lJ2wvCQfwcnIhBN+HCvU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2k+Yu5E/WU+7sfmQCBl2rh45oRS4s0qpeS50/J 6wxbOqSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtpAAKCRAk1otyXVSH0BTJB/ 9XHnWgdli5cKd6AxjFaDID/jh9Wyh5sSGi9fWVij/UGcOE2B6pBw3mi/DxCe01u2p6yJx5TUMuwbxP aeqLutwc9FpixTiJHU6JDxzlMDYSbhphgMNiY7AY4jBfimBy56c1aLQuKs8dH+EtFNFdKlRPLHNedN nmk51x/P4LGZ/rQrEWMDAMeglVnR2GZFmCmKGAFN71Y6lWJjl/kRrurQwp0tl3KmUyZq2ByedwGTm6 ZmKQCncBQ7OnyZa35wzxpKByWTj6Ponkov5hEtG6aOL9Ksc7j048tu+35DruNM7tJ13846OK+RUJcy DXJ23fGcRtQVlyTpYlktLHU8KcpVIW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 780304000D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: e1xnp97kitm3g4jgjohd7xaum9kefwaz X-HE-Tag: 1696853610-554535 X-HE-Meta: U2FsdGVkX18RBfP1ZCwB6lNzJbJX3vzA252vHJtgpk+xu61xcpQdYi97puGDTZ3HtP5j8mwAaaTsg1l+opxHsFGUAQvvsV/+ObTHXDDX+yNQOVzil5GLhhf9dI3K6yqa6xEVLns+5IqTmXn5hr0p0oCQRKcFaqvIsVRj7B1AdUARzBYmv6G/ISHJIGXx+4yTjXcED/ZgDofG7WnTdiLnCd2XMIAmZTPGZGATDTd8KAzPIHgWToMq/U5+2dVaNyHfloLsBRyqApV4NiJBp07DfmVJc5Gb4Yw/TqnQJdBzVfWVTmx3HVFjvJ9PWFRw+GgSlJWjtsjij7fncpXt+BjNhgbCndoROkWxaBZ7atjqj6HTbF56U2UdErny1Nm2Wa5OySSgeR9NZFIPhtL2Kl+Vja16xTaHlFoGl2M5vocFbN9M+XBtO1ORhWTxgPVO9qk98LNcLTC6FKXlmDwVFc19Ml230hKeVR4PRAxu6h26kKAw1slxJtisiImqnGGv08MMCr8tD9jMUgy5DtDXH71XyqB7stLXKCqxUgRT2xDBe7Wcvig50Ir/M6oMgvzmsYSiaEFKUy2UsPlANVMtYEdnMUcbNVq0PUtX59tWEZdylU1cZvZ5cHXL6GNAyZ4TRkjkV5eD7k9Lbv8X55OE/qDifMNNoVqf6tMlrrXOI4YaW/uInS8syk+wvn4Gvc1jE+/0GQo0TIjf/mWVdvuGxzGc2rC2tCr5WwAy6oVeDUrPczGM9xscH6DD1cfSshuey94cyKC0/hF0iL4JkTmmQBrxtYp0Qb/HoQcGmryLf539pIZz1OVSOnvxQ+UpBri3PkZnZtEndVFMUqDq1iBfF+MEkHsyBDd4bl7hUop1v+hf4w0j2q0bDTnp/0GF8f26CEK1W+XjVx3ZBk8GzDoomtnpaSc6GuId56q1Q/OUMOt2pcWuZS426LiztI3dDz02hypU4IOv6zgsVtbZHhkWmQM M0JWDZvq 7rAuuIlvSJe316Zr7/4SluI4D2RNQIgqtIOxfSDhQYm+w4wOsZ4eBpSgWhCh113c+B4oADcpc0d4f01dYGauP7x1c4xhRjUM2UlaAYoFpmvhLSk+x2F0v+J8rhTy9L/usK93i5p3GMzmE2Rt+Y+q3uWPtf0YnzFulxZkffzOCkRscOnqjK2hMZ6JXzfE00WBpkd89/pxj55DVRv2TAqM6vE/cn0e6f9q9GBNEGfKKWPGBTUL7ZJwkwNdTfpUjzU+r3VMiLM1+BWKS1MkGPuYGkm0Zq/5IqBEeCYbj1Z1wRcYIoLPGshubo/LjG8yLxENqaXR0rYNWLeE6y/4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set which we add on signal entry and validate and pop off on signal return. Since the top bit is set address validation for the token will fail if an attempt is made to use it with the stack switch instructions. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 2 + arch/arm64/kernel/signal.c | 130 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 128 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c150e76869a1..65496103d462 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct ksignal; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0e8beb3349ea..97004c52aea3 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,36 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) (GCS_CAP(addr) | GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != GCS_CAP_VALID_TOKEN) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +846,45 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +911,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1144,52 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + unsigned long cap[2]; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + cap[1] = GCS_SIGNAL_CAP(gcspr_el0 - 1); + cap[0] = (unsigned long)sigtramp; + ret = copy_to_user_gcs(gcspr_el0 - 2, cap, ARRAY_SIZE(cap)); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1197,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1237,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1267,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index c718ac4325bb..32e22bff9bce 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Mon Oct 9 12:08:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413526 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 926D9E95A8E for ; Mon, 9 Oct 2023 12:13:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2A5F66B012C; Mon, 9 Oct 2023 08:13:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 206106B012D; Mon, 9 Oct 2023 08:13:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 07FD96B012F; Mon, 9 Oct 2023 08:13:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id E32986B012C for ; Mon, 9 Oct 2023 08:13:39 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B7B6AC022A for ; Mon, 9 Oct 2023 12:13:39 +0000 (UTC) X-FDA: 81325813758.07.ED3557D Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf23.hostedemail.com (Postfix) with ESMTP id 38FAB140026 for ; Mon, 9 Oct 2023 12:13:36 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dbFRHIfX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853617; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xCS6oO96mMNygXjkUYGClWFjgA3dbpPZR7bvhgrLE4c=; b=AYydpISkd5+XiuoJRN2UCpYzhhmX2AZ4KN6gxtK+FUPoAg5oRQ8dAy1MfxwugVE/FFKy9s qNEzioQwYAGUlWf+s+JrFg+7m9m8OV3soTyRxed20p2QvQrsOtXnyKUTezE7mKgPUPnOSs zH6blJxWzfUET5ljoanSy4qUnOUIMK8= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dbFRHIfX; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853617; a=rsa-sha256; cv=none; b=UfeR2Y5Mje7bdt6XqoT05/CQdp/672q8rU3lRNm03BhqaGdvOxb22r0vMiClB6XIn0e+1Z XlpmQKAdGS24JJbVt7jRns621JvU+RVzhw0exrwqv73vCQ8LuowA83hd6DY0x/AIQKcPsf azN9HWlyPOTpm5Hq+XcJcfZ8I4LfAUc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 31606CE138E; Mon, 9 Oct 2023 12:13:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 311A8C433CC; Mon, 9 Oct 2023 12:13:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853613; bh=oHAoMyZjF9g9W2qKAKfFFNVap7j750I1wK7h+SBfGKM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dbFRHIfXZnNmV0GH5mjjdcc6Eh0Gm4wTq9OxEWlA02XoukvIMRIthKMA2I63zY/h6 6tT5YzG8dxbZJZKo2nKCwjWLQWTt6E7AoPtUTSy/F1DApuRQ/xbD4e49FvMJfXEpsN pQcRRpbwnzrCBJe20eimpKNVtm/F2z+eeYgynXCY0Yvsj/Q3IWT+5U87czLxfpLEmg nZrWB6rZ62DnIkzuRn+buRggc4ooI8AjdbFmSLK4UKwZR/R58tPy0NXKNv7ezQJpLD lBCgtC9GoXNZq6CwnyDLuuknasB2f7GAA0GhssVQudFnrNzCzr1p6RrrwqypwD6hqG YZ6pVU4TAV8Gw== From: Mark Brown Date: Mon, 09 Oct 2023 13:08:59 +0100 Subject: [PATCH v6 25/38] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-25-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=oHAoMyZjF9g9W2qKAKfFFNVap7j750I1wK7h+SBfGKM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2lYDlBWkksdW7TGIp9zwyG9iHJp9RWtj6d3SbY 3m5qMeiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtpQAKCRAk1otyXVSH0JHPB/ 90gi84qQbtQc2C9jFLZZVlToEfYki5x2CovH76V02l+VZfQqBb/+Ad2dHSY36ROJJ/ekkoDLIgsfRh EGCSmcFXvM084X5xmF40OpBuEjDDsLHndMlD/qEBJnvGXU9Nq6lWkDDIqzVM15dA7ond0LsOhOacai NVxWsDuYwbFt/g8QdVgWxFCqHVRtHdTsRgmCvfzaZeTCwqjETwLNw5wUUursINPs06ns0KHVTq0VXa GaCs4r+m8PrTdFo9OKuw0P0E/kKW8+gjLnG4Zlcl0zQBaWY6DHWEYf1bnl6qcIH3TJPJDwRv2pi38V YWns1T6is4pOsuplsB6xcj0ScKvDLU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 38FAB140026 X-Stat-Signature: h9dqs5ihk9m7m8ufhd33ew6uuqutfww7 X-Rspam-User: X-HE-Tag: 1696853616-378245 X-HE-Meta: U2FsdGVkX1+6vmcjvRz4TeMla5ONSyiWzMjMMkRboORVkjB8e68LA5I3ghZogOo8IvHgqmdk40RAYJ/I0PORc+qgDWuShbV2yqyqK4cWhtgleka4adOu6UmlvBcWRqHvEp5iBP9hNvPU53YTvJBCiOxxXpbmKPAWoconZlE42HmAL6B1Ie3W+kDswypcRjQNd8lehsbbHh3MU4sgcU8JanitXdH0Y7YO60kxhE5rAu3tjesd422IQ2ICzzC8pO9TSP6lv8ObBlkVnz/M4NqvWElyznH7unlmfddWiT/e/lFBNbu25QL7iWpPaAbB/VywxcWS/XBGtFDVMX9bASgjFtvid4jSlfURUdNl3Fl03UPgQQY37VyeWrK2vbHVDvT2qJimUy1BiZuvIsfox8HTBtzhF1OwCnDc1zHRHYKSYKBL8gPxhXWqqIq+ra4ZCzer6qY59HFXp4F8qtLt3qy22w67IBU6fMAumnS4FYnNhPze7u2BrC/Ex0WEkBaGhggv4BriXfjd7tG46c52OoxbkFlh3IJrKhnuM+mC0RK/dfb9BX3kMDfqHmfXY09ShnXF3SXjUdL9/zvJkkpYCwh3TwxVTQDpvmvkjDqpqaIfyk4eMWqDz/TQMqMsdG1VGVvFzdMODt5g3nCJe7LgQit+12NsXAHnXfdMs1Q5Dw43qj9+nhvsILHiRbwjaBt+BEzH4UA6ZhNaOA37FB99ZnJtY0aioDmE5UU4oA1Sw82lK7LlRHnkS0VeAeJ/yOd4wfniRtoQSr0BmgFITbs2SFBq66OpTbCMixumeU2ydnLFc3d+XpSIDwUHvdjnOo0B0Ivd0WBmKAykkQCFGYj9kWxkTnW0B1vlenkeqtPzFMVRIZlzn9GdpwhdrVA9Rt+BVJbaP508BJZRkynrMl4HLXyE1lh5N2VLA36+V0QTcyGWrR3yk56/F/k4OVPtqEeuTTV1Xn3XP0Jrnn2PnEDkzbb V3jJcQV2 ZMirC4CMjv+u8G/8gKWbS0GqcUGnwS15xc0acNAb/huP3ZFsI0rhWkcWJtMUfGnE15Dhual2x1QngM8dtSMoZrbwTc1BCNqj1c3ZWJ/dwWXML5t31flTBM0oaHfrLO2QeeXRbWayeX1/zoz+5E28aRQCYdgNbucEIUdCfTigvYpwG+ST8VmC/q6AzjJ46buT10OGJHQU3cRzY6b3vbiwKPqsTC7qA1rkyiKRNysvsk3rUACQYrAW79ZpPsQGGPECR5RbWUmBvYaivwCa25UbKWwHrGKCku0mAAJd2AogoOUQhpSvAPehbrnh6fOmtqYb+Yt/wLwZa/bav//8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 97004c52aea3..78370cf9576a 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +700,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +795,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +925,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -948,6 +1042,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1041,6 +1142,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Mon Oct 9 12:09:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DAA7E95A91 for ; Mon, 9 Oct 2023 12:13:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EB21C8D0064; Mon, 