From patchwork Thu Aug 22 01:15:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE187C5321E for ; Sun, 25 Aug 2024 18:01:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 449F38D0017; Sun, 25 Aug 2024 14:01:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3F9EC8D0016; Sun, 25 Aug 2024 14:01:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 29A718D0017; Sun, 25 Aug 2024 14:01:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0BB2B8D0016 for ; Sun, 25 Aug 2024 14:01:50 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id AFF2D1607EE for ; Sun, 25 Aug 2024 18:01:49 +0000 (UTC) X-FDA: 82491535938.30.20F7AD0 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf04.hostedemail.com (Postfix) with ESMTP id E665A40007 for ; Sun, 25 Aug 2024 18:01:47 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=biXWX8Vm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724608889; a=rsa-sha256; cv=none; b=J4gntAtKzHaTZstMZ9pScvZmZv1QhlpzDzk+frEzannjPNNLWrshN1v3F7E7Gno+rlhYaw Nz9mq4yEIBzez2HXamLLiywTj17r1geBvbCEMq24sEgoORDsx17zGMwqiBJKcuC/kYb3/J K5I4A/GRjSgDjqcJpjA3LMs/joQdHrg= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=biXWX8Vm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf04.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724608889; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CwB59JgD3FuheyzKTwz2vjOoF//eHTQYWUyxUcRZBEc=; b=sUjeKboLIHXxoHxET70XFPmT5VO/D9gelajsItmDvmWZX2iGkt8Yf08PxC48Fv34JsuS1A OdwyaRdE8xGg1RXK7kHEML117wl87X23G5u+EFV2HqAEIw8fRtPX51CPYnr0hKabaEfpEf U5icKwI7XXH/EouDumnLirj1+Dnmy8U= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 706EEA42101; Thu, 22 Aug 2024 01:16:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E568C4AF0E; Thu, 22 Aug 2024 01:16:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289372; bh=aXGeSW3grtLdSnTdx5+gSzbAczg0duMe8mDGJOGSfWQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=biXWX8Vmk/JOEerWjDB74EBnxWrPoMhMtVTPsc2ex00mX3Z4WCLkak9FasSKXhtvB Cdt5EJvv4aDcPjTOAawQHHFe/z63sQ8CdjGvk+wYlTUnC6MkVNvJGX/iYIPsj1W2I6 TJfatKx11NUzQZwL/1bGaCwx3TswneR9v4SaF95YOG4s8cznuYv6vsLeshxrwoByHx luNNZfvHuyrW+0Z5Q4Hnr4j2WAfiPLrc8TG857PL/s/veslHmJA2UnmbYK27PxYtdc +HpqFlIFxEkK9rzy/SjB/KjVFUznD3lLHW88rr1NGLDV2n/elQf6LN7gnsFUpmqSe1 UBxqZua1NkrFA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:04 +0100 Subject: [PATCH v11 01/39] mm: Introduce ARCH_HAS_USER_SHADOW_STACK MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-1-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown , David Hildenbrand , "Mike Rapoport (IBM)" , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2693; i=broonie@kernel.org; h=from:subject:message-id; bh=aXGeSW3grtLdSnTdx5+gSzbAczg0duMe8mDGJOGSfWQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEkLhJIQbUOFiiEto8Mgop3OIshQ8p27HPLildg xhM8QJmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRJAAKCRAk1otyXVSH0GjtB/ 9JsDwl0HJhR1EO6wLHU8IcpvE5PJh892zoiYHI0bPT3Bqx28uTpDmZgrddnfXDarHeczPXMd4IzEA9 f9MX3Rkf6ODFlmACfOskT6PjN46ZBEDacxl4/smys5l/OdwpESjek5/CKD3p+viOUmeZ2uzzWQk8BD q1ElW83iGLq0MJokj0H/TrrJLg0+YkeeFCI3luZhQ/3IgYVYsn/pKcfKFMANnnfujKqAbTgR5dXsiw e+MSvPJLkhTHKnJKTNkQ8wyJlIjd3vyfzF+JyU6q0Eq59YN8GJ6TIpmvaDbmt4OqCKaiIYX6QVSjzt atiZSvCiUkNgacnNllTEUuU71/HB5v X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: E665A40007 X-Rspamd-Server: rspam01 X-Stat-Signature: hdeaazxfnshg5ox5bxq5wrymmar7xr98 X-HE-Tag: 1724608907-209824 X-HE-Meta: U2FsdGVkX1+JGe63805q5rTsyCaGSz0RMSSaN28W9YFmEfnEovu6HfQ7RJQeEkwJuEpn67BN8xwMrGB0iNB4Odul942zj3u8fEkoBKIxSnm3hsJgQc6D7NGEmGtvKKFDJsvU+rQqVzJZoqc94i8hO+K8UjQwfLoXYV5KMjExCnv4R1ESjP59Xc/SLxyHZeSjttLn+RMEhKXosJ1ZazqQLjvharS+f8hA6g1cDWSYnxFbE5BALDtUDPKRuu0S9916h9RX4+/bVHgaX8R6m4znqrQLHzHkVM+YyUJ+sJX9UIWTRfd3VSJ5/own5giBuWzzehCJwJvBQT6dOEY3lZVGYoOR5RKSUlK1rg5cDrGdIj3iLBfpRxZONacRfD7xfOxD0K4UGPlVZ8zDXyBHMWNfmGjuU6XTTC1o8zps0BGQzqsrKW3NmkvQaweGLT+5wNgCEq+T0e6v//2EX3i28nFBdUJIDpNly3208/12dm+jQC7lQ6vrYUuZ4NSajVvYL6HuXgjw5CrwJJOJCT6vHfWLhY4ZLYKRLKqOeD0SYpnfDGKduvp2ZjyER0Ce5o9cQGMxMutAAXRAsW3hOiwNbmyvrIXcil4xGnE2b6h6xG78pTaC0C4esZ9iHaV3f0Ipqf6no07MxfImKQ3ZZWheFX5rwYeASVJgtElm2LmIO7klcVpXe3grGc7qymUUspBF5XGmH4cvJfB8rHSsE/7XSSkPeGxn3ychSpMHICvrA3b+6bVGLLZaDZszIERTNtrR0zJXKKORkvEE49/xpXuEPWTX/CO2f5ybnItzMoC6tH0fkvR94ghpT6mzNZXjYzsm3LTM7zIaePKlthSI5vEqn1cvac3CSG/pSCWmqGRbiNkZR2jdxgjFRW56Vj1j2nzAO7Tr8CGuYWWIT8sOZvmjmp0WGO+3IvFnE1tjaDNiIpMQTRos0OP+pIt0i3jEADa7o1Fq+PqoPmeIlBNBorZoUDc iQjHe+eK YeW2Kr8w93eU/nszChqqfemr5R8m4zLy+5xXLVWoBEbYnTtMo6WBtr8DKX1Exd921AN0PcaK96294NOv7G5kMbnu50/oO5Zcx/2jeSrvXKNdci8S0nG7w9z1hI5k3LRdLheiUIzFe6VBfF88nzw7FCIBK6W/nsfMKksS5/p9DjQQ2a/rOm2p3t6NYM9VQ0gsyBIwtfYXCeW4nakJcHIzOT6KxGvRyhxmFvc+CN9tuTInKxvCGLTrYW0H31ezW9gPIX2McwIwRWOEczSTvZlW6KZk/OxoWVEkP4KbxSW0xJIXJof0Cln9nDn4D4NHGvWXox5Mgd6kubpkYMPwMQebBz4nQtBGmQGSC+sbgDAgbQvfA8lcHf3o1qio1PP9R82PPbRS2q5dq4W5wZHAo3BT7RUZl51VJzoJ45KUyqD6VTPSa7HVHZDOlHv4U2DaNMHYI6WU/KXXcn4BguOGUWIRfGQABZyX2ni9Qy+E0oRIwAmfD5cIN+HWCggkdcqDowuZm2nyi+BojKvU5kKpYWQr26mDgmdADxX0oL0s/TLMxMJ1ikF69/HEKp4GT1cebNo1Zc+kHTWLQN7BncAoCJbhTdy/s5pdEGyws268UPesxiAtQoMxhIM6ddXJsy0mFWNf5Ysjz X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since multiple architectures have support for shadow stacks and we need to select support for this feature in several places in the generic code provide a generic config option that the architectures can select. Suggested-by: David Hildenbrand Acked-by: David Hildenbrand Reviewed-by: Deepak Gupta Reviewed-by: Rick Edgecombe Reviewed-by: Mike Rapoport (IBM) Reviewed-by: Catalin Marinas Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Signed-off-by: Mark Brown --- arch/x86/Kconfig | 1 + fs/proc/task_mmu.c | 2 +- include/linux/mm.h | 2 +- mm/Kconfig | 6 ++++++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 007bab9f2a0e..320e1f411163 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1957,6 +1957,7 @@ config X86_USER_SHADOW_STACK depends on AS_WRUSS depends on X86_64 select ARCH_USES_HIGH_VMA_FLAGS + select ARCH_HAS_USER_SHADOW_STACK select X86_CET help Shadow stack protection is a hardware feature that detects function diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 5f171ad7b436..0ea49725f524 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -984,7 +984,7 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR [ilog2(VM_UFFD_MINOR)] = "ui", #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ -#ifdef CONFIG_X86_USER_SHADOW_STACK +#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", #endif #ifdef CONFIG_64BIT diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a20b76..3357625c1db3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -342,7 +342,7 @@ extern unsigned int kobjsize(const void *objp); #endif #endif /* CONFIG_ARCH_HAS_PKEYS */ -#ifdef CONFIG_X86_USER_SHADOW_STACK +#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK /* * VM_SHADOW_STACK should not be set with VM_SHARED because of lack of * support core mm. diff --git a/mm/Kconfig b/mm/Kconfig index b72e7d040f78..3167be663bca 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1263,6 +1263,12 @@ config IOMMU_MM_DATA config EXECMEM bool +config ARCH_HAS_USER_SHADOW_STACK + bool + help + The architecture has hardware support for userspace shadow call + stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). + source "mm/damon/Kconfig" endmenu From patchwork Thu Aug 22 01:15:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 07A8FC5320E for ; Sun, 25 Aug 2024 17:31:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6F8458D000F; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 67B9A8D0002; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 51D968D000F; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 302A58D000D for ; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id BD9E91407B5 for ; Sun, 25 Aug 2024 17:31:49 +0000 (UTC) X-FDA: 82491460338.07.60C4ED0 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf21.hostedemail.com (Postfix) with ESMTP id 1D6A01C000C for ; Sun, 25 Aug 2024 17:31:47 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ueVLaK2M; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724607089; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=y8MFiRWNX8QBiT1ZHueoXKSRylaNL0IKogb1Ggfg1r8=; b=VrjkNPRpe11oYpuK6Q/f+J+WfzlO//gkhtI6Dm3OXtNESXdd7Qk2jjbTCWfcM9CASKMrnh X7Bv+0RcyyOZZJKOYYY9oIFC1YW2/5tvDk/HUHQ7nNbRNzlU/PguPm0+jxLWnFDDy53PsP MssHCv7ea0GeIMLEgIsFdQ4i6CFp5xM= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ueVLaK2M; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724607089; a=rsa-sha256; cv=none; b=fiyoh9eVKzdF0udofGOJ5ZRWrg1d6QkASl64IoxNAlaJANhTuGGwP/VEBiKc9iKd/A5YBm fMV4G6Em7SCoUymMAcyeZDpBBjclVe7oXJDerkzSaKzkviTK+Nf7Ib7faTyurxrj1CEUZe PbsLDwMSiFtefIYMuQya/eLNi/OvEFs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id DCCC9A420EB; Thu, 22 Aug 2024 01:16:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 666C9C4AF1A; Thu, 22 Aug 2024 01:16:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289386; bh=pHfZEKDzLLM4lr4zoXfluscujJ3LYl3h2pXq/J8hLlM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ueVLaK2MsY/szyYEntQjZLCLmSRxuLrl1Gi44VBoYEOUxf+EFs125s4/3ol3QDM9z X0uq0oLUomlTmF4IeqLnycgtWjo8hG4RUpi38YDJ2yN9GCnAIzczWfCfqV8UqCLsa4 LgV/BxdLzAWfYKAQhJnFfDy6vMkl3H4e1XZvscIMergMM2DXlg7qUST8B7BSL15Dy/ ACGCdswfAW7EXeh1gwRuId8MWV/S0yfaUQY40OVIY2GeKOKZzgB7uRR9DruoAnxB70 9FP0XaInJ4IhHow7mgbNG98DzxHE7VWqcv76qbyxlEY8qorNgt8+kQF6tVXk1MJMl+ 8/GTtxPOV2fUA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:05 +0100 Subject: [PATCH v11 02/39] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-2-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1425; i=broonie@kernel.org; h=from:subject:message-id; bh=pHfZEKDzLLM4lr4zoXfluscujJ3LYl3h2pXq/J8hLlM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEl9voS9PP73u8VNnhsmW4oYvOczA8/d2TEsErN Njv4/K2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRJQAKCRAk1otyXVSH0A4CB/ 9MXo13GBv5ic9iHD9QnaDlTvnWnODh6Vu3DTv6ZsajAlY/vDbpNjNksJ7N1/t8aGXvs4uy5ICkLVG8 ixe/6vrw8GsFJ/VPkcB0maOlg61u65806KML6g1ycIYyHfVIcoLsGmQl2I3qPvDMqQqQgYi3OEaPJg r00Rl8ZYS8awDvmVP8whjypeAEPDSHoumixJLsW80rL1XqMP5IupEhOudxgROA7nkEslitEzwyBzxQ iiZ4Ha+a1V0f9GGhGDZH+hu/Rmn4kPGXRm3HE6dZxLZpxa9ZAgggCvVPjYL6cKjTqwdjSUt/VRNZF8 wquclYiWd2K+Ek6E4LF24vGnbVv5DR X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: pmx757ag8e5csxehzhzh458pbekjoc7d X-Rspamd-Queue-Id: 1D6A01C000C X-Rspamd-Server: rspam11 X-HE-Tag: 1724607107-4445 X-HE-Meta: U2FsdGVkX195XKGza+itYxSiSpP0sU0ggtvJ/hZhy4uoAaCI94TdpR3/qyxrM/veX9T0DhnuJSXjJkJIMGIdrnvumUKzEy2C9WFNn6kSwHNk/ZggMNSQJdX53/UpZZ9sNJ2N6ds7aHRMUQTrBVsKoL3bkw7cVQ3TXWKXbolndzEsLzdTKR12aIpuUvgjQkmKOknqbpvNfuYT4Jj9SVrzhKWm1DTbvh8BLPJk2zKVaTZvcn6lHXNlDOsqBGBW+xVbRZpxm7stBelsBqHhy6h0K0qL85WhcRyCamD0PZT1FnQC7Nd6umXeUSbuObsGqqx7XzyTuDntUkcD0DtSs9gvb5EfJBgep1dMvstreZGAQaHcnuf0HsdKAnhUUkwzSQy0vL6Dyk5ge4fR29saqSJcQcXPca5dsZ4+KGPtSlFpwUI/UtG09YOarMSaLQjJdi9mpSVIcfhuzNShBxplJUrHYi2Jz3joTsm5MZRa7r8F1VtoHmeD0NjFmp4QrGI5hGoCVEsIqcuHORQ0kYrn3StB45YXtEy3hvQhw3LfLYYa1CgPTrqGOyPdRm4eObkX5MA/wkU8I42gMjSfbBIM5vEhbuVsMY8c0KPuRE2QFLCEFPtLVj9hZcf4wTVybgxW/MPLQPzgBPXIcNhD+AyInUnQsnFXMcYN8o2cNwKaWqR9R8LGD71XTK6NRHSc+fkk3L03EDQ4+sZxTZUcWdWZLcIMKPZ0H5pRsN0LtfyEA7Ip2B8HAp2ldzTwHsddKpp2X+3EAgr+KRnIAtHTR/pgxmulUcYzBorhrVJwAIaZ4bTjYVCXR1mca2KDWNFt4TiMPTqM+HaNUdIPRsOSnnIoiFf0UAA14g03GR12kIxBLaNANo4uyv4YUGHpMPACxaF2HLzXnvsCCue1Iotdz07533PxjVJ78N9LDLpcjhS5W6K0qCW1n6VzozZhZYvEC+OCtahIADT90xgU+F0ZNQcc17m anOp2g14 hg5hEDL3H08YN+bovfbpK8adNLLbzd0GC2EoSrau87U2cFX6MnWymUvarslUuRwe9wtBAvYNEe0rj0sSoY5ITDscLc90WH1LfLW83EtJIZlytKzu/v6wnTqEp22SgvuOXa1LemHfHyilsrOiJg4gptrxGisp+BlILjZF9I/jHeCWvUy2LSkw8sToos4JrTejC/XWU9gsZZb2+pYgXXPKTqQBJvH9uz5XyvCrLG2MinsnsTWUIYABMQNUkMIXChadKWqQ4vXm4EW7VH5Q+Z+RL0VN8YJ2cWYRhnZrIuzKac2RRDeyujpJ8KK1wn8cwOtOW7ZQJyj4TlVPlMcULSLfPnpK0TfGSrfLsOtTmkfrwB6Y0PPdiLmBToVh2TfCs1bG29cSJif8KLnhTs5prtB+TsI0imDUFEagsyl+I68GS+6BAELl8cb2FdIA+96vhEK85uXirgLpNhddnzewHVWyab5kmxVXxexDzIdekEsissc7BDrm7VJln3iNKldRWIib9l/EvIW98Aaz09QK/7vYxvkOjcA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Thu Aug 22 01:15:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776846 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C7C8C5321E for ; Sun, 25 Aug 2024 17:31:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9BFC28D0002; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B5738D0010; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B8BF8D000D; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 2F4AB8D0002 for ; Sun, 25 Aug 2024 13:31:50 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id BDFB21607CA for ; Sun, 25 Aug 2024 17:31:49 +0000 (UTC) X-FDA: 82491460338.08.C7D46BD Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf22.hostedemail.com (Postfix) with ESMTP id 189F8C000F for ; Sun, 25 Aug 2024 17:31:47 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LLU9yqwS; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724607039; a=rsa-sha256; cv=none; b=U1Q5D51IfgOYP8J9zYAlvcJAqBGQdAb2CBHiRy1ZEScl8ZegWucT4Fj3CzoFsZieg16zMQ GiHPrZvl/FGe4e+Fk/jnF9FyucA7FswVyCa/SZV3ShGpRCd8gDJK2XuoX2WmQn0f4TmT0c I7rnfbs2rv+cw8lGY/BfPi/Gxzz62g4= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LLU9yqwS; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724607039; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EJN8RNnYmCJzR88SVnfnXKM0lDyz44SjLAMsegCd2Y8=; b=fFyzuu3M8hkoX2V7L6cBYhq1e9tFwhDoMHpjdj4snUcTtwFUodyQe/MAzl0DYx1xyiywn+ J4pE4vzYDAerOaHOl6i0Ls/T94SJ7nF/2swyc6TOyAXoVJvEKoQiLrmSSdySatVEgnEY8E thjTKH4QuEwVQ+3wwVKDIukVNbGgXBo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id E5395A420FC; Thu, 22 Aug 2024 01:16:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 103F8C32782; Thu, 22 Aug 2024 01:16:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289401; bh=RTcnwKCnbai8FTs65e4TvcOIdbpBUk2hXTCc6OzveBw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LLU9yqwSxch6MFrP8tnNZceidPgjpIEkIMwk/qXQYo7ntV/JhjWtqDRRPHUFgsGXE Hx+iYD7VBlv3+PxLGRE0XpLyeL/RdWks0gTPfhMfFhJYl0iyQ9JAtjmFOHljB/gVK6 NEW7DH81A08HGAQjBV1XiWO88s3X0eYRXXTD7tALpVFk6UGaJKvosZ0kuFjudDFNOt HTU+j/EsZFLm9xhS1YdAuHFbBawqaPCRnyeISngLKYBirNpAZFV3J28GVjvIMjV1V8 PIcK+TTw3HJbs6tmIrlWidfskUIZzMLpB0oYX/ZLK5pPgjnEepKKHpXdt2booN1GgH fPqYWZ0ZI7mYw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:06 +0100 Subject: [PATCH v11 03/39] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-3-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=4949; i=broonie@kernel.org; h=from:subject:message-id; bh=RTcnwKCnbai8FTs65e4TvcOIdbpBUk2hXTCc6OzveBw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEmmIVD2Zm2u/VWnYf7Sg6kYVu6incBd6yxRihZ i7+VTG2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRJgAKCRAk1otyXVSH0AUrB/ 42gjPonmMebgIO3VegHoGWbnRry0JQ57FqxHabGM8rSB+f4ltZd0tz1GUs0DsyOlbt4cKPSc+25dfK 6OyG2PBA2LRETtAIfrK7LLrHa5zfqeT6oyeyvBwTli6h2m31x7qwR1khcW5blFTclPDQzyZHKeucHw tUT2K7ZrXpPcyvun8pMaXE7OJe6my6s7tmkUm8Gxm5UgMCPnBi86GQ/Bj1p5I8qqk6D+xgemQ0kHMh xVyneaZ5gqZ5weRYPn+FfkosN/1pwgPcw7iU3xL/IXjWVh7phjKKxDXVGwaGgJmv/W4fW1jwbDZjij p0L3VXPisl+ZdGtK1bQ7sWz1WZ+Qo9 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 189F8C000F X-Stat-Signature: qpzp1retqefbwxi3q81rnqpn9tfbb319 X-Rspam-User: X-HE-Tag: 1724607107-904445 X-HE-Meta: U2FsdGVkX19MMkccCRcNIrs0LWeFTlZY4MtSR5XMCPxqYcSdBT4zpNCFHEf8cKy6sW2YOpXuWvpsa2Bb0JDRvOJeMNPwWzNMNQb9bul+ZYagidrY/8qwSPiornNl488fnGcM9giSCxVDvur5X8nNUBir0QZrBuRJySnwyPGhEA/sDHA+xK6gPe9smwnHbsbkntJ+v1ihS0qWmQ8OGJK3I21QIsQbPcNaaOTZA5kCgRXtUZUhTLxWtj61Kmb6mvqEUP1Gt4MhsoxLTVn81RIE68f9pP0rK7BFz1j/f/C9ikWLaI/P+lyDS7lzgvifXooZtWNWP+ZQsVy1lalwVNQShzF55hE8AH2jk+rEaRov0x7THHynM4Nqula2zDu5sZ6Ae+6t65yy97ZUcnLKZvjxM/kUraf/Le/PBSMehBTrU42fZaUEozFWUTFLozF/pXZ9bHQeGwcPoBdf3JuQ9RXCACDM4wQRpJdG/NtdTE30qEy6ewWFqrrRQ7oxr9RXj6pSu+yuQn2P99226Ukf11bSF1N0UFqF9c54KEqNWJhNxbuVn+2WrUafT0K1cTP9DrUtwYXBt0gMKS3hef0z1dFhbCvL+IHlSyNXTdPtAY+EP/QKCkT59JF/NiYGDC+bmppufm6IcKN7t/bATr2qrgQ/HNLhhWw1QW3H66r4t3Zo0hiq9334NaNY0srCEXvwMoBMY/MGAHdP0adpE46LKseuU0BXameUoDgce4m73lhYNUacPXluPtw/dEj4YV/ddfo8aQlg5hCdGDcvDsVnSJmIwK1qUreY98WtixWLVpHxB5USfKPdz+m6dbK4aRtgZR/vt2RhdsXUcrQoskLYbG5lOO4r7Hdcyuu5ZNtUHt13si+IV1hDmxPoIHk7g+gt5zErrX6XfwCfr7pgRbMjPpsOMHWXF4PPhZPRpMllj965+aavkeFB0CbWMjsa6b2JZv1beo+pV6xWD1kCieaMdYS 7W1Edpqu /lVFkWlEcGw+CaFc8ooDIDnTV+cMWorqK+eICr7x5Ds3HBqPOdFDCgU75YTEGoirLN9k1r/nU/J+7aKY+3ROjPPwoExKZdd0xqe9j/ZwpanctB0brMwQH5euUx1dzygV526LStsO6tmYa+5mvk/+4a7Fvjg/4cvyi6W6qNtGtCJNMB6eTXL6+6MaZGCPaER51QbomiKzLH/EAWhvxFPV3ClziJ0AG5TlclEvaLu9gbtA+qrpMg0mYVjhys2uQBLhMMMKMFxrIbjgVjk5CRyUn1S3996mTagPxIPzM4XgP+wBMEUBOSdQNohvbm9Uw8d9VR0jV0v5zKm0IKMqC0nI1lF/DNB6y1o3w7jDYNJYhfRpCkStb0yt3nULCco+5hotvQ9LTQAxOmHvpfnyOtLqS2j+UnEPE7FfiQOOQtngwLemP+n8fI124Dvu//DMkGL4RKPlUsfo2K0BogSIesI/Gk6ESG+vTt8zLXwbkenqFPr/Epyk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 3357625c1db3..96faf26b6083 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4201,4 +4201,8 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma); int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 35791791a879..557a3d2ac1d4 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -328,4 +328,26 @@ struct prctl_mm_map { # define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */ # define PR_PPC_DEXCR_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 3a2df1bd9f64..7e0c10e867cf 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2324,6 +2324,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2782,6 +2797,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_SET_ICACHE_FLUSH_CTX: error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Thu Aug 22 01:15:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB968C52D7C for ; Thu, 22 Aug 2024 01:16:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2DAA26B013D; Wed, 21 Aug 2024 21:16:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 261C36B013E; Wed, 21 Aug 2024 21:16:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 12A8A6B0140; Wed, 21 Aug 2024 21:16:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E47CC6B013D for ; Wed, 21 Aug 2024 21:16:56 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 563D4140431 for ; Thu, 22 Aug 2024 01:16:56 +0000 (UTC) X-FDA: 82478117232.19.8CCC1C7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 8166240016 for ; Thu, 22 Aug 2024 01:16:54 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LGNDWsFl; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289349; a=rsa-sha256; cv=none; b=Fqv4dMbL8MYYDJBMA94eHA8nVPncPEhiBvpUGiDcN5YmJPm8DOF7jU2SlzwRWN/V5WCnyE Uno8+FpOsFYe+yZKJ0Cv9EkdSQTyJHXueiGjNGzQFPEpQX8Ms27LC5N4glfypmQTTwBHWg aa8CA2oaDOX0SGsVcBIhZNdBcJbpyxM= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LGNDWsFl; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289349; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oxtv30NBraWOLLwEL/vWBgxKgs+qGBnLi08ra/C2LTY=; b=m29ux0dgWsxE5d5Krl2vD5eslUObVtOrDjyeyYsphFt/hFFUhiRQTUjGLaEdB8HdXbluHy ULv7BH83zD+05zfxwjvtXwUljgXX7dg2thr7m12Bxhm5to7ZPvrilCUqN0aAXaiIRhGA5u LKCyWWuIFCFKEOckE+7RZHvoIHpAS9w= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 628E9611C2; Thu, 22 Aug 2024 01:16:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6297C32781; Thu, 22 Aug 2024 01:16:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289413; bh=/QxGsZ7kGu5gcX/2Pir/IdpixOHnIz8YHhHUjvvkxmA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LGNDWsFlzxJpsLAVIpOQEC5kb6i5ctYSjTkS7zqKfYjDO4HeXm79/cVdBPJvmur9S od8xZNlqIyVK5T1bqkMmjcHzbj6a0klUysAlpQi2Yhgih8mzhbij+KdMseAm/FdQaF qZTBLHdveQuXmpCBhljTF9L8u25KyBQ3UkEXKwWG7h9HTFhHMq/8EFjSAASEO69fhU Rha2NJPqhAg6/O6D/yn51jj4yM7pVQ00gtqctq6vmIsGxMeZC4BVUrbCVpCVEvt/v1 72uY1RjlmTcQPUSdvy9x3LJE8vZby6RTH8pn89jlq3aBz6DUaszeHlYh35wZz71MjV TIllZc2KTvXAg== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:07 +0100 Subject: [PATCH v11 04/39] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-4-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1882; i=broonie@kernel.org; h=from:subject:message-id; bh=/QxGsZ7kGu5gcX/2Pir/IdpixOHnIz8YHhHUjvvkxmA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEm5kN/wk9/KZfcaloebeKbxKmUlgdTlw1GvdtV QGljy32JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRJgAKCRAk1otyXVSH0G6bB/ 4oIpOZVu8Yo9IDRGCq6U5tCs4LXytwZCRgOuYex97b7Nkcj7jMWi4RhwitRZSfcpV0DbYlyYd+iWWW PXiCwTyXg40ZxbW3FSHAb0/7l1IC7zergq6B7kZ8GwyGAdYoI2VWcL668YXJJoQLkv2B67vBzFAWxA 0aJoPCixyep42bVyjfHhbxUWuUVTm6Azfs8smOLro0yiE3SO1sDbg9IHXUv8KRtBB+liDWGGcGlCR9 8cZ/Ui5XrZeRA2H2ClhqE8XtfVPG0YL24APKug6j9UtK+9QI38fi43WAWS9vEmgkxaxk8WN+QMdAyj N6cNfGTWdiZ/qqkbem1568AQ3f+9wl X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 8166240016 X-Stat-Signature: 9jshi3pfgqzd79x3auxjspg9n89mwhpj X-Rspam-User: X-HE-Tag: 1724289414-468507 X-HE-Meta: U2FsdGVkX1+upBBLb7hXFXraS3itGuQJglv8cFErIlsEV6rZH2FZceOe+MFJz7uJ6UDygaCcf3hshbIomvxGb8M8UhgjDO6xbW4WrBWlW7ZOXGXisNC9RugiMIxugxQ5qIVjrs1E1OjFYYW7jnnsGKxeh5oY3/f0c1aBD4s55XP3xjbFhYRMh6YHVvbNDILRyWf4LTBaU4oV5I6MOK5rvRBcSdtdRb2zb0/iV5VlPKYTWJZBhpIojX0Ckzr7wa3c123W3SPCqekx0l2ako29j9fjA/4nKjmOOFrXwUIkJRBJ2tsZ6SvrB6gg/CW6xydHzxXlfgsjeM6jbSEcFYVCDCqIXWdoLpMPB3F9SDAQEWYjWU3OC1zoV81SvEvBzejrI+9Pltuj/28BoKzKMEmlVKiwUMP707sehQ17N7Pb9zsggbVpwKH/AEzVegp04c/iEAsMHoVQc0so7XbIIXH8BSaa69MG8otB55nmczMxJIOIIFpZCGG4BbKOBknxKsbUdYZyQ1AlKmC2py3936BDvr6K+895i1bzqS2Cy6q6HKm359xV8hJcVL8SdeVwY6t/n9TSsP9ZG4BQGB41ktMO3jrRqsXI89fmvLsxsvOEdkAmRse+FpBlStp6Xn7meBvYDfKVTGT6ZYdt36cguWejW8GjkKuSFDlPzFzsjUYMjWfWQrcWKn50sH9BQ1xzp9oN5Sr4F1SbDgmbJBIHAHekGhr06HGmiAJgOG1K0o9oQFqTBVGwyJxnVfwvrxyKxb0c3bKo4p52wEjF+EcFEIuxt0xQHBtlKgNGL9WiYBo+E5SbbHe97nj3QTuxTiNprTWaoHJJyuS324v3P1TPDWQPpzmTE1gkfnWb9lUboeec+DPwunUTNAUmp46o3kv7HVnIcLRPazX/L4PYMgOtvjYvpPjBhz8fvqCaFPsK8WJjmL9PoOvMpiwWXExdUWS5ijMRZOHsUv7ArejhLfdLMj7 r3MJuhQ8 M0lfGiaPag4FOjQf4I41cELvM+k4qMDZnKxnLw4R+/0rTQ38JAfWx204q6cBMpjPzWxN6z2kgGbV/VeYPETfftjZ5x730P3oIJ+WhXdqZQq3Jc4dikGccFldskhvKZD5RGtweJPSIG1FJspIgJmtkuhb90GRMxVz7QYuh0m7fya8t2rz5pkBynyPxfnhUzpWgPy7VTjXoh9/iKfR8Y65SH4hSMJUL7xv5yT09Awl4QqTKigQpa1ZFMEhVMt4odER+AZ9zIany3p1Wsr06R6QzB3zH3DzHZrBl+Bpqqjq2eHhCIxplNs/C1Wy2yB73iYUIRubtcHoUxaE2ffGq25w4ZNz4m9+IpUkkx1JB3bVJLrn/ikmCTuXKSO8RXu0rTCE+1wh1X2zYkh4QytAxRbDw9gasHSVpR5Awv5EPWDz7LTRpd8cCiRqw/XhsxMw84v4sdyYJj80RE0UVfOAVMFrZZw75X1telxQZIplAW7schaJaBP0NgZ5RU7DpzQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicates that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..5e3d61ddbd8c 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack marker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Thu Aug 22 01:15:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C974C5320E for ; Sun, 25 Aug 2024 18:07:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B80B38D001E; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B2C0D8D001B; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9561C8D001E; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 5BACE8D001B for ; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 195BA1A07E3 for ; Sun, 25 Aug 2024 18:06:52 +0000 (UTC) X-FDA: 82491548664.19.67C05A3 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf14.hostedemail.com (Postfix) with ESMTP id 5D681100011 for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ia0J7+D2; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609097; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LWl8wA/7vB6uD39KWxJeBhF7D2ODqrnkjUzt2JQ0wmA=; b=Iys78IF0TfFzirTXFAzESBFrRmeVWDqzXo9DKu3owYhnFqY1Uvme6qPwHKMtuld2iTU82p vBWLwmwzXdc44o/bVCxXXn2C0Vqsag08gy59B5nmSgN9y4Bs5DmLQOaSXeUfvlmcfIlNB6 lvVuWM/2zk+HCl+rX85ZRAAK1gEpqO4= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Ia0J7+D2; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609097; a=rsa-sha256; cv=none; b=tMbE8I7gfQkIdiKthFzA4PxEDM5atv+CGP0z15NgfbqSjgpNHDduYzD95d1CpfT5SRyg7b W0tp6X09fSCFh9GF+VsmoBBrZZu55yL0e6ED6LXdMTUOaZB5WyYnbHtgaCkxrZ4uNjo1iw yPNCqI9s7hbpPGNjp7tQmpYydzxGtKU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id D8B79A42102; Thu, 22 Aug 2024 01:16:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4565C32781; Thu, 22 Aug 2024 01:16:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289425; bh=LciwolFLXXLWXDnsivqPJlAtVDmmbm43hS6WTnUcp7s=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Ia0J7+D2NFXEmERA4MzAXLz1pGlb+558E6HkoadFLR+MbUfLle7EFSSmcioe5NUwP FtkqMMdEx9UsBRQ/qORfUHBOsxA7OKwseQ/vNExKFBliIoDiDApWvzNXNmGrKWwGNu r0yFtmaQOxeXmR0XePqzegx7CFhuusQYArnikYtytNSDU0bYR22HjH60ectbkksUdN YDqKjUMZw/qGiw9MnNFna+T+E4gv806SFVvkWiF9bjxcEQB+e3TjyPh2eZGcuKbbxp 0fHNfQGupmKdAN3PouWeIIcmHIAKnGxvPb95W+cCIORajfoJhvSds4S0y8PIQnzVJG 48L5kKMqPA3eQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:08 +0100 Subject: [PATCH v11 05/39] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-5-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2324; i=broonie@kernel.org; h=from:subject:message-id; bh=LciwolFLXXLWXDnsivqPJlAtVDmmbm43hS6WTnUcp7s=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEngL7Lww4m52gXKTq1tKoqIVBC5xOmnd+rCOx3 nXv9/fOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRJwAKCRAk1otyXVSH0OYEB/ 4xlpXpmgzrKErY1qHRUkcTUWg3EYHQ/Qr01sVqb0Ye+5PMjMVG+CInmO2KRkZ0gkgHMlZcu9ZrWqeu 9rqYTkoaNj6IRo3kQmDFpOD7tSHwV3MHynW814M1FTg+A7qBtBCYE7cD7F9TvFm8+pKvzokXh3URRT hyu/gbZg3AW9s4kkAmNCa7t9G+ojCK6ye36D4jnQ7TT3NPoGgqOxHLnscslbvspCdMaE10YWE/OxOk bFnTh3K8ymWJnUMi0vhUvhnn1ulrNSdMfAW2DJcqS4JKKCk08fJmGK6OdYmuS1eQCWdxCbBbgifIBd 0HuxoIfZvO7cjXv0Cl2nzl+EJ/keuT X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 5D681100011 X-Stat-Signature: ako4m5mgosy7x9cpd1wps3ffy5knh7sk X-Rspam-User: X-HE-Tag: 1724609210-455194 X-HE-Meta: U2FsdGVkX18niyTkS5cNBKkyJRNrI9aqRJ/RIrmYebaUT6MGp66y2DSIYMFvlWXxg+bE5k0bgnHDurp6K3pCXxITFEi754xShGrDyDOLjioak1nIdiwFZQj+stfpUPt86TNqELH1ijTLLT6iqO126xA2DoG8fBYj6qqtZtJAj5y/OKHa0vCLVNi/vWJ9Fb+6nDLP1Dcg6a/VDzco+NXZq3BXtxuFsZgG6zWY+gAjk8XcdikFBGSJGxay+SacNT9ZI802LvwA9nPXQJtJTeqhn700vTSw2p7xRSKpL56GEcGmzAgAqCZrOQadp8G+SfRZvpuQNVm6ooog76BDIaLm6MHEWkIdDZ7Bi7zpaQZwe9InDg+dueiax38qFJ2+5bAxa8G4Lu7TXt9j7rDo11Kb+Civa9JrLGZVVhBSsK9Ocr8znm+ZkfIIYZRANMcgEnMjKAqAcE4UYTWIrEcGk1yAI+0AtiJtkkAkFfj8Q18gLHpEXg5wKFXIQttMQYfa8XByvD4n+8pOBnhN1P6SaJNoYbO+gPMNfsu9gb0qiyNLBpFe8DDOJuioQsvOsDyg8TqhJhGp/zk3qF+J6BKaq5+HxhhHs+uuHpiiRzYDK/1ngCriiG3W54wo7O/7FW3CuFoMctpzc8VOGrqbOpii0f6UJObRKVJJXy1qdi7gPXMR/O9bDvjce93wWknM3SSISzdrBlEBe7Omkxd/0rVCcajiA8CiXBfawhE6yXHlfwaTMZIxwIkp7TaiG57CMxqUYRchRaxJ4znX6EjMinid1zcTDXrNdeALkNp5WA3bIz6NrtgZFQYO/mITezw/Ts5q3RfAzTS6xcbfYICw3P3jeLdPkenEBaroiGNCuNblJThJRsVl9BUcERnR+aBjzbEUVpGG6c6fPNihfY8i8gJncp7vH7qMOmYBUTGbLAE5q7HV6lr8o2FGJn+8DvZBjCgJag4TO19rfGve6ql7uB/6z55 cA5KhLqi o+xrxQNU/3Vb55ojOAejMbsBtqlBBh1MNjre9kqFq3lKa45Bm6UKS/GkV8uheBrnBmH4bVwaX6MjcX3kgWJOmpLLVLPXjG8NoIe5GrQ+7iuryS9di7W2r1GQoPBHpMcb1n225FcWZ1sheMnIWJPJBGB8R/KBpTKgJVWvshg6651Pf2ITZRIv/ZceuyhvwdjfiUc9+k6E5eXf7TIHJsuEaO/72qIAuQjh1du35ylosNuWkHCM8IJMlV4Je0TVON0Uy/AuT4XgwTYUGLBnezQ+8D/9KEJz55QRC6ET6nw6jzYvEOYt8KioX14yECTty2MliZ20TMj7AikEelYn8pg7yqK1RDrLt2aoiP6juUToQvfCnBWlSCeIrn8U7LZc0N2YUVtkzWhGrtWxhoL8Jcji40Ec43gmOxhGT5o5cys6Wj9Q97DU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is present. There is also a HCRX_EL2 control to make GCS operations functional. Since if GCS is enabled any function call instruction will cause a fault we also require that the feature be specifically disabled, existing kernels implicitly have this requirement and especially given that the MMU must be disabled it is difficult to see a situation where leaving GCS enabled would be reasonable. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..aed6e9f47cf3 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,38 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For CPUs with Guarded Control Stacks (FEAT_GCS): + + - GCSCR_EL1 must be initialised to 0. + + - GCSCRE0_EL1 must be initialised to 0. + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If EL2 is present: + + - GCSCR_EL2 must be initialised to 0. + + - If the kernel is entered at EL1 and EL2 is present: + + - HCRX_EL2.GCSEn must be initialised to 0b1. + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Thu Aug 22 01:15:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D62AFC52D6F for ; Thu, 22 Aug 2024 01:17:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 571536B0153; Wed, 21 Aug 2024 21:17:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 522EB6B0169; Wed, 21 Aug 2024 21:17:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 39BAD6B0156; Wed, 21 Aug 2024 21:17:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1F4246B0152 for ; Wed, 21 Aug 2024 21:17:24 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id CD5CD1212E3 for ; Thu, 22 Aug 2024 01:17:23 +0000 (UTC) X-FDA: 82478118366.06.C5C158A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf24.hostedemail.com (Postfix) with ESMTP id 61B9718001B for ; Thu, 22 Aug 2024 01:17:21 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kUC07Y2K; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289352; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zzDkCkiFyEYGUHnzJqnMry1iV4J8eNKMupDwJ6V4aqU=; b=lLPcnD5O/LKfjd//6a/Lu49gTMHxEYZUl1p29MWRKHK88C/VkUL5MtH65LqPMZSo+lUsKq ySnK7TtmLbKDkWf7+6y/tw4dFQrGLfpjh2u4c7bZ80XNfbQZvXlNV4ZoUaiqh6MouvDzdh 5wDnwHebJXRIiJAQVBQ7tj6w/cXjzl0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289352; a=rsa-sha256; cv=none; b=5LFivSW/3MKkpDpvSJzyuCLGrKRbM4pFleKgMB798OCtmwXrn3znm1F8gbEonfleLSLZOx ck0tw7tuLD+8ZvEPNdRT2AG8wrXT4242vBo9/BVVACP7BFA24mnKd3yZJYSDxfcmNZBsKj sNb5yBdcXT9YYK9xHgtgyBgBbWrOFi4= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kUC07Y2K; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf24.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 08D8FCE0E2D; Thu, 22 Aug 2024 01:17:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C874DC4AF1D; Thu, 22 Aug 2024 01:17:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289437; bh=mwulGGogxj8ku3A/hMZCdLWowvWxbk7WDLoIzmIx3+8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kUC07Y2K22Ym1EUITTWjUQJsD5VfWiDwqqbjSe14iKVFX9oTVi9bmdd0EEMyEeEWv ++nWzFWeNrU8gWeSn5q1Y6ErYC4vS0IEIHZzVs0wlQN8/6+a8VX8oDAEittcMm4G/z X0DfPvMTmE4X6hyf4+d7w3sO0ezUSBuUBFl1icAtirc5UKhXZTUlVZ+reVMCr12SMf 3sAxgM/Y9RJLiYN9zlvQxaHLuZitexw/RO6Qbypog7vVzGxhh28JGpRRgMUEO4Gop7 8wmCojCwojsURXnevaXm/qBneDjjvVF+Z72tfchHEQgF0DLiy9LtRwtZQ2n7A9sRNW LvRcuPpv9mpDg== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:09 +0100 Subject: [PATCH v11 06/39] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-6-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=10552; i=broonie@kernel.org; h=from:subject:message-id; bh=mwulGGogxj8ku3A/hMZCdLWowvWxbk7WDLoIzmIx3+8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEoFxv4vH0loPHT4FZLBGbLDkJa9nfl24z/8Car NYvnRtKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRKAAKCRAk1otyXVSH0PiIB/ 0ZVtRL02jLNfgocstinEJGB75e8A4rko3MIfVQrHBdaONZeq23H9qFGjAYivLN4NjaNJMm+zS6Kw0U 7oALqscvj6FeKEnkXLgckocB+zeTPLqL7PmFhwvmqOnGfupXUvdHL60U2VfwEVFT7M4XC0Hs/+5oiD RDZc5wNd7pX9+qQvFOZqVlfJmOQsbaP4ziscLAYlU6HEZOZ9rDUDMavLpPFSyu/jSsUihObI3V6euz J4FLl1QO2ul5JdNxF1QDUk2sbmwpNXs1O8xav8d09rAAvdiWTtPfWOuSuvCJQAMtiT8bLbSbfsq4HO 1cxWfbPhKD2EhhIN2UbnOP7SB503Ja X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 61B9718001B X-Stat-Signature: ok7w48k1cfai6hfr3ybgnq9rermztixm X-Rspam-User: X-HE-Tag: 1724289440-764500 X-HE-Meta: U2FsdGVkX19ND8zf+2jNAbrjz9b71WXauYl0ozNjgjdiVJd/gEM3mA/bYQUUi1KAEdTxSvAIWXy/0lby1gcbe3xgtOd2LN0HKJUcdkC1BjUMBzHt5cniG+FKV5hcwR+hgxpGDAJ4XzmsSSSvwmctd+kVwW0dOfPxuqigyDniFSFvyWjjzAiMitUuXAsnLAoTXkkiTq1U0cSSPPhlLNfgtQMcyw3URpJ7+FpaQnsGMucqLXdu24GqZg4Epxoh64vdou8J8bhWDSsfsqnklJdV2mkEaoomhLyehHxJa/DK0lStYccPHCHDb5mlDTdV7QHW+K5w/1tR8swl9FMKxTLvjURkfXoKw0MTrz6zB/a6Oqpd4JgRy+n4R7x0hi+okSTer/+iNH7YDZ/iECetLd5xJnYCNAmw33S/W3td9iWvsxWUWbd8tE+3qVZy5nSU6Y2rEXVT8WVEZ2cLlsBDAe4XtqXHq5CgTI6P7BhQa9zmkDUR2P7X433NzS6gDDjS8dGyVXKYRbQpZVGyTkn7pI+w+7pztr+KktMXoqsuCvrxAFGqRsh+RNpBAsbOpyoXUpAbgJ/QxkVWGzcFzhZNm10i0PiK4zhzG0z2Mn6VJvXnoEE9mERSNHDD7PMuUEuyK9wI7S4mGqGcFThNvVogkHT4yy6hrjepycpi24JenoLvlhiWwY22jahOp3L08lAADPxUxmkHnZH7kVQGpwvxwhdXQvzI6HA62mSKL5mwavXaIds6TvTEh/S0QIFuUcJZ7is9SC0Xde0BBoVLpfHIafXv42YpWGCxuOJXZ6ShwUK1KrIbmGWmdY2uxl4bMjMNHOKqqghRJLZP8bZSTUim6KRkhmq5XVDAbGlFHKUPfifZ6kO0uNGDWAQiUFpKs4aa3w+ch0rNKvYp7dijELSktBJZHxR3k12fHPhHiScyKCYvHN0v1XFdfrufCMjC3kwMMTZHqfZARf66t6ZK81KZ9xL FQKeGJC5 +OFo5v32nQuh+UpIljbZYN3Bxz4yjN4pUpu84XqUYvyl3zJhSfYxhrpseYHFShZEqutzfbWPffQsEehzhOBKXKCxJfd6vHBXHk99rHvW+tyczmuIiaKZlz0YIaDdiEVdr3JbSp19sNsLI8XfyF5mpiyciipBBTfGNcJZ6G0ye0saUECRJLmFCR5scF+WK6d5p0O9FqhEXOUFxnKiJROnWAN6BytlJ7NCdz3BYgB0v0Yf47egJNdERf6ohan1oxeRnGcS9qPMaCq/QfSRZwj5HSH8RfYK5zLnXqsOCqWJ8JKhC3oawNzZmcODkQu/RZrf8g4Ia1Z5+wGzljrpDdOGEcL8vRnbCRuS6VfNtMbLu6E5Qj6MMXIOzcpf3jMfogW2HAd7W X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add some documentation of the userspace ABI for Guarded Control Stacks. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- Documentation/arch/arm64/gcs.rst | 230 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 231 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..421c953a0ffc --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,230 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active the current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of half the standard stack size or 2 gigabytes, + whichever is smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + with the token type (bits 0..11) all clear. The GCSPR_EL0 reported in the + signal frame will point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index 78544de0a8a9..056f6a739d25 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -15,6 +15,7 @@ ARM64 Architecture cpu-feature-registers cpu-hotplug elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Thu Aug 22 01:15:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772316 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64460C52D6F for ; Thu, 22 Aug 2024 01:17:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E72CC6B016B; Wed, 21 Aug 2024 21:17:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E22B36B016C; Wed, 21 Aug 2024 21:17:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CC3436B016D; Wed, 21 Aug 2024 21:17:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id AECE06B016B for ; Wed, 21 Aug 2024 21:17:34 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 387EE1212E3 for ; Thu, 22 Aug 2024 01:17:34 +0000 (UTC) X-FDA: 82478118828.22.F255A19 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf23.hostedemail.com (Postfix) with ESMTP id C4C13140007 for ; Thu, 22 Aug 2024 01:17:31 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Unzw3jsN; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289436; a=rsa-sha256; cv=none; b=3a5IkYz+HuHe0yA8yFML4eM5ksu/JDzb55gl7xP56zLUkBtGU2J/VZfh+/ypgHuUdhlaZO KuIhfVdlkEqRvd3CuIMizXo3DW5iCQeNzav8kq4H8aBELvSkvwwbpeNrbuSO0YzZ2WtEZZ VmDhGyEVmFSXeVmgWbL+QPViPppNQBA= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Unzw3jsN; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289436; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=t91UGAePWHVzNXHj3HuHAmZ3HW2R994gyYa2H/IzQqw=; b=S/f3y5ATxu1AfRWAh8/jRa6XZicLTibsTQkEZJlcsdKFlWem71p+77g8hPkfcuXUSHphOt oMXByECWHyNh2RbkqJfu/6QOdcfAAu/gtUTiiiCz5XXPvDR1g9VWovZy2Y+vyFzMCiZ7iz 8CvMm3a+C9+WfDAdP4xao9d9jEipEjc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 2DF35CE0F74; Thu, 22 Aug 2024 01:17:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CDE1BC4AF11; Thu, 22 Aug 2024 01:17:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289448; bh=4p/cwsbgBUzYKsL2fclAIfpUU9Y3uPXu2QlRekLj7SY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Unzw3jsNxdyyDEtIGbgFULuy333hOmD17NR3Hlokt62VSxENq+2yxdZcbSM0fnaVK 9D49lCPGa60j2YjpT8mZVjITIhthQPvvWA4uxeGd0ZfKivgnTcqgIHUizAV5vaz9fY S23Xq1r4g6nE9i85Sa53p3eO8CrJUZUmOIYRbmOvGz/FBlat9dEV8Aj268VpkG4bc2 IsbGQ0B/0ScJtw7j4AFaJYbMPoZx553y+cjg1nI5UmUQIyjUl+2kuhtmSRJ5uYhvii cNbCtaEcTs7TGjlAl4oyd4aOpSZ7I/6ySmHepzqGG0NVEyuss6FivB8NbQ0GXx67mz Cz4Eh6c3AKXFA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:10 +0100 Subject: [PATCH v11 07/39] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-7-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1474; i=broonie@kernel.org; h=from:subject:message-id; bh=4p/cwsbgBUzYKsL2fclAIfpUU9Y3uPXu2QlRekLj7SY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEp3emzJFbijnCU17Q0K9SIOz60aIHS82sSFhQJ YD5SleyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRKQAKCRAk1otyXVSH0BnGB/ 9yAjOiAcje9naSPYMdZSES4nE6scTZSW+Adx1kpr9GXDoxaUVDWJr5DM/MLlhrRIxspzoUi27T9kZa VwHLkMBdQ60+0C28WkSrAZiu0hPIurM42vvhSFQmXMALp8l6QlFf3i1TYHPgRbmp8XXI2zyIGZ/6Hq 9Dflnmsq8ebMHLxHmhTAm/IGOTdWrCW2GRpbuT32XqSNUmzmYfvkyTP5AZN6CQB4x3j2bpMryCwoxp GaMuj7yW8RNmMCOxFYbAr7jwBBR1EVjf8c4mkUNMW5APa/8uluyBzGdvqOmL2F/WxvmF7q///zZP+6 e9qpNTuA76OMXiaJ2DqWoMg/6A1iHk X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: C4C13140007 X-Rspamd-Server: rspam01 X-Stat-Signature: aupnjpu8udnh7cngdfmkwx5hbay3y6i4 X-HE-Tag: 1724289451-445771 X-HE-Meta: U2FsdGVkX1/B7NOaS6uq2fMj3kEjKys3kEMIWgmi+35cGO/N2j2ky7RLmWorLAR5tJgCFeRdwnHUUsX4AaKEogoFaYRf6HKJZgjyPzEU1L1z4vppouvhyfcPwaw+mX7+VPxPTUF7qQbGoU8xeNJ3z/sbvaEyXyNBWI5NKDbR2RP1GwU7ijCjMF79idydC8OdbVcGSsEaeHLA0LFOAGK3rACYNUigmZIUOGphJnWF1rLYCyqWMVvmGVsYfv05fagVEnX9T/HlQPrFc4aAV5pYjGzZNnc8MP9EUQChLPmQQjjwKgMpHhHRMsslgnm12qZqP8nG8NfbSeQ3O8eQWDl+AwouvPvXozFiNIpD8bRpDhczqi+cyjfXZoaRkAF3yU7f+NWFPBdOzX+dV+TU042OeALJKeAIf6iFLvYdr5uK75Qlb+SdzKOz95ZWitKiTmZNMcb3S9bNpCSAc5BVuNa1OG4NQzTJKnSbTb7sQrFk6/TJfKzY99ZY4vXIb2EXT13mWDFZcKVml5CX7jr37S+8SAWpqpNMYY+fpBlumSwnelB6eBghb2b/mCwuyZKtE62WMlNOPnA5YOyUcwnj12fD6sf6ah8+V0fC4F/RDTM+tUmmSECdtZbFOkvuVbg0EUCG888mRDcTCqb6wvfYjl1B4lxdsHskCooA37k9qNw46Pmi+R40yLPde+LEn734p5XuII4t6MP1/Tc0UTdLlBods+GSCzmyjALKDlGo5HVBxmhgOxu+Z0LyUEhZPzWRdeE5mCA8FQc6H5GKIuKZCulUMJgqG9EOLwZGzKW5sNkQANhtfzKAu48MsoQf9Kll9hJEcenddFEZCQvpu4Y6cRWeV/97tPPv6Fj9ZRzn5IYyJfxUqcEGMSISzovo2GQTP0DwNHPvSCMRGHPFVF73yVWDJNkayzol0TtOTfhoYZQ2wIAr9pYkEiOdAWZ9NvsUeMND80L2OeBFpmLdn9SHKVX ST5SIewY LYRlUegUj4l7ifmFl/E+I+rv69oLOieodlYoM+RX/wpCIRl7rnnjuyL+aqi8Ahg8XKcKd6KcSwBDkHmH+82HObaZwmsoOYlg11NArbI7m7Qcm7BoQC3tP01zIjuLrAEeJydIla7MM3kuHOwGH4g+4JUDXsQQiZKw9iLTnEiBd5EOmcNK/fPN41VmBVJWJ5/EDHeWyn7el2l0IkhPhwC7bCvyf9BmFtx1E2pJYno9Vxvr1susdje2g58u6+lxz9G7rvvieLv5B0MC9EcusyGCAQ+HNuY8s4N8svnNx7zoBWUeCG4NY5IlBrN2i2q+EJBUMfHv1TGrcdeaKP/80I65QYvK7LMdpOuIgff/Ypin6Ug9nOlAF4K525YtrosTUi3NwIP7AVwpBL9zp4zoOnXu8SNDNZeH3+CkLsplKXyK8TKLhbIW1D4yZTUQjuZlcWCF59Leb X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 4a9ea103817e..b8d8718a7b8b 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -1077,6 +1077,26 @@ #define POE_RXW UL(0x7) #define POE_MASK UL(0xf) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Thu Aug 22 01:15:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772317 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 377EAC52D7C for ; Thu, 22 Aug 2024 01:17:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E3216B0171; Wed, 21 Aug 2024 21:17:43 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 792906B0173; Wed, 21 Aug 2024 21:17:43 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 681936B0176; Wed, 21 Aug 2024 21:17:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4AA576B0171 for ; Wed, 21 Aug 2024 21:17:43 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id BB9901C5112 for ; Thu, 22 Aug 2024 01:17:42 +0000 (UTC) X-FDA: 82478119164.23.14C4EA8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id E59F340002 for ; Thu, 22 Aug 2024 01:17:40 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kIivKQSG; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289444; a=rsa-sha256; cv=none; b=2Vy7L/HyaPzDYy0S67dijlhVauPHSWOPlh3+1EbFahCh1KjplICfMgzNN5NAR3kc1b/RHp iTEcjY76tYdHX9yo8OIRjFVvXCj8ku9Rb/UZRpUGuNlHGzd7I13MPmNz3w5BbhbDQdh71m idCPD8WQWvYpLwvuya6/ajPMyyvj//A= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kIivKQSG; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289444; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GDiBiDdYNq8ED9SV76L2yOU8C3ZBAdCKt4OCwHcTlBU=; b=EDCx340GDvHLhtGpa2CiB+KkxNVoCrIG6MhPbxLGJWq4uxI6QZyqQUcCBJQGwknVaD3hvo MLSqQ926NI4z3nyA27d3KnNS61dEvW2QaYtqfxxUtj00s4CRL+mSWxJMzvydk8fQbRuQld kBoagUszQJ05zZRu5GHJqC0aPqdVECg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id EE4FB611DA; Thu, 22 Aug 2024 01:17:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF941C32781; Thu, 22 Aug 2024 01:17:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289459; bh=aZLVmFYMLYBJTw70Mh617DMlgsxzLSY47vsY1KvY2Vc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kIivKQSGpQSMGesZeZgd6EBVYcpjhPxumfuuyC1p9tLsRr2Q9SiO2JjKpk9IJ970F QW0oBx5qMnjcCkmFzqUArHSdu3KzS60Ula1K+FyAl0NgkX8lA3mUiV8axyDBrpZWE2 d3nawa5CPUPKeaW7ikc2aMfPBzHGmaPf401yacZaPImXJk3TbQWMl1KRAFqnqSSn7D s2CFE2ZUelvKaDU2iCd9auzcr0BaTS/BOYm+amy8hdPRYcpCsYD54VrRck9dGIF/S1 QDgwgOZWfvHkyrMGtGWUm7fKXcGkJAG/gJfe4hKiexxnNv4bwIbu5tWBOsmII+0LSe cnUA7ywedOPjA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:11 +0100 Subject: [PATCH v11 08/39] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-8-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2696; i=broonie@kernel.org; h=from:subject:message-id; bh=aZLVmFYMLYBJTw70Mh617DMlgsxzLSY47vsY1KvY2Vc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEqSVw2r4ilkuviLbtznHIABDg2HEMzffXxUJ6D MEjU4wyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRKgAKCRAk1otyXVSH0N4dB/ 99OzTeqSA3NOo7OYbw+6Rwxyr3PDmuu7cyAle67OiuNLbYu8Fk1BmI7TDD85cYCDnsul2JxBzQwAsl Mhy24rgr/81vx+t+fzDb+cot4ubucREQchZjPCfZ1u1WGag3j/PWeixz8DHeIQNeY3sjir7SMRsPwp oOZ6zbDXQ+kshYql+eX5ex+7xP1xYXNKD3+1/Bcq/EWmHuOMTW5HDB55AgXbRwf4pB8I46gYeRwpU4 RnQRpTyPVmhmAGPkBF7dvARC0fVU5ylBQ2tQt3PM4aW6EWRt3fz/0WCzT0fCZBHisHFkcW7ddnwkn6 rUXDI47uLqnmhOmCMI6p+MzJusFugy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: E59F340002 X-Rspamd-Server: rspam01 X-Stat-Signature: gszfm49ma87jwgba48ynj78kwhnntho9 X-HE-Tag: 1724289460-637401 X-HE-Meta: U2FsdGVkX1+fQ1S2qYjPjnVzn521vMJhBOTi1GNIXUKyIJsOqGqo0s9VraW/Uv7dkfK4RvYj/XMSBR0afcIkmqheDkMvmlo3zt/e9sz4ednXwrrP+zowuMa0NgcrQkS+V18ABsZGHQRV09w9IxdJi8deUo9fN+QwG+nvvzhAMlXAqkSJcd3r7DNFltNVBVszb9uviqFCdDvht6qvW5OS5Cr1qVbDeBhzZHw/n3mKnNK/Br1xfQip67VdJCyjmzFZcdXcrkbGcUNL6nJLLvuBFl4cn9byD/JDJOlnzME99emR3CW+YMBYhSyvWnfAVyOR2FxOofdcxMoVFGMuZN379TivDA2/1U8aQDx+EEuN04Nsvk84DLj3p3/2/6VJJKwU0c6AeUjd9Pmd5FfK/+phtNoWK7/SW3LvcfTp/TTswN9F8JAsfDVKKO8SsFzcn9HOfblr1dwfzfC64QOilexLFtX1wsCYJJfiIdkooyvOAsgRv4cTcLcRd2sb4MnwlPe2sw2VhmYDmKQDWM0yPwLiv3XCeUn+iNxS/o9OA6PvpmLMTgMr8kJmhoptcoaE106XeoJSrh2rUQPy/jtm0zg4U2AE3TkJWk5Umi9CFAqUH6anbdRq+GyvhLvIR1NCC6FIFfOvCbHAf+MskJzaD4FrymhjXQO6qZMiO68mY62vDMJMyW8uYJdMmW+bmBTTSwPJ8HzMC0zqXnbZkHoOCJYzV8SjR9id1fL4V91WGiw/y4qfq+iprKGBdSdpy59cocMejs10eaf0SBiz0UgU+DURmAiEsEztTeZ8pDcT7/YLTOcrm3OAn3RxBR8IoJCtCOUbKOg2n0TPkWadm7eb9NVk9vmcjusqVKDqrVhx0FB+oIbViRIY6ICJHdR9g8BFlw1Ot7T0eoXGWn7gmT/nK9/jmfSUUkXZW7ahfIlseHG7R8cqbh9E+hfitlgKxwKPvjINtnv0B4yS+gIweDBqJ1u fnTv/DAA G0Qc5KWrb4w6sSzasSkq1yxWB7wlJJ1K35IJu3wid4p5jTXRSK6l1v241oDueI7uFMNi0b0McVYbC/t8YlyzPLGgfb7//QcwCw8GwB37nwy0aIV/ejVb0q41n7QpEBqx27MAC/rx3qmIXF7UNdBwmlqXUsZdVshCFZXWZ5GeTeItlQQoUW0Hqx4PU4nuJlPizIdqQFqO7twv9J6TsMycKJqnATjRFtNlh6ksVESsVRqku20XzXnai8kTJcOlZIVJzEB+d+ZamFZL1DMmhGGCoPGhXl9OmjiZ1sHyyz8MBIl7BHhiqLdZ3GfK0z8XC0UKdlqwqgoReocgviQilf6XXj+XSk/j6JFLrp0p78AzN7zvXg4FHIHNr2ollwvtKUUG+vQfD1IOpjKnvPf284hhTSFevR/2K35mS8PV+Y6RTsZQzjzKn+5UThNAtYywxT0gzNrF6 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 28f665e0975a..6aba10e38d1c 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -502,4 +502,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Thu Aug 22 01:15:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772318 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6918AC52D6F for ; Thu, 22 Aug 2024 01:17:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F10D06B017B; Wed, 21 Aug 2024 21:17:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EBEA06B017C; Wed, 21 Aug 2024 21:17:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D86FB6B017D; Wed, 21 Aug 2024 21:17:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id B4CEF6B017B for ; Wed, 21 Aug 2024 21:17:54 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 5B429A9999 for ; Thu, 22 Aug 2024 01:17:54 +0000 (UTC) X-FDA: 82478119668.20.4F0EE52 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id 9350920015 for ; Thu, 22 Aug 2024 01:17:52 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=E97AXxJy; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289413; a=rsa-sha256; cv=none; b=gSiyvMjsF3DV4LgKWdrOBpZcHrmXpU4AS7ibINMjAuDj0Wr9q7/LgyV6W//DrXR4BhPXRA 0MXWjJMUmwJLsD7uLSPvdpUrXyeYZPv5RQ0ZRqC5LfYIYLfJTYMjQ4AMZVhE4OIN6xqluA l2lsMTBIRfT5EaItmLJ0Ffz40c8OKEM= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=E97AXxJy; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289413; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mVmkXPANuj1zmFdxUYAQ0m1q3qhbhMjfYc3dEWQndJg=; b=5d8FXhM9StS0E+1n729TXXLvSdrsyHjsOxhCvaJZadBzNxoaUiEA3pYtD83Fp9pTy2t5QZ 2Gr82jX1m6aTOQ7Sr3KyvA9zHOkNZpNJpukDpIwKLm+rG8Pq7qdhIJ41xxAe9jJD8iJ9hi CQxV7W1DHRkW+n4gp850TkGVeG68yuI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BE842611D6; Thu, 22 Aug 2024 01:17:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 48AD9C32781; Thu, 22 Aug 2024 01:17:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289471; bh=0WRESyvBFvhlHiGA4Y8lOQoOddezzHHj49JAXCWn5As=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=E97AXxJyaLvA4eWkGc/srnZc1i0qVSJTBX+sUDHdNmRoGg03x0HFQ0Ma+lm8HaScc Duhxzy20BDn4wqnOjRbwWBgCYTz4T/8RKkYrgjUzHGXtwd7KzLvitF7UHI5r/KgwBc D3Xj7aLSG9QI8DbtgXVwjDCG4RVVA/dfn33LCkbnC6u2lMNcNiDhFsHFEZJh38yt20 wZfoyvPjNo/c22X5tqMwJ9SzQ2ScyDn1mnrstbZFjIM838vHpOIcUtHrDSdOhjD+1W pd1vcED/CnO9KgVwk4ZIjzZyBONBoqPTyeOdWydoAfX4uOic+6BiQsIkg8VIPNOGTv Js2v5T0IkyuBA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:12 +0100 Subject: [PATCH v11 09/39] arm64/gcs: Provide put_user_gcs() MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-9-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1159; i=broonie@kernel.org; h=from:subject:message-id; bh=0WRESyvBFvhlHiGA4Y8lOQoOddezzHHj49JAXCWn5As=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEqxiyXnYx2N/sii4yn4wPWEiex3gccD8helpbj Tm7s6tOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRKgAKCRAk1otyXVSH0C9WB/ wN8Eqbg+t1T6Ozlrs7p4tljp5Q6/NNlBRl+CXbZ4BJz0pmv0aBbMKEf69fLa7ToBqPn4l2Ce1sdaiT KJyqgPAxHOH+75KzzM286S7M2f2pY2ZF+/PKd+ydSP3j/w4XjWv90XxSZzLEMsCbrndYbD2524082z x4+8Oq9sWcKTTu3gUmWcST86jfaJdgluokx7H84dj00F0VDxn3PFfHnO3eho5joU49GfxI7IfHh0pV 8nKEJXul/ofTART5hQHANESLXtY9P/ArrqfmrF7QyFzUpEFmlGciorgGHLwxf4Q3gqtOmzRaJ5GPMi fHNdmoz6JFKxZkDwoEy87pw3AtZnr+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 9350920015 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: 5tj6f5xfrdsjidzfwzhk3kangi4aihxr X-HE-Tag: 1724289472-262755 X-HE-Meta: U2FsdGVkX19G8jW2EU8eIdc5O3mM8+HejH9mqjsVWUJCP7bUzRz7uBwug5fF3dMFbD0sAHiHKOrFQBTWFvHLZwGLqxVb314bVXdvW9YJx5ySZeJSlrtiN/OZDQApThd3sWhTSvZSx6imV9JoHbUeXRk3F0S69sbGOa35JbY7TW2us799xPuTHgtzToHPGbCtjmy2UDKsE+HcF6ZhiHJO7vmXkrFU1pFG0hGxUWwnwG1IOiTxRqasCXEJrgAfsj55p9AZDNYtMJqLpH1grIWyU4836lo9ygdsphwfkMsaGDTb1TF4bYAe43erF22SuR54ieCofnEuty2FtFeOye54n/xgR5Jf4XbM9aGuD7WvELf09DB/DijF5AdKwdhAXRtKr3TRG0chUwYAaraTeRMJcyMGeQNd1CNQG8eg3qsVUgF7jcYpaHxnhfcMagUbdo5KkVVZU6zhE5I411QObdGJh5uJlxNcBqN55hKCk10WuCN/PNPsuZWKI0si0eZsS2ECNmeM45EbEiZvk8CDPwkTxzYQrhvrVXmlW+VTwh7WHtywT/PEk9E2xQbc5GdMeevsYevqIBxXClZOLnINmK0ZdtUkjysT5wUD+gMEd9Xcjvj+yKRzuu09XkipD3gqjuf8LjFxRA3GV5Ia17I7rySM16AxBgOR8eydmwxO+Uo3Lutel/4cusE5JOngW8IGllFR+NGS2TVNEIsnoDy9+fbJO+iAwbtDqITxXlLvKu67WL1b+lRUrogpdCI+1p2YSwbMJ/5HsMtSDoSVaaGlWYfyQdj/vGXBpEcJaS2VDj+WYSaZCwDtmspLELqEzX7o6jO78Wb1QOyYYXfxbP4rvNDYtkQy6EGBwlmLUmrT+dDJVZnncxUUt6pREPqaYPKnHkBRY+h5krguhSlG+kQs6RxCQ8GwlSxdg2YoM6IfCMJSQWehUGCq6BHgX4XoOpfazLFuD4DL+pvcyykWpfs2O3S LBwIqhFE TeR9uboDhJb7RoiG4A4bY38pMQXLRj+w92ScojuHx6z82mOMbh8a6tejAs46dgbM/kPjuLabkmROHbe5Cr5T+e6WjmCnmGWagM4cSe5f6Rb/cziTdhCtf2UlhQR6F8jAHGDpX9Tzrm8qs+r966RQdNf007mXG43sk2Xr6o0j240SEPvXTKPv3cFiAFH7Ujh1gWyQEr5evIFnX4svCyWyy74El19FsIOocXHPZHpiwSAlf+jwmWlPipb0wS4jWAWsJw9BRy7QyGFT+bz1+db3UT+yvAtN5hKnE8a/EvEABpDoAMGTM7+QLmeuhEOLn4gXr5XQy9rZtXIRw2ZEYT+VC5MnSPVE+YD69dQnMFLE7a7UNPy8sf1uhOQ9H6Pell5P2gMaOCZgewV0kw/5VrWxVYNOe4i3sxnIYKhZ3qEiuwMr8NdV+QJe+BpFqDdKtPWcmwFaOf1giINYYJahG3ki4HuVXUcl/eh45B28dnCkJ2IPwYmxWvhN6X6E9Tg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a put_user_gcs() which does this. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 6aba10e38d1c..ecdd47cf1d01 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -522,6 +522,24 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr, + int *err) +{ + int ret; + + if (!access_ok((char __user *)addr, sizeof(u64))) { + *err = -EFAULT; + return; + } + + uaccess_ttbr0_enable(); + ret = gcssttr(addr, val); + if (ret != 0) + *err = ret; + uaccess_ttbr0_disable(); +} + + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Thu Aug 22 01:15:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772319 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3007C52D6F for ; Thu, 22 Aug 2024 01:18:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 60E326B0201; Wed, 21 Aug 2024 21:18:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5BEE66B0202; Wed, 21 Aug 2024 21:18:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 45F446B0204; Wed, 21 Aug 2024 21:18:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 28DF06B0201 for ; Wed, 21 Aug 2024 21:18:07 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A4D2C1601C7 for ; Thu, 22 Aug 2024 01:18:06 +0000 (UTC) X-FDA: 82478120172.04.970C6A2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id CEA0D1C0012 for ; Thu, 22 Aug 2024 01:18:04 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rL6L4UeP; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289425; a=rsa-sha256; cv=none; b=OoLfOH3jMnX3sBQr5Oj9RpULuu0cdt1/of/L95yzU7qJIaxXaqE/DmyMzuWMa5XcWyrov3 RXYY6qgDK3fURZ2ZtGdej65sRmIRux+bYiqn4fKjVI4/MlosVW2OPGspUg3DlK5cFBswF1 02W/TkohxQFJEv2rsv/g0zX7XAvvOSM= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rL6L4UeP; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289425; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=I0MAQz9CQYnsW+vxTFjK8uS/SVlHXdUF28PspKF8Xqs=; b=IEiQ3U52VEORFggRbNJtZAUrMYZHmTGq2SiOzE1rU+GVJw7SiO/vBsUOWQQlJHmdFjQrRp UyNEe4t6WhPjKt8gB9NAltBR9gYoHXVFxM9sq/SbX66c3ieNnNJN04mw32pJZdvknzvurP +z6x8vQe0UPoyEdw8hguP8/N3vDlxEA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 0AD4E611CD; Thu, 22 Aug 2024 01:18:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18BC0C4AF49; Thu, 22 Aug 2024 01:17:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289483; bh=3PCkZcUSj968cQtTDjlzona7eSoMlRvIMvYTHUlF5zg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rL6L4UePYIBcPMAMegpXM3RvHxb2UJ0cC/+C8fpXlliJfzZQf/OJfebJgVNd2sbHN ia9NMcdfyb019v9u3XO349wiVGcmLu3cBda9ak5bgbl4HoaunhzW4Y/1i/veMC5Fqm Ontch1UKVDToIiEWiaf4nd5jCXlEvEF7yWbC6YgWko9n7mXIoIb/vqWUgq/Z7kWDZB GjdqRfmJ1qXL+8VXajm9bFVeX0PqyGMeq5y5WlRrCDssBsNsq47adh5LzFZKjdWo4l LomOhSvvoMAaJq1PSi5UiMHAuNFRfHDidBYedvObewFLGS43WFlxOHS2uVci20uhQx OQXDj4ckwymLQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:13 +0100 Subject: [PATCH v11 10/39] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-10-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2350; i=broonie@kernel.org; h=from:subject:message-id; bh=3PCkZcUSj968cQtTDjlzona7eSoMlRvIMvYTHUlF5zg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpErUArASSVoXSqG8ijxz/nsmfDylSJ+4ae2T1K1 K4ZJwp6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRKwAKCRAk1otyXVSH0DYDB/ 4iz3InFtNmnnhuBjqryzodiJBbmRksPiASjzcSakrQObaTee7+KpN6Jhe4FZiD+g2nLj2VzVRW2VT3 JxmjDexLp1d/fqGKyZ7mg8isuw/HaVt7JXSMTtFmDw5x8Il+EZ3cYPwYFv7dyJXyKYSmOwW7EzSmIo CYxc7QplBTd3GMcSyDAZgPHnzRjWXv8X4CN5FFfsUDyEai5heqd6TfYxiBaC1S7LL48LRW/PtOCrN9 NeF/IblrFoj2msY3FUj4taGpbS2kH9XpV42oXfTt4KdNlop5PUiJWMkxLK9v9in88jz0Lazw+zKhDK tQQPXRyCTwlniXzYqqTlLkHx6HI6ye X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: CEA0D1C0012 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: kge8ph9pcsgtjyra9z181hds719xuqmg X-HE-Tag: 1724289484-340855 X-HE-Meta: U2FsdGVkX18kCqFCnVgOaVAfhIlFNEdqZ5MvEI4sJWn+AecA7nw9H7ob0ZyMHJC1jxVi5qSR3k1OafCs511C97pq2xgOyBdLzejO27He+LHGvzGd5UPEMyDEuyLHzIl2PLVhqN5MOwFif54l3bqD87Y9gZ7UIud9slxO/LOPOT44Wf8NIHrO/4+4lzewuZzL7fcjnXdrBITWp/Tn/3XrBrv3T178BwsuVSd2zlXIa6ntWKuy9ycOJ+M9dbXMeyd508uHP0ldneObRpca9on+QVZ5M9RUoRU7Y2lSfKNvItc5RR4XdhGClinQfElLpBSjgxc2TYJK6hPnps/GuCpOk1B/XTskkU2xF+UbnE+vn+BviL7iKuf+uuuJ23F6YA8g1DqoWVmpK7mq22E/aqOnArPlt/lp1AuZ3WYQrTydEGrXj2bQ84NdGzqwIBCMdGhwwXzDPL7NxtRR7Nusu+1tHK0SdPb1YsoiMNp6zbaJ12+6iPmdgORPwVdgYHxIBGZDrLXe7rTJgvWKEdqYjbYHM4GxBLxsR/6mHLIgx6i1hZqd9MUKamJBcDU50FE/rHJ0PVORkHhJckgjSO0UF8717A49aMN76/N+y9ET7sCJ0yr2KuZ7ck+LPZDQzA0eY/ECygqou4c8pJcYDaDpEckX7ZaaqnxpoUkuuRotg5t1LtAvAQTgzcZW/mI3cKVEJv/mEK/b7GNs66MwfCCAgtI836fPWAxxo4Ukstg2yv9AogZRoOZB55tmBCb1UGFjwg4mz6w0+olRvygtr45D7kjTEQFSTNFykVeDGWp/WLRyyuC4KT2gpLK+TKwNOrlHX0oOYeVVARZXhB8RYX+Vr5K2I9SF354Cgik0lrQ41eDBUIcUZpzu73AjHiMMiT+0AaKrLIKkXR5EZ99ZQ+LU50JhyoE5/k9+YvYzCtm6/KSgvXKdpty7fmUwNxtYGSOp+H/1wJrVB3L6IPkXwuioSNS 8y2usj1/ idiZCQitzLUqoz6hHNSCkE/OqtrYWQFm5FrBUBgtAeiKZ7yRfLhR98bqe44oHTt/KN+1VRu5z37BxriP/DKQmigvdhQXuaDlyfILl1DPVqKVhTphvry5AB/fZDgwzg2ROQ9Xo3SDsTQNyBaRfIDhtUt2W99EsgdQKACEkC1MkVrAFAC9kk2VhHq/8GcmLkz4HF7vaeLbeGZa+0UhKHIXPC0qOak8ov0NEN+kmyuRzcwjYRXhj9xO08eiAZWHQgheQlWY75R0nFnkf4hQ8fsW0qKPEkPs2bu9IxAhJe+rtC7UNJI13jTK3Lx0s+7SCYUDCUTzz6h3ALtXyyJt+c6oFViXlqYQSto+YRiYqQs3Igy59lt3oxRUPxFzboCQFaTx4CffQvhmN7f6l0NXkhMd5TzJhMjuIwF2b8CrTEJ5BA4TvOFHKyO8rnu0nYX7VB6glDA6B X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. We also initialise GCSCR_EL1 and GCSCRE0_EL1 to ensure that we can execute function call instructions without faulting regardless of the state when the kernel is started. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index fd87c4b8f984..09211aebcf03 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -191,6 +199,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 @@ -204,6 +221,17 @@ .Lskip_fgt_\@: .endm +.macro __init_el2_gcs + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lskip_gcs_\@ + + /* Ensure GCS is not enabled when we start trying to do BLs */ + msr_s SYS_GCSCR_EL1, xzr + msr_s SYS_GCSCRE0_EL1, xzr +.Lskip_gcs_\@: +.endm + .macro __init_el2_nvhe_prepare_eret mov x0, #INIT_PSTATE_EL1 msr spsr_el2, x0 @@ -229,6 +257,7 @@ __init_el2_nvhe_idregs __init_el2_cptr __init_el2_fgt + __init_el2_gcs .endm #ifndef __KVM_NVHE_HYPERVISOR__ From patchwork Thu Aug 22 01:15:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776854 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D26FC5321E for ; Sun, 25 Aug 2024 18:06:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 610518D0016; Sun, 25 Aug 2024 14:06:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 322858D001C; Sun, 25 Aug 2024 14:06:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 056CB8D001D; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id CCEEF8D0016 for ; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 30020A085F for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) X-FDA: 82491548580.18.AA0AB0E Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf28.hostedemail.com (Postfix) with ESMTP id 61189C0022 for ; Sun, 25 Aug 2024 18:06:48 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CjJdvIq4; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609123; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KcO1ZZIkk7irGxZ5aRTRizUv7fYLoyn9wOnJrxrxK7E=; b=Y1+X2Qv8Jok0fIMAZCOaFMjfd2t4RHNst+lST/08EDrh9OkPO3bIc+tfXYQhW+Y3BscYtw 3zbCazW7BpMlarrCnpGITFRHYm3bwWl8S/Kh52vggV08sz9CNSNttZJZXqScjoz7dWPNoK Lk9xKlMLMho9Zg9UEkNarMJ5oyjaOPY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609123; a=rsa-sha256; cv=none; b=xZvqy6ibV6Ozy1S8JqQ2i/RTSD1N4Xlu3UBuPCL52KtVZ1vV2CSJPhBiHgD3wIVfluzP0y G9t/MET4qBg3swBj/IhHgCPehSB73LxF49vHJ5uz+KxZN8C0xakniCVeLYGkbr6rS9x62t e/cfGl3ZF2AfFP4OBnuDB8NHTpSxsvo= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=CjJdvIq4; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id EE7DFA420FE; Thu, 22 Aug 2024 01:18:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 61B98C4AF18; Thu, 22 Aug 2024 01:18:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289501; bh=sqQ+QKkmK52Q/49cSzsvA/P7PZLEWrgUxaLRjQV/ejo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CjJdvIq43wLukfmjToKRyHHeVQIojg0WuXILAiXT0/HpQVb+xgWlpUqmMICHCRvt1 poJ59L1QGGcL6MxMWyqKzSmlLrYwEkfmuY3llMWVch9iNGSdYe39j+QPzyESNevFD9 ewMH9HAFaQ4xQHeF7XSVDq//Ae27f60g7oETV5/TNmxiVNYu6ahUQh0nI9vAA/7PSo Nj2wk7CrHbn+/UFUd4i6EMY+0cEkpAGId3U0FgC5EEJq14N+a5naLb7QyqzIaoK4ko HgU381MB7Pi0YycD95LUxpcgbPVnWy5iVmrFOpAd21RvOr/LF/keOzZyJPLLgIHUg+ 3UrPtTfJp16Dw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:14 +0100 Subject: [PATCH v11 11/39] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-11-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2509; i=broonie@kernel.org; h=from:subject:message-id; bh=sqQ+QKkmK52Q/49cSzsvA/P7PZLEWrgUxaLRjQV/ejo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEssm61j0572jagQn51jVrKg0sQmM+kpfxtQyMu q2YtYBmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRLAAKCRAk1otyXVSH0HenB/ 9SaBGUP0WgFMNDS/6ZR0f8D4eoA6DGU5iVT+BfZQrizL/iBEle0/DIkVgRcO1R30x2kxo4FfClzkc8 aI5PSj4d5AABqhPGa7Le2lPuu5hKBDz2Ta5aBGB1c994qpPa3F0q0HQ4cKEgHLTW8eBqYjyKMIgN/1 gavDgSQOL0Qox4HtTk5FLiatlutI7Slz7KtRR/awNPukoFlsXqXV5BbLivqOsVJX0HlC9t6YC9O1Rb vdN6j0pK3/SsY+CGIoWUWn3h6ykmoKhpwH+Q+59peF12FvFCbD9ZCNADQ9MZLNDNX8dNex7edvJAT8 LBKKQujdtKbLssSgzxABrstFIs4d2s X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 61189C0022 X-Stat-Signature: wqmg78ekbaj78ndfzjwcmommm5pk3e4d X-HE-Tag: 1724609208-859965 X-HE-Meta: U2FsdGVkX1/wQBPE+woq2qYs+EvLAbjwhbsUW3vk/Djg1AtrTX8KFCnPGeKKs4PRxvNJS4ScTKYOT2EJTUfTYTs1adC9OoryGkXWoeE+t1oAZN0+0OfCW7l+wQoCTttdAxEtXPGSKRJXCm2ilH96ZLU1Ux+uNM3eaivDb7UaLCsx/JDpA6pkQN8YEXvDQ1vCZW0b5y1nmEicAY6dyMYLk5Py0EVSz3GOSAMz0sW2tIVLINYl+dEi/tK6fNL6PsrR1/8ZLwFpuY6BGaxsW0HYNyr8dBcSA7FF0Zx1l+QhzqMFpEz3+QCkpQdBogWQ64XakbbxfDZfvyHEhkB+Gbgm4I5nPGU1up9HPD95hL15KTIi70oHIdDMeFRbqy1mKkr7MaxIAksta03ysgAEPhCRCeKuFkjcJ6C88ki5Xn45Ua/7IPMICDh8AASoaSXrmOJcn+BKX5Jn/Fmcf0GGsljs28GoXtyNTPexqpa4q5Y/+Wop22MHzxIV/36ZyUVEZDo7xDw0MCcIvVJsiBcZUZ/JxQbeh5knf8fI6JgYKG6ArOw0FEp+07OMzK4ZRliq1KeIswguW+ZV0Uv+mIYJIAQo99qT2SrK69zLwvOcxgvjdJyZrmoIQ3VWNQCXEjJAS8HBXlkFWsCuvWhtlIYooGrWDvfiYT6vOb2aQ51lPlU9japCczW9QrMIxE0OK2SpdaA4omp6TnKb73GnXaQzdJAnOzyHNKcCsr3SKs66u20p0uwrfBoYCij9yUMbpHe0ZVnII5b+KJb0vr9DCKUfBc4v9CXgXTMoUU3VfiDWVbSqa+84dlKm3XQmQa/hUJNghIhLxU1uKoWRUO3OR02L18havy5/muMv7J8IzlB7MhiChTvRRaPEIPnM5k42lPRLjHc2+Nx4ed/o+oEVVV2+5dh69H01bKi4DZcoCw0zkyCE9GDcTvPFFffx06ybrW4PJxPcynYcVbCtysgBo+ufbrg CIyn9jqJ 8ZHuo60DMINJm9shM4aJI8f2LuYf0WU4+3ASMithIiC6t7ifbQ0QmOlCnOgP4qiZH1Et6DAb3IAvXg84NTcSKu+AA7rVqaLSyLWYnA8lzyy6RVSIJsBw73SHWbKbYqHvQ7rhzP6zBhiXDUy6+kzhBJ/glSU17cORgRhEMUxBZG3611eJkbNk2I94K7AjlnJBl1dvFueFGr6mNhXgtr/UMn/kuVbgBVmx2yFtHY0E0rX5Bs/Mvo8LHFFkwxRMpPg/07A4QXcEPv5E23m2xbAirDZehVEPFTf/xJF/fouHd5vOskBrRQF5UPJSq+VllCNZiInF4PQAKMTqdJnZoKez/GxJLuqR/pUxy/v+feaVtQkKNx4WPG0LhjBI1tThZ5EmP2SrrcpWVvakRpfxUHceVe8qa130d2JbrxWupUinu87EC/dfxFNEKUpLyu7VuxjT5eujkSZSmFPZj8MGN2Gi9wdNBTYSQIr4mF+dmd9+PQKkSUbo= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 9 +++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 16 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 558434267271..e0f0e4c24544 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -832,6 +832,12 @@ static inline bool system_supports_lpa2(void) return cpus_have_final_cap(ARM64_HAS_LPA2); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + alternative_has_cap_unlikely(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 646ecd3069fd..315bd7be1106 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -291,6 +291,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2870,6 +2872,13 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = has_nv1, ARM64_CPUID_FIELDS_NEG(ID_AA64MMFR4_EL1, E2H0, NI_NV1) }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index ac3429d892b9..66eff95c0824 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -29,6 +29,7 @@ HAS_EVT HAS_FPMR HAS_FGT HAS_FPSIMD +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Thu Aug 22 01:15:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772320 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91B03C52D7C for ; Thu, 22 Aug 2024 01:18:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 218306B010F; Wed, 21 Aug 2024 21:18:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1C7C96B0112; Wed, 21 Aug 2024 21:18:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 067C16B0113; Wed, 21 Aug 2024 21:18:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id DC9D36B010F for ; Wed, 21 Aug 2024 21:18:35 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 9CEC681225 for ; Thu, 22 Aug 2024 01:18:35 +0000 (UTC) X-FDA: 82478121390.03.7FFF0F7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id C8AD940002 for ; Thu, 22 Aug 2024 01:18:33 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kz8Qn1dV; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289434; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5Z1tucCNQa+F9YdCKLWtuu4iQk+trJrcNMVomy7KTBs=; b=5/FcLLo+GgAeAU5qJENXNtBsIUMsSHsOLAobhA7q8pZTJbFply52t07B7gLOZQT4mReS9a B5hOgkjwUFyUswBRZMPEKNgCWBqSNBNV8XQQYpRb/RtdzSvzkjtRnTAQsbc0m9ooOQzflE P5s1MRj9v8UMVDwNwRYJ5gzoEPXbzn4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289434; a=rsa-sha256; cv=none; b=psrsB70RkdJBVEfjdypWE5w2hStZdgi+WR9O9zFLBe96ni3/IkG6/939xPBJVSDbDJS0oV 9jzHoR24iABUIq5Nv7b49WMvBu9S1aLk9w+KwlAejVyZ8aSk9fUZW+lGuRtiKnpPHa6xPN 9AkGosBKgqt0WWhI5dMkiPSQ1Lx1XLg= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kz8Qn1dV; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id DF1FC611D8; Thu, 22 Aug 2024 01:18:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D950EC32781; Thu, 22 Aug 2024 01:18:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289512; bh=HBIymMJlJf7+ITwOhb+j59rN4WPQGeznsoeJKujezak=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Kz8Qn1dVXZwn3iFEW41ra68PPQpg0HFL9voVy7exoGuRfVzhkAtm1OLE4clwl0tJa Kj5G8LOyxsXltC2ktdc/Uqt73GasTmTyYIn8UtQVvoVg/wQme6aScqoWRqoTNnGCxF Dbv4fNY3XBHJS14GBqrHQLnKd/e9dZxF+WW4F/rT0nQ6vtRUB1KuwKqBofpbORrdMG S4/juCHpHtdXdnSCgbNjkkbgwef4Ij0+8lZCQgaaTOu2iIMr4ubW7B9yTX0s4urgjJ VOj99SPuYtSttZcdVZ6t+gxQpf10o3VrfAiF9mPoDncgzpBC87hNADQffOE/LZYGI/ hLx/RuteFWVOA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:15 +0100 Subject: [PATCH v11 12/39] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-12-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3084; i=broonie@kernel.org; h=from:subject:message-id; bh=HBIymMJlJf7+ITwOhb+j59rN4WPQGeznsoeJKujezak=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEtPzYDapH3MV8gMaoexDsHWcMRzFaXWkp+B4FG Apb7F/SJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRLQAKCRAk1otyXVSH0DpZB/ 0W7CmNKx9qJWcA0k9C5eRPWl9RKSC0z4wTrmzfIWrmad3I3j6Cc8X94j1zwkLeK2xltL6BW4CeuosZ 0VutV8rMNXss6LLo3crNyiabTVLzdvy0RFEMAEgkM83zL/LP3fjByt3jBblyur9wzoprUel5878i3s EnFcr4X1haZ48jgFLmKn89LFE5loVNKlW1ZRXQgoE3JTxszvcE+GKSj/QFe7OcxFEjY70zxMYIVoF2 3IigbDsH26R6G09bvWSCHi78hFaot3WUnt9PUBcorJxvzNtNRt2zfY6QHqsxf16smEQr/pA24Wtd7D f5TMssAav7WV7DvkH0XksZvpDUBkIP X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: C8AD940002 X-Stat-Signature: 7jhffw7pytwk7j3e9t955386wj9s3dfb X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724289513-521175 X-HE-Meta: U2FsdGVkX1+NClnyBKApT7cRJSQcUt2oT094bqV4kg8A9tEQcV8Py664vYRWT1beizufnpHfkrFQj52AW5Cu7cGLuvCwHIpOgyv1Io4BE8z+vnEBd87M3/ag6BCdwzaSmiSR4bOclaf0xxz5jz7XHgDCLmXEiNSRrgLOFEGBCditZtzqLVcZQ3T+Vx9A1mI+XNc5MuUjxx/ivPeAyFljHumsY9uEh/UbRnQj06XyQHBCe3Nll7VIF1FrwUfpZo3utGwKIoFdck3m5oHJH/9wJ86+XPwCLdKTzs+hfeUY2BytB/SAhNzmO2mpA7Jm6MalnHCVAVkAcX/8DAmTJ+IbxRfqvCYQf3JY9BhGUzkYzHEBQVbq0N/Y9lTMTfgCMZhTY06TXmPQwFu03+20mLGuAR3ClBBJ5SyEFYtzTrAH6HGb+q+d34m6Tq8qI1RoBrvZTQBM+vq4dbcwWYp1MGCJKSi1UiUxjAKKqGQLAOUPtCU9aAE+DLrVJpQiOXSM6Jwe0HIOHfhMm/aYydUKPOMullcfHzzZzyNEDUp5CrAGTHfVx3eSZLBLcdFyl/kulYVpAXsQH0iyzOUcgeyOg2aMAZ4teFGoWmwkXpZqaoetOIjKh+r9Af27fqw83DLdCeRTZTtBFpIH33NYDP46+u7Q7mLnO8a5cpRWkD9zZm4uukQIzMUI94Fs5dvFk5q3hC0sxintXem+dLS0iHxbH1ntjzyRpfdPYc4yF6XGkxDC+sMsuFB4uWvnprDx8Qb+FZ+j2OzgTnvftkHHh2wyn+nCoI37eVjVHRc7uRMpazIB7LnksfY9uUlGPRsjfXYDHydRfsgjKzbe3T4SkBF8cwc2L+BXLZ5jbsHUlVgMDnx8RXqLkbiWRehb2/mrUmK6183h9cEdnaHvzCH8LZJjxq7JOEfiyceyJOgkoVlUJtGvJfLlWqaOuphxNRZ2zAJuDOfbTd76DNUTdDwoyLDUB3Z Zd1EQvgE Cnlt7MRuZrOEfixionA/ni/uO0TxfOyUIgJokkoKwH9kX4ht7VhmFwmBezjD+U9yaeQRdg/vr89V/Ima7gz7zw375+DqcZo/zpYjQGRz4nmuIl2xhe/yC0aMVuCqxnOMSO4YJbw8mgaDPdWO9jN1P+jb75W9ToD+nut1PBXB4vEXWZeotQbsux88268a331DRJfa46q6xTcznyB8iRninIRU3Liwn6n4UqDyCRdCsyImwNgcLIWuPeTYP+E2PEgcrC3/H8M+TaRdM7iWcxOPJ5jZ2QdOfcOIltwfOBTipihfR4IqlV9a9vMFxOHygj6PiCTdOAZmcyPlH+U3EOFkXyVjLTbEk6LMVPaGEbDbpcO4c35SjVmkE/8POfSH8nLZGGxn60G7hB9yAoO7NAk8ugC/FIJaObb6QRjiwp8lxGUPcMz9r60wCin43YfC77wH5P1Dq X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index b11cfb9fdd37..545d54c88520 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -144,15 +144,23 @@ static inline bool __pure lpa2_is_enabled(void) /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -160,6 +168,8 @@ static inline bool __pure lpa2_is_enabled(void) PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Thu Aug 22 01:15:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33200C5320E for ; Sun, 25 Aug 2024 18:07:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 31A948D001F; Sun, 25 Aug 2024 14:06:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 198C48D001C; Sun, 25 Aug 2024 14:06:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E38FC8D0021; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id BF2358D001F for ; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 77509C079B for ; Sun, 25 Aug 2024 18:06:52 +0000 (UTC) X-FDA: 82491548664.15.9AA730D Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf13.hostedemail.com (Postfix) with ESMTP id 5EADA20018 for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iIhkv1vX; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609116; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rduCnP/qJ6ZTgC132xa6OYShmwb48ROC/5R9Zzk0HAE=; b=Z2BK2VmWOUIp8fY2itCGhZP1+F7HqN2LKy2m5ZqzUEkcF1+t5St5Cr7eiS78Q/EFb9dV2e wipc6oHjWnqkFRtRCjH7klpeUtJWt3GtiHXGkjm9oMeGjQVgbsh4uCQqXN4b8UGwzIeQoX co2T2MPYZO+EJpvnpsCxJfPdWXswWZk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609116; a=rsa-sha256; cv=none; b=DEjCNLVwEHk7cviovAmOgvwXzeF/7ezjslfdJYYhQ8ONHp/2DqltRqjIDPCC0Hu9yYCNQp sCPZTHFc6i5Wdn3AmZnB9rx+viePi9WgXoUKak8H2MF4Xs6lqz0OjkrPUqc/jyCJU9Z9Fw UJHtpOlfsNmNFQ1GxnEapzD232dbzzk= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iIhkv1vX; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 6071EA420FB; Thu, 22 Aug 2024 01:18:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 38943C4AF1B; Thu, 22 Aug 2024 01:18:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289524; bh=yrclwp0293yC9GB/YqBAfQERM0nqbhUl6FyE+eoviK4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iIhkv1vXoKilgfdT7HIpB4HOZs+tLh/vFixxXmDjlkcZOklxf/MPAb1ew2Z8s+pEO K9riiigrezQbjBZf8OrNt0pyEivoy7GtrdMSX6y0Us6jX8mcNcwIK9j5WlwlWY9lzv 9S6HtvWiw521yHF7WXQqdK3ML6TOBXmemGFmJz5w0fw2XxoBIa1ATqkCrGr2BOtarC /7OLDWVT2kesr8q9MRXPrTLBgRBmVqM0sEgSvmnaDJX8zD5MuSNC/SJ8rH0m7HfBsN GkDTr0PYd/Ak4qlnOiyZ0YVy9OaKQ4GOS0r6+3mFU1Se+kyYOQLFzkJe89yh+6kg7Z pRi2X/R6uve+w== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:16 +0100 Subject: [PATCH v11 13/39] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-13-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1520; i=broonie@kernel.org; h=from:subject:message-id; bh=yrclwp0293yC9GB/YqBAfQERM0nqbhUl6FyE+eoviK4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEtEhQ9d687I7aOExxok/8WQuFAhrCVZiopb6w+ BmeozzOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRLQAKCRAk1otyXVSH0E5XB/ 9eKoZTlYi2BVbXjZrWbLqWquzXlD2d+PNTXFZrH5hsQjONsDoi9Pjc6vBP2Rq+zvYcDgloXucC4+kG to2qv8LkOUjq+GOgrh0Z5mqVIKef7bjvQXqo06la6oQGX6nNVJGdWI/IstMcgIyCMntSbj7B7hd2GL nDPorXdYdtt5GeQ6TGgSk5QjUZV8zvx36gLNa8TYUF9F8FTiHnnoyQYVmf7AfQHui5ooHkDM4EaNxO hkuiI4xMnP6MP3nZ1YsCWflEesxR3FoEI0PgPPyTfHrYqlNbXh72h5IMT0a9Ntqj0StxJx4wOiGdJ/ vKhAPFViGCFXtK5c9StuFJx2HxH+I7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 5EADA20018 X-Stat-Signature: nkra1kyzamwd5oirr1mrbmxncfowfx1h X-Rspam-User: X-HE-Tag: 1724609210-521829 X-HE-Meta: U2FsdGVkX1/4MoPn68wVem/TTbmpip+R3v0gTAs7Nna7lfaXAQg2C8qZ2tdK0IkaObg80k2E7qS32OjkIrXTAY011izbXo+K4oKqL8OUzXLfgf4zyYoPRhFTWILXvmASSeKkHxGvHm4Wv92fMRLC3IjC9+CD+W7nqAdIuU20Ulzo89wVnER5IBqvWWnaLJ21hqRDJtW1BNuwaVakDKV5CGAq3voJWq2ZECnA32MsblpHk4KYqqZdGvZaKLddqWeXj0GwSDetVNfxp8uOw6EVdIFaECXm49NAgQ46qyzSiPG301x9g6SvWVB6vbA6Os4w/AXKyhGeJUP0PyVaFwwsnfn/vSAvNybzkQQX9UYTpDg4XHZTVwnEwkEiY82w/HKQQI/FKAoBjCThivqynfFTZqRDQYOGtamZ969nLi+GzARao0pUZ/+wI1BiFHurBRptrhY8J6pe4kw6lZubyCGpyEtdKL6RRCFp9arMhu9NalxWV5q+2NuDNVhk1o0F81X+1NNvUNomngWBxv55jCxOVnweg4WqLP7c8VNfrVj8CelisWGjW9m4h2wGoejN9aN0UH8Mskmhvf88AR71JMHIP4R/VH1gzBlkZET05c4ltGazTnH8xLCmB6nWqc5ZsRpPx0ic/Fq7abaleEtjWxSXCuo3tmWeKAyXLnm8EQXpf568zBDjWsEoQq7/3JneNK8S7rJE9rmgpxBGsR0SIov2k5vbTMYBT9wTO9wAp6pnw2JH01OU/RLNYmxo6mHf7VlouQh0aRuA4L+gZebJ/qYuX9WfWdQY44KGF+Jr8U2BnzkRF2dTk8Bu5ReaAfA5OkrNCO/0KLVZJFPXfbzC3N/wLjbwvAV2HsTqYcOY/Y6Iq+Q0enznMuaMkZRwpok26exdiC4vElU7OHnL35BgXn9trNlK47ESMG75Iq5caxeAwnRMZRisAP4pTDO74XoWg2xG3VaYEWgfoSnt6iaH4Ix FDCQcLWw 3+tt8tq5k9kuTvVDqM3Mn0FfjRKL2Cl4YOtMcgPj/AFEy+Izape5pG+b3+iM7g8lvdQUwU50+WnWfywmiA3rRKnSsK9KkQjZj6y/D895nuIFVVNO3u5QQoNZj6TrE9LIiYfjxOzHXXJlARlL3ya7lCNNtZPMNIwXEjkouhAVI0ZHsCmxaS1qdcv0s2bsnEGonC39oTbZtQKzlaRcu4o7EBG18SY60D7D3EmqPDQVZ8YfJodpLJxQo0ZQtK2EjrizfzxD5ebJjdpFoif7CfqM3FiufgFAQLk3NK32CVR7BluewGjHYYQGQk8BVM5mFnQa/RYtF5H+Mwu2KSl11bGFxUmgsQKCKB6ixI3joar9MmwuLR4TzV2h6WgaO7mGLTuaYsniQP5h9Q2jQrcysA5YErgizzQZZfo3TWWtnivuwAZn8c6zecDc3GJm0eq5MmGoZzwefmxUEIkBTyyx1XvNOzH7NQw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Use VM_HIGH_ARCH_5 for guarded control stack pages. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- include/linux/mm.h | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index e834779d9611..6a882c57a7e7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -579,7 +579,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page sl sealed == ======================================= diff --git a/include/linux/mm.h b/include/linux/mm.h index 96faf26b6083..c6c7454ce4e0 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -353,7 +353,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Thu Aug 22 01:15:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DC36C52D7C for ; Thu, 22 Aug 2024 01:19:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8F5756B0085; Wed, 21 Aug 2024 21:19:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A60694000B; Wed, 21 Aug 2024 21:19:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 76DA96B00CA; Wed, 21 Aug 2024 21:19:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 5450D6B0085 for ; Wed, 21 Aug 2024 21:19:00 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 185F61203DB for ; Thu, 22 Aug 2024 01:19:00 +0000 (UTC) X-FDA: 82478122440.05.DFB41E8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id 3F8E74000C for ; Thu, 22 Aug 2024 01:18:58 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=o8FiYm5l; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289459; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=q0dVsKJ63Oykl2IBz4wpSU7bh7Yp69WBiZTq4kDEkfI=; b=WdGe5w0/2vnrp8G1TNBr80husgWLaLB8vtd6ahefRsyTnebhfSDrR+GFUsKdGCi0qbMimC BkThm1GeKwlnhtbXN91MH2fYHBBSb5dEuH0iOVeMrX8C2VOaLp8VR3LAuK11Rd5y1Bcm9w 1s8wC/1m9e0xY+VMszPjNCWEFTUX9iw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289459; a=rsa-sha256; cv=none; b=oro7qArzhAbEzKSkLcoGVDH1oDrrYB0Hy09dpGSa3ZRJQ0hd3tUYjhLHstDK7rWT1Lf8vm WjcwgXep2yuX/u1KY3rJ+50C/FA6aEY5GVs4YjiERBB426wOnWjS2ghITJ9vVL1J34E8JA 2IFgi36WQ6QoLSX3tVHJ44nLQVDg6SU= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=o8FiYm5l; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3EEBE611D8; Thu, 22 Aug 2024 01:18:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 508C6C32782; Thu, 22 Aug 2024 01:18:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289536; bh=+TK11w/7oyUnbPsKo/oQrSN1KO+dOWD16qqEJpANLmY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=o8FiYm5l+0/cHZX1HsRAyIUtvG4tyaQDkbJEdTcNPq4sjwiKMQiyR5Z1SUDwsKqxl rWQ1ACNxfahd8IJWovns2gUvp5Hbr4rpC8H15lv5Z9BL57fNDKdbht2UExHQoHI6a3 9CRlrx/L1tNQZC/UIarWEMQs6z5mavlQWpfQLA0X2EMfOh4//aRghiIv7SStLjgBu9 9GTaf+xeDyHpxNH5TbtUUCRnCO8mPdslDzyxY5zqPf9Ag9Qi0VcEoxtiw6sbrbzaeQ vCMKqWh+OPYeRle9F1M4oTLKEBThcX4T3dJeFKacKB9T0KpiPdcgUQ5SsZKTusqYul KcZeyVHM5Wmzg== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:17 +0100 Subject: [PATCH v11 14/39] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-14-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1842; i=broonie@kernel.org; h=from:subject:message-id; bh=+TK11w/7oyUnbPsKo/oQrSN1KO+dOWD16qqEJpANLmY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEuY7qje14egT0jcYvUuc18fgX2hyZO8U/JWAKU p3nRhCyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRLgAKCRAk1otyXVSH0GsEB/ 9qdaHW2b3XgfR3+Lcf74TxUigjDXbDl/OHGsds2ymyg2RqDu0qZzVpsuut7A7stH+sU0N1dDdUpcqD F9TmP51kmfH9e5EHHvRsMZx6vWevSrVLpQLVmb495BVgunxLqyP9Ybr7Ba466Y4a/BDEAmHV9iJj2d HADHwxouSbw11czxAdsIPZvqXV3RzZtu+CH0YlxipziDUYG3USAkc3ZHpyVwV+VsJjnUEbUvnrL5iX nu3TZdz7oOTX+LhfkfJxJcQ7dV7BXJa8+upiQtxc+q0kriB3FRmYJfQ/Ps+0aeQ/M7VvauhDbZ47NH P3N0oUsx2lrb30YIaP03PP0gXBZSob X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 3F8E74000C X-Stat-Signature: dxxts9w3hnjnbqco5zsuwiqk4t19sbdh X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1724289538-581885 X-HE-Meta: U2FsdGVkX18paibQqg+DSN7Nyb8BXSTdPZUAgC9+OjVz77210tnDuGx3g36FJrzZ0S+VeMKK1d24ceXqSXTJZOaNJrLUJoXDhtgTmrVxDXIaHxfhpzyYIkh8jr3ZCAbQZd7uCcLDphD9dkSKwqiIUssOoH+I9s/zllw+zQ1+DTisMGr0q6K/vXJaDJDSmBNSOz0jwPg6xEq1uFj0XT/pBYOprSFN8t0HZk8SS6sfDQ2PMKxleFgcXV3nF37ZeVGFgII7dIOBjmItuo3oCCtgX9uhXIK8W2rbz2+Xdef/IopM10Re/A05Kqu/YhjVc+U0gDmFj2+lvkkE7yJUxFimjCb74uogK7XKQ8/U8utKMzQLmD4rOpDGzwTNdm2ocjZM3UA9Rz+z3Y+y4INaLLzgm+kC20hVH5c/yjTtpetqyI4Y9wEhJpY5GQktfAylx6NJE1usVGgf9Of9nRufLdiwDVKR5gMK2BQDjBeCSRjce3Y9s6slJTE+VT3bbQ4D6TeSpL6Kp5veGHpak52VA7dW+F6huV7z1O/CkdzEqCfdE2MuiUqI/4kxjKJ+f12yYZkNlRJl37YMObetnFbEmZPZl8CyDUu/R8Y0ZheASz64Go5H8xNX2FD1pKSIF0JhCXhV2Zf9Ro9LLEhdimo4em4AcvKMAzbxUKXbZ85JZ6t7bhgYAKbEMevVoVJx4fj6i5zW9n14IXkVFWp6YENhMRiWQ7HxxBVLcs7bJFZHaph2fQRghfj/Smgjm3E1sak02ywEZQ8DE1tawIlPR0feCObNR13EPYkA2B9v6FALPcf1tJXhLtR+6VKb0d6lDLVfEPfNLxhcvzXGx8TiyXQpClv8DcvxkNsgU75ap0xoj0q8Xbo55pGbcq/7hIeLTZwdOcKYForFYUxAgo/Cq7zgQyaG6kjuiuaID9Lr40Ek2iCHaHzy6wxJpwl58g8qZc9Sb/Cyd0seHxCAxBbjVH3/TS9 OVJywEyV ZXU2mmK+0bWznGB1cBPnR7CZwf6m4B+3SJQqFT2q1l6TL/I8wAgtDxe/ouPc9o7t05THWJu7S2NIr2mC9y6BWMohmqZrLsx00+vaRO764F6I3ko+gUuZh1Eilw9AvIzTtogca5euXT/QMKUKEP8UG1XANwhDnEP8JPeG3240g4l+VLcpbYGYvROgbvFhjInZoMUHWWNyf74Sh8SPffrFy2iJ1tY4aie09rC/HCuPAIcHWQN2gHOHYCu0Yz8CcnojJiLqCev5hFzh//EnxsD3quZ1yZcEPK2FVC9tUlSdXkQlm+qcYQfEmjXB6Rn5ALFReNdvdZFLstjLhfGfnmeJb0j8zaWkMzke2Qksbx6X0spPrOQEHSvNDHNuGrRTFgL/etRQ1cLi90yPf1WU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 10 +++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..37dfd2882f04 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* An executable GCS isn't a good idea. */ + if (vm_flags & VM_EXEC) + return false; + + /* The memory management core should prevent this */ + VM_WARN_ON(vm_flags & VM_SHARED); + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 642bdf908b22..3ed63fc8cd0a 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -83,9 +83,17 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* Short circuit GCS to avoid bloating the table. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } + /* VM_ARM64_BTI on a GCS is rejected in arch_validate_flags() */ if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Thu Aug 22 01:15:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772322 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E578C52D7C for ; Thu, 22 Aug 2024 01:19:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B1D2494000F; Wed, 21 Aug 2024 21:19:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id ACA4F94000B; Wed, 21 Aug 2024 21:19:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9435494000F; Wed, 21 Aug 2024 21:19:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 73E8A94000B for ; Wed, 21 Aug 2024 21:19:12 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 307551A1277 for ; Thu, 22 Aug 2024 01:19:12 +0000 (UTC) X-FDA: 82478122944.30.DB041B2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id 5D26D140004 for ; Thu, 22 Aug 2024 01:19:10 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qqsq3y1J; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289470; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=wmxP7pCO2uFjstxxAElXkS7ECXHhMWQyyYjcz8ZtiHg=; b=q5OUvSxZwBqM5Ws77TF3wFgit8NeQvXF3nz0N6l5XbaHOw4GV5Hpq41OkRVmAkt9BiDmGD MwFE3h9QU4PUs275CQt018IL7AqmPKDHBEK2gCoj2U0SccaH30tVYAPCSF0JO9VKeDMSEn +dZvEAZfzbIYIF3VYAZciUL3U2nkH78= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289470; a=rsa-sha256; cv=none; b=nNt3lgVaeKB5FGhy2uh1scaSv1kIOlmcokJ8TDpWg8e2XZeEvFGsUaJNzGra8LMckvQjTy foQDbNUr+1gaPnfmWlCqftm5A4l3JqyAi9E32k5wlPDDXYWVT8Sprm3XWWxuHJCslXyCM/ aAzC264bepe5jd/8X0qjRtKGjbmlWpE= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qqsq3y1J; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8B7E5611CD; Thu, 22 Aug 2024 01:19:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9CDCEC32781; Thu, 22 Aug 2024 01:18:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289549; bh=2VNGjU/LjnznPsbE00KIsk9FNHX2/dkkEbGz3eAYf9Y=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qqsq3y1JGEytjuobnz4YSQFParyNgTfj1H9DrFPLajrfVGlJG5BvtE008orYEXzqu oaOkrF5npdsl7AB9iX4jkW2VpGkqPVyg9foB/36GHkznIEbjaLNeFjCLeHO4eznxeA GzSpXHoJeH0xutB8zFhxqm5ZneIHpX5O8IixGaoRGXZ1Kf7JadCB38Q+9vOIpZUbPV WziATaOIkGa7Zkn/3DtpJMC4nUro+Hj9JnUagVWXth6/U10fo7f6uC3NnWj4v/xOjx /1N+Pn8uR7Sk7sWTU2460lpfgWnUxvbgw9OJHmAGk4rwcWslmMXCjoosZoPMLBC2q3 DRjjTHKRCgtKg== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:18 +0100 Subject: [PATCH v11 15/39] KVM: arm64: Manage GCS access and registers for guests MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-15-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=8779; i=broonie@kernel.org; h=from:subject:message-id; bh=2VNGjU/LjnznPsbE00KIsk9FNHX2/dkkEbGz3eAYf9Y=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEvUbSkIHp0CYazdvtd0K9lA++4yXoZzuXoIqai P7zvrMqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRLwAKCRAk1otyXVSH0IXIB/ wKwy9Epi1q/2OiiVwlI6F7z9s+yWlum63IAqiNUP5yLTSZC+Uw/mmsVJqbefDGFdNb8bSEDq9KhQjV CZClRlm6htDjUx10oKE794sZU6cOkPw5fzt9kfa1FU49ufRpF9tTHrZaqleS6xNXLH09xHx5yN3g0b 0hsZACpQyKXt+KNfj3vpmNj3LNI3eHu49FeKYxrCAOn9Q1JhJuhvxNeTSyJTsdBPVK+hfXz0oqt8GR Xe8RV1vqkm5kf8wwmxc6ou7thjRjRtUqJtC04v36qtykJQbVtCwxKHWIaZqkHaw43oQs7SND2Ify1d s2PZ+MvA8GRGFmYGF91pxaJXHGHNgY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 5D26D140004 X-Stat-Signature: 75wafzkcagiyprzu8tx3bgh4oxyqqs74 X-HE-Tag: 1724289550-586504 X-HE-Meta: U2FsdGVkX1+qPllZwZ/QzpAxfM09xxdwXiW21TxR7gfZabixUSRoUI8hM3cmvqxjhvYVTLcEVE/k6jrlgqLNXacriw75IOmlO8zyrYcCdQ12UXPaqstsK2xT4Py4cb8ehlsvj76BbsL+/8a7t1nAAq7OFPdeVvSEQkJk/swg7F8hfQ6StVq6A/ROZ3YezNAY8y+k9o6Tlkll+IJA2dMK+DyNKLyBnM4DJnwEvGCLbVVaV1WlRrdKRVF6Kkg14LhmzpD9AoSM3EU0EOJGXZifCqnRZFvL3/1dt7g8DN0RM7bfFA6wrwSW5Rk5NWpAXstPSMA6ydIGiF7TQyywAzrBplWEVdDAiv9zTj2C+Crb48VkYzN2ikEx9u+k3L6ZsNFbAzzWu6ylCNQRfPYb61OVEXBPzd3dAKBUCJJ8SQHhTuNu84lXmKXSgs+J7VOx2K7veSwNB2qVxB5Q3S71C1xBNnnNyympBwShQIl0tOlRJLfJG4v9RuvQfldjzc3EEY4Wp5LgKHiIgSblJq2kHZMm8xdKJTIz/ZlfjjjYsZlRz0RuAECNIJ0t+kbYGUmZt/xmx+Woc+n9w4TlSMoT+38MRAnYBZ+jPSlmAUKco/X3xqYfkgl4OVIC1tnrbtSWxINqFlOhw+yMt4WuD+neivJufg8zOcIN7zMTHAMpgwsQMP81Zbsx2ijEERT1jyoPHqRMx4adL/MacytpMBWwOg5dJ2cJw9IhGeAU193OPR9ikvnnaUZC9cFCau/1qGmoh8RBr0hqKrCQ5vx3Omd/zMSCpfhoFz/V/sM8aCUj91/hOq6NCzBoofD9J5mpbIXg4ok6iPs3H301b760EnZojldlDVntfYfwwNUsWmbQMVD+AN31MNC+bhcyMXgR3Q4T6YIzahVHIKcEWyeR4KmI+BHEenubP75DqKscSnwCEpyy6H77VC3aq6UXyTrviRG06VumItaSGwrVKXMMeZ1M+cW NNlMaJ2h NhB5/WT1n4sxH2p1juZQKYhUEcnckfE+Ho4Hg2DUOa9vznExsgY71il6dlv0ENaTrbISwoh9wd8V/GYklEzvD8YB7pNfRmktgAP962l0d6VgqsDY8UfoFGS3uCyTd/9D+yDSCySXY54WO25k2DFZP5jfuK23rHfg0H4TqIx3EvItwZRu01uv44FJP58vEuatVtQIFIb12LfTCczRcjTHXW/1K9Y/RnPujXInU9N0h4VPd47bsFs/9xyz73HyvN6lMKUCrFuQAyHkIOLQWqkYvWI1jqPW9EjuS/XEPdgh4Ulp8QpKrE42CIOO4MnvD5/S+S1OlkCEnTVEkUjuSPALx1woW4ftWg/5U07q5UMcog0PTo1n8+hs4EbmnwgW37EfmsjPXLxs6GG78/ZA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. In order to allow guests to use GCS we also need to configure HCRX_EL2.GCSEn, if this is not set GCS instructions will be noops and CHKFEAT will report GCS as disabled. Also enable fine grained traps for access to the GCS registers by guests which do not have the feature enabled. In order to allow userspace to control availability of the feature to guests we enable writability for only ID_AA64PFR1_EL1.GCS, this is a deliberately conservative choice to avoid errors due to oversights. Further fields should be made writable in future. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++ arch/arm64/include/asm/vncr_mapping.h | 2 ++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 49 ++++++++++++++++++++++++------ arch/arm64/kvm/sys_regs.c | 27 +++++++++++++++- 4 files changed, 79 insertions(+), 11 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index a33f5996ca9f..88d6a85a2844 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -446,6 +446,10 @@ enum vcpu_sysreg { GCR_EL1, /* Tag Control Register */ TFSRE0_EL1, /* Tag Fault Status Register (EL0) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -517,6 +521,10 @@ enum vcpu_sysreg { VNCR(PIR_EL1), /* Permission Indirection Register 1 (EL1) */ VNCR(PIRE0_EL1), /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + VNCR(GCSPR_EL1), /* Guarded Control Stack Pointer (EL1) */ + VNCR(GCSCR_EL1), /* Guarded Control Stack Control (EL1) */ + VNCR(HFGRTR_EL2), VNCR(HFGWTR_EL2), VNCR(HFGITR_EL2), @@ -1473,4 +1481,8 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); (pa + pi + pa3) == 1; \ }) +#define kvm_has_gcs(k) \ + (system_supports_gcs() && \ + kvm_has_feat((k), ID_AA64PFR1_EL1, GCS, IMP)) + #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/arm64/include/asm/vncr_mapping.h b/arch/arm64/include/asm/vncr_mapping.h index df2c47c55972..5e83e6f579fd 100644 --- a/arch/arm64/include/asm/vncr_mapping.h +++ b/arch/arm64/include/asm/vncr_mapping.h @@ -88,6 +88,8 @@ #define VNCR_PMSIRR_EL1 0x840 #define VNCR_PMSLATFR_EL1 0x848 #define VNCR_TRFCR_EL1 0x880 +#define VNCR_GCSPR_EL1 0x8C0 +#define VNCR_GCSCR_EL1 0x8D0 #define VNCR_MPAM1_EL1 0x900 #define VNCR_MPAMHCR_EL2 0x930 #define VNCR_MPAMVPMV_EL2 0x938 diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index 4c0fdabaf8ae..ac29352e225a 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -16,6 +16,27 @@ #include #include +static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; + + if (!vcpu) + vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); + + return vcpu; +} + +static inline bool ctxt_has_gcs(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu; + + if (!cpus_have_final_cap(ARM64_HAS_GCS)) + return false; + + vcpu = ctxt_to_vcpu(ctxt); + return kvm_has_feat(kern_hyp_va(vcpu->kvm), ID_AA64PFR1_EL1, GCS, IMP); +} + static inline void __sysreg_save_common_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, MDSCR_EL1) = read_sysreg(mdscr_el1); @@ -25,16 +46,10 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); -} - -static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) -{ - struct kvm_vcpu *vcpu = ctxt->__hyp_running_vcpu; - - if (!vcpu) - vcpu = container_of(ctxt, struct kvm_vcpu, arch.ctxt); - - return vcpu; + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -79,6 +94,10 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { ctxt_sys_reg(ctxt, PIR_EL1) = read_sysreg_el1(SYS_PIR); ctxt_sys_reg(ctxt, PIRE0_EL1) = read_sysreg_el1(SYS_PIRE0); + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + } } } ctxt_sys_reg(ctxt, ESR_EL1) = read_sysreg_el1(SYS_ESR); @@ -126,6 +145,11 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (ctxt_has_gcs(ctxt)) { + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -157,6 +181,11 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, PIR_EL1), SYS_PIR); write_sysreg_el1(ctxt_sys_reg(ctxt, PIRE0_EL1), SYS_PIRE0); + + if (ctxt_has_gcs(ctxt)) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + } } } write_sysreg_el1(ctxt_sys_reg(ctxt, ESR_EL1), SYS_ESR); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c90324060436..4e820dd50414 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1645,6 +1645,15 @@ static unsigned int raz_visibility(const struct kvm_vcpu *vcpu, return REG_RAZ; } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *r) +{ + if (kvm_has_gcs(vcpu->kvm)) + return 0; + + return REG_HIDDEN; +} + /* cpufeature ID register access trap handlers */ static bool access_id_reg(struct kvm_vcpu *vcpu, @@ -2362,7 +2371,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR0_EL1_GIC | ID_AA64PFR0_EL1_AdvSIMD | ID_AA64PFR0_EL1_FP), }, - ID_SANITISED(ID_AA64PFR1_EL1), + ID_WRITABLE(ID_AA64PFR1_EL1, ID_AA64PFR1_EL1_GCS), ID_UNALLOCATED(4,2), ID_UNALLOCATED(4,3), ID_WRITABLE(ID_AA64ZFR0_EL1, ~ID_AA64ZFR0_EL1_RES0), @@ -2446,6 +2455,13 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + { SYS_DESC(SYS_GCSCR_EL1), NULL, reset_val, GCSCR_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSPR_EL1), NULL, reset_unknown, GCSPR_EL1, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSCRE0_EL1), NULL, reset_val, GCSCRE0_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2535,6 +2551,8 @@ static const struct sys_reg_desc sys_reg_descs[] = { CTR_EL0_IDC_MASK | CTR_EL0_DminLine_MASK | CTR_EL0_IminLine_MASK), + { SYS_DESC(SYS_GCSPR_EL0), NULL, reset_unknown, GCSPR_EL0, + .visibility = gcs_visibility }, { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, .reset = reset_pmcr, @@ -4560,6 +4578,9 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) if (kvm_has_feat(kvm, ID_AA64MMFR3_EL1, TCRX, IMP)) vcpu->arch.hcrx_el2 |= HCRX_EL2_TCR2En; + + if (kvm_has_gcs(kvm)) + vcpu->arch.hcrx_el2 |= HCRX_EL2_GCSEn; } if (test_bit(KVM_ARCH_FLAG_FGU_INITIALIZED, &kvm->arch.flags)) @@ -4604,6 +4625,10 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nPIRE0_EL1 | HFGxTR_EL2_nPIR_EL1); + if (!kvm_has_gcs(kvm)) + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 | + HFGxTR_EL2_nGCS_EL1); + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) kvm->arch.fgu[HAFGRTR_GROUP] |= ~(HAFGRTR_EL2_RES0 | HAFGRTR_EL2_RES1); From patchwork Thu Aug 22 01:15:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4A17C52D6F for ; Thu, 22 Aug 2024 01:19:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65FF06B0102; Wed, 21 Aug 2024 21:19:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5E8696B012B; Wed, 21 Aug 2024 21:19:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 43B206B012F; Wed, 21 Aug 2024 21:19:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1E8836B0102 for ; Wed, 21 Aug 2024 21:19:25 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id C0B2F1A1210 for ; Thu, 22 Aug 2024 01:19:24 +0000 (UTC) X-FDA: 82478123448.09.C6891A9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id 0A89614001B for ; Thu, 22 Aug 2024 01:19:22 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ivuKgD4o; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289473; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Q1jmjXB1dKcsmxay4HHVsYiRGo7XcyadV4Zv7PLXEyc=; b=3hFpytLtCDQEEeFfT49O/gDvPXuxWZgC+rJ1kLaZhklJvukchg0ZSIxMclLtUzWkt2fCvo R51BFYYSodODV0JfOAqiKNbUY0lSB+6BBpnz51MjhNZgYOXS/dArog3YefhYQr7r6RgRlp m64208gv3tGwUH4Woe4FFAvuTrTvKRM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289473; a=rsa-sha256; cv=none; b=5f4CZZb23XuT5Yg/nVDO1eDO8K9vuRJ8vyJT6jUBPX8K+7xQ+LbRHBxyBHUnmAZgSdqLYB wmnl7Am9PWKCsiIArlyiwAp9G5cnQZco+0MFyHufPYH/YY7HQzwE3y4SnQ/JnV7RX9NcYd onEgOopFWijxMYsjJsMX9jy5gUT7v0s= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=ivuKgD4o; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 405B0611C2; Thu, 22 Aug 2024 01:19:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E48B0C32781; Thu, 22 Aug 2024 01:19:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289561; bh=sM6ARMSzs2g0dbHkgGbbEwKAjUQqEhC4Xbb3feAOKmM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ivuKgD4on+C7+YhBbtby4IvVq0RxF5/bBnr2MIUKiL3RfsjHRaLfUWjrd/hoOkypi e5oVdrksEIE09GHZZ1grqgllXSGlEDPePmVsU7M80fXrCJvMLa+IOAqlM1+qRPyefT NDUMeFDAHPBoXvktlWhOxdzO2rdFQlY178qnfUC3rm4Z+F/Utr6VLItE1zn9NpiWjM tyFC+TuvGcYhcMAJweOwV0VqEtP1ItN5OzDAcmWealbnPLZYZTVCmu5TDgUX36j+xm hBL+YaIBVHz4YB32atTfhUVZDEps5Lz+5jhEsIfqxzoZtgyLuLZph2EmpqaRb2tecw P/DJmri42EczA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:19 +0100 Subject: [PATCH v11 16/39] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-16-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1899; i=broonie@kernel.org; h=from:subject:message-id; bh=sM6ARMSzs2g0dbHkgGbbEwKAjUQqEhC4Xbb3feAOKmM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEwGtjAb+Lbq6W5IxNjQfUxybDiSmB4j0xd4UwH +MPuN7mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRMAAKCRAk1otyXVSH0OdpCA CEOwzdvcro2Y/zsVAkDS1Gh8cqiwIlyIDREbBn+Y1Fsz928BKFuNCbEKy7zALRTxwtRrlYxNM9ZJl8 v6kBCKRDXGCRs98LRzPScxPU+FhtqEHbzd58yzE/ITWCObVM3dIfqSk1nd5rqSljitoRrI5Kx1XQYV reoDx/QxEVXfbj+YAbA297F3QOBTCghWQDCw4v4wkEH9Z7B/dOGjQVjJmxl9Wejbw9+9iT0x0PJDnN SwIXivwFaJ7YaXO7TSqvUYuVOOn7lmltxhmeimqnTp36IqnALj79krb8UmEeBQbeBn5DHxK5DgJzy6 WY4Wviz9IEqS1ZQnNP7EKG/eX+Mm1s X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0A89614001B X-Stat-Signature: g9szj4uxibncqpix5p6rmxbd7jaqir8n X-Rspam-User: X-HE-Tag: 1724289562-952835 X-HE-Meta: U2FsdGVkX18h1YUemY6KKTgQJHbci5kjHRrL3B6Ulv/KRU/UAvpGvDFCQUWzUPgY9wJQpGivwZFroFxcOCHLY1gfWXOw4pFUUw23FfnD8sCRo3A0JIXj/YTkFxVEI0n9mYXKVZj4BA7A5xKOmk4yf4PtJipGwR9/cqiJBVokWHBGl0/3hkKrx/IqHs2PevlI6zVFioQ/RrBggrBQUS+c7yQA4XVX4FcC70ONoiNuv7nCOuXo9ne+/wOBLvL2uG0EDY+k8xwQaQsOJwn4JcS98QriPRpg2f66KBRh1RwjbBhYSJqxxPfN/5bEAKWIEBCIMkR/dJlh1WUfTgzvxlfHIBYWcA1LtjDSmznzB0zEhxuK95OFh5iw/ThqD52zGF55ZSvf0MYUXLR6GPbIetORixhdG70r8iKE70Wha6ZqOMKx5f5ORfZ6gLODRI8Zsmc616evIvu/cBChIXdb6pcfhxtokuJTqDBljyy5eyR5kK6I3xA6SEYrE7gNPIcS6IHus3ACq/sFpXCsR5YcMhdwD9U1ek+WIuspk9E5OSqVETcO1dIMvqMEg4iSXM6ht/b2guLLX1LXdfl7b7hJjQp+pUHdILhyetEYph0WCA61wpSPkWDTa3y+pOtYNY2wD7Cd1Z6WYEknEqssBfSeDy5aRZMq7IQ397E7dAUBFuO/AsCRXy/Ttaeo8YaKhrGxe+8LKBZc6NoFmn4UlCgIWRdqVq5k2rZqErI38Yi4+pbnTLCrkM56W2mbHwV8ixDRtzs57qvRt1Ifh9WbnZyY7R8ySGr0gQUBrdaaqQM7DISKCMeF9Y8WzMz1JtmDWtMvYguy7uxoy0j/WsJtOvpLNWWCsP/Xpd1abKfusWJruglmtrQHASBqH5fkdY4kcBQ09zU2j1VjkAsCbs33FN/9uV1vFvQNY4MTkTC1K+iHWMtHhjnXaKr4FWCsNOVLv8x3ns/K0V8dGfzQ8LOqPoPEKTt G9Z5iKz9 /EWgR87pZ2kdmluDqbSo7utCbOOJkWn3aTMhF5rRizW9JcH2Z6jvuqw7fVd8uRLF53KgF8tEmOuyoWFdrvSnMvUdysmCScgwwcOeBSJEiO7Snhps20QjOeGJvPa87oMvXQiWalXbWrPrCm+rT10+V+m23dEBp3Ssj113K94xVcrJZcmQE7Yr8lKePYgIvX3L1Z1N8RsGIQoS/Sq302tKFOgMAxq4LUvF4so4XLsEhXXxxKaslIigUO54AKXsiy7WoeIsqWSzr8FmD1LJgV0LllnFDBC+FruvXjeFusaGGf5UHRo+3lrhWXmma5obGUUTaqATozjppi5E17HNYoZfWVi+RgvXRUuSnWn043T4FWXDSGO3Y/qY+muWZC5+jb0LcLX0P X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/pi/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 09126bb8cc9f..e6413bb8e6e1 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -441,6 +441,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 29d4b6244a6f..2bb709d78405 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -133,6 +133,7 @@ static const struct ftr_set_desc pfr1 __prel64_initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -215,6 +216,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Thu Aug 22 01:15:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE626C5321E for ; Sun, 25 Aug 2024 18:06:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 441788D001D; Sun, 25 Aug 2024 14:06:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2037C8D0016; Sun, 25 Aug 2024 14:06:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C3B468D001C; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 765938D001A for ; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 271A4A838E for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) X-FDA: 82491548580.20.9CEB118 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf26.hostedemail.com (Postfix) with ESMTP id 60BA614000C for ; Sun, 25 Aug 2024 18:06:48 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="DwFM/rF8"; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609166; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Fa0FshE3cbF5RRtwPvTYpx5rzUhOOB8bBWzBgT+zxBk=; b=aQyW2vdDcA9UlmAbgW/STUP1lLqS/mvBddOBCUthB1TJ9ic2hUO743XpN8m87c0wFTbyb9 QqBVlfqSxv/KZWpWinFzwb7XozOph4CW0rgtrVkTpYABGYPhVOpf2cJr1XxqLQ2TkK6SAN xNTdPcuwI8Q1HuRCJz4FgFhoIl2zSE4= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="DwFM/rF8"; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609166; a=rsa-sha256; cv=none; b=KjGtp0iPzSwCfP5WbY+MTQBBTPdqmZ+5Agd8/sTsenksghT1zA33HZSK40NDc+Gkmauv0b Cu9qojTZnShBbjx7jI6yZTm8fgV2LhsixIH4Du3ybwyXzcwQAXQtnuapWEvt5CmGRMQj4R BdELtEPhMBsQRks7vH1o6oUJ+qEhaiQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id EC3C2A420F1; Thu, 22 Aug 2024 01:19:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8FA7EC32782; Thu, 22 Aug 2024 01:19:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289573; bh=p+k0jTbaEA99trdr4pz3NzAF7Yf9BBO+B19MeJlSzs4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DwFM/rF8dbxF5iAiJQBkNcyl4MpQCNPo/7h0ijDZEC2DQwX6P9MCQJsdLQmYTo3w4 kN4XMcgPS2+Nspg04WpyMwQwYWuchJLA1u1F9LpbzcJyk4SC/i/91VJTbuWn3rtzAt VpyNFub3O4QF2XvVSbLUSDsC9s2WN1aGQDuRu0kbT6dN8Y8pNyKsAikEC/usnkkjoq oYOW1xC4zVRaLJoVH1YEwGK9uwA7iEDdO/7V5k+wsLwg3MbJLU8s9XwWsvX19Q49Yc vW0VQAElmyecYsp8uUWzpK8uNtNd5HA9mIXI4uZxTEQmHL5tLYrAUkMW5KpB5drC8e OCmI3NfA5JKKg== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:20 +0100 Subject: [PATCH v11 17/39] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-17-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3096; i=broonie@kernel.org; h=from:subject:message-id; bh=p+k0jTbaEA99trdr4pz3NzAF7Yf9BBO+B19MeJlSzs4=; b=owGbwMvMwMWocq27KDak/QLjabUkhrRjEw1DBY8JsZhfUkz7zMLPotW9MILVab/efK+acqsQxtNf nsp0MhqzMDByMciKKbKsfZaxKj1cYuv8R/NfwQxiZQKZwsDFKQAT8Upl/yuzWbS/+865EpdD2g498z w3P/6+U/jpagZd/3Lfla+CD88SiPb2SjaTYyl4HuGy3VWd4Z77x2pO0yk2u93KX2TNWZvNnHVgPUfc g/2Oh7JPOj0tMYzcy5q2RWum69L4Hdz2e5qFCw9z/IxuDv56fAZL3YGCuiKb2aIltw/yvpmoLjFr4V 6RCA9d9aV/rheX/57psfC3DM/klQLzpLbaWSruccnP3rqR9Yva9sdJqoVq89ryFSIy22MlImVtfZ7U V2//v+Zualed3eN8E7W66XEz5Xqm7lgwxeTN/tInxs+vsZbnze+rZj/lcWPT2mrDqSfjVAU7OMxbmD SKRU89ip8QE6tRGrlg/qnWXx0XAQ== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 60BA614000C X-Stat-Signature: wwhfmgf8ifg37rwk9ze7y1ykc4r5xnps X-HE-Tag: 1724609208-386059 X-HE-Meta: U2FsdGVkX18ceHjuIbT/k7FtlI6IFvEuCcLrn0f81mrN9obv/ey/s+b4s/V31WVymfdU8X8MrazKPX4uBldcAevRGv3MhINZpD2wqqca98gNJBvuzvlCJTwSWyoIKK4Ksf08JtNx22fA+LmOGFn4PIcZY5SSzx5UPz9I4nnoGd/ya6Xjcly9A00BczJZefuS2BgpRFsxTDagbrO1DxvGm8mlLTN+qhkpgdg3wX12Rv/XX34sgn/YqnLglDEhITmJSKxpDEmRrQgaDuystFlUvnrYRXEr5Hl/JT03j2tBKV+bpdsFR1xgXEAQ4zFLiIIOLpiunNKTr32dzmX3/MvvEof8koJAJcW+X4ePyULa9jdQYDcKfTaULN7ZGE0v47Z8vcqLncIeab4KKx+ZSUCe0GXKYm/xBenW5YDTr0pKNRyC0HpHqxouYHNg67MzPN4BzQjqDotohg8MqQpGT/9BfSMRLZ3+ysb0D8zQZeCvalAxltGeHzJa2c5uZ4dLXh9h/EDQ/xGq1XAPwNywxj7aZvVE+NvpzTAMJ2ibWkhLwqPOv6aeA1nCRYnS0RKQeTdqE4zDxpc07lTRy5c4sWp+lFieyHAmHMqtijo8hMJSsIK2ruRYwkGxjbJD8T653WKTx473JWZL8g2aIjolj3TEr9x7YKtZxCH/BOAouk4c51BUEnOncGaVY8nI7IG/TBPE0YdKVW1G6H0SFnXyiVVIIH32Wu7/Zg3dJ5O0b5VWd8SDMKCoV84EvYUa2rDTdSLX7q0XeyPFTAOTxbq5NajcPDjLQnYcPQrz/MsKDuQAkrBRFp72m7MxKUoiXiuTnct0F4feya5Ao9oEZwaX7Xlvq2N9608Ou8PSEuDOqXqTfFy7yk9/7vfM4/n04neLNK/30xXE/1kIXEDHSegAMw3nV+3M25UMEJmE/fA3L090xdlm1MPgsWvb8wVZ40zcwZJEbCg+qMbv08OtymoRctm zY6kMISg 4sWnxfQIP5+7X8hLnifFFZJKqL2ufz3gAHk1cq5E4S5v2HRES3bRseiRrWobvv4wEex6X3C3dsfAEZYYi8THZ1/bEPZQM7ayXaipqT8n0xhHUwz8XoZpSlS4L6Nw6RZ//GRYdg26sTXJoJuLn80CcwwEBzYhG3It8TS3q7xqqYvTmBqRvTQd+x0STdoRzPUiav++gDAklFXwE8Avg4oGUj7DfTeATRdAlOIxHKRMnT40aj/yKhoU3Opzlen1RKdJbhOVlfiYG/lkf9+eMZxMFNxs29hZyNfi5CjViS94qRwDf8FhSjXW2vxAjwCyZG/Sf5dw8EaZ6zI/RkMwLZYjkG+ReVlk2wStlkiCDj//gOo0VuUSD+j5OOxc9bcDlwebIKy8xMHRKseUEESaie4i+f0AuptndhAG9TLK3LXu8aLFk9/E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a hwcap to enable userspace to detect support for GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 2 ++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 8 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 448c1664879b..cf87be078f33 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -365,6 +365,8 @@ HWCAP2_SME_SF8DP2 HWCAP2_SME_SF8DP4 Functionality implied by ID_AA64SMFR0_EL1.SF8DP4 == 0b1. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 4edd3b61df11..fd7e162e7e39 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -157,6 +157,7 @@ #define KERNEL_HWCAP_SME_SF8FMA __khwcap2_feature(SME_SF8FMA) #define KERNEL_HWCAP_SME_SF8DP4 __khwcap2_feature(SME_SF8DP4) #define KERNEL_HWCAP_SME_SF8DP2 __khwcap2_feature(SME_SF8DP2) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 285610e626f5..328fb7843e2f 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -122,5 +122,6 @@ #define HWCAP2_SME_SF8FMA (1UL << 60) #define HWCAP2_SME_SF8DP4 (1UL << 61) #define HWCAP2_SME_SF8DP2 (1UL << 62) +#define HWCAP2_GCS (1UL << 63) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 315bd7be1106..e3e8290a4447 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2994,6 +2994,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 09eeaa24d456..2f539e3101ee 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -143,6 +143,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SME_SF8FMA] = "smesf8fma", [KERNEL_HWCAP_SME_SF8DP4] = "smesf8dp4", [KERNEL_HWCAP_SME_SF8DP2] = "smesf8dp2", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Thu Aug 22 01:15:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42C56C5472C for ; Sun, 25 Aug 2024 18:06:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D5D288D001A; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CFDC68D0018; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A2448D0016; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 6D4C48D0018 for ; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 1661680835 for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) X-FDA: 82491548580.27.523D54F Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf30.hostedemail.com (Postfix) with ESMTP id 5442280004 for ; Sun, 25 Aug 2024 18:06:48 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Pbtd03YP; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609145; a=rsa-sha256; cv=none; b=m8KoUpmpQhHTqHmLKAdqXVkotgt/5vqmr5Hc3llvvjMSZb01P2QKDYjukZlobvVjIoEZb2 KXP9SBxPn4vkHzI45BupCnVz+AfH26vIcdt/XX3X6kW9p4TS9byNWTwvf2e7Yr4TtuzOXq Oow8c+Yw3TITK6aiinaKrCkj1tx/G+g= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Pbtd03YP; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609145; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aCcddeKQgbpVCZ8gdJeklAiNqjTPhcrj/cmJQo+qFOI=; b=KshMy7biRwv0Fae1IR7h3SJIepZkjWtBpRuzmAr/gtMJVOz/dhVL8O5Ja/0IJfeWC+3DrR /BFY4CVcq6uYEkHyshTuYPDeW/pucevAB6+JUCsLNZF9bwWaJEE6Zt8aditq4WYFHk8oLx Y3sj531GPNgLxY3kyjbYY1JdiVI93IY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 8A374A4210D; Thu, 22 Aug 2024 01:19:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D83A7C32781; Thu, 22 Aug 2024 01:19:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289584; bh=e44VTA4PnVMnteUpPeHLUcAac2ATi0WZ4XE1rzWONBc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Pbtd03YPcs1kyLM4sBb0xDIyW2yq92U7tOZQ9fabgPGYa3s5xtQ6I40erqzcf22XJ xYieHlP7yB2U+mdBvsSaUnso5fxL7sMS6IO48Y0VLjNX6Sss+pouZus1XoYl/MIe1N dDl+uUaI0X21QWpoSgzYX03wdx20X+DEWCXRDn+7qj+Nfp3F8ftHUzSm3Yxs6QlIVR bo8sKzPlkxyZgmDFhB1Mx94j9gcgXuqr2ZU3+ReGVUBwaQr/O9DFV8onQN/RbRwm5O zdfw341jowqrUFuoeB13x34D0kZfRIndMSQgxUIIgGlfWcsegzcg8AsaMrSEhr5vnX uT6y0Hm5E4OOA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:21 +0100 Subject: [PATCH v11 18/39] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-18-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6092; i=broonie@kernel.org; h=from:subject:message-id; bh=e44VTA4PnVMnteUpPeHLUcAac2ATi0WZ4XE1rzWONBc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpExKYuMVBeBz23oWOsSU1k9OAWwiLzazhRA1qWu Bx+hqyKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRMQAKCRAk1otyXVSH0NmsB/ 9EjPsQ/EeMfFBiLaIOkUOjhs28bhufGcXkuzr7C+Wbxopk+/XOgczp4HeDvZTP36PelXAY0aXHqMX1 5ydSxbyO+L1JPycTk0EClSE3uP6kIfLGkterYUUQAbOvueBiyayr6eNZjwqze4yUpl/upmbnyga6p4 x8DSnhLLsxeLKXkSfN7mCnagujT55MkIKpGbmlmcgkj0FVJpEz2cEaTBxaQk9RhBINzcBAGXUULwtV LIWb58IVPo0B+BX6en+13U18Fb7pxhovGl8MbndGIeewt3ZQcP2Yc7yQwf9CoZDJ6LP6/nqI34sxBz GBWmbU2MJqvPm5CiPuxTItmSUk4+FC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 5442280004 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: oa37um59x1dr97h84tqwwesfauuyn6hn X-HE-Tag: 1724609208-289116 X-HE-Meta: U2FsdGVkX18Q0zCZaDbmwW0S1j6i6NiKIycIEkPzwzMFAgOdWw0VtL3kqlaWe+1NC8V+H206J5HTDuIsyP2TecfD4ZH0/y+2M4tNRMOulgOaRyx9+0RNJpIMcnh4mxncrNJRSzKC59srnVlLijZnOiQW/6FOd3i0jnIoA2ZLC3wprX34aAAUQEUmgVLrUDpmcwarfdxU1AL4tbycp8Pd/6apxfk7ryDfU9w9IYomaY4xQg0y7TmJ68l834zGI4Qp3CchzPR8SksGSalds/BwmexsbF7LL+Tk9Xp8xbII4NW1QbTZarKe1PgzfajBWJ661y4oaOwAzGkvrKX5UqutixbEmFVklFmn3LKl+5HJM60Mn4XExBn1xUAr8idxFmtGKDFjTTL98mQnhop6nn2RCZoVUPFax8BtT2+9bj2DK+Ag42CXGg7JLDK4pYP6orsUFzLb4Sgq2s7Fm9RoQz2iHspLFr+HilZ7JiToTmb9ztK873o09uNJGMfQHtnHA9KJf5cwMvu/4fMMc8ogIStQNZWBDbL3Lrj7i3OIs0L8KyZY/JI83frNLZBZRIBZ+ZOiONWY133GyK8mipGf2QZQzCijOqBubSrP6B2g2q8mFtA1+hqCwsGnBuPmlXLHcltpo6r1LGJiAfRUMwAkvpQydNYjNgpI9JzLRPRJbZdyzUciZjR/ek9hG4V9z8kPF9FZa0ST3zoyVvooRRwvLBtdo1P/Wfk9LecnU7OmyDbwZsbMvHtan4LoCD3r8M+BqAhqHfWvfSpUcFl/VwskaxjSzn/7mx0Q/1VDn5Bn1zbTqKuvNeb0TsAI/8EaYlvAcHpZS/K+5pdB2LU/TQ24k20IkWNr5fr15X3VKZPpjtyK0iiMRIjUGQqY+ZeUVIjb3/1f82iT5U+DMJLdT8eOjbaSq7RsK6jqI26/E7K1DZrC2u00Caa8j0ViiW2/fRsOLO/aQz9za2bPbsLKT5tHZii KYkXyjK9 B7hH3l4jbwJHIyNUCrO5Kma27Z6DCqH+8EtXjEw5byROHsvfu8stfMfrvHEx0sMO9nNU1jnoZfSo9Y9BZcMvCgAarbrDqZZZ8XRdRbHHbv/Tu6vX6Vvi1XzG1IV/6a4qTLBepK0ELy/6m1Gy1CZlah8ndWKj9MA4ItmW9xxqZ6fG2kiyKNkAUirSnTI6kf5EqkSgcKCqID/8wVOJtsaEjoF/WbytOQ8pTSM9OJR7kz9l8LIuWrWpOG+RlRJ/wKWHJ+hbncyGTHhbhQbpIY4M83DkKYnbRP5jDVI7EEJrV4E1Fxp57/got1p/IayxUfq/nAs6DxpjOjcnvVVcLNn4SjiqVXvlrcbc6MT3Fp+E87AyS0oYl9xmk9AU3G95yJ8RSUNPGYKWD5b5gU+VA2kr1Aw+RH6ofNs88fTM+8MOkm896PPg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index 56c148890daf..0c231adf3867 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -385,6 +386,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index f296662590c7..674518464718 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index b77a15955f28..54f2d16d82f4 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -463,6 +463,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -505,6 +514,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -684,6 +696,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -766,6 +786,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 9e22683aa921..d410dcc12ed8 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -838,6 +848,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Thu Aug 22 01:15:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776852 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BF9CC5321E for ; Sun, 25 Aug 2024 18:06:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 12C168D0018; Sun, 25 Aug 2024 14:06:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0A9D68D001B; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A665B8D001B; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6FC998D0019 for ; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1A56C1407FF for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) X-FDA: 82491548580.24.3A1DAE5 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf29.hostedemail.com (Postfix) with ESMTP id 58D7A12000A for ; Sun, 25 Aug 2024 18:06:48 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SKAPNy3r; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609095; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1zhSjceydU0lZvoQ55BhA1CSLcr+UutwwGTWuNFjHhY=; b=5V9zId9In1gSYXBhcc35gcadXKZziGjEM1CxG1mbdUGiyvH1PKETLRpNr9vO8DbjaVNW89 vtK/93D7iGLpGxL4X9vbIwIa2mxQaqPJ0WRhioj/uYMvfdrREqlfWTQvPqZdS05RFVHweo pmr7yBLrLRmCW8vurwd5bijf+aSWVIU= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=SKAPNy3r; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609095; a=rsa-sha256; cv=none; b=hwTrfxwU6v29O+rZms51v5fbp/UiAfURG68dJ0ogyJd9GepOI/CTWRIUm8NEkFkIOCJn3F GyAD9jpqQwjQkttFhoSzhsqQOrzoHJyzG5ghrQET2fjC4206T6eVxPYn+wK/3eSC3MsZGS lVSUATZHs8fPHtpprFiSfiyuEFmhL2Y= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 8F6AAA4210F; Thu, 22 Aug 2024 01:19:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0594FC32781; Thu, 22 Aug 2024 01:19:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289596; bh=is2zgCRaR9rKZObHv5ljdEWRzYPoLx4wqWI+Auj5mNM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SKAPNy3rZqeWeOli+lFlVF+9Ltr6/Ptv46pvxt2SvY7N2+CL2Wsfw0kIYURI3MlWO h6ysmRaeEAz0QZaCLfVIEmy7IVq33c5/7zbnlkh3OHBsMhIBBXbGqIUDyWK61HNufB Pxe2zBJPGd6Jpr0TSEaC7Yy0QBLrATRNE22pDDxydTUY5wpRR4PDsFahkUr6euYtsY gy8Z0mv6ik1ATXuMU5+b0/vNqexzketHKOcKvai55sRSYu0PUBIoZf4P3xBnImyAT/ SS546dZuFYXDITKRB0eTCwf8NG6LwgZ8IYnTxsv6V4OIEZBRJA6wC8GzDcI1IVvc7J b7U4dzeu9d9TQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:22 +0100 Subject: [PATCH v11 19/39] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-19-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3630; i=broonie@kernel.org; h=from:subject:message-id; bh=is2zgCRaR9rKZObHv5ljdEWRzYPoLx4wqWI+Auj5mNM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEy7glYh5KZh88eOmHhzQChA3uW5DjxuojHjDOM f7/CBWOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRMgAKCRAk1otyXVSH0BuQB/ 0VJlVzYf3tUrImZPBIFuEnpfaDF1wEv+1OaLwNM/WrMeioCAmQIx9ArEHaxWsU7S7F5s35RqrOaIue hnN1Me447fn9MfXIwJQOlrXluKT1yGT9eSMeQY4JFwMDDkHWeE6ZGfxho4NJUNUQY39AEyHRtx2PbY 8bLiwr9HkEhKIdeBH/E0jrg4mdutWTPYKWe3LdVOhqfzS5eCsZi0Budp7G4Jj9hCDmo4reIOYoXtLX hhRqX/hlSkbA6cNo4xUi9zwvEQ3kaDQL4aBBd8y9j59d7OQ41bZztuhKXt0FLMCfESuqXu+x2W8AP/ MPQfiDAvQjzPk9KyFgwnF29rmKqo++ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 58D7A12000A X-Stat-Signature: 9kmurs4rfr4zen3gzkmeupzgsc9f3wta X-Rspam-User: X-HE-Tag: 1724609208-842973 X-HE-Meta: U2FsdGVkX18h0MCmZ4/FO2ClB90FDU4yG1TuY5Y6b9qHrvX2BIfKbsuPc7cmCVodiWc/5hZS36nxxwr4pboIWSGmcMKgGsmKFEat5r6RJdMn8rfROZfsd6xZ58p5M2JOowM3rGEzlClGgLsASqF7UWUwHCBjVRbSgEYp/G6+DeqFAjltHoEWGgkfb8f07w1JpWsX06G7Tfh6LLx4Sza2hlEwDD7T/jFk7dvRlMkUTJIQiIh9PevyJ6FAojAahuljpXuh0andU7FlymLrnqjfI4PfKFPaLA7K1+0rYUKSALp5zvRFFb5V6Cwx5KWaz3j4Tl1rbERpZtF6MIQi8sYK55/g+yeuuyb77npcVrtvlQYYimult6PMQ9c4rg1jW1ZnoKTuKbOSO33PDvh7s8sD84FNEWpnXiGcUm3lyMRemMJLSZgJHPcB5Ir5tdX7R9iO1iN5VeQOn2EgE7hjB69j+NaVd5IBbf2QwY4XXUFOrRCQTxPhG5hECYhKFgMVrK8X6NewpoJVgVzjO4sDZcQzmeFq7ntAoPtIFyqyDL6w2/QiKSqR0vUxRzEomcGNZAS21M1ValdnY/S6PqzIp9RzDsL+yVXaxRM7kAs4qL740q2F6Y109XRs5/xj0G9dVXW7vyiqhkzwaGJ+1ucdB6WhYOK4VCLimMTPh6lFpyLiM0mCcLbe3kBl287raoJnE/dMgcYuiiHq7GL/jQQ9ltaHgkRSV8aqCjhWi6kLBoxHG0KwXvGJnmLobWB6oIfJ37Pq9YvWqgit7OBMsgYU03+SZQGtWQXwgDxFU3zz3pjfPdWbJA35q6V4Hn/2Gq5u5PXxRArwQc366uIs6kTS6QdGTl4TXxPkLZmW8ecfIjKVkFXBPO8TPj3QI5CZKPBQXDOgoLI6pL9f5ROVuw5NhC/azJkHE8vN4GCS36/OPTL5b7W5TFssQFtUWy2uoxHbtr3jrd333wJCy+sszopW0BE uymVLtSE jbdcmZiz/hA385BoLYKKIL7PyAL9Wkdat81n7QX8bY1G4GC71BdIaQszswagc+sHGlq9mD8R60eeFzASZPItZDmTB9mClFc4dIydFKT/WXvF3JyVfm+2S6ad8KuuVr7xmzIwSxVtxSnaWVaidTPBYUFLSHTHeT7OengXoG3dx+YrIywSkV1fZcztL72CK0Wwa4WWLOxS1+htbeq33KDY8EIIb0NNSyZX+H162blPEyOHEbSdyplJH2snDaohZGOM4IbP3/cQaCH31NkHSCo6QEjJbN5dWNN25/a7bsZ/epuIMKNTmQ/cQrttUSlhfDtuxh07nvDfYAfuzNZz+aDUfnGlhZBBDqQRlmOweerIdYh3+9KbdJfl7wrBZfwfY7OU+NnUi4KWvN/dqpTBtduU6PZQEuCGcHWJ0N0JdERFd/o05p9I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 451ba7cbd5ad..3ada31c2ac12 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -486,6 +486,14 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + static bool is_el0_instruction_abort(unsigned long esr) { return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; @@ -500,6 +508,23 @@ static bool is_write_abort(unsigned long esr) return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); } +static bool is_invalid_gcs_access(struct vm_area_struct *vma, u64 esr) +{ + if (!system_supports_gcs()) + return false; + + if (unlikely(is_gcs_fault(esr))) { + /* GCS accesses must be performed on a GCS page */ + if (!