9 Oct 2023 08:13:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E13E78D0031; Mon, 9 Oct 2023 08:13:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C8E178D0064; Mon, 9 Oct 2023 08:13:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id B1ADD8D0031 for ; Mon, 9 Oct 2023 08:13:44 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 8856580202 for ; Mon, 9 Oct 2023 12:13:44 +0000 (UTC) X-FDA: 81325813968.17.04FADD6 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf09.hostedemail.com (Postfix) with ESMTP id 87A84140002 for ; Mon, 9 Oct 2023 12:13:42 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dn+JTB1Q; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853622; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0mPDfNpkuIpdkA4GglwZicDksv4LLc26Nc+ZwAqEc6E=; b=LTNO6E37a9ZCOchzGXib0ejtfh5CDjcZ20Euvia1My7WSInaTvuT3cXZcWhxiQX/LwWTZA ZsdHwSiZe40lbJRBF138W77kMaUnq6aEq1zKZxk0jvapR1AJvBQuZEwUDIJbrfrf9GtVXN kNWdb8WpuM5kxrDKP/ewQRB3hEPjYuU= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Dn+JTB1Q; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853622; a=rsa-sha256; cv=none; b=rDxPsDGnxDEq3lLBUSToXkfkV33PQbdZL0iV08pg3hbrBj2A47RG6dcn6pqapMGr2eNY1Q m171+hRqyxNqxwgnesagLvouJ/6eNCyxTR0qf5KMS+9enJThdT9aJRRbV5Ac+GZzYmDSx1 s3wlMSgRLwgEbDWXWyumF0XnCq/H7bQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id F3F43B81181; Mon, 9 Oct 2023 12:13:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC4BAC433C7; Mon, 9 Oct 2023 12:13:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853620; bh=1i+GSTpTbO5P/qld4yaRpURtIaffrsBagKFpXCXGmzg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Dn+JTB1Q6MBUWHdRdmX1zVJKlbRP82QRAInihBBBPCSvLKASb+DMl1YxFOajCSY/E tkJxqrl67Ke/aipeuAJYv1qEFEMNYX7QYKbLKpb0ekjLWD0oOMx6jarm8pyL68fEUN p6daZNVLAQmNitNSRtPqqKZBwI3Cx32AKFrcA066xT5vh6vQbSnKH9mHyKO961wa2Y f/ZBWZ/PuexVcNk05aIiD+VBQU23+uVHhBiPf+qdhMkqcU2njj48ROrM9XrLpKlskH UMCymKGUkrccZ6jkiKcq3ikK9H0NGmKi0heiEtZJWUtToYJdcn0frKtXAfF9drE77V QRp65+26zQUwg== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:00 +0100 Subject: [PATCH v6 26/38] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-26-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=1i+GSTpTbO5P/qld4yaRpURtIaffrsBagKFpXCXGmzg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2l6LKdpST7ySLYv5LWeHkMNkrcQaOJdWoxoBqf QQUckdaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtpQAKCRAk1otyXVSH0JQsB/ 9QjqXMz883xP7630YeP/WsHDXXMqbUL1LZMm+9OQba6q0kMurV9IiHrfNL+X3/jURiix8fFKkuQG84 ZA7LYts4GHIaQ8SMmj5KuMNKNxXZyoz5b316NaTGLgUedhn8Q70Z0H7fLxagK1H7+ccLrJaKkbiETa yToRZqV1yatPowYRk614+CUA2/jURY6M5bWe3e8dfKBBrcnYqNPHInwX5Kx16mnEYJT+XPvXjUmUx+ kgvsAPwoaaZzoSfBLT+LuPy+oago2pJK7XJbrRfHheuH3Gzl0uEtdO4TOtiyc9Sb0096fLm/blVzBJ hSKrRrdwGBwx4X5JPWvIF5vyVrxGgN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: ody4h43ur5hwhq1y95ypo9hkknzxdj8a X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 87A84140002 X-HE-Tag: 1696853622-558814 X-HE-Meta: U2FsdGVkX18l4ml/ZECzygQBKjVHfpfjHtN2q/blxf+H2pg6gaWZP+KD8iW1Yj87WFuESkJLVxvdyZzBmkj+l5AqHr1OKdm2Kl+ixO36Kmv4n0zSdhSx8IBEUjK62sCOxppgnHr/ttPXE3Fr8IxnMYC0+lihIMXOQKYf8hOP93jTPQzehZrcAHuj5gFEVa86pKCQTtx6z4cTdEF2khM2aIZ5LyEW91CVf/EO5GjHN0jftVkbIR5TjaKtuZzy6X/vzQ4fDMb0Q29Kt14FnfoYGdxzet3r43nVFE1Z7YQRAe9Lm8faCjVGhXvomoX6cUQ/aSZZmbeUl0Omo3FfhWsEUyAJ4AjXzXcPp0tjnVAKf8orT1j6S+N+CCeb9GxZMBRckRYsjz0FQV+zjwGsYoUSHDWf5DucsDlK05QfyHiWPTl/urNssPwJD/FUBcHsw2vsP977NzkCc8YOJNZqWn8FzFcxwcxECVZx98um8vo9A4H/JScbEOZYlSPDZJg5xbAAJBef0c0LjJnBk1EsjZjW2x93+yk1MElH0XaHoQksiYMlprpVnzgKMwC1cJrrQqzK7PKj9tDjHLeYMUBJ8XlkWxflFEBIh9pdmv4pJSSUsSJY8PZaS8cuydNcMbro+AzCiLLlxlAsk8rrvisZNNLij+UGbzN6pPmhrf/PZSsNF1L5WqnMSXKU9/mWuDxsr6suYb9KMK6draLbpYs+V8q7NPw09EMI3uDs7nB7SGN440CikxlLicrWEWqB2/mXe/dxMMatbaKsUbCoGNdPfesPnkLHrEBigI8zhTzljZejQ6t0rfdjkdzFYGnAwsZGvqxgFCknyGMdy3pcUjpXbLw9P+Z9xrYvm4q38FhceKnuV5HMsoQPaLSspp7A0I6v8Zw7ocpTf9hBif+CM7Lt5O6A3ijI1z+mKYW9NBJo/sFA5UdgKtSyFkIXBAXieLOYmnXXyh3DAgwE0AWOlIT32J2 OqxrY8sT AENoyDCjKhnotr+81JTABn9Z6q8/J+4/VfkvMWvi+ZDmwjRo8bNRfR9WPUKXQRDzofxgRMnQZzFFsaqvYWNapSmw8a+ZtxhW03IifAYlkutYGGSxPTGVJYUoAjijdrHRX4glsQAmmZdaNtR0VPxEukwtBJA+9srGQ5sGpBAEs2KrSa/B9SmuF0ZfFsq502Wj4n0kGeUJ7FCefCpMcS25n5eqC7FnvAABW4nB4lYJOB23CVezMax+6edtl7bSugt9lxbqup+F1scVlT4Oj1Wriotd16t0QnBY6tT4YU9OZkcVzOKdbD7fF3htTgyFAJNUoc7gXzcp6EA58UTZYV7yCVtRFk8XLWVCnPlZdvRytxJT15yIUXOqY4//MGQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 20d7ef82de90..f15b8e33561e 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1409,6 +1410,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1437,6 +1483,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1587,6 +1636,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 9b731976ce2f..fe854a53099e 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -440,6 +440,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Mon Oct 9 12:09:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCE1EE95A96 for ; Mon, 9 Oct 2023 12:13:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 58A6D8D0065; Mon, 9 Oct 2023 08:13:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 513618D0031; Mon, 9 Oct 2023 08:13:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3B6C68D0065; Mon, 9 Oct 2023 08:13:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2643D8D0031 for ; Mon, 9 Oct 2023 08:13:51 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 0166D140238 for ; Mon, 9 Oct 2023 12:13:50 +0000 (UTC) X-FDA: 81325814262.03.699F9A4 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf20.hostedemail.com (Postfix) with ESMTP id 094B91C0004 for ; Mon, 9 Oct 2023 12:13:48 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="H39Ysk/j"; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853629; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yOQWM6K2oy2f4KPesiHRdEf+sIDTbKOcJgw5i/59vok=; b=FrosnesnlFYOOBLDokWuFORpQLzITSOy+lkDt9mZxyueSH7ZwpFh3HUVLIQksk6GCkGkDQ wIhFBZ/319yPNufQ3yXEuIlZaMU3hpRe/hgN/dqdggF0dY9mIcsVbTWPzCxAP9kRIp3cX7 xLUPVbpeI2Ikw33TlftgtLUCWW0jy0Y= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853629; a=rsa-sha256; cv=none; b=ZUAYozTJq5aovpqGWiWwZOYmVFKZ/C+y+9taC66+ScSXb6VapdOualONy19izwUkGJ+H5R i3ImqupJp/hUSxRhkzaeOJJmfqcXGVnaD6qpjeJ0ebUxGRks0UYbD8xfbYYf+aAv50+Aoj tHR8QAyExBSobc/lpfsaLsA38liECeg= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="H39Ysk/j"; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 65D05B81183; Mon, 9 Oct 2023 12:13:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 922A0C433C9; Mon, 9 Oct 2023 12:13:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853626; bh=HKr5dcgoD1HRE8Dfu3M7S45WXlztyGX1cPv4uDvvFRM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=H39Ysk/jv3RNdJhL+Jsv7sBxcXZHRih+ROezijJvWx9EN4JvZ8YLVnCFWuh5eiiAl J3BcFT9L59aj2K0HyS0TQb5id7+eKSVp9IjZACZ4PEq4aEUJjOSP7GkJfDBzcp2Jrb u93V6DlJLKNe93rxNaei3Ow4LXKe+OKHKlwDOxFWm1SDJ76Ri39wH5qX2/YhNNY5DJ oZm3ml3SR7XSkXmMZ2NeCqJMYBJ305rEf0L35tZkyRCWXvoBdQFqFuMqNZgytHtcPR nvWKeRmVjuWn6bsz71J5LB+/nVGpBcBAqwMVSDG3VYjbyzwNtsmi2AWTk0W5qcRWwU zkc7oXD/SsHuA== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:01 +0100 Subject: [PATCH v6 27/38] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-27-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1334; i=broonie@kernel.org; h=from:subject:message-id; bh=HKr5dcgoD1HRE8Dfu3M7S45WXlztyGX1cPv4uDvvFRM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2m6LbrIKImLz43AhLYkdJ+mn8/n/WtjdVAC+Y3 I5cZkuiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtpgAKCRAk1otyXVSH0C9JB/ 9PeuQ7odFNzac2es7G1H21MYtcjVH9+a2Xh/QADOSwBO/AZwG1T+Q4oNOVnGIYZhsMy5AUgOtQDFOg zDd8RXL2Yzchc4BhE4Ekw1h1A8Fde16BC4U8J5YyfbQTWzzV5ZjYMZRgWLWLEmJ82HR2bI/yfKju2O yiag57d6zPB3jBl31kU7tVUGxpZ+W2N3e3w0Lsn0dB/LatGzkRPssH45VRWQSLCiWocphZV2S0FttF 8NdpTgTettJANn4cQtR8Ybduqa7BR2LVBS9TWMxRVAdrv8KMfeizfOEaa1rfjudAGqmDa9T2OYofSN a9bEGUta99nzCir41mnHoSZ0Cwo785 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 094B91C0004 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: qw84qkx53zu8km1ita5zan41s95p1xam X-HE-Tag: 1696853628-779337 X-HE-Meta: U2FsdGVkX1/ahjbNcc+46yiR0zDdX3RoXgOb+b51P7mtpGoh4sIjSEdz5VxvBjyMQpS9lsMhriWNcrKAWIoZY1kGwET5JZXV2KHY0p8G75p2kr5bMMvL8Gunhku6ZkwsTw7tJfvb9aMzFyn4TGcChAWcEVAbrurEo6yXDN+HYkMqbtamMyvuuRqpBZ23lbb1uDhlniny9+v/T37fPVM9l0h41ZmJwQWkzrbdVWJjMQHwpfG8dMNgJLCMeYtavY20oJxkYADg+bH9MRkYK8PU4G9k7Yg8z0q9ZR1JaqhEne8gd3OidyiQiCPxOhOMKkJcHdQqTjalJRQofayFva7pNNLN78U8HEyFJxAtkHBrbk+j6R7hki15KTvfnSew6TUrTjzmnKf+gx/fY+Qy4dVIsBoK0C/V3mKDubqAlK7GhjjRFRR0gULOQ9X1RRQHgseyoEtIVJ6Iecap/5FwEJbqF/Dw4oz1td3o2F1XlDD0GKhdkMPNd8r6hVt1So51x9lqUNobliXDvIcUq6wKqRVeNryiZw80ct9xCLXAqHuPAOmn6IGovLVT2mfUvVsyPxUfPR1ItFwxatLYsEMX0qmtz3Lee8RrPYuFqI98pV1Zia2/g69cnGnM01fROxNFyQKdfRpxbJ9tHZEoRUeT/RAUOnXicQxVuJYAA7UbpveJhPJES/ac5wUfZ0Kmaosd+3RLkANPIWNYMKNo63CfWB/J1EMzINIgtmqeP19fDhVSrKTzKroxrYbAuL4Xtfu2Ns5TXXeS1DQ6mQql/mUN4fg3HvPcQQyBhhVVOH37k0FnuObbOuVr0uqlXuhvS3OY85/c919xCcllVd1v8Ug12qp9GGEnjQH+TB4nxWNQwu3tztOsWyxZiowWhrgpDIX7rCgDX1jNn4cctqz2Cpft+kDqSl7qt4+Jh6u2m8mSTVnwsLJCxFJpXh5NFwVw0bYlqivEIEWCSf+5r3NdnpsuYrb