(vma->vm_flags & VM_SHADOW_STACK)) + return true; + } else if (unlikely(vma->vm_flags & VM_SHADOW_STACK)) { + /* Only GCS operations can write to a GCS page */ + return is_write_abort(esr); + } + + return false; +} + static int __kprobes do_page_fault(unsigned long far, unsigned long esr, struct pt_regs *regs) { @@ -535,6 +560,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* It was exec fault */ vm_flags = VM_EXEC; mm_flags |= FAULT_FLAG_INSTRUCTION; + } else if (is_gcs_fault(esr)) { + /* + * The GCS permission on a page implies both read and + * write so always handle any GCS fault as a write fault, + * we need to trigger CoW even for GCS reads. + */ + vm_flags = VM_WRITE; + mm_flags |= FAULT_FLAG_WRITE; } else if (is_write_abort(esr)) { /* It was write fault */ vm_flags = VM_WRITE; @@ -568,6 +601,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + if (is_invalid_gcs_access(vma, esr)) { + vma_end_read(vma); + fault = 0; + si_code = SEGV_ACCERR; + goto bad_area; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); fault = 0; From patchwork Thu Aug 22 01:15:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776850 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C6A6C5320E for ; Sun, 25 Aug 2024 18:06:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A75958D0019; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F1A68D0018; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8279C8D001B; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 62F8E8D0016 for ; Sun, 25 Aug 2024 14:06:50 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 05CFBA07E5 for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) X-FDA: 82491548580.02.5FA846F Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf27.hostedemail.com (Postfix) with ESMTP id 4E04B40007 for ; Sun, 25 Aug 2024 18:06:48 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=spIIBu4G; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609113; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aoTcPxl0VwQ++6GXGbVHutXxCUza0K7v10lQpUDcA4I=; b=tVMiZ8afWrxCbGsGbcn4qyZxTrbwueJVnwqctpWiQZk9iOsUue+aritWjZpaTfmkL/0Ajf W6NgX1jA4i2RNTFDThaMeBwtYGcHqmsUQS+WBMX43OQrwD/FQSdOqfjj3y8BZsD4N/UE9J ihE9352+6c1wuptXu79dLZlD3EuKM1k= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609113; a=rsa-sha256; cv=none; b=K4uPhFk4QOTrQS0qJ2nQrTeSxmh7SvzRUQebta0s/tRk29SosiX3FLHZdf/n56R2ScAKDl MAd6U5TfRGnh5XjtJ+JX1E3mpUfujlSxKKUQSDVaIVOAvnxlVMeWBcFf7HziHmYrn83J8J PZ2vTDfuaoEixhM8uJm+yi6/uDM/fiI= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=spIIBu4G; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id C83AEA42111; Thu, 22 Aug 2024 01:20:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 81CF3C4AF09; Thu, 22 Aug 2024 01:19:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289608; bh=ahP+LTv7b4XthpsSBycFF0WuUJionb06ERHs9uQMqB0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=spIIBu4GeSPYVLSchl3Yy+CPSYnnh/AGFV9P30yga1/EwkCOvuGXE/lRU3Idarzsn ldpc9kbY/fYBlkZX7edjPkGY7Wut4tpr1xmRr2QHhF6vMuMsBx49HqGxCRcnyuFpJr xpKbjEu6xpDic42aTtPKuWCVXYuQ/imk5MYCoNpwGVTojGqYBblO25LMxJ6piXmY3i aRLW3AUUhzIk2g3XoXc9ZWzXwRdEhvEsj8G+43a5VVh8biGOzNzX8ts4jdM58xBKWL BPt9Q6X3ZPeiLSOjDYB34uin93NvXR43LI7WIjSwkWqIjCfX+ZtJiV5fQFmONqAUi3 i3rXPWmu/5lnA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:23 +0100 Subject: [PATCH v11 20/39] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-20-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6696; i=broonie@kernel.org; h=from:subject:message-id; bh=ahP+LTv7b4XthpsSBycFF0WuUJionb06ERHs9uQMqB0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpEzoEVzAmKLLFWRLpMs9clmoSlI6B8aerT4lEDr HEQHpGOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRMwAKCRAk1otyXVSH0N89B/ wKEtFu6hbp0q1zALn5n+QKZjuVKSfBNrqE0RrWOFE8Z94hdCTI+y//U6UsFa4TiqxX4xr+l4twYbOM //DvZO4MQzswfdnT0o8G15wME25L/bOuhxVXEE7PjS3mTXqq74+2piWjX79jTaWHSTB0TbhjzVWkny S37hqjsYYpPRYxQCd+oE2zZRfto8VOhPQHhaoKo3TjL+H0tph2KAdYrFWXwV/dCVOeDaceRy8dgwxs zZoDabYZ6FEQqOWecUbQrAPkPXIpztAdOFFZW5wCQa4I7XMN54YRtPAiKyHAHCC/0ExuzI6eSO03/y waC60FONbYCCPGLAkhiTufm08+rOWq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 4E04B40007 X-Stat-Signature: ex8ubqgiwanz83r8f8j9tzqqo7pn86dt X-Rspam-User: X-HE-Tag: 1724609208-215515 X-HE-Meta: U2FsdGVkX19pQ9OYz4UQXJBuLWkf18JF+RzlfmpW2ht7SpY088JNfIf39sarqIrmNrn/izGHwq1xYsID3ZCSuPprxxQNZ7/5Rs06KvBinWCLAWiMG7vQVuqE1E7t9O5rZmY8yldw1zO04ee+jreGrPAQ6QQ53O/nY1u0zvfQVrk2dBevyJWGEaw3hHStUyTAfJ/yMPnd1ay2tFR1P9fEH1i2uLfNISJgD3pkTfYNYzSo61u6Y/IUWuQf0pFZBcYJ+q2sXndlEBCwMSozj3nRa3cyPmvFuJW0h2WKYa1QkhIYP4AZ99V2XMyDTYzVP+qmkVNlT/U66l+ADlrnwixUjx7D0Up3Z6musjO4kHKoH7lQZexeIMp1prQojKKdlA1xG9NlhOFHrFs1iYiAkNZRJ0puzhDJTL7e8asWpr3UP0Jb6OZZRs2PV6JtksHPiLzzyVmnkbg+neA8K6zlaaCzRehKGi2lTkBTjbCZeXlIYgKgLGys9eNZWz41MSTPSoOGYCkQ9Pt5IRCR0bWTMcZdvVYfBCvCSuP/MDfOWJyvqabvVMgF4hkcOo3VBzG/1Dis/5O+xicIx25HP0L+GKkjJ7ih2Ze+lZIgBOo7iJo5a6IgR8upiEqVy+HGIm+HgnpZxz7MF3ODb6zZiJ9g9bHxDtMSy5lALDxWrEJPQZKcszpol+9nDB8o9FvRhjnQPeyxoB+gRYn0rOEmqE9M8gqSJrN5Xz6cJDGRDFL+3V/5scSgLMy5bAOJk/mCkRtgYyHlrdGFzNz4BPIUCva0kwU8XIRxU6h46Onjhl2tdrzhAGXyYdr8S1A9lEQS+1HYQVew7j1Od3lnwlbDFrlU72DaCc/nqnyBy1dY58QzpbCYNkMsg+VRpjyJ9YOQhjM2Kn/iOx5/1cGKwqe3/aw++idpOwOFrBoVauN+hfGGROYbUoJ5DmQwUTPfnYVJaMId0GY+QRzYQCA9ghWHUh9uoSi dFpu7Hjl Tz2FYU2VC9eytusrB7RH2JcKh6PdUv9o3reqz9Fj+f0164A3JLB21PNMXfnTFqjcKkxUxNI7pD5lFXKYCglZYFqRgvcwosXmZ6VMm/Qw1KagY6HC73Z847LM7nkmWt1T5mO59AWADpeU3n5wmQZK6flT7XwcsblmnN3B2opAHGlXhvWfqg6X4khcnTtbQlv+xce8CEbxPeYDUkJIn5ejDnwsf2c4AE74Go7Y64//gumWjxQP79GeCyJ14hjEWWQKNmc/mhWp2bI4z4C2tFUQmns4szmpK4YmY5H28p+tgjFntEuisjCE6GJhT0WNxWCI8c33P47lIwfMc1PThWIpBC4fhJr/LjBabxQz5LGkvZvFUdnQbSeubnN8crHLoSBAQaOevTH7I8pSu/p95FYaj0yH1pQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 ++++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index f77371232d8c..c55e3600604a 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -184,6 +184,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 4ae31b7af6c3..a4fd25585801 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,32 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -471,6 +492,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + /* GCSPR_EL0 is always readable */ + gcs_preserve_current_state(); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + if (current->thread.gcs_el0_mode != next->thread.gcs_el0_mode) + gcs_set_el0_mode(next); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -530,6 +585,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index 60454256945b..1a7b3a2f21e6 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -11,6 +11,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Thu Aug 22 01:15:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772324 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16A8AC52D6F for ; Thu, 22 Aug 2024 01:20:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9BA0A6B01F2; Wed, 21 Aug 2024 21:20:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9436D6B01F3; Wed, 21 Aug 2024 21:20:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E4636B01F5; Wed, 21 Aug 2024 21:20:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 5D3526B01F2 for ; Wed, 21 Aug 2024 21:20:23 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 19AE7A7ED5 for ; Thu, 22 Aug 2024 01:20:23 +0000 (UTC) X-FDA: 82478125926.08.9768A34 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 3B44F40003 for ; Thu, 22 Aug 2024 01:20:21 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nwCz74RQ; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289540; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iagVRYloCKIO0s2YwTVqShvpKyhoVqU0Akb7gWmT8wc=; b=uEefkXi3uO4MbsofkTgInoGgLZsG65MDj6iDrNvs0AwJjGo0m/RCyWMYb1QDyFL7/beuND X+Y1bwSzXmndASWRkWtEqwEkZy9I+SW/xLTp6gyaIo/dOSZLIYG4MEwUA3BnIle+j9+lif aVqeiSQ4usPdZe6PpqbnA3lm6K/wNcE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289540; a=rsa-sha256; cv=none; b=Ml28nNfMTYsgCeJ4sJ6wKjxcnVnL78yu76j+atp+1VxEd+yjlETK4xqw3ZkTZuOQ9ed8r/ Gr+TZv9uNmJgUzRPbx6bZb1/cTlQSzgjBQoVei/p6bt1uUU1LNuRMlUvQXvKjrex2cKzRm Tpb1cw+wAOv7ZdgZ0fPW0wcmkxxLPMg= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nwCz74RQ; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 83FC160FE8; Thu, 22 Aug 2024 01:20:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD8C0C4AF0E; Thu, 22 Aug 2024 01:20:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289620; bh=RTGexDthYFr44xiqo+HLLY4BIMEvafRxD0gCV0rtMNw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nwCz74RQhv+6TSyNSnHLKjoCcoQq/n5I2qJ7ODUhcMUDknH3RoZx3+U53CZh4omCs pHlpjBu0mzP233pTtuA7VB8xr3tC1F27PU41ouRkj4j0YILmrAQYhvH+IQ/AIpiLWd yCrmS9Z173ji2C5qYBJAbIhFopDTAuft2OsfOTmMii4czZZwqSaGbyPc8M86YuV6GQ 8zg+wDQ3uvJZln9CEmmGwImupKGRxJGVCoDdmoejHCvGFxEaPzFSJN8e5UW4uQDQ6M Q/AtHRm8I3sty4ur4tY0HyZY3/wRv+xMvj5eiMth+Cly3U10CUC4hdrs5gCG4ApZzr IuTJr0ojQEVZQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:24 +0100 Subject: [PATCH v11 21/39] arm64/gcs: Ensure that new threads have a GCS MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-21-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7114; i=broonie@kernel.org; h=from:subject:message-id; bh=RTGexDthYFr44xiqo+HLLY4BIMEvafRxD0gCV0rtMNw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE0o1U0PhWyG7IJgmly5/ucjchbqyop+pwJgqc7 4cSP+qqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRNAAKCRAk1otyXVSH0GMWB/ 9WICAq2SrwWqJTnYUuIjxl/qBe8At86oZHK+3XOdhOpLoKTmzyB8P3xYichKFWIDihs88bgvPdnzb/ FfVvXD4FUGaGPV2TvCx00aqavPExQC0TyVx2NX7eifWDcXNffy+PKHhZR7gC6bc8c9WqM0ugq9u9pO e0JljMz8HcjhiWnbNeiljOkYMmgOctlrBw3Jh0Shk2Jj4VvqD4oT3op9HIjbs5SVQkywjJN/Pw9YlJ HNCNVkWSzCREK3hYPv+QHMwbDWiN6dd2sfNJikCFMXzNeOB8VThNEaFYv8+d1jvmHBjn3muzY9RNzF MkKF+6jecDOjzR0lPpZOf1Su28jYgF X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ruiqa97o9grc3echjtixr7qeggonr1m4 X-Rspamd-Queue-Id: 3B44F40003 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1724289621-247492 X-HE-Meta: U2FsdGVkX1/jtq/QFlTSI/CH0FlTHHCcx0/HngwFtkBvaiIkn5X1bCh+hVGRSpbItX/AeJFvEKUeQji3EsAgfXcqx5bEuhLj+PH5z0JOL0GeQk3n1/4KbT6m+M/FD/LTKUKYL6nT+I+OQuTm9Tif8aK7ctjyyO9rTqQpvbm4COBm39z/l1Rlp3SO1QRBUMKFPvXVMeFfGBuf3WXQib1dxxNmcu2pETblnF0Z8p77mfFEDQnI/JqBuK2vJvnVZ65z/YSYsHUjkwwOYgpxy/H3mvURzpPCinYGuC7h+i529RZZFokvZGN3D6gJDQ4vAGZUyr4jZ49xhzMYKTBf2JASd9TZ7rT8UUUDO0/t3pGqOnqXRC+4k+FnSSVLt9Gscr5J9WlZtOs5xweS+nKQypKCXo1h1MFUcQ0NeXCcJwhisdDnw2RN4kifjR/XCZASSWYP6CGxGrUtaO3VjSyeVF619rD7nc2XbvHNsyCIc7zwHWqmye3i/+PudTIPmo7462kBMZxfnYbjmh16eX65Hsu6O3teoERIAtvg9bD3SU68rspEe0aZi5h0gWT6pl5ev6OecZWAlxv9jvZRsXpvBxYuH7Bd4FiMls8iJOLDznou/Ql4yMmlbvusIXM7KZ0LE8CKf7YJ4y2bitJyTif2KVt3T9oXUuev76UesuBuTAez1AXBAV58Ch8v4E1NtJ5fxaR0zuOrH8RFsuhO0Q0IvCXRaLnAw+GNZ3d8Ik9LHsihKXyQh0C7Yutzu5jynEkXNoaZQSZuCUQAvCotXCzY4H+jyY2fZh27n1ICL4njjM/fVjNHzJDfgdhLtQSFw9kSpmXKRM1WwEYCIuQDP6vKUXsrRo0U6WqVC9Kwd0p6jEfhK2iDTDW/HZa3jYtR+Oe0gyRhzDQoLJ1M8fPlmli4l24ykFr/G6rRa8j2KfrwNXcxN4Ptn1RGeY3lOiRKlYemxys3mKOPBpvnNIVGABuiun1 z5w1lO5B kyHHkWXjpZRzolUrke3ohGO94F5UVvWJgIAEUT8qlmlLiQvN31Z/ml4RDaBJbjJ/M2m3BLbF3M7W7WhuSYnkXtBR3wfLnyEs/diU9MZMy6P+GPRsNfr1PA+kyOEi1sXwjXoSTNGx+X6awRctUH+oezxDXmHs3CTX7DccLbSnKhWnJ70WRhrPyBiOdmd4NSqWCpIJ7MMjZF8I/kygKC5bN2DVOZN4U6Oo1heFZHG39M+5HS6OPaCFNecqeIxT6nv9LjoNoZhyZwWBchycdiVtbfux1MXzIBg9EJvreon88kqYwZViDXK9SYWZ4cJ3hTAxFd8iXKfpdnfocJEQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack. Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. GCSs allocated via this mechanism will be freed when the thread exits. Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- arch/arm64/include/asm/gcs.h | 9 ++++++ arch/arm64/kernel/process.c | 38 ++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 69 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..c1f274fdb9c0 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct kernel_clone_args; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); @@ -58,6 +60,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); #else @@ -69,6 +73,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index a4fd25585801..de59aa16919c 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -285,9 +285,29 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + unsigned long gcs; + + gcs = gcs_alloc_thread_stack(p, args); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + p->thread.gcs_el0_mode = current->thread.gcs_el0_mode; + p->thread.gcs_el0_locked = current->thread.gcs_el0_locked; + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + return 0; +} #endif @@ -303,6 +323,7 @@ void flush_thread(void) void arch_release_task_struct(struct task_struct *tsk) { fpsimd_release_task(tsk); + gcs_free(tsk); } int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) @@ -366,6 +387,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -407,6 +429,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, args); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy @@ -512,10 +538,16 @@ static void gcs_thread_switch(struct task_struct *next) gcs_set_el0_mode(next); /* - * Ensure that GCS changes are observable by/from other PEs in - * case of migration. + * Ensure that GCS memory effects of the 'prev' thread are + * ordered before other memory accesses with release semantics + * (or preceded by a DMB) on the current PE. In addition, any + * memory accesses with acquire semantics (or succeeded by a + * DMB) are ordered before GCS memory effects of the 'next' + * thread. This will ensure that the GCS memory effects are + * visible to other PEs in case of migration. */ - gcsb_dsync(); + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); } #else diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..adedbfc062f3 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -5,9 +5,68 @@ #include #include +#include #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + unsigned long addr, size; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((args->flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) { + tsk->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + return 0; + } + + size = args->stack_size; + + size = gcs_size(size); + addr = alloc_gcs(0, size); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. @@ -30,6 +89,16 @@ void gcs_set_el0_mode(struct task_struct *task) void gcs_free(struct task_struct *task) { + + /* + * When fork() with CLONE_VM fails, the child (tsk) already + * has a GCS allocated, and exit_thread() calls this function + * to free it. In this case the parent (current) and the + * child share the same mm struct. + */ + if (!task->mm || task->mm != current->mm) + return; + if (task->thread.gcs_base) vm_munmap(task->thread.gcs_base, task->thread.gcs_size); From patchwork Thu Aug 22 01:15:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87897C52D7C for ; Thu, 22 Aug 2024 01:20:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1558D6B01FC; Wed, 21 Aug 2024 21:20:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0E0486B01FE; Wed, 21 Aug 2024 21:20:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E9B456B01FF; Wed, 21 Aug 2024 21:20:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id C7E156B01FC for ; Wed, 21 Aug 2024 21:20:35 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 82885A043A for ; Thu, 22 Aug 2024 01:20:35 +0000 (UTC) X-FDA: 82478126430.17.5F5DD55 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf07.hostedemail.com (Postfix) with ESMTP id B48F140004 for ; Thu, 22 Aug 2024 01:20:33 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LtYQ4Mzv; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289617; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=/ZuEb9ie1B6RsScOxsVJYhsqLZX8a38+e7QpbGEA2cs=; b=uhcAl6e9CK2PgJO8RzN5TcSVeT8+t+ldRh9+ZR75SjV0Dq3HvIN4gmeZp2dqrD3bhK2DoN ZZ/N+0iXjp6HTp25DKaz1vSDyJlArqa1SrnopVbLMDvd6wpCSw9gmPQ6zFbBfJKuS9cW/n ry6GgF+vo6FQ8XBo+nNIzmai77t0pT4= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=LtYQ4Mzv; spf=pass (imf07.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289617; a=rsa-sha256; cv=none; b=0PtylGPlr+HfbTSmXz54UNe4jY60ARNwsw2xPOiGodtxUgXehRlC22W4aUS1zhUOAUEYlC bdqtUS1PO57R/n6Wvx9xcm8HF8Cnz7TtO/YAlgaaM0MomoBXgCo3Tlgs5URTbTCGEc2YBU dVw3ZBrds4OOwQYNnXPl/SqFfuTuRjw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 0462B611B2; Thu, 22 Aug 2024 01:20:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1566C32781; Thu, 22 Aug 2024 01:20:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289632; bh=0cprVKRZfxjA9V5FSxRsk+fOOHAFFyHI5egIWUvhUKI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LtYQ4MzvgWAL1D/fEeWPkbdCzAINqXSkcNuZLkr4svtKTf246OKP9XwfWG5d9zXEa EVqqX3Z0EAPtl5YpggIneGGcRSLb7jQipor3GJRtlGzU312b67+DjbeUI848B+MeEg fIjFm2kDwgLujCBvgG8iDsGehqQHVDDDF5eWqaF2esBUCPgi1l0DWCWVeVJ8DUNkaY L0k/FxSeL9y0K3XeItZ7qXhXWqHUafJFf7C7npJyKGtxiwJylpJbY+LGiWuWDNTNCS nFpVhuuh5ihDAwE9YCsT24/RFFgrnbfKrqweicf4KwK4yzykeiwthgymrZ1ZY5rpu5 4r5UpswZXuxQw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:25 +0100 Subject: [PATCH v11 22/39] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-22-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=5738; i=broonie@kernel.org; h=from:subject:message-id; bh=0cprVKRZfxjA9V5FSxRsk+fOOHAFFyHI5egIWUvhUKI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE0roHpvuWoiHHzu8Aq9XUKPG+CoGPg9vimBExc ZYia5tiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRNAAKCRAk1otyXVSH0P0WB/ 9liKo3y/Fn6wG3jBOQY4yWH+eVsbiPUYQibfBLtr6M3/Fl4E1oGH4yek2vL1UekeOCVS4H4uFJMPdm 7OF8GbdguTZWklfT0cGO2VPjKIpQCgfvalpSNlzUO7XrqqAM/JhrGFyBPv9TtKu3wf+92usZ7XhEFz t5A1ZYnI454wxEYCIb2MtWJEmK7Dpl/E6UuS7j6OkzpPyWZcfnVF2OSYRe1Ya2kqUExSkl0k22XxPP hP8Kt3UDGZ3MbqeAw7dBaEQGi0rg50wES/k2lLObAV/4Zh0e11kfxX25W43fC1UXSSWBWooYPqGpFf M0JY0WG6vFs4mUsWKTuVywHPr+qR32 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 46fsudzt8awi6mh9jdnxb45f5sd6zbsh X-Rspamd-Queue-Id: B48F140004 X-Rspamd-Server: rspam11 X-HE-Tag: 1724289633-847180 X-HE-Meta: U2FsdGVkX1/fGARWiuxeTCVVGPVvbcVzXNHEevliorgDToQbbUTCCcgOI7m5OG5ey4iOGP0DBt6Mm6uhozGbYdGqKzdRtQrsJHievroNTfLfnZQQP/LTmyZZfG/HSeSbQ5jEj3dVLc+D3dier/lrY6VdLPdvBdmSitsY6FbE+s/sFY0khZQCTeovaEmaLLM14usDHIQhoNL9IZlLRpg0GtXPplN0iJqJK6Xm/bP8Vq/QUnnVEFsSeAA1h2iJ2OvatNn4B9yX8mTrOikwVCweCi1o3EGH8E6BKGsp2rPObUwbhjCS9s0Y7ejrMuXL5g/sYSo0IMYTa1gCc8KjVRTySEUDT7XxPKoDjFx0lN7b+E/cUEzutY+yRGZEL1hjTE54XQ1mKylOQekEAdAxpsM7CC7fJiAJM92iiudTK2Y2tYFWSsJz7l0DW0iDdw5fbXcj2jXLXFKrtjaWrwGEwe+dFslvDhLkebtKVMQGxyya0A1pz/cxlzmCgaCITn7h5ufsevggFzat1GYAuZlP2HkflIonhdKFZwI/7Gu5/RHTe5uIdv8LAyVAuhY08CHOoGw8/hqEzcQDcCRIypaQ3TOC7tXUoRsCKm97OoyRxDU/hTd8ZzW1sVZsLEp7X73hzB/AcBMg0q9HkpBYE0Fbc7A6CTuVn3xo/rUfV5QydUs5exTLRAK/hTO9pe0LYLncixD0s8zOMlN+lhsw8s+Vv8CPfFJ7j6Cz9LzwGsnGzXOL+aQBI5cri7YJX7Yms2cJYBdHLMuZ4OwBUDTHEoM4rMtzlIjX4Mcca/lKygA1BuzlSROnCS5oVQOTbcGW8lThLvhfdZdl/9GGL8a0UMa4D/PQ/8ZF5c9BtNwPNRWKYHVWrhulhNouqz/o68ngpBCrp87cN9Ysgm4nD7VH+qTKSVM/hTyf7DHuArM/Pdyh4UytZ+AggP0BcmlN1mmz8Lh3IIG8ol/quXEBwLv75HfVOIF vtSJ4Lla h7ME8AIDlmxIQM2TffogG5uemGhjJM/4BZQEPPVPWRqdoQ4bvIFQQIXr/R0x9OxLP1vxmPEajKbyf128rBF1uonNcSHZYBVg9JrRyQ4kncXu6kTzqO1QMclTaOnZ+akuVQONr8D8QR3b8v99pAgX7ydN0ZjmjJDDdddNmyx8WLzj3EPubNoK1Ng9+3jH16daXHMcbS9Z75YUHxMSIpf4uafou8jwzA9ByOYI/I9yuJXzgzNvmm45x3XxyAW4ur84urUozPhaYx7w8z6O+2iHZ4Sa0ykKs/bUMCIvH9gzG7QpT22Q/w9HcSTdUT1JHb2SyQWh2EBZE6dw0kzslx44kha84c8kgr2cKCFmXZUafSqYV65JfITg5eBMJnemas+eX1LFDWIrIOoilE4J4QaPsH8wDmseHb51RxrF33mJywva5tTqSHenzCvf8HIsV6FH8EqhO X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Implement the architecture neutral prctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbitrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 +++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 79 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c1f274fdb9c0..48c97e63e56a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -50,6 +50,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -63,6 +66,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, const struct kernel_clone_args *args); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -78,6 +95,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c55e3600604a..58eb48cd539f 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -186,6 +186,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index adedbfc062f3..5eb746fdd872 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -106,3 +106,82 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE && + !task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(0, size); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Thu Aug 22 01:15:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70B46C52D7C for ; Thu, 22 Aug 2024 01:20:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E9D156B01FF; Wed, 21 Aug 2024 21:20:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E26EA6B0204; Wed, 21 Aug 2024 21:20:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C52786B0202; Wed, 21 Aug 2024 21:20:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A48886B01FF for ; Wed, 21 Aug 2024 21:20:47 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 67D721A126D for ; Thu, 22 Aug 2024 01:20:47 +0000 (UTC) X-FDA: 82478126934.04.C1E8E1A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id A8B1B2001D for ; Thu, 22 Aug 2024 01:20:45 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NaYbf4co; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289605; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RA9rgm+BYHbO0h0145MFP0i7mOM9F5uNg+t9Dsthhzk=; b=aHbGDp0DnYKTkESgswbG6x2y/O5v3lOqzCczfpyluKpN2boFw5bc4OuIx4AsE2GBW5zcjv I6U6WRqFi+dhCj4syYvR684DJvamFjNwvfEVZFARNDcqDLFTE1rigcDZ3LsKGKsHaC848s 1YQCqiN2cl5LGDW8qHBuujNf6M/1Z/U= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NaYbf4co; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289605; a=rsa-sha256; cv=none; b=CAqCNhub5lh7B/k5Ygzb12+ARHrfqYIHqDmuhM/ycsOt+UD3uY/oxpxFPXz73pb2WXwFrw CsftXzD+6PnvAUltUZnX4M/F7eUu05aA17I35ChXEqg95kZU8E7zYiilGM3ltoi0na5jWV kZgkzerse8lODyP5GwqnMePo4Gu/d14= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id E7CB960FE8; Thu, 22 Aug 2024 01:20:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5837FC32781; Thu, 22 Aug 2024 01:20:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289644; bh=kXO2GCPjz2S4M/TO1zkwKAs7nkqAlyHosyHP175ZITc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NaYbf4coFOlLrG2dAibV7pBvMyx4JDv93vJ1RN5yZgKnTsT0LKjizxRQFsnLXc7ni 3c6Ka9YUXWQzYr7aYO41AkVGYgEFPS+NQLfFED+bGqnnWcPy704vjGLzr/l9kFfXrm KbBBPl00BgaD3OunTXUjrXZYzhmCinTKWhJrinLoPlACm7cPMNUBKZ7APxHOuq1vTq K9bz41XRDSzyQE0Y04SmBZiEmIMo6LQSseYY4rUAEhDxMVeB9Q6GZGUvPwqKUgR2Z0 wRVW+/BLnVdlG0MZrY17HLJoX7GrW4vjHQ9PX5g3FqZcmDN1b+3i/WgbAi+23MuJzY 0yC/Aj21Bh+YQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:26 +0100 Subject: [PATCH v11 23/39] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-23-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3111; i=broonie@kernel.org; h=from:subject:message-id; bh=kXO2GCPjz2S4M/TO1zkwKAs7nkqAlyHosyHP175ZITc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE1uApeg/OZxbiMhFHBoLLG5SrajXWXBeA40vR0 FCpWfjaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRNQAKCRAk1otyXVSH0HXKB/ 0dMGFWwbkX4Z9sEwfB0dY/XOaKUlKCCMaPAx1bkgitG6AntCY2Kli+mJ2dVrlsJiiUuOtKpgm2upC/ gAkHa6Qz6FCwyehhZGr3MKK51DmUkjlCYkZv42cAn0qdft6eCTceFbLwHpGhfbtmuoHLWsvBemKz7g bquAPwNz1oLJQtKSHYXnuCFVboTAJ45j7tCfsXIAEQvBKAcKyxt4CZ6uf3R0H1+X+B8Rj9VhKP30tb QvinvkgvrTuEsazsCcV6TDz6yGerenIMpfRa2ff/BSMxGJGaws6R1VIaoOepqTODXo2vjVoavLksF/ dZQVmPYzpTvliSCTAB846/Xjk3IcAK X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: A8B1B2001D X-Stat-Signature: w3x8uj9sswswnwe6gssmksjp7jyhdtba X-HE-Tag: 1724289645-593051 X-HE-Meta: U2FsdGVkX19lTLde/k6IimLxvCO9PuYLxPuWzbcoeXtciy6FZPEKl+d7DTbl4yJUOADHYA5Wn4iaVTuJ31Ulx1/HdoAH4vfvyLg/YwmV8ujgJBO72Bz3ewciTLCAZF1tvA5u7lSL7u69C2moHo8OrBUlQYodFDLdTiIIHHCrH4y4XSqWURD3E+S73iSbSEulx4fTTwL+0fpHK83vTpBonyU8ZQkF3kVTTfvYJHHYBBnWGt6z0/XDynP+DqUMVylKdQQUiE0CprLc5LSONhHDHxQwdC6Z16LVYzjFv3pZQt+vs+MYMaHO+XbhLUTJzLUgPZ5UT/5idxo3dVOXWbWct4U738dkQJowMX64NcrO4OO05Vy9P6s3tOGmeAMWsFHAyKOoVYcQypRlNgAkQPiEOEgHGaPfcLwFP0rtc5fHeSNPfDv2N2mrQUYzbD9dh6LKdB27v0USDiY7h3Q1WdQ0oNMC9DhmZHMctXvcfM0e+b7H1fSMfg3SoAaqBAgpCaGmPDWZyJm/JBkP/7g4O7WYB3xyPGAD52Ob5LLLmCD/LcCwTexsny5BA48lWjWk+8+hyTLGDXP/v6JKnADzs708gxBI0hMAplnQ9cpCDzic3cdSnpQ/asjoEPbRVTv3nch3eyIwRazDNVKnxrX1ipy5KR3ebh8F8t+9cSJPuKsFd97hZb4J6HKegc69qLSR6YAWSae1Jyer3r3tgKYC3d35OFTwknZQAacYXRM03gwoaHw7EPTuw/kQRIj5CIlpG9mrur/fLLuOUwEax1kxQmSQHt6u18w/fNI/e/AhYTG41Lpu8q3zkKZaqM5z9QdhCmx3d7IO/kv2v/ReLnP0VcDXxOASsoqHLXGnL2EEA/5mKFpZPyJomsjH8WfQoqYG9Epw/57gvJCgE1t+JHDehW1Us7DLq24hq4NxOMh1gsniHB7EC7aH7ZWp8E7qkPSXnQolGX81uAUIeKN4R2zNg9D Rj2txwUr VkxpHibRbviL/WQ7Z/RfKXzlwGISYBBJ4fcISGePkXKzXF+ooKCGE90pRnlt2NxqZMfQA8Uk26AVjNO+AFdAVYaOBXN8FMlENSyNZpvvH7vZ5uEpX9WzjpROgT21qs3t92+Q1QNIuLgCSDAHDNU01daUEeVX0sguas/zwoZLDckBB44Ql9MF6wawCGgqQXWmmGzhsJ/5Z+9lcDzRBdqeVF0tTb6sfrnss16Toe0ISCWojoQ2kLuhbo6B83Uq2O/wjeECu3FU4J5t4BhJwunwOsjCFSc31b9Cy2T6NsGepwMoAqEsy7F6BZnwGVTJKNeWbIIWyHKZB5jeOBzJQWaxDYw9nVwGIr9VvQ9nCqSvsBv/B/jYXLnubaiWDV7FMc8Al115zkkc+TL1hHfs3HYoqnvMxK28hACGuRLK4fGP6nRypISbkay/ccpf1KH96WBdXD2ugt52t0vLhmGuX90+0wTOexRYCpDpGojOauAUMBcDHu9w1+HEb5eS2fg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 5eb746fdd872..d9614900c910 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -67,6 +67,70 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret = 0; + int cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (!PAGE_ALIGNED(addr)) + return -EINVAL; + + if (size == 8 || !IS_ALIGNED(size, 8)) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + put_user_gcs(cap_val, cap_ptr, &ret); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* + * Ensure the new cap is ordered before standard + * memory accesses to the same location. + */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Thu Aug 22 01:15:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB19AC52D6F for ; Thu, 22 Aug 2024 01:21:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B22F6B0254; Wed, 21 Aug 2024 21:21:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 43A786B0255; Wed, 21 Aug 2024 21:21:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 266CA6B0256; Wed, 21 Aug 2024 21:21:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 043AD6B0254 for ; Wed, 21 Aug 2024 21:21:03 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id AAAC8140453 for ; Thu, 22 Aug 2024 01:21:03 +0000 (UTC) X-FDA: 82478127606.11.AC7DCA8 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf26.hostedemail.com (Postfix) with ESMTP id 4D89A140008 for ; Thu, 22 Aug 2024 01:21:00 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kLlb3tDt; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289581; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Tt3jEodIuAs66QguRVITZfa571ieNZ7SknFiHqdPwNQ=; b=mA7vnSI65/03NFXZdZ1iCxkMbdhVppAXma4v64NaqC2PaKiOnCp5jD15wcvZa7S2jkYDbd 0LSR3LiOKnOqAkUwiNuLHCZApYneiudRPsBVA8OyWwF0CbmLtYUcNgDMbi7T1SQdmwAxTp j9sGSsMfD/dNZ1lVrZCL6eRs9w8ZOJY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289581; a=rsa-sha256; cv=none; b=1wQis+vB/AlU8jf9uTTBJd3JPUU2W2Orfl+q+IUM6LFJgQuabn3b3aHMNTK+CLfapODZ71 QAsjvTRaKhUO2mEfzr/GK+dsS1DMEgVYYSDI23BTPcuL6S40ovlnZJf19jyi9iEO13blls h4vIJppv5ghXB9ViMeDsRrXOZ2h3F4A= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kLlb3tDt; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 4F57FCE0B61; Thu, 22 Aug 2024 01:20:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 409F2C4AF11; Thu, 22 Aug 2024 01:20:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289657; bh=Bo/Tuy38edFM69UNKGI4QycprcPw3RCFToNOT50DNNg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kLlb3tDtbpxhwIym9y36033hDygsfzrbG2d+bcdRG8eQgXJ+MYCGaTQIwRquAKVJA kJKEn9f0YmjbhCOIrpPJsTwwsW5ZQPt5W6S+R381SSZkhgi0DTbQjA4oj18xsS8wh0 GC6vzXkfzZd1d8CaCmOriLK7sJgLYLlNnhI9BP1sc1SBXnI6P3ynXLz2W0ZNyHCQJ2 qSFTa8yQIWJAnMAkFrZblZCYSTIgL3K868YqLQT6+9HzuJ3sHZjH7UZFbg1ixV04az 7ZybYS9eiL5fSFmUYBvft/JrQlrZS5m5jfFHUDOQVrsLrFfpXV1byIVA5piB4cxhjc 4BcZFCDtTARwA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:27 +0100 Subject: [PATCH v11 24/39] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-24-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=6767; i=broonie@kernel.org; h=from:subject:message-id; bh=Bo/Tuy38edFM69UNKGI4QycprcPw3RCFToNOT50DNNg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE2y+bur/yTlT1ckBEJCoMsz8VdX9n6F8AmKIM7 ORbXHsmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRNgAKCRAk1otyXVSH0CdlB/ 0fcLeh2rovj/XHFI8pXMOsE5NjJuHgPFiqmv0M0mBKI16LRd/uj0iQ9Fd09/Ij2Xn7Z7JOhKWJo/Hf qrT5Exg9cNu5A6rzbm9BF6cSUJEvrKOTUYFlkhgdoFRs71uuxlPzXjkhLHUc9IdGd34oy681LRWr4F aHXk+shxBUsFcIvh2f1TL+6ZaiqIdyo1lVb2HszgvbAr8caE8tN02dD+VayEp6sCfONW/jVv6EcYNL l3RXUFCC0rtz6RwdqE1cQLL3E20Fqwj3+DK2j05zbBerTywqdT3Bn5S60MWIXKSGYb6GEcDYkrPRbu Y0xV2o4dzkjazRyxVKtOiggbA0Rx9m X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: x3974cyfis7j93qgfa96b8ypcyam9ezz X-Rspamd-Queue-Id: 4D89A140008 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1724289660-207919 X-HE-Meta: U2FsdGVkX19n1SaavCSVzYD1kJgd0s/URgfOd1b1f3i7t9+g69f876wLnlgsmvNIi7MFG+ALPZPmbeE7tvDOAZvnG2kTAQ8TYRggSlw7P0MSk7ioc5obPHQ5hageV5bIRsMctUVzxhWrs6jNQuzFV11DuiLoCdBWqfQjx1xxRoIs7JYUYG1vdzTkuOUmZb8BokizhNesWXE89SnO/8LDg76GSS9DJuuA4z9JGh+pNzQHqgctQJ3r1jGqaPCyM2UcbR++2rfpLnGpNwB45c+h8v3s4cdTAzFqGQm1PVCYilOyoLogd4R6yAV98xgbMBpadU4kDfOm7TWFM8FntlwmRn1oACfAHrbGYlOQU7jU2RwBB4q/PCZviLIeluB2SujOi7g9K31aAZZ7yuIKNyNKn5rdYYGXos+V/g0gLnKiWs13bz9LHtW4DPE+3YO8DNRpC/aKcT2eumpYs0geP8FZ79M9RrG2XuJrMURJo9o6xKizMciCL7SgkEIIMrHxD2LND8Dhe/+RHY687gG8KKhItqY52ib0Eu+gW4l0sqx9N2hIR0kVxLvhc4c87ryOdNjIxpzQeb8NYkdyjlzearQx+iXJlvj3arrTwQrSBieVdbGv7pDwHj4Ljr1TV1zQKfqnHPHJoiaBvp18KGrGGbPHTbm8Ip7QRFfFrB4uKmUH+HJvl5J1L6NRXiYWkkCG7SvseWSb0R2z3LHao+Bz8LaA4KQ1UJRXUrkGrpc6gGu1ZIZ12yQ2/AU2mfz5ObhWq1XD2A47YynUfPKn3JaK1zSfLW9T83q4WZzm9ZtGpABAm2TqtKudujgL+YHqVA8VM1AvMAyeeqzaH6gvVfF+Q5ez009wnpwGJq6Vw2etpUDDSyiU6ja6RUTuFbHja4Es6++RolIYsPrH5Jm7fehTdSpPGxN0bbmiiyaq6fD9klWjAF+UniA7zFp9us1XgaFz/IsqoUUIX8NTuJDnfAC054H 65YCOP+E 9d+4zKsL/aFHafhDYAQe2Dw0hSP+Vyd0+MP0atpNrjnCLc3wfvhxemEJ1A5X6wbI/mDhq6p+C5UQ02sVawPTvUg5fUI7nbAC7rkvFv88SSUHnoX6i1gHxaIH+85u07D8lq0y55jJ0Ytjbgr5I2iD76yIkTr/ibizmYt+SsFCVS5mEWl8DX2VEPa2W1rStDJBFIYLEJZdqTDp5+8fhrKUackH8Uq43WV1Tb3qHQVu57V19zVGJaXciyFoNwZBDOdbTBSeVPhBPizO9b0eP3WPBxR5VAD9qKCB9dU0gS78HYlYEnQL88PCqA7e6jj4oO6YqFkFfap/uppEjWqcfqol1NqyDyijXcCSGDYazaLVtMPepODojRiMVTNB2aYzmdPa0o7kygxw0fxoqbZY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set and token type of 0 which we add on signal entry and validate and pop off on signal return. The combination of the top bit being set and the token type mean that this can't be interpreted as a valid token or address. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown Reviewed-by: Catalin Marinas --- arch/arm64/include/asm/gcs.h | 1 + arch/arm64/kernel/signal.c | 112 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 109 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 48c97e63e56a..f50660603ecf 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -9,6 +9,7 @@ #include struct kernel_clone_args; +struct ksignal; static inline void gcsb_dsync(void) { diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 4a77f4976e11..b54d684c4bf8 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,15 @@ #include #include +#ifdef CONFIG_ARM64_GCS +#define GCS_SIGNAL_CAP(addr) (((unsigned long)addr) & GCS_CAP_ADDR_MASK) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + return val == GCS_SIGNAL_CAP(addr); +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -860,6 +870,50 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + /* Invalidate the token to prevent reuse */ + put_user_gcs(0, (__user void*)gcspr_el0, &ret); + if (ret != 0) + return -EFAULT; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -886,6 +940,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1130,7 +1187,50 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + int ret = 0; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + put_user_gcs((unsigned long)sigtramp, gcspr_el0 - 2, &ret); + put_user_gcs(GCS_SIGNAL_CAP(gcspr_el0 - 1), gcspr_el0 - 1, &ret); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1138,7 +1238,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1178,12 +1278,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1206,7 +1308,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index d9614900c910..3e3218fb3c58 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -7,6 +7,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size) From patchwork Thu Aug 22 01:15:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23FDBC52D7C for ; Thu, 22 Aug 2024 01:21:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A08E86B0269; Wed, 21 Aug 2024 21:21:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 992066B026A; Wed, 21 Aug 2024 21:21:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E4926B026B; Wed, 21 Aug 2024 21:21:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 595DD6B0269 for ; Wed, 21 Aug 2024 21:21:19 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C731A14033D for ; Thu, 22 Aug 2024 01:21:18 +0000 (UTC) X-FDA: 82478128236.29.419F78A Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf11.hostedemail.com (Postfix) with ESMTP id 624B840010 for ; Thu, 22 Aug 2024 01:21:16 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QDNW72bm; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289660; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RM1Cy2uNLiJ+Nkhh2II29iYReZlTqSaE/ZgLIwZzJu0=; b=5Cjf6yoJL7N1WXiozG/Slw/ueef6m1g9EppvAG8BZ4X9qWk79S7BgSGRHtJxM42dVUBtV+ tyq9GvZEdygluBLefP/hm0u7dwA3vThfJu6eLiskadusBkddL72WX47M7J1k3++X5cGjDE 9sXxbeHUBGtWIHCu0+LVORYFIzniW3k= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=QDNW72bm; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289660; a=rsa-sha256; cv=none; b=aS5CGfYRxXo9/VA/HgjyGxjyhNwEU8/mWcexNPKqCGDCvduKBQqgyPWQrIdlS97cPwMz8t UsXF3YhNApmSF4aVn5N9rT89/Rnep6xFbc2WMIsIvwGcN/j2zBP+guerTO9j2dleXXL27x 4wuh2n3phnr33YHCIPHuuUzY8uVvCjE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 235D2CE0E88; Thu, 22 Aug 2024 01:21:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2E398C32782; Thu, 22 Aug 2024 01:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289672; bh=phF/G+K5Vtk8Gd+IR1osStJosJZBYeJruux1Qa01Fos=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=QDNW72bmY4mujgd8+k0bnX9ktGpWMNyF4Orr9P6JbJn1XyX3U2VlIxCOn7hDARTm+ 3162FZdVV5UYhbX+VCuCQfUU8Ko1HXF7dobpg8HTadjYVuIM3XGxxXfj547cnrcDWA qtgXN1jpdEZJ0FKjMdCWAXMfAyVqqdlNaFYm1K02BEt9uIrQXm0oDlC25MyEcE1Fcf 8K5HdxDTmhSSj/+7x2qdEcalwpBeHCMj2rXda6iLvlwsfLOuh0lDQ2ljQFonmgBScR i4pepbtW/0F4AV0nCQq9oHfyOpK0bgpamYUIR4S1wlI4RDw+qgfmhWyYrPYbInMsMS kTBcWBCOXlY+g== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:28 +0100 Subject: [PATCH v11 25/39] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-25-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=8089; i=broonie@kernel.org; h=from:subject:message-id; bh=phF/G+K5Vtk8Gd+IR1osStJosJZBYeJruux1Qa01Fos=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE3d+lQChE5Rgj8ZP8h2zuy8/9AX6Bh4tIAuWib +12oRP+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRNwAKCRAk1otyXVSH0FM0B/ 9r1+2pJ7X0Tkq/tj07swP+zG22VSAV3NB52WehiVDYvTieQnMIKTXwIhbSjnTZI/ZEg8LLMRTh/id8 3PwYkwXmVvZXl9IU/IAPsPxvbm3gaXIgfUzMoaebBIWEVSdLG+3DeEPcIwNSWBVEoc4HhP/5PjxytR 4skCS2JCQEwh5PN/0zY/JyImr0VXI8UUTrCpacJ41dIrV5iR5b7UuVso0jY1n1LKTamOVcSREehbLb DjmNyenLNnwbxKKgRqszg+uDYCbqEGHkpglLpG4KXioO95ylFiXKpaZdslauqhu43RGsIadq6P4mKF xFLK0rYVX7Oz+2E7t7E9kJaE5wxKZy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: y5eeotaxhzj9or16y78k478wkrxoo951 X-Rspamd-Queue-Id: 624B840010 X-Rspamd-Server: rspam11 X-HE-Tag: 1724289676-824471 X-HE-Meta: U2FsdGVkX19aVtq0VV5A8eTh9UEg65JIh7eyxb5v5gBcc47UaodKUfVyKaL9LfbVLWMI6Q4z1ktacVMcTLIglxV2XbLNU4dodlmITQAR0KEJ+GwC3bdvz5GciKHCSDZfHgmyiMzH1nDjuANF/ruatD6EXzPINPnxYO/QZCpI1YpjgYmRdOCIbwdfpCmqAyyn7JU9Xkg7EuuFeuziiYQKmYinqBTFnUinj+v5wbPygZNgo5zG5L2oig+TbpvrX0zKkjwy97RZ32CNtPfwUryGwLg/IWkIfoZokW/fTdIkA46man5zY3c6NnAaOvhIBg6ox/wWRrYqF1l4byBLiv4Jj1mDm1e0iTVvTMwKXjOyz9jJaa8o5Z2mhjMuT+XDtqoQ20vdTPO8P1L7R7oCO46cjnZtVt+Kx6wiRn88gKNU/Gy1vN7c1SnlGxMHCm49SNeoLi0/WA/Yr1IWwrHZuCw0ugRG9UeOgE/7MaeIeNCbMuzOusrZpZ0kFR/0Bss4vbcVzyyAyYutrQQDJL1U/XxpwX2TfFCaVm7c7HJqiqwU9h6dnjkhSz5sMAKDCL9kn9jf73FK1jXZ5mCkm/GEwu/7726WVGxf0gsAWZ41VCeV39P6hMbqF4awRbha2L1OBlNy30Y/QA9Yce+ZTHpItFT+NCm+7gq1mDARX7mfnERn7lJspOCd+c00Pg49uBkghk8VIc9UYvnqUquPes+cptn+NCDklrzI+b2DQR4aAPUtADPUaAbWXweYweqNV7jQrGEsXJqK88Eikz1YX7JoynElIzE9oeH65um8C4d2JNxfcyVPiI6l1r6gSEedwykqusZgyURw4m/zYnsUwFQzCYo842Yu47jevicZMqYD0/9RV8EDn2pP6Ool2g/IRcGgRXExbcmy9CNgZX64N784qpexZ0Rl9P9nnRg1Inb+rL49bjiHD4MobA34WBmEKDn/DQXWyVbcDUze61LysQVs8Ly 43heXY5K dO4rQcxeFFeVXQ0HJ/D7B7kezTxnAw+GcD3fWyWvKq1amOq7s6EMdatXrYFsu3ylP5L/lct7bwIZWTq7dmXQY1piNcgvXk3+4pzKMtiSSvsDXiG7i8ibKCGRRjhV1xsxez6Oshx0lBbQoo9J1qMCk1B1Z0Oh+eD6PFg3C9ZZZn0E4Hf1yrqbVUotmucE2yjHorWUTw3L8ogViOYvDgnwBO0LGIhJv5pUWNAIxokDNRZUqdBxIyi9X/IkyOdR3LRFX1z9MZ6LjfSLy/KV/kqAcDb9c+J7yIw+Dgcz1KUXv0F0glT2QRt83qdWBd8YM3F0MxbbuHwf5fFHcYlHgmZ/MTk2gkW04yR3DROLiEriGASJdD8vCaJ+smHE6/b9K1xszTy5U X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 133 ++++++++++++++++++++++++++++--- 2 files changed, 132 insertions(+), 10 deletions(-) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index 8a45b7a411e0..c2d61e8efc84 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -176,6 +176,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index b54d684c4bf8..3ad93f3c2227 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -66,6 +66,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -195,6 +196,8 @@ struct user_ctxs { u32 zt_size; struct fpmr_context __user *fpmr; u32 fpmr_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -614,6 +617,81 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0 - 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(0, &ctx->reserved, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -631,6 +709,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->za = NULL; user->zt = NULL; user->fpmr = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -736,6 +815,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->fpmr_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -855,6 +945,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -873,7 +966,8 @@ static int restore_sigframe(struct pt_regs *regs, #ifdef CONFIG_ARM64_GCS static int gcs_restore_signal(void) { - u64 gcspr_el0, cap; + unsigned long __user *gcspr_el0; + u64 cap; int ret; if (!system_supports_gcs()) @@ -882,21 +976,29 @@ static int gcs_restore_signal(void) if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) return 0; - gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); /* - * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + * Ensure that any changes to the GCS done via GCS operations + * are visible to the normal reads we do to validate the + * token. */ gcsb_dsync(); - ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap. + * We don't enforce that this is in a GCS page, if it is not + * then faults will be generated on GCS operations - the main + * concern is to protect GCS pages. + */ + ret = copy_from_user(&cap, gcspr_el0, sizeof(cap)); if (ret) return -EFAULT; /* - * ...then check that the cap is the actual GCS before - * restoring it. + * Check that the cap is the actual GCS before replacing it. */ - if (!gcs_signal_cap_valid(gcspr_el0, cap)) + if (!gcs_signal_cap_valid((u64)gcspr_el0, cap)) return -EINVAL; /* Invalidate the token to prevent reuse */ @@ -904,7 +1006,7 @@ static int gcs_restore_signal(void) if (ret != 0) return -EFAULT; - current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + current->thread.gcspr_el0 = (u64)gcspr_el0 + sizeof(cap); write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); return 0; @@ -977,6 +1079,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (add_all || task_gcs_el0_enabled(current)) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1077,6 +1186,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { @@ -1214,8 +1329,6 @@ static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) if (ret != 0) return ret; - gcsb_dsync(); - gcspr_el0 -= 2; write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); From patchwork Thu Aug 22 01:15:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776856 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CCEEC5320E for ; Sun, 25 Aug 2024 18:07:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 00DDC8D001B; Sun, 25 Aug 2024 14:06:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DED2F8D0020; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B7C908D001C; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 80DDD8D001C for ; Sun, 25 Aug 2024 14:06:52 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 12CD2A0866 for ; Sun, 25 Aug 2024 18:06:52 +0000 (UTC) X-FDA: 82491548664.23.380A399 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf30.hostedemail.com (Postfix) with ESMTP id 5C6C580004 for ; Sun, 25 Aug 2024 18:06:50 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=j34IVQ+H; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609125; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=97x+RZakfIvkYeXKt/6J9H/WgT2793hbpi6N8bxOaSg=; b=5XmKUtTC072M+yy+OKpm266BC3t1CNmdu2936OfuK9y8me+UqQ3dSg0/v7pmz2LBmy20jD erGXp/kP4Fq35vZ74WlnC4bQyoTMAxn1rp+nZ8ver2j5d61SPeMHqjdScLZagYdCvj6GXX 1nTI+O2kU7E8AMpJ6EcbLMuRhPnNNoY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609125; a=rsa-sha256; cv=none; b=uz8C8iJ0dNYir8dkcs2r+ZHwGlRw5NVa6L4lHqcJq3Q4WMNLyQjG2NHojdTKtEOdtUzvWZ P9ZzUig/ynAjUSFas7js4oTzvw1zh0hqci04kdzvGN8w4U+6/aNySLd0lRTX/EThWJ4pAN 0R3XZStsKW0jhGNQfLNTIivr7Z93vAo= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=j34IVQ+H; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 1C133A4210E; Thu, 22 Aug 2024 01:21:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E9900C4AF1D; Thu, 22 Aug 2024 01:21:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289685; bh=q2OusIvdEq6zRTANVy/UM3LZC1Q7yQnrfCWP7+HoHyE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=j34IVQ+H2dY3xLOT9P/ni5GeSKnHvl+Z09mfbufBDTCe9kg80dGQcrAXTD0aJJJU+ 7DW8heBrXQC+zcsYEp3jhkBLwkLbsZON3ustFsM0sN2ajSlMeNRfUy88gNIl/AsRg4 n0aoo+Rbkd1Snq0hTNverUhz7J1IVIFlOI6UKiPsWmjCftfbqWaZBtjKji4622yKVA s5zdOpEtgqSQMdEAVdcpOnFhpLRnYzEPSHVGn3PxXxhRTT8NB/O+0jYalPh3krEj5l b7LIbNhfV/1ExqZTF0ZRcXrtN0NiHFezcL5bm8RvdAcBeUGWLi6bc3CarnwrWlttku SJ34mJe3eHhhA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:29 +0100 Subject: [PATCH v11 26/39] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-26-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=4141; i=broonie@kernel.org; h=from:subject:message-id; bh=q2OusIvdEq6zRTANVy/UM3LZC1Q7yQnrfCWP7+HoHyE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE46S4eNrbFfzLLKelY1sIaFKtVoFOEh9u0esmR mto9XBOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaROAAKCRAk1otyXVSH0OIXB/ 0WLhGTnrr1acNEWUaHKTlFQ02Twd04uku5m9qigkISL/cOHuacfNhP/XjFCv1YD//lay6SHPXywYpd dJ+lnTfu/y7u6LYnbym71Jw+lPAK9SKgzzUeA+CzlglU2+IVQHhc+jUckTftFfbo0OdtwS5z6TGVH2 Dfnl47K9G24gdVGKn4o30EZnc0mzWB1ZwU4ROeFpxjrouQ74/k/1VZZA6vZhLAE5uPswgY1FtaW2xf DmPEy+x7Ab7Iv+jY8Vlzk7JJ1qBdaVUiaSPjnwAcwjSpa4TBMcmX9PQoGDaYpSigZ3aROo08Ok7GHx uqollhgNezTV/BBR1BdogdCKV69oBr X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 5C6C580004 X-Stat-Signature: 7kqnp3kzrxmjpd6ne3wurfajqi9ep6tp X-HE-Tag: 1724609210-685234 X-HE-Meta: U2FsdGVkX1+jfO9P3nsFOR6FmZ+FDY/GQyS4MXyKyrRAtSscgOiYZRAZkJQs4k+J18OB3DDYGddRGyp3B90eJBoLBlMyb+5n6vtZBub+S/xs8QrjGx/BtUcuI9NJLg5EfsQxKUc4pmzXVwpfcEuiUUFd3jO/eNKhzS7rpwRH9aBoJvOOnRgaKKDw+T4qfZpUDb2fPojZYrUnRD5jTEMqflS187seIHadNIXOiwJEMk6kxTRxgkXrf3uOwMqTDojDdJRNs2rljk1B4Zsd02TTttkUoJ94kGhesK7whp2J8rn9GGSepqJmjd78lx0b+FD+xulG2czoB1tzYGpn/OcNdU3RPnBWWHFnqBaBcZucvJZA3ba/T+NkUWE5t0+c9WMmmte4ZSxvcM4c99oBp9VBcilIJ8f1eYpjIR0GKzGU4MoC1mlb2oXXFNnVat95UqjDKf8CWpkyR3OasiFLkHknwNunfV0yC+FCMZzEBtXp8WZOn8JDQXGeEKFubFcN+Zr7AU49xjzYokooJxv2htYYp1Eb1wMC+GXpMZYvG+d/tPKCQQKin89BXUTdXXbsE3xDWa/CnlbwrOfaLkA+Kb3RfX5hs+HVTHsAF8pHbAwnaB66pTlFY9/QRPHvYceR1WVm65yTiNriYp+1kTrugc36w5BfL3JgzG3x3BdYnKB9uhmEonkwYBDN2xpenqLFLZ30BCVpzvG6PbLgu+VR7k0Yf6uSsgFy0NsUJHrgnkRTowQ6/AjVtzPgJBkxkg3zfGWgKgwUSyGf7UUKgG/M60k53EvEdThC0n7+lpRD2PO5c7QZdb2mVHQKrTfu4+BT6h4R1y+9qrO5QVwoiytHNj7yFgRcOfTKqjNcYDykKHrdZ7XKbHuPJB1AnpmwA2tc3AqNpdCrh9IGKRNyeLTp/m7Zxh57oiEbsxDvah5hAPCaGDvxrKfFMrwBhBmwnkajehzE0o6TOOvoARTYWKqxyna p3Fiv4Og f3YoyyhQtCbVfaSoOec6hrWs5TIC0IMUJwgy0X3HBKzKjqivdLPdTqUX7yIRJ2x6tGBuc71ZDM6kJ6KChe+uqAw+8+qZVUAegjPVkHDuWZ6No6azPRVR5qexTwrZ2q5oTIqZkxADNIctGyNTwz2K+2FqW5fpjOBAuXbzQdNgOUaBN8bgli9szScwtQXmJ/XClZqXJLnLQpPQ3DrS9WYUwXcz8jHmyVxF7gkf/ceaibMn3jJXfFI/LdWZ5doDHLezlqqWj2Tggt6XNUcQSV1EIveEUPzc5Y86yt7NSBYlQWBcP9Ctc9bh2mK4TxtLajBOcHapRWPVZMIt7cZvhePNMayaAn/qbAPHNcV/LZV8ibudMoZQ91l2Vpvc7AOfjI/O4BZ92x5LyRCGGWUg9sL65+aYoFsW4WBIHebgwKZTvk8hEPvQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 ++++++ arch/arm64/kernel/ptrace.c | 54 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 63 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 0d022599eb61..88f525b0c4fb 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -1440,6 +1441,46 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1469,6 +1510,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1628,6 +1672,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index b54b313bcf07..77d4910bbb9d 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -441,6 +441,7 @@ typedef struct elf64_shdr { #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ #define NT_ARM_FPMR 0x40e /* ARM floating point mode register */ +#define NT_ARM_GCS 0x40f /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Thu Aug 22 01:15:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24CC0C52D7C for ; Thu, 22 Aug 2024 01:21:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ACCB46B012F; Wed, 21 Aug 2024 21:21:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A568F6B0272; Wed, 21 Aug 2024 21:21:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8D1826B0273; Wed, 21 Aug 2024 21:21:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 6B93E6B012F for ; Wed, 21 Aug 2024 21:21:42 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 280D0A97ED for ; Thu, 22 Aug 2024 01:21:42 +0000 (UTC) X-FDA: 82478129244.01.B551CE4 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf15.hostedemail.com (Postfix) with ESMTP id C6733A001A for ; Thu, 22 Aug 2024 01:21:39 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NkmOBJHK; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289637; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a5bXas7FHSyOL0UbpBfmcovnYYxLqDdkV2Br+rPv2Mg=; b=VwEcpZ5xrQMvzEHryWbMzkiZyJ9IQ+8ApjQi+eUK8XCHJsYyindrD9wF/jB7bAeVSiZ0uK 0BRtjCrpmPwBndiQ9mP1HNvANR+RFxz6TGEr7oVjPsh9F4d+JFnI8i8az+Ng3Kl0pIBJqR On1RIo/1eLENJfdnloHdTtjb6vlZPpE= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=NkmOBJHK; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289637; a=rsa-sha256; cv=none; b=DfaVN+Ij/uGU6QmfwAwACIfU3BLCA0HA/BtM3xW9h5S0Ug8oUz4KHc5w1nbgKjlpVV6mJS V+pjowWXwb+j4gurv4oGuXW/cK711RX65ZykgSdUPH6IAvXYmVMp8zzABlXsv1tEgoD6Jk eAwUeFLjiEA4I3ZvQe3seTpIkQob7ts= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 3F2F8CE0B61; Thu, 22 Aug 2024 01:21:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 108E0C32781; Thu, 22 Aug 2024 01:21:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289696; bh=dtxeJFa9YuBd+oBMECBxmd/jn10TctjlQUazqWWROYc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=NkmOBJHKojz8DSwM6nYzZvbL6emtNKUeA7JkKQLB8uH5taYHO+I14fWAwDNwrTKB7 0T32RnpajPiK9jC/FzglUYmAX7r6zJ59RUqRXBuSXJOxiXwjDb/UhKmPt1EbV3ufOc dABlspAytswhq3Yzqww+v8myDmkXdtcKm9zrxvD8OIuvPeFnFDZfB3cE4jYYHWU1MH ABwSvvvgZs1w3wnnWqKyZr2EE4xwgT1y9mEuLK1fbheEle6qSyi79MUSXiYkZSLxsr SMDNlWpcM1ouaNsCfzmPBC+6Ds78A3H+FewAEcvhF+RTUbpS8mk13nVcAVNHuCBOTm zkNQ59HZYJQIw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:30 +0100 Subject: [PATCH v11 27/39] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-27-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1494; i=broonie@kernel.org; h=from:subject:message-id; bh=dtxeJFa9YuBd+oBMECBxmd/jn10TctjlQUazqWWROYc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE4HX3waWR6P/nVlIS4iaRLKyJcXdN5BJ4frnqU HySFidqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaROAAKCRAk1otyXVSH0EsBB/ 4ota43I49BjlXLJArTjty05r+82yt0hMdYO4E5E3AqVvSo6NYPm/EaH0sjMV4CXVYPSK7O8E5RULwI 70ZaN0kEcZcK7zfvzjnAUtxbQzQHxSo7KjIdrxwbReqbfZPJ2pcPCSPV57KutXRs6RpslMVS5Z7BDw bbgqBqDLv/lywndPg1znx2CFWWtZt9YgogyB3inCURWJFCpBsXqacbrtLejVxu9M2ESDMz9qkZyjVC BKMU3Fnvs6t1nq3gwuX4cnK7QzcBudiUV3jP3Cyjh64/YAqArluaXS9tRZK51HZOWT1qS3x918virB wdZaz1Pctay537JnWPba0phAwyJKVB X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jwrb38yasfg1jy9enznq3yw4b5jkp7d4 X-Rspam-User: X-Rspamd-Queue-Id: C6733A001A X-Rspamd-Server: rspam02 X-HE-Tag: 1724289699-918481 X-HE-Meta: U2FsdGVkX19DvUJaGXvdsmWbaUaA4kdNdlrot2+xxA3H9H70kXEM+JZxUfs8KTF/gb/LgpjojP9tWLm1KAzg1u1gjlVt8C6rItXzxaKpNKNa2YFkgqQyK6AmHXIpT/Hd3fr2BAQqMh5OP8aWgy8XxCqssRppjXKk7Yf2yrSygzTJaxxMiyCyvdSXi1Ld/Iu6mvLYqXLpHIhb+zMUSLxrh6rf+zG9KSlYySKRlbqaxhUJWmg3aBfx/2GIj/E/vnhVvHTPRoQNU41rnryMuIcOmV0MMnZsh9HkbgmRmV1bJs0ytjAlBfCrdsaiF+xigIz4U/jDS3J5IMuJ5+JRvbBysCPE0Pyb7ysQzdkILIm4ayRX+mfkh9BCO0MQ+VaLYh3q1+PqglMAL4suNngjs4vDB+aLEE9LLgCrgJ5rlQulBscCtk5nL9EtIvk5UPdCfEco36hagYq729XblNSV8lO5yZ3gp0LVtZDa0yLZwHTGopGeN0TBhKy9QHSgAVFLYCFP65hRiX5YJA9ffKKobp+f6FBOdeX8MreiN6l8fGHe3WOPSvheQTjbTpH2QXs2y6H49oWLeH0NlKyOiZRFlH8xbC8q//+gIu6RNAzSXSmrv1Nh1qoGz8M80gvbJNZ+gp5mu30oM26pkBVMWD+P9poNeFdOh/oMYPgZVnrfN3B01M6+mb0SkIbM+5tB0FUEMeVvTP26YHFQfeuH8zSnqb5W+FOKcvOZsMRy1IWb1dqoix5Lm52tONg2VD3gv0GhIhxOGqwn1dXptM7knfUkZ+UcMD560xd7lacWVKQ7IGrPr/rFVO/x+F0ZLRMFIEkS1DfKsmG/6l06DnnTWhN+NkOhLWKd7NwiK8jnSMQOCEvcRzqMTfskJ+rnex7j5AH7l3knnyXc1keS4Vgtl2nLZy0vsPNSdvTrGa6mMS6oB4GDGtgzDfnEtto7EVtjgjx8OJ4fw/cFX7/hriiy7z9iXrY /r9u8Bzh XK2GONaVNobndpalvSAnKe81zqphCGu2rZnO1ew9NY/rKp6FOqv9gJAlVEbluvWWG2CcSzJI+SijfGe/Bfs6qTdSc68aDFY6TKvtdDIBxW9w38mkRKpzi2MNiE+ffHqv57+qfGi2le1T8ReaFmQjCmFdoROhWDgkJiyEGkdNpbG82nJVp5eAPY32UFI7lAEN70ofuwCgVMsHbmeU5kBs1qQOf72bZfiWLEx7Yrk2Ameuqnc+ADBqhFVM1gEaDpAXHPBe8/4TYYX4YIk5xHYyhVWlrzkyzWDeEZEUiUZXYlJpPKx7zRaCHbGRStTd3hTkgb6vw9bznzzoV/OiECNNTxQfzgBJh9EKx9v0w/8Pc9nNJRSUd2Nkv0kJkNH9H6Hq4oCNrv+OLtWScRnNH5K088+r/3bkhBFPiQaxPXV6BME9yOWAjfz2d4fmH9YfWRU17zpaJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2f8ff354ca6..772f9ba99fe8 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2137,6 +2137,26 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Thu Aug 22 01:15:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772382 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BDF9C52D7C for ; Thu, 22 Aug 2024 01:21:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 304C96B0272; Wed, 21 Aug 2024 21:21:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 28E9E6B0273; Wed, 21 Aug 2024 21:21:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0E1136B0274; Wed, 21 Aug 2024 21:21:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id DEAF96B0272 for ; Wed, 21 Aug 2024 21:21:50 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 8AD56140435 for ; Thu, 22 Aug 2024 01:21:50 +0000 (UTC) X-FDA: 82478129580.06.8420A11 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id AEE0D160002 for ; Thu, 22 Aug 2024 01:21:48 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=i2jJ8j7y; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289628; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lx1e4QZxBbCVWVB0QayIR7s4g0rsUX9FuY+HasyH2g8=; b=czS11zLfgZ+jhZakeI8RdxHvEBFXVbJoVPiebE6Ro+gkQc4ZPM9yRpQD6Mgjp8wb7Ka8u8 4uWYUgQW5aAPe6fXq+OaQ+XKTpJSc2FI3/Aq7WW9N4bfambiqoImtdQHkh0bI2tGsqJ/dj P5Ci6vyRV6LHx+FgA1GgIXN3QcC6JQ0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289628; a=rsa-sha256; cv=none; b=SZaonotWg6lgtF4l/BR3Bn7MF48f4q4pTOB0du/t0clh3u5bFgsQD2HgXO4+aictPeuKtL Ax2ZZJWyl1xA6StqNhHU4rShCgtOf18l3JGmu1mTCbGgJLjkAsZpyEXUFCfjXjF1odmX9T sf4rujxnI3IzbVJQobW6sRpJKxcOpIo= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=i2jJ8j7y; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id E3983611B2; Thu, 22 Aug 2024 01:21:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 14C90C4AF10; Thu, 22 Aug 2024 01:21:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289707; bh=oHs0edHK2ZH//P9wlXUiorha791DOO+hA3lq1vKIHRU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=i2jJ8j7yO5ZxaxcgqkfrVoOX1ioF/kpI7DKJFezNvjCQnlVOinULY8Zjak9ELFf9g 7+6uhM3r3wLXETAStuORju7Yf7rkffQS5BOOAlApFwtSO1KPWev4UPd1mHu5oh8PFU JubPSf9+gWhnfejdO34HXSUwzypCNvnm3sjNO/xtiB6WzkLhfFGXOIWaWYvVQ4zjNV ZD3s9WFpYW/F1nxM7G4JOt/B015t+ByXRQgyifr92N8KVuDLjFzhkn60I66kqPUy8D jIhqv+traJMxxpKdDso4fEgQBnhI9PsrSymhZA0wP7gyuPUkZ4ALZSO4Yi/uEpm8Ds kvvnZvB7c8HpQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:31 +0100 Subject: [PATCH v11 28/39] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-28-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1288; i=broonie@kernel.org; h=from:subject:message-id; bh=oHs0edHK2ZH//P9wlXUiorha791DOO+hA3lq1vKIHRU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE5VVU3mpFKJ3hhjwa1thDydHnqMetxvpjvhVp+ 8HDjHUmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaROQAKCRAk1otyXVSH0AsLB/ 9E1Fcy2IXhvd/JhwhLRd+hrphvNVZfzJt505FwMtQNrnZzVixBvseWV9X6QlBFErh6ouCP81vIrMCq t2rSdIK/pY1jXzvzGra8yMdPJynAThpNy0Iz8l8hiyQrFOZR2cR7LkWqS4r7PwaBUdZlwXy165+Kqq 1VJIDF3fOjOgWpZ/UVwApLw+/dJIZhKvZtrCUrndbg0vD6sUyQuW/OD6q4MkHZeyxMoDCJK1wOhtJl tJ/3fzsjZ6SivGFUbnlwr+8gmS5VtzX6PUNQwOmZh3tcaaCuSIUt+4UP5lYhIOJl8gQ4EbSff1Qzj+ rqDAauZOO0JhY7bXmhQBlbkhQv7v/a X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: AEE0D160002 X-Stat-Signature: 6yu8miyfgzugq6fdcssenykbh17i14u3 X-HE-Tag: 1724289708-940403 X-HE-Meta: U2FsdGVkX1/lEdhIqPfvR/uuexRWvrk6IzezvA32cCJsomcEzuFQaji4z1YiAMq4j/YPOE7a9vZisVN2ttsjt3GwiL18JLPa/KLvSTMIzbSPdsbxKm2YKxb8xZk25ej2Ydw+p8/PVAWqsZC1nWsgxizb0+zyVRl0yoST7GcuNQW271t2E6+sXZ3hEzetCKEgNFYiX6ojPpIqzoEvfGtGmYnCduAj9QsAPtyMj1ljBC8aMDP0AluY9MWqWuPk7U90fZrgrsFI8x4v2C6sWeiSBBGD3YTYVRWXtKHs0j8/+hNZCV0YWmtTw9GTpfzl5/e2yojR4nMDN1w2r/a3mIjGkLs4zMk2UyiTfgqW8EyAgqMhRQZ94LxUBmvpN+Lufco5YC4Gcja/miCcDtCytVyBl7braa0YMlz4rRVmalY5yEQ6qWqOoy/gk0BbvkMP+nqQ2n+jTffBOyiwvAHwRQ2oPoQ0ZTN2cfDfex+zSC4VP/S9+CIvZ1QKJfwEnRYGqHk+vq0DV8R1l+b2H9CS65c/y6C342CxARnE6pRkpSWi9IAxgHbPXpF1qUshzLUQE4WYOPYb2dDWRdc0T7VLD/HEt/nhgmWVJp8LXnaqRAAYgzrPuoURb8sLt8szDsqxogwEZ/UbwUtPW9E8U0VwA7CPuXniZMXngWWaiPBBkOkZG7KmOkhAt6kaVfASFoSXoEfqWUW8ADIjVbqcultAUfYVyY5LuKSGrnrpfE+ecHekxjHDou8m/zGSi2o8F1AK/hQzCrWaM8CqnG65nnYOJBsTT1Wy0nIsrnZ9Q+/wZQEEdGilfM1bJZrFk8JNHvNyoBHESyf7Oeba1oISbPYTA5kpsE/VIdmaROdrF7I50edpl0mH2DwZX2twsuiAZXNmfCrf3HE1/qGODOIum18v+d0Y2SEckMrzlBGmQetyLzGrittyuXHfE7xBXny1kal0q6nnezPg3kH2Cg8OfwZ4yi4 ftBdOevt r4GO9A8TgBDhKbGHbaNYORH8IveqPHLt0YCLJegm5tbxw3HFMnQNji3xviZ7nGAkV8SMFZagSq/KwHDYLKQRRSoSsC3ADzv1sIsproK3Jjo4UYZNCo62KXQefSUFA5a1wlYqO7yudpjhzeSuYtdWrrQst4RDK2DVny2RhnF65zk3jpG1pjObTubF0Wo5EGq6G8CLAMJtiRre6rD668ZLxqVYYQV2XEV1ZItjwOtm4V/tkNQuhyJxciODu5zlw71kiKGPyA9pLmWJea1wFD4v4mHCWNlJTzBSE3jcel0BXiVacMsDiyHUum9DRB2ytjxSX84jcq+UYkjGvhFDgwR5WDIx84mfunSpog2UbMcsOkBLjbLK2FfIz/k7vCgJxN1l05bD1c1q77FjVX9E= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index d8909b2b535a..dc54ae894fe5 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -98,6 +98,17 @@ static void fpmr_sigill(void) asm volatile("mrs x0, S3_3_C4_C4_2" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -528,6 +539,14 @@ static const struct hwcap_data { .sigill_fn = fpmr_sigill, .sigill_reliable = true, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Thu Aug 22 01:15:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9B16C52D7C for ; Thu, 22 Aug 2024 01:22:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 37D196B0100; Wed, 21 Aug 2024 21:22:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 303D694000B; Wed, 21 Aug 2024 21:22:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1569F6B014C; Wed, 21 Aug 2024 21:22:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id E5D2E6B0274 for ; Wed, 21 Aug 2024 21:22:01 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 997C341252 for ; Thu, 22 Aug 2024 01:22:01 +0000 (UTC) X-FDA: 82478130042.21.A15218B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id CB9FFA000C for ; Thu, 22 Aug 2024 01:21:59 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N2SzzZlW; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289639; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ni0Kxk3yWVfTWSbrVjjhIlms208eOmetcRX6FMFodsY=; b=QdrRMVVEXj7KynkLoY6v2Ble6e+cJxaVXAP5XhNJZpPxyuTAL3eQ0fa9+LDvs+dPszwUr8 hCNffWPdIbmgxGF8dp5yS+MdFDcnnNoLP5nYg2dKO0GnfXYKaSR1QIi0fi42XgS3RLf0XW uqih2jdpclbuVX0FWBFQ/ibfE+XK0mE= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289639; a=rsa-sha256; cv=none; b=QAZq3XYbfrbNYkvDWbLBW533TO2uHhHKyPdtgnnCtOLeV2txPCyafOzbN9OcLZHcHuHmNt ad5MCfkAucWyhYhPdxZXZGkTq1s3FGXkRMZqfkIOjgBh4aa9uJxVXTWmjj/yJ+HQbnVZQ8 f8iYiBHCnpfiMXbFRWmQDdxPWWMOB58= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=N2SzzZlW; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D9DC3611C2; Thu, 22 Aug 2024 01:21:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C13CC4AF0E; Thu, 22 Aug 2024 01:21:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289718; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=N2SzzZlWrpt8Jm3M9Lk0RsbKbQsbQOKF56oki6goMGe+JUZiRuo86HjvdiymYMFgi aJGqqpt2rFwDOoJQeRUAQVaZucCfYDLOxUJPi5owOYTQiwlNbrEq40xmYHjGSI2n9t tqNXhiOB945uEVnrvJLv7aEOyXWskAmrbT9APLO0I5FFhsOBU+6TsVn9pfHQ3+DjnW Hqbx3gVbORp9mxO2OTY1Racr8K60gIqCK3hfR3XWO2mYpIFWKbNY+jkf/2MWbfgdfF eEgU80bFrgRrSTRlX0IEXVyzom1m5wg1/6qNlhmLQlThbBMv4jrTZ3c2JKj0MxIrQy a/9VX4dZlq6ng== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:32 +0100 Subject: [PATCH v11 29/39] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-29-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1894; i=broonie@kernel.org; h=from:subject:message-id; bh=daws7+gY8b6XFlV57O+J5ZaQ5dAS4S0GI4Vh7sgzmHk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE6+uDGXOrHu7dWlfoHceJS64ORE2ytQeM2CSbG WOSbh+qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaROgAKCRAk1otyXVSH0FJ8B/ 950p7I6dTc2xdrp9nDT25KJnOmX295fGMFlkIfUWIW2tE0A5Ek+ot64DwjGY2JUq/YwvDTiUQDvIfU JSdzn16tYWbpgeAZoWxSoZ9gWQ9JKvG7hN4EvL07eAnO/JTWgTafP0RFKe0CMi18aYtZlaTXKYN1Ef i7YqaDOz0tr2hqdWRxMH91NN9GXHWaSzbJqiCmzYu1M9tilqxYl6OUtnqgRijV3W+9bE42WVJmVdVe eWgHCgaCg79Rf/S3zmhKi5n++WuNGiDG+iaR2nPkDHfivx6gOizpcWK5krV9WkRpXqqgFxvnhUbdCQ ao4AZ6l38aB1w6FTfVNB/3v+VPO9WS X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: CB9FFA000C X-Stat-Signature: 6zouj7yny7bdqomuzj91maihy4uahobh X-HE-Tag: 1724289719-994376 X-HE-Meta: U2FsdGVkX19CaGLXlOmunhyEJl1nmpvbWrwRUmFoiDOhxOo14utYPo2fivtqBGtNt1EMvclLPza7+VAvWwe+tG2NQVKHZquTmTldG3mNa/5GVsBWX+19oLtNoGGc65H3kxKifGK+wtANbStY42trqbKqP3Ra/dNUvDs5q8F8RD5GcHlg44qPRUSjLYhHkqZ60Xuggc3I4iBokxdPD3ZIzl7rmsZkjsDBNCMD6pNyeDZiZVXgpseW3A9VN8ojuQ9nFYdnJsBU+i9FZFer2CbB9teFNRTsV46E5CgKdksPh/q+wwGGfhBCojoOQxv7XBkHa2PfOSNBKKQl/BL95qG56vWLlLBT5lMgxQGhgdOpaN0xp0mVXJ2hCllGU/tzuM/2k2CSpoMBIWlQzLqrRpbawi3NGyn4MSux++M3hyB2MIO7fXYvjOrj7zoRPMz8bAnHbEMQqZX1EE1JStTF/ES5ojQuRT9HFiTRWSJPJQ4LYgsM+luVlZ1szUPrYhlwwA60NxkYzjr3TtKdxuJLAIZsy05KeUqTs6qpp14skKJ6/HJCOtDhbIJ0hO2U3kmVmZPlUNePXIvVdxnoYcNa3O57UAQHPzlPBiYkj7jh58JkTjJ2RnA7L2x+lj8NI1K+PUS86e/r/qHeKJYchk3A1RS+MZMdWwxIMU+8prQZHG8xNNjXqz8oCFBGpFLZnN3GGQjFnyIdErb/BCJRB0aKcUd3WtJVND62AVy/6aXtE1GTHpotbmZrjNkh/gumfsi/14OJz0bcrytetYyS29CwmCnL/yOY+YzaNHLbQ8HAPPZRlUt6PGXGVR5742F9mpuGTCVJ74Cjb+oyTjGP/dyUuYw1cCpKSrHMPa4WRlv7ZqF3gFfNac99MugaMgXtLr0B0Z66DXkuKErDO8kmsJZ+YDQYYsI3yiurAv/Ims/zNtQ2uLFHfYiOW1Qy+Top3hjcsYpZE91RPI2q1VYfzUjjtpo XC37cEOs 9q0zuBZX+u1f1RBI3BQ5d3VDFecW3YZhbpgsOUFFq4Aim6Hl0B3afsKTRxoJiq3ia/URPA2ZNn+zEikyK7or1Dorj13b+FaHLzNjPAqHPHINBxldQFmL2kvyUohUN663WhdABMQiN1bRss/IsHxEc0pFpAEOfi+js9n5qBBBDlawB6b0HvWjlT04WrLzbY2OCaCouLMqOsb7fkSwPXSNv5YrBMtxSQBa5P8KVd2OIGIeo1Y25lxKTXMGDsy1b0b1UFfaBfa+fKptMKfm9XyYFLnLC1nYNo4IknRJdUAZRC+Tp+aarXZBbeXyGYOPPVqJ1z8M88ebxuLi+fDFet5zLnFLcB2RXLh2dV5R4jJNOJl7NQzJ3i8nVDMbcm4fVvGYBLmwZ6AvZnjToMCk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Thu Aug 22 01:15:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776862 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E9F1C5472C for ; Sun, 25 Aug 2024 18:11:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E50778D0020; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D2E2B8D000C; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A7D38D0022; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 702618D0020 for ; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 2FF7BA837F for ; Sun, 25 Aug 2024 18:11:50 +0000 (UTC) X-FDA: 82491561180.03.84A7BFB Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf19.hostedemail.com (Postfix) with ESMTP id 76D0D1A0004 for ; Sun, 25 Aug 2024 18:11:48 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uAC6VEWh; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609396; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5eBWEluxA75mkTzkT1Wn6Xubbm059W8B8emCrmFOIYI=; b=y3HUE866sjILKtKE0X1DhBrEo21jNkKH9ayqQ1KMjptWLmjk2/bY70r4Afs0EvEDbMIyCc K7kz4a7dYwegyKl8CWD3Nao6D4+OIXtYRDPL0TLqWk6IcWf/1RKnV1+H9uWG3psebE84yC /Hf0UadtX46F1XX4axDKf3HvjAx52Us= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uAC6VEWh; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609396; a=rsa-sha256; cv=none; b=BWo/6K65Q1QIVaFjKfdMUzWnBSzu66rfiVunfP2HO07QckrTo8EecSgW8luHf+jyRoG9N6 rBpFmi7/GnLKbbhCeSDRLqH0IJD1QWLa7nfKpqIMblpo1kE5etkZRyK7/1WKSzneoAuh5e R4jBk4aXbTFQunZcuCYgpMaTIhoEGgk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 42FC6A42105; Thu, 22 Aug 2024 01:22:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 35A24C32781; Thu, 22 Aug 2024 01:21:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289729; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uAC6VEWhqTL+cBNI2eAUFI40yJ6zaIbicFzZHIA9aVQhz9+Nmj1EPHgtejkleUwU2 9eoLbSp2FoFQTA9mHeTOqm6a/cmAGA0AFvzkvpmrMcOK0GOF4qWO+Sg5XE5dDs7fdY DjtdvHZaCyv1G/PS0AfMPwUsDQCeuOC58d/2Qe1JQN/XW4WpNaD3f9ZrtCM2FB3Tgf u6GwLRRCSsqUp/M1on4cDxitAMb4pBdeTW2QVEyeDMzaaLfINMhdkjGI5CIBxaIi9M 4abWcFCb9kARtAD6hw6hMCqfdRGtMxnPISIgSGFhJn1v1uNlGlpwE5OA9wUTgn4u+2 dQ8Lz1RMoBGvA== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:33 +0100 Subject: [PATCH v11 30/39] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-30-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=broonie@kernel.org; h=from:subject:message-id; bh=sPSz542BQgC8GDr8WCulUI2iE6roG4Js5HwD3OcoqCo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE7VRZgG2Z7/DOjWxHR2ISARiB0523hr1ytG8M7 JL8y1+CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaROwAKCRAk1otyXVSH0EQUB/ 4keLewH0EzA9rHUse6NUxquX1JhR5vNrTj+fWGR0Iuq3Jd7vUcyPg1KOgUkrJbapQqOa7/MvsfkH2P snPa1PsqGlRCYJMszDiUb4y9NmpGrG5vtHoctMSNxgEm/2WdgD9KAN5LP/WVJLijPAQ1QfXhodpTx7 FvXCsBAOmHxJ0BypQiv2yDwUhqLqUzlbsaGWGtuye5kO5OT8o/pRmysdBh/1U2FW92ZtKNo+iB3qNZ jEFOn4MtGN+pUdl1PvzyJGXfiPOA0Ry9FrSkLzpgvro1tLNymg+WYe3FBnZDoDsaOVGmDDz/+05kZY yqMAf+H3DK8lyrZ396WQp3EudgGO+V X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 76D0D1A0004 X-Stat-Signature: scxj6q9mmmdh6r1789zqhqnejdc6oeug X-Rspam-User: X-HE-Tag: 1724609508-635946 X-HE-Meta: U2FsdGVkX18dJSEu4ykDrzZyGWGJP9i3XAeLKzOb3HXfogKhoVe0C0eregR3G1+T+AJHNa4GmzjYcDDoPzKT+jpJdvH52sUeNlkFfvjmpgVYXGgMuFxeKzwZLKqNMCag7bMrS2WaWk0swcK22pdA7qdKzsnNun6JtT5dD+rLj1VAfS+vYGOx/R39Hiaf+oXrCnfTnCaXTPA6BaPoUUM3hySIXZ9zSS64XrRsskzI1AvAx/YYWnKHLeyq9kboATJ79dCr3k870pWErWvzUmywmRXA37s1KLgbxMjRcX/sl/myJ9pfskPi2bDwkUAiqcFCIC06HsUHMirYhSu3dEvgtJLbmU0ZOsReac+Qbygl/O45aZBY70HNhrUS61nBj4FxJJ+9vE70s4hZgq1+l/kY+gYW2x3GKtduxS0n24A02Yr08cNEXPvgNGP57CW5dNQoCCKProsGP3o4NNee6/ZXH+3EmyEA//2inq7HPEveW+A+Kc5UOvr1EnOFImAdR7RwkOnsnKBXdcRqteADeGKRa8auOD2tTFF3qJ0XpjRuykqScxP2eK1IZ5yS4lDlearpTdmanrQOmPC8GXXibe7xM4eclcV8j7pCoa/RypEMPudYWOkXe5xUo4XKcpzfpHd276w9wn5wmwi43VaGCTO1quCN1yhfqpxqVL4P5QoS+GeOg4RVXhg9DUY8Mmt9/yzY1gnR8Ta4KykT/z9rDjqhXgJwdgiJpt5nvjg7jR57x3Qiw29hUETqGmF58fu49UOrizhq3cJ96FCCKomX2vBM9vzYJ9ZxAbfnN6Y1RYZ0Yo9NNyhtgYbL4P4lJVH94Ui+sUPKKx77oaJs8Ew1hg7LAE6vTWfi1tF/eF5qsT61k5TLjZZNfHunQE+OvWDpddidK9kaYpGIGGnv9bX3OIaDMY3jiOLBP5pECEm3pdVj6uvneCEje7TjIdhqXHfgVGbvGEhCjoN2IPDt4z1fvrr RVNFAGKX e9RbCQNwwlS+fdwv48+cAPPRwkFYCWel+SeZYk8B5X7nmucE8t5+gefPoDZtiREVqDVyhYFYTf76gBvY6vN+koji9UK24mRqD8NQa08iYaRKeKtrILtp9SdoLf/B8K1CYaoQr2qhef0ISD4LiZrCcI4Gcqf8PlWAEvYhpTptdozqQTxfLZ1cTHUuwWrEheMZi6xpZ1VOxZeYHq+8fs8AMy94lYAXqucfTM+Gdy+GV+405Idt8Yp+agVCWWstddWE430paKxghbB+jrNydfAP/NE5WG+RKZFZPNA6zdUGq2MVHVwCvC2oVzCm+QBq1Muiyc4IwA9YN4a29Z37stIMocoMAqK9mCRDUWwFEAYH/A0fjXm0b9vSN51zWeeQEW5y2fuokbZzeSTXyr5azhybfpHmNLprHLjR83VJy48u0/7k+jhs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 674b88cc8c39..49d036e97996 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -217,6 +217,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) *err = "Bad size for fpmr_context"; new_flags |= FPMR_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index 7727126347e0..dc3cf777dafe 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -20,6 +20,7 @@ #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) #define FPMR_CTX (1 << 5) +#define GCS_CTX (1 << 6) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Thu Aug 22 01:15:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B789C52D7C for ; Thu, 22 Aug 2024 01:22:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A689940010; Wed, 21 Aug 2024 21:22:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 12F7D94000B; Wed, 21 Aug 2024 21:22:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EEBD5940010; Wed, 21 Aug 2024 21:22:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id CFEFD94000B for ; Wed, 21 Aug 2024 21:22:27 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 83F6E81218 for ; Thu, 22 Aug 2024 01:22:27 +0000 (UTC) X-FDA: 82478131134.27.EB5907D Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf10.hostedemail.com (Postfix) with ESMTP id 17D8EC0012 for ; Thu, 22 Aug 2024 01:22:24 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rprXxw3t; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289665; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WWCcnUoJjrrALxAjBZhPpvknZTOgZ9IOR5Q3O7LGZXc=; b=4pXTyJFkYQ9voGLcjI7T3Zga5BXYLJxEjncUrJXwKSc53abnfU2oQOSzpFjL6n0oGIV8JV 2bwdFaWhUH/LuOLsGl5LXAJuAvvhQt2fgjqGjH29LN3O6+5urNl3jEBbVidIRpnbeRt0Pp ChEEUj8fhekzeruKYFGyaF4qUjtpAHo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289665; a=rsa-sha256; cv=none; b=Ffc94mnjVJ+etuGj1oF+pAbm/G7fFczrlTWjfCArtoXPYtCH2wuDLplMRuNs2cb/+SjF8L N45Toq+cu/g7sbLjlef33W7gTk0BkXnEdX6MecV3vthTxlab2fHlYFryb/K9i49aU3JaPl iX/cmrUA4goHPnYRlIGBw3Hc4eD0rYk= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rprXxw3t; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 2C068CE0B61; Thu, 22 Aug 2024 01:22:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37C84C32782; Thu, 22 Aug 2024 01:22:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289741; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rprXxw3tGb6cTdhcmvgUvEwH+oj+LbteQEFeW1VJf8lEZW+GU/MPSp8LJcs5kgTYF RPLeUqAMs4QCMwtrY8SluBuSQlQQJvoCAKJkvAD/EepsBOrRWLDh54RblTJlG00WLH bayGQ9jBYcOxJ12Xb+fllAqUe1xC9qdIlHZTEygTR0NDGYTwOnscxhaBE1OcIDWYVh Y3ZdakJlKA2m7VcYszqWBGZTutvb+ISaEC6MrX4Lm0RumlDrxIiRPcRYBwZIC84fLo He7okOG6+tKgVjflfdrLFGI00i55bjbmmV/WSayFKSrY9Kgc9h+lP8h0PrSn/B3qn5 KUfAkh1XkaPvw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:34 +0100 Subject: [PATCH v11 31/39] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-31-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2693; i=broonie@kernel.org; h=from:subject:message-id; bh=+guAOBhRmIfgEVfzNIbxa5iAcbQBA9Aonxf7B+eDgYE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE8HE9xRyuT2o2hfCDAAvBuT2loh9TSNibeZFMC rWwE/vaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPAAKCRAk1otyXVSH0FCgB/ 9nTPSN9iDTXOxFgNkjbqBttZbfVxqIhynik1FpokGzlSc5+uDkL7G7DDCkbGL6RM7Uj7ym0pkTyV0+ ngwLgpFoRLl5FWLg+a49DG602qg4pSCQ8CVRq5uyTvczb6ZkH5Nb/pt7GUdnPhenZhDCk48vNR1rF4 Tzi9dTXCwL2UIkj9FI63nmlyKN/3fuedxrosQHmyjM//vYDOcsT4qbCXu97ArC7K7V3HbnEeZnirv3 fdoeNeT1AZ1C+Q44IXJTZU2sh3mSIkC7N9eBFMipswUXrd1Gy4j8izMs1A13a/pzHLXsxAYzQishJu IrejKlsDorgdQHiBJuNYzwQPd30Z3W X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 17D8EC0012 X-Stat-Signature: r9hn1jtimcw9565bafg5kipecaozjmpz X-HE-Tag: 1724289744-466398 X-HE-Meta: U2FsdGVkX1/7q0J24Ylg84Tx0iO5cpkafrGS+yNGePEhrA/kddQzHCvHfH1NPEL+RoivWVWAYE518SpsItCLCjpN+kzXUI8VJlILzNNvu7D1l32YNzSxPHgvl5Pzl9FBZWPQfBUt+ciBGgHINQGpWpaCP99D80fyXwbdczak085U29gmdFVQc9Ki6VaWncZcG/SL11bNobl21EhLPJkJj0WTCyhbtPTGSnmf2GSkGmMZmlcqauJMChFSfd/JrY3stfToH0jA+rpwdNG4bgGupXYh4smSrDoNM8jhxP+YuSrLwYRMGrPFugqwLX0Zt5hw/P34kXzSV+rmVDYS+Id6MRAS7R110yK8MWdwmyBD5DJyc/rw047NDStDmukyIwYWss+YKGUW8vYzeWvs8owsCn6JOxSmNA+9xJSMAuSOoUI4peOTURexFvdYAaAkFYDo/I8N6VRnFhuyYxUxN+XC2zifomVW7nu2FGi5dGu6ofSx96A0k7URni5R2gFI2KF/ui2IzV/PHc0pkUn3iwYtL9S0eyPe0yU/oTfavc+j5KoPJ3KCzhDudajvcWuIDP9Y1H0KFEcYbrm6I/UifmfNZcUZLGd5oq02y5PSGAXELLedIOy1BF0MEZpe2nuF8afI8YZxJrZQdMdBzWJW4YmXnEoNarxtHnpQOM1LNGIME7yPn8GwraJTzHecC3NZlTU+mRQAJoUWWw/fE9w8xeOLwSAJRI6I+2Fbp4NcKA+Lprxu9v5Fl0aIcHtw5UNXdTgS5KNxG+Q47oYraqiuX2aO6tB3vY7r7HdN2zFD1YXqDdM5tqOlTb/8dAo3jUCsQu3pcNzzaYunSrtjm4HWoZqRTlIrKxBfJAbNBvWNEK/4BZ1/Ub8ZqopA0p9tFcDFeahLLsoIPEeQ9bBT1z1dy4SUpEfA7n7Wh3ayzbdtht5OjLoEh3tn1ARKHImwCWIteGiEv3Lhaycgjz/F5WiOLud TfbNEABl GJylrgNVG1i/95nSa5h49uM5TXSPiZCA9ecbWTutYSGLeBuON0XTf1eImmuU1J0wfwTCJae/vLqg+c0osKZtEBYlnQluowrWUdnLoHejdzg1JMJ3qcVEv8kNThUdvbyPJUL8dlm//IcgS7Z3g+Au12J4CdzOpdGsfQylfXXewgoer9cytdFrWltEwjxPyQg5TWssBJzp0UtYvnoQWis8GwJw2dTDzvS+8zcnazb9/CRq0KzPVqBvX+dU3fO950uoAxLjC9EnRXMWV0TXQq73Z64QntsZnq74MeLjBFQ5Zhr3ZSHd9AGOP55u7bF2CitHhSl24P69hMOz2QgU3ectQzYzXon3BH1BewZqbf90//JZmOGaFP49ldsbtZBlyzQ+CVA0GIaJyzY1buapadAWCgAGNck9g5xiSRD17n442nHnVlNrkHIHVsgy/ww== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Thu Aug 22 01:15:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55A45C52D7C for ; Thu, 22 Aug 2024 01:22:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D192A6B01A7; Wed, 21 Aug 2024 21:22:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CA2256B01A9; Wed, 21 Aug 2024 21:22:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AF4F86B01AA; Wed, 21 Aug 2024 21:22:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8FD5F6B01A7 for ; Wed, 21 Aug 2024 21:22:36 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 49B98140441 for ; Thu, 22 Aug 2024 01:22:36 +0000 (UTC) X-FDA: 82478131512.26.760F771 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 74E10A0004 for ; Thu, 22 Aug 2024 01:22:34 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sgddyPw7; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289689; a=rsa-sha256; cv=none; b=Fg8vsJkwx87OycrZbOI+ZRIGIumJ8vetPYlHdHX9CVB8qU6NbNNoXDIrk2YHXQNrrlyDKf bzOpPlBe63UInf+rCoEoMOGb/x/2McuSSajf6WPDLIGySZQdlaNMZFcJ+lnATalKrUxxHW AtIne/YOgyJ+Tf0ic9RLUfPa383j6tw= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sgddyPw7; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289689; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hj3WhFaOCpjNcMMrW6j26CW97t/N+Ei51YtOEHgyON4=; b=5M81RxjCTmiyLYgl0sc8uyS8J6Pa9U92YaYqP6OZRy/lz/Pf2CmJdezkDflBwhEkvIoZpG Fiiwt9xKheQWK6t52wwJhpGih0peEMxjyAnYUTzn3QhkEKly5qG6KgRyCg+0bKDodYe2kj tXv1HnA+Q8JDjPSfRTi3Lehc3CvVvyo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id AFFC2611B2; Thu, 22 Aug 2024 01:22:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 03340C4AF0E; Thu, 22 Aug 2024 01:22:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289753; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sgddyPw7Z1foicBj1+Dwd0OVNyhela1sRkgvd3uEiArL8VEW02N/0TJdNFvw5V++4 /C/7otwd93MVymcpj46C8z5q50O4SDZws2C4OSqRd/jB49qKtNZBXWHghJlFUk1XzL ApHk1/XZ4srDxP0zoqO+/fE7UgbCRYDbnn+cvKODdG82BPDMs0taP5EF1uVsU1LdKg uxtr1i5SwMVGLYAYX19DRpPBLJ2x8iAXiFiwrImE/RKfn0n59P1lpLyzp2SKjUqK0t j6Tb7GDHfQmrpWQ/vKMt6Qo5e8ppKHyYWnOM47X6QVJYna9NI2XR9B/39w1AJdPyJZ tI6pcfPMd0TDQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:35 +0100 Subject: [PATCH v11 32/39] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-32-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3656; i=broonie@kernel.org; h=from:subject:message-id; bh=LmUMQLV4QzyWbEviejJtcrr2Je4DeKbVGxPr/Gcjy80=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE8A014o1ba8ECObt1pIIsJp6VtKyu0PKBnUq+q NuIjOzyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPAAKCRAk1otyXVSH0BKfB/ 0SvpXRC4OAPHo+1ekhhDIAHk1LSJDcopbR3+m03cJg/4wl8sXxY8f5K5zb7Elff5CJn+Jhx/X1LqE4 kwFWiwcmB/pu9ysEraZZ8MjHTgjbJggAMbNKdID/sc8TqWPoqIrx7LXsVzmJX4XQys7y4T3p0bt/jw syN9O717x3qCB8Z/YBvrmqTL6igoXI7ObcyFFJ8gyTeYeOJHPzVLql5ZJ6AnL9p7Vha67asKSinhTP HDF/twrCkZzY+U/ehgwhIBjwIeHIXCxbrnnz5iicCTYdy46HUVb2yOfD+Meg9JMLBwpX9QTykIA/Jn PGkSue2AVnT+69HRVxr41eBvzI9hI2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 74E10A0004 X-Stat-Signature: quctjaoe58teas4pybn5eh4rk4wy9nyt X-Rspam-User: X-HE-Tag: 1724289754-930574 X-HE-Meta: U2FsdGVkX1/8WLzUrquzcw3WzzqIC0GBq5rcQAPYEAD70NhmNO71Yn3cHwIaEqHJXxkonWbsQLn/Bthb+9U9lGf/2xn/SMwpY/lopjcV16k7c3Wo0/cHeynv1XCsyT49b28NR1DieLN+fM8ctZX6QhIhRKjvb9iOeF+UTRjqxp6Y0RVxTJhF9/XR0n+Zysuaf0O6yRDYbO0kLtFCkxhAPuU+XDgV1gwwCPfZodu6kM20fMEtf87MTzG1V9JbJwCyyjBYCpmDnU2SUMwZ9N53l9ZgvS/YmTKG+ItA6dThU/HsUN0SyVBRZDpApG7q+RU5o1ULuRthUR2rIQqxIJs6LXhhdmmK9/dhv1izxh0jMDdpQI4aSsHvEHDRqA2TFiWbbGKSBuXEXH5tFX1J+J65c9KA3xsZh18EZPX9nGUJeo1y2bjZARej9+D+eD8yakShpFQL9fUXl9w1zlLi/GgQ6yhzIiGOaXuITqQpw6QhNTh2tXSurgZhMSj2xTYj1XBEM53BLkrVtItRrj9AkvlUCm0TV8b5OHMh2TyZcIE89JLp0MBWjgqHAUkQg2VY4XRxba0YTbJ0b05JonhJQy4aKCmQWBKJQKnnfEwJiI+ZrxjW+O4NXrbZuMLzCbobJKlrcmGGz9pVyNXjPkoGxgrmo6WCQAr5/85cyvz3gQj4KNR9H9YTO65Oj772AFtDR2xkaU8JhMjGHtSoJiirBIvInEuKHmQgVrdBlP7g22ZZCamStzv4En3YV/YCu9tdHhcr1CRd1rmxOeLK43V3nCaaTnf57E12TJ8i1pdw8dc1qadaTR2ClWzoE5OHHKK9+9MZgxmwbQZkoHtCc17yU2JNbEfdm485/0q+2VQMT12qKJAPPOUvt7Os2TapusiXlmGnOBxnnscMoeQDL2Ur0xfEmDEggtM8t9/GT3/OHuNalSpzvF5wqS99trp8bLs/Bcpxo26CQSqo1EqFIwPYG4c bZeH66Zs YGTr8UvpKnVXmEQJdZ8tQoeu/Td8zg/5Z9HxHzfq/uhcdvzUdbGIXQI+KZxWkSUnh6j29Rl9fKEE5zBmIkS1jAWfNx08Dq3fK5uUL741xoA/gl2LJFrTapT2EdTRjX6YfTLKwgrFv4alsvI8U7vOXt2/1XGqkiy8vTQC0tV1uQlp77sEUkF0TQlBcureYNLHwRIYB6l2wrL0E+++1EBw3U2gFGGzsYE+K7Ol7I3InfuJn4DU6kqw3x3PQjm6p0GWnk1s6pJyyLMDmSTXhM13udTEu98wC+GrTdlngMTPiUwavelmca/EF/FbK3Qu/+wOw6fD0cIO5L1kLCIzvJ+K2hamfeGjBUAsKNc8sMjWxrJZApKcmrDfkPQHF/ac4tGYbP0HVQ6Eo6KWdyDg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Thu Aug 22 01:15:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776863 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72AE3C5320E for ; Sun, 25 Aug 2024 18:11:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1E1F28D000C; Sun, 25 Aug 2024 14:11:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 00F058D0022; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C1A928D0023; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8B0728D000C for ; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 3371640869 for ; Sun, 25 Aug 2024 18:11:50 +0000 (UTC) X-FDA: 82491561180.05.1712DB2 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf02.hostedemail.com (Postfix) with ESMTP id 6A7D28000C for ; Sun, 25 Aug 2024 18:11:48 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gKENafN8; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609441; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3Jha9xXlI6eXPmoCvZEt3tepTTT+aH8aO/t6Ev+AFq8=; b=y1uLOLCMcF8gFN3Pu7ikHKxj2ZAnOEKuolqq3612REFr48pAqQpaXF8ZmuRUPzTM63NqlD snu8vg1R54XFThiEvCDNo/d1QNyY4nzlNO3UZjYTXk/O8pnKTdf1x4caO9xwPKWNNN4faY ou6b8RNaJDB29GJXyLGITjCr2G4cQe8= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gKENafN8; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609441; a=rsa-sha256; cv=none; b=lrBnJRrH/qSgRpf/oDIVZAvHDhh0AuhceRwV+Y5knaOAY6woEvMe82/ljnC+mkrcQSzPn9 4dcjO8/f/nmvDhZVFVpuJfILOfBNCmXXJbmMKbTigKX3qkjePe3g9MTjemsO9p9eIvhcqG Wr7pPVmmvGc6+arD6eP/1lwafj9BKkw= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 049B4A4205A; Thu, 22 Aug 2024 01:22:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0EC86C32781; Thu, 22 Aug 2024 01:22:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289766; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gKENafN8WZiJblJ8RxoYjLVXC1AG4j2c/EPj2/9pQzohgfGO2/h0XAT621/R/qxrS co3mgnOzG1qXQSM4yudCbxWTnXsrxfK84+An5IJLakmTxAkHy4vWRbxJW6Am+LYzDx 5Rmixn9OtrsG/sjX2Sufyq3ttstFuXAv4JccStcrjXHtVwPR26k5g4z+8LkhwSOSpo hZqrNTUe3ZLzf/bKqxOSrRAQGNXdv+GfigXEK1AOkunoOtWC+s2LCLkcnaI5s1ZGSP MrNT1HAlJfqdPKQjidJSN5k1n6l1FgQd4d/0CZUxN6yyLRWX6IcQCgVGlUVr41JVvX 6L1hWl4Y3dIpQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:36 +0100 Subject: [PATCH v11 33/39] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-33-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=13330; i=broonie@kernel.org; h=from:subject:message-id; bh=uHJiYcvljzUX8f4hJI4pgvGmhWWcFPMp0a5s58eHg1Q=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE9Xg7x717YwnuvJnwC+Q3h96FAxyrqWwICT5Xj cflEB/KJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPQAKCRAk1otyXVSH0BHFCA CAOD9sdfDcPURA3vB8y9lGL+N9YDO1PT98jwOQi23/w0cPdkRFF93K9zX+npcboaP9G8ieG6ynXIKp m7xiQg2+skrTNc83i0UcQCS8coZWy3pbN+3CxUVmIlH1miGybPPQea32c/HX84y/0hoeHwRMLeeQ3H /2sNz8DGoohw1cVhbTWfczRYDYXGpHYHjvRuZHMT2X+1DkOlT1jIhJDEM2SdSE6ACEhJW9fdkNYpS3 MsHvcEc0lND23DwRUDp0PuRjlribj4lJXBbJbTGkqudijouMnS3EU7eU7m6oh1aQ1G/RQ/uYq+uqjk IBNKdjwdgOPqTiJUMYkizvvzWTmlL5 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: begou8tyzbok71r37f6sins7z9owcena X-Rspam-User: X-Rspamd-Queue-Id: 6A7D28000C X-Rspamd-Server: rspam02 X-HE-Tag: 1724609508-640987 X-HE-Meta: U2FsdGVkX18jjbdjdP140NTd2O99LsSb9KL7N4xeylKEfbBjCby3Y7xckl5hi0+8JKVKeexHTaYTEck8v6ClcJBqVG2Ff3AmBOSzbTStf/avjAdWFVmprYYy4riYW5LazFr7eO4AbdcPIIo0JUed6k/oUwpwaAf5/DrMV4/pUdVHc9NecdKpheX8bAKg04eH/ntdIoHAeDCx/PT1paa+RfiZeq7PRF1eikwYBsT5k88bTaEgFKNf0ShN+MOOU2LN/5uDlX8HW6tJykBXVn/53NZ6PezETu95wCGuFksfdGj6Cg1lqcs17hpAPPvOfuOA13/iJrWc+U0UAlILQPvWgVF1I0PJj7E8TKSlRslGgujeEA8lFKX9UKy05xeAsp0VvfsjOmbFnxhotaWGKSqJKJ054sYZMKxF9BlhxfQZwpUiDx+sCV+N6dT9Xu7pDD/UGJWyatvJoDBmyJ+CEUFSSmCP1FNDJbFSrO+BxLrh4XVlRDIxHBVDuY3ah/mqgxJzzwr4NbfEn9Co2Naca2d8B26ksV3v9zVlcRWGN00HwnvhAzKtYSnZ+WWFO9Ng0VQkElDHsoF7+mYAuykLNcE5EKoPUfZA+7l5kZ9ttywgsbAS+CUa8fjLwCZz1/Oy0KdCszfg0mbWJX5+vfvUKLHMemj7hoqZXs/PLGGkpLD10/ciR2WSIBZ15WRNlm1qv6XU6oG4pBk2hufyaTw8nHoyu1Qn3z/v3ckgZHZWgnH6iFiNRWPiaYW611h+k4sImUo3zNvOQHaxD25FwARBFnXr0N3FfCROB4AINxRf+MrC4lovQcxEfEcBlXVCD0r+tbXXd9v1589VAdxAGuFnrfCAm/99fJd9dWSPl7HX/l9kaaw8F0EQQVXufAaHL3FsUI16AtbnBrEUTiFWbz4Xe55DrFEZAG63Cvgob4yP0m9OH7+8DGlWd34G83sFAOI3Kvj5rv/2/D8h7a+Q9LeRkD6 6Z5JCnSs sOQ7n78eDi2ONtpOtvtdhV4RYqtlFC2ePtk0yPbpSVWyKSxkqu1oH8EceyWDcNdts1sbrdl8ZWeiDaVG9PEUYV6fGKUrRemTxzGISvjJ1J1JojMCOqo0lK9FanIfqCbROfiNuMfdNKqLOxLC5GP1UDkLozxmIuPnc0aaw8LsvX+EpCgowIC5SFKP/CgFVwKSYsyrwHcW6+mplglJ+5TsXqlrgsc5DlNFtRe7eVr3bzJPT43soFvkosa2fQiviVY9z4ffraMPcjNS0VynsawkyZXqzaZEe3TQhMH9L+NJxy9+eWnxfzMjZtpMvodeqGh60AoRsVCVIjtl6fmOrxe9tPp/ZEdQq8bQZaXPjFJq02PqwR0CzZ9wSLydALuqd52qRat2gAoR1bIala6bON1NTEXF+oESpJ2eW2bTwBQpilPgeJrM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 357 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 467 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..3fb9742342a3 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %lx not %lx\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %lu byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (void *)((uint64_t)buf + page_size)); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%llx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%llx not 0x%llx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%llx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%llx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %ld byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..1ae6864d3f86 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 74 +#define PR_SET_SHADOW_STACK_STATUS 75 +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Thu Aug 22 01:15:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772386 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0C3AC52D6F for ; Thu, 22 Aug 2024 01:23:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 159526B00F0; Wed, 21 Aug 2024 21:23:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1092F6B0113; Wed, 21 Aug 2024 21:23:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E28FD94000B; Wed, 21 Aug 2024 21:23:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BDF496B01F9 for ; Wed, 21 Aug 2024 21:23:04 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 65E01141197 for ; Thu, 22 Aug 2024 01:23:04 +0000 (UTC) X-FDA: 82478132688.12.3107048 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf20.hostedemail.com (Postfix) with ESMTP id F1D901C000C for ; Thu, 22 Aug 2024 01:23:01 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JGKJTVBp; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289742; a=rsa-sha256; cv=none; b=qWCIaq0MxfjG5AwmC92/eMJ5s+4G1AWP1WkabPOksRH0GFfm+sL7gbHLdy5iuD6Dr2XIdC MM7rFqj015oemcHoNzH33LEy8hI4Hl1aVsBYZ1vlQJ+hFipvAMyzXdH1MYpkGlAqODEL7f 98cSow0pvNue/SdwbHuWgir5V20fH3w= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JGKJTVBp; spf=pass (imf20.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289742; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UEFjQWymfL5Yan+pu30W1k7Ik0DwRmMFhSytFiVcHU8=; b=Jr5Zt8puRP5WY+MapF+H+c436ZXhD7FrKivAg3to/J+ZHxf5fgnfiFyk+EiMSQEn1vDfAQ Cvncei1nJe8VtCz8ohPClW8yIezAW+Crb4E2rcO5UV+f6HpiuLShtor4xXrCq57WjWfXda SPZIJHG2HQg8bArGcdf63psJ7Lk+FDA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id EFB30611C2; Thu, 22 Aug 2024 01:22:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED188C4AF14; Thu, 22 Aug 2024 01:22:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289779; bh=/1aoc04K/3audGzDCE94EV+DlAIqMn6XW2k1Kbj3CDo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=JGKJTVBp9iHmup3aV3gs0KNSUi3oLJ5a8+M43v/T36GqW2FN1zBBSf69EaAZQ3FXo yJITLi3NZMmv9I5N2J886HpyndbTfBObPFJNuYw6fmab0T/7cA5AxNm7qYnXREXHwS EGz1fOHWbREx+ajNqQYz2B6QGrS4dR7RCrRGu1Ey9W9bH9GUhlFfQIqD8VjkMMUmLD UBuu0ywApoMiEpi7I1OIXLwQdPlGZ3nvohJ5E4pmRdq/DXiLYBpqgz7wH6bcyDvzRb jMuUPrPQUxCsQLD3dj/juNQyRp5od9VHSqCHn2jPfWgxixY8+0Bv5GRVD3wPkZbQWM n2AeTCV18+5uw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:37 +0100 Subject: [PATCH v11 34/39] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-34-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=21135; i=broonie@kernel.org; h=from:subject:message-id; bh=/1aoc04K/3audGzDCE94EV+DlAIqMn6XW2k1Kbj3CDo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE+tNOqJjxMttPgkQHwCJg3j9tzIZSx9TDV6rnh pAqUEb2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPgAKCRAk1otyXVSH0GqgB/ 9uHaegvBDRX7q5BfHY2uab2C2l7saiVDTXIUL0n2Ml4bQMo79U5XvNkhHAW9cC6OHUk3fPTwOhVTU2 rCWx/A88x4N7JOpGEJT+T5ngRWMMKXuZeIrwfRDsXVrJb+05GF07Wh8WXyy9eeuiClsM78usIMsvcg ayyy6rB7WWVsTVd+aD9qL31FKA2eNeSOx16/wdFXHf4pZn5V23d3liY6lySs6JcrixzxC/obkwnZyk SmcX6DaJI2aFyP0mdWUS1B4/orLpInKUgylxceYJ1kGkPN9lS7B3vU2uqYzGkNDA3GS40290CTM2Wl yqMnGDqP6kVdH5H3+A6Xy2oJd+GNlU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: jza6cdb3kd3od8szusfpp3ttcds816j6 X-Rspamd-Queue-Id: F1D901C000C X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1724289781-565112 X-HE-Meta: U2FsdGVkX1+qgjaF6eZQ5eLI5uwbMCBvj5RH/ZbY3KxzFrVpuB/MRBKNJvYbPA7wouWKUVV6l2h6F+9kg9BoLdoUOPVc5SJPBtJh1RHf3yio5F3tlRPVJFhwBcmsjG1/01rDUNe5QivAbAnnrLcr/pxxUf9PNOWRXObJD1aI7wBcXg3FGGe/t3oHwrIo5wNTqlVtaTSLmJBsOPyCx7330KOMYcsEpbkSGYigZ2zfrS7jXJMPaFUm1nuNKvQQzkVVXGhKVzq2A+9YQLlxZ09VKK6VvgTvXlZaMEnxLi6qbzKTdxGgnRcBZJWorGBeCitQwREpVnVZM0beipDc2rcKj8OCmR1uS56WfK7xGcw5E3JMeVjlHpNhxnqwyNNjShz77lGEtB0EDFMqE4Qu24bteDehJWUcPrvQicV3YhZ3waRuWR+x82jsub0rhqBY6jGHxPdL1IV8+K7K9A1K2ARpGTJU44Ywd3k5WmM17FPvllDrSr1LWgA9f9stF6KLHaqGu5fHjLY6VKA0tO6gPBk1bXglbQMEuJYwHuszNdxbahCZbh51/3jRj9QZTl1XbSa1V94vDJSG+P+4QbgmS0YAdZb0k3E03555yLv3cJiKMvEyPOxoHIUKCOjUZDQ4RBJByNjAYIVRLyIwCh+gzWXqXWfW/equxdtLUNsS4kHRva1V3WAH1nzM4P5t9ud47/L9G9LJXzwHRT9CI1onpA6/fAd/19t3wApFQ805BLU+Xi8PUPBT1GBDZHW5UZcMQPJkl9MRO0Gj81xLV+UeNf14qZOk9whkv9IKxjhRVeoM+5BWZQ3p8VPk3ZC9hQAWtc3WBrXZKlspNw1W+WwFbi4x7MQDNqt8iK3u9LalQnrSSBX8ICBq4VXAD2zM3EfoWs5zg0u4msRrfNSVQBgi0DGExau4nOxd2brVysBVNN4uw9ljrryYsG6Bb1q6n3rPo1JdinbeAm3EdeMpbX/Oc/p q/bHh91i OA6cwMCfXo2viebt8tOJFyUzqC0mpKUlJcI5AJZB0zVSNLrAdz5N10X9f++hRo5Ml4wDXNVpTRIecpnCi1ilWF1oONRMaVEPsZwtLrxC6keskCI5sq39yipduMCTb0/47Q03cVQCmN8YBRfMoaL0PlyDA6z+GZPBwmygzQ4x6pghLYS6AWdcCwfOSyLUVZckRlnSE0N9t3dVOOgKv6X6l3m6Wlk2SFouRUJSNXJZR02KQS9M6fYJfjeiMSOlGnHrxF5m101I6tK8OlcE5q/8KHqrrNwAWGhQ8HwpSl4/+C74GJF1NfjZ9UAj9svS9LDGDiqsOvEp8OxrieYezOAXxOqf/T2g9aOd3XhWkHWCTgtK4mN03RQxkdyo++rkwS2wYoP7J5w9N+ucs608= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 728 +++++++++++++++++++++++++++ 4 files changed, 742 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index 1ae6864d3f86..8ac37dc3c78e 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x40f + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 74 #define PR_SET_SHADOW_STACK_STATUS 75 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..5060fdc110f5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,728 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %lu\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME %s", + strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP) %s", + strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %llx, locked %llx\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, val); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + get_gcspr(), orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %zu levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %zu levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Thu Aug 22 01:15:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 507E2C52D6F for ; Thu, 22 Aug 2024 01:23:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CA3986B0124; Wed, 21 Aug 2024 21:23:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C52CA6B0126; Wed, 21 Aug 2024 21:23:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A7F7F6B0128; Wed, 21 Aug 2024 21:23:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 87E866B0124 for ; Wed, 21 Aug 2024 21:23:19 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id ABBE61A1277 for ; Thu, 22 Aug 2024 01:23:18 +0000 (UTC) X-FDA: 82478133276.03.6D72875 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf03.hostedemail.com (Postfix) with ESMTP id 466AE20016 for ; Thu, 22 Aug 2024 01:23:15 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Y4RtFVRC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289731; a=rsa-sha256; cv=none; b=myxePSu4OcHR2BYOqt5VO8rMYoSv+w/OZyHMdPJuHBx2N3Jmjm5dmP1ShtKi0tjU4w34Dx QiyatFJAXz+dfpgsAPyiiOXJyMp5VKJt89Ba9471vExhdGI7ZAeWkFNEgiVRsZRY/+X7qQ 8C0Jp8kgmH8M8axaYHO3JZz9M0iVHDM= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Y4RtFVRC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289731; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qeTei2+Rv9TmGzFj/jgAMv84+i3cbC0I/TqETm/VMk4=; b=mzJW/s+vxJp7ACzngFDxfr0mCJPvy5QRk1d25xgCGGAFkt4vULYFpt/Y930OPKnPjv3NsI WRwFRmAav0Xa5dcZe7jOkLQmNmsgFIAMd6WAIA8LmPcNpENsM45+JsPiiHqikJxy/cCn18 PbN0G+LDPKgdeJhODcczyyojPvGxndY= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 72B39CE0B61; Thu, 22 Aug 2024 01:23:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 49F14C32781; Thu, 22 Aug 2024 01:23:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289792; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Y4RtFVRCr29PIUgkzAY+XbAdLBhRDwWOqbMJ2d312DSc9+ZbtTxiFvX3vElNEba9m C1BmXvN3SKR4VgdoluHQ9R9APT/mhxYFEgKcb9l1T8H0UG2KhmD2E+Av2ciYtP2r/q c3PWZjeyGT9G/PKIo2YjZ/bgvUDjth4ZTyZ7ej6kOeaqHAX/vVHRT1W6nvNoVAbf+I 1+O+i7Vb1GG9I6TY7ZNaEp6nfAMYhK18ZTBsr2NTFVHLkazwWl/q1kwgr4GzGj98vw +D66JCBXjDRZcRUgmYDGCe0xpfAmu+7LtIwj5QMAvNSZQMuloKbzRVhVIxMmv0ZJfE +6s/GYI7hRNuQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:38 +0100 Subject: [PATCH v11 35/39] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-35-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7382; i=broonie@kernel.org; h=from:subject:message-id; bh=/b4fLgBxrOG/LTGvqBDUXcUFQWiOWxSYArOHQoaOV+E=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE/isGW7OQJkuu8ReWnaH8lJAorwHq2yQobWtk5 1aRbRAOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPwAKCRAk1otyXVSH0ExZB/ 9sQqgy2L5T0j4x/ehMRhrSHqRqOH1ayILAsZuRPy0t0qR4727c8NWwnibGIxk5d3rFpOWJWySsAFBA khDI/1NfNGnL/2m7hR5EgdusKvJnFc611vr/Jp1MWTnAuYccHFIE3atcJSBrn1o5a0j+JoGOd2HwDG I7eLHbqb9b7z/SgRP7beokELidNB+lz+HhYuQe16EDBujNRKFYMtp8xqonffgMdAL6N3tNljJYj2tl g02b/0pNuka2tLU+EnMXlpQfL5AcjiICaY6KlHEojdpctPihrbrpLbL7vlSw19XLLwfgwvLhhWYAj2 /30lTG7tSR4LI+QAImwlkHiBf2N5mu X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 466AE20016 X-Stat-Signature: o34yaay1dy7yqgpwih7hqhexhid4yemk X-Rspam-User: X-HE-Tag: 1724289795-225238 X-HE-Meta: U2FsdGVkX1/lL/lrh/MlhzN7ZGmvowXLm4whXLYxQDGNQmlyn9tdBtfmBdg3AkEzqNxcxhn6uC5hYsJbXQ6oYnhASZXj4FJX+EkZyAOUE3QtWGg35R7j7LKlJSTgI2n6d2edqNosLyJh5oHZsSV9zPthRWqYIz3dTWVWlpnFMzK8gYLdp7zWGcwlpJwO8c6KY/6BBw6deDU010Urc8s9L9/D42SHJ2eAGvegoz6Odti+mBK6CdxGKJMV2VyK+szI/zG5qB5HlfIHdUeKgln2xqco5jIakaNZTs95aujbG9T4n7vg3A4+md1gg+b98YEuIWDx6BjIEnO41gRUyF58PGoa+ma8FRIbNhjAKl1Cv9H+DFXBQk5Uw7T/14jfSUpuUHsqXIHDMZIZY6WNPVd9w8pFNGbZgDC3AlgKdICqHYrKtic7C/ay3v3C1OoaCpMo/mNEop8CuqjqT1VdqSUBM8VsZ+qeHarS9yLA4xFAsh0nk+E+YQX++yqu18zgT/9rEeisZHFywxepH7VjcRLFg20kB8EPV4KwMQk8Gria6LgSXCyG5iyyLBXtTOrYoPK7dZvAy/lcpCDuH30OnrHoyNgmRBNVTIRQvv3Pg0eabDxlo0ppFYSRuDg54G3idabzqwv8tpWCwTmVFxSpQKr1xXeJ7em5whypPYAuOq8cpa+TT+mgwqpTaglwUyyOHTWQvwl+L1buwB6x3ZuTQnLO98A+tbt6gpXVzgAhBWLTkylHIdVQVYYjo+Ng6Au+wlGRu7EmSVaKvkQwh85mAqjnvWNgn0qlPsfNl9LcN0o6LJONXYm03ME9IAKiVVo79WLgNEKiCW/gcR05+qDjhhSbv8Ci33kGzHTVRS5tuAeCdpOHjTGlT/IuF2MSYkO/JE9PwaRzCmgG1rTKKLPNCGn5jMFo/P8Az9lXjk7furuyjgKtgg4bOsANzOp9S6MYfwo+vr77QsjHXLIxmsd6ggO vvTgZK50 FxhBoWJ+z8vvmHRQVD5W+pByQfcR5HgdUbKAhjjeKCUmzCBd06cYCyxHZ4zZ0lcCMLovwtlGBlItiKx8Qnma5T6n462Rc7Ktzgn8nqym/UO2eZ/pN4yDOhUlOxDjfkvkstK7TK+Ns5xrhTnricFkA+AZ72052Gx+J9Jwcp/bo70qYEYIt9AByiOBsOQemHYrnfCCKnPTmkRqLdrpmSc20+q5pw6HcbGmt5tKDVSpSwsnyjHQ0CyHMe8s0E1/CHZungT/VjTNv0IuFNwNW9+KI7Ecdz/dtV6TkGuVGP9rnh2CZXCU7LxrLCVHiWZMp3v/Aa44MCswqnx9SSltZ5kS3JJszynwnTHTSsJne5bQXADyrDdBUpk98bq/hwwggPbrRDzlJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Thu Aug 22 01:15:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772388 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AE72C52D7C for ; Thu, 22 Aug 2024 01:23:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 860A0940011; Wed, 21 Aug 2024 21:23:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7E72A94000B; Wed, 21 Aug 2024 21:23:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 660AF940011; Wed, 21 Aug 2024 21:23:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 44DB494000B for ; Wed, 21 Aug 2024 21:23:28 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id ED30E1203DB for ; Thu, 22 Aug 2024 01:23:27 +0000 (UTC) X-FDA: 82478133654.27.FA4F1B4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id 07E808001F for ; Thu, 22 Aug 2024 01:23:25 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mXqIF5mX; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289789; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gBkkGTg9iwkURdLLuf+UpkR7ejhULQidz4/W46P4K/c=; b=PBZvTppDn778Di4mah6gCgZlwygq5QPbKbHmk0xX7laKAXJyfbJ0+4nScenRbOnwiua0tD SB0IMsRhuZ+Y1POiHsgRgOmN2/BdAtGi7kBiFf4ChJX+c8zg+afw1C2JnJQq6k6qAp0Bvi Bn4RpAkjaMESXqssIpXKQ+CM1o/QQag= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mXqIF5mX; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289789; a=rsa-sha256; cv=none; b=Rgf/Dx5hpyejgVBZMIS9lrYOuwpRleG9Vll2lRrb0Pp9Nd9YI79VHah7LbNI6LIrdklKyt y0VavFkCImTo7c9B5ciUymVVmVcRE7zVw4WDv+fjqD1OYUD29N+4XbqmChY7Dvc6WMYBhT JsLmzvxZisk7dpeJI6C7Ics/dujw9OI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3F6EE611B2; Thu, 22 Aug 2024 01:23:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4EC9CC4AF12; Thu, 22 Aug 2024 01:23:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289804; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mXqIF5mXRZs3ksQ6AV5HwOOvb8d34RTX09kx7rzMB7YerQ5jHKIVEE2ms+5126SV0 Wi7DCBS5aTyXsLJ6Zntb65d2F/Uf0DRnT3vs1GbNzrA++uuiIbPiO9RpQSbFpqQ9Yf H4ovJ0hsBKPa5lq3z6e28jP2FblOfhCqTZx0BB3jhQvC0wswllBC+34SjjpqLEoxvz 8TQlSues6wfMDQT80MzIFjExB1YMkkfnNsHVV/nPGSkmze0pFHtrywwkdM4kmXcYC0 0DrZGyCucONOjxxz/zEyIRHRoaQXu9Bih4aLHTCew/99RkY7ohTAWg15GeSUsdSTjI iohrTVVweO8Uw== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:39 +0100 Subject: [PATCH v11 36/39] kselftest/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-36-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=7642; i=broonie@kernel.org; h=from:subject:message-id; bh=6kf8vUeE2/3/9q62BhJqQa6tQ8qTDalv3nPeOQkuUQk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpE/1ZTQcQ/bqUjJ5kvSBJ+N0rUBaQBeGE6qv1Fs kD25Lv+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRPwAKCRAk1otyXVSH0DnAB/ 9TDOISQTpT5eHycSJptWggwRu8ovqh7IwGBVC0eKJ67Ly104n7qo/qcFyVukYPl6AzKCANscvUj7y6 ft64BOU4KGDoL2g0TeWBe6lMn5VIStodjSvwF/gz5dEx6ZlxA+QOvBbt0+prLSXhKcp1PqW6wXV2fR hyfTNdIlaDEIrguU4Ko2D1w+P9gkCaJbd9pqyGLagui+PUl5YYJWDhx1x2n1JdjZq4790a5RVTnHb8 Gxy11B2v5onIgtendEJq4TqOY4IOnFrp6JAJh27uSKXfdJhLGE+vxcuEaY5Xa+bI6VLPKVcCeiQfJL HzCENGqPpfliKo87ZVKiDxBv/gW4f/ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: 3jiow61s37ndjfz6n5b9buacr69t1518 X-Rspamd-Queue-Id: 07E808001F X-Rspamd-Server: rspam11 X-HE-Tag: 1724289805-782658 X-HE-Meta: U2FsdGVkX194zi6B6s7OR+hRwrYnNpPPgMlwuwPm+PjEGpz+z0jtJ6+gGl1fI2y4cav7S4svlxKe6StIvS9TPDgdtSSTQ5B3m0BDeY7mWcgE3H3b1EMLGQ+Dec364CORI2fRPLIKA14/Gz+Jk1S10gH3M3LKRPyN7qo0mcmExjByVTKW8CQyAWWxfI+h2Y9CMNtX10tZs2GU+oI1q4cI6fvGlo/qV7annqMua4Ukeye/tSpsBPZzWXXv6+QNgrfGSew5DPp90p9B3zbJ2JrZyiB7S1ujbKDo87EtET2H3MBqmH3ZZKCzC3/MhCktrwdj+gH6SMJsnEWhx8LkHTPO9DFEV9gLDKbJwmKvklTmRazFRFsAlPVkMibTfwqp7z1G7E0FlLPsZn2D/WnfSHsT8EZ5UsKs7xTgi4FoalFdRbLLJreI6cfWMaXr+Sh9sa9DTi+MaJa8EGcpnwgzPpN8aXuMsq6VUxcDZdILyosryUvWTkfBWvZkyon3YsXjIxq/UZnZVJ5LRhzbpGl5xIkJCgBdBTMCovkgZf7yeF/Unmek8Apkc5vapKVXzenaO75w4x10qOcrD+DyRWGLu0MXDIKWg9y+taQv9HbJXARG5/AmTJrjP2ME+/X+gmlB+RZvOPgpN+iyR35V+LQ8L5CstMXyrqUKFitxPbOHh0dOhC05zsCeJkkttIz7LHi304g5MA+6d2P8XDHXkslxzNNFbTvTdXBlY5f5g2zVITJhlVWmu+28DH5FjJ28kx8PuYcQY3yINO/a7kXpVK1qLE5ZSsFg+l7+0glQ/WN1cCnn/5bRicASC6BbCwtTcwZV2ZSnyapnx0uIxOvAW5YihJQq6rQ43WhEtc6MZqIa92D4M0+DVN7SlG3tQaYk2KPZ+7oSPOdhdeLyFAGwdgCPFM4TWmpdrV/LgJMq4QascRsEV4XEo0X0N6v8qmYvhPRVdNFuNxTniXvhDV5Hxj7Ypzb Jdum6CKJ 9njYrfUrDQOF+cO2HewfmRZQ+guYj3lzGuf1CivUnafdOiV3w55v/nxCjlujMgs3UgZl6WlPTrcZPnJ4+xvisviGRNfKj71H/lY3Qo5teaje0w6IFmfc4grfRR5yskcTvCPFWgCJVivqEF/AIYU1u/yf9cmmYlpQ8TzbeD4a5uMj85aZhpAdbxZaqPP3Z86h8Me/7XAeLfKuuYGZvBmDH9yvnzgHWscA6dw9PlYRAs7MjMFHAwFnTuYiA9wDVM7+1dbcoj4aSzTTsYevqHjoKf5UJ+eEaNxxneCGCc/bZ4EieMkpXZdsIWnWQJuDlsuB3AJfnn419b66+u4GlUNQW5IMw9vwKHXLmxwzsEfd/xJv2YoPDhRpSIA3dVnPLoPFvDAiNw3wwb/+Lc+8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 62 +++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 88 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 ++++++++++++++++ 5 files changed, 228 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 1ce5b5eac386..75d691c13207 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -2,6 +2,7 @@ mangle_* fake_sigreturn_* fpmr_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..6228448b2ae7 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* + * We should get this from asm/siginfo.h but the testsuite is being + * clever with redefining siginfo_t. + */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..b405d82321da --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + uint64_t *u64_val; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + + /* Ensure that the signal restore token was consumed */ + u64_val = (uint64_t *)get_gcspr_el0() + 1; + if (*u64_val) { + fprintf(stderr, "GCS value at %p is %lx not 0\n", + u64_val, *u64_val); + return 1; + } + + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..faeabb18c4b2 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Thu Aug 22 01:15:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772389 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2888EC52D6F for ; Thu, 22 Aug 2024 01:23:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA9376B00F2; Wed, 21 Aug 2024 21:23:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A59B26B00F7; Wed, 21 Aug 2024 21:23:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8D1CD94000B; Wed, 21 Aug 2024 21:23:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 6185B6B00F2 for ; Wed, 21 Aug 2024 21:23:45 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 124E081209 for ; Thu, 22 Aug 2024 01:23:45 +0000 (UTC) X-FDA: 82478134410.26.53486DB Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf05.hostedemail.com (Postfix) with ESMTP id 9E86C10000A for ; Thu, 22 Aug 2024 01:23:42 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="LI/W7SfR"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289764; a=rsa-sha256; cv=none; b=Gnjb2MYxyglmdUWIh+BZcbUuawuz8l0mGxOpAcakrRaOVWBqbsmMo3RsuQi8YT5l9EA2mX gJNs/3XL9BXTfnHWm5cYPtBscmy8fkfATfKVapD056zWOxh3bF6xhEy8GFkMY4dTvSQHTH pKajFHRXfqlvgW95JxFH+h2K0i+mGsk= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="LI/W7SfR"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf05.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289764; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ATGQv1Fy8tCwEjrXqi4sVPw1g1DJeBETlNX6hQiCSiw=; b=Jg+0hHgUwdNMe/nurLwgoVE828NuL66DZ/2T3Qd4QvgJyL8NvEYMbhAWMdp4/lEzRkJD8s KFTDiODr3eJplNiSGuNbhMrtddp1UGcmhF/pE150IicWCoEUhwWvls+1C3IGn1TtjQooq+ zZRqP85utdCs3A7MqKOHQ4CM/mPGmZM= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 80E91CE0F1C; Thu, 22 Aug 2024 01:23:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 922A5C32782; Thu, 22 Aug 2024 01:23:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289818; bh=jSXzBeczkE/zmgGrav1T+XnCBgKzY5Y6eHZrGHb1C0U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LI/W7SfRt6Ldxv/+VkpLdrpTUdlXHEnpmk8uqym2GCr6Pxy7OGWfcX3cZdqUAfi4s lVUm0BmcoTUI4bWfLDPj6ej+ntZatX4XFNBY2iNHt+Kk/ijTejGdqGZNesms4MdfSX sLU9rpkFaAe8bNBrydzh3A/cL6yFo/5tX4WYIArgVgJzSiLmX/WjHiID6WyLDC9ptN 0FUOgJLPL8G8E1VAba4iH37Aiv36rx8XgrAjqrAiwARPM04gN32XUlJNB/eNpohs9x y6ZZh7R+0VisS6H1JJHZB20JhY02JCLsxjuFY1skGDN883I42Rpd1BuXkQqV1EInkN 8VfJK1H4L7YhQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:40 +0100 Subject: [PATCH v11 37/39] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-37-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=21194; i=broonie@kernel.org; h=from:subject:message-id; bh=jSXzBeczkE/zmgGrav1T+XnCBgKzY5Y6eHZrGHb1C0U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpFAjywXkDH5tpyNp+1FUmMqHPh7Dk/8kgxCEN9k okGXdUqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRQAAKCRAk1otyXVSH0PurB/ 47/woYBm2gVwBCN2v2hQl8p4SCxGUgoO2rzhuryZH8tudtrYL4ZpQPn2SONwOAp4jJ0pA3txN/+R/T Ad+MrXW7ywd+lGOMDhn8e4v/Q5WnOho6Qh8qAsA/uexNW1NhbY/GClIlanv6yMz5zEQgQktS0MdkAI PF8xyoRq/KHqSLZLJWay6rZNPamMXOfMiGVcXYfw+H+68MdEBbEQzhDAwnwT8pEyLXDxORuKijlcmB my5y2z/fsMbbaDlFLZ1/+jo9BVmZ0RK4T2q7pW0Fn83L+qMtYzPpSUXxbflphRu1aWkkkaY8TVgAuf CP7480szTzUTY46Zzu5BATSqSuubLB X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 9E86C10000A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: t6665mokxrxu6pum6wk81es1y5nya99f X-HE-Tag: 1724289822-901886 X-HE-Meta: U2FsdGVkX199cb3D46b7uxWScRH5ZzpfpyC03NvumjTL6KMYqfiXeO/7cZWXSiMe7W8QMhGJl1940oeCa++Jl2b0W4FO852PuDBxN3VzqkIqCEgxp+CcsBNfk0YxbGbKMn3A/QWpV3FG52h5nKnxDRBulqp6DYFqLl30E81gF+Dtgaax7RMUGXOt2X4T33a38cIwloiCv96DfzV1Bst1gW0hbNARnDxIpBelfFxTpQ43h07pvhW2/eXAFsi7X4nA/2lzcW2JpoOMwHzYLtUDVm8EkVgbK6Xmr77O9lZkOmYNdMuak55VXI8g1Pu+VOeJs51WtgTDr9hk50K7STdZO7DTQT5lzV/on5u7KOBCKz+9/gSwTEhCOiId4q6gYgsV6pN5UGmSd9YYZpb4p32S9rUDdTE6f+Nk5CSQd41bKpDCIGDRNgDJ6QA7p+X9Cva0FxQK5CrgqJMEqGhqA+MGaYFnQun/QsmaXNT0PbRsz+RO8wCO6WBDnVP/XBzW0s7M2c3gr6RAcoflFaXZlbV1UfirUQ4RFnB5+NtqC9f3ptJYHe5Z3jLjgobEUko4q3K0H5G/qLJhZS8xwK8L4+OdN3nJS85pYy5nKlCSZp0Y5uN4xwa9CxzRQqhheG1gFnkFZasqcpt8AXgvHrt7l5jtLd0iB6TErIMMbd/hf3U1pgjkL3jYhJHYMzgOmjmXTSWNYhQXfbOn22oe94fCUI9Nk99mtYDc0hwX3KfES5xiWcyTCafks6/5lVqCdNlV2rTRI8pqc4uhP3Q6EcWnBm9Wn6Ze/PDzciqAx3QS/ozl389fTGt82PM433FAulhSbDCvVdjeB/u05QOc9YaqzsU7lEt2YT61cEm99SZeapBdwDc68kZOIKtps/Behcq5/QfO3uv5OsPvkHT+0XQU3ivPqrg7kj5RctOZVi1d6YfyXxfQuzBs09djKsXLztCuymPDjRYeoVfmRtvPssBEC+E kIAaE1rm UDQ1IJ+6IvMqfeFQGqb9h8iczi/rhhNSj6+a7XuHq+whhtFlTmOjT9g6nIIgL0BjFfQEMggBC4ih8ZcwrnLYu5A65hpRyLpxHZS1rfSZlgBARVqH130faSbeCH+tRZ6jsFLapd2EPdlVOeYRHHVYxWeGjL9dEJo3+9rj0OycfQUQrUwXrOwrHWx46RgaGb9q7FbxdYv1pzmYp0ck8jTo4WnDuqt7cgCmv8aD1TmfjqbHh2tLRHaPpqPPLdxP3JTyLc5nq46SFWofkFKT+UPBUdztV49dQ4d9ED6f5vmhzNV9srO8XOzYwkS/RLj7IUuqygnXdHWQbLTquT1o6cLdPOCGukiM+uLm3j3KGov3NUVzM+R9uoS7YgyvwHRSQIva8eTVpnENgHRBN+5A= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 530 +++++++++++++++++++++ 5 files changed, 848 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..b88b25217da5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endm + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..a81417cd6f5c --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,530 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_finished(); +} From patchwork Thu Aug 22 01:15:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13776861 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33FE1C5320E for ; Sun, 25 Aug 2024 18:11:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AC7888D0021; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A1D178D0020; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7F95F8D0021; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 60A758D000C for ; Sun, 25 Aug 2024 14:11:50 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 071591C3EED for ; Sun, 25 Aug 2024 18:11:50 +0000 (UTC) X-FDA: 82491561180.13.0E7379D Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf29.hostedemail.com (Postfix) with ESMTP id 506DA120004 for ; Sun, 25 Aug 2024 18:11:48 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=R9zzjzMV; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724609439; a=rsa-sha256; cv=none; b=YDzRGFEIQLvkOBBoILM111ZC99L2v0hSR284Hfe9qcmCRoNlcwrOYiHIVCzV0il1mWTiV8 3Lq+kUs2XafN6wfKERctTfMTQE+0/MKlE5gKPpAX0eEq10ScRRXF0HO3narDjQfUNn51v9 gYM+xwb9EVaLn5jeLSzjN4PM43l2U1k= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=R9zzjzMV; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724609439; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=x4bRDIg3FZYF4TjRB4Ac3+0Hb2IaTqNwKYJSKp4sACo=; b=wmVciSbuJ0/7ZpUD+cyHKY6ILDM9r07TVUeyCnY02XuE2IeALa9w+GKLsaAH5Ie3sP6sxn /YKpNoV+slB1441a0ufps5m/RjbNxSTl9WV8lVpNaj0mUrR756zzsOCWAvCWSB/I2vHOjf 74/wDC5ATtoU1PswsM6hvlRf/Ygx2wk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 855D2A420FF; Thu, 22 Aug 2024 01:23:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 599F6C4AF11; Thu, 22 Aug 2024 01:23:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289830; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=R9zzjzMV70LpzGfyvhuJYpabIKzUcvQf9MHXQHntpuj1/nRe8ImXDZhtco4U+GIWD H/L1Qr3+s6la2xkwMiwv798l3hafjyZcYnb5FNpK192mgBXdYzu+Bz8JO+OMCH0tl0 71TA36KOD9qaSkQfQoJhVnSvi5LbUD0bV8A8LPKdlGPGXVs18IJe6gCLyZ7N9g0SOe EFr4BQDg2i2AW1eBJ2U1sOPB0uc5gGjI9YFKmUdRUTppOPzjjYeyns0b5abb8cLyWy YIgowAAhiLYAlPnSvCEV/7XHRUHMT9JceVGBH/s3O9yv9jhRwLAHZX5xJ7XjUNeJGF 5LICH7Hd2wa/g== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:41 +0100 Subject: [PATCH v11 38/39] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-38-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=3151; i=broonie@kernel.org; h=from:subject:message-id; bh=YYz6vJzvFivBjzQl/oYVfPbzMadH/24Qr7CyuKANnYA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBmxpFB+A0WlwPqvXouPNNAgEUHNQxzIPyeeifSv05V CgED102JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZsaRQQAKCRAk1otyXVSH0IFqB/ 9O2YNN8PESOQ8WpkX3izDmeZcNEc1mXsl6dcYRSuYE00J6cl60UTAoBD2c+1iffUZZvHYOq08x9TYH NkZIB/U7bSX8x3OqTPM6omT3YbnF/GLaFbmWaz+J246wqay/dsccm5RWIqd7KpL36dESEg81pFOePd iMbsQP0jR6Oy9Pr/a8zLX0C8z851QwxecQ2bDMezJ8pTuATnSOHt8TymMguDghQvxihb/rrd9XsoE6 OYyEldzAk187hNE56iYGryyL5b+P6sxtmplrhEfvR7kdK1liKjgs9r35hP5hRyhEJPyfpoJqyfcIYb cpqV42uhrlGB8tPJHDynJyu4CRAyZ2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 506DA120004 X-Stat-Signature: xeg3qfmi3z8ggma385xfjfzch1puqzij X-Rspam-User: X-HE-Tag: 1724609508-506534 X-HE-Meta: U2FsdGVkX1/wO936G//+IfCKQPoZc9ttmfJYwbju64njcBbiXyHbHzolwS8ueekNxej+GepRYM898S0DPU6f27N5CikgJv3lrYd64U4X+9zM2jGgFhtqk8RAnFERrbAYalprXeN4iJ2qD3dvqPi/nzOWz3iYnDjxvv+aJApOp6EIdV2bLeVb+cFeN0cdPg8pZTycnqOvNmfsT3nqANGNeZfS0quYKLyG1In88wVzZb+E+mpjfxqvh4+nvvTdxC3q6YQwbYJKUXl+37z/xm0Qd6iab8DPpDoFoeZe+T5ng4qets6zg+40K/RvbHItDtKyy4WuQwhNPTkqKxviJeXAkarqKX87WFKa2vXmIxEFkP4Z3mje5XJkRTTqzJZGDQ22hQTtXvB5owxRHDuOoNRqou6tYXKyNKjatLnvoh90IjMolke6t+4zXcwBcvpjUx2mgKA1ZmyvCJEG1Y881hcshogzRWU6OFZ8MPVPxIG4RnottpULSgDIiV3wwEbh/WbGQXXHMYbIg+YHxPqAec62kBNRpVDs9xaX3IJjr2xS7kpVfFHsfOGO/vQ1Pmot9qThGPEcnWT37n4MY206AWljfPhbJ29iZ7qiLNu4BD97mi0y5W2hyBd1lPx3kw+UCLQExKxaBsUvJUAd4mvt0NgX0/9AZCKoOx5KVMEaSOfFT8jcg8JrfVecpxiX3N9P4WCXmN0d16CK1S56CTH0MYlk+AUdg+Y2OQgbhoAMFWgF8WVzQPXLsJ+aXxcGir5u0MoUQnIDwChVd+zm+76kIn8YtT6XhYeILYro85qqelNRvk9QBYHfbmhD9zpJPaeOgc41M3SfYFNTKkPssyA1wc5wFBarbk9wML8xsQLPsUkx9UrIc+B3K5tHXeZzNbJPzE7L8E88KCvaZcSmN7E9xW1Kj+9O1W1InRFm2Sn4SWRZSiPgBYRz3oFYVl7v5ovpZPFxfIMajCFIUPx3mWZybBw I4ESLQrb lu9wyW/W+FaiSSfpirz4KwlwZQNoun5Nv4LFpIwyExCreNv7Y3og5kbAu0owektkTsUR4UOcCj90xAE/be1IUFk2qlnvuPK7opweC8lOfxXsZ05s5++Nl8ZIEpEMCedW7athxdHkqtoShcTeyd1KY1EBuvIqmNRmxBE/GCpioAn4qlg9XDJV818GLSWZLyC/OT+hMxfL5JJcvTKyqE/p5RyxLjIrTQly9yJjx9xuU/eJyK8CxSASDnY2Fhnw4wrGOileCowkz7zymyDR4O/ucq3b/oZAx1iPu8rnLs87+9+pe1T6ybIM793KDjw6UgfDDOFpmh2zNQjgYQ8wGKVpVeu+WpSO4AZ4yuAOjtY/o7pnLJxkmualL4hFS2XyOnwIjJmXc7pf+/cgGEhDzsUxpVKqFTpkyP4fQg+oUH2+8NQHj+j8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..1fc46a5642c2 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index fff60e2a25ad..2fb4f0b84476 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 095b45531640..b2603aba99de 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index b5c81e81a379..8d9609a49008 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT From patchwork Thu Aug 22 01:15:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13772390 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7047C52D7C for ; Thu, 22 Aug 2024 01:24:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 617476B013E; Wed, 21 Aug 2024 21:24:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C6186B0142; Wed, 21 Aug 2024 21:24:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 423496B0143; Wed, 21 Aug 2024 21:24:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 228FE6B013E for ; Wed, 21 Aug 2024 21:24:10 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id D249FA1210 for ; Thu, 22 Aug 2024 01:24:09 +0000 (UTC) X-FDA: 82478135418.21.6AD2512 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf30.hostedemail.com (Postfix) with ESMTP id 6BFE48000F for ; Thu, 22 Aug 2024 01:24:06 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iEBEIs5j; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724289758; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zpawyuS9B9pFyqPLeUbWVN8Oj0MRjkReuUsUVFsBJLs=; b=4gKK2dZyB6kjTxNyKgyxlOUQWklFdvC4xsLaaNkbOSrlvlT84rNYBDjdAQp/5EQrz6k+J6 g3qedKE5BqBBSq4GiYW9mD0A6xBbbhT04Jf9aDWNsmYBHRqxVYxwWJLe2pgePkAmIxQ5B2 NX5r7skEkjiilM5C7BkfpTy9gxnGeZo= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724289758; a=rsa-sha256; cv=none; b=GuAunT1KVCjXu2RQdvfsURW+5QgwdD1AdJqZnG8APA8PEisRrYp8TV3gMktCQT70PEdx6M jYKbQpBVzDsC8lbg7nbu8CUALvYl6PXUm5RrRsZrI8xMftjrJ+5cQ3QMlUdi0hrrwCx93w nv253Dif7G+KjDUNfeQ2Foli5iiuSYw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iEBEIs5j; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of broonie@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id B9638CE0B61; Thu, 22 Aug 2024 01:24:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7B08CC32781; Thu, 22 Aug 2024 01:23:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724289844; bh=W5oN69xYg0RDvkVAq7OBhN9me4eHC7ENTR8wdYTObEg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iEBEIs5j4ESOyOuAI+C1WdLslac5LfFf4kq+lkNdmDRnyIC5yWmiqWDSMJJspLip0 ml9uTFJFpjA0iZB8kpDqcRdUVrEAN3rgae1b0KWClRy/Dt5K3C0ScTk7Y4SWdSQ+0J J9ynhy9+9DciCFx1xbPMettqUNcK0C/8oPiqZYnE2aLmN//nbDx9gRXLGbrz6FOC9N QJZK6dQb2Eneww26LRoFWKUpXmLr8bA0krMzkGL40Umad43ef518YlBAcLdGrQ/xva UmXJOYn+WGgW0hN/+th9qactP+9HaSOVf/vKYQVY8GyrjynJ7JP8i2m+nC2YGho1yB C5cIrr/0/qsMQ== From: Mark Brown Date: Thu, 22 Aug 2024 02:15:42 +0100 Subject: [PATCH v11 39/39] KVM: selftests: arm64: Add GCS registers to get-reg-list MIME-Version: 1.0 Message-Id: <20240822-arm64-gcs-v11-39-41b81947ecb5@kernel.org> References: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> In-Reply-To: <20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-37811 X-Developer-Signature: v=1; a=openpgp-sha256; l=2418; i=broonie@kernel.org; h=from:subject:message-id; bh=W5oN69xYg0RDvkVAq7OBhN9me4eHC7ENTR8wdYTObEg=; b=owGbwMvMwMWocq27KDak/QLjabUkhrRjE52aWuqWJvl43G370Cb14vXG7leGPtlWHj9eFSeamTBo X9LqZDRiYWDkYpAVU2RZ+yxjVXq4xNb5j+a/ghnEygQyhYGLUwAu0sP+veD2HY0mXtEA/3Nzfa4Jyf PZBDNMzlaYvXxd9UdPmQeKau5R/7pmxk1bVJ80KV7nZ/iJg4lH3l6T79aqUAtX1T7NdHV6wdU22f2z DoV6ifrOnBJdf1xGTvvHPIXgYzx+IXyfDnGuTNt9Jn1zzH2fmQqTrCclRJxxLr+9bOLp1XfPyQj6yc /iSVB6KvkueNHaLp8L5yP/BqR1nWaqPGK77aHK4sT4ptQ/SlOm5x6/HTXHf7th4Q1tZn217NVH7xju 0hSU+cvxlVlNNSErf+uMqFO19qckeCd42zv9/LSrXmn+w9OaR+uVBaI+iD31MpvczNFmEhmVLF5/wT fTwpAtSN7+ZuDJ9Z9Es+4WMQIA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 6BFE48000F X-Stat-Signature: pedtati7me5w5bcqofdgrjo8xgrg3dgg X-Rspam-User: X-HE-Tag: 1724289846-316775 X-HE-Meta: U2FsdGVkX1/qkq51IHe2WHCBF9DuBVOVkfwNuIqPtH0vnqfaNyJW1CW4NCcmuR5goDNlf9kkteW49TUiA7aZbsAaDL+2+M6JRzuJA4s0IhVD8PHpvLVrgbOv7kNIcwMaJUdZPoOyo8ZJkVEhA/LkgOtWOg/iLapGh/tcv4CqW8DkEB6ewtMQU+I5hy3S2j5kSx5RMjhHk9LX+XargCgIf+QxFdM5Fyn4JzZfRHnIROJ0JqYpyc1jyRDeBrwE0WdJQvQEejJnGJ0mwe/UfJyq1wN7bS9TrgooYvHUAfp2MUa1NK5ywhu9L3c9XtFpl+BQ2+KoByEmBEq46Knj1kvRil32vT7xObm2/LdnpjXDxRZnqPUPT2nYJ2yWJ2vmTArari4AqvP1FMCYt328Tp6/9BcHfGyQ2aDUhy3l/EutGCBDWGi1PrQNdN6p8L66dQgaVdaHEMV+06dcVet4yW0sNCcP4QfPkfrKWTMpFOEatq31KtqUn7jYNTls8s9esbNbRkZzT0RMo0uyJ47x0b6loXrs3AvvqCt8JqEjrc/PX7hd0CicdsNfw2Xk548w/jC7HTs4oQzSn2ttscPWdL8vgprCiggudsL1pMZJRuVmiWRC3TonanhufzGpMO8aMigg0L7xBHQZnu5dh/bGM+vybV0pc7P2Ml0xnj7NxOLoXAKigGAHZf+qFKboXsOFpIk1gjPJg0ZG66Zp7l3trZ5upW3MexNyHShWhgDdPdrYku6g/oCC7AT+UpHcg+/rESc2SiPmfOuWIwgSkvxReiyvNLjXhI/BPgSa9O0CIt7IN+bhaHp8Jf/YxMJna+JbeOb/7wkbinzs8h6NGXNTDeXHjYambH/0/JydxreN3z7Bv+k/w2jfnDKzvx6aMY7axMDozDuWeebld3QTbaB0dH74D4QaF5a7uJwONnStrUzPEk9XBO29Nhsx6sKkSxUS7Kxx0UGmFp1/kB0wh8lCGez wuXOi8wt cw9UFRr8wIpRaXUWpdznOrV06QnVGhRsGAIiOx+zJgLGmnONpvPKTNKgkNZeAlw3DU+Fy29kKvEFMVm8H8gT+67PMYL6W/y+h/BB0rCRESWo43WRrB/G+ALO/mmOTh2d28sdxfi4ryyFCku9bZN9Og3jBMRHA16eHoom5AM6PSuLT1SYIQPVhtZVG5PB/7rtN8U2JRBtz6AxkwQu/9KrKmubQ78nLohl1EFyQosDxEiS7UJo7vMIHzCgoE2IlpXegV0hz5JWc/Uw6lcWvRxCTv0X4X8mLA7m3QQZUvJSaOF1iAx7+kMa7ta+K9AqYY58LKS9z0oKagzM8Cu5hEyj+HSmHaQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS adds new registers GCSCR_EL1, GCSCRE0_EL1, GCSPR_EL1 and GCSPR_EL0. Add these to those validated by get-reg-list. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/kvm/aarch64/get-reg-list.c | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/kvm/aarch64/get-reg-list.c b/tools/testing/selftests/kvm/aarch64/get-reg-list.c index 709d7d721760..9785f41e6042 100644 --- a/tools/testing/selftests/kvm/aarch64/get-reg-list.c +++ b/tools/testing/selftests/kvm/aarch64/get-reg-list.c @@ -29,6 +29,24 @@ static struct feature_id_reg feat_id_regs[] = { 0, 1 }, + { + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, { ARM64_SYS_REG(3, 0, 10, 2, 2), /* PIRE0_EL1 */ ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ @@ -40,6 +58,12 @@ static struct feature_id_reg feat_id_regs[] = { ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ 4, 1 + }, + { + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 } }; @@ -460,6 +484,9 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 2, 0, 1), /* TTBR1_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 2), /* TCR_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 3), /* TCR2_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 0), /* AFSR0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 1), /* AFSR1_EL1 */ ARM64_SYS_REG(3, 0, 5, 2, 0), /* ESR_EL1 */ @@ -475,6 +502,7 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 13, 0, 4), /* TPIDR_EL1 */ ARM64_SYS_REG(3, 0, 14, 1, 0), /* CNTKCTL_EL1 */ ARM64_SYS_REG(3, 2, 0, 0, 0), /* CSSELR_EL1 */ + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 2), /* TPIDR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 3), /* TPIDRRO_EL0 */ ARM64_SYS_REG(3, 3, 14, 0, 1), /* CNTPCT_EL0 */