Q7zBR3ap 3d0KJYl3H5T5T+Yw6LM5x9sspZf3jxDMe0PYIudHjQV19DXLXUipdvQdKprqw2I1LF+eI2LqO4Q9xYkZPpEGMhlJ3QgPYxTkyDP/FXUzztFDHghW2xMvoTe9bFHQ8FGjk+LCwamLCmykEAmmLlzeKqR4mhMxWQwmYW9WV88WCOPsATZA6bTzCyUmbJ+whpX9ANfNtwmS5K8itDGn0OqVFFt5OTr6iY3pY2jLdm8pPPVcWxcr4Mm7/lb44gdUOdrqZ0R8K/pOlUumYEvSzP83HYWNOgxbYEsPw4ZuaggyPeN0pXyVGdY+LlMVkHdA1eBw9AgpafOLVRpQRmjw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index b10515c0200b..d235e725177b 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2060,6 +2060,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Mon Oct 9 12:09:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F78AE95A91 for ; Mon, 9 Oct 2023 12:13:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B574A8D0066; Mon, 9 Oct 2023 08:13:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AE9198D0031; Mon, 9 Oct 2023 08:13:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 959438D0066; Mon, 9 Oct 2023 08:13:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 80D2B8D0031 for ; Mon, 9 Oct 2023 08:13:56 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 5D59916021D for ; Mon, 9 Oct 2023 12:13:56 +0000 (UTC) X-FDA: 81325814472.01.D0C9F5C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 88A742002C for ; Mon, 9 Oct 2023 12:13:54 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NeKlb9iq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853634; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3LteIt8O7624ija+2djMB3vPztMKKOmv2YeJHHC1qmA=; b=DrNfj3K62xxMy+RN/x976NVerzWp7UOVgz5zGeZCDCor1zYECrN1xpdECCoz9Dj+X1/vQB mA/GiFFpwbFQjKbrFm5jWPlEbDwc+uFVv7SdYnwLmdp0Zx4tC2P9FTh2PsaY2/AhP1l8XD OIDFiSYMpZSjAPyPQP3LIvm5XlHeQsY= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NeKlb9iq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853634; a=rsa-sha256; cv=none; b=pTOIivUmLvK+6X1C6+EP6qvOCWYTIGXzyFV22dCeKdWhdienSkffDWSZj1UXZPbCFYgcQS PkKPVhQ8/HLaXtZZD6LKUlZsxsr2PmMHRorEEPl5fmTyMVj3vcN14sTnC9MKXtYZYUcfXc Mf0YXHwLzmwvIxp1vA0RWuIArbMAFrw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B598A61120; Mon, 9 Oct 2023 12:13:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3A219C4339A; Mon, 9 Oct 2023 12:13:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853633; bh=CQJ0Nn/FrNQwik1UANJ8xSGTPojw3dSDEOcln7FrjBk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NeKlb9iqE4AGE1VnnuuEDi9x2qHDhG39YDOtQOygNJGcp/7puO71yjWwEgjDhH3Ok EsjeQrTlMbsE9cdsW802P0C4KwKQrLhXCAVPvYoMyhwdzLylGiRYrjWH/2pZ60L35S a9jKGbTd5a1hArbwkwropJxQO7vTjD7c0Xx2znQT6EoNdzaeRtiC4g26P+M7uLgWrS b3oQO2OsLcUn+5vvhhOIDKBd0jOw7N1t0STVQxilRLL4vRA2LTeFElBL2WUiAMl4Hv HOWchYwqBex8aqYopW1sVnLkcj0J6hahyC/X4knAzKLC7SCmnLWKhbRz/SG+nIDF/N IhyAEtwkn59tQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:02 +0100 Subject: [PATCH v6 28/38] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-28-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; i=broonie@kernel.org; h=from:subject:message-id; bh=CQJ0Nn/FrNQwik1UANJ8xSGTPojw3dSDEOcln7FrjBk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2nVuVBXqjsn2LJUIT0YQm3p4RqL6b7G3kTo12X jK0EkTuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtpwAKCRAk1otyXVSH0DpxB/ oD/2yjl18oaUFoxgjlXboHnU3Vdbj18snA/U+HNmjP8ycDMAla/rlRZJTMobzcc6q3xUzjBw6Qby42 XQwsre3+1XKPZXNnbbU4/AE729y6HgZeTm9fQ6OYXPXHqyLSUC70l8Mo4jdi6hLBwPh6S8TQSHX7NQ gwp1jXGMDhHgNWm9OEXmFTt5+FD7DPoWDWt02MDae8YapOFbDrFRg5urZTSdSJLdZnCDJ77TJT4QQP vhmv94GFddGFi32RfpOmDdfT0/fr2hdAfocT2Sv6jv7q5XCYP8ofxBQ1QvfGbrhqxoMKQwleOK6puP vrqiRdibSz+Kgt6dLzej/2YoOwjid2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 88A742002C X-Stat-Signature: doiwc3jgt3bqcnweidxzhxh5c933ebxb X-HE-Tag: 1696853634-257931 X-HE-Meta: U2FsdGVkX19lNLq1UiW5gke10lEaugewHuC3BlWIYT7wHGOS9ByDG32X5ZohZd1R8n5uUOiGhFjHZh6t6Xq6WxyatIU/dpdp/cMXuYgiemAMlLUv6/9Y49eeL9oa14Y7cuFxsPUmdW3NrceFG0WwHj6/7zSMw34qrPikDWv+LAUhqTIPFvg6kgrV9+zlzFBnfxd7VXvFeRWSMsXfuiu1t4bJMo+shx9ceOtfVQ0GJfljUL1J0la4W7l8p0yCsU1DjxmLx9kh8ef2QLC4VJtLrty0k1qZtlczhRKCtcLU3JJCMM2hyRjHMdrbftvKdOzsvR07EuWvyHFxpz5BJZBtTuSFFVRoFGaKtuvSdNI2LNRmDis06R7qiWICEws91DKtTCgbcSxS6l0Ah6JY8nux00EqAecptoDxXbp/MuRs8J3Mn6vVxfA7IYmYJ4lab/ZIt45hzsJiAHbieJe7+EUiur5doRLnFXrhl11udlTns5hQGkyyTfA7C8DRiFgZIPXd3iYZc4ZLyFxnx3hqqCPCid0y0znnB9hOsOTEP/i2sD2CeFua0kHbcrSrYDqgYWELG6x9oUfHKZ7Tuca9I4I16km+N0GkBH7k/aHMKpdLZyer9B7G2cMfOZmIFXjd3SC4tKONbVA4p8IJtoDmyWevJRoOJh6mgfvMgezbXaWOxnjD4fWGH4muzgkwd+nLeTYLPwSDV3/RsBs9Ox//5Tqu1nQUb+A8IWpfeFxFODAetQhRhBSV55XbhEVPSgoEYYFUJgWkGoqrVNcaNoSDvwNCb7jZt3SPnP0Bjc+rxRHnWfhiC3UbJ4/UGlqKtXeaQynOJQUaK88Vz7ZUAgMNrk9suND4PYPI2wLWQ+Q6v3qkAJxPGMLsyhcAZ7Wt5RYHA+JFCdK++zmqcPbGu5LLHxZTr91rbkTR01dHOS7Apke92QyuYZWa3XFNwauTipndeHx7pxq6Oyud2z0+QFCrhzH uH/0BbgS qoE8csTd7hlqw8vYugaLmoW8ZDh4qU1oQZykVfZpqb0aqPLjyt2zHXkyx3DDURWBb7P2V6duh7AmSAXebS4yEBLVAGuBjGTQDO7EDwv7jw+qCAX9XXiHTeQ6giznO/jIA+KxRjTtpUrZVQ/8dL8usmDSUyg+ccABxPlnJ61IlbLaRIyaH9gsWs1K+i8fg/Ks6pqaz4NzdqoW2bzbWc3ydpM066MOmcjqqDbBqQTpEnzR2d0wCl86BaW7+rkQ6t4aS9mc8sYS686mL0C4HUwLmIz0ArXOEfgtjBomTmKiQc+IPcsZd540m9gtKJzDqjja+LTnwSRfB1Dy8/qA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index e3d262831d91..785c9a4ad666 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -63,6 +63,17 @@ static void fp_sigill(void) asm volatile("fmov s0, #1"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -327,6 +338,14 @@ static const struct hwcap_data { .cpuinfo = "fp", .sigill_fn = fp_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Mon Oct 9 12:09:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B177E95A9D for ; Mon, 9 Oct 2023 12:14:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1B9F18D0067; Mon, 9 Oct 2023 08:14:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0F5818D0031; Mon, 9 Oct 2023 08:14:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EBCF48D0067; Mon, 9 Oct 2023 08:14:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id D51E58D0031 for ; Mon, 9 Oct 2023 08:14:03 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id A7881120241 for ; Mon, 9 Oct 2023 12:14:03 +0000 (UTC) X-FDA: 81325814766.13.0E7405B Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf05.hostedemail.com (Postfix) with ESMTP id A8FF7100006 for ; Mon, 9 Oct 2023 12:14:01 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z5tE8lnm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853641; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; b=3/P7H9uyIYdk2XhuXY7AFWL9hhbym7Pe/aUsXymiVj3YdoD/4n0lx6faljysqgyeEZF7Vd lO6je251UKemCNBjf8vGIp9Ksf1T5nlILnAkCb4uJpTEk21PiUzjw8gSWDiyHahHQMGptx GZGm7QgY+DFmSKgn8idIerpP7ywmwsI= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z5tE8lnm; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853641; a=rsa-sha256; cv=none; b=l3t1j8P7VOWXaLUQuq/Qfl2odrjG6qEwON8u35CIYjWfnxlCVD5guJrMHL9NEGOqOOQtrH SOpB0tubVFvmOyU8rzRIXDCK3zkzDWIUBmo0KRl4z2/oBD8MDnp8ei+InkJrXIwhn+799W HOtMhgbTtpNLlnZ7Np+omQqkdj7+1hk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 54CF7B8112C; Mon, 9 Oct 2023 12:14:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1117C433C9; Mon, 9 Oct 2023 12:13:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853640; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Z5tE8lnmdXjuy2FqbmQSDL/utDLHfOoZ4eKkj7w/pFe+3P01nqhLYlWUbu46Kb66T MQggDAPnYeq7fIffhSX2fspIXyhKvHV3fcYzejotBmZFk0/3MKUyi/jRYi5wNt5K+X Oa54ejUABuIC3+Js8winzFrZE+yubCehE6R1fsFaKY82wL9X3leYnlD8DgFEeJC1Wt vRFhGhw4q2GODqA4+lX1CM7HM2u3IvA003ToN+sKy1g4py3QVoI+lxBQqzVi5BRe8B QNxy5na8NSMcK74IKtvdeJxxYDIFj9484A4tWvzdF6gUaaprljtOF3zzC/XcH3gwSs f+M/VlaD8QrCg== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:03 +0100 Subject: [PATCH v6 29/38] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-29-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2oIo6FOsWYrBJln/h48RApJUprOroIIr+6v3AC j4QlW3qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtqAAKCRAk1otyXVSH0KBKB/ 4rQ16IAS5wQp6WQY1eD2bS9klRAJX/EGZrEuSxlVT2NgqoWHdyR64Ppf4FG1FKuUqvMND5hTvoNO5r j6KcnXXEnvj1rbqL+4p87ulL7NX44680MNQJqrr2ev8vbbzXgOZpLp8yKaAV+ZTeW3adrfCoHaRd68 4vj9950qxYJkRIpQs3PWHIQl7LTy0wFOhiBvvyeygH8sAlKEce8j/t0SCSj1+irzRPsWT7VolGRuoz 26oZ3vn8jKDTn8gqey9cIe2Kg+tDLrK/FU+K4451nNXAvOqRl7LoBBpIbrg5H0LgHewcu+t0rhnLyW 9vQzfxF+XMWgy4/GxIOBR1MUoAluz0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: A8FF7100006 X-Stat-Signature: c39x5u1rpkm4c8zmgiu6jdytnxfe4rum X-HE-Tag: 1696853641-659229 X-HE-Meta: U2FsdGVkX1+RKIlNexM6i2Xo/VZk0uOzOg6wU1qgzk2LitmQDVTPMrkrWfHnAZSLTksHeqrHXbnBug61618kcMH2lz5ryaesQ8H99ztn81avyoDfbJ5SWKUppckfWO62ZQYuZ98UposehhwvxaY/16Boq2p3oli+BICP3GTZbKoNe2mmS1X1uz7YoTx2ez8AzMzjD8P7Sw0gLz2L1XzOrpDOX0qxcOWcis6W3yt4XZoCZEciTZP3mxRbSrIde2A4bWZzutZ+KhAnAH7dgr7/tK0QgHT7lhSb5vH0/Uqgjb0RUm40ngpz6a0M1ovTWrthC5GfwawWaBKX0Gk/1QwkTtEYSZnS2ROz/VE786MhYeeqtuu1mDzwnfYakvJaj83j9qZbO4RpwD9s3gYEhAWVPMPQ9YFEbJpWFZUXjHwu4c1GAiZyf94Oy4ZmKFiPtnx7g1T3P4RfqPXrnVl9BJOSf1lAK/w7vV7sdA0oejZIUVGfpNxfD2ctcqf5PrwHFFWdCO+npdEPK7HmgzHTG5+y3Kr4VGrlByqse//6TKNQmcCZEI5ldn9itG4ux5qRgOEO8PRv05UeHHEv8D3ONi/nm5kBLcHLd5o6vR676NeQ6NiBo+WDyIlwRjC9SA0Fz12+rI6CQrS5galL/LuWwoMVzR4AHR5OvjIOQxGRyWafzituaKhQ2ulw8YTqa17KhBr6897mxqt9qKohHNkT7Vqh3XImr9uRnmGb08LcNVi1/oUSd8EzRid+bZij4e3WNIDQXGYhIxLPOM/obrn4OyQ6cLiTajQxU5lvK0CTvMWyBikVZQGV7i5x1btfbwys0YgoZ9HamNFmCTX6nsJTXXWzYEgrN1k28CwE9wq6+E4DpLBT6ZxRHLkenecAH9O3AiNAFxbmcd3JgTIL8xsa1kUwWzHmWjgfk8evdV6PAwsKEYyP1E4ba5KtJtjyd8lRQIBy1yvkSPtoo/RaPiOhfBz nzWs4FMZ Tcm6TvVrnvRhL/pbr4fSlucgKSMn2DSTiDk7u7gRimaFzM4v7ajaFP4EQrHchnr1s9iBnyOqZspYHWnjiXX6aJaGY+nVdahN3+AMXCxDuCUKXL4dNyeZIPN2+HTgsxqq5+JQVaq4+rasFMD8udCFDPcibHGQhV0T778OXr361iLFOotwaMJIOpAAr+GaPxl9EAM4oV1SL6jsj3/aB+YgVMZ945XaUT8zuNJJMml6RAxTNKVyLRdCSpx1ZuRq9/ShrsjIVgrBLHHlpwSkpRn/8oEGO8W0y6VjmgQ+20jxVt2NaCrwBugZMxIT3GA8H6DceWUy4sQOD+yROqZU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Mon Oct 9 12:09:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D41DE95A91 for ; Mon, 9 Oct 2023 12:14:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 207F98D0069; Mon, 9 Oct 2023 08:14:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 191BC8D0031; Mon, 9 Oct 2023 08:14:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0317E8D0069; Mon, 9 Oct 2023 08:14:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id E13158D0031 for ; Mon, 9 Oct 2023 08:14:10 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 96DC51CA65D for ; Mon, 9 Oct 2023 12:14:10 +0000 (UTC) X-FDA: 81325815060.01.9F9B489 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf22.hostedemail.com (Postfix) with ESMTP id 942E2C0016 for ; Mon, 9 Oct 2023 12:14:08 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QDoT3Rs0; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853648; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dq+jcN5GMg5Lle2kiMLPNS24YEsjylZTVcQUjBnRNs0=; b=f6bZqIWKcU9bIOZWxBZlfGIG6mbdb3tcCV5hqnJmUKhsQWmXPFX7Ek0wjDKtrPcWwYMUCM bgZZLC3j+/T7zWcslKhoEGapA8Jppoym2JQTTptFY5EMX8UJtZzfMn5JjrZZl37sSIcD5u Mbg9xp7vd1PCbHPGD340jq033wroqEQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853648; a=rsa-sha256; cv=none; b=E2sRWBYu418Prbe39HIqlXlYY8f5X7IPiGJNqYmwOwGjuph2ZiG51q95hjpV2xe9++sJ2h qWvqqBQX0ekhDNO8+sQKFP1zzLt3HA4E9cIWL0ApsPiZm3qP5ci4JOVo2MJmrUk/2Qr4RS ardfUAeeZol1ctkcsZYyElcjZU2C3q0= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QDoT3Rs0; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 1CF01B81158; Mon, 9 Oct 2023 12:14:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70D5FC4339A; Mon, 9 Oct 2023 12:14:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853646; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QDoT3Rs0dy70eTof0MpL8Clmp5D5N4G+bALCxg28WbX45WAE5V6sk/vUBxZzkCB/w +FzuuGTRC+vbQZTP/LJpXLFQoJoa/dFN8A2DtrbsMC44VXAJojUm/L6KjiZYupFDCz OMIxqgNnfIkH9qe9SiQAivSWq/uD540hHtpMeukDnCv+Vc3dGA9ZE1l8BLDAHcW1Dy 8gni6ij4/iID3PCNkQjgI1ZeN1tRleWQo/QbuHLXszaDuCR53Gq8KF+8bPUzhuXaC9 +/wUvXP2RYyXaJVthDj1tU9T5Ul+HV6UcQvMFV2HaaFGAZXQV0aJ5NpUZoW+zq7wOT 94CHAAamp91hg== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:04 +0100 Subject: [PATCH v6 30/38] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-30-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=DtrqsekNxnVEUxJ8rAESK/JTguJ8OvysbbylOwjoIT0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2pq7Qa4GULwtgg75uflK1VZRll9L2EqVA5sWym iRyIswiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtqQAKCRAk1otyXVSH0ANuB/ 9EYHlc6mJYvvbF83tv2urYj/dsRi3MZGM9bL42WvASqT9Fe6RxhqSl8+yBkjK9zlnt99TI4RlGWH2H 7TfVXMoQwlEhSvycSBbhwJp3KYFlja1mU/BKWyUAB524VVNqk0FaXeYcYsePJoMup3ysfKgET+5Ow7 BudxsoJJPf8SPjz7bcGQshCK0bskVX6ZG6P5z72NmpAo78PQjf/fdgwdqG7MgXhLVpnJcrp6LUXsKI py/v2S1R5Fz2sZW8EPhj+QlJjC+XxuA+xBNiUeTNFfblGGaQHnVhVpXKDfA9t69zSl3KsWhTZ14286 LPcR/NM0Ve/MSPwybGmUQHozt93Wpz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 942E2C0016 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: es5npr3b8cbwc5hjkaj6173rz5qp4wpd X-HE-Tag: 1696853648-94563 X-HE-Meta: U2FsdGVkX193mxVn0EZqwEwhwqo401HTDWgiOlaklrNTNwsVNItIUcYTSLZiY+iPckts9AmVAxKEHgq05eVwHc+8VgUUtEikKhPdS3K/WAkA6obG6lJUeU2d/5pCdkDz1l0zkaVrU5NtFEh3oQq1IKbZNERaiOWSqPnzvVAO0TAyr8SCaI3/8aHyIUx7fl3fHJWRC33YXwJxRQ/YxKjhQJGmq8n6zQ6YGGHU/FVYTRpur9SCb5AhU3gM3juD6iuNtYUjY/kI2/UG0rotbeSzV+9Kop/GGhcD3c255jY7kqvWrMSGhiaMRu/GIIR8R9kC1eWkuJvgr3XrxF8SXQ48NkqvBDGMorOKtjG4ykSH7e8oWGcGe1dzhEeiTvGh1Yzhy37VgpRZMkvnn6IPGpBOxGZ9GlTUmawuqdDmeCGL9ZPwwOuju8dolZeOUwZ00U+ItLs+kAP0eaaYy+v9SU0SebdXAD9t3Fx5SSy4MQgtKapatwEpt3jPk4AsxKxW3ja8E9TVlsY0etE1Uwmq03jM1qWzvb1yqdVirt1eGX4fwYBD1soSyiirK5rmQIzpE46wRFFtp8Z2qGXkVRPccbAzM+Q4RR3nXj/3Fz1Bgt0OfxhhOUq5evaDNVVMImjFkIbOs93cG8PClpXn6PXQIW9u6oIsgo0ftLbcqcOiaECrFuOoiIQEowMRPxI+33a6XVKr4qi5f9n/DYkxOOfSTkBHQG6wzplSmA1YGN4Swnc2ZZYqTkM0f5C53tsz+9P0Hxhxi8lvnXe28AYEDriCHmyhnhVBkf4cHx0SURUxRnNTMPXzLAsakfWcD3hwB5gAT6F9mEQPi0Vz1ofWYk6E+8Rf2x4PA3pk1LrE+quO238wSg0IbaWnkKm3rgXZjoc7RaOpm8ZdcRsba0BnQIog6WNY3cs/sNf8SqiF0JL8l8R7xhEN+KPjgVtDN5Ph0EfyJQZtvew2nOVNmYEXqMHkzRz GDuNGC2O Jdr9x0BkVBOxia+rJ72VqDJn5TQm7VqbgvxZffPSE+gcRPCXEgsmOR2lEeW5uxVZSSbH2blJpUlypQR8/yoPHUc/+NBsKir9pvRTdm5biGabZ7HRBA3gqP196sn41K48CZDgI1GprVwx3roPsmLYYPsy9i78nfIJMnELUdzEzhpJ/gWbi27pYUP8Pl7gQsyCgr4HxeoYjlybzG/Vylo263anhmxAet8glG6PW3JtXGTA5Nk5u00KmddM+S5AAC9QY2uyLpNeamMknnwTFiOLWpjGTLPh8ynat5VlXP3jgSgi7aiddCittqZEo6o5MF9aG92HCJIw53TChv6k= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Mon Oct 9 12:09:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413532 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32E1EE95A96 for ; Mon, 9 Oct 2023 12:14:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C42608D006A; Mon, 9 Oct 2023 08:14:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BF1DB8D0031; Mon, 9 Oct 2023 08:14:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A6C698D006A; Mon, 9 Oct 2023 08:14:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8F1C38D0031 for ; Mon, 9 Oct 2023 08:14:17 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 6372FC022F for ; Mon, 9 Oct 2023 12:14:17 +0000 (UTC) X-FDA: 81325815354.23.3DD488B Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf13.hostedemail.com (Postfix) with ESMTP id 5906D20008 for ; Mon, 9 Oct 2023 12:14:15 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QqdXYEHv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853655; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; b=aFhelSxkapiNuoPHsFkCIGhZ7FdJU5ILaA54Bs9N7oRM7h3tVGc6+eqot7VtrfUDdW1d+f u9TGmz6UnwKURSAVIkbYqcOzOz0miLI8HUK8VDVH7Y9jZVk4Z2TyaNETgocj+fbDxXW9zA lLJY5MNdnQSxryLec59yRvr1zxMKyws= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QqdXYEHv; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853655; a=rsa-sha256; cv=none; b=RJ4iM2RSnLI35cjqakwxc771DV4Igr2HZfafJLImjv9sxeQBGN2VGokcxvrnk+jT/yODJZ PbaqOcoqMYpbAMY+NS7O1aFOGQtV164pcFNOig2wLI1e1HY50om1rTfPafV8gd5ic4RB3G /Mj7y1ONz/9lODp3vhydXurQhUGkOfc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id F1196B8117E; Mon, 9 Oct 2023 12:14:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2050BC433CA; Mon, 9 Oct 2023 12:14:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853653; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QqdXYEHvz3FTUT3Np9Qa0P6bHjgBrWxF6k+IAbQRqvtWpL8f6b+VeSy4m8x2oqy71 ADwkVHK0JFtJgVJ5MDSiHXkPXaq+hz4ZoRNtnQckXdlxuenDWIAYNqzUj2udq8xmWv oqmTU5Xq0li9wHBGqSBQ9sbmY68Wy9ELc94DNATmv5qg1tuxaqe14CnmERaNXDshN3 YGMpDNvjMxKOu7vCPbagRBZXjN7AxL5vq6Dr75uspEg6TvefipEPwHbAiexRXLz0us 4piL/W6e/otK64TWJnoDDkE96YS9XRVE2WxPCrqYCLcrgnmfnfelhep/y3yXK/EPoy GOyBlVw4eSQGw== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:05 +0100 Subject: [PATCH v6 31/38] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-31-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2pduXLA8Gjeg0HRP3GD5uX7WzcCSjwA/7BD3Ya AfDkNXOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtqQAKCRAk1otyXVSH0A4rB/ 9GhG9VGix0tl/HuVXdlcFfNVXuRxD5QJ/rim/BQuE9TdegqTB4Wa2IPeR/UkMT+d56/JEjvZOzEQ5M mvpXoA6JburaUxhI8T0E4Yc+9WN6ZN72KU53GP7ixO51ZHtnuzYJ+axiuZMHjHJmnOvyTrHsuaFlRa pKqWLEU8GFt7IoIyqmpj21zg4HhmbtMQ7IWGy+3YdPAj5r4hLtJBHVPBhZkLoMRt+ZoNg2YUxhLDvI KEnc7LR1GkFwfDUfbZBnLtErAFDiafdmn1l/24451Gi4FrVLEenZJhWKLdQUG86uJWwoG4Ni//UTnF eICANpkRccnJT0BR2Nuleg4KrbUqsy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 5906D20008 X-Stat-Signature: hixrjajwhs7pe41kin13zang7ru3bmth X-HE-Tag: 1696853655-521719 X-HE-Meta: U2FsdGVkX1/rqqyBNJMJ1k1NKihXLILFlMhX4dukjqrWDQ1xMI+Am091jeJs6sWrrclT7LIG1at7Y5NmZudkzon9e1w3+3+NDXCa554hBOFH9mc66iLRLUjXoQqFAMjdorWFrgsUHDOgALH8PMvshq4VN+2YDh4QOyKASDRqvT28Rj6rsfF1gWSbKUgnsERsjl40/LbpjMf9wBxjWN6qjka249BJSZSuHuGe9yPVz2gh8i1j3CLKRZZ8EFKh6AcZAMgy63jk7YlHz/z152A3qM4GhK2IHwE6f1uJI3pK11n+jivIYYupAWJjtdJJ406wMhgK81b35TtIDpMORfSx8h/rVfrbI2k9vvO0frtG3hglHzCai42meWles/NeoHK0nP3m39VnRQDH585gTvsOaTUzdbToYmJZjw3fjsaUGwjT1TrDtnst4QtqAIlzP5l94NfujEKktXo1CqdW1HjtqO4hFbXf7EzXHhfGDfuYKBSmhuVitP0Zsw3tVq+P6IcLKW94RdsWeKgAAuAarXqLs5hc1Wy1nPMfIw7ZcStRSbRa/DeVAEqeHMFNWC6feJHgtb0Ugxu5KOamlojyWF3zIP4VSC3eX+xZoy9H9RofVrei8fCqzzGDwUQBws/kJ8t5yDyyY7YQ+hEHqg4z+pIqDEcuZ/tkuSpVO8NbV7DEM9u6do0T5p9rpcoVnztwiS785w2Ts4JKe85o0SEA/nku0bDPQUCCmDQ3HNlyfByVC9NWjDULQMHnjaD+FaSW1AuxqnMAo8QkyPOu8Hw055Riv0edO4CxOb+arHwaP02JLBCyz86WQaeKGTrgVJ9R1ySp/X6EW7/zBCHShpXfo99OdEWzykiIRkqKHOm0InWwoXaAvoLKsEvMUAafSKH/vsp700RRHQvd4J9QsBex99/ARSTOoXMuSKWvbUSx/l/htN9lE0Afu/t0J27ibRxuE86qr9q950OAXbywN7BpCed JV7BRX2M sogWaxuuxTJhp7Xm0P38Uc05SGiU2oE0Q1ppkdEyHd/yHBZBSvB/qlvfb9FQGdIb3OH3xO6XU9JiESUgR+//Z1Np2qj9Bff0hb7Vbv7XE7H2eIz7R+M2+yQjkglV3G4CKEhqmYv9bszEn9TzKFZ0vjcL6lyubuiZiPTQthT62HHIP06XmI0KhsPO65a6QB2eBukXiwEhLeGTHQdHLfl9MnEKrAkCZ6QjZhkWeefSQKuBdfXcNr1RXMAhRaAaGU4Frhp7B2+7WFc2d5MnKMAabxwQ345r/EXR3K7oD/t36oLDfe77HkUQuN6l2N9kpbZZOWVd9iuH0g2GMoA4p+TExv4uV1RJn0o11uFzolUjbr2PAVieVZwodOQrxLA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Mon Oct 9 12:09:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 683BFE95A96 for ; Mon, 9 Oct 2023 12:14:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 05ADB8D006B; Mon, 9 Oct 2023 08:14:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F273B8D0031; Mon, 9 Oct 2023 08:14:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D9F9E8D006B; Mon, 9 Oct 2023 08:14:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C3D0F8D0031 for ; Mon, 9 Oct 2023 08:14:24 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 98A0540224 for ; Mon, 9 Oct 2023 12:14:24 +0000 (UTC) X-FDA: 81325815648.23.C986EE3 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf20.hostedemail.com (Postfix) with ESMTP id E452A1C0005 for ; Mon, 9 Oct 2023 12:14:21 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=aRNZd3pI; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853662; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=txc3X2V7CJ9ZdLUppYIcM2fiWiyeeo4/+q5He8/QHL8=; b=2p8CTEgPM6t5PCaOK8UwcklXvAajMJ8mc1DG9bmLkXIlDE+xzTFs1hN4pst+bGQdZbz9c9 WzQNJMBXuT1t+B9SbLPqpvKr4BOCgPY+CkV274ibTW7FwxhUFPpNU32NmHDcSZ61vFOlbG iyyV6CaWxU0LbAW2MFgR/C4Ug0CCKbI= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=aRNZd3pI; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853662; a=rsa-sha256; cv=none; b=U/hjZ3rl0o7MFbzNcwehpn6zex+u1derp0FHyptbIB2vPmxA1pmrde/jVBpPDQKdETG0Ws JORLZdy9fst0WmbFBNIZ0UQ+xgt8XzZzTwTASeBnh8b7pl6opuXxbFJ0mhXDWINNeUyEYx hgEJYydbz2NKKg/rBpB+JVmnrGSegQ0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 977F4B81186; Mon, 9 Oct 2023 12:14:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3630C433CD; Mon, 9 Oct 2023 12:14:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853660; bh=OYaAyRMLSn6kTs6FMYnMtTS8W24+WIO4Ly8HwzP8d7o=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=aRNZd3pInrVeMdKBw7H6QrC9eqFo/kLOrdLcZwp6V+ul7HAC9gLTUyM1GwvLQB1xc 63PWfOonUjUAaZfItFjlrBSYj0C1UcPcMcnTdWr5qP0HwSHUCIy9tFx5enWS0I8iGd wjWnfqGYjjOFM/9uuXGnODB0Zd9KJOmfqfQ/gBUBt2IPK/IELuF8BE8/T0iAWJl0RN mvrxsrT3AkWz/G0c38Ss4zwSuGHoGW3LdHsPvzWcdBrnOND7PG6AsRZFb6C77RTVUz GIOt7HzNDVv+43GI4Uj9im0YHhm9U7UGFLKfwCWJ1Im7sMe7ZhKQk6x5XnqFgvUaas Y9JWtr+JTJzBw== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:06 +0100 Subject: [PATCH v6 32/38] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-32-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=OYaAyRMLSn6kTs6FMYnMtTS8W24+WIO4Ly8HwzP8d7o=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2q4BjYkOhejyoKKvxOrxbGdTheXJOcb2eROkLO TpWR1lWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtqgAKCRAk1otyXVSH0JmAB/ sF/bW4NV1xIXh7KwGzExoXmOWHnZry7NDDHROu0qS/35UQvrwfrBi6tTQNyeIn3v23ghEC2izYQe5/ xF4AI4iosNEQXMNfGRX3CemNMDMILSqO4k6FKtNbqu+VFvTfUZwG8xYNORtZ45iW3tBPk3TCpX09M4 XfPi8G9lx+Y0oWjPDQNtH0cOJA2ummMCDEBK2GKpN6raQ0++tWx80btDNgehnvMePinSWSnYZcbrpO 4YNGY4kE3Tbh20tWr65zqBWE7rqLO6TTsxbHF4VghVQs3K5htXUqYipLcCJk3YKHM8IM9rPSG4lWz8 x7N6aOifCEoSoXFiW/0gq1RcqyV0xO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: E452A1C0005 X-Rspam-User: X-Stat-Signature: eo6gbbkdcjye5bdxcw9634ed5hxyfu9y X-Rspamd-Server: rspam01 X-HE-Tag: 1696853661-808891 X-HE-Meta: U2FsdGVkX19BFnwJ7lsZZKCPAAypOUJPofHASlS78TT/z9bRAGZqxvstcDf8o/b9z2FAs+eMAHDePFRe7SdVYoIFZLiFTgQDNoYf7PgrY8wNFDYfBpb1iKHzwjQOnLDc73WaRmFbv+XPsMuXzm+LljlmiyLtfr7E5EHs2H1fm0NxTy1xun52jGxPYAENBnWiHvCrx9IhBiN1+vqS9FSZkYXqRGoaB3UMw9tlfWlGxcyMJggjNVN2985Aj/nK0hh1TVL9PdMpxIQHHLW/tjKKObQcdV0D3dlMMwxHgXot7JTtanqTiMJv1qe/s/fal22e9Z88J/S3q3ffWXfDnz/LoErabf7jOWmTMliouLgaxqL8mNOGq2bLOCoPnBQYj3jbULaRhpN6xvfsUPzMp2BTYwT2CAo1hEvntEcPA054nGiJbyh4heltpf+fv2EDAVMaUiqoG9Ref7yf0nGRVYvag3LsKWZNKaLT0u4P71gqdHoiFc/8gIU2C+zEdTZfB0SynAcb/WrR7/7i9W66JE3q6XxMxMc2oILhXu3efj8KHSJmWtEmg/I6UoGqKMsm98aLWqNI7Cb0iugPocrpzWswyH7ysqYRLjOQzWtzikVmNJVFaZdd8lE2+FHaTIDIIXKHB2YMzwhsCO18TzRjDejFUIkZ3eHhHhFmPq1qAXJqx8mqo4eVs3Y1BN1PuoIa1GuGXiRwMqdcWckA+LjZ+NHtse/ZKMhAGn0SzqRQA+CWW5yD2Z1QZD+25CYPfJhB1sk4ZOFOcTJ0tOtY5NMZ+k8NeL1nY9invF926P/9rh7X4XyTC8DdMWm/uSZDtaB9fDehf5pnsu+fuRGkpHFlSq0xXv7l5Aesi3NZG4WKDIY0p7tCFfWwBOkl8A/kxX5wiG0ReNUTKFUlZGBvnb6Ogi8hTX8SwVpPFyVXbXBQ2OuAouHCaVjKd/Tl00wCjIZ9GISo3pTaE43Nxkg8dvkmUXx bS2B/VbR UGsvX0piEL2+SVtH62ZLHEEhOn4dowtUV8LSTKMowxTf3wxFA83/e/dR0nsCdN92CzuoPa2+Bjj9FxamT+LP+3bk7AveA8vWRxm4sRdMXzJ3UiK2t3Br4PGr4mDGIDxgKLqcvAAl8Tvaa0aQSvjbS7T+fby5JCZp0omo+g863R/r/g97EG92sN07FaChtYG6y7oQUZDW4WZbsBaUCrj8XzxzBBxIteV69IJqC+DIfoWK8M55cJ/44P8Cn1d0zmVWPWCyFRnBxMzAa/RhLlWTjrXQ44ENxBViafwvclEotaPBpNY8r2OK/wIXev9y4gezpiRgqgOXbbpKjIGw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Mon Oct 9 12:09:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413534 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E6DFE95A8E for ; Mon, 9 Oct 2023 12:14:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 31AFA8D006C; Mon, 9 Oct 2023 08:14:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2A2E18D0031; Mon, 9 Oct 2023 08:14:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 11C758D006C; Mon, 9 Oct 2023 08:14:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id EEC728D0031 for ; Mon, 9 Oct 2023 08:14:30 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C2654B48BC for ; Mon, 9 Oct 2023 12:14:30 +0000 (UTC) X-FDA: 81325815900.24.AB18E62 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf01.hostedemail.com (Postfix) with ESMTP id B278D40021 for ; Mon, 9 Oct 2023 12:14:28 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QmsS9NyN; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853668; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mVg5lNNwPmOw8uU+Gz7X4e2BpArWtQcspVOOgRt3l3E=; b=ZfmYJRSXGIGjVgT46IQcGAiWUoXG5zXL37AMS5T4gevVYE73MbA/teszjf/j91p96o07CW BXOWNFGt1ARtsVDUh575CVgg6QjGVTMjsFqC5B0N9tyeRTmJ7VRQqh+Fx9eKt75DtXd0UI zQZsJeOUBzsA1ekPUPoIo4jR4piRYSs= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QmsS9NyN; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853668; a=rsa-sha256; cv=none; b=RHTRwfMRjyYwefPsekcM+JIre7luHR9T9PCbrLPK13vL++WPoJ6nQ+3xbgOhfdLc3nV6nD x19rMUZl2uFc8Xd7cYSTMgj6hcbobmjH0iY4JcL3Kd8cuEyYP/YibdAqllWl6GdOa5iMJe ntzqrs3LTuMG8DGfTJMLR8WujFviKUs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 55FA2B81151; Mon, 9 Oct 2023 12:14:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6A839C433CA; Mon, 9 Oct 2023 12:14:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853666; bh=2OtNZCRR73e9BT9sCUty0Rswxnw5SlnDqASkhgLcsC0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QmsS9NyNc7mC1EO5++70i+rW7+R0VK/w4b8uN0DlZoE1escEeT831+SIoBOfypR5V fiOBRUz7tTSQEwCLENeN2V55YqaZxPcRoWhQpovvjxa33zNnKtQmbU5FiPos9mB296 dJNnt8lqu6dWPHzrFn4HQAPt59G7EEDniY9Sob+NVqTGr+yPGMvDybZNr3nRhkNey8 HZzGVhvmjs/6UKwvPeONqjpakKLXiiA8yK3LyKYXHCdcyXQ0SxpI4/HvMLm3iQXs7d uBM8LFDL5La2b7Ubc9tCMKM5YVrZYkZGmyMG0fon6D2HG/fEXnn4oIoioRb+kE6+9q /BHTcjNCzOteQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:07 +0100 Subject: [PATCH v6 33/38] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-33-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=13218; i=broonie@kernel.org; h=from:subject:message-id; bh=2OtNZCRR73e9BT9sCUty0Rswxnw5SlnDqASkhgLcsC0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2regQEuwdQLsckz/gBOe06x1tdl93B0DhPCjUp iiU0wbaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtqwAKCRAk1otyXVSH0LYwB/ 4tOxERiqykR9UD5vnxYOTg7VJmGcymd9zqydKJg6/0oSMU+BRcokZTLI/mYkJAVjHBxEK4mtOoNYHg B50tKOJbM0BSKU4qu/KWATeXFBlHy1TN18KND/gQoHOoggCKlIh1tdf9i1mfFMG0mxUkRdjTU86T3K azam2YSEFtOQAVYXzboWFXX1wIcxIIQJmjx0Z6MIc9enW3qQmO56U3/wX3N0LjHCALRZJNeh+ecMGx DOvmae6u8AjOBAvL2TBwO7lvu1Vdzz8zGHnrcHnDN7fr6dmPuiJpsHtzxAk0A4sjh5aSJk3x8wLUNs naE9hCW8i2VsvS/Nt4dDB5LV4h0SpO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: B278D40021 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: w8cywo9e3q8bcrckie7b46hytrak8atc X-HE-Tag: 1696853668-613862 X-HE-Meta: U2FsdGVkX1+CrmaU6eYRpG5WmhANgysNZbi6zkUMHaqQ/I4Vv+7Ejwp3GrNqV5cSxqLXmcXR6hfPV6laUCh17Gn1nGAzL1O8yI4WKZVBbGDGsYg2Eft+kBQEi8SqTxj1bUGiI9tuqCYRkckPwZGF+ionX98mSvWODT0bd2oilvdtWw2m3r2duF+HGHCqSk0uv+3y1rOA8NiOweStt8li9F5za8q4I4ZhpQIC4lgk1ZGJnUSkrj4MCaaXqVxQmyWlS6cRbtMK/O3ptshmZARc5JfM2u95ZMTd6sOFKRSBYTnV+rICZmGBK7U0U4EGbp+sdNl2meD1S5GPAvF73649rWknTk4exyemOjNC+km3CmBq4lfCPq2+zT4g4GGjypCnG/1QcS88ZjgM7q9CIUsfj5pQ+QKevSVhXGuCU/P/6l/T4HqS18MgrOjcEJCHbCZfF1z4Y8azriSPkQCfkyWkSAR+0AAgfy5CH7e4IN/A+rxJLUkjjPqsc73cwLRyQyxGOi41MF9ZrPCVkm0sFqJ8vgKgp8APpe1TihNCBXb86xXgdKeHHx/fDhB8dmDAkHxkRwgPexeNxDX4JehJCuzUIwgSGwIeZ45gzA2tWwXT1RPiIYRZwNNEyp+meSO1w/FOhm6hGvLyrPXxMSaCQWVZyKOp8HhuZMl79KSXqlh4rYYdFy3Dy6eFKiGdwTUnnYYO3aJPar5No1pHstDVs/cORPG3GWk3xv+7A4FUgRjIRllzlMEDlnMuftrucb1+u5t29nBGsbnbRIk+niSdGwo9dg9nKLZxONLV84Gryozdi2h1EzxkxJNuFfxC5QGtnF/7CzWpuhwl5sgyA+jtS+AdJHjG0UIfkp7e9efBjYQZfYokJLeSdROEm5L4JNACBVkiD8ybOpyi4XijvxR69dng7iNx3kdB2oyyL9HwBlCkLWUw4m7U/L1frY6enrSOx0NxtHGfw0mux5tTGqb0Hh9 PNUOpUKz TIJxruOhJGVKBnQPjphAUjppxNPCl7JXIxZocJx7MTzr4Ty9ztNFwgsSNcD2P1KQkOGBfUrPzoiq+/U/BnK2SH3/kXLRGcJ+/REt5Y8UjYhUS7sG1hyfqcJOCon3yA43SJrs52BiHnKLx9Xb4zD5k3/a8zwM7eM373rBereqSw66uAAx+YjQdyRU30koR6fy7JsTQUns13bOpl1Tk16yBGOnfK00zusklVI9qULMoVh2uXH6JeRTFCY9hH430BGGH/M9bOcKYjtjYf5dsAsxmUdQdfkVAJPRFOmqESRskW6CqPnD0Xy5AuYLrihFJQVoKnUpFqnL8/ZTBo9s= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 356 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 466 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..0fac554a3c4d --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,356 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..65e6de583506 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Mon Oct 9 12:09:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B971DE95A9B for ; Mon, 9 Oct 2023 12:14:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6283B8D006E; Mon, 9 Oct 2023 08:14:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5AF1C8D0031; Mon, 9 Oct 2023 08:14:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 429A98D006E; Mon, 9 Oct 2023 08:14:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2C0C88D0031 for ; Mon, 9 Oct 2023 08:14:37 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 039E940210 for ; Mon, 9 Oct 2023 12:14:36 +0000 (UTC) X-FDA: 81325816194.03.2BF038C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 0E1D91C002A for ; Mon, 9 Oct 2023 12:14:34 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=W0FSwNyq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853675; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=l85IFzyGtRqFz6G3LNXsP/CNORjH1S/T0AUyiYHvTJI=; b=xcKsg3UrZWd/ZB5rSQ+Ma5CPUaxXC1TsMgnos3PsoXiHEjUHfa6FtxaLZwYg93MF0rln8M Is2qDhcWggpNt+2wh6SDlUdXfU4WU+gYP9uEuoVnN6sujF+B+iqaJr7bRkwtYK9OXNirGW 5Ff1u3bxGBCnylMCk5rYetasEZLihUI= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=W0FSwNyq; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853675; a=rsa-sha256; cv=none; b=aiwtlyVHHLUSNcs8wUN7Klwlw+56Wt64DSfUeKnqkx2VMRypP6RHqV7WS9iINrVpRAZ6Qm RifMsXbw3/lviztYgEj+15GKEgiFC1LTU3gcCI/d4Km3H+yGeqGhEO3lxBla4VhKghBb1W E9E9qftwWIQcIRr6JhJzsB4fFk17weQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3EDB061120; Mon, 9 Oct 2023 12:14:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 299B9C433AB; Mon, 9 Oct 2023 12:14:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853673; bh=GoX5+5TPWKMBeVX5ln3BsEwrTT7WlIZGkNrZpsUPmck=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=W0FSwNyqYZWNsOY3/ccw25GF3rzgDwnMk40GARdg5nA7BmNVFjlfiXp5Ppxrd+fL9 sKEF2cdqC8DpxBGQBRLxAAroWLmgJfjBDU8b3m1eWfhjOE3b/VAAbMW1jLl3d89wfi 2d/8HJPzISmQNXLyW2ZcbMYKqPGzq/OFlcI2XtNilb1m3bCCUCb6OA8G30F/sgKiU2 bpexuyb6Rt/imFxXl3SdUbvph5Rytpw7AuQV1CcftoZTiQD/tO8j62Y7kni0ad6vXI wCHeXD4dkJA/JXWHWgCa2QKEQepJGl2ED/cEJFNDvW7MDps9OI016UESOJf+gNUkld o2uMVrd6B3FnQ== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:08 +0100 Subject: [PATCH v6 34/38] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-34-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=21534; i=broonie@kernel.org; h=from:subject:message-id; bh=GoX5+5TPWKMBeVX5ln3BsEwrTT7WlIZGkNrZpsUPmck=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2s3ZxHwCqqzhSo1a3a58tdnP9PUmH0mPnDeUuv PgKtKHCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtrAAKCRAk1otyXVSH0CIwB/ 9tWDmxl4OO+XrU+I3nLBXtcmPzmTHXbJyfrSkHIqAznge5tlKUC2VRqVbHtWhV4pvFmBpFddBOpTa4 Go8XyJylvmCfywK+UqxvkBJIYZfhy+FAocIB3jdamcPfsxXcrtYdsCEomj34AFBnhTJTp+kKUsqinE ptfcFzJyUF/omVPeFj4qlELtWgDteGIsd1c4TBkASJvrtEm8PrwEewthHZMhW1+E7WWYAzQzUk6wWl Ca4KmdvuA11aUmZSiMLP5CHvxc5I07QoRv7fwB50LpgIM3vM6wwElmbcDvTBKidjoOAk0cQbVWYoia q9fIBxsU82/nXfsY5mCf+/iQ6e8dM+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 0E1D91C002A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: aw7t5thdsh8azc49iwba5tr8ydyi9sep X-HE-Tag: 1696853674-269420 X-HE-Meta: U2FsdGVkX19ycjFfPnB7S3aQTXSuxCZb9a8lMdjkZH9FmllWhRU9dY2LMUqbcNNK87AgheBPUyDP+gAnlBtd2z0m6JDdt1famCRnwwq/rNpELKgvAkZF4uKZReNl97v5YNQNmguAwcboG892u+QcKwMpVtqtcW8mPVSTk89NeGKTLNf+M/s+6b3J2g6VE516FzU7u458VodM0glo6YMR5qAGJEeN20mT0cpihlRQaDfM3Keq+IPpk73wOdZofrfD1Z3Xc4dDqWN5wrrFSWtAjH2xBhZvtHcrXFdq8FneKCngVsLi/pam67Z1OpyIaMsKjyDdkc74enxBAwZHYIssDpgoawzo7bdZ+zW+ptSX2TDInX4ULsueXxpvi8SVxacg/0BaLKKHNmge+QEOL4YRoZvYQyqWLMF8Y6gVrY4gUvQ5ula2ZB7ybAqsNtBwJG5FYbxbJaG0eWXVam02xHXDWFUqiVLb83WEVL5+yOAmJyjwpsegvlqVmuck0KJWJIYR4GxblqNGy21wefWrASUrjfhloA5JBwV8JkD5kv57emIZrU+7Fyq1xekD0Gej1ot5JRtSjyT/ikmsuWZh8xLbLBcJfw5mEm4UGE8yPksEKZyZXROjE8ui3pHo5no6u+7FEl4rcNaQlFUL04PrteO0wGh0YLWi6y/uveeUzv3fRrQkobLyTjylDBPAx6yFEAu+PPhUSoTKK+diIjWhR6ivW0zPLnUKNaRkHhhyFrNe5qmrhSHpcOrVwqHQXNLs0K0IkO2uaO5ubPlEJCl4oHxaK4sKTuoIKTcGz78GPE1sR4Cs6VMfEhOoipWc0+eGxPS7pEqk+ZTgGXt67T3f7PE8X6g91RyD4YO+YJ/kvC1vS8UQ+XwCSpdL3zMxfZaUMajIaDkx2rawiR2DEl7wgcb9XY4Dp5MdqC+TUseN14ji7Krsw6R8DBJFehKBbhGS2XE3wgoaQLivrWUQVoXkmJW epygsDjW bc6YugSfGuXO4TWlPwv+8J8JjCwekQRpZM/19Zh3x4tGYrOJxHGKakJkZJsLaZykL0ARf9ZUnLT196Pyaq5Y6DCnkFb/qYNkt0pfqtLDRAIyk93dYORvimXdGS9WNQvGVO43aSyFNMzInHVMBxYCxIVLXZjQbxJJJZ6SbhftyBIkIne3uWEabVJrAML0TW4RFgKWpFO5KwyNctJ7ZmAHgcTkGdyQG777n7m0UoCH/Td2eDu/hEt/2CRqbc0Q82OvNFuQP/ZvdX9XyzWxSEc1YXaZXKifjspYshrWXkJicXKYZAAZhOusCdToY2bWCdrntKv4IMs2JeRHNcmU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 742 +++++++++++++++++++++++++++ 4 files changed, 756 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index 65e6de583506..fd50d0523558 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x40e + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 71 #define PR_SET_SHADOW_STACK_STATUS 72 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..58141d46f861 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,742 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME", strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP)", strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %x, locked %x\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_writev(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before, this time with process_vm_writev() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(val); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_writev() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %d levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %d levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, bti) +{ + .flags = PROT_BTI, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec_bti) +{ + .flags = PROT_EXEC | PROT_BTI, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Mon Oct 9 12:09:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413536 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78CEFE95A96 for ; Mon, 9 Oct 2023 12:14:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1934F8D006F; Mon, 9 Oct 2023 08:14:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 11CAD8D0031; Mon, 9 Oct 2023 08:14:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ED7D48D006F; Mon, 9 Oct 2023 08:14:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D7CF28D0031 for ; Mon, 9 Oct 2023 08:14:44 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 7737F1CA6FE for ; Mon, 9 Oct 2023 12:14:44 +0000 (UTC) X-FDA: 81325816488.24.70EBE6E Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf13.hostedemail.com (Postfix) with ESMTP id 422CA2001C for ; Mon, 9 Oct 2023 12:14:41 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DChGwy54; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853682; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wVIQOatPna0iFL3WRNbrJxMJgExIxYsZk6uwuE1VaNI=; b=SDEc7N8Ns8h5PlAz3i1gZd1UGAiODw6RMzcnkleEN+YyeY7g4uakUekVo7fqq4O6NRTbSi T04XaFbsoXyTsWs2s44aWmc/7siD2LrVBvBLVgqKmGiB4/lWk4isdIoSyVFd4qMivW97FO NLO5doDzS23LRSzpE3d3+qwXVYehqio= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853682; a=rsa-sha256; cv=none; b=K9afrTIzHi3t0UMMe8nxC2L7tm+/yH2pUpMOaFCyup0BYEd6plwiQI120m4stoSuawuT3V x4hyDX8gEVU1mrrw/drXjDTr9mt4VaOC5hdQhSQNPjDDofmio3HJ1OzIuWuooTUGnwWZHJ fz8yygEWr4ub9o3KNKwo9ALYHx++7ZU= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=DChGwy54; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id BD90DB81145; Mon, 9 Oct 2023 12:14:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DD54FC433AD; Mon, 9 Oct 2023 12:14:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853680; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DChGwy54V0b4BgtZhNZZ9xJbzN3wvK2YneofZB502s8nrd72kcPpqodDzPMFkwyke UMS/n+rOcCVMoz3fuO03SemIkooC6X/bNtO0s+NAQZyz/J7Ee4gS0JmsQC5uB3FY3f yxxDNOhWSx/+OvjKL8pM69cgh4gBcgvY4PVOk8A9UelthnB2zd9Y0CCiJ+BrXwXipA +garoQcJrhJ1oR9+Mvil+mw4todBsnmbPzlspvN9frCFIgptIOfuonzgQW7Ye20ZBi +H6VwyywgTd3Z05TfLl73qYYQyEcwiBJSH3BjenUKkj2Y1wHOtcpRZ3hvOjIU/gxrs UnKsBZUAUGRiA== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:09 +0100 Subject: [PATCH v6 35/38] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-35-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2taCv2B+2H7fAdfg/F+IO8oChQUTzeBbQPa77s M8VoqqCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtrQAKCRAk1otyXVSH0EwGB/ oCCnAxOJpgYrPdil/7YZ9YwnC8tbu788NatCLD1oX4LQH/N7wB8drf0c7WRg4IIRM9hIis7vXLuzpJ K/tL4XYk1GO8hGVOnKVEIo08DlCLaOUCvs8Q69oKBqRwlBPvKOg9qCwcRQkYEM3PTBAD+ew1J5RdkH QTiDurH8UhTMrjCnSEn9Fnb3jv2zruygol7bQeIvJ8u88erLOBl+ZhE8o0J8fHJ1ek8iCHDHqvFmSU wiXduHLy/IpBBJ+RWdnY3prQ8F3wdI7apKnB+imrMf712m0nyJaLWjICYW97ovu+uqkvUqF24+MFps cLG1kHg0az04GLQs4IqXp/saO/Tw1s X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 422CA2001C X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: p7ojgetskyjkptppn7qupyuwtzydonac X-HE-Tag: 1696853681-144006 X-HE-Meta: U2FsdGVkX1+m+MKz4U3PbiSzj4tmMpCErkd4ZvpsOIyYm3vKJteABWFyHxkn0zEOyNzBxk9EVuTl4A9D/853xd7s2S+pMXE3S+JRDyL2hDrz8WlZcxJAdJ7DxKkrmk+lEK7GrieJELFghB85yyJ6m7444HFG2P+EcrOjOen3qCt0Z9tHY+rI2Z1mlo1rrD/vGowcny7673p3BvcPC4/xwlubfoF1VmvEtZW1poavi89Te0nZEa4g6N0ltm/ZgHSIyK0qEf211V1H0ubCR/WYxUOX5eGqhxh0e34FlJiJZCW50EO5TpUwOpEHsZRVQJT78HCGn0kJNO+Qp2PqZWvUrLmszOf/V/hMUZykCuWJkEwRWlcGxHsWznMeCLRMy5IyyaimXDkKj8a/yJUxsOEHrsMns5aMbL9im/bosh2CAUrV7BIwUFc0hx3u0N4CyFQfZkMyWsT4MGk/XxsKY1kBBrpgZNL6u3N03bHZOQz2sIaVNmNdiV8L3y7r8Cg94KOnqdUH/RW7LUqDgln2mkTLYi98S2AWPCICPRyB8NYDMtXexY3ktY2vtbrCW+7QAc0J2VeID/t55BGhr+yfujQssEXhV1JJd5thqgTvqMz3t1B86sYwN8eceDDrqYKbNeZpzogMyon9NDNTW8Z47uJ0S0twSoA77TpLysvIlKoe3WvqaYatUMn51xsM6GtkN9iywN06OSiN8wV9UZFpryDeLeRIvv2VNV99sduXasJMSRcPrMy7id75i8nrOdrRzKc3D1vBkn01xNItD683C6QctLdr3Vd+Q/qeLBT+eY++28BE3ViV/+C4vCfF0WCnbYiKCGwXM7AnPlxYzKal11Vnb0VZIHAJAFx0tprETvmWxijYeREp5Lk3M6U8LMXDD382Xsel7TmhckhtfIn91X6z3dPlaW2Ax+FfDnyNIl2hcsUNv2sU4gd6pfYrhofYQqwuaPWJlRPnYl/qoP6KDCj FwcvLnfd p7rCu7O3+v7hLjiE+//srLCZ3SPbig3LSXCdSLK6qQHJDoPVXjIgsugp75u1fSyVrwenGFLsLIIbbNFlzE3VYib4EnCljPHz+Jyf9YYFscHHw6N1FWeawI3H6ENk7UzwMkElMdBWVLWtcUsgEtofV2X6UCfXNYPUnbfkOh+zRy7ORBpbYnlyn46Hj8NRsqoBbC/SDYRWCv+l4MT7M96eqdLyIzhkKKVZG7z5PUhmNiEl/u3iG++6bAfxBaqkBbdt2tqmI6mmfg1Ek3BuKaVKAk6cFQVSCqygDgndEqnY35fdomRb2UNRYf1MNjyzym4z4+6+DsomayNX+WaI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Mon Oct 9 12:09:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7BEFEE95A91 for ; Mon, 9 Oct 2023 12:14:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 11F8E8D0070; Mon, 9 Oct 2023 08:14:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0A74B8D0031; Mon, 9 Oct 2023 08:14:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E3BE48D0070; Mon, 9 Oct 2023 08:14:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id CF74E8D0031 for ; Mon, 9 Oct 2023 08:14:50 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 9E9501CA6C7 for ; Mon, 9 Oct 2023 12:14:50 +0000 (UTC) X-FDA: 81325816740.09.D32EBA5 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf17.hostedemail.com (Postfix) with ESMTP id 9E1F44001B for ; Mon, 9 Oct 2023 12:14:48 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=n5UQQ1AT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853688; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a4sdhvetqGV+nGZwp3/CWKNpIVlxBXbcidOEijLs/Qk=; b=ETdzcbPVQGrj9n6P1mjormcu1YCS+NUfZN/IeV4rVx3cXxWSHo0CukuCDIrdXmKKwXh0SN K6BbEqcTaOlwmkLYWlKTRADOxYBuK2ujihukTb78qzWU2fH5fDtNzX8KxgAcmK3dP4z6q2 EipWBbtFurdtDsDY95jrYirAH0xq91k= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=n5UQQ1AT; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853688; a=rsa-sha256; cv=none; b=Qrcxu2U5OUIlCR7GXH/+qh7+qypj0rx7UdGzIxEb0t8Nl3MbtgaW+9T+uyTIaOceo4/naq rCdUFgfIZviBGpnq0zUJ0gSs52fGqCIZReF9xgBXGnozeS1ClSwvIly//fSgm8m1PScNRl iyI9wDRYM93yWZAwX2xZDlQDbIpxA60= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 577B3B81151; Mon, 9 Oct 2023 12:14:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 87C14C433C8; Mon, 9 Oct 2023 12:14:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853686; bh=n0brHaZlsdiu+vZdVacJ8xeue5gjh150PYMG3rRf1kA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=n5UQQ1AT5I82mU7Nx0+Y9k7xNEgSigXUYhr5lH2zAhdzjpcwZ8tovFxITNmUjsyzB lgWEwU/CIX2nK95j1QKfUTqy0dVyqg7ab/35dbMkWUEBFAzXyYkdzNxLeOEEO+Fbso nLY+fU7CxvXItc8JKRQgE6SH+um7qVxQZuEoMM8oELlDrauEECyhoRvdyo0SiroXCa EmYSuyUki5zAvADxN6aIvmHDtXnQAyZjEE/apK221patQzIMUW6FRzPZJr+gCFOTv1 pQAtS4zl+B8/9rPsm3VpVMIpN5cBdf1Soigrmu4XTQeb5edI/V7i8RapIBuF8JFcA7 6a3j+oCTK34wA== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:10 +0100 Subject: [PATCH v6 36/38] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-36-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7315; i=broonie@kernel.org; h=from:subject:message-id; bh=n0brHaZlsdiu+vZdVacJ8xeue5gjh150PYMG3rRf1kA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2tveb6LcwYU7gt5D9M1Yzq33Su1fslnEnmUQoy SjnyNBGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtrQAKCRAk1otyXVSH0EV1B/ 9focZ0RCun/nSyD/YCRi05xh3aUeAY3eqz5BL3aQGBPQgmMG3yHfYyM6vm9FrA2pXjlP99T2v3wy+1 kVSVboJJMmImQFHJJn16MuZQzmFX8w4XVHQurQLPuKpWh3PjT7OjDwcblT15zbd87OB//9A9aLUs/v uEJFElHcaq+Ug126uPaYzJQ+fc1ISuIxC3t1jZP/6LjjxGJgeSz0nu4MK5g6tx7Cw+zY7NHlPeHGkl ZQH+jGU/3G9WZtRyDcA3garOiz/TAtphRjFPKloSfcvdRvlYt/ecDyi+IkkNXH3wD46lJnZWzOJ2L4 AhEUBi+nK7qZI8QOb8EVMOXU6wg/2M X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 9E1F44001B X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: h64tmpyktekjp4ygy9apm7drgy6n6bt3 X-HE-Tag: 1696853688-196953 X-HE-Meta: U2FsdGVkX19RR6QpEZWAlpgBWR3VeiE2jWOTkZ4FNt9zUh7QTO8B7JC4jUg1LZB8ps+Qn9VStMvON49M7GJxV0NV/cXtNtUop1fMJlzaDUVCbiL6NVPZTlj9j3M6O4qOz3QKW282QM/Zmdx6L3HpHWvahqhI5UbqNHKx+s7VJrrbK7LBuOZ8pgvw+cGhooR1Iq1bOoM+QhuLT013jU1HD96SOIvcYdKaMmzeBOQZCNxWTVHJG+LtdVBn6iKCfeBhAKxwJmzKAlbgwHVwKl2WULCethQhqSCLJuSbyDXwKOoB+QwA7O+Wh5HgnHYoI9rPRV0g6CNIPOjHtNUXkpWkZ3S2WHzmidP0jC/eON5CBwHEjZ4mBACgGvFULX4CQsiGmXEp99SrnC6NVtu14AJV23rx8FlNnnWtMLxbMd1nB4f9eyOEb4TgbVIkx9U/Iaflz5rzWVUqgsLnuSngIetzLA1r3W8PoOiNqaNUc8WNMTTfHeBkfopoPjidj3K+BheMarH/P0J80/ijyPt4vYa+p9Rxn+suIgU1G+KuP+T/gVL8mmCUzSlUDnzN4xZPtJZ/G+koPxEAnoyStf8yNGSMiBx6Sgl8NJflhn7Bv9q0O3P8mFhMXdoyhJU4k6ag4L4XXFAhZ6BMbfh2psYHVQYCFtyPkVl1C5fiuAu7ge43olpybJVBhXODAy+r0DPwF9/5A5MeAM3dVE7CFKGHJdd+cbcRJ8XKB3pcKRXzIbPFJ2TJVjvOPdr+J9DgHwrRzbAScdzhfxcyEGvvR5tb5i/D0QaN/w9dGLnha+qCfBiCgKTQOhWFB/Uz0SJAcA5l2Vn2zacKUPIALgsZuMwkVGJ2+AFj34Ex5OIK1thxHeCsDFummq1IYGgk4u6VHVkp5eurx/uVSOKlQC9PMvtoAcbqbmFXB/F7bgI+OAi2vQ6DHlatQUQHNvcIpBkBpx2ImippA40RCtsm0Iub7ZUTWm8 eKNsIrLh XzrJIemYnZsXxzrYkGI/VD2zaF9uHUADS+ITVryxkOvsfvsiBI1NNAiWyXGdUuR/oHbdiWT4NVIEpRQRgH4K6AzBns1WLdFmSIbly2HkBwzTOeJzR3RQYstYqC9F0Yh7qfuTZPZIueM8apEIohqjBAZWv9n3ZYRJlqcnB4KqexCpM2jN6cph4jRxwBTatd+CJPyaPE5cavZ4JHY+eiQXukT1ljhzdyGYQEvI1oo9OUXTa+lTVkcfTPjNIddcfkMikPJbI3mdbplGJ/uxw3ZyZT/Zh5tBVm2av0zNwarVxAA68ERZ5gUMg2tDceRN3tZvhsSpj9mAoVGyKbfPVi6yYhvcpykzJPqqF9HcIO5P0Ga65Y85DXthVTZMURQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Mon Oct 9 12:09:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413538 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64B44E95A99 for ; Mon, 9 Oct 2023 12:14:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 082588D0071; Mon, 9 Oct 2023 08:14:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 00BA48D0031; Mon, 9 Oct 2023 08:14:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DC6D38D0071; Mon, 9 Oct 2023 08:14:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C25A68D0031 for ; Mon, 9 Oct 2023 08:14:57 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A051D80209 for ; Mon, 9 Oct 2023 12:14:57 +0000 (UTC) X-FDA: 81325817034.09.B78F2E5 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf22.hostedemail.com (Postfix) with ESMTP id 891FBC0020 for ; Mon, 9 Oct 2023 12:14:55 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LCpUSFOk; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853695; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PhDpjqz8s8m+q7sBQGQ168X8mcTQkmGJDw2AKcFRSZc=; b=Iyzh+x5l5qUWHgME7732f+dT6i7EdC62IptAOi7yjP4GEAyW42ZWO/NKzilsQIpXK6CcqB nQT+s0S7jzme+ykEWeOgxUOiHG15fyOiBXTsbLI+5YmI7J8umgOpG/UgP5XO/wn5eXuH+5 brTAFlMSAmT7DVD9NHijB6fAfiysnME= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853695; a=rsa-sha256; cv=none; b=mp0hO6krC3kcU7htpmE7prJy2W2aKPHvfeFZi5FHf86AzLy5OSgaWtMCwBhbRQuplbbVnr bJaHRvTdAWhxMktQE75gKrPtYz0YcBCyZPrMK2Tm6rcf0MLs0jlUedmHGNpfPvN3mZl7Ks be7ad/8Mx0jlx141Jfm0jbTA2tQcveg= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LCpUSFOk; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 006DBB8112C; Mon, 9 Oct 2023 12:14:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 28C23C433CD; Mon, 9 Oct 2023 12:14:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853693; bh=lG3KgbVIo1r1OqYBn7opAKflBQLCvcGKxyXVF2NNf4w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LCpUSFOkR+6HNf+7H6LErm6p63C38DjtwB7NmO9miYu4NewGsJUaSvWCFA+yL1Ht4 uKrMAmAAMGWlUV9FfumkqSdFZuw7REbOJYcwp6s7RCaDZJW9I2RwRqKgLCwEpfH/CC kWIrzwXZ0O0/Gyj5NcNdmjvE5/CITaxxgYyuQ9GvN09ADutNSg0hDKp6xgF5EcE+u4 852LRJIpid6HqN05CQ6l5AcNnwgp1Q0Ya3rrzh0ZlwoY9spW1J/dL/6c2EC5jmj5bm Xjd7/8nR9l0K4XfYJbIjrVND5DDfU0knyVYhimITR8eMdEZeL/MLU9q8MXkj2YntHt ffV6nkyR+Vkqw== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:11 +0100 Subject: [PATCH v6 37/38] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-37-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=21150; i=broonie@kernel.org; h=from:subject:message-id; bh=lG3KgbVIo1r1OqYBn7opAKflBQLCvcGKxyXVF2NNf4w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2ulq5T+J5CPLNXBcAUq/57iyAquzLzZTUw7gck fLcxSdGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtrgAKCRAk1otyXVSH0I6LCA CB16MXq3RcXDUK6q3EEA6QZzbcMFlrTXvdaO/BqeXJ2E7d5XNgwE6E8AEs2H9m+j8jzZrVvQEK35s3 vwgGLJtHCSt0pxO5eOAaX5UFpUGL6rmVBpgj5iqjMW7HvyFtEXVSZRQXf+/FCk1UNxcDuSU5UyPzMQ m1zjRAGrmPrlmXWmXT9U4HNWpVxpa32pp8LZJ3QwuEjNWed7rJ+VknMvQy7bbvL66+e96Q/aSruWUL TG3ZPdDFFYmKvUORJlStQuXK6bP7dJrOGaZyD9lGBj9tCSYbGIMAfOWfHFI3Xq/8WYyziUsGJy4uvx F5GRWUiGPfSVqbLrnkeUu4eQYGxHk+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jmqmoah3nqax1utskbdb99t591gzfqj6 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 891FBC0020 X-Rspam-User: X-HE-Tag: 1696853695-515410 X-HE-Meta: U2FsdGVkX1/SHmHFTLWgmPI5GLIhPnwk3tkb5jnTwJG8HTvi1LVT4Cahz1zPk521ngcQceql9cZczaV9b7laSi1aWBXa+YOGmMU5vj2cW/0YGyeleBLEIVtQvsvxwlYUSGig5shK83IUxKnnlKS7TocRzDmffCG7Rlm4CX5a004pc97zP5/648cEav42oKy5wYK9dRrOj1aYT7Ohs8h0Lmcgzw6aL3zxsx9NQ6bfX+ey1TC0ZA5w8ruV2wfHTgXJKgKQceNoP+WTM7uPFuLAMIdzxnnSqdgn4iQTZukcPC7AaERezUp0TBBzJ3zNK8T4++e3A0xJLRnyJBXl/Doa/9eIQLU0rtdn7zKvhVP6BfqxjQtPEJgRFurCnqfoV2rFLXnFoA2n7w2cixWZyiV9e6HHjmJoQ2TCE5ScjpDNeoilc5ZohN/4nZ2f0++HlU0BSTrbzyjupp8wbY4pH9Zu7ngHXSloI36x2To/TWyIjlK51j25jd3ZoLMVlzRxuk0w9xKRmkfEA1i4VIqcq7Hcia5wEjjZnt0X/fbIf5gfwDig4nuXHibfJ9dcXINXVUnd6q2EQkxx/jEOmDoR7W3hTOMM3+HsG1rV0agDuvVAvwgtZCzMQreiUJOB59A1wCVvxKhtg3iAWsjjAp/L58UC7Abn9aNl+HAHxJPgx2CJzGOVwyHSDVaYaK20dlCuPL7rJhK1GVG1Bv748RSckw6soDj7PZ5K+bDtvMpFHzLVD3RxeONAWrdlwS4JYnyZUBwvkwSYYhxTdAVPcMfuKBgFYUj7FkTPOQVWAPDwDavrTt/cH71//LpcRUqg3YRsXAHI91rOLxMj0eX3zvejEzwoZNCzHyZ8irmHnazyC2erl/natQ9LuPsw9ud9dhI22RuqjRvjX2ee7kaQ0ja27tTTqSydMDrLVw/tFREWO6yaxgcz9XQ2F7doj0/fBqeHchc7SW4GjaCSnslJ8laPsDm SnBaHv/G Ywxv2/xvN6vobARArPFHheXgZ7HKC31BHDMtVdEbCJRlQ6J1Uqj3EntuTANObKkjcbD9xWFmyfuUYtNwVYLFR5+mZQcEOwmuetEflYuRkBJgsM9PdlwNQ7bNiw6ZXN4oAJ92ApCyzwkbVg08NYh5LHv6mGI/Y7xsQgo/vStxdUbZrPH/vwuDznm3sJdVNkqwU6dghGl2FqEJZF6P0zmWV5iZn8pfMGHsBplVRyEAKQzBwEcBes2vbmJtryJyR8SqrEq97LNR3j/O68UcU/aXLGhIbXCsABFMG8kHWbTT9ylSt9+57Rq3gtoO0dqJAVOwW7Y3R+adTrVat5as= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 532 +++++++++++++++++++++ 5 files changed, 850 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..4fe8695333e5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endmacro + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..23fd8ec37bdc --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,532 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_print_cnts(); + + return 0; +} From patchwork Mon Oct 9 12:09:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13413647 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E3DDE95A96 for ; Mon, 9 Oct 2023 12:15:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D04958D0073; Mon, 9 Oct 2023 08:15:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C8E248D0031; Mon, 9 Oct 2023 08:15:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AE1058D0073; Mon, 9 Oct 2023 08:15:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 963268D0031 for ; Mon, 9 Oct 2023 08:15:04 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6FFCC40242 for ; Mon, 9 Oct 2023 12:15:04 +0000 (UTC) X-FDA: 81325817328.12.F1B14F6 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf06.hostedemail.com (Postfix) with ESMTP id 50F0718001B for ; Mon, 9 Oct 2023 12:15:02 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=H6L2zm3O; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696853702; a=rsa-sha256; cv=none; b=7WEIab8eZkR/D0rgjN6Z421mhQPpWunXdAyWdCYUsiLvJBi1xUI9jhyprPShvxMrGdJod9 vNlgaIXZ9vTa7+IZiCqS08SCKkT9sKeKXyy7BLximwTqlAXPsByXV1mEtQGepk/ut62SlG XQiXosV1PVU3ss9DvxxwBqnsE3jIytA= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=H6L2zm3O; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of broonie@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696853702; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=c422h9hePWFZGXVEyc1SJULBUM8N+meybf6z8umXg3Q=; b=DPLP6GQcudDcgwgmdpWzVH6OJfoLBOSRmcQ7LDk3a/AJsHfSjTbW1KdJBDWjfahcAhXFVy inXmM/XGZdP4DjMFqcX50GYOTzZL/nzYCPAHRjLSyIlrRxbVjF4Yug3dKLv263dYLVFaHK 95ghXxXiDTbTVvxEtEZu+eHU8a2cjeQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by ams.source.kernel.org (Postfix) with ESMTP id 02255B81189; Mon, 9 Oct 2023 12:15:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C6D4BC433B6; Mon, 9 Oct 2023 12:14:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696853700; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=H6L2zm3OMsRyXQZfw5aCB2cQkw9G1wWr2dacwbrbjZXZPIvYK/weMVGb/cCzZKiC7 ZWZE+3KXbORqpB/LvrPa2XKaZcYAjAFSMj4QWQFzw3QNTXKDYCgERhCXIRuk6Sjumc zB5fHswdhfFPA4MwUbxsr8ag7wUXWXMvOwCfogAugBxO+lLIGF8fBuDPcfcrWt9bL/ UfwoJNGMVjZIYaA2ZzmhBY6HI7q3jqJtDEajWrgfdPB+xTlJBBPSLdojTFkIx10j12 ZNBSMSXaS2qYh9yW/wlBi/EargZA/4mUtrGrQO91UPNkTiaKE8IffZTX8D3vhoHTR8 OG9JYN3wJLxnw== From: Mark Brown Date: Mon, 09 Oct 2023 13:09:12 +0100 Subject: [PATCH v6 38/38] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20231009-arm64-gcs-v6-38-78e55deaa4dd@kernel.org> References: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> In-Reply-To: <20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlI+2vG7XbuVEpS5pxDaAIrEX013t37tEVAfRK24qD lhEdNXWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZSPtrwAKCRAk1otyXVSH0O9gB/ 9FoGr0eST8WBd+FIsUjhsE3d9wYovTCREYw/+Ayy30NkoVgB2HmjZh7K+hb1YN/LMp4ABI6gQv9m7U CD4WfBwvZ66QhtkrTfCIAGZpIQukSOsbVk6gdZYFnG7YW+e8eW3WDSRw9MC8WvY4S8Se1kCKCSUCeb Qz3siqGYszHBGhCUXtGLknYBqrkRfkRcrLwD25GetvYNDznn9zMYXqk6yRPx0AfSoebviB+WXqPi2L dbp5/fysyysuQlZh6LF/DXv7rc3dApbApo0DQVkQsmIg1LX6vsrhlBVTV2UmFdpn3sqVmIl8CtGlBA iYNaW3vGcLHl9DSvc6WgiC/Kg5uRyg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 50F0718001B X-Stat-Signature: uc1j3sjib8p5q8nm3kdoxcfkkzmammej X-HE-Tag: 1696853702-168567 X-HE-Meta: U2FsdGVkX1+CezOAqe4EY0slFTbF8usqFjxid61jVLB6uwvyI/Nq6KjCMKi0+e34VI/G8IJpvVRJVDSOLXbZnRUPfYRxcx9boEKYyXRgba9I2ngB5qOHsWBjyAGRziPfejfbYDH6DGo835ObRkvitb07nVYh4Ux8vnt3YSTHUtlChRxrZ8SbFWrFLs42aqqM07TYka5sS7s35445a1UOUOkE4Zt5RwsVK27TrEjCXZX5sYyC6arjLGedpkXISzOsXXPDWqsPfj3hishReYXgoIC6E+WNGy659DkL43BcpLhRK4ajUEVF6SXW8kOaojr1dghljloH2mhMZQ1ashC+KoIMtoRbkoHxSQOW7hFfn6bKnTb2gx2CbPo1gOL27RergAGmBImU6AaugIM+bjmk90cXKGObRa6+d80L3Jg3lwHtoPnTlXsXi7n9750Tw36kZBw56s6XJhFzG9YPOQl8AdFpp2OF/Ftx6uHzG3936l0YWewEFVBFsjAbU+3PxXHSc2RPjGN34WAauxUhXqAIUN90GoRg62KyoF1mdYdtI70Co52GNJemgDuIEQk7m+xZYMkgOnXN9izjhuyKwMa1ZR1s8C96IFLw2vEvPedvLMo58z4fvb8BTc+qMuBkHtvUqtpkIYyw0oOA2eHYpMozhK6KwU+pd8JM3qT4TRCJcMdC5ALma5ySQNAhHuRu0TaFOiK84YGppZjFRCFtu9Zkr/yTPH0Lwi1AboO8l1ZsFRGHAb+nPJ4Rcc8UwcDGeIjQRgU4vMx8J7MRbCNrNi8m02B6URykdW2ePGYBgZz+skaP4+QcQ3oQ2QAIr3J6SLV6a+M7Y96gAWRHOF6kpLszOkBr5aQhQ5E1eLX81a8+EfNfwGKj3yS350CS7B2IoxFGSFJ4GyOYKxrP9oU6hqF584uv98xeAVtKInqbArJXpoZBp6Be1VfCSZi+IySIZaKdawOky5/EGtl/mJm2G5U 4AGOjpuj HHJc4QUf/iETXFZeFmhbVJ316i2/th0fy8rcrswK5caLL3jNV/ionYQfL48xXY8hKHNZI/+K07iktPMySxtnJOvErQFQGmWu4uVqvze9YkdoO8OJ/UPsDr/wuP9es4VW5Wfy8d4Ek2qjDw5+4eqWQ5uZWcQw/P2d7H/bb5MDLwHoGHtZyiAB/s7xI1KelQ5gJMsO1k+UxEty/IWt391nKC3nQk9vrvmEycevvunVFbvpTuK7vCqr5VDEkDjN26xuTpWhBQ+4u1lgIewDIUkYeDbjBDX2WJm6nomAFX2E+TUysYAskiyZz3ZK/UZZnx0+BDp3kS04lTB3kCIA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT