From patchwork Tue Oct 1 22:58:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818901 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6E14CF3189 for ; Tue, 1 Oct 2024 23:00:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 39F5A680030; Tue, 1 Oct 2024 19:00:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 329E068002B; Tue, 1 Oct 2024 19:00:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 17C16680030; Tue, 1 Oct 2024 19:00:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id E512868002B for ; Tue, 1 Oct 2024 19:00:09 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A04E6405F6 for ; Tue, 1 Oct 2024 23:00:09 +0000 (UTC) X-FDA: 82626553338.17.67D13BD Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 9E9B14001E for ; Tue, 1 Oct 2024 23:00:07 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=M+LrQCFI; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823568; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RzRazP9UstyNzO+UDO8cmvWEW5pnwFooOeFK4P/V5no=; b=q335R1Jkhv2vg0aooqc8M/AzzDqoEf+JVNMsEbZt4Hugw0bT8K/DXrvjZMAOUva0Sro+/d +SY1Q+AOgtkDLhq/KpQaRq1+NlDr3QnqyioP92gLB2xOS7nDaq+9+fMUVozU5U8PfHSqGu V++ZI3+OJuM2B+za5pP3e5AwkVlfblU= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=M+LrQCFI; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823568; a=rsa-sha256; cv=none; b=ejTVsVRhFQvNMFzyBL6DNhEvCzdxY/UOprAz/zcZK70+kAIdxwe2B5ObTXiWmjsioL6e4O xnO0NoH65dxriclmYpM0UBuUBVheW4azqul6/qXXoYS+VtL0kIUUYGg6lrzasvZr7h7HaE 3LYY7aEXM2V/4YhmLfazv7bLb6Uin68= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id A516D5C045A; Tue, 1 Oct 2024 23:00:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9BFD2C4CED1; Tue, 1 Oct 2024 22:59:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823606; bh=K6nXwRRi2N2p9O+dRh8Gd4JwgstifXi9hk/l+K5hCjY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=M+LrQCFIkopMYl/E2s9vQPe6T8H19H1rdI2PzELpSbH2tZkMTJWHtSl+2EYi/ah1z 3gNvAjxtNi3aQt9efZ4PcX2fWFLMJpiHM6uEbuX2C0HVtRXPZfw9PLqQgsv/DpZwhx ko+d6ciuvCQ2Zi3pSHmuUbMhyDPPM+bDSzAeeA5DZn/uPvk6y62lYnl1c44ewkXSNh 69leE+uXUVW8w6BP9hlKmk21rT5UvHvm4x9Wtdw/GlWeev+yKsYzQPcLqMEEXGqF5o 1w9V84sUajw3M7/wnS3UK+I7TJGkE9yKVWCqZC3+iND5qOE75MQlBXH3YYnAtQBGfo T38SzvAc2yohQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:40 +0100 Subject: [PATCH v13 01/40] mm: Introduce ARCH_HAS_USER_SHADOW_STACK MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-1-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown , David Hildenbrand , "Mike Rapoport (IBM)" , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2413; i=broonie@kernel.org; h=from:subject:message-id; bh=K6nXwRRi2N2p9O+dRh8Gd4JwgstifXi9hk/l+K5hCjY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7EyB0QhviIMb2LVkfpk1zMQNJtqgP10cwGbREj CBtA0z6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+xAAKCRAk1otyXVSH0Lr8B/ wNnePEP19hP37w0wQd3K+wIDCK/eEBuzpFZ7aYnELX+hjYVtc6/ns8JF6kdNukQYwFNws8ICPJiOp9 CvrEFl08K+lcDS1kc4uaRH+/kWfRTSTzicv0EplBPJT8M+3/QZyreAfUpJbOKHeRlZxVq/cJGAk+Jj /Ywx3NloAY4Yh3F9TPLeMJGiEC5fpNt7QIqwIY4AJPZEN7B1f1jMU68VoYJRLD577RcfZOX0ZKAs2o ccw9CicbZxRRybL8cEyTNUK1ukKmeTV3+s8mwttHVX+soNQu/jI1GrT00svFE2+Fk6OVpNPgCD7itC 81KlVxmfhyeTIRfwIaiO5gkLbBEjnZ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: j5fc8a9jr8cn8xjrc75bn83ai8ckfjke X-Rspamd-Queue-Id: 9E9B14001E X-Rspamd-Server: rspam11 X-HE-Tag: 1727823607-433057 X-HE-Meta: U2FsdGVkX19Gj2/iPbzNo74IyZ5lF54haUDVVVV8RvzvXKrPfDYHIFKUxjQpx/yz1Tg2FSlwYDAB1UH8t4yz31XSMO3ohc+YIeurI2OiAcL+TAPWga7f1GVxpZQj8vIEFnFdJeJWukXOAm5gYR+n035uR+L0YhDSa4cSbD7f4w5PCJSIV4fxqT1TBIbIAoGUA88lOrsXebH6tdoRIBzbExRHDqD/F3jdXBgmU38bAzZ1Ys6u86xFH20rvsVHYLtqUIIELV+Tw4rz9+jiVU42atoKeMz1fAuCppmwzgyX603E1I3sZHsLiYQt3vM4DMYCckPNtvuwm9y+Lu9iLhUm2r/bJ3afdFn713bmSol0RN41K0y15ZDPUczsvJ+is3P4AEvNlM7YtBZnsrtufsj0iJ7sc0fp4sSBJj0Wf3n7rwzYDajDBJ0vN25KnU/6HWbHlcMj1qnMnoNJDPSsUVgjrRGTguYdQZHfFCKF4AlN4qqdVzeVFUH+pPfUAaOfTLF5iB8dR1aQagtZHP6NqCbZxJk7XqnOHFPEnv5Gc3D1jo2bn20DAsdh/5cV6Wh6CyIvNGMNTjFyonlqfwZymjvXiCsUwPajFIwAjZxYPpM1CU1fmvx4l90na6seLeS32kdPF+KX2CHasWnRKD1qFCHOqCvLy9/sldxlCeAAHiHJGM+e3lS9iBqPoVjQonTBaQ08c/KiXBkyBre6AVW/9nGsCN/RiIzRCmhw5XoYKk1fslqa+eJOc3MwsZ4rihyJq5lFdFY4yaDN+Z/5nRCPsD8Kn1CvUGZbZyvkS79j/yaR+/My7OvKDpZT1TNN3TF26ecG27cKnkOBP+TWDPNp8gHt6HbsLv7+cC3JP5xxC1bqbkw3s7u6klz91j12g5H//5bm+GeRkG7t+5pt3Ve7tkxFbGB6SgYFWdy2aNonkJsUoVzPfmjrOxj3349Gg7r8VBGpqHoUqOolcrCZN7WXsT9 QF4zxonO xZlyDZjU+JVST5LgNLKtzawCzzq9LSFXqGNkWr1IQy+L7u7Qs1M0NJ1FazhNemjd0oAe84UbGmV6Dw1BLecLkN96vQgq9MCiW/xSkmzGL/kQAwmQdZQb90QGw8+4gqg8ZmYf893134TpwYBA3f/tdNFqvkOKLg+TRvJOYiyGe9nDGmLmj2d77Ap4MbHh10dauUVqf9pKGrLQ3aDKefvMlt3RCyVlW7fPEhPBm6VKObSrdUwj2jzk3GW6rqvUmNZSKiqFlPhh1zwM507hxpLJvBXe4Y9fpPEWr19WWTg1HZ0ICHsoBjQbjhh06RdMdP/KgRVeIUghiOP6mw88mrfkbfDxhsVeZl+pVHrwjNH38VudfN9nSyweipNBzuiuWytLan4hMdgFngNH1gqjV3xtl6BkGndhelDcPHb+8KhxkeymGOZ2LQiha2wHW9Yz/MKQa/URNRd8ktIg88D7kQxEeu2BbUWh0iOIwTjC7/2TF1lztFeHwiQcBQ7wE9Av2IqiJj2PhO8y8gCYVv2kOReBGgIQ++waBoKPWLC//oiuZy1Xm5SZMxooW6zCVLNJ6Aqh7B4YJVGxaF52EXaryJWsECb8LOegLU/wUBe93mLwX4Io7Z+UzUq/OXsl2AV9iwG8eHmiBcP0JILOSlG8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since multiple architectures have support for shadow stacks and we need to select support for this feature in several places in the generic code provide a generic config option that the architectures can select. Suggested-by: David Hildenbrand Acked-by: David Hildenbrand Reviewed-by: Deepak Gupta Reviewed-by: Rick Edgecombe Reviewed-by: Mike Rapoport (IBM) Reviewed-by: Catalin Marinas Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/x86/Kconfig | 1 + fs/proc/task_mmu.c | 2 +- mm/Kconfig | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2852fcd82cbd..8ccae77d40f7 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1954,6 +1954,7 @@ config X86_USER_SHADOW_STACK depends on AS_WRUSS depends on X86_64 select ARCH_USES_HIGH_VMA_FLAGS + select ARCH_HAS_USER_SHADOW_STACK select X86_CET help Shadow stack protection is a hardware feature that detects function diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 72f14fd59c2d..23f875e78eae 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -971,7 +971,7 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR [ilog2(VM_UFFD_MINOR)] = "ui", #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ -#ifdef CONFIG_X86_USER_SHADOW_STACK +#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", #endif #if defined(CONFIG_64BIT) || defined(CONFIG_PPC32) diff --git a/mm/Kconfig b/mm/Kconfig index 4c9f5ea13271..4b2a1ef9a161 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1296,6 +1296,12 @@ config NUMA_EMU into virtual nodes when booted with "numa=fake=N", where N is the number of nodes. This is only useful for debugging. +config ARCH_HAS_USER_SHADOW_STACK + bool + help + The architecture has hardware support for userspace shadow call + stacks (eg, x86 CET, arm64 GCS or RISC-V Zicfiss). + source "mm/damon/Kconfig" endmenu From patchwork Tue Oct 1 22:58:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818902 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71011CF3189 for ; Tue, 1 Oct 2024 23:00:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EEA28440009; Tue, 1 Oct 2024 19:00:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E72CA68002B; Tue, 1 Oct 2024 19:00:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D1800440009; Tue, 1 Oct 2024 19:00:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id AEB2868002B for ; Tue, 1 Oct 2024 19:00:23 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 56D5D1C6F3B for ; Tue, 1 Oct 2024 23:00:23 +0000 (UTC) X-FDA: 82626553926.30.BFA36DE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id 6D5E110001C for ; Tue, 1 Oct 2024 23:00:21 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=l96NGn7T; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823495; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fK0FJAiq67yvPIYOpNi2flWv3yjC2DOiPSiXpGYQfSs=; b=WE3MHP8rn2a8suWuwP3AB6jxUAjLpYZodaGYxMD5aQFuXBCj/4SSGaypvC4T7i15QBZ0cO +H8hV/XAJo6GmaAbnsHuFRQjw4UqxmbS/czJpl5eZqL4IjTwSiZQPPeJ4bBYCb7k/xwx6n ZOEhSS6zdwjOpg0gwWEzpCs9DFSSD9Q= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823495; a=rsa-sha256; cv=none; b=W3w9gv3ICwnHgEQvfv2AovYHC/o8hFslu/oEkPViwzQuTkFkKEBanswlBjNlDpkohy6WSX OOWQpqbEgFt14JzyLeMeB5oanlug3wXnlqLodQOnImR7Npx4FW1JBRIjN5KrbVM9QcI50z Kyp6Z2wEYh9StU2vfuD66uT2hktFLR4= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=l96NGn7T; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 5A7E65C5547; Tue, 1 Oct 2024 23:00:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 00FADC4CECD; Tue, 1 Oct 2024 23:00:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823620; bh=E+STpDluPni1qqn1pN34uc0md3Dbr7p50mwxPtfPVv4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=l96NGn7TPurtYSYyEpu0VnZYlAC2GuD2+RbdqPXib+mqQAeBSqqkmnezOKTnlqVjr HDbSwGS+mgTjMLa07JGqmUfBnR0ypexjQGKJaNBgwajGZwKwRsxdv0AKZ0xRiwe56F Ao8ZG+9U5OS5Ve6nVTGHYWROxrqGeMoeMc71uZS0QrY0VZUEYy5W2+NhFjwXiCtCim +Nct63DmkECUz2AZK7Oiyx9s45YrUR/vEgDrJPLoW4fLqNroyzIth5HIga6UfMOvMe sAugk1xN/dOaAabMo8cz3b3m2WGmTmp5NFmB0lKgERg/V11rLMz3zxPeL1oHAHXyVs XDfHSOswPd4sQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:41 +0100 Subject: [PATCH v13 02/40] mm: Define VM_HIGH_ARCH_6 MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-2-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1285; i=broonie@kernel.org; h=from:subject:message-id; bh=E+STpDluPni1qqn1pN34uc0md3Dbr7p50mwxPtfPVv4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7FqkbqHSry4P1gTmihgOrWZBFx7sDukTznRbrU 2uCRGoCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+xQAKCRAk1otyXVSH0F4rB/ 9amfpCTqeJr4oMpmSRZ4U6Ditl6XVFokj/OXg+LAKqsq6EhoA3N+8gdc/aS5cnW13+1ac1jZeWXWrg hp3oVPQPuVmteub5aFl3SQzh/BKX8YHEq56dKgJA1udA1tiAkKjASjDqBpIkUH0AFjU0kv0u4Xh+ND dJfTfnKT0IzpOCcfSpCSGhidKn7KUnuBFjPPmw40/aRUZF069RKTCk0USiZqlY1TSUbe33MhAVt3hr nZ3RYPMnOpZs00/ydAeSFTD1hwI9QE9t6Ah0uenxM/o06Cd1v9n2mS9NMPMdLJpFbndB0W4fQmIG0E 3CMqg/lvoOg4PUH/jEwsL0eXZfDCF9 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 6D5E110001C X-Stat-Signature: urfkegc3b33hanuwcbpi7bu6wgfjp6ke X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1727823621-677939 X-HE-Meta: U2FsdGVkX1/3QdVgDPYTzvOsXi2saSujguf1a8iyNISTH/hfFT6tEmANOj+UVq0xZeh6PtuZXbYYuKk6qflkwfZzeQYDIGpjTvZE73CrFAy5PRGYr4UxBk4j4ToiFhMv5IiUjuB5KRjHjIUgcCDDfcXItMKe9gKpj9Awu0nHSTpdmqHA4XAGktjojlbh4SA/9LRouGUvzKzgbuKUaglS4DGtzXULQddiGa1puwZHLFJQ+eJUirszXA6M6d1xplB1eALn4O3UBoKM8SV9xFqUvSTijHISUjMmHw+r19hPxq33wln64d2++6zb8qVsOrwOGvpkuM+Ul0G2QhFv0nA9jWR7dJVb0h++OOCmcQc06I5faFGMKiqi2qCDkk+oyHyA7Gd/mA9pMuU87Bv6rqg/YBvwNz8fdkzowUJbmnKV8zrQkozRi8I0rRUAlMCemd5r1/ZOyet3FkiJkCduiIQBKZd+b6nh74gqyOyuBOiIQFFixLOD3mRHamr9q3e9rAXQ0OuDufCsgEROY3e5O9qiWyxShh2H9nKmh6HHULkPS5BrTDIWaVLIAt+AYB2LNfyGNQ/o3nQC8hpR/4JzP/ZuQ+1YZXpFncPQXjWDR5tTaf9zwMyiHAXZBI7NZE9Zm2PdcEtiq9IfrfwXOdmCpHOwXTMuxv0tTyZy/AIp7ERE+N8VN9S5CSfY8SufaJxPLabaw1II3lYvd8zCP9JmfTSrgd3S3Xn9jnWfNnZZMRyPhSfi2wrV1uuzesVNJP3HUEuK+k22ythQR5oEkCgXI6wc1mNBTYTIIVeqc+rrnFGihpiYY6QKt6oMAOVzBgIvjaNyDHEsnYeH/tOxX12EXE9YqIaxpfFqovSVhSlIlSJqI51k1dtAbu8BXLvbKcxbACtjeFO2tXAeqxQpTL0A8e0qf/UaBmjBzTwL/M509gYiMPiM8X2QqIio32jFS6H+o7ttDRrJdfk1n+FBumPAfIX uuUnEJq+ 7n+rGnzz/AoqCPwwKP3UOZZyjhbXvoaKbZamdrJKG7SMjdiHO0oh5IXK4EvaVOleavEXaGzwcbVQQtlmAcLNYopKEAReNcUYfWlZ/UCCXp75sqWrymdvSCktjr//jfQHXohbAQNh/i0qGybjW5PJ9reTQ+wv8O48ZBYElQAPASdGgUol5Ql+jdi8LsIAdJ4O6Rv1WxmCZOlgxtfiJ98l/gzJJ5jJXYFfmjdJIw/6WWAGzpMrF9BYsl+wTMGZglSYUDapZ2zWvJhryyd4IZdLAP5KZJMAczxghSoGQmAUSM3yeprNq3TBYLuuTy/3dUw1d10/s3U6KJRyjAbQO9xIjdbX7U4f3RaQos3eXMLEBz7N27y8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The addition of protection keys means that on arm64 we now use all of the currently defined VM_HIGH_ARCH_x bits. In order to allow us to allocate a new flag for GCS pages define VM_HIGH_ARCH_6. Signed-off-by: Mark Brown --- include/linux/mm.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index ecf63d2b0582..182bad0c55df 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -329,12 +329,14 @@ extern unsigned int kobjsize(const void *objp); #define VM_HIGH_ARCH_BIT_3 35 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_4 36 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_5 37 /* bit only usable on 64-bit architectures */ +#define VM_HIGH_ARCH_BIT_6 38 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_0 BIT(VM_HIGH_ARCH_BIT_0) #define VM_HIGH_ARCH_1 BIT(VM_HIGH_ARCH_BIT_1) #define VM_HIGH_ARCH_2 BIT(VM_HIGH_ARCH_BIT_2) #define VM_HIGH_ARCH_3 BIT(VM_HIGH_ARCH_BIT_3) #define VM_HIGH_ARCH_4 BIT(VM_HIGH_ARCH_BIT_4) #define VM_HIGH_ARCH_5 BIT(VM_HIGH_ARCH_BIT_5) +#define VM_HIGH_ARCH_6 BIT(VM_HIGH_ARCH_BIT_6) #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */ #ifdef CONFIG_ARCH_HAS_PKEYS From patchwork Tue Oct 1 22:58:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818903 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4CEACF318A for ; Tue, 1 Oct 2024 23:00:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2DCBC440147; Tue, 1 Oct 2024 19:00:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2652968002B; Tue, 1 Oct 2024 19:00:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B8CA440147; Tue, 1 Oct 2024 19:00:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id DF5F668002B for ; Tue, 1 Oct 2024 19:00:34 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 91D1C1A0D93 for ; Tue, 1 Oct 2024 23:00:34 +0000 (UTC) X-FDA: 82626554388.04.705C5A2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf23.hostedemail.com (Postfix) with ESMTP id 943B3140015 for ; Tue, 1 Oct 2024 23:00:32 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OzU3C8wB; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823568; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=t9JhsxwzGO3El7z9ZOgaTR+4+wFgEhQCbca7NK97jpc=; b=ZSE0fX3bnhWLnb6adp+KXSU4KvWkhFowY8a8bNcFrSjiEtVR/1bPc3pRM6bkh6+TcSUSUv PUPNJR7+3JT6z98QK73aFr+nXXWxBSqW1BymYiPEk/Khy7rzIPO2HbrIplhDoYkOUqocVI NEzJnXVbJuJEMf/nYGOYREpd2MVMYk4= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OzU3C8wB; spf=pass (imf23.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823568; a=rsa-sha256; cv=none; b=5sVHI/qvCCXGFspddDqpEzdhMIkx4f2M1q8Pm/sHK39vH0g2o2/H/4fDmx2f9OWRMDN9hq VocQIBcUBxsWjrjZlrumgT9dweUq7u0cKKOFGRLD/JNfYakpYFC1kghJDcsjyH/C4RBXSy T0NySk4KRiHNsEb6KY2Jz+1x3tLcmzg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 9D9185C555E; Tue, 1 Oct 2024 23:00:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DE3DCC4CEC6; Tue, 1 Oct 2024 23:00:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823631; bh=is0r9uSxnBrJsURPndZS8euUNnh9hat0c9erNc615eY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=OzU3C8wBK2OXHIrGHnNZpdo/rQ6MSb1jHODyDJAoNGG9AyZNy5xOhOnImbc9d60wE qSXmDByXxXOp7Ghp9V8hGG6xCGWGNhmsxXa6baFwojfTnq9JMUn7NQgzr7ymCVQr9M xQzltE3MEY3qlx7wv2dUGT9EHgsMa2EePeQK3qEgp//bYFWGY2XK9BHxnCXxy14lsW y6hOpdEVVsRQOy2lqROKkzEl3teZgHd64wyHyPEWP29kxwJ3TVQ7xEfvLf+sSEt1u3 0tpfKhhLduhLswCXEr93fOz97JzdTpXZH9WZYuRAlc/qi7p3danUp/VqXou6eelRs8 /UTfMxcLCXHGA== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:42 +0100 Subject: [PATCH v13 03/40] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-3-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1425; i=broonie@kernel.org; h=from:subject:message-id; bh=is0r9uSxnBrJsURPndZS8euUNnh9hat0c9erNc615eY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7GKNZdsoQOiuGpwbETH3V3HnhsUT9brBj4a8sc 0mwQI0yJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+xgAKCRAk1otyXVSH0OpuB/ 9pWeD6rdk7JLYO1MPcZh358jd/19/BInjhws/y8H6gPcPEhXrqV3svABMXzkhapPykA0FPynYWJ3Bt CVWT6h4z/az2texWxSamLzYf+NpFxo0KTA6Xs3FbEQNSLhX6NVP5ShtTxUTRPPqC8WQDiw2//sVF1q A/RTUy4F7OXGB7G2mAcnlkzpyemeS4Jdu5U3o6EafIil48jzkrO3jeu/jQIfS8xwQf5UOFkbK7CXEY QU452e6zmm0e9iAjhYcZALFD7pZ3ZjVBk0ZI4cEGACD5cU1doG8qkctAhdvnI0j0Tz4DLaIJl5HJWh sJYxu/Wz7X4HBFgP9tyB+yg3XUAKpC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 943B3140015 X-Stat-Signature: tt3zsu5bcpwhs8zn4muk4gxrreptu15n X-HE-Tag: 1727823632-700378 X-HE-Meta: U2FsdGVkX1/5YeiQIysa+agn/+zeEx3ufBj/ouuLWb86j57Ga/47sgjOIJGHWRZrxDJP0pz8B+S48QQrT3Y4Suqv0Wbakp6x3HqrTJRNrNgV/+2S6Z7uDc1sAqcrGkwIkj/hnE5duDGk0eUtsSjj2lQZkQ7sCXOkj9APKFvCy2OjSr9yqW8MC4Bnbmur0ZoCNgFsWh4M/KU8jG5UL0gVS4KrspvqIbD+yqr9dLP7FoJ9HZrM20sgrvKo3wPSzZ46xNUWOgE2srHmZ5ayCSKzV+3d7Xeky27JltfB4XULDawa9wTsqJgnbEFBhWLK0jlWlW8vd86LoUO8eKxDa8aw1M3P24CSbs93bx5ougSEdqNUf6JzSOLhlSivrmgV9NjIGCGu8qVtBrLx5Y6xgoujZa/7BwW1fImTHmCYwEfNc2/R5IhbEx+v+knag+G+z6DpCP+2DUkARRtAEaMJdJEZemHYhV0yaSp27AiKhaLFuC95T+ESNZa63+DQogjq03A+D+3NFN5BKosNfuKxoXvpRZHJDhrQNU5WgfVQukuMWGZ5CljVxoym8oqhYCjesXFopTp/AJEGcdLNsLVi+MG/vYa6uYorlN94UhD1Rynyf8Npf9faxX+57leJhXDk+nAAiOwdHtuTk+RkDgs4EHrHoxGArIls4Z9KupKy1NGsp0ENdeK1I/j1KVN2uvHYeXf7n7APbAp3Wo1OT/K0Gx4wMDdFBV8KwzTWir+JoXl/4YNOiAyqjUH0YFb1z+iJMXCVIJEhlGbr7hKHLs6kOP6a9EHuHAKVzoex2YHq8UPFSjSrPmpwN3ti3Zh8JFMqTV3KbNQiC0tGLgLglq7+1Oi3HaJeTImXvUElekSzzlGXIoP/Wy6jFGn4z95V+fl0/jcI7RamxlD+loHIKA91B28OGN3nSJChLsBLMJtW0FzaLlsTubreWhXnd2eobZGWQ4lHoUJjCwE1hv90XSM6Xat XDNO5hL+ xNkUQ/CG7fvD4EE2HVbAsE1/Aqxe8Ba1XGk1dGBnmbQkQG+aIYs4DeLEXYKdMeB11d/yhInJlBFb5ZsTsy1QJS55RrlLyh2If7a/tLulMBYtoLcrXvCl9axGFj4D/EsdS1mf5AiDgbMfHdceuKQcY/8n/6qMu+VAJI29b4zoMNkyvyRG0rhzVtBeLijaY4OgZUDu+8bH/+AnO5brU3xgV1ZFnR8ija4NRd/75khonNwMlleNYrfYe/XvX+Ht/fU0CnW0PNwwX6repLlAEy34XvpM1mnTescECmQ7Jzshi+LucoMOyh4rV1gsKp9OXrwE3kaU1++PFmZ6cGVSX8cteRg4HjdgeoPt0jGgnnifH0EuQst8VNd295A/tjG4mgI/2N2R9JYLV5609cc/g9/VbCKHJuA5RyX3qMQ46L1cW6ld4ebrbhWd1zUqH0UbyeW4yVWqC1KyF4RyDluOIj+iGJ0cnvX2MAsE44Und X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 9e39217b4afb..03b790fd0ad8 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -62,11 +62,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Tue Oct 1 22:58:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818904 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B97CCF3189 for ; Tue, 1 Oct 2024 23:00:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5764C44014A; Tue, 1 Oct 2024 19:00:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4D86168002B; Tue, 1 Oct 2024 19:00:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 23F0944014A; Tue, 1 Oct 2024 19:00:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id F1E9F68002B for ; Tue, 1 Oct 2024 19:00:44 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A97B640D1B for ; Tue, 1 Oct 2024 23:00:44 +0000 (UTC) X-FDA: 82626554808.17.2D69EF6 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf26.hostedemail.com (Postfix) with ESMTP id DBDBE14001E for ; Tue, 1 Oct 2024 23:00:42 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uZYeamrV; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823516; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iWNfltAJBgKoxMBtEVNc2BIwWGP2iXPwlCf9e5FK0AM=; b=b2S+BW2KUvyN8sYfm19Lg2fa78bYQ5bEGlB5tSwKwFiSMO6EQQmG3suc55p39cgk6TnqBN nEbwk5BmVQxFaj7zgh3UCKsmHNfGQElOjhxsSgtaBgRiDVaDaxC1PqQetWKWsk4ZUxIwbM tU01yGz2dE5MaTSwAIuQpMFow/lrWK8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823516; a=rsa-sha256; cv=none; b=S4G4bRikkGKNulSgOZHxomCAiTcTHODhzf3QOnCyjb1QAkf6i/nj3oKGF+1qPwQ3yFJWGB tqRwSDz3HP5Z9xrK24ztfdOlyKoapibUkEgMnB21UPji08vSISh9wLiYIcNBiAXAXwMjpB kLPEstX/9l8FmYjGiEuAiYyn3lNG/sQ= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uZYeamrV; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 0F6925C5547; Tue, 1 Oct 2024 23:00:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E63EC4CECF; Tue, 1 Oct 2024 23:00:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823641; bh=QzHtuVcSDaL4Yx9qwbzgbMXiTjYft30F6+HnraYB7I8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uZYeamrVp2rmyMCQnluYwOnDm4n+Ff//3VOK9nh7fhijWFZSBsIrKKDjAGk/o56ph TWtU7syb9yzkhscU782HgCKBmfTe8umJChkH7pbpdmrFkFnZKDzEigjtf2MH4Q6h+p 03C4A6BM0Yce+YT95YTjNz7OxrDfGQse/whSczqePqSDu3R0HqcStk54Lkhz+mQEEG /g6Czt7bYJqEty6YzhPgcA7W0BO47QcNZGVJ0ID0LvsSGOrdMO4RtMtauP6xRfcUf3 TqTDwfiQYc3f0nkcAQpIFVMpBhb6kHSmTpoI4+YPQ4WcHzjP2Dcp9wdpT1PpFQ1JyR PZHhD65WC/Q5Q== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:43 +0100 Subject: [PATCH v13 04/40] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-4-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=4975; i=broonie@kernel.org; h=from:subject:message-id; bh=QzHtuVcSDaL4Yx9qwbzgbMXiTjYft30F6+HnraYB7I8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7HehyHHZF6+cj8DJo6NxY+7EGNDDBamzVyHc5d IEYLGoqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+xwAKCRAk1otyXVSH0JhiB/ wO8/ZF+SkRw9d5n/x/2zuP6kLyixcTZ3zAcm+iDEAW8JePX4d66upSGjkAXNAIOYliNpblNkRnl9lW /pqQ7K6QEeMennahYz0YD8lnH71QpGSZoYU4Q3TSyJu1ZMKTYlrBAd4xIFAjtTa1dsVtHWMbgc7EYT GrpwH5cRB82KnH5mEWaCdoBopZsgFWmMql5OS4Dhig4w/zyRuEBRoxmlgvQxdF3TWFrXD9i1lNVpHx CCKN9fjW0cokoWtvsnRvMxrlBAUb+FeHgux5A6Y+EjNCDrNy3dUev6djW59zf6sdiH/eXUqnNhum7i C/teDyY09NlgqHrpdzubJx7yX0COoy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: DBDBE14001E X-Stat-Signature: i14q3zm4yytthfdo8u7k8h31g65noztw X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1727823642-248478 X-HE-Meta: U2FsdGVkX194esVXwBL8LxuAgGbU4v9zrXk8xkturDbvfx95PkH0hK13QboUgWBACnsA2M4J3pZv6Ajn3JINLppeRhP1nNWbrfW2rzPjFXNz9OxgYnW+ooXz4iTKjX4ZjQQ2HGPyrH2s1lD/ixC2f75/+qcgP7UgP6Me3TDdZ1/MRzBV7TrLvXP3MXd5wCCZGAaLWeK5iGE0ptJSN+oHB9FNsJRqaqsCS0utqJuwvjacg19gf9Tiz/sky8nnfzqdhUnuA+w+/DniVp2Otkc6glfvK9bRkk0o5uuR8fcOXMagX0rhKVoPl096CqONuNar+sdtjyXvN6G10SexH7n1dG+MBjpMOC6lBFRS5bXF7isuA30f06T9UzxO/muuTPKYVxeGLOD2vrcnhv+Eas4QkNx45kNgSTH1fe6sqPZdsBdJp+RFJI/Ko9YVuoTeCEsIRFBaAfHqCIH9gwm/xLYBYvlnhVhcF7at25u2iADCmMdh1jHcKAPW7ZD6Y72Ec7KkW8AqCYlIJy/2wfe7HocOOS59yzqMGFKrhfoSAfR2RWDVmpq0sXvoGYLEjoRm8HqD698ba5cADH7rGnhFehJnSpszXZ1yYpm37bMLR/nXEGPl8OC14+bm3grRMtHcBwn/UNPQrVib3Vyz5wSiryjKFcTpWKmGZWZeifs7TnwtV5nnf4Hi8JaVUzafet6R5Y0CfSTaEL/HfmqrJ8pgTcYJcvPCubz7ZAbqzaJxxb58uJHq742OzO9WKvC6N8gNleD6mYTE3XpcybbpbvT17velfA72keaqffafQXLbOioncSWOUi6BSMzro7F+IVA2qMWqgvJgCkC+XQ27XXA9jFyfAF8tQoFyY/48QccgtXRA7m2WovIcZMXTHYDS8S9LtB3HzpeR+CyjWL2RyS1gQwFM3Ye4OizdK4zLKER6MHfhvmyEVA4W9MRoz4AAzS3pJY76LiS5NHu9MQ0Vv4rn7up 55gm78QF VTF8sFWBryY4B80Sh2peG3ALLb3Cqj/blG4KAst6iNJLrEjUoTD/ZevkYnrqEXGQukZwIThqJESJyulgm20E/lAyF0QUoBOsIbEo+7jZBW0il7IbYQRy5X4x0Tz+dEADPa/gWbj3ZsfFj01rXFXZeBQLd2Dl3/7X1f8687hnrevzFRZAAtQzhSAhV3vQwvTdh/va/vEgSk3aKYPYmi+ZcG8ItJLI6WYxnKeuBVcAG9TpRGhq16pxrz5gUuro516/XNxIDvv9SLauDXEt5Fv68gtr3Kzq7WKUHINNvwvE2frFy7DBxb/gmMwLTUFTo9ORgcLqJpv3iSZmZCuese7Q9tKx8C2CuAXy38k15061tZeUgy/8ZF18zN3yh6+lv1sugROn+A6jbiZlH6zQSrsZ38SNEEeKAqJc99tG5+lEWzf1FfeNAMOTNR04IrQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Yury Khrustalev Signed-off-by: Mark Brown Reviewed-by: Deepak Gupta --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 182bad0c55df..56654306a832 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4221,4 +4221,8 @@ static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) } #endif /* CONFIG_MEM_ALLOC_PROFILING */ +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 35791791a879..557a3d2ac1d4 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -328,4 +328,26 @@ struct prctl_mm_map { # define PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC 0x10 /* Clear the aspect on exec */ # define PR_PPC_DEXCR_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 74 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 76 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 4da31f28fda8..3d38a9c7c5c9 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2324,6 +2324,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2784,6 +2799,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_SET_ICACHE_FLUSH_CTX: error = RISCV_SET_ICACHE_FLUSH_CTX(arg2, arg3); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Tue Oct 1 22:58:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818905 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F106ECF318A for ; Tue, 1 Oct 2024 23:00:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 85B9F44014C; Tue, 1 Oct 2024 19:00:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 80C8968002B; Tue, 1 Oct 2024 19:00:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 65E5944014C; Tue, 1 Oct 2024 19:00:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 45F6C68002B for ; Tue, 1 Oct 2024 19:00:57 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 0E2A21A1294 for ; Tue, 1 Oct 2024 23:00:57 +0000 (UTC) X-FDA: 82626555354.07.8680C45 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 33087A0011 for ; Tue, 1 Oct 2024 23:00:55 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Q9BEblIa; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823615; a=rsa-sha256; cv=none; b=TmVYwI7pQ4y+XVsfUNgaaQI4lT+wWWuKWRDnUMEBv3xa7TR0mgGqgQPMmVI62kAn3JOpCp YIBTwk/8p562RVSth8WEMQ3d0otW4U96wcRwQYJxoqM6uOVSdFKwpf9w/Bqpu6cknbi9PP olLvtbCNCGw6hkErbNG2z5+T8xJ3LjU= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Q9BEblIa; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823615; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qUMCCvXQQpJjPoDO711IUc+ph4XSEVjmEgAg2iHR6t4=; b=z1ZGBmH3HmDzaiw1MlG51VKU5aXq3/JIu9oku6o06lpOtjyiiCjyOmwHKmwr+xU27v5Ia8 UtZ6a45eXHLkEkiCvSgODisS0h4uMEu6zZDv7bsTliQ45yHM0sHgxiIz/Bn0H8rkE7ZE4m TLFMmIQEOo9nFqo0jPh1/Ze9U/Y6Qw4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 65D595C045A; Tue, 1 Oct 2024 23:00:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 73BCEC4CECD; Tue, 1 Oct 2024 23:00:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823653; bh=vL+b/h3WOPYO7SwFl92JA9c0VbV77YwkdcIPJjlNFTs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Q9BEblIa6MmA5Xaow7wFPzfAM9zttSOUnO+EtJzN/PX7Huf9lzr++3lNcVEnhbBqz 6dMkhlxPMElbdJeNlV158SBKPlOnHk5LQmhwlqFXihJgYSoqGxl3GLqUDM7DzAG5zc lvLDejujVe26CNwqEFjY9RC9WxGXrSNkF5G9RyuOCrURHXGYY7+8AA1BJ1SMrCIjZt BJvDkqRMfZF1cudVdwGq4CDhB5w9OLNa4NOrghTmOJJzwygsOzNNOFDRDlXzt7kKtH IpBNBwRkNrS1h0eaDjRqb0/mVRIcjwZiyqBZn+jatUlWQ0I77tCcOgDFflvH0cvLXI 3XrtVqCX11mdg== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:44 +0100 Subject: [PATCH v13 05/40] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-5-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1935; i=broonie@kernel.org; h=from:subject:message-id; bh=vL+b/h3WOPYO7SwFl92JA9c0VbV77YwkdcIPJjlNFTs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Ig3nICM+W9H3bCT71LrQPx0TmwN2XrzWIKusU qfRtVgmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+yAAKCRAk1otyXVSH0EIMB/ 9VAnLOcjD+99k7ouK69WkUZZje02S2hR6fRnCSftnhm+4bz+XAyRnRMAjPkiv0ecgHaTuBtP+MmN6L M1BTqr15gkX62ORCMeKqgMig0l5Zm08WyrOD4f/Vf4Zb4phDfeQkEhHthQYNAOzPiw9zjQIJGaypMM PJHFuO2ykfazrzqINBCj0D1SCeQt3+5cESSO4XqcDnyaOrpnKPqwWdoWVkNzB98GHx999EQw2iWsOp pEi9Zg8ZJFAhJSTayVv1NDY9QzD6ngW3nJCCx7rD/3cbiZd2/Whg25ERj0YbAqlldQVHJfqrX3RCBL guH+PVB5PQbczVYykW+F+llt/dznd7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 33087A0011 X-Rspamd-Server: rspam01 X-Stat-Signature: nmg9tnayqkcqqwtgp3i5cfdmise19r1q X-HE-Tag: 1727823655-483917 X-HE-Meta: U2FsdGVkX1+XzoRmyOIPnH/LPv6wMOBpMChY1pKFXmGDI8UOdGRebZz+heEIQ7OS8agNYPQLeVYFgZzCsV72FjqmjrVRhIanze5UUrn0+4CryX4mqbxjJwU54dWuebrtLmnsyIRVRf0COyl/BW9cJGq/G2iYvtEBxpv8gE7rp1WbPoV6B0wp8vPkGrRLl6tO5wOzBHBd6ce+sSQFvpXzCz783x5MlVqO57VZkgqN4yMfdWtZMiiZUyA/9eqxm+LgiVckebTUrswaoOYqPEkCvblf2sqw0r/5PfftBp6sn/fAfEhkViwFh20N49Nc0OmicDWL86AvmVmgHllL3f5v5HKtWDlEemiyJ0Mk324NVSy6eag77Z9SdjS2iqxc8gmFdrLPcU+CBtQY44hITizgtPFWp69u/KYCVC1pgQfnBNQMHrXXJHPI4OWSuxEa31COvoASr8PYPZdtqXrf+yNuaYn37C1UAK0wmEB2ilD7dSH1w+Cm8qqwML0EHypiviNN0jyngJUmQyTuL+t6XBQgxf3xlhFUvZo04xi7sgMspKHRB+geqkwAkKkfJp3XemLPz+OWQjVJLw8GKH1yx4bxxImLWtfMoboWbM2Uf2zjDIbDIlieiRBmNU6avH86QTYdAY6t7w31e87IocrW/tK74N/pwbJsvDorzWrNJw1YKFOMcypgzVoGAtiFWY1KRqizBHGPX2+WINZ7GDo/tSPaQrbVVUs7sqzvoLP4AazvBYRkOf4sFFh3dmOYQDKBbVZdDgqb+0qWNz58wfzqENVrVRwOQSg8a6EGXM7XZGd1YMxLRG8rRsyjlG9efa0DYDWM8kmNreSMldqHSDOpgDxm4Oz0jbqCYuaVrDWUztT2U3o5uCbWigOc3czLI/17613hBai4veyxG2DeQKMxUFQ8r7j+Fl/z2CaRPcrRfR3FIrv/eqT1Bx09mvKqPQ1IdKFwzoDYT9/YGGKPQRPXgix U4a/OjGa w74gNS50Yc6D5y/kX6ydZjEiuWFe4AgjZTl6qvqHRam+WS4AllyZgmtBlklMEhlr9uOTB2fqw1sgvCV2P2nQnOKwg7FJ5eo/+xzSaWFfo9jk3CIUmk3HFH+22J8yFUpHBwGGDSzGtZvUpEC77JAe8v2sNJSlWB2z+1ppI072yarhxAcUYuRxKZHGkso6bOk/nbTg2FZGdepMOP1cKp6qI5YHniPptXBldSy4FqERh8XxiPAGr5XudQuioz3fX81DIEEj9beQm8AZtmgByXXu8LBHecSSOVPbzqMcUzV5YYIF7jXZdfF26w9lWaR6BRVE1ZIha/6qji7NXPmwf1TQXy3FCTcn+SdgD5Emx7E31ed8ZNIc8JxY/kGY9kIeEwrPN+5p/KXNqTWFT3np8aaWjzkw/U2eS1gYTJZ3ExeDNfpOU8ojWscykB3Spr3VDIiMW/jSSLxTLKP7/vuHtU02lEIS68SmTOrRR+jkS X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicates that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Yury Khrustalev Signed-off-by: Mark Brown --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..5e3d61ddbd8c 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack marker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Tue Oct 1 22:58:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818906 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 297F4CF318B for ; Tue, 1 Oct 2024 23:01:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B1B6044014D; Tue, 1 Oct 2024 19:01:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AA35668002B; Tue, 1 Oct 2024 19:01:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9440D44014D; Tue, 1 Oct 2024 19:01:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 71D2E68002B for ; Tue, 1 Oct 2024 19:01:09 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2F95440E0D for ; Tue, 1 Oct 2024 23:01:09 +0000 (UTC) X-FDA: 82626555858.20.9EF29DE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf14.hostedemail.com (Postfix) with ESMTP id 53DDC10001C for ; Tue, 1 Oct 2024 23:01:07 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EwJEg0or; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823628; a=rsa-sha256; cv=none; b=wNE9YVzzfP8Dr9QEhfaNKEyIlb76U/yZw8K5TDNc2ds3UX00TTMrxKhmdlvrZw3MiyYpk8 uN7wKpLKD3AqMP1qpbxQbOKlJQiCMHs4cAnfAzgv/+hNweiPfx6nfXrAcDIRYzXsSu9QYn k4vTO7L/WbQuOPAQY4N2Rfsr082n9ac= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=EwJEg0or; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823628; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KtmuWL5rPnJxunKis4r+zJuOmfs6tLevqw0vcnqTYxQ=; b=YnVlyepr2+x464KbKxWK6H2fWSP1qij6M1ufbduiQ72hLn6fd+BeEdpr1Wi/KP5qsinfjI Bf20lo9W4PQKdLnqMiGHjAqerFkNjMucLc1rgka6T41FFWYEdF2Xsu5TaJpeVe4jxBSPt7 fol0hop3PglN+Bsg1RH5OykNaHzyQKo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 747F85C045E; Tue, 1 Oct 2024 23:01:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 676C2C4CEC6; Tue, 1 Oct 2024 23:00:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823666; bh=rOh4m4fj2wClbocRq0H+LpbzuLewpkO3M5BRFF5QA9g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EwJEg0ori93CigiLXfM5nzkzTLmGWgRtXKjPULKcnBgukqJz6P6ymcuAN6ht2YaRy wgamKhoUMormn2N+/htgu2VlgVf0uTQ1ITD9QDL6rB+P/kcQjVFPWhXZWaet1ichPB jwEKXZw4fQuWgLCXpPH+LjAXYH3cWDylFR4MTG95fkh3MPrYsKP06PotNeH2zId6oP uMEww4ujLpbVwMP3AsRdLcu4O2epXPKu6DVSY/UoUX6Y8yOIrjQvEpw0NYbMNA7sA2 PJO1XQACz4QGYf0EaHCYle2qPWNV7t7Ih98KnqImQyQFZMqQEiY9KEOZW9LZtwjalp KYIHKmBb8YxKg== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:45 +0100 Subject: [PATCH v13 06/40] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-6-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2380; i=broonie@kernel.org; h=from:subject:message-id; bh=rOh4m4fj2wClbocRq0H+LpbzuLewpkO3M5BRFF5QA9g=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7I9yk8ghsLdqny2ZV4YER/rGKDoJ0hQxESLaXj e/jW+b6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+yAAKCRAk1otyXVSH0PQcB/ 9/5WoMr0iRfMQ6yNpxH+5BewveQcTTMADtDGZU0k/TPNq9rE3ncWHNxGcjO5lTOdD/EjuYj9w5bEib ie+7XUaGRkJxY29dQJM2fqh9IiDAAoMvM+M9HZzbBonZb0bOU+7VmrkMeOrSR4lCJC6G4P5Ihl5IHb Mad5JNsK7tZaGyxdxnDfBJ1yX3zPURMe+mQYJosdDYot7KoZtGajfg37krRbknWsjD1onnxwYUObrb f5er9ZMlomZ3/7/BsXHsZBpV6lW/DjF7b64sbPvl06kGHxPhZ+slMQUCDMqXOnrfaJaYXc8c5z/cru 3oB24kM87Df0vSL96ajkVILRkQxWGg X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 53DDC10001C X-Rspamd-Server: rspam01 X-Stat-Signature: 8ytzjd6nf6om6nonjs6q885hybraq171 X-HE-Tag: 1727823667-130287 X-HE-Meta: U2FsdGVkX1+CRpsHJ7gegEJXBjqHaO3q0QrhNgp4jfE0PfqB6SVQ/f8x+Ca/i1h4R9afWRkHr0TkX3XukLhOvMDshBuYLpMQJ8uXZy0OjbiMuLMQIqC4axUc2agTdvnIwQ2ocargZQl/Is+M9CQ8djU4g34/P5ULFxNBivKCrBJQxeqOF5AqWyjNT0Ae47CYvi1mMiDKXo248gr8jCwd3ZuKB0xBQASlbj0FRIs/m/GDtFzDcTNuF5P64QMC4PdnbKipAyH0ekOPqUs1M5vTr3nHHtNkt8hlaecV801qKS0u1SvskJvr7k48WbQBSwdJUEkGyFUNaagbRw7JNyMrJdbrTe3GsFkkMnuUAKp455ICCNhH6UrRDd8aBwVG7Wt0+XFDkdSrPcuzazN/ULqvWOJ8st0NPz6hiyrzCDhN6p/1/ycsqcvdZs3lOB7a2uRuJvi9wrU1O7hfkhMQ1gDvOSG80tMagsQxwSVq3axdn3lpN09zIY/MvmQhsxDopLa5a4yGowus/7iXA/l9Q2OyLD98m1rK1ZWSzSnhAcrGV4s9fee6EcSvXswjVsDWJVc2zFhdse14MQQTpQ50gtr0d53cycfHCtdGU6ZJiJQzhlfEqJ9VBJeHiqPEQWlctCLoOwZ1329r+LcdiLmH9UCJxt2a+4GU1BCR0hz0LyqQPPWuhACLzgFmPz3BXScGfa8AmrQcLClZg9HCF7Hzz0Xl2RAogRafkFHJfrpHPZ+UbTTBgZpQAWSP3qRyoeuulCMPSfdF+WU6MHnff9MFGcVUVZZ/NJUENk0u6MaBYW1ZY0CibH2G0Du5JQP65YYtczTRCF4QzA1Bdefl5fkL4bByvdCRPOreTO7z3X88gRur/AYpmy1zD4wEwLXwKrdV/l/MAEdyUkU/11kP5n9UmDwUEk6hLE/t/+AVHB4gXmFIIVIWT76Xvsy97sas0ljpea+EFvQcJhOOzmEACOj+uj8 yvKjl2Bb qCskAEZ4QdDifDoEHaqDLsxD+Yokfw3M3kPrd6fgfNqxJUQ9D1oUYdUVKzOIXxvBBqUv0JGjkwNcyESPJzLWBJxMEuGScf7NFv/RIIvEgRsCI2+TnvMOAx++SuphPb1i7q8hDi3XQgVjCwYF7mQYycWv+z07wGEgm9psoV9ov0czSW35Bd/5jAWTp5xpkpX5Vpr3CVMKonUnaHV+GvOuo3Gffaj/OmK7LM8Lx92quI3pGqMz/7tzmLqXsaO5IU0yD++623H9yDEiixui4J+KwoZ+baEm1UYP4CTlc6CLky5ILxpL/P5sfkdnRs+mE6Hrp+krY1439DOnghokochC5kkcrcUWdgmof8uAFmtjEg9JUMrvm1F46yBm8u5haCB0fwlWKpSoUpIxgzPSIyZwkgvH619788LBcWVGYmET9Q0sdpZFqqeJ946Kd3Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is present. There is also a HCRX_EL2 control to make GCS operations functional. Since if GCS is enabled any function call instruction will cause a fault we also require that the feature be specifically disabled, existing kernels implicitly have this requirement and especially given that the MMU must be disabled it is difficult to see a situation where leaving GCS enabled would be reasonable. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..aed6e9f47cf3 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,38 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For CPUs with Guarded Control Stacks (FEAT_GCS): + + - GCSCR_EL1 must be initialised to 0. + + - GCSCRE0_EL1 must be initialised to 0. + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If EL2 is present: + + - GCSCR_EL2 must be initialised to 0. + + - If the kernel is entered at EL1 and EL2 is present: + + - HCRX_EL2.GCSEn must be initialised to 0b1. + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Tue Oct 1 22:58:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818907 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A254BCF3189 for ; Tue, 1 Oct 2024 23:01:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 37BD86B00A5; Tue, 1 Oct 2024 19:01:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 302BE68002B; Tue, 1 Oct 2024 19:01:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 17E296B0108; Tue, 1 Oct 2024 19:01:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E4E3768002B for ; Tue, 1 Oct 2024 19:01:22 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5BAC91A0611 for ; Tue, 1 Oct 2024 23:01:22 +0000 (UTC) X-FDA: 82626556404.04.72FCBFF Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 835ECC001A for ; Tue, 1 Oct 2024 23:01:20 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jVZM9w2T; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823615; a=rsa-sha256; cv=none; b=NrPdGovlBk5KE1uHIKwH7kJcLBwtZGNneJNr2H2CSt1TnL3vydvy4VSVUsQJOTXAMPnOl0 TzkbVi3QOgXHniUJFDqxqAyXld5Zt1KRIQx4D8R0E020IeSKOttr2iBcNLdhcdcF1Dp6h0 UBn/2cx8qmrP2WreBBuwE8jjEcoqfxY= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jVZM9w2T; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823615; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KRwT3C5l7QqZ3o+UtXod0+pqLsc5A2nTc9YPPINulIE=; b=HuhCuqsjUKQHPnJji+Q2Flu9iIaULxAgQ3SVsjDvnAY7lYnOJAg3xMbhkfB8R6B2oCMnpA H/d7xJJOEXCDmLWFM8FvbItflRYVgFwCQHFxiS/1bTSd/NMY47jEP9/IKz/xl3JsXCJ/4/ nayU/kLE113XH7n5REX3BYT1QWx1WhI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 948D55C045A; Tue, 1 Oct 2024 23:01:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CB2CC4CECF; Tue, 1 Oct 2024 23:01:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823679; bh=Vf2uNluHz2rca3mw8TcTX+NsJV/Qh5T4cYUs2i7TXxM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=jVZM9w2TFPYRXcHqVrP0Qzet5ZimUajVBnGH0EhpBkabdMfLXa+RzCA+jUnjyGM1m CJ8EFXdP1PgHrC1tKvVGnJWlxMjAFQMP2gFRgwEqZO8N6qSYimU8ejOpwwGHnFZuXY 86DXvpsvB3FWiEMk+ntP0Lha7xlDlV5qpMAZOggrQuJm3djAJfUnCgt713hfxPM+Ev 0BXqsx8xr/0zc257E+hP6isHgW4XTx+znlwISB5hvczbAi1lqyvDXPzJ5/yi8ANzdt jNLailjxmqcTsawgpffDetmjcAUOgQOmif3/O5yhtJeanlELsfO43OyWb9ZUezbd+v tN8vKA+l6a/Pg== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:46 +0100 Subject: [PATCH v13 07/40] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-7-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=10660; i=broonie@kernel.org; h=from:subject:message-id; bh=Vf2uNluHz2rca3mw8TcTX+NsJV/Qh5T4cYUs2i7TXxM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Ju1pToDWaUGEp3Hkm5trwDDFmJAt21ggli5wt 1wpFq4aJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+yQAKCRAk1otyXVSH0HYwB/ 91P3Xkg8BBGXxh3Fgc894UqDHkhXWVd3t+Pksyai5obwhEVa85s8Wg9ISM+HTQkh460hHADA/xDbFF 2YjD56YVZP5Dg+ORNWhRRVdTKX/eo1sLcWdJvt9xONO7FI9kLgypXqSp630Xos/2fq/AHJy62H/9l8 q9RceRohuQOKkPBoI66VYnysha3TgtYDEMxt4978KiJe/JB0aYFC1ixMNEa8hdorjk8s7JUw0RK8wd MbGVvFdRIm33dFehcmpQPYMvJSvBGHAq3ED4DFY8dttj9OB30BGbU64SftZehNJudxSMnvy8NHs8NB dI+RpTjveoc1pWc7Ojpl1gXEDkyEIa X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: ypwxrrmc5gbm8znmfi31s8xy1qhfwf89 X-Rspamd-Queue-Id: 835ECC001A X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727823680-780706 X-HE-Meta: U2FsdGVkX1+73FcA2JhZTfNDBTdx965LJ+WVCRL7veNi3R90VPzZd21yB7EGHV+t/vAN7tPE2mfbky/2Ypu1rAjwjfMe9Y7THXbFZxDYHKSGSAMIDFFqsP48zCrYOpnbNn5cfkKGEVy3FVbkWDHuXfoB0h/kWg5zDLbexYZ9eBvVEeoY15D+++qQPUTPogLF22JGsP0rW04XIhcFJJ5myPUs3zjKrKurB5BtzC8fPqWOKMzuXbJ8ymnbQVt9U0MMF8bXgEZW4L8YBjGxeI+ARM7rT6adOZlYrg4gW868P2/ESYm667M/6kyUFNPXnTjhBSPtmtpudyeGXPz/0+oFs+8j0FrJDp3OX95fAwk1/6dUsHLx8u6YSITe1DgEE7t2rT7ECPKwYIeC4U+moGgyIwaDwLjlLF8XRxH3kYq3btHMlUrdgFd8r5iEI/UsAlhB/ba/Xt8x46ZrThg5ZdmTBzP1g2MnPFsbmBi4h+c1KAZRQSpE7Job+59aIeDtZFndP/YvtK+YspNuI4otiGsWHGk/PyC3eJ63/6L6FtaBapqbHSZoQ++3tDcNQv31O/u2zyQWf1WO6jSsiqk3Krg4//6B8kWJNFUCHSsR3NY/YMfcu3zeVGOdMf+WpkbxPCx4KnaXwfb7+I5rYe53s8ZqqPWxEtWk4d2EwwvOKoZyeLmNlf+Rbd4QVnjPKkRf0Cp42xbnLPpHDHU7PYPeqLVexy9ZhJpHfVkRRHYNOU2dKionisiy1aPM13WzDudZB99D55r6TGBAPplKThqK7bcIrmJWuYiBWjGkylpadSdEMDpXmKJ8I7Dof4YdUziIrJg6Kmez9XE45UZa4gNG7TbBJf9EPueFz0CCat9SWIbnIGYcDpI+/OnvN7qBTFbCsJldf2HGNnc06BeKtuAWRVgkmTljA8DCUTkmV8XQFtR/ok28TWIJiSojMBEbBF0pp7kYQAjyjsR4eHuN3PWTJPu 9wbTlh1p IllRC/O9aabiFrFmN+yQkd4oFJKnaClNxQxneRuM/ZfOL/nkGKr6dgMzC22YMHNBsMGZSD5eVPhhotHHsjVQ7e6npqsR8DnnOV6aIVjpjUdpW2Cl+e6777AoRBXDzvez9xJaADNZebilWXbJEBQmlL0TUNM/GHNF0+uqUPjR0X58KgludB9sqkIqmipLvh80T73v++VQGpYevzVscS5795TbaBKG/adnhDCANs33hxjczVrxNeviHXYhgs1cKk1c7O864Ulb7+pnsHwd5E8AOjSvcbtRqvn/lBTaKdsEHdwYGPEbc2n4FUsW/CPS0TR8gNEhtzz2UdDBO7szAeG/iXE5Lmdpge7x+2vO5jf1ajczeqHjTjYCst+FEmBOCFHJyjUf46VqzdMdJ6JERnsycM8UinDSCsb9C84shGMf9IZu3Y/I08ap1fpBQ3A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add some documentation of the userspace ABI for Guarded Control Stacks. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Yury Khrustalev Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 230 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 231 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..af58d9151cb7 --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,230 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active the current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of half the standard stack size or 2 gigabytes, + whichever is smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + with the token type (bits 0..11) all clear. The GCSPR_EL0 reported in the + signal frame will point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index 78544de0a8a9..056f6a739d25 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -15,6 +15,7 @@ ARM64 Architecture cpu-feature-registers cpu-hotplug elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Tue Oct 1 22:58:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818908 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 286A7CF318B for ; Tue, 1 Oct 2024 23:01:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B1AB7440150; Tue, 1 Oct 2024 19:01:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AA41D68002B; Tue, 1 Oct 2024 19:01:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F693440150; Tue, 1 Oct 2024 19:01:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6EFBE68002B for ; Tue, 1 Oct 2024 19:01:33 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 22520C05F2 for ; Tue, 1 Oct 2024 23:01:33 +0000 (UTC) X-FDA: 82626556866.13.FF686D4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 4F51A4001A for ; Tue, 1 Oct 2024 23:01:31 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JVOwfzln; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823652; a=rsa-sha256; cv=none; b=GrV3QXWZQx7pr0R239OprusztjlS4Av+O7j2KgMDPINg6CJqvdiQ2jATstg/UQNtRqRuxE 5BK7WWqF4Wncwx4Vp3VAFFWh/K/VkW7cMMqDGBUD9uqddjLnP9ebRUpnL9wqVqpYv412Em k93sjILCLR0PoyOC2aSItzf6clYSjpg= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=JVOwfzln; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823652; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Mr/T+93yKvUcKjRjaYnp+R2zQgicOAIXtPhMTARa+dE=; b=n/I8kiHtgoRYOUbEz2OKJ/d2xRY2cZC5+6VwBTkGkyhReACid+OFN7p27vT9cQbTBr+rrC /ft5WISyLi40cos48xHfWacdWNumeeePJh1GqshWNy4OrKG5shNy0U9dyZamK293ITiJ3j +eUTPsvmLU+yWUj9yBUC60ZWAqz0sNg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 745BF5C0F07; Tue, 1 Oct 2024 23:01:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF7FFC4CEC6; Tue, 1 Oct 2024 23:01:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823690; bh=cWAEuqYZg+17LABQvN9oRF3fUQ66H1+faDLiqviD7Rg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=JVOwfzlnQ1yPBDbyHnBgjdhX8SQ8mjDy1QRkyFkl+gx37UIxMkNToKrHVI1wydeCy RvfGEfIUbYLBkyn5jLSMtS4EU1FuCrXR9nErfytRVB8rKmIeiUyzqTAXya3u5hSYSW ZBqvuVQ+khkZqPwaAr87X/XDdwoPeZijmcaMzMRbnvSldy09sAicXE81Snt3Ig6vI0 OC4JtKB6DHV97T5dceAw0Jo4Bhxw6j2Y/6yYFnKqZbGelN+KxP2Y/5mZwrYxZIAI4z 3LSsPRBfwp/s0bVks8hgqIqV80OhU249mQTsriYGh3sReyLGn6wuVQhtXoHqTkFdWt MzUy1utdiCF1g== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:47 +0100 Subject: [PATCH v13 08/40] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-8-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1514; i=broonie@kernel.org; h=from:subject:message-id; bh=cWAEuqYZg+17LABQvN9oRF3fUQ66H1+faDLiqviD7Rg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7KzFUM+Tl6KY9+ZmIs9ee3X2SFnChzVHp/wsKS BBUyQIuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+ygAKCRAk1otyXVSH0IRzB/ 40t5IAmsVTGi7QY/R5VsHa1iNQj0hKlpetd6TJOdMvRKsXR7+KpNuOvRgAkbhlDXCwJYjeU4V4pZTC 49GPGeYHCub8P8aKfD8/+tiWv28sHcRKtOz1ur8l73Orsj2Cd/ed/JcBfulU4rXfyfI0SpWxr9JucH OwLTLsF1AA17SaFcrEInmJ2dOxjQOIIXfZ7+rCJWC1BBDKx5VwB19cZ07spFGUITn5wpQr3Gzb/8wK jyrS73oi0ChXeCFjRaYAEy8XRgWK3W/PS/rbmSvFxKS0Br/eqUVWIMTnB7+8JZ4zsPVbUs3ZdGhLY9 5ld0bkuoXsL76SMw36DmJc7xoDL2LX X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 4F51A4001A X-Rspamd-Server: rspam01 X-Stat-Signature: cwnzak1zajp7t8h7w641ic8idn6bm979 X-HE-Tag: 1727823691-671024 X-HE-Meta: U2FsdGVkX1+YZoNIgkx6EPjGKODXTMV1yJql8XhDaNppyk0jgcXY4eCn+JoOXJlc2uTSLvWWt28/BcbbKiHerqqjR6lftLf7+n6AbcBwmfq1Zl8wZyBoDq2lU9f9IjA+VNLIU+Jmf6HfdX0kicDgZdYk/yCMY9TnBRksW2aGjKSivtNhNYaYsJFMqbsBjuQBno+0qdHmG6Og7hTUJSbxU/blJKEloyNn88BOT5uPC3soLAOptG7J+r/HbTNREd/Bt0geYD+qJYZJTX5AoG8DMUcmA8ksdzN96P9JoOYj1kJfSzpsvC63XyHfetJFu2QRXWvkLFLJZbCkVUumN5eiBkGphzVDas4L5fFKJKCOdAPGmF5neaXJ4+q8MfccSi7b3f4V2ioFODpYHZ4srJLufGhK2bjCc/n2qgeBvkAoVOXFiFtJQujbcYq4KiaIGTg2Ilhuvm5unHsRM22dVRn7D1n8N22H5KOKS++jKyVF/VARVOEL8ONBHH2bJX7N1NTRkGXaS4iMeq8Jg+uKl88vr9gh/aXlhUrDzVD905cCX+KANJbXpiYZf6ekjV6Wpw4TE0bblXZ/THSEaEKgh0+wtWQDzbWH+//hs/1yqivbTWmWLopLOBDZ0x58bjHAXEqXA4EPeFHII3mo0MZ9rPpOijUQT2c0eMeBAqZX3ki0ei0TpTblGBg88PTjJmsKp7wcH0HqwKMAbsjaWQAtKwV8PwbKzmzSPINAcIls6gj06WRlsbXPe1j8k/xJaTylqYFhQbncodpF4goWvArkl4t8YFA8cmzrr9R1NjDTK0fnhHrkUsooVU7iviBEmtP9rozzyonl9MRYCHbu1LXZhT31MIzGdAHGHwwEhMpomUy3Hz3ntMRUCHwCW++AW7UXndkoRyekkYTqOj1INrDhT8F7vE2vZ5lINREUgByqM3S4H6pe5h8+FDWrqoWCkfIJJvjYoog3U2ItcqaybPcCHn/ m2+wLcuw meMHFrzoTE1Tun/uDI5trlBI6OcDzfwladxiRXJAEbJqGCkdyz5V+K1TDCXrn66muitSr/4kk8S9bQYOuhUXCpmielmDvVoN0Fw3v/1eRmgWD97xTKZnuz84ANBFd4aXgK3q56Y+iOvxxSmwBBkZDFyN5gwgOMEDaefRlxQ2p0kKTyul1S+35z2w7+n0I1e5QyajpV+tSSeCATIWg5NWMGCoA9jANz2Ewvy0OMo1gjD+vlSz/EVVw6dUiXxJRa0SMyd6fyizKX0CJKHS5I0fFD1T2BqHeJFDwVyWvoEiEBIAnTKe3+xwp0TtFp5ekHebtNZ6KG/Oq5Or2dHkL5o7GpWQVftOSCuT3WuVo+G4ilq7aIQiVBw6ybyygHospSchvRysaxIYJ0LoS1W3lnqQcprAB5qIv/LLln/5Q9JCEsOUrm0ozfmB8xzMTiw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 9ea97dddefc4..9c98ff448bd9 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -1101,6 +1101,26 @@ /* Initial value for Permission Overlay Extension for EL0 */ #define POR_EL0_INIT POE_RXW +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Tue Oct 1 22:58:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818909 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7812CF3189 for ; Tue, 1 Oct 2024 23:01:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B1A56B00CD; Tue, 1 Oct 2024 19:01:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 43A5268002B; Tue, 1 Oct 2024 19:01:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B5846B0100; Tue, 1 Oct 2024 19:01:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 0B09C68002B for ; Tue, 1 Oct 2024 19:01:44 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BE4DCA12A5 for ; Tue, 1 Oct 2024 23:01:43 +0000 (UTC) X-FDA: 82626557286.06.4D50358 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf09.hostedemail.com (Postfix) with ESMTP id E042D140010 for ; Tue, 1 Oct 2024 23:01:41 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dV73+Ea5; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823637; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Pz4UsGJzyWfb4OgMqFRcYe6v/apCUZMcmoyUTdEgMh8=; b=cGQyGRsymTS9BDMJZw76q91ZfMZOIFp4J3L4WnDUcaIoOeGyII/W6fXXtYwFyMIHPmDO6x 4hjTh5xBLnAOkpHQd5RcF3nPwfRY0fcETNCUTpeo581dasgUmtmSBFiPbjFf92WK/m0fGV jKHzkN7AX5+4HDuCY2FxZVkRbESH/Dw= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dV73+Ea5; spf=pass (imf09.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823637; a=rsa-sha256; cv=none; b=OYOYZncJa1fAuQiqbQvXLBo7o7lfeIm5Zp3+ksyqyJer0aFgSdjWg+pxD8oK5sLtCd9FfH CRL1gPojl/WkP2W60gP3odOx2NjJBe0ct7/85QWtw+LOrMiOcu++S0XmunOhMEf9vqbhgW Diqhtj/yVABjXNOVqpgcLM60/QZaue4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 0A48E5C5541; Tue, 1 Oct 2024 23:01:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C4FB6C4CEC6; Tue, 1 Oct 2024 23:01:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823700; bh=aU7VcPlcAVWfKwhYAkwXPGJufVjITRO3ag+Sd8hmpYI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dV73+Ea5guYEgEPkX2usmY5HovH63TaRUUqIwoMNSA8BkIKeLm6OjU6ojGIhqUs7U CI4eZP3fJvKmp72PKtaa1G9lqkuhfBysgZZ0qKnEexY1eHOGB3Wk+tulPLg5Jg0P36 Hc8mFDYughfODnEmyIL1gcZ0e8muPL+dbbReHwNwaOhZFDbjLkWGxGi0dYmUma4+79 KZbyL+ci4niWQ4Id2qQvRbPrKZ+brVlwDGekRKlMUrBctMUoKMbroW8lGFxIOufKyu jBwOaIwxcBD5wuj4f67t5hU5ck2cfXAE6J4IOCSHxTLi4SvTFohIYdhVVrnhwqBp2l LAK4QXY++l20g== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:48 +0100 Subject: [PATCH v13 09/40] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-9-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2696; i=broonie@kernel.org; h=from:subject:message-id; bh=aU7VcPlcAVWfKwhYAkwXPGJufVjITRO3ag+Sd8hmpYI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7LQGCFxhZ4o1Gnqs6EwqfSZFzmIWEbnCPdGfbE Mko0y22JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+ywAKCRAk1otyXVSH0PuqB/ 9/M5q7I6ky13ADECCsEXG802M1nKDkIbHJiCzaQA3xg86SIi+RIEw095I/kklJkR9rb4ewkuQSixwm WzRFIoPzNau9qpeYn49pBgf/H6+jWXMYiDWsHwQw39LojZetSpTA2ZgueG9CSsFa+tWUt4t1rJbFht K38wv2zESM+vYvtJJwvMObmkjO+9sCNAejKH9dWgFmQr8bTZwIoxeSFJgOB4mMqNeIrq7XOxYeNvvG xSWu5Rt60zUdGJl2yX2CaOTMX7RVE75meQaswAPVsFcXlzMYOLNPnnx4uTNw/w+8jCq+BmN6J2qWIM B9zpnCJRJ/uZH+tWhZp+wTblV/dZQs X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: E042D140010 X-Stat-Signature: e8w1pamjcpd53164gy7ey5je81fk4ceu X-HE-Tag: 1727823701-96779 X-HE-Meta: U2FsdGVkX19CrQc+nPncmQajmvqGJILGi548U9uzUTqipJySitu0ARvg59pXeCoEdKVPqAMzOpOzHwRNknh/Fc1jEyD+tkQdhBL8vCZCw9GHHkGBGu5KyPhrOxY/1lMJRcVt/uV68EK6RoFu0/nZ6QYdAk1PYbsIO05sywoDCXZQzkBeBPlxcLwf4rVsDM4FLsQEiaiM6jf6uyrgVoU/j2FTJ+9jc6TpxlIC7p1TYB5Zzdd8lXSvoqsGw747bR4CD15JWBTLjBk2GeCR3K3LM6JSp6b74NEJDO/hRrnkuIvRDZRjV6U7i9eyLxyL+TFt2jZQD9TkyihxB+1uUQn0HFc9B0iY1oxOWTxrktK2984JBxg36mpyb7XRIU9FWGNk0AjsyAgjRM9idUL5TqgOYEKvmHRofb0hXssoUgE8ylCF+ZKOvvYe2aZW4xt+CaB/ZWONZ6tEludzVtziZtqy2siGEFH/Whz41Fjx8n3moq6sgSaM1j7jDMrsfALX2JxHmJRn4MRuSzdFRc3MQfQ1PstUdr6qEq+goJmbJHtxLr9687chgX4cqQWHOrGZx/JURF0PmExwwA9tMFAodUnuXoksTV7v7WMHapznBJb2UvFl16IiwKjwReoasJug/BmjDNGGeTys96wrRS6wh0em5xPFaAzgZqx+U8J6BRbCHqVArjv0R2M8owhWPsBpumo3dX0032FXRf8/C3W63vrs4hBHkGlVIJRyvPwHQbWBOnOZ2w4PaT/3Ekq5iBx32uUGOELvMXRjoNZfEPWK9CiKqeX996I3FquKWkP49bfalgHUXJS4NKZRRZqClyW8aUfbNAzi73H63E8pTljuo9ZpdL/y8n3z62l/wfRWrQn+KmDLrrAon9tMnN2RTqhEDF2EPBjgk2xqHy1dYGj8joST0SG4MkEH30cqEfYpQi67R/Xt0wCScGOudbykAp/f82lkB30ASzWErKfb1Ygbkaa /WhSmfTp ppRhASrSDWfy7cPbdrgLkbaxMsya0UpBF5b0LhSvtQNdpf4hGXw58zdae9xkwOqilHKW5I+cEDTGZmt9HQPTMTq3yJXujaotHDTEGAVvjFlJiY19G9YCRKWOuU5OAxPnQFRr1YMITV7phYW25bqSo7ZKaLIJWPkVId205GgjGTXtJJqqKm6TyvEeG8Ftn55r6gcjVCmRvu/tGKugFxNMQpm/MmsBjpP6p3nXRlgx3PWIfet1e8TWz2ej5foN+6UEnk9XBGQE0BBA9uFX2yKsyQ7kZqCAgy9JfEFJCob3PkV4o2e0autSTX8V2izVRZm9aG8lBdgmWbf5eNmu8nWUe1yx7mC45QvzUhJNxJ2xvWkvnWVPo7q+M2Cfe8nXH2g2zVIF3vgJTrRZQVSEPuDS5l+wde0hG265e3QBcg+ll9jMxtnWHbRL1EG3/Tg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Reviewed-by: Thiago Jung Bauermann Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 1aa4ecb73429..0db494b24dd0 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -502,4 +502,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Tue Oct 1 22:58:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818910 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5EE2CF318A for ; Tue, 1 Oct 2024 23:01:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6AE35440151; Tue, 1 Oct 2024 19:01:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6390468002B; Tue, 1 Oct 2024 19:01:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 41501440151; Tue, 1 Oct 2024 19:01:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1A1E968002B for ; Tue, 1 Oct 2024 19:01:53 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id C92CF120564 for ; Tue, 1 Oct 2024 23:01:52 +0000 (UTC) X-FDA: 82626557664.20.8050B6E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id 04EBC40019 for ; Tue, 1 Oct 2024 23:01:50 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="O+nAC/nm"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823607; a=rsa-sha256; cv=none; b=RpsjOq4q7eGio/5YBZ0XkxY61fI/PeEhG3hg8bVXL8cA5kw6rCtMRe03Zwud9IBzr7+28S J2zAXWfYSEXqVmBgFNkcHAIJVVz/H5DJ5tcXNl0+fGNUhO1cx7JyPVuxuo0DYBAW82OFIK gmcfn+ZuyGzS5AqNpLRCI3e2qSqPxmE= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="O+nAC/nm"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823607; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZlOc1KMO2qqoqoTYMGLG30oDHSmTISQrcHNfYuFSlMM=; b=eeMqTNN409H8k2dwJPEt1AtlcxrBAbQu7Y8xNCS/GpLFn8i4xwJGNNQOIWJR41tppr0lDK SjVPcfQ1BP9jEMlKnafFfibkBx0jBpBEEHgqfYrATO3CReP9azI2gVURVf0A2tB16iKlyp vjb8YdBaQDaRMPu6bIcorRWxvePgjLE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 064B75C1060; Tue, 1 Oct 2024 23:01:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4FBEEC4AF09; Tue, 1 Oct 2024 23:01:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823709; bh=MhYyeOgDPJjiPnqJmYVftV/y+2757NB2AZxb6KEZfRo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=O+nAC/nmVZwWMWdkYfsQ5QNw1HeIy87NQ75pgl+F8dMYjFyJLBFGMFpjkHg1uQZRC vjYEghqCTeKu90RZu6kQL5Xonwg3xCT124/BQe26yHucyusg5jSF2xblyLFGbab7fi uOn+iDl4a6d4TN4fSkEy8Moq5uBIhZUdIz31oCpfKK/a2I3362UA9ntiotma8DV6jm sECKdDjAV8rPgzAJY6xaj2NsVoU7s6sQohoK54N5DXGYbog663prRwHWOZ0Zf4D1SH dDG6Aif2oT5rhMvpfA7/UW4NLwNAgjFcxyZkDngxoM+ye3IYl2cJHm9rHoIDtFSBfJ DdysV8yEx9C7Q== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:49 +0100 Subject: [PATCH v13 10/40] arm64/gcs: Provide put_user_gcs() MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-10-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1159; i=broonie@kernel.org; h=from:subject:message-id; bh=MhYyeOgDPJjiPnqJmYVftV/y+2757NB2AZxb6KEZfRo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7LRW4KlQxlmJfUOX9ON9sOn/C7Urh9KeH3veeC argNFK2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+ywAKCRAk1otyXVSH0HNOB/ 42LopqO9IfXhDQ4aJcLBH1V2IPSjrLJspB/s/FscgnTaFVT9Rk9vsh9BmrNqn4XzTtZ3lZEmU0PUMs J1sxyGjeOZvm4zGr1aJRDxScmujmlYg9GcalYcDWB9ySDZ6VxlD5ppP8qBZIfKtcFFEnThokH+FKBg tCkanKoKvK12U6GC9yWSQUlUNVkcsrfkIkCrxE9sM7rtPJbokfu1iXbwkJj/wVeh0a7KpgwwFydlxW Aps76h9pOYeYrdt+IY5CbvfOiHTJLDSjNo8NuYCZgK2I1NSCmbakO3qflwWHkQsBdBLsPd8ztMXzVZ yCkkvq97G8U8jAVxUciDeAjQRNCcTk X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 04EBC40019 X-Stat-Signature: zp75rsrwy5otzpgkzw9ergax5zxqumsz X-Rspam-User: X-HE-Tag: 1727823710-248320 X-HE-Meta: U2FsdGVkX19SMwaGsBQU2Gh21L2NVvohB+8S/IqYf9LQ5nPv83vRD7NMSGibhivE2e1lyo8Z3eqTNVBDnI9/tfEUA4Nx3Usfjr6tWo521mJJ2KqsraFszbYcLRbPdJhBg18v+dqFuGsDFI3w+GZky9rUYbpeoEBXB06Yi0FxIJiOBYmtLac3SmMU3hIhsF8JL+W8zPp9H4jwRtpIOou3/pPISkH/sTqmLpE+paJO/L8UM+SChL3ZqAcludDD85IHNwAbP2yUk4e4WMtgmoh1goBC54z38VhkH//AqJKB6WvdI+0uaFSTzAJdm97+DMj6DDn+wHcidNpfoTmAdYggY/9xj32sjZhK6ODYTQsvtgPsxvqiPcNbv/eSvTTpI6A7cZOoUCJIDleGPD7+vbMjiSuZRfLRjL2Jn+azdEOEQvbLzuTrqvzl3yEHrIVukZQCJE7z9tFpv272zlose438I6xt5p/6lNsVwT0S/KEVq8ueAIJLZEM/F1iXJfNlBnfCN+gqWeK8q/qq7tUiHowKe95XU3fUCXh+9tIY2QYAvRm0Ypc/KYhT55qnw9iYtxEb322f7c/iw0hC4pLCj1psyZbf/a8Vrg4o9FdotplwzKbnDASceMCrxHMsIHAzaNYBUbqIJEIJEKem6z+BEHJHsDo3h/qYYUnz033a69yxLlxzdheGgHgXZ+H+5Y3Cid4SSqXfEs5iyvhiOAozrtmid1iy1JLT+SM5rCmUvWc4fs31I6/Ekxwx/INkmxOYF55y9aXoRIIgackm6d/BVEKrsBxlMrNFXp9iYsAxkusy96MY8ikYqbBQmj6eGmqpn5ge1/rokLzEC6K03rWzrUp9ElVvKhgFeOkwT+EnctziX+CbZigNm9o4fgM1Nc5eX3bDa4vt3zLxFpzkCPJAYDb5eyWQVyR3L4ioDNCD+MrSJnxbrZIjqfaal4cFkK+F3CB2wXkmHnee1FVsaQss6w8 fkZFF+TB 1q/jPNb5PBqfn6PgLE2EvIm83/mBGsWKykuLQ+jkn88CMfQLNMcFpM/QnZJ9boW+d3vOuoZ2s3lCMDCc2GFW9PsU5Pkgvo/oDMnCxz3cdRtFbzXPrG7LowNIaCnBRCFi0wpGdfAZpxMPNIZ4Kv+JRm+VnHuyIzPsloYVnraneWPt07mxvcT7XAHcY9Fj7OzZxqDo/3H2rMewsuhsxgY2bvqWTd5OGE5XFbOEapZgrD5G6+LqJ58E0kjc1zQ2WuMqsJPyPC0TKbNxJyuVtm7Ug6HGfdQxp37atNP4oXo0ivn4MlKispS2n4iDgM33kzCCclcVwZOZKH7PDFtz3RIfLbZ8nuCRPHy6py1guiCNgx/wAdcdEazEfH3eOoXV5ajeDO5ka//iYue3Y5Jy9fTvyGIskGmD3vlxHmCzLx6HdT1d2xxPhb5qloFBhzJAt5z5XVMOOjifuwn1x8HXkv2jUADC8Vlz7DmO1ZeDF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a put_user_gcs() which does this. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 0db494b24dd0..5b91803201ef 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -522,6 +522,24 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr, + int *err) +{ + int ret; + + if (!access_ok((char __user *)addr, sizeof(u64))) { + *err = -EFAULT; + return; + } + + uaccess_ttbr0_enable(); + ret = gcssttr(addr, val); + if (ret != 0) + *err = ret; + uaccess_ttbr0_disable(); +} + + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Tue Oct 1 22:58:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818911 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23BDFCF3189 for ; Tue, 1 Oct 2024 23:02:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA6A2440152; Tue, 1 Oct 2024 19:02:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2EC668002B; Tue, 1 Oct 2024 19:02:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7E5B3440152; Tue, 1 Oct 2024 19:02:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 56A9568002B for ; Tue, 1 Oct 2024 19:02:01 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 0C18B40637 for ; Tue, 1 Oct 2024 23:02:01 +0000 (UTC) X-FDA: 82626558042.14.03D1FDC Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id 4101E1C0013 for ; Tue, 1 Oct 2024 23:01:59 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cn0MHg3e; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823680; a=rsa-sha256; cv=none; b=i1EjBuU/EnzF/YeGtZ0fiMDJ1FkmpQ8IFHsamxoSIV454FaCm3SaiogSH6i3spMsIFsrG9 RAPVQIBcTbHZdmgEPCqKeJ8E9L+VEnW80kx0/PqIW9htXW+NYFBnCwx3g8WXWHQ3qowiu2 gylJWrsw98CCpCsLujhhrg5vpwqLUNM= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cn0MHg3e; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823680; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IAM6gDfS/mTRz5sJ4RJI6jgHS8XXLS+0e372mgXrXQw=; b=HKNNhbk7B++qmgdlEK0UiKy5524n6kz0qLrSZrLENYhM7hgi+f8yRntj1gSJV4cBYzYsoz /4zpfZfSTjzf7nUAmqdbNSHOiKm63cg8dK56cK26yQ7zAqO+Fc/u60QW0dTia1VNxe/Wsa aaf/sZkrihEYtrRE2wvzE4Gx/KYIMEk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 631AD5C5547; Tue, 1 Oct 2024 23:01:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D4AFC4CECF; Tue, 1 Oct 2024 23:01:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823718; bh=Ks8MFARHCgoYvKlZU6GLbHhVfaqXF8TPA2joPbZMDJ0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cn0MHg3eO0Yo4Or//lQRmgonz5ejCUv+6594M8VlW6g8B5NIWlg860BJ6D8qI2YgV GV+I3lNe9kuZP1vrCgqbzVS6hK9e+nc0txyMnJ9T8BT9Uh+OEmcDYrfNNz7bzBOn6S oRFXhyJvXgEpzBJ5KVKYMioEvdK+KG96dF0Km5qHym4e1l9SU/X5va2Xey3Dk154O4 hMljQY4YA3oBYMuXQLOUoRZaCvlmileovyiCzDXvVRsJaA8NHELWgzYESuf5NthmQY Z+sByWmrf/S56XQALexiOpbAyIVq6QTCeeCuG3iOdod/wVu9gWyN5eQUa+dfllnXpK SUfOmuhLGsQ+w== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:50 +0100 Subject: [PATCH v13 11/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-11-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2363; i=broonie@kernel.org; h=from:subject:message-id; bh=Ks8MFARHCgoYvKlZU6GLbHhVfaqXF8TPA2joPbZMDJ0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Mo7StH9NeEdFx4e51cOj/G4fz2GUpoEOK3dVF ihqzuxKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+zAAKCRAk1otyXVSH0E4VB/ 44Y/DcxPyyJpegtnqk2Xgu4LfuVN9YN36+8Wa/TWW/x1dk/OsduoSR0EhzeC2naITe38OnI2yNsg2r HN/GaAXzc9BwXtFDMkIxufE38zZBxSH6tb7DRcyR4t+sY0wc8QE2X3AAAG9PSGMiA56nu5zdYlC7XP PLgYHgUmzw+YfzPsfZBVE2jh1vAbXfixjIO03HSI1Rbp1UsVnoZspSK5JVdwcA5R6nZcMCt8dA9tEp bAEQuk72ftCeVy1fIrWWJlYMyaTZ2W23ceUAsMF+g+Ef8tFQJxR/QpzGSrU3J/a3W2zLuuMjMuopKW 7ReB4Wzd9fUI3XBDKdquXjtl43L8R+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Queue-Id: 4101E1C0013 X-Rspamd-Server: rspam01 X-Stat-Signature: uq6dxeqdm7d9bwypyew9g3ce3x1mm9p6 X-HE-Tag: 1727823719-656191 X-HE-Meta: U2FsdGVkX1/tVkm9Mc++J50aPT4ge20lMknTuYvSV2UpBK/YYLVcUlqhFSgP/EId9/lXWVErIT3IjdR/vefl51UmTJUxMaMpmwnO5T4PgCnBdYhHOc/1pqkCcGcSWeiyK/raRXK4atvhGJr6loZaxDgJpVPvSYsgJfXUW0PMkgL4sY9IWmMJUTZRQjBUQT4Cjpanr38r/Ja5UN1KbPalixFfTs2a3QLSrgnVZIPpRTTG45R5zzjOdwFPjTWD/XVxE4znHaeCtgJ0II3TbvNmbjo0mCdK5GGwzLulB+uwRPPxO7mDGYqqh3MZ4ZpUrz8CGpg+awdoOmCA3dkWJ/BDcPPHefOkss4bYtZor4Sv4L1X7xhgJQoF6jO9V8YhU+5O459LQE4lsOQZHFumGrJL3HK9PIZzVabM6Ry8skpro13xZ4QC1MwLvSvD/ZE60XqEmWspFJa/Ck9yAgK9s/Dzk35UG/b+BtIZy5vSL5axdi4AvB6s1865snhZfon1xLcxxlGxjUB0S2kucZPSVN+H33G6sAELKeYebJ6QCXdILhYHqozmroC3cFA4ihInHviFA5omXt5m3ULoYlsR05Fc9LeREQqzyh0yI+7Ba3H09cLVJiV0yddT5JEFebt/JBQGYBEx9HX692WVZ1aYAatuE/5NAHKYdT12ix6cKHyXhUfmD2Ly/CKwKRT2rFfZLuiNmxzpWPdJmBaLG/HqI/kezv8WZj+eW4MPMsgJv6C2Zl9WWYX7/dAX+nehVqhTgh2XXqWC64STpob6ZFiJTjmH5WwACBisK+mQZCaj5ope1kocYHQJXePbMJcmYqH6ds72Ptp6rKR99AlyMNKrN3uS5NfcjRkRg2uclHblvK7vLnJCarxW+cxRl6uve2rNS1iChJiNFrHomwu7wa7EOx4hZgQ4uvSyRobNpDMYyvzAx3FyZgoIzGp6bEGCwjScJpQGn2TyjnXGj0e2N8WVtG1 kHRRspa4 jSbijx9LQa9Mt1JL09gmco5hZoOn0t8bRIhqObppV/uINPn10aYJq4FrkEBCajrgB/A+Cw+9psjWpSpzV03XZAaOJszOFURpnXAGBmKkt5+vkHJ/sM+Uf+6rCddzSdvdst4i/ReDhMkQLVnkesANM2pUGM7w0zDKL17W2P/SfJ3VMxff3sQh3/Bt0l9orZY2V28HcWOXjB0nBZtwEHjzHNtzhi1i7wNtqSTp/jgNAWLU7jyagRjojUt7wBqvP4b+3cbgBGWokqkYfbm59uBkmjQPCym7RpssPEVW5r1t2rspEpjn1Oo1yX0wP8ex1Q4yvBJMMywdzw/h+uRPnNy77i4/MyXC3vmG6s1/idrqsLWiLjdGdQ3sFyV/btBWWLB5ykQkX0F+xmQm5unzTXPT9blz0+PdA0CHD+PbndNeq1uLnD5jDi2/OniYc6w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. We also initialise GCSCR_EL1 and GCSCRE0_EL1 to ensure that we can execute function call instructions without faulting regardless of the state when the kernel is started. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown Reported-by: Nathan Chancellor Signed-off-by: Marc Zyngier Reviewed-by: Catalin Marinas Tested-by: Catalin Marinas --- arch/arm64/include/asm/el2_setup.h | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index e0ffdf13a18b..27086a81eae3 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -200,6 +208,16 @@ orr x0, x0, #HFGxTR_EL2_nPOR_EL0 .Lskip_poe_fgt_\@: + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + +.Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 msr_s SYS_HFGITR_EL2, xzr @@ -215,6 +233,17 @@ .Lskip_fgt_\@: .endm +.macro __init_el2_gcs + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lskip_gcs_\@ + + /* Ensure GCS is not enabled when we start trying to do BLs */ + msr_s SYS_GCSCR_EL1, xzr + msr_s SYS_GCSCRE0_EL1, xzr +.Lskip_gcs_\@: +.endm + .macro __init_el2_nvhe_prepare_eret mov x0, #INIT_PSTATE_EL1 msr spsr_el2, x0 @@ -240,6 +269,7 @@ __init_el2_nvhe_idregs __init_el2_cptr __init_el2_fgt + __init_el2_gcs .endm #ifndef __KVM_NVHE_HYPERVISOR__ From patchwork Tue Oct 1 22:58:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818912 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8092CCF318A for ; Tue, 1 Oct 2024 23:02:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1A580440154; Tue, 1 Oct 2024 19:02:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 138C868002B; Tue, 1 Oct 2024 19:02:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EC29E440154; Tue, 1 Oct 2024 19:02:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id CCFCF68002B for ; Tue, 1 Oct 2024 19:02:10 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 9024AA061D for ; Tue, 1 Oct 2024 23:02:10 +0000 (UTC) X-FDA: 82626558420.22.0CBE5C1 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id B6671180008 for ; Tue, 1 Oct 2024 23:02:08 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B3BTEar0; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823588; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5RHFAPSpd8wBK91KYkU7fIdOt25Rvs2+XbsTsnLwJnI=; b=jygv4Aj9kje7N2+SDg7bgqbr8YQoNkGfJ5bKtrUQbDmiEWQ9qT4HXTG+n6rU8q9xn3xokd ++Rh90RQG7y/LA+vhdA4qRtl8ILztFo+kAznRx8hpUytubf+rAfpqQeJblLjWSVskdA/RR TCpP36Xq58d13WQZBcObAXyCdOBG4yA= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823588; a=rsa-sha256; cv=none; b=itVzC2bOzSmSH97heJxVJeRNswjXlHwJPJrWuFDs3KmKwyBzb0khuL3CESImcI5sNP/SrJ dj1yjOYUAle+862fwLSGDhpSkm+MKmqjqLUklsy5u9p9em5x6OD5n/IUWNtoavmEn3Du3y +cfxmN3xyyxKGEy8vsP5ZvzPNkNFZaY= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B3BTEar0; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf16.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id C0E015C045E; Tue, 1 Oct 2024 23:02:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A05C7C4CEC6; Tue, 1 Oct 2024 23:01:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823727; bh=XlTxOnAiHFAYZKJpgoxrD4q5MOzDKmN/oDFlTiS+t2w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B3BTEar0kxUHPMC45mb/3guTN8GQteT2abMPsEuayS/m7o/yinbVqAofmSJC4hI07 laDxHf5pNum6w1MgF0Hatb12IwvGiUudPyBa5N4Lt0ph/FDLQj0IrCG80UZ4dteOWt XJG3OqTG+iwCn6+Fiu3D3SBDbLpx8k0b0D1D1SkkUNBVUJQkyY7/m5wtvgBalleSbX 4pyK+RBR1fyMn0UP6jxDTF7ofARSEdkfZyOYkMdlcsrO4Qe9cMDsXpQvv2nlGPcp9a 8j+QRwqde2ItoCzSxkbWyhuBcdhMtzUYyjW/LsolvPgDftd4DhYtR1Y2evktbviPm1 ib8H5QFYnP7+g== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:51 +0100 Subject: [PATCH v13 12/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-12-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3078; i=broonie@kernel.org; h=from:subject:message-id; bh=XlTxOnAiHFAYZKJpgoxrD4q5MOzDKmN/oDFlTiS+t2w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7NyUyYZXa21wFdz0TjX5+sLCx8XfO60DxVZUCX Ab4QUCaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+zQAKCRAk1otyXVSH0ICIB/ 9K3rESouHqLdfEcbd40qOHOSuEGRBwHV6r7EoMItNYD0N1F1ziysWvW4clA/0BqTgCI6dGSee3B91k +f7Xyfzxw77OGGlWSXBX5JMWqi4pK6xKeSJ/AeuZu09I7/HFcv96y1I5UD+VKmusZVKYYAKCw4Fdk9 5ke/xGqI/ii3mk2LZC+9Bow39wLizLWVo+OoaZ24iIsppW3pn3yl3hKpQHeN6x3ktjtfP3D7zVPPSI Jv7cZIjxEhD32jwR+vKPxyYD/GoepBE6abKyD4a9TO1br+AU0iNCfaAkKQvL/6FmYDLfsgHvYfjAk7 G4HaapPWfssm48QGOmIYG8CK2nU+4C X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: B6671180008 X-Stat-Signature: axm4n9r5gbt6jfaa9mttnutcfzeaex5o X-Rspam-User: X-HE-Tag: 1727823728-802462 X-HE-Meta: U2FsdGVkX184hjynlm8gCLSR9LSW9GkNjpw4FeuB+aMoftbo46eAb4Kw2+BgJ/4sdbSChyBywPbvaFYT8AQeB4REi8WpI84sdtKtxGmISxfJaXu8l8GLZEqCU0gPlMWUFKYvv8kropfdNRAGx7R45uGMJzcnilluPJCQYqsHLG3dY9pY3CKY+OPiFqGm/05do2O3UuvFTL8IkGjvATkl99wInMuENETBNTQYkwPdx7dy6KMHtrxWYDNcIGX+Apl+BpGrOtAGj8sN4+nQ4+CREwgDs5jRxCFaMrel2DxMMXo+EMpEkZJPXuYEdBL0BHoYpyTa12WpGVK4nh5mq5+P+ydPCNYwKIuPuei+wPLzuOUx3Dz84J6m4lfB6p57jRrkvStm5t8tSqi7kDpA66zMsk6u2Ij6G5PR5zfG8KJWswm/EvyTecQA8BYwacIZLuSkqji87EFXYtH/isCxFIP7YMNkepdEDBQS9z4CHlnPQepnzKwaTHiEp3geync+/bZymb4qZvlNwZLK87PIO8FkASPMnRSFj4JvFeh17F9LNXr0OLyjTQz4ixwrMKdyU+M96UWl8zgeuljRtvaUPshhwXbRPKYMNc10MSpd4LKlmw6upavbWcAHiL2YvYvQwZwwjxvf6KX2pO30uyDrsUVW8zy5akhCjlgGxrbyATr59MbU5W85sHxgQoFeHXVOkgeNfr0bOdncN7dLptp5rtWcuAN7Z/u0hTywXq6BC+D3yYqtyHxQv9uu4VkFMxS2AulnukXB/5jdV9dhBonyxInUMrrTrdTvc2uhLRQiI4eDmXrl/YVoNvqMV98yJDCEj0U4L7dObLvSEMVbJ7WzFjNaa5IiFGncRsvptr7NpqWZxt9hK0d7aSICSUfebuUO9XFDCJuQcdBz5mJBoTvnZb5xSkO5wPxJEBoyOOoxXugn400MM/n8PEyuGr8D/kZukZYOGlFwwBlxRXUqDIdu/Yn mmYc67aO Xe9ouyGOLrZ8VzfLwsprHW5ehFYGMyoFm77jyGJBTdPyaXK1W9RqNJ9uWpvGlsPkq5jF7NsoU4AgQ1ARJ+MwpiZzRjQtSOmtTPaiGQCsEGYXVD0SUud8Evcyf+vFgvyoKmQZj7sPejCe904mPTy1bJGoFEmpLnSYRQ1D2f2IG7pzFqnuPChgZs7AsSvKrkKbwUxvP2KA+Cm+kDDtbgTh2bBo1MzIp/PzGzUKgzx4M7EoS0eRZBVFzY6A2MxKROcAK0bnkQPHkqOdWQpSG+GqlnHmmB/Czh22BjrNJJaNCyqXASbxSuIfrlXp2wkoc5njaG6D04k7DGXwL7Vynk15M0oxHJF4qTntVKDQL6LQdSFOIlAHVQ5wCqKtTCkJS0v9SvXUvrTz779Zg/CxA2zailEUyuzk1RXqD7CypDV6/Zbj0n5kKbAy38H7Viw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 20 ++++++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 27 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 3d261cc123c1..69470795f5d2 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -838,6 +838,12 @@ static inline bool system_supports_poe(void) alternative_has_cap_unlikely(ARM64_HAS_S1POE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + alternative_has_cap_unlikely(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 718728a85430..d1e758e99e0a 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -291,6 +291,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2358,6 +2360,14 @@ static void cpu_enable_poe(const struct arm64_cpu_capabilities *__unused) } #endif +#ifdef CONFIG_ARM64_GCS +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCSPR_EL0 is always readable */ + write_sysreg_s(GCSCRE0_EL1_nTR, SYS_GCSCRE0_EL1); +} +#endif + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2889,6 +2899,16 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .cpu_enable = cpu_enable_poe, ARM64_CPUID_FIELDS(ID_AA64MMFR3_EL1, S1POE, IMP) }, +#endif +#ifdef CONFIG_ARM64_GCS + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, #endif {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index eedb5acc21ed..867d25d4a45a 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -29,6 +29,7 @@ HAS_EVT HAS_FPMR HAS_FGT HAS_FPSIMD +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Tue Oct 1 22:58:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818913 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F35BCF3189 for ; Tue, 1 Oct 2024 23:02:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E7774440155; Tue, 1 Oct 2024 19:02:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E04F068002B; Tue, 1 Oct 2024 19:02:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C5303440155; Tue, 1 Oct 2024 19:02:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9B4C668002B for ; Tue, 1 Oct 2024 19:02:21 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 530FBA02E8 for ; Tue, 1 Oct 2024 23:02:21 +0000 (UTC) X-FDA: 82626558882.08.708A4BE Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id 822662001B for ; Tue, 1 Oct 2024 23:02:19 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rJUOqUeC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823598; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iOYaUIdS+m3LOZFbHTHW1BU9wRlwmrEzO9wFPDsKuYI=; b=0SYmQ+qQcRtiyCWDgTF6jfZLuOAqtAqgujt6hXXjb5P7SODS8NfvvjkcltptSVyyVg8D0X v9GGyHfzlq8o7SxC4LTuWw1N6xkF98qUo1d12+X584qGKOxFWMAK8yDfVXSh/m/aGOQM4/ LY8VWeYgyKUn54y0yLCyOHK2QJk6kss= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823598; a=rsa-sha256; cv=none; b=lSnUPJ2R8AkCMrZ9ctKpRfwXrSdXoSiBPb1lSbEcBtD/CmOv1NnvGtgoDNl6dTYn7SEMWt 0yd0egnOglV479IXE3VdZvDm8dB4HA/NqFb6khgdS8PPX/SpoTn5UYgMq5naIiyVtCYm6G mJ2azyphRRnxd8MLr6niP1Q9jy+eH3I= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=rJUOqUeC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf13.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B59D25C069A; Tue, 1 Oct 2024 23:02:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A8B8C4CED9; Tue, 1 Oct 2024 23:02:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823738; bh=vaxVaycm7ebuteD+83+ohSTITiaiPgd3wzWiS8vbKhY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rJUOqUeCp2KVjBBFXojZ/9SF6t/enxvGS6axJO57zNZy1jrB1lGqVlGRQCupS4fEC ohBq8aVleb5r7ZKGie5EI/2CJcaIhDRwb/r883erqa+zwMVLT9ucKZg7sPeYaKEllJ SJvjiMRWcPran3zzscDbr6RmpxmVIQflvNnfVfzjtkl3bMx6Q3VMYHtIvsAaF4Vv6N Dk0XWFy7M1ygsTK8ufANb1hagsfnWUP92/j9wVhjGsDcHiCoJToP7SQQRhJcbiZYqV NA/B+lI3wX5YMhr7mPMTD9VFEQPrfr/ia1nQWZLRLjWq6J7N7Cw5KQfHfoA+fvYTYL p7AZrwKzbL4LA== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:52 +0100 Subject: [PATCH v13 13/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-13-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3090; i=broonie@kernel.org; h=from:subject:message-id; bh=vaxVaycm7ebuteD+83+ohSTITiaiPgd3wzWiS8vbKhY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7OFsx7rjfggosVPd6CTMLpKPa20DpvMtc4pKI/ zV30kZWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+zgAKCRAk1otyXVSH0CG6CA CBp7hBCPEkMdZ/Nsef6Zwahuw5MDiInv9NS8uCA+9eVJb3v6hj99Gpjsxs0lJXz/2vwsFfecjDCu4+ BDPdelwOdutPr2FkIdL6d5B0pkTQZqFAl9r0SQf6CMC9HsteqnYHrP4f+SkVNxs+CKKMI7zlGa3y4r K0CCRmb+0VQ3NBkfhpU9qOS2rwuiS5D27GesuGwNzo62aWURmN/vqcrUWRaGFugEiicbaIX9fp0tud JdY6ias/O9Vbthbm8USjjYy1lLVkmZphsfLmtAuXoL2+9o0RaPhlGkPWXVWADwCIfOudmUVzgmPGGE MVqCzHKUuxHfesEWw2BTBuW17fC2gx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 822662001B X-Stat-Signature: x81sqyh4kjp6okmxq7nmxxr3qgj8u8s5 X-Rspam-User: X-HE-Tag: 1727823739-185462 X-HE-Meta: U2FsdGVkX1+ib5QZ3kTQnEuaHWdVhhNkKzisRmkYhx4lWaODVgJa1oZ54OXPf0J/BNA3AY7r+kjJCuZqymMn8NMSyv+/WQCd1OnivcvDOIETSBrd5LIRzyipZuCgbgpgAS8SWZ+RH8/UTfU/pfIXT3tTnyBx49zGnjDNWwmk3PKs6owKUIvQFmB1d5cY8yyan9iJLqxUc29Coelux7YU8xuZZZvl3lPbIVw682S7xaFTR8t1YF6Rmq1IV+OydLmcCyiYWRLFewzOF4HHU78hdPT6lFLYTK+FNr3ac8eze7T/eiEBzHRyzqTvlkCiNMG9mocpyrF7xXro7fHd1sYSzcqbxu6O27LsPoSeV0in5l5GyhyZIdFs9LyH71A0//WJ5/za5H+av9A3NwWhgve5P5/AtSwcR7Ow+X2/yg75HrYXNAcmeL0anWS9XxNkycTekgfBgkt3vAe+EyYP9kQCSaPaLdTBVJZdbANu3z24QCI/USIGQHA3EOIsBUm2ICRb9MClDsja/B7F2SIrOIiUNQ/OdZ9bZ4ni6G0GUAB3NMnbVQGCpQB5x9n16LyoO6GwzP60QKcQSKcpNUOiyKI0jPO5PQvvTq05DzWG2zIuqGKr+SLkaXQf8lDnhenSmNfh6/0m/2EFs5d4XkPlpD2+4g5zU13W3sz5ElMBFSNJwsvh8IJN9qWQFfy2VjsgmCuKI4VOFxMHXt1NrHISdtIuxZ2i+oZ5aywFiUn194qMV2+i99KdZ9ofws+RLOQUYqOP+IDyigJtgB+gNQD7pA/qrBYpZDS8d2OqosrjX08pqur55W8JrURUhE4LJ+q6rKPXOgQzBjATuBgmx51OQZApAH47PIS6Sl17V2RyRTaFEpZXNMRMPRKP8LWAzE7xdMw+mTcDGoJXGo7a66Ug8Js4YmSZFvLIkR4V8OfviwMVB56zbCNfuP+3JYDsS10PXD8UCCUgRZ8vp/uPF9z3Tws fSJrNP1q wzSVyQvrldD/D9T8jZqptMst9vfy6WDz0oXe7b+ORaRfg0UaxSyhg4R0jZaSs44TR1DYoj/Icgzd7HL0V+v1KLOOyFrfPjZn1lulqz3Jax+6w29fnRK7lr+/7QN14llBtQpAFA9ZKBTC1VBJGimtN3shgu6SAEP7LoPjV4fpKD62tkiqUCmrGbSi4+A4XVzIeeSmG4uhfOxcIlx+aqaK77uCfQOJ/254WHiDYuZ+DzXkh08//xqAFB5bAAFNpczcRjeXuRN28I8FDkkh9VV+4dZdhSeg+ZfdC1A27CQghYmy1if8V3flkm8JYNvVBY9WSbB7IpDn8WNvvkNRp4bplKrJv+QDYAP89pbeZe6PV2l23g6LSW+tEmJTmHuieg73X3+FwlN0gijGnILXqlJ8RGYxWDoG/cvnhR+4Hs28jyybM0/8hs0QuJSw/Zg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index 2a11d0c10760..4e4bcd676f4c 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -144,15 +144,23 @@ static inline bool __pure lpa2_is_enabled(void) /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX_O) | \ @@ -160,6 +168,8 @@ static inline bool __pure lpa2_is_enabled(void) PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW_O)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Tue Oct 1 22:58:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818914 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F20CCF318A for ; Tue, 1 Oct 2024 23:02:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1F452440156; Tue, 1 Oct 2024 19:02:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 17EDA68002B; Tue, 1 Oct 2024 19:02:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 01DDE440156; Tue, 1 Oct 2024 19:02:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D293368002B for ; Tue, 1 Oct 2024 19:02:31 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 94DBA1A0553 for ; Tue, 1 Oct 2024 23:02:31 +0000 (UTC) X-FDA: 82626559302.12.9DA1C97 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf02.hostedemail.com (Postfix) with ESMTP id C112D80015 for ; Tue, 1 Oct 2024 23:02:29 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Qxl1dc4f; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823646; a=rsa-sha256; cv=none; b=8Q6Di9TLBkxElpSnGaVey7VGgNQA+/jadeCtxlc/xAXEISNyanOtGDJOoltoZMZnoxn0kr XoWx6WqQA8j4zOBQBpeODaTZ1zwkvHSEH5xPqk6v/bxBXWb68StEQDC9aHa5x8psWyjPKP +XPLxR1wUf79t7OG/D0pU0lmZLEXLJg= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Qxl1dc4f; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf02.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823646; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r4M9cm+vAVGIw21b4FYPIAYdVgyh4uip26gJ5pVz2N0=; b=G4qJHi0RCT/LohRNyaa9CUk9Ir3oijblZxBkWj3hEy1DW3Ha5LrtsAnphpcC/9NeUUeWdg HdpW3to4vC9rAxlPLoILBYWs0AOFaXb9FtbBZCESVD2E7qM7sEOQaKJBg0Dgiz4WX3iFOU c2/+VjNYpL6vhmTqx3NICaWuYAhHElo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D51175C05AF; Tue, 1 Oct 2024 23:02:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C518C4CED8; Tue, 1 Oct 2024 23:02:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823748; bh=DSXKD8gW4ItG/UhRbAzYa8PqcmIvUc0qAR0WYsCLZoQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Qxl1dc4f4chve9ceCv7x7HrnMjbe3+bj0kBlmSGkywXHx/YFH1F4fWYSGOTzq2Jj1 7YPuEbpy1zVUPFmIpGZVuVMCQDSIrz1lvAGH9OG9LpP+52gsCmSSb6WZZ+VDR13xib meOJhANTA6AH6Jib9RiKmujGbrD+wB2KbCrqYM95jtiXFIqIZ7ajdoJMOBhvDeWmi8 6QvuJHcC8UWZ0WuDlbzm3tIcDOqtW9xPLfx0u6xUNewhfaaQxsY2wOhvkFUBm3M09u jxOnI/RjxxiuXetU23l6bX0Oznw9TEWB+Vi5pT5Gs1Fuf1TmkmHTrJK+n/7Xg6wA01 SFND3170B8plQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:53 +0100 Subject: [PATCH v13 14/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-14-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1576; i=broonie@kernel.org; h=from:subject:message-id; bh=DSXKD8gW4ItG/UhRbAzYa8PqcmIvUc0qAR0WYsCLZoQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7PxDti5AFEq17Xq2PV0KS2RA+1FHmja+AU6Q78 PJq1JeSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+zwAKCRAk1otyXVSH0Lg5B/ 0dbOlRzFreX+wW/DcvXTnsPqnbTvc6TKCMr3ypMT24HSTNXmTk1oXZvj6SkxqEIPW7OLRjM6JqCX2d Gxv0JxWUhgRiQNJtNR/8GozrVMllWWEiUMqPEdfQHU5QQojC4rvm9bEOwnUEFmaNkz4KJ3mYntbgoR SENEnmTh4wgFW1GXN6zmAkZYEiQE0qKXj6csZpSQxvgcyk5TMKyWJOSZaEBZpUP8DXYb5ITQk93O02 ChdK2ZeGYiCCMA/bHxEC47tZJ9gU9cEP/+1Ia7sC2btjq5wuYcvMaGTexhSA+HW+Du+5Eat7SUuVNi rzCuOvArXgCjMKyOF/1L92CtCNX6J2 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: C112D80015 X-Stat-Signature: gey99pepjt1zmne3pjagu8wbitgcw97x X-Rspam-User: X-HE-Tag: 1727823749-329517 X-HE-Meta: U2FsdGVkX18sPUimEFXhHCudzGqtgcVDD8PFrlTvp0vlO8pRaaW51T15E1caP2XqfGTgKUmZ2D5WwJnr6UWAgseOSC608SduDJxFVqUBNL/r04s7T1dc3J5ZG90PlE398yNSNaHrU8d6wSPZwIFbTlv5pxLp8mG+gVmOSdWct/sprb1OwQLl7NYzb3L2otNr2LaYzUPzz3tnl88luKR/BGYu3NZAUvV9ZylJ9YP8XCuuo5cXDOyOzt9itzmYvH0htDosgD9QcxZRjlQg5+v5ygZktibasXKXnUNeN1q6jRg123vi70cMWZjfDTHWiYSPxwS+Jd4G8cvqg9XTLlsAtukQhaZmeiCYrExgkweOXNDWBVE2M5iDBiMu/8qlQ8YDnuNDqxRbbRlbsZkBTOv7pfx8F7pGVBNvHXtv15RrP/RMueUpNGkdHV1js9/pORLY/7INhowt4wGKp8349bBIvIMcZjpRipBZWgVDBWBwZFtybgl4fTiqwLcYEoYDyj388b0sseWcpYaSZwUn2o8GgpxjvQpyQzPzZMPPqXZ+OCiiN80yNegsM2ht6rFKxvMZsaT1nUUEpBfmiGloulx6XDClXblKI3Dz4x0Uim869kOH+/5cmBWgWaTGTS9y0zl9XLLAkKa/oX7d8Se95AQG1FKKVQ+3X12oyma/WOCzCh4Ak56KZHTHuAUFsK/z+n0oEgkiLj68xehFkg8Zv+qDqIA5GffhdDvARf7OUeWO/Y0Oh6tr0ikNukyPYs8C0ikFNEclGBCtNs0JciPD4NxYFcFsM4RlMB/YJPva03zi/qyf+0JRleb4FU/hWIu3f/vEtIhRpC5thSZ4ZQAtwhLmm3+jRTnMGXubJ1cmpqe08l+vS1s6/a6Lf0wigU96+tAUsl4MxKk3kRoLDVQ2MJAKiE5oAWnFk21qPUXFCvL83Nlc21tsgixUlN85C02QFsWe8wvQ/JUWl/lvGqw5F6m u4VHRLl6 QI26NCcugVGqf/Fwry4TzbjMvr879frwCo6CJO9aduzVWolLC2gMKFTKUmk13nqK2/R5+O7JzUdI5fWArW3OiIF+QGtt3UXwX9koB5NE10gyWq3xLLRwXKOJMCVDJZixeYK0100cyWYn1uBnjN1VEM4W4Tkm/Srx0yrlC3uPUu/Rttlse2qfEcADTdsrxuh0P/B6QIr1aouFHoOSZP3ENwTF2X1FVquCtrTRB+Ik+41S8W9dNlXK4FL5GVjf+ZQ1yETUnklNMEzrjAcy+hynFJxN0XWqD4eqqLLRjYT4wYuNAT99K8GABL++octyVaxr9CvyYxKi1B/YqXkvRNSy8uuKSR3onA4beNOR/WwobA62+B4KnzgaVZLIO/dKt0y8TJS3dNW3vvvMswdptLxNeFXBhLj5hEKZ1TNYWYeG0sv1G8nzg99PdHL0HECDJSpunir9CE7PCrS9UbUqyY+Wf1yozLesKdSiTvsg0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Use VM_HIGH_ARCH_5 for guarded control stack pages. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- include/linux/mm.h | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index e834779d9611..6a882c57a7e7 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -579,7 +579,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page sl sealed == ======================================= diff --git a/include/linux/mm.h b/include/linux/mm.h index 56654306a832..8852c39c7695 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -367,7 +367,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_6 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Tue Oct 1 22:58:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818915 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33CA9CF3189 for ; Tue, 1 Oct 2024 23:02:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B1ECB440158; Tue, 1 Oct 2024 19:02:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AA5C168002B; Tue, 1 Oct 2024 19:02:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F81A440158; Tue, 1 Oct 2024 19:02:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6D7E968002B for ; Tue, 1 Oct 2024 19:02:41 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2500916067E for ; Tue, 1 Oct 2024 23:02:41 +0000 (UTC) X-FDA: 82626559722.25.93A7879 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 407032000B for ; Tue, 1 Oct 2024 23:02:39 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gUqqh7nY; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823694; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dEnLJ/+hBhUYwyXeTYKZ8K5o/36C//OJTWlsfGGtyJk=; b=KAGu6JCm3XtjCj8Y3oE432RYTNfaYhh39G59qv1vQ0FDHH/1iuRcGiCqGBM6vKnJcanl7t F4Qtf7Htq+cORrnSrT1F9j+DZBkqtI4EFSXqu8B0J7941Awl4pTm8c1A1WBkXVj43Yeg7y uGbhMRTd9hFGo+Q2f7STGqY97vi+lPU= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gUqqh7nY; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823694; a=rsa-sha256; cv=none; b=DcNd5rThwTbZx5SlZTvWciem30XIoXbcufWS4Jkidn9QDb9XkQ9l52vplg6Ds0ANaNe0TN JkpLC8XO1nIEzw3JV8JOYdK50C4T3exAswATVGoxntNF1ylItGdZ5qcDqKSn3X1cgSxMJO tORSLSBMvBJ+JAH7qLCgA1qjQTx6mUg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 72E885C5543; Tue, 1 Oct 2024 23:02:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 32691C4CEC6; Tue, 1 Oct 2024 23:02:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823758; bh=iaOo/eHnt7nVAYYY04s0CJoGcZR71Wh0L0z0tfAjj5s=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gUqqh7nY8DifOXx4W85pnErZS2D1gnTtAy+3DgFxNMmQtLboM/sTyjbKi0UGUvxYE MnPV6ZCsIIJ6o7qGezeh+gI3YMVvc9Jb6VGhEpr3Ph1WOsyCPsnWO/QMsj4eHdpx20 P5298HT7y+dw1g1P5hyBAQlmS4D34zxnf2h9aYrrJGJtHSPGXczECZxbvomv0JSMEI 2brqU6kp7yqRC63sx+2NCcxw7ZEYrBATr3AqXdUwFLg8qnmQ0HQYdQ5eBj99fc3UTK 3WHErdya4+QHcjBF9VZIutYVj3Booae9dNtS22ZpYGEV1wpuiYpI32CInMnHzD7Phl eZsvlvNUlqAyQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:54 +0100 Subject: [PATCH v13 15/40] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-15-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1824; i=broonie@kernel.org; h=from:subject:message-id; bh=iaOo/eHnt7nVAYYY04s0CJoGcZR71Wh0L0z0tfAjj5s=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7P1EJJZsPfYIE0QBq/tINqmBg6uzvjA9MNO4G2 WFi9f7CJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+zwAKCRAk1otyXVSH0IY5B/ 9I4+JyQBe97ebsZEscKo1qo7/m+PT10LjgI7Sgz+xOEzztCrZMsOVvxpJOfRz9LSx3HXo7l/r2fMhO o70EbKlG3Ndfo8ukorzVw/0u/VlVIE+M0+uxJE46CJS+gaJLEvLlTr/mr9roUwkqHeI5YJ3u1qCxDg sfdiVWbdejibK6kkPIsuDcMl7qLDgPPgfGyCaCEVo58dYkq5niIfdflsydhtntcNM/C56Pa+c0aUx3 c1CWAKMjvXY1Y+G6FwbVbqON1ejk1JFXdCKgSslWxH6sD1MB8vblGF7f9LD5Jkj1AV8uIM49MW5V/u qCNkmAnsAgQFFEoUsAkeMHuk7yKJ/0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 407032000B X-Stat-Signature: bag5zb5m89n55g8acbno85j6fun1a9ep X-HE-Tag: 1727823759-66666 X-HE-Meta: U2FsdGVkX18Whc9BvM1cYVvhKG9Y5vGpPBUwK719EtMbLlSRR+nNXiQ/zHG9Tc44dM9A9liHBpaTYidlHVt9sbt3qY3LoGsMtTWhT2Q9Fzd+ml7BUFWilh3gV3MDDBBqEhKdwonTUMwFusMg2F7voHR3EWxGbYOtDJdiu6HJnIKfxbCSkTCrR961cp5tTnLwnSVWwr+pFaDg3UMsYY4flXtHKftOqIe3j7b+7OXaDk+vWd8akDUj4C1DWgcc1TA6mCsub1SikBFSIq7rF43kmqMCQcYr7cHaeCzOxRAt+ck6g8bSY2vEPzZ8OhnyD5NKfT7WoEc/6sULDknglbCcqJjtJyaEk5ozg4fnFiqcZwt6dBxEd4zC9Agm0Jw9rRqt6eQDcq+/Gwqhk5g8e++sHZtjv1fzEGatipZrLLByv1VX8tmz/jIkZkusvA/6SGhD/uVIQ6UVyWKoc44MmLx2LcbX8fLVqvb0CAxGT/BCgjOyidFe/Cg+2xZrN6zRDzmWskk3WKpCASL4cgtE2YW+E16bHMMXgsyFWz1G4rx+/ndZoxoKueqsTd3HYtn+Y3ReWZya157LYmL9kL1quBs3EAZb92wBsJiEvMes7vRfONA/7VObCRmG7z9xL0ITe2OABetC/Hk9WGJciAz8wlnRuSWdqe9L8CMAEFs5xVGSBOL9DBKKwv/Mqdhg22wJDsQSqoYDxh0is1N4O5QptufxNzFaRc7lBiUhCDqo/loEGX0Yo+ujh4IJfKErYv4EBpQBA0u4Qp8KZjIw6zMYTVZuiD9cvacEogd2xZChbPwtmGi+MGZRHTW+QEJovgutZdLeY5boApfF3C6y5v/xMJZ0KEy4QkcSppdHsKIH9rq/1So7XZN2n1899ZVv2Y2W0F5C9ZKqjQ8exJI5gNyM8ytT3iK9yQHVXEk7A70ZsOPkbc+UhhlN7oRQBa8JCGLtuLM8VGwBgdNQ41uKQhMrGgH DdWYUG+J Go9uyRC+xrH/w4AvWeG5zNBuX9U+On0JB2OUITPRVOsFg9NgNRlO0dC1XCEa5ppg9lRpzrUSn3vMsnMe2gTD2ONZNKCHw8vCzl7XxAFMrK59IWIBhhlcSLfOiYdxkhDQ0vAZh3ItjLMBShBjLFoxC0x4Kg4EuIXOYYsEw8T+DmS8GvOYVERTNhYG56YDZd9dnmgHN9pvYVAgL/l1rrJD1LtCtQttN/2+1H+v2PWkjQPngEq5+0DwhPxpy+D62gq9rth+imbrt7glsKpjMXhrG1hAzwUdm2bTxQy9BcbQLlxxjWZ9reY6321iULQ6IZ7cdMLVa51ixD+B0/ncjny6V63fZvjYOvLhhG8X5MUG6nnOYXE3P0jAN6IVr+1yFS5n1N41dSY6fJgL/gOn7PXbXPojrTm5fFveDxQAivcaa16W2bw2lkVEwFsulnw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 9 ++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 03b790fd0ad8..f6d784f8e6e0 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -71,6 +71,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* An executable GCS isn't a good idea. */ + if (vm_flags & VM_EXEC) + return false; + + /* The memory management core should prevent this */ + VM_WARN_ON(vm_flags & VM_SHARED); + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 7e3ad97e27d8..07aeab8a7606 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -83,8 +83,15 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* Short circuit GCS to avoid bloating the table. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Tue Oct 1 22:58:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818916 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79E8CCF3189 for ; Tue, 1 Oct 2024 23:02:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0E3E8440159; Tue, 1 Oct 2024 19:02:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 094C068002B; Tue, 1 Oct 2024 19:02:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E4E36440159; Tue, 1 Oct 2024 19:02:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C22A168002B for ; Tue, 1 Oct 2024 19:02:52 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7437A40C6E for ; Tue, 1 Oct 2024 23:02:52 +0000 (UTC) X-FDA: 82626560184.26.687C8AF Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id 7357B1C000A for ; Tue, 1 Oct 2024 23:02:50 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Cyuq51xc; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823705; a=rsa-sha256; cv=none; b=3yiHQRDNMUJ9ggSP53mGjpVZQuheCtTlep+Gzb9k3raBa6PTMkpH8lPiZus0VxB53YXen8 BZ9FDyg+EPnoWqwLQY5cAf96wTjEd4VCAcDPAj3kknA4Nq3y9d6CxgVNB8bBhDFKP5a/K8 KwZXdOwfLhZQV9o3baZde6bjiL4fwC0= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Cyuq51xc; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823705; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+iLPDj0OL/c+5vgNPTbzrpEtTVrnXNerOXcPtm/Qzko=; b=nvMO9hP8wPyhbFmB1JKuDOtRI4vz1QlufbJdfRMKqMLznvqZPjIb4GVhCzpLDrmfXOzKvv OMa2a7WeTr+0Kyo/tpg9U4yrQ0FpDG779k3HA9wPPL9F0PW2trK1l3YdELB/1/fb/S/iQg eGANlThHNgIBfhPYSfx90z3PbmGc2vI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8F4F55C555A; Tue, 1 Oct 2024 23:02:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B9403C4CECD; Tue, 1 Oct 2024 23:02:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823769; bh=dqJA7CeD4vDcg20Hjx10axKKnX1cmEUmt4xdYA5Muo8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Cyuq51xcu4Oe8SNzKmI9mGsDHX68xKiyGFKZPwgb0GMZ5mEOIM7xefF0QQXcF69Qx shu2AIFZJRFRPZerp50grzako6nPLG2JEum3Ds3CTS9lb15KHd64u8oQsXoJMrnsMv oNTe3/YFs1LoYBKCCGVTCGfiBJ2QZpQ7WPrRD4SKglR4syksYUMb2RaIp/f45T4ghl +onU/HjwvBT7HS4MyOCWdCbvRHGJ0xz8l/Bn/o0auYC77tiEEk7HExXeCza9wmn4PM hkO0R8z3PfwsMy8RQ+mXYI4JYe+T5ALrxq9bD/ChRrgQCbeQrBOJlfAUiVmYOJ/KQZ OhmTeyE0H2VXw== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:55 +0100 Subject: [PATCH v13 16/40] KVM: arm64: Manage GCS access and registers for guests MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-16-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=8542; i=broonie@kernel.org; h=from:subject:message-id; bh=dqJA7CeD4vDcg20Hjx10axKKnX1cmEUmt4xdYA5Muo8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7QVskmTvV6wCYz4hF3WV/qZEiKwsSyT7GkyHu7 SVCPg/eJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+0AAKCRAk1otyXVSH0LB3B/ 9hUvASp3PrfOYF9blcy86vvimsjQu6j2TgaaQ9yRen9IwMLRFt4xjIU+kGLaJ605pqC0tFUKFygXUd 5/ZS0661yKBdG9X4FGQt4QsbNxNptWpcIpEvGDR06KsegWrpMTt0CFtivrtnFORBbsVY9DhrgarPbf jN/EcKgOagIpuMsQsSzJqSDOwGe19HJlSu16DaJpV7gBULZI359zMxtZ8ppjYbl9eH7PIZfTthSDgK 9J/QGtjH1hkG8bOGYzf7VvchPyPXocNdE7+YEJV8CijQomqs/+x8S1sYwFmsFewuCcMH74W/ucxMlg WA/eh72Tapk2TZ8Sc/2bW37aDcFAJy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: uga5oacebxeyxdosr3x8m356kpfuq6ho X-Rspamd-Queue-Id: 7357B1C000A X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727823770-777919 X-HE-Meta: U2FsdGVkX19A/yk/uMDjYKbBgOYhhkKzjVvhh4KZoZ76ugePSZSleV1MgM1HzQ5rnFMvJlLjO4P5yVpOt7Ax1kCvYeX/A5XvnuKVQd2dtMiaTif/nLQorA8Z5acYZyvX9q/iLCKMDI75+kLol5Z/LK3i03w4yLI0Tei9pkzFNgcEpqetBQ2PMNSSjy/+ZPRAqETz/yH/nmbZOUURrxNukiI7ar2FhloVdYieNFctcRoTw3IUhbboxEpcq72LA3K0nVSRYVq4Od6+erfoXKnB1RFu8fcOYoecNRx3vC3a0qr45Cmq3kRZtXEnSnzT66WaJyljxYhNxym0KJ+ZtvSDqzputvE8TmmigtnYE9ko/wwLzIuJ9aZvQ+BjDU1OBQqiLDO0qipdRQuj22xSlHx2lEPiwt5+P1wx72ams6+L+ybs7WPZth8p1F4QHz8GaYccnWZq4Tss187xNekTvP9DqlCxREoqovhEg5Snah6c+UrX4TFQeZUxY0W2wPoWCjG9dhXfvgFBM5r6bdrnlZ7TwPjwzJms9Z0xLdGmN9jjWmgjlByBMnAkMv+/tFe/E0YMcgDUpPA3TJptFQlnezMyfzdSWg8sHZtUHr3UWrYOVkOQLgT1haWUbhs9cqnv/qMiZaOK5PDMWe6z5kJlP2gB+kuEH0pllIWIdXa0gxg9L85rbJX0UBO2QJiwn4pNvMo754rV0P2fV5/mYQSE5JKrtv0cOyACL/EYqzThrRzrVyshMiWBYrfy4uHohIq+0R0+uUh9Voc5O5RtooBZQ92FpdzMDAmUFC5fb4goan9HDySZ7sCrWXjOIuv3vuU59eeH2PHjMhQlXdGIff55zuD8Niv7OjEMh5j8RKejVuDCV6WvOkwe6w1p3+BHHTx3f6+tgfyBM4uWvklZXBtbaajgF3o5XeMzefVQPkYV9a9jUtndGMiTxAaC8qaGH0mlykEwRw/ELLCJX6hLE52YMDN HAryqCVG JDOtmEvnMk+MyP8sMcgpOXBX3Js2LtuvuEyosZJLxy7luqjbsewZyuxq4Q2BO/FgObSaZh9uQ5ew7ocXt7YY4EWkbJFl/K5PtONqc7xpMpY70inPgO8fbQdC8wVQx2Cblj3iTHVg4LSExlQzunTziZpMQjuylUjSTYlFwUGILGj9q10WafEO62KJpXZDn84GHKugQzNK/SZd1GUF7t2JXsnhZr7Z1mt4exqAjLfyVfQSvn1kZtHQ13f+o037BFy0C12kov27xiZ/B3bg8mY2o6DcP567eIsys5nbIyfKWoh1wz1sMpnHpQAe0m3+bN1hOHzqJO+6JxawiTrWOfr5R7FS2ktcaSbi4StiUmZ6EQxr9813iV252PFYruIFxQM2EEDGY X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. In order to allow guests to use GCS we also need to configure HCRX_EL2.GCSEn, if this is not set GCS instructions will be noops and CHKFEAT will report GCS as disabled. Also enable fine grained traps for access to the GCS registers by guests which do not have the feature enabled. In order to allow userspace to control availability of the feature to guests we enable writability for only ID_AA64PFR1_EL1.GCS, this is a deliberately conservative choice to avoid errors due to oversights. Further fields should be made writable in future. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/include/asm/vncr_mapping.h | 2 ++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 31 ++++++++++++++++++++++++++++++ arch/arm64/kvm/sys_regs.c | 27 +++++++++++++++++++++++++- 4 files changed, 71 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 329619c6fa96..31887d3f3de1 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -448,6 +448,10 @@ enum vcpu_sysreg { POR_EL0, /* Permission Overlay Register 0 (EL0) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + /* FP/SIMD/SVE */ SVCR, FPMR, @@ -525,6 +529,10 @@ enum vcpu_sysreg { VNCR(POR_EL1), /* Permission Overlay Register 1 (EL1) */ + /* Guarded Control Stack registers */ + VNCR(GCSPR_EL1), /* Guarded Control Stack Pointer (EL1) */ + VNCR(GCSCR_EL1), /* Guarded Control Stack Control (EL1) */ + VNCR(HFGRTR_EL2), VNCR(HFGWTR_EL2), VNCR(HFGITR_EL2), @@ -1495,4 +1503,8 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); (system_supports_fpmr() && \ kvm_has_feat((k), ID_AA64PFR2_EL1, FPMR, IMP)) +#define kvm_has_gcs(k) \ + (system_supports_gcs() && \ + kvm_has_feat((k), ID_AA64PFR1_EL1, GCS, IMP)) + #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/arm64/include/asm/vncr_mapping.h b/arch/arm64/include/asm/vncr_mapping.h index 06f8ec0906a6..e289064148b3 100644 --- a/arch/arm64/include/asm/vncr_mapping.h +++ b/arch/arm64/include/asm/vncr_mapping.h @@ -89,6 +89,8 @@ #define VNCR_PMSIRR_EL1 0x840 #define VNCR_PMSLATFR_EL1 0x848 #define VNCR_TRFCR_EL1 0x880 +#define VNCR_GCSPR_EL1 0x8C0 +#define VNCR_GCSCR_EL1 0x8D0 #define VNCR_MPAM1_EL1 0x900 #define VNCR_MPAMHCR_EL2 0x930 #define VNCR_MPAMVPMV_EL2 0x938 diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index 1579a3c08a36..70bd61430834 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -17,6 +17,7 @@ #include static inline bool ctxt_has_s1poe(struct kvm_cpu_context *ctxt); +static inline bool ctxt_has_gcs(struct kvm_cpu_context *ctxt); static inline void __sysreg_save_common_state(struct kvm_cpu_context *ctxt) { @@ -31,6 +32,11 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } } static inline struct kvm_vcpu *ctxt_to_vcpu(struct kvm_cpu_context *ctxt) @@ -83,6 +89,17 @@ static inline bool ctxt_has_s1poe(struct kvm_cpu_context *ctxt) return kvm_has_feat(kern_hyp_va(vcpu->kvm), ID_AA64MMFR3_EL1, S1POE, IMP); } +static inline bool ctxt_has_gcs(struct kvm_cpu_context *ctxt) +{ + struct kvm_vcpu *vcpu; + + if (!cpus_have_final_cap(ARM64_HAS_GCS)) + return false; + + vcpu = ctxt_to_vcpu(ctxt); + return kvm_has_feat(kern_hyp_va(vcpu->kvm), ID_AA64PFR1_EL1, GCS, IMP); +} + static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, SCTLR_EL1) = read_sysreg_el1(SYS_SCTLR); @@ -96,6 +113,10 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { ctxt_sys_reg(ctxt, PIR_EL1) = read_sysreg_el1(SYS_PIR); ctxt_sys_reg(ctxt, PIRE0_EL1) = read_sysreg_el1(SYS_PIRE0); + if (ctxt_has_gcs(ctxt)) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + } } if (ctxt_has_s1poe(ctxt)) @@ -150,6 +171,11 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (ctxt_has_gcs(ctxt)) { + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -181,6 +207,11 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) if (ctxt_has_s1pie(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, PIR_EL1), SYS_PIR); write_sysreg_el1(ctxt_sys_reg(ctxt, PIRE0_EL1), SYS_PIRE0); + + if (ctxt_has_gcs(ctxt)) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + } } if (ctxt_has_s1poe(ctxt)) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index dad88e31f953..bafdf6b31d25 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1641,6 +1641,15 @@ static unsigned int raz_visibility(const struct kvm_vcpu *vcpu, return REG_RAZ; } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *r) +{ + if (kvm_has_gcs(vcpu->kvm)) + return 0; + + return REG_HIDDEN; +} + /* cpufeature ID register access trap handlers */ static bool access_id_reg(struct kvm_vcpu *vcpu, @@ -2376,7 +2385,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { ID_AA64PFR0_EL1_RAS | ID_AA64PFR0_EL1_AdvSIMD | ID_AA64PFR0_EL1_FP), }, - ID_SANITISED(ID_AA64PFR1_EL1), + ID_WRITABLE(ID_AA64PFR1_EL1, ID_AA64PFR1_EL1_GCS), ID_WRITABLE(ID_AA64PFR2_EL1, ID_AA64PFR2_EL1_FPMR), ID_UNALLOCATED(4,3), ID_WRITABLE(ID_AA64ZFR0_EL1, ~ID_AA64ZFR0_EL1_RES0), @@ -2461,6 +2470,13 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + { SYS_DESC(SYS_GCSCR_EL1), NULL, reset_val, GCSCR_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSPR_EL1), NULL, reset_unknown, GCSPR_EL1, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_GCSCRE0_EL1), NULL, reset_val, GCSCRE0_EL1, 0, + .visibility = gcs_visibility }, + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2567,6 +2583,8 @@ static const struct sys_reg_desc sys_reg_descs[] = { CTR_EL0_IDC_MASK | CTR_EL0_DminLine_MASK | CTR_EL0_IminLine_MASK), + { SYS_DESC(SYS_GCSPR_EL0), NULL, reset_unknown, GCSPR_EL0, + .visibility = gcs_visibility }, { SYS_DESC(SYS_SVCR), undef_access, reset_val, SVCR, 0, .visibility = sme_visibility }, { SYS_DESC(SYS_FPMR), undef_access, reset_val, FPMR, 0, .visibility = fp8_visibility }, @@ -4661,6 +4679,9 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) if (kvm_has_fpmr(kvm)) vcpu->arch.hcrx_el2 |= HCRX_EL2_EnFPM; + + if (kvm_has_gcs(kvm)) + vcpu->arch.hcrx_el2 |= HCRX_EL2_GCSEn; } if (test_bit(KVM_ARCH_FLAG_FGU_INITIALIZED, &kvm->arch.flags)) @@ -4714,6 +4735,10 @@ void kvm_calculate_traps(struct kvm_vcpu *vcpu) kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nPOR_EL1 | HFGxTR_EL2_nPOR_EL0); + if (!kvm_has_gcs(kvm)) + kvm->arch.fgu[HFGxTR_GROUP] |= (HFGxTR_EL2_nGCS_EL0 | + HFGxTR_EL2_nGCS_EL1); + if (!kvm_has_feat(kvm, ID_AA64PFR0_EL1, AMU, IMP)) kvm->arch.fgu[HAFGRTR_GROUP] |= ~(HAFGRTR_EL2_RES0 | HAFGRTR_EL2_RES1); From patchwork Tue Oct 1 22:58:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818917 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE1B2CF3189 for ; Tue, 1 Oct 2024 23:03:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5EBBF44015B; Tue, 1 Oct 2024 19:03:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 59AE068002B; Tue, 1 Oct 2024 19:03:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 415A544015B; Tue, 1 Oct 2024 19:03:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 20AD268002B for ; Tue, 1 Oct 2024 19:03:04 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DAB5614107B for ; Tue, 1 Oct 2024 23:03:03 +0000 (UTC) X-FDA: 82626560646.27.2B2D9FC Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf14.hostedemail.com (Postfix) with ESMTP id 2CE08100015 for ; Tue, 1 Oct 2024 23:03:02 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nwsAukUu; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823678; a=rsa-sha256; cv=none; b=MEwvcAPzp1f8VfHFlIwQYCo7qV+eiIe7m+CZ20MSCPzmPL8sqvXu/jdQfrsOsgA0i9o5tQ iHcpdYYwg9KrhToBdKI6WV1S/PQ9j4uq51jOgqR6Z2pTEg3fyDfvSMjTi56W4lINvXCFw0 iD45Gngj9kWfjlYGziWWyssCE92ZG9A= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nwsAukUu; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823678; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=JJDr70NVCGcECyEL7OLxYeb2tLtuS/I44cQk6lmuaDg=; b=qSL/qs4b/JLnkyRAJ60HRyUs6Uv62bCpDWvWUXT/WOW6gm4fkkpumLIG+7Dv+cZ4kFdpCC bisJLbO4bREm9T1JKFb2n3xsojcqYR1TnhvX6gbqv5cgIJezAmUv5/UT7r6E23+1ueDgc5 j1isyOHqKLrzSPdccc7JNNG1uWQ9tN0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 1E9A0A4336F; Tue, 1 Oct 2024 23:02:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F414AC4CEC6; Tue, 1 Oct 2024 23:02:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823781; bh=zAbUzr1ODeYIke6nRWrxiS99ZR09MpEN2O+JxNln/KQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nwsAukUuBWfza0uW/rUXY3JuaOEaCfpGhqWfdkW4N1gDIkUidRK/hasGJbxinc8n9 aJuU34SmkjIp5dTX+VS2pz6KWmffzyTp6vcj+BHHUSPAxm4MvcCE0UpxaD7Y5fKPkn ZIouN8Bo132zSXBrDXzBs9KdMFWMGBAL+8NcAJOHtPBextX0bEy24+65ZtcHu2XBQh 4ExV9wc+5W+7nYeRkqGn3uWRbIMhfHZWT4rIQWmnRpTLfUw142l34HvjeorA2Ftp5z LQR24dMGjVHOKiE8geEw2Dk+GA2M8PK0kQgzok44ktT6EG3tYjPymmKJsyQtX5RU9K rq1mVjQibGiCQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:56 +0100 Subject: [PATCH v13 17/40] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-17-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2008; i=broonie@kernel.org; h=from:subject:message-id; bh=zAbUzr1ODeYIke6nRWrxiS99ZR09MpEN2O+JxNln/KQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7REUmBbOjHIbjRTXTBou6dlj2jf+JoQilSMLfb 4oamPWaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+0QAKCRAk1otyXVSH0FP1B/ 4sD5XnZ55qcZbmL8d240mUgjPiUILjDGICiY1VAzT57XN7KmS4yKXFIBxESjVgvnC8PpI/Y9Zb7sLt BoUFcV+Q7U8gNjyR9hza7jtoxvCKcCe9Fn68gwmkX0Q4K0iHv87BggWlo0hChy9JQMvrDNyrRwBnMY BQAtnYj8LUX9i5RQKhYnVKqYIz6KT6wIZL3OCytHzA4lDd0VcqnaXlWy8vM+ahKTXCJCH1oxk8LAzG 7YIm6HPFMIia0KQmWqlfB//G7jzb5amS/Mc8t2m3DcdvgO2PX0nljBPoA5AgKnG93CQFNxYmlBQ5kG 7zXw7oMDda+u457zCFPWYThTod14ro X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 2CE08100015 X-Stat-Signature: wwkmmmsnrk9gxoc3mq1ythq18fxpcg13 X-Rspam-User: X-HE-Tag: 1727823782-481008 X-HE-Meta: U2FsdGVkX1/IcfLym8IUFGaWCRA9a3q3oz4PXexpcdbE8/XAaILUqJ/tcA/YW71/7AmsSZIuzg9m6btFxICBQj6nxawD3j+HW2bXaIgFzo3keq7CUHHA3dyx/bnqFvisvF/8IioNVN25Vs3qMCdbBmOR3HIaZ3UB+yL5oGTIFIhGpLW3/+kQxPmxVYMAqRYYufMiwItRB+WorpK5YeRQ7g/WvBg+ecA0a/oFvd3jyNKFkRZE6jrIqEoGsTrhZYx7JiHQIrC+IKCTd6W+ChOSV16dk2ochccFco0cGPFJkvs42a4wSYb1K0laoBI8FmMdLhFHBcaU7vIjtGdbP9gjME9ET6INRh8SaLXUrfIiOiEHGZ6rC0exrXqndySqYQZRBNmq91mrHGfRcPW703mYy48psxkUfUGGcNMzpzFwXgtcEqWyUb4dvUFi+Hr9HB7FzMYkY5lZoXuW1xW35zbiPHWU5ZIzqarsNbHnHd2zlkT/0XWQnQul2Tiabn2Qd2VvcER1BpV0jcUixL4iHdn7nrp8cfqiT3AAwCQcOH9zRsCGoFYrnta/JGvO+ckVpyDG5CsqVQWNsdXYrulbLOD/hgzX8xf7RwZhV65w/mGWo3HmuN0F13YdKlg/G7gUmZQINyU9R86y2sZvfn48g+d8GqOISDddMXB4eItl2bOCfLte2rEQQDKnoDk3orkk8mq3JAe/tafG4seu14G8iAeGgq+in0KEDnj9Z6Z1ldN9C1Qr5gFGFo7Ez7CWHdLoFIn9QlEc26Yjfh441UiW+skgu7ZDg5sqK3HsC8aBkcWdrJ6EpygCz9QimtXxdfkChGkNtUP+na68cg6koNLKpF6/q6Ml9vf2qr8Bgolb+snmp6Jc79MTdNuVyUIOZHl6+QXaezmTNTbZ3adEVRr68JEOJGAfB5mpTkZ6oxLyuhNRr1yA7phkZos9j/tT27ymhh0kFfL66B0qKtzE54nEyla arJ1cMJT DoQPo8jHEWGJ1rIVxKIB6HjfociFUfYLnPLLHnHKc9lt4WtvF28LpThsf+6gGEzXGAJCcXr0JYHzqC5Bv/pLSZ3sSBmj5H+ncnxxtA0hyRCk+/fPbbhpIKST43zVm5VR6ZkHWQzrqm4gXB0BkjTpenICrUhk2GNnD2oRW1OkacLPqWG8JMVCtTM5jMPLUUl/5fVSS3tL7izvrNMojbtfkEAXLTefaNFdIKoSBY0tYw3WcDt//Lr45Lh58+iWd4IyfIw7Pr8BhiyzVOgjPLOh/TQ/Cb4nMbcQj2FowgiB2zh3SgRsGmTh9pAa4dMJZsZMV59zWrz/TEJID9SRRMXYNJcrnrhPcRxjvZ8HB3l71ef5KI3m9DhOBvhgmUXNs4INdLIzku+crMCM2KDjQEXa/jCygsv+WwAs211Q32jAC4B1V2k5ABOVI48ioBA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Catalin Marinas Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 3 +++ arch/arm64/kernel/pi/idreg-override.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 1518343bbe22..c1b00f709734 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -446,6 +446,9 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 29d4b6244a6f..2bb709d78405 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -133,6 +133,7 @@ static const struct ftr_set_desc pfr1 __prel64_initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -215,6 +216,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Tue Oct 1 22:58:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818918 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D27A4CF318A for ; Tue, 1 Oct 2024 23:03:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 661FD44015C; Tue, 1 Oct 2024 19:03:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5EA3068002B; Tue, 1 Oct 2024 19:03:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 464A244015C; Tue, 1 Oct 2024 19:03:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1EE5868002B for ; Tue, 1 Oct 2024 19:03:18 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DA596A0667 for ; Tue, 1 Oct 2024 23:03:17 +0000 (UTC) X-FDA: 82626561234.19.68653E9 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 0CBC420002 for ; Tue, 1 Oct 2024 23:03:15 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qN0KFUJ+; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823775; a=rsa-sha256; cv=none; b=JL/GhhcwR3MHoUMz/goqNfKSEJ469WWdTo3KsRSWcvQPZ24HKxO0rvCIrZ1dHdINNAeU/1 +i6h740GD3PRF5uDA6wn/owzFLtRIodeR1WeTlxplqHZtEJaIsPIbV4jsH5A2heGoI3Kkj j5Di7RRwmoc7CKpBLeM0s3eDl2QjhGg= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=qN0KFUJ+; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823775; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ZaSzZ1EERtenLj4LKOi2XUQcr6CbcgyVZvgUx3t3Hlg=; b=ir0xjNfZBhrbDKYi/9HB1jRSsi39VrvdStesvhCWBVwuAmLBmxetQS28BMg0JzPMEHl10r kZGXYyZPIAtlgAtSRm+ccKK3gAlobzXt93YY1xr08Cq1YwWi/bPmBCm/6RMLl18zNmFhO7 B25eMuPzRXk0hp3Y0oEvKQFdIFp2x3A= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 19EFD5C4354; Tue, 1 Oct 2024 23:03:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B4015C4CEC6; Tue, 1 Oct 2024 23:03:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823794; bh=2WIrz1ABczNTTuelqfWzt+ZpKm8ek9K3V5zq/uM97Fk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qN0KFUJ+vti96yhBFnZJAl07br92mY0LG2AqB/XU+lMCE9arSoc22Aihn57FzTPpD jKKAVLnRC9gZ+jxwJjsmG+liJwo8cYrrojAb2rw7ocfy49cIqq+/HQJ2k+wHQ3azmZ u3St2TVXL1sZjxGG5DyK1BGF285LX4FW+9/vCWli5B9IDC/htY/ksU3oVbD5fNcrSZ a1TY6yxP+8vK/arjhFPYY/r10Hn3joDG3THXNeO20pmSm37VOv9GnTCtQ0Fs10weUJ L+JfGNKPR7XepAB1gZxNt/mU2ePMdt3EoQib1jcflSlJ0/7U8bue3Y1rO4mX5fjIIM m+gHnS7WPEZoQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:57 +0100 Subject: [PATCH v13 18/40] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-18-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3474; i=broonie@kernel.org; h=from:subject:message-id; bh=2WIrz1ABczNTTuelqfWzt+ZpKm8ek9K3V5zq/uM97Fk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7ScE1JawkHCykL372K9ucQN3HG0LoTpJcod4re tJ+zIjyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+0gAKCRAk1otyXVSH0JQvB/ oDt7sqH+5NY4WIhDaXR/5vdnxL7JiatcdiiFuj+HShLpNnbvssP8ZvQSkwVv2/FomFWveqRBW43bJG P9/eHhKLyOKtyVQL4JAFUypJsyrK1luF9UU6gl9ztYvjWlBwjyVgH2te8uhEl4P5pP+WATtKiIC/Wo eul9cxeK7IgMXvQ3/hOCQpTVAHAi71PRnUczqs1r9slmr10NSrFKQiGJ9nq6AzMp/S+cIz4mJeVnEg OIUD1mRHZ8TPssXOn4jR4Y54I3iYwHRRUkvIOT/Tr7jH+Vs3/3yPmLGdBY7SEMaLgniP0PYxT8pSec FSLL7PSosg+g3RZfNrkb5A1gygvicw X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: ozxyfquaat9ri3k5648br357cn8jw6df X-Rspamd-Queue-Id: 0CBC420002 X-Rspamd-Server: rspam02 X-HE-Tag: 1727823795-578891 X-HE-Meta: U2FsdGVkX1+qqBZKB5BBJstfpwZJ3NR33NoBaYbXYD7h+HeQKrOQi/jThioW2UXeJm6CFHa4pMWHlzb4a11vwyfTZpIz19EqCsVe68iXflmKGH/ibdUkHelkF2qjnltbkUhglgwsy9/GH++hw2BXOf39anLFbNmwXH4ybtNeCL55aWEk8jAnbX2+L1IEtj/7NqC0PiEiADSWPMkZb8cNyko+a9U7q2vokuSBYYnikG97hbsjtmpB8yk90NASxHNVG0Vh8hvZqwHjxXQkWFcV5smSeW2euFvaoLxKZzf2qEuVzdH0IrPzYOyqJUMPIUCE8IMI0ngObzG7P9Jvp1MAe7iuJ9zkEYeij4wgdw7Oqha2KurEfjZzcTLwAoTYkNc2VYRtJFsRBHkSgOiVoowWHWIThxI/duBWZgxFt0Q2n4kD6TrCLMk2PT2aUz6ZbOEz+5yjE7oMtxhG8wjo06bqYemx+2NDMv26Gao8D3LBVlz/zXdkOhtl0ihY5n+zvNzy8qSS8GYxaD3CBFoX+ljs6g/m5TpyL728lnv5o1Qfu1olkiNLtjXCxHnTIz3c6IoUjUyXraHZZa7jj3AUNlgZZh3jXeq/cU810tsbxRdWykW3QH3f0Rw7OpWVpnWT4bQYXCp9VSiIY9HtyJXDTeRFFZzqdQP3/+jGx6/xs7E1wScaoT5dK735r4alsqCoDDtIl2eVN1Qq9m7lr3Kh0wiaTCZdM8RiJd4LUKazzbm8VYe0pz+aqn4nt6NrALQ2Irj6tTPPjZq90p9U1+c3U3HlHwrlaXmLC4KkCHYEZPq8ot8+eMj+1aPa8JT4jfe2dGgjA0afbIYEmq75iwmWwU3T951t+Kttm0vWGPddq2SO/xOBm6j8DFq4Oe767hJzQNHht4zZwZ8TGg3rtO3fdM0z5r6Ym96GScu0iZM/wHt0oaux2Bea8NYg5XKE6Yg6aiMNXPb9n4BKePtKmV3R5+B Y7hDKLKn 7pFxiOx6x23iN3U9eUApzndiOv/zl9tMnFRkNw2mUnm9okZikYiPxeXF/vtyI2c2qzkyHfz5kYBLCWrQFeJDsYpxbUHD+Y4rn+8SYOuBQp+IkZd1Dno+XEVJKeglFJsrEGyXK3Mem11dHzPGeXRUtuAAsMuFmvISgoJmTMcLM9+ORyxlS1Cr5uf/Rc1yPGtd1PmOmHXIpGg7ua6LvnD1H1KyKtkHD51ui18aaDL47uJ7Clbo8oflWhvX+shlxNQJ4roER0f+wSi9sFYPqm54DBUHcOAsl1CirLDxepMB/n3pleV7E+Okmx2GaSLnYyPLHfMmt X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown Acked-by: Yury Khrustalev --- Documentation/arch/arm64/elf_hwcaps.rst | 4 ++++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 3 ++- arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index 694f67fa07d1..25b41ff74fa0 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -170,6 +170,10 @@ HWCAP_PACG ID_AA64ISAR1_EL1.GPI == 0b0001, as described by Documentation/arch/arm64/pointer-authentication.rst. +HWCAP_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1, as + described by Documentation/arch/arm64/gcs.rst. + HWCAP2_DCPODP Functionality implied by ID_AA64ISAR1_EL1.DPB == 0b0010. diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index a775adddecf2..7bcf1347ca0b 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -92,6 +92,7 @@ #define KERNEL_HWCAP_SB __khwcap_feature(SB) #define KERNEL_HWCAP_PACA __khwcap_feature(PACA) #define KERNEL_HWCAP_PACG __khwcap_feature(PACG) +#define KERNEL_HWCAP_GCS __khwcap_feature(GCS) #define __khwcap2_feature(x) (const_ilog2(HWCAP2_ ## x) + 64) #define KERNEL_HWCAP_DCPODP __khwcap2_feature(DCPODP) diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 055381b2c615..675642ec4d91 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -21,7 +21,7 @@ * HWCAP flags - for AT_HWCAP * * Bits 62 and 63 are reserved for use by libc. - * Bits 32-61 are unallocated for potential use by libc. + * Bits 33-61 are unallocated for potential use by libc. */ #define HWCAP_FP (1 << 0) #define HWCAP_ASIMD (1 << 1) @@ -55,6 +55,7 @@ #define HWCAP_SB (1 << 29) #define HWCAP_PACA (1 << 30) #define HWCAP_PACG (1UL << 31) +#define HWCAP_GCS (1UL << 32) /* * HWCAP2 flags - for AT_HWCAP2 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d1e758e99e0a..b8655d55f318 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3025,6 +3025,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 44718d0482b3..f2f92c6b1c85 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -80,6 +80,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SB] = "sb", [KERNEL_HWCAP_PACA] = "paca", [KERNEL_HWCAP_PACG] = "pacg", + [KERNEL_HWCAP_GCS] = "gcs", [KERNEL_HWCAP_DCPODP] = "dcpodp", [KERNEL_HWCAP_SVE2] = "sve2", [KERNEL_HWCAP_SVEAES] = "sveaes", From patchwork Tue Oct 1 22:58:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818919 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23549CF3189 for ; Tue, 1 Oct 2024 23:03:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA71A44015D; Tue, 1 Oct 2024 19:03:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A561868002B; Tue, 1 Oct 2024 19:03:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8CFD444015D; Tue, 1 Oct 2024 19:03:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 6DF6368002B for ; Tue, 1 Oct 2024 19:03:30 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id E6C9614043E for ; Tue, 1 Oct 2024 23:03:29 +0000 (UTC) X-FDA: 82626561738.23.BF0B36A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf19.hostedemail.com (Postfix) with ESMTP id 1D3C81A001E for ; Tue, 1 Oct 2024 23:03:27 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KqCfPYUW; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823768; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=b7a5JPWXD00FDyJM1sTjstfsZMWA+8qkR+Hipeg6xl4=; b=uQHOD/0OvImox9Bem+TSnD6kDYIrawXmkN+e2odP46rR3py0+fhCzqh82au/2Lgzi1MBtx QPhSbA5PMxHDm/BY5TzgdmunqeAiCY91710mtObXiHTNNaeymZH3CWNzXNgXOKjRCXrCIS bQg3CInJo5rpDoGVVscYM7Xq4zu34sw= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KqCfPYUW; spf=pass (imf19.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823768; a=rsa-sha256; cv=none; b=3uYkqPm+VlPPw8FT6+LoUQPOud0jNUP9X1BqkiO3s69ZWQC3Ql6yR049uzlEIPjvRmBbfc afnXebCBqMCXZTASqQ4+J9MR9vbwW5EoAt4FpqO3vDP/b3a9pBePoL6BsLr7reMewutwWd VK+Z5sa8wtUTAyeA5UDsENm/QHV7ELQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 4EFAE5C05A0; Tue, 1 Oct 2024 23:03:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7E7BC4AF09; Tue, 1 Oct 2024 23:03:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823807; bh=gMNU4N2r9J/DtCxCWsOgJ88QFKSaRk78Dab/E2WA3Cw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KqCfPYUW5zTqS/k4vJAO/lTJw2NGaBj73+Z6ckTKhj6zWABvPNxmswNeR/7oUe4hI rr4R62lcBW5McUNQRyaNpq5CpA0fk9cs6m8DYft9pE8NrbZRhQHdIY9kKd4nO7IXFN 7g5dXbG8hXcPprDp2llw6ginwNm3qmNewWeqgt8tRw0JFNlJ6/jnQYuuYrvR4Tfyy0 krMaRLDwG67x8hAaiLw0bXhrQ/RINPPp09Z+OLRR2033N70ZrZ2oDWWoPXcVpfN/j8 Wb3UcF7CFxt5GIzYEcp2MBhO7R3/IjKnT/YGrcwXGtgaiGerHFs6MsOEtp44icNnXD 9HhQHjzYORtSg== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:58 +0100 Subject: [PATCH v13 19/40] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-19-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=6161; i=broonie@kernel.org; h=from:subject:message-id; bh=gMNU4N2r9J/DtCxCWsOgJ88QFKSaRk78Dab/E2WA3Cw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7SsPpp0sak4YBdEYHnTAxj5FmkgTt2Icjl0/+7 aP9DIfqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+0gAKCRAk1otyXVSH0BcHB/ 4+ntAaj6fQXmq38J+L4bMK5w0PmGcCYD/npfDUTtoDOgb0mBbJH9vZ9bT0+B6mAwyIjP7zeu4VDTmj Aw4dYimJXbknHQ44l/CZAlILm/cfU8/s61fi2S4cExXqeWjLPyvyWHGMjOP66uhOyViuXcR9n+ljQC pq6fTS7qkc0Ng9hXD3xrqowwpQFnTgS2c1mzTBoV1htNVzU7EoI4FgJ04Sz146+B1jp3zyvviPFjCD yRwn0AP+28WccpNJyTCc8Tba2UIpUECViSga38G8EasrnRdu1iWGaYXo3AVHx+/tFWj2F03PhfCojw sasg+KKqCS3IvRQFxb63V156TJKIm0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: jnfaadxymnrw8hh8bsqc3zmskwnj6ttd X-Rspamd-Queue-Id: 1D3C81A001E X-Rspamd-Server: rspam11 X-HE-Tag: 1727823807-976470 X-HE-Meta: U2FsdGVkX19fQtWEc97y/OJmSvR0ij0LaqjskuhUHg3DN/Lo1sNRMMCON0IAQmo6TZ4rTAsFvST5bVHF9cPBWlJPPwQGWUJjF2Dnr2pfOwpo1vRGoU/IPInaoLimoD/5TturHxSpQA65HDrRHvKm560YeauBrh7kWJa3a8j2c1WrQJZowJEnSl9NW1cpub2KnM5MrFICEJGb5aIhDMx8xcH2qT+vIKy8wDve+E6H1z1HNV9UGFJZsKUaji9Fi3gpSPiHkB0OqFeYrN8f6bGZwccozBgl90NWv2UnhXB6rJj2oUC9WuVxRLm3ZFfURJGHGHh6a2+vdqduoaUu90rDrFmUikx3tXLEAH8nINYLkY8WG4cnirWpISvWA4GQOxLSakxH5rNlZBob+E+zVCmdsKaJq5b/XJJ5Hjs3uY3akwj1qU5NJgd6DGsa6iwZ81EKTDYjN0+j0kfeujZEQk7k0T6M8pAio2W2ihEknCRo9SaVFzcO2CPkiwkO1ImJt2S9oiHrh/yP+Hyl85HJcBQyT8H3CMvhmyRFq17zsSuZqDHfg20nfZOxeqi8SYEpMFZ51ghulryRIAgZxBSMEVC4JsNYJ8z/gIQrqY2YoolS0tcTmQYrG+JCHILJsqS7T8KfFUR2BDEf6Npzpw2cH6WtCesXfbN5pjDPAOE9JBbL6UxXrxnfNpt0bSJOjPvhn3WihigQ1M2O3CDtWdMy2qTVouk9obkO8/asS7gj9oQuBOkpm1kM4G8ySl5+Ed12SjKLMy2EJo8x/XQjYik+LoPvUueMNyUBLKQmDadi3qQxj34d+jrxfZ3cvlc+AWoGVKlJkyBZVOZbgAhBDtEVszguakZYS5xsiURuWdQjggHCWI8mwUJdBgF4mkihd63D34S7By8qkoPtQajLF8eW9lva9aiSAHHAjCA3LltcH+Tmnq6xRC4MxuhYAsHtdAbQgLFoY0ZZgbi8JCNYv8l2mD2 JBAdeMRJ mdjduozHUBGepHtvjNswg5xvaYVjYo22X3C8ek1sFf2xkdMphq9Dr+wLwNl1+hZDZMlpe0vzZeG/aUllnmkQ0rsM5jbXJzP02Lr2zyb/sTD6cFF9GVktcagkjjvAJkXXiMuMiu6pMO5BaWWkFCoRT3TE9MCGqSCPOSvnocxKEFZ75p5c24wjyxmjm4qQjDM3+sxHA5e+17eElR91/dLKZcTlHt7tjcuivk8eRRFH7eIykgiuvLEzKmzqh5l2pIocEYtV3BHCN78k2fSK66bHAjxecJHTs9aOZZ9KmvctWBNv6l+5eDpKPVmDF/ip9BoUHF8whZ7RlRtSvBEmBja5i6zGYVl/GhJlrHy56bTM9maWx0TZ1mroAxOQbZJ1PBXrxorAC6UiLGaInlEbFikWr9Y9qN8QHjFAg+An18gH1jf8gFi/GWsZQ+qq1xA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index da6d2c1c0b03..d1b1a33f9a8b 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 UL(0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 UL(0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS UL(0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR UL(0x2F) #define ESR_ELx_EC_BREAKPT_LOW UL(0x30) #define ESR_ELx_EC_BREAKPT_CUR UL(0x31) @@ -386,6 +387,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index f296662590c7..674518464718 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 3fcd9d080bf2..fe74813009bd 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -463,6 +463,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -505,6 +514,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -684,6 +696,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -766,6 +786,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 563cbce11126..fdbcf047108c 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -506,6 +506,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -852,6 +862,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Tue Oct 1 22:58:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818920 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABB35CF318A for ; Tue, 1 Oct 2024 23:03:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3A1B944015F; Tue, 1 Oct 2024 19:03:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 351C968002B; Tue, 1 Oct 2024 19:03:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1A57544015F; Tue, 1 Oct 2024 19:03:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id EC2B268002B for ; Tue, 1 Oct 2024 19:03:41 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A940D1A1319 for ; Tue, 1 Oct 2024 23:03:41 +0000 (UTC) X-FDA: 82626562242.13.EEE5926 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf21.hostedemail.com (Postfix) with ESMTP id E31A81C0011 for ; Tue, 1 Oct 2024 23:03:39 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=h5QOvsyH; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823692; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Or9D4svYoGrxBoA4BHrqTjTxUH2w3U+9VPV+mFsrKvw=; b=pfETi1YWIxdZGXPwbTg2VMFjUJPTMy/vRyaYR2amfQJJK+7LLV10jl/5IM8B1DXsxVsTum olC5KXu76Peeah1p7CVFcAm6AFBShijK8NZ/GH1VOv8QvZ0WhuO8hSK16GFVosWcI4yxXT x4ELZWFgWe9VNTkQemCi6Bo6cSHPVl4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823692; a=rsa-sha256; cv=none; b=V1dMAufXxpmPso1Z26C4SPq/CamN8vyzRxj68gh6LudI39eYlR5C9Pby1caTBWTNpCha8h IZUv0YR/Zak+to6JAmxTwQj3GaWJB+O/GaJYwTHkirCk4F0sVFeMkN8xYAkLoTVgxlBncH 7v7Jr6tMjdCnb133esAaz0vmWB5uXN4= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=h5QOvsyH; spf=pass (imf21.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 220F55C1060; Tue, 1 Oct 2024 23:03:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B91A5C4CEC6; Tue, 1 Oct 2024 23:03:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823818; bh=JwTS5J5Kz+XCxYDRc3FG3N1klYZC99PAyz93oxxWHns=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=h5QOvsyHwmwYJXTikpeXsVEp2A3UPoVjGZRUucHDnIEP8s20RwqCtfvtaEgYASJ3A 4VvT7Z9FkWpjGLRRUyAM0E57+nFfV/1smmkjKGkRZKQARGtcXv4Kr/B1Fg5EqqXPTT w7iMpC+tcgCrK+qsiDR7XnELMA4PkJgDckI9vpw8SVgbifNvpYEuLSdt70HOnbcLrh bILOGqSFtZOKo1haHLpTrtPKpk0NC0HS0Pd2sgi3K8cPhb+7HZxIGLJOcB3QJHfl0A Gos56B/AegT6wsD2YwKq8Ie1aAdRX49w3baVX3709fSna41T6qIRdgrbFb2IW97c4V 0q6PzQ7x+JAPg== From: Mark Brown Date: Tue, 01 Oct 2024 23:58:59 +0100 Subject: [PATCH v13 20/40] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-20-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3733; i=broonie@kernel.org; h=from:subject:message-id; bh=JwTS5J5Kz+XCxYDRc3FG3N1klYZC99PAyz93oxxWHns=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7TVZ3jDKeIyJFS2xkZycVzFdIgkZ/2MVMSxegg PracWFmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+0wAKCRAk1otyXVSH0PPFB/ 9jOVBZ0sZYLFYt8CYSgFwth5bQAMffCYR65UIbAKTDAZV8czeEm1xDTBVqLzh2y8cJ8L9rksWGRzsa KoNNdusUYbP0WwOzwiB8f26x4k5gKBP8dzKhvHobyjoVwM9dwHJ1P+31Rnk9S2VC0HlJ12ukGOll7A CZczYl0vb1teCaug4ldvi8DJRkAAMotUN8oeVWz1J0E9GwHb+eMDvTL9igdY9wrw4EyL8kkGp2K8aF B+pBMS0HXzUFSpXDbnSX5eVKfGA1myQSsEM0KQsGSA4aaHTZ8Guexvn78tQkU7ofyEMejYY/2DYTmb IZnC/hzjnKbZohafBaYTyRcPVaFiYq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: E31A81C0011 X-Stat-Signature: u7jdaebg9po75fpxzrdngxembeyngfch X-HE-Tag: 1727823819-386737 X-HE-Meta: U2FsdGVkX1/HI/S5Lp6fF8oqmTQfRW+92MrMYTyJr6odYZt9FiG5sZWncCDSOgop45ARTYO5AJJS/VMxVMn8r6fmYxF8Ccye4Y14ElgtQgn49c4HDhJmvNmH3f5ILPxFj5c2jRM5yr7a48pITOpo+5I6hTDmXntmRHG/Zzs90mQ1AH2zaxadn5JZgkqjnyNX3Nzz9iuLHTTkYpDyytZUc9sYx/gvlO7PBHSaQdKC7EMJAaxgldEnXm3Hr2Ua/U1ylN/fd+kYtCKHYwspBTPd5qeJ3WvtYWC9Upwo7Vexzmo5Tl6agvrtqautSCkeGrItvuGBODfUw8FcHOuzyoSIAurNEmosSVZOcqVWjWtq2Wk665MMpqlTZvg77BD3MUBQcDpKdNbtau+eHOtpEexk1dj+KHvP12VD6ChhSAWsevjO0v9mSRz3nm4ZOzbUbcK38Jr+7mRGUk1/0XVF26azoJl8YOEiHYDx0bAVE9JREwV+4qmhU8DSelh2KIv8yE9T4uWUWQo0FpOPlH7/K2W7+e1dUBdRLd+yw6kxuc6bGGh2ce6Pi/m67tXJnt5CooW7QY04Q8j5lrD2ZZgksl3phF8IsJoR1G7UducjhuWdANUUxWn8BFHHFNgbNx8g3GSdu6+FaPhFi1ag2SYFkFrQzRpOgtTUTe9zOm1zsHcT0i05/LyOIGXLa5430ICmHCiJMBGp6YEe46u5wlXtg8W1bxcmmYg3SiZMjK21guun3O0SJmnnMs2TqR7wJFQV7Hnt4ygIhQZLZ5VJeGM8cxKVuG1yJIAf7kzV6PMfwTP/GDtd+OKLkjBcnwkZ0XWvv/5OtMzRSOGzPqBQ/xRejDF+bu/LiQy3B84LQRiMSHC5RKjOH8dk+9KB2vKPHjrwIGGt3ZwChd8l18dRLc8HEoa/MwQMV+dExXFNwZAaR+MrX7WSPKxQaK7xntqC9M+XnRZ5v4cGm93Xe/0AHX2uM05 MyR/YZ8b iS/MpaMi7Dl2SB8xClC+EqAtdWDnVuLBGTgUVlMr3yB2DlVASrjWLRILeRrXL0wXhFjc3MKBTdHq1K0YMioUp/cV06uIZ43FoDw28ePKwcIyGQWdlD5kuVrZFBQ/zAAsLkMJ2kM9brN7mBogUyiRUACoaq+//Sk64pWbr8nDTG59UwvRHsJv5e6KTaxR34Ny9nHUx/XkwpXmtOjOKWl48dM6x5qYm+LbYMHGwTVkJuXUnaF74bf1VkzKCdawRTVFtPTUu2jHn4RFCAZ1seWqg8glY8wtIdDSQz5Afub0pztnOalSZrxGuWmnRteesEFWyMLyk0klWe19WhjjKptJ5DpnkteSPGurLyBxwmNEs0Xs0uHuUF7gV3U2N23wxbvYvAr8D2i4yzzpfdE+XbTeYB4jcEgjZAaACSyW392qDsXf0Vy2n7Kzcr4v8rQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 8b281cf308b3..c2f89a678ac0 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -504,6 +504,14 @@ static bool fault_from_pkey(unsigned long esr, struct vm_area_struct *vma, false); } +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + static bool is_el0_instruction_abort(unsigned long esr) { return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; @@ -518,6 +526,23 @@ static bool is_write_abort(unsigned long esr) return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); } +static bool is_invalid_gcs_access(struct vm_area_struct *vma, u64 esr) +{ + if (!system_supports_gcs()) + return false; + + if (unlikely(is_gcs_fault(esr))) { + /* GCS accesses must be performed on a GCS page */ + if (!(vma->vm_flags & VM_SHADOW_STACK)) + return true; + } else if (unlikely(vma->vm_flags & VM_SHADOW_STACK)) { + /* Only GCS operations can write to a GCS page */ + return esr_is_data_abort(esr) && is_write_abort(esr); + } + + return false; +} + static int __kprobes do_page_fault(unsigned long far, unsigned long esr, struct pt_regs *regs) { @@ -554,6 +579,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* It was exec fault */ vm_flags = VM_EXEC; mm_flags |= FAULT_FLAG_INSTRUCTION; + } else if (is_gcs_fault(esr)) { + /* + * The GCS permission on a page implies both read and + * write so always handle any GCS fault as a write fault, + * we need to trigger CoW even for GCS reads. + */ + vm_flags = VM_WRITE; + mm_flags |= FAULT_FLAG_WRITE; } else if (is_write_abort(esr)) { /* It was write fault */ vm_flags = VM_WRITE; @@ -587,6 +620,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + if (is_invalid_gcs_access(vma, esr)) { + vma_end_read(vma); + fault = 0; + si_code = SEGV_ACCERR; + goto bad_area; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); fault = 0; From patchwork Tue Oct 1 22:59:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818921 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E0BDCF3189 for ; Tue, 1 Oct 2024 23:03:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0BC61440160; Tue, 1 Oct 2024 19:03:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 06C0868002B; Tue, 1 Oct 2024 19:03:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E27D2440160; Tue, 1 Oct 2024 19:03:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id C290D68002B for ; Tue, 1 Oct 2024 19:03:54 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 864B78153F for ; Tue, 1 Oct 2024 23:03:54 +0000 (UTC) X-FDA: 82626562788.15.FAC3439 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id A2C5BA0006 for ; Tue, 1 Oct 2024 23:03:52 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HUx8wIEC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823738; a=rsa-sha256; cv=none; b=H5ZmV+uJ0CY18X4aiDsPI5I7mIsV5CJuth7h8eNpyAXxDckvQeBJfHITv8EF4AILGyjvUp WdsksKtUPuJsL4xYrSO+U4vb5EUwYYDQ/6PzDVjaL/TFnMlrty1g8eQ2a8CMvFf3PqYRHo YE215uecf3vODYKvRE7AOuSb0AJPfBY= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HUx8wIEC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823738; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=rkhNPrB550gX7mvmN+oI1OSILfZOjyJO3ye3nAYBDYg=; b=D603GfZjt0S89RhSXuFfb9/At76iBRtYeuBSJeJCmFgbIP488Xjj7co2pcN47YS2Wo5I4+ MrmyNiM75F7idui77l1yR3LRcDJk0byfyARkqumyPjIjQzMMfiOdVa9ftRmQbHL6G/AJkI OH3LPt+DQGU9t8GZ/uocqEA0628vfjs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BBA375C05A0; Tue, 1 Oct 2024 23:03:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9525BC4CEC6; Tue, 1 Oct 2024 23:03:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823831; bh=B+jxXTUkTSef0cvYwALMxetqKDkj+z2yhbykonxuIvw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HUx8wIECR9lToVgEuuRmL1LTcof2SadUqhIeeq87HK6Vh5V0HYCpD8XsImAgHM0+i t9MgwEkfFPeiUZrwIsl1rbxozChdiha+NTSyAa1S7yVv7u6cfe+F5QUsqLXI7DHTOH px22G4UkMeFRmJidB5PidQ7keLIJUIo/fue980rAKoStkksx0adimrxQVGaZpjzIOk qm0jRfMf3bI1fSa9ha3mn9r6pDP84uJzOaF2uEuMJ0I72tNBqhhgMzrm6m/EqHGi+B kUtOj7EaSX2hkutQLSZ3Ozf5B0Y83qSLL/ev1DtwcbqyiH4Dfsjk+WQQXjCKMF1iPO k2Z0V5P25+TqA== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:00 +0100 Subject: [PATCH v13 21/40] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-21-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=7335; i=broonie@kernel.org; h=from:subject:message-id; bh=B+jxXTUkTSef0cvYwALMxetqKDkj+z2yhbykonxuIvw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7UABcgRepLC8/BSr/31M9cejBZhSyBGfKixQ4S CY8NnOqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+1AAKCRAk1otyXVSH0C3MB/ 9LkMlFMmSzQNqWzPn4u2mp4miFf2NFWEYmSg15LjV8XbEQl6b8hH0BEHWBfNCxBQOtDj/yW/9fkL4/ 1GS6g9GYcoXPS8j4UBZVxHhFOS5d1nATMSVL4vmF2wVD7HeHxcLbLnU+jnfoyM58HBHLRhiwcyyXrO CKZTtB1PWAIwtA8YMiTSPURfF/u+ngYFysvvoizBewFLIIg08trjdUoSjHZ2yefmXcif6Z4UMao5fh Jt+OQEWq6p/cgvHM4d/H2L95mmxDgM/w61k+s/R/bP91pdTY2mFnsYL/21j/lZPLw7LykOnCK5mHn6 numrEQSMpJt8eRfpLOQwyzWjsIyudp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: A2C5BA0006 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: f46qc1bbknyhytbdgi1jnwpftfdrir5q X-HE-Tag: 1727823832-417885 X-HE-Meta: U2FsdGVkX1/5bYsAddvDGJ6mEsjSKk/8R7LbC5DYpynJ1b5aqfMkOgA5HU7dzmZ0dtLAP8p5Yylm/JZbx4Q+n2z7bRJZ7Q0CqYeDGjOvjoPJrE5UEHMsWcz3UWJUS5SCNmeZJW31w5p8W7s/nfYDiBfuYg1Eu7szBFZL3+NPHwNJk+nNXpOS0vyVFkncTFZzYMBYiIOKUZhOL3lVRGrpjngBC1fnMlYEEoBpnIS+Nn2nFF3aLI9pX6f8CuATb2fB+d0QtQcEze6YcPLXu9zFQBk8/46GOalliGva2O5mQSP73AZT7Ww3KIksVm2KGrhpEFWtXubozD50qug/pOCriZDSHVXzUZUxqmTpdZXL/l64yiEHlxQ25BpMRXXEisN2vlJ9p+wbP7jUX46p8g518jrXyRnd2+R7EXUbCEcNCM9GtiCcMSmB4YG5dYHy+lCs9s1CiQovH3RlYsIZ521gOp7VpdUs1aVstezDaAwF+1fLFuWhHjRNvGNL784tJx5lvaf6X3ZCYmHBASN5QrC20lVC0QHeWacvPRrg7A00ytoRuAFf4wix0uGoTyysmsFB+qzkqaHTMDjERksM0bSMECYs83Pq8avKy8UpPBqm/E+j0RLsDjawnHQ8FUN2zbjWmlMxKVDSIanWv2tHGDkUadDBi8Vqx3HviVqo6xYpRYiSX7i4BLKBMmxmkBoNcVMSW0wLZ1G+bdgmieTrwBBAo+dqonQ8M5rXEdM8aCnFVj3LaXM7qGoC85E42jHzsNnPs6w4v6n4ui9/wRQNxE1IxUMSgrlMIP8UeGhxTAZppOwTN7zUZJyivfCsqSd2mJZCjVzqOIyABfDk42X7/2gz7uS1ynHSd0Ah4wzAl1rwxsJBwc8NuU09iINimHhlD5S+qNFbE/YNRX5tLOvXt1idSCzmV/WBmv7LEyW5FZAiZSRoVUfuGEyyQcBtd0kcwgjPSAnBpfZ7hhLtRk0Ynbr oo0C3gPL 65MTkxVXOThlelYSSlhsL++wmkJOUXYz110knmWy9PnQFkNQtGAI+Je2D84mI+/kuXq6HSTwnNAqJSOZe04fHdAy66QLQhJsOVpFxuSpi1Svfr81JYSMGt0Ji5oDPiTVfrDsvHDU5WwNMOyFMcyzk+wRrPsqrt4nGpTRUgi+Hpb8s2gIUlGz8IqnyFb1a0NgGlXG3pOzqnxaJ/oIsryfxFvlr9g4KK3nI1+m+oPvJGiXwQOHtW6QycJvHHJMNLqsq3xBcqPd+YjUNNPiPdL/pXli2GuwuVU7iXF2sFSRq4MJGCBZYIzzQGjK3c+uI2CYwSTKOEnkwtnQItMnwnz+DGmxg4/icboLdQ/b/jKx0EUBslZp4Fk8J+TEE06DMGVQhoNR+xizRtZZvEQTvGZzX51sIocbUspnOiR8hlM3QR1aXhMTXHc3JsYFU+A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Reviewed-by: Catalin Marinas Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 +++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 62 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 42 ++++++++++++++++++++++++++ 5 files changed, 135 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 1438424f0064..5260788247d8 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -185,6 +185,12 @@ struct thread_struct { u64 svcr; u64 tpidr2_el0; u64 por_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 0540653fbf38..aedcf332f422 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -280,6 +281,25 @@ static void flush_poe(void) write_sysreg_s(POR_EL0_INIT, SYS_POR_EL0); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(GCSCRE0_EL1_nTR, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); @@ -287,6 +307,7 @@ void flush_thread(void) flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); flush_poe(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -484,6 +505,46 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + /* GCSPR_EL0 is always readable */ + gcs_preserve_current_state(); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + if (current->thread.gcs_el0_mode != next->thread.gcs_el0_mode) + gcs_set_el0_mode(next); + + /* + * Ensure that GCS memory effects of the 'prev' thread are + * ordered before other memory accesses with release semantics + * (or preceded by a DMB) on the current PE. In addition, any + * memory accesses with acquire semantics (or succeeded by a + * DMB) are ordered before GCS memory effects of the 'next' + * thread. This will ensure that the GCS memory effects are + * visible to other PEs in case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * Handle sysreg updates for ARM erratum 1418040 which affects the 32bit view of * CNTVCT, various other errata which require trapping all CNTVCT{,_EL0} @@ -580,6 +641,7 @@ struct task_struct *__switch_to(struct task_struct *prev, cntkctl_thread_switch(prev, next); ptrauth_thread_switch_user(next); permission_overlay_switch(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index 2fc8c6dd0407..fc92170a8f37 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -11,6 +11,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..f8f4f984a247 --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (!system_supports_gcs()) + return; + + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Tue Oct 1 22:59:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818922 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31BF6CF318A for ; Tue, 1 Oct 2024 23:04:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B6AA5440161; Tue, 1 Oct 2024 19:04:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AF47368002B; Tue, 1 Oct 2024 19:04:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 96E3F440161; Tue, 1 Oct 2024 19:04:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 7649D68002B for ; Tue, 1 Oct 2024 19:04:06 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 43B4CA0DFF for ; Tue, 1 Oct 2024 23:04:06 +0000 (UTC) X-FDA: 82626563292.20.BB57B62 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id 7526CC0011 for ; Tue, 1 Oct 2024 23:04:04 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=s0KZ+4Dm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DSikLik/+a9IhlW2veiqjeaWxkjCeW45LgExnC0lSw8=; b=A8rwLF1h9sHbqDr+WHfkGAs6vl8ZeO5jaj+HhoPs4koyml7p4Q9Y/kC9WPJwLYVjY5cpjR e5s64a7uehZRtgJQ3iP3ZT3HeyX9oC8eWOBe8M2Y3ujzPEp7Tb8zeay7R4RBjLAjGVR3yj /nzeOqBHSI+9l3VhouvyOpb/8Lk93ko= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823703; a=rsa-sha256; cv=none; b=hqItDZNv4uR4lK+YMuyuuGdZL8JduRZ3iRCxD6bYmkrjM8a3YNjG8nPH2Wtb3iyEwPO4pY 577ljln1Owi7PKjMlhu+B/aA7KBQPSTlOufUv3ylPR97zSC7V7f3wfNYmJEnC8Ai2iEk8O BAFAXWgN9oqUCGxCrnDKNhJer3G1kuY= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=s0KZ+4Dm; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id A8A445C4C62; Tue, 1 Oct 2024 23:03:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30237C4CEC6; Tue, 1 Oct 2024 23:03:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823843; bh=Us0URBRhSa1wij7R5AMlAWepe3NAZ1hCwtEWfYpyTZE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=s0KZ+4DmO57LtfWSEGq6YAnDihkmJYoPIG37qRni6HuPyMr3zWQ6hRuGS9/aTk65Q 1ssmYu48gex0m25/V7FJkX7yht1tdIZ9pLXNuqu09xMODWyC2cfR1yl81ePxYlLEVt s+NCCZbo5pHSrFUKyXzU0w0HFRdvw94utNVwKST1QyV8CrdIPXjXPpFWm/EwxGscL5 QMTIdumdfZ10g9iUwI/rrX3YhyVNs50mpmVRCR/98UlDvcCWH0lDyGt7Y8exwNFUIu /6UrglK/eqmhjCvlw7OcX986EexRyIR+sybhoMV7Dp/eg5+gIDhMInI70t3MmkPxhP nSOgci1rnSpZg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:01 +0100 Subject: [PATCH v13 22/40] arm64/gcs: Ensure that new threads have a GCS MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-22-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=7454; i=broonie@kernel.org; h=from:subject:message-id; bh=Us0URBRhSa1wij7R5AMlAWepe3NAZ1hCwtEWfYpyTZE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Vlw2a91awf5dQ51yn2oKKo++ah0gmIhormFHO IFzKoGuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+1QAKCRAk1otyXVSH0GXiB/ 4sukR3e9ueVGNs3Q1p22exSd9lbXbDllUPyFJRC1zfyQjKx2EzGvmcpMdDVmk5/goay67QMxQjKDJd WntsAEwdsM3HHSD8pAZHPYIaWcfhsMw8mU1tFplNjSWdG+PH5bOQ8dOtN8qxNrMsz+YdzlcudTCoKR UgDf5yrtZkS9eH06xyw8KTSHt6uWM6MUGZ83TexJbc/KJGL4TbD03CYvzG0PE7oAvngEQ4kavKV1QH QSdtefxEFMfWOajyTpqhateKmpXWdS8jlaoqcW3pxVRbiUKRU0e5aMcS2rO+8KTK+gXtnpUR0m+OA4 VFyI+/KUpM2Sy1v7HCZ6SdXOYftgXV X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 7526CC0011 X-Stat-Signature: 74srxxj8ikkqbmwthqc5kghc6c1wh17w X-Rspam-User: X-HE-Tag: 1727823844-627474 X-HE-Meta: U2FsdGVkX1/sehUSikKdAVeatL+9QBvtUnX8CkWOO6Y8IJAOCv4NBmcfIzudwaFQqFkGUrB0NFo27zJwRqJNs1c1lAbU1nsS0yQIqaNtbceZDLbBbAckQ/yqcBGpWLP9ori4RpIBWGw5nAz+i/+LyADj0F5NW0Ims+AV8t7p9U5EJGx9Lwr24jsNlfLXSMIjp8Ds3tw7/kujI692bi235FHoGzp6T6EO8gG0MvtKl2AW0eSgHuI9O8PVtUIVUADj/YvBa/pvUUZh2130Iy9kKZrI7yvRWbn1pbsg67PntdiHfaGyznkpQVaa8f2Lf7OoC6Fqs3i6BOYSfsOO1JzwWB7Ny/JL1NcArsBNLa4T4Rkv04379z4RdUPJIy7Qpc6S8D6VyK6gk/+d/9gkwX3ZUF0LYVPgBJmYLVhZ9COm+T5pomt39haE+IqbaM50054+adlhKgpQsZBD1OJyQttx74Cgfj/rZw5vkuSdLD0/Lt9yF6UhUfLMpbrrLX+zLQhzlSbxZLWzbDq336tDO02lkf1dtlmzTSP0qeRNyjc46EhF9gjXs80TCtJgcqXqaLQxnNXUIvuTMa64HBkLM5kjusjWKGsmyFB6QcnE+CKZe0wvyaPSh6w/y2YfqoeQ3SEi1B+B7Lq5RfgKTo9Lh3YUjszN0IuOy8A07BcUH8ytrPlK1UirbUHwv99kyDjF5swuT9Li2Nk3gQhtUohRimPz4HXKzrBwXr82EDy+P6SKwKDvSpzbPZG4wY5gg/UtV+0QruZ89Qh9+n2PSfxo4ERP/Rqs/cwQ/jbzQP42A2UihNWMSrDfOHhPxjg+z4ilvsrN9XNs1B9wyQVeW3fBvpDS6JUHJtjwsujWo/vFqCK9+FWAS9IVzfadEMr2bNDYXtYg53RPL4l3SIItIMH7B52Vw83OgW8wRq2fOuyU/ErJS4WT4O3lJDKotPcIvZXw6IJKcxjXf4vezEVov5riL4J qwnSYwS3 xECN7ckHIbjBj91ks3xhvxGyD9fuKJiJke4Hfhzg1pp0c+LeW6EJAAwyTqiimmk/oLISDFW5orkoQTyFHk+WxgDeWKOZqNgyjvAq0M/Ey0vqo1NA84NnGFhSWi18QPfY1Plgjtv1Qu9fhPswQgYv8YpRYzgaKDqtwGuz2cAOiH9OVhISxMiUBdsBwusrx5n4TSD67aXCqQHPiqqxeuvINpphw652jX0bLxgkyQcDYvgRaP0TSP/mGbrdxnnNeOkWYHzXmy7FGc6QwHKG8KBP2o1u4HOEm9R8wRtckZMy7AkjgfITedYW9+Ckd504VAaOMPFOMhzNiNijr574rwfcwRFxI+kHPntTF0WfVJBrFmY9Uw0oOBPGnjOtKRM9RH/ZmbfGRw0XxxtX119pzDC+Zs30I/45NWorE4qHgakNL/YE+wfBDo2Pdt8zmqg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack. Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK/2, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. GCSs allocated via this mechanism will be freed when the thread exits. Reviewed-by: Thiago Jung Bauermann Acked-by: Yury Khrustalev Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 9 +++++ arch/arm64/include/asm/mmu_context.h | 9 +++++ arch/arm64/kernel/process.c | 32 +++++++++++++++++ arch/arm64/mm/gcs.c | 69 ++++++++++++++++++++++++++++++++++++ 4 files changed, 119 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..c1f274fdb9c0 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct kernel_clone_args; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); @@ -58,6 +60,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); #else @@ -69,6 +73,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 7c09d47e09cb..48b3d9553b67 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -311,6 +312,14 @@ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, return por_el0_allows_pkey(vma_pkey(vma), write, execute); } +#define deactivate_mm deactivate_mm +static inline void deactivate_mm(struct task_struct *tsk, + struct mm_struct *mm) +{ + gcs_free(tsk); +} + + #include #endif /* !__ASSEMBLY__ */ diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index aedcf332f422..fdd095480c3f 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -294,9 +294,35 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + unsigned long gcs; + + if (!system_supports_gcs()) + return 0; + + p->thread.gcs_base = 0; + p->thread.gcs_size = 0; + + gcs = gcs_alloc_thread_stack(p, args); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + p->thread.gcs_el0_mode = current->thread.gcs_el0_mode; + p->thread.gcs_el0_locked = current->thread.gcs_el0_locked; + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + return 0; +} #endif @@ -313,6 +339,7 @@ void flush_thread(void) void arch_release_task_struct(struct task_struct *tsk) { fpsimd_release_task(tsk); + gcs_free(tsk); } int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src) @@ -376,6 +403,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -420,6 +448,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, args); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index f8f4f984a247..3c7a18f57ea9 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -5,9 +5,69 @@ #include #include +#include #include +#include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags, + VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + unsigned long addr, size; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((args->flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) { + tsk->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + return 0; + } + + size = args->stack_size / 2; + + size = gcs_size(size); + addr = alloc_gcs(0, size); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. @@ -33,6 +93,15 @@ void gcs_free(struct task_struct *task) if (!system_supports_gcs()) return; + /* + * When fork() with CLONE_VM fails, the child (tsk) already + * has a GCS allocated, and exit_thread() calls this function + * to free it. In this case the parent (current) and the + * child share the same mm struct. + */ + if (!task->mm || task->mm != current->mm) + return; + if (task->thread.gcs_base) vm_munmap(task->thread.gcs_base, task->thread.gcs_size); From patchwork Tue Oct 1 22:59:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818923 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61100CF318A for ; Tue, 1 Oct 2024 23:04:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E2AED680031; Tue, 1 Oct 2024 19:04:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DDA2E68002B; Tue, 1 Oct 2024 19:04:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C3922440165; Tue, 1 Oct 2024 19:04:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A44B568002B for ; Tue, 1 Oct 2024 19:04:18 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 6BD3CAC60D for ; Tue, 1 Oct 2024 23:04:18 +0000 (UTC) X-FDA: 82626563796.18.457E7E5 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf29.hostedemail.com (Postfix) with ESMTP id 99C4D12002A for ; Tue, 1 Oct 2024 23:04:16 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=o2MdUGnL; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823729; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EYQQHaAhHlmmuL7abMTnQcsFs3xj8EAOjnZ/krQIbAc=; b=HN9iXaaawEj+MO6N5mWT/XeXZr8+/o94YKZBilQkoPPEjYx0WY9n4gBYQKQEw1PJsd08Kp SwZ8g1uiA25J1fYgPbgEKcXWIhcqK0TLekJQ+BZT/L6pu7p7450hyJTp3u6k9CrhRw6HbY KqTe3QCWv1ePXf2SYxNM5O5Fmrvs4U8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823729; a=rsa-sha256; cv=none; b=mDU8St9nbIvd3plmMM9smSbWPoxzutq33kq7fA/zy+0LlbkatfLsPcn4CXmyWGIH0z7fg4 lqtNHe/r1dIRqb0DhBTzVDX2qxmlBaaQUvdDcJReG7oNuLkN7pMYdWaZYmE0lQGhJIOdny jTeqPMybFSdUfPi1g0pr/YKPfLR++r0= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=o2MdUGnL; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B33945C554A; Tue, 1 Oct 2024 23:04:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2726EC4CECF; Tue, 1 Oct 2024 23:04:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823855; bh=K+4cP/LC+6mSpPudlQELRYVPS4rd6r8ORRNSqB8UjUA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=o2MdUGnL5Lkyqt2enbopAP49L/70lDvxYky74Nl0WWhMGq9vjYnXGZIcyw0hh/sZd RxJu6+suVH8ko3sabz6JhGs0pEeA+aanTJ8lYnZvj2kSCXNLgey1QekFyDd276iJ9N KPQIz/bYmk19enHpAY1tcPo/BNtbSeaW2RVKcLK2KvaEjx0r3B9bHxCXfqpVBAop0n 3/U5+yMuBzw/iEKSZk5sSmktiIroD5o9TCK+8O8hXKz/pPOf0XEUv7nGKFsucd1JYs SF8tQW3CNAkNhFYttWnZlwSHvHyu2iq9ZHwHooJWUb6T7Mo1nKPJYOLV2oOFEiIfkA i5VnsWbuenqWg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:02 +0100 Subject: [PATCH v13 23/40] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-23-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=5761; i=broonie@kernel.org; h=from:subject:message-id; bh=K+4cP/LC+6mSpPudlQELRYVPS4rd6r8ORRNSqB8UjUA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7WUpExgul0bhrpNsGlDL0f/qGPfOCRWKfz+rzP vEj/sFyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+1gAKCRAk1otyXVSH0KTRB/ 4vn5W6BK7wfWSlXlLbrZGTH6b8/hgaY2L9aJcWxYBTA/w4eESQ7VqP8+UbxEuN70z2NCTelIwZTyn5 8VD3B4Fn6StA+TGyhfLrZd2dcRfDmMp6az4kLJJGBMXarDDSyCqBhEv/RHKvcR0oWVmn7eSDwttVF6 6/RL4IQo83mmYZ1G2WfDyNdp8KCzrudw4N/IYc+INPoExf1b0gBE/umZRq39kPmliwYPzBEpNFtHzj +ze0oCURedGsPe8G+vq6ZnMhN6NmHXxUv3E21n6OQr8Qnxecq5rEtBtNaxfpqIipuA7zTPZvCoGXGp C5X64Qv6fSSkY3iWNtk+LwalWQVtp0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 99C4D12002A X-Stat-Signature: tx7j8xngbqzfkpr7nk7oco3ndyhzpwus X-HE-Tag: 1727823856-960710 X-HE-Meta: U2FsdGVkX1/+XzZ6eR8iqegXpkubwzeh9SF4nhwx7bRwIlUKt0hXa1qFxgG3EDuIp//jMenOxxAcyAhagUF6JRHffRQrmeFlm6r++OJuPY1Q05pwxMpEhZkM2GEn6zbyj44HtdNMsRjMnsZ2p0M9DQB7W5mCYHFHENK5LA7N5W9yGmd7nWbX6Pd0/g/qM4amwkhwtkcZsaWzSOV9O+Ee6SKM80ntM64PJow6RuSYIzoLkgAJjozr4GK/Go4I6/2/HwNICoeqO8qpolnDn1eHdyQVGJ3XLR/EAxFEJaul1/mTYZXx895UeJUGEY0NkWFBDytMnrDUlPyvVAZ1zIugxcvnvQHjmkLAOLK0mpZIr91E135nc9XS2aDSkXSmYZzVCzR68xKi01nquYD5aIoYx77QKnNiP2gJ3fFQD6yA1G6hLMdvt/NusyGLQQ4tJ9AHj/MR4VFamZSD1Nd6b2BqfXLxZLC00ungLIViqN0iynQyBTy72tWXSpZnxta9YvaS2BTKQQ1jzq3z7na3yOIRhn6QFF/KyRKzgUIJXz1aN8fJcy08MeLfZBvrKUlZ2DxPe5sPoPkSqltCiwmqnEghFzXQLYwDXM4ffHPij112icpV/bQoADpXDl9jop/lcR+Hhcf++BIqzLimil1+69Z/t3AbVdnzBtcgZDMdvedld1FOtY0+0Ur676hKlpjahmmLLFWHfrPH5RTICBcRkcA+4unOqw//rbImW+cgNPoz+cV+xX3nWo675Bu6N6HNcUQoaW5fWke6Vit1UdinKxkL9S3kNbg96mwXT6pzhL876BKnRGbecma1sGV/GlrCIBXPaFSFV0BNXc9oX5sfySh47FpapGayfc+Z/9qkJvhxqDqlu50cVzfNveTlI7ziZbRkoF5Atv6f6LBkLkOApkrUV+/Xvi8fJC1Pu2h6YW5Tpe+kW90XmC66ie4l8riHUpWYTFz+os2VC2kD0Y/2hIN o1/z7a1Q 24rDgQu4xCSoYH0xCcith5l7bC2IhA4N3M0uftCFTGNXK06l4JkFvC2GMu0LeoN0ybUnla3MzVYDN2Adc+Fw8Lpg4i3qeIGZFTCtIcxON/5E9cx0l3dSfBzow1piQCPcEwAi14c7ryzGHNTXNntIpQZqeKZWgDtL2sbIjLVZuU/nn4r3CoHeMgdnujEPWUmIc6nFuv/R4btZnlK5ENLkYAKZ2PwUnD79zaRgPFFJB44h0DGdqGjkgMjEHMbasdAdWRUA1k5Q7qIEyMSkSLlcObLDh2sy6FxmcfLg9iPz6oxFZokSUWiM9z3fMKG46HngkR8hGJBNaBlmxp8eXd1udJ65fplQx5+5m3FRUV2a+cQD6oGTl2cnAzfxCZskD6Wg+DWex/rbeetVPwIwY2CT8vKfbmjuBU0aGpd6rWx5PUDKYZjkzcbaF7F1esg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Implement the architecture neutral prctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbitrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 +++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 79 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c1f274fdb9c0..48c97e63e56a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -50,6 +50,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -63,6 +66,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, const struct kernel_clone_args *args); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -78,6 +95,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index 5260788247d8..37fefdc3d3a3 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -187,6 +187,7 @@ struct thread_struct { u64 por_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 3c7a18f57ea9..61a80de6baf8 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -109,3 +109,82 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE && + !task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base || task->thread.gcspr_el0) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(0, size); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Tue Oct 1 22:59:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818924 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B88BCF3189 for ; Tue, 1 Oct 2024 23:04:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 184D7680032; Tue, 1 Oct 2024 19:04:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 130A368002B; Tue, 1 Oct 2024 19:04:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EEBC4680032; Tue, 1 Oct 2024 19:04:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D021768002B for ; Tue, 1 Oct 2024 19:04:29 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 86F8A120626 for ; Tue, 1 Oct 2024 23:04:29 +0000 (UTC) X-FDA: 82626564258.01.911CE76 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id BB19E40002 for ; Tue, 1 Oct 2024 23:04:27 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="R5eOO/Cw"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823727; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=s7U+AEnEZ/86QVHIFT7ifqq4f0SbQ3oMq9CvtsC2OSQ=; b=62pPdqa4FOnUCaosxEA8d9+J3KHkln3p0Qq8O7oSMDAzSv2x+Th4lJhV9QDNjYdQaHLAMR uoWCBjUJqMpGrflg79hI8DrRFXONdVsexxdRxyopiDN8JrmLW5BPkQ/M/8k8fNgM/nFSsl ri9dMtcE+mkWlJ0RFmOG4oR0pt2iCS0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823727; a=rsa-sha256; cv=none; b=AHCFBzsFDjZUc1esflaAifS+NKtxj8rSUduA4Q51Kux8N700j6ohUHkQeelaOgkJaB5KGQ +aB3vlMQZGyy4qvVxN46dhPuDrCvhehXf2GLFYeTcUw0ZeCr4SyixDFUWnEKaIewV1Kgff Wx4N4lV0HSGlXuvgKmEaMI9IuHyVzPc= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="R5eOO/Cw"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id EF91C5C0339; Tue, 1 Oct 2024 23:04:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2731BC4CEC6; Tue, 1 Oct 2024 23:04:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823866; bh=qUaWHBHdN5KhPSaC2shYeXLiosV3WxoA3aMO7oZsLVE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=R5eOO/CwUjlApWCgKSs8nP1G9FbTW6gonLZZKFpKZtiXZTuq5ksbI0wpEZjOTU8yG xKBo6Dd0I2/GI0kHJEkkXYarMC1cRGNbblyUwlD/NHUJB0gNe2M34+Pvj+i5NMs2oW AQUVAUxEn0i8MeiNshGyJtj0LUF/KvnAe3Q76pZS78zE69xC5Ne9aYD9h3mJjXX39m WvwPuQhQeS2KJ4LBzyZMXZmT9HjML+MzgorTHGfC0IFNwyg630Fv4fYif2qm7VlHqP ieU/iLIRdW7+XBOXwFy6sWKRc9mDVgT4WTb5lVgTRBUoaFCDboJBJV5vPgPvvQHQfu x3so/N3EBojRw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:03 +0100 Subject: [PATCH v13 24/40] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-24-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3164; i=broonie@kernel.org; h=from:subject:message-id; bh=qUaWHBHdN5KhPSaC2shYeXLiosV3WxoA3aMO7oZsLVE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7W5jFfBYx0dD/AiVB3co7PUfmUOb1RGg81DGmy uzTdjduJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+1gAKCRAk1otyXVSH0O7/B/ 42dRKw5u6PwVHw5uyGMv0ruX389ObAvdjm3Y36WIttnDUP0tWY+nfpebp14vMHoDi1oOFtcjrptu1r ZlVTVs7h1ekurkDzRQ2XJm89Mop9C4VeausdyagksJAtlGy43yqbrsMZysKPPEPLgeMJrgL+bs0yhY hHpo0pRPoFNGUK3Jzl9WSDCsKobZbzpSDpA+7AdL8f93D4UFUH7XCRkK0oY7mo/u2UCTFOK+8fNwkL CVDcP/EVT9hqzjaMyv4mIH4Ij7rJyU6y/ZXTMMHEPZUQZUOqHuYMaoePQShnA8T4Qw8zPwyZ4dkJZ0 KnR47/XLkVLmJuFGlBMHuGsjK6mlZf X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: BB19E40002 X-Stat-Signature: dcsnsxyfn538cf3rho1txahwpy4kkfpp X-Rspam-User: X-HE-Tag: 1727823867-466899 X-HE-Meta: U2FsdGVkX1++emWo10cqTBk8OZ+clXSJfiXfZtBp5btwW711odIoGwtfNH+cYSpKep/KLiLHvYmFxSGm12fAo/BST6SovtX8AYMT7Kwgd9V7ZcNYxTSUeYkRNwziMWmhdiRg31nNiISaBTh/yzN5Unatz+lFOBIR1W0I97oT9ys+b9GuAZjan7qsve0FnOPiKoMzuWBpa8LZlexwrw+YsZzrtQ30IS5UzxRZPiR2+MVdaGmrRT5KQLEtDp8pFi+dVS5zBvsSl1ZM6T3iGfl+3jg4LmYngosrfYFhyr177DjVNngXioVLzZvj1ey6spFQqykQ3PRXW0LxjhIHDsxa4uG8D7KDZfYkc8zzKJR4srROSWqJvNkXybOyGjkyHhyEZLUBBG/k5aZNzxPq77pVsPNd4TUVpXL6Fq4GIE7JMCQHrwhOrydeVFrWLIQM3JisCD5Zqj6kCaAW0KYGrmWPE3yS3kxkCyiw0nIhZpv7MOiwkVRKCBnZIeDQP4vgF14dEYlXFj1lL4ZllfmvP1ij0hK7+VYa4hF5feSAnab25MmbECY22CWSdMXsIeO1lRD1WxksLMq7r0i5qTR6JsCY25tVzdYscgHH99saZ3fOIGK0HATdITogzYRYK9CTw3mJBJ03ivztBZg3C5f9de+ouNqmU6HdYKOE6MWvNUMNviPVm1KekaovEYqXs+TBtkFcO6K8csVDzYeVZvrFw7ar2FuOKCx27AInk8xuoHPHWMVJIRWSH7EtfqB38mFyhYxc+jxRkhX+1ciuiSroD3G7p1+J28C9DDuoeP+QPTMQDonFLQhad4m3YiaDDbfgZGR34kC6Mv0UqirqSmDaR/YAlxKHenUmyokJPJnOmj9wAGqGcLkrJw1XlloV5Vz6gB6ptMaaKh0gdiy0bcOi+tel5vyM+U6SVA8h/SEjCLm0UkWFDhHrHKG5aMI1IY/XO2UVeh6jqjXYRNIZ5o+GnKJ B9oGdfvw lQHBOx0FBHbIHYajaWMsBO0WMYRfjZiy28GDSqAmJayIw/dYnSPgnSDBfLqXyRn+0TTNjK6o2MyAMMjAtqTvY3/O/mRjuXgmYPdhlweTawlz1KrGHVS4VbPNHZ1kDvKzh3ESYDIE3MnX5/7D/TUKwEXAWsQrsh72xO2a3IgvR81Iwbqv48HZJJ0riGMIpxsfnlx4Q7tgAEV2wCUUZPiMkKASg6R3YvlbzlXk7Hi2wSEpPRHYCsWNxmA3PAJbHigHFrqgmOAlKfokVujwfYqbnZAIM7CGc63XvDHVt0h5TYjAvVFlqKczR4PZD13opw/UlQrWOvTyaQRfhU/zEWnKwpmVW0Zo4uMsWDp6HwiEwTkAqMWwV7GoXhBu7C+Ota4qvIsY25XOdvrUZe1eKLjwdoqkxo8EyWIwTPJLuuD2hSlKiKPtZ78po0Z9koI9ZWAXco2wGTvs6etOEuwHus2iJ8b6FXXW0/HZ3To/K X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Acked-by: Yury Khrustalev Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 61a80de6baf8..5c46ec527b1c 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -68,6 +68,70 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret = 0; + int cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (!PAGE_ALIGNED(addr)) + return -EINVAL; + + if (size == 8 || !IS_ALIGNED(size, 8)) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + put_user_gcs(cap_val, cap_ptr, &ret); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* + * Ensure the new cap is ordered before standard + * memory accesses to the same location. + */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Tue Oct 1 22:59:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818925 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DDDDCF318A for ; Tue, 1 Oct 2024 23:04:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C0A64680033; Tue, 1 Oct 2024 19:04:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B910868002B; Tue, 1 Oct 2024 19:04:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9BBBF680033; Tue, 1 Oct 2024 19:04:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7962B68002B for ; Tue, 1 Oct 2024 19:04:41 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 266F0C0AF9 for ; Tue, 1 Oct 2024 23:04:41 +0000 (UTC) X-FDA: 82626564762.22.CBE4313 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 50D2D40010 for ; Tue, 1 Oct 2024 23:04:39 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TB0n3CPd; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823738; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yJtqeUkAWWAacG+qFJSzrl+bCDrrPsx2/xUTEvzw2Nk=; b=KwkOif8IelF3zog3Hxl/FCVR+Wp1D+qN4b4rS7Yzko54UTGGbmvV5q7jlp1tRWvvU5rIhQ eR7Dfgr1PB4FaBW/uYGWtLSJYBhXZs1vVlOyi6MsKaDtLJIj96EGshRT3MjEeAJbKYsVWH 7FewAcADRU+jpzr45aRjnprCdFRVwrI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823738; a=rsa-sha256; cv=none; b=he94iQN5Jf9PS8SzqYFNBwaYe0tWuDL0pPsbuYbv4GUjMVieRHtjrFhHfaAzoytZ2xtaJo Qw01lEdufyN8iHdKVkGJATtk39WDdnqek5Q3snOps4pupY3+m1oVIUkY8sZ1Mb2Z1rHZ0j Bf+Ca1u2GAbAPKflXCf9dH81l3LDtpM= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=TB0n3CPd; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 596335C53D4; Tue, 1 Oct 2024 23:04:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 67207C4CEC6; Tue, 1 Oct 2024 23:04:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823878; bh=M/Cko4L7ycF7EfuRgE9nFrYd9p9UbU51oKSukOYF/3Y=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=TB0n3CPdNHxlLWrrtuwMlV8tMuyagUCpSWBaTpoZK3gtGJcqFir6KLD+BmHv+cAUd qM/4Gy+3Y18n74iUaE3rzufN3Rl/YESZyphxeSuMvNMijO55mx0tYJmieb9IHxvIqG lKLPaKvylTHaCFcD3d2EQpZOZ+TUNT51nHrDD5Q/xrHnMKDfBv/rh5RPQozl9dCruQ 0REOF1upnxBvakxy2PWw5L7FCxb1vRcxVUKN6luHbJiTMdFqw5QxkIyTUrxpDEImd+ xjFKxq+oZ20wZuFdNCPOnXd9v4i+GcTRI+IXsg9I4FVuQivvGUdj6CHwInwp+0eTc9 t51dk4u8fx/Cg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:04 +0100 Subject: [PATCH v13 25/40] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-25-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=6765; i=broonie@kernel.org; h=from:subject:message-id; bh=M/Cko4L7ycF7EfuRgE9nFrYd9p9UbU51oKSukOYF/3Y=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7XYlmqI4AVMLQuVzPpNgT/SyMCRjCiznsJGwH4 G2vcFFCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+1wAKCRAk1otyXVSH0KouB/ 9Jw3HWKPOwR2aVOZ6u7wPXJwj9zBiar/DXFEbthlVQ/Dr8xLxWr9UILF4cDa6yLfc+rJkYXNX+5RK9 BkjxhujnTpn05vvFfUCInty8LTLbn0sywBiP8f8X0Dn2rcVCUbs5Smk8agHmrxbSo76R4SwsFy498d AyoptghwLoECA+CFGXG7VMkZ9S7i+FfAd1v2VUB63hLD5sxJkIEubTmneUSSxYvFVT5b/J37eGA6+z 13qjEBBQxnOjZ9MlEZ5LB/ybEnIQLz1wN87hLvtd7aIz5ZIpPZ8Azclkb+uVeaAc0nEsRgnOd/5R7F 2+kSiCmA0iuGU82ZzrQ9jZqMMl63ti X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 50D2D40010 X-Stat-Signature: 3ymahzodc8ksp1u1ifmpjxx1q38afgkw X-Rspam-User: X-HE-Tag: 1727823879-242030 X-HE-Meta: U2FsdGVkX1+frirhPdHPnt0F87Gmb6U2dyv2hB1zdrZcKiBWlVbKr1YBk255LvNhWnx7UPlwSubtoPVyelA7+bM41HZuCmEwBBCDDfTg/QKpUUlDxopUr05Z9lq3bZbakKCxZMhEem7AsZ0bfUA0wMuJI8pFZFRBpyifRcEjxspZfg6dqxk8FqaeVwvV6eYap+EExopwMYzTCiIw2c+NfoUgpLU+0dCyRf3vgufiyeZ3klU/XyzRqLsXh9RJAZwe10hWrjUewCldR0ZHaNKbtoUbAC6ntUrmivbpfSXcjD2KYmh0yXSx1xCqEdbrErOwOvHf4pbl8KZkD7ya8wyeiQeQiSZg+9PEVxadODv2VrwMiURpzQGV8L/fu3g6NrwBV6QPK8FMGXpiiSCktxJo7cLsqd7FEG9q/uLeFpFJP0DA1is9U4ayU+I64CAefYZ8L7D0UF1a/VYs1CInDD6yYhrs4/PYEps25zQmn0MOqvSVpSdyQs2fgN4Y/rRLNY5FYaCzLndT1BmLbg9PA/v6FqzwQ/Rwlz4VyH3mO8fx8BE5U7HRHrrqWd13FAJFazaFjDVRDM6XudVJtHefpwug+E2M003vRBrRO2NcLksXhCm7w7MIv2BHbgZZm+nDe1GRUD1Ac2gRZAzF+kuhwBzL9Q+Ji4+6IQUM5FvzcuRJSPv/dhy5xgKkeECGemeIHEYXZseZIySes7etZ5Y2VHrEdz1GzUEn9yi6cAc4jV+uG5HOSHQBxy4/YG28gxV9vVuUiSNUFbituZ015lGaYRaZyxBE2xPCICMaCuRdzRxFgiJ0hCC+uEm5CIzZSI7NehjmzS9r//2Kxb6Zfeishe00F1hYVEEvN4tq+UYiRDxV25Udk0Kts7UwupdcTICRKWSF8RH4PVmHGA3hC+PvMeoX8ZGPzKHbCp21zSMDzpVo51MxIfIIeMzyNsbBsFpOpP2iNgCytVGlUFpZcTn6pIK dn+6mz5+ WDRWwLMUIpzRzB2EnZ82RVezTnGZLt6k+micftKOylyzOs/aLOiE5DxFPeVq4Cw5h58hwSAerUF6D1I3kY63o1saNTulSTZ0yeRvweepGZPHu2oid0lLqNJhlHVJ9LNyi3CWWgXuiF3JnQ5lNJMgIQ9h6nOPAag8RegtnJqCJszcaEUmu63ziyDLVQ0Q3BqfakOuDybee626a+8gxlBipmmqikmmsfzb9jgBsR+uzTOefYByBNrXY0g208MvIctYbcLUKi8qaQE3PRp+HxGhq2mRrUCV9fD2Y2Xw8qDq5p1EC797VnuOcDGOKrDzOP9Qdil5uXAeuJpPF4zBfqcGddJl3VCuWT64XwUD80HRvrYcf/FIu114PM+oDWefPULtmlH18Jc033Moph/T2DEEdvrvWRcBTe6pQe8Pw7g4QBqOI/7rAe8LsyjtDbA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set and token type of 0 which we add on signal entry and validate and pop off on signal return. The combination of the top bit being set and the token type mean that this can't be interpreted as a valid token or address. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 1 + arch/arm64/kernel/signal.c | 118 +++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 114 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 48c97e63e56a..f50660603ecf 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -9,6 +9,7 @@ #include struct kernel_clone_args; +struct ksignal; static inline void gcsb_dsync(void) { diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 561986947530..b5ab0e229a78 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,15 @@ #include #include +#ifdef CONFIG_ARM64_GCS +#define GCS_SIGNAL_CAP(addr) (((unsigned long)addr) & GCS_CAP_ADDR_MASK) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + return val == GCS_SIGNAL_CAP(addr); +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -904,6 +914,58 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + unsigned long __user *gcspr_el0; + u64 cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Ensure that any changes to the GCS done via GCS operations + * are visible to the normal reads we do to validate the + * token. + */ + gcsb_dsync(); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap. + * We don't enforce that this is in a GCS page, if it is not + * then faults will be generated on GCS operations - the main + * concern is to protect GCS pages. + */ + ret = copy_from_user(&cap, gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * Check that the cap is the actual GCS before replacing it. + */ + if (!gcs_signal_cap_valid((u64)gcspr_el0, cap)) + return -EINVAL; + + /* Invalidate the token to prevent reuse */ + put_user_gcs(0, (__user void*)gcspr_el0, &ret); + if (ret != 0) + return -EFAULT; + + write_sysreg_s(gcspr_el0 + 1, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -927,6 +989,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_sigframe(regs, frame)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + if (restore_altstack(&frame->uc.uc_stack)) goto badframe; @@ -1189,7 +1254,48 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + int ret = 0; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + put_user_gcs((unsigned long)sigtramp, gcspr_el0 - 2, &ret); + put_user_gcs(GCS_SIGNAL_CAP(gcspr_el0 - 1), gcspr_el0 - 1, &ret); + if (ret != 0) + return ret; + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1197,7 +1303,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1240,12 +1346,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, if (system_supports_poe()) write_sysreg_s(POR_EL0_INIT, SYS_POR_EL0); - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1268,7 +1376,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; From patchwork Tue Oct 1 22:59:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818926 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0AA3CF3189 for ; Tue, 1 Oct 2024 23:04:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 85EF3680034; Tue, 1 Oct 2024 19:04:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 80F8768002B; Tue, 1 Oct 2024 19:04:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6616B680034; Tue, 1 Oct 2024 19:04:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 44EC068002B for ; Tue, 1 Oct 2024 19:04:52 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 07FE81210F7 for ; Tue, 1 Oct 2024 23:04:52 +0000 (UTC) X-FDA: 82626565224.26.89DD643 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 35CE5A000B for ; Tue, 1 Oct 2024 23:04:50 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=BwIW27cY; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823825; a=rsa-sha256; cv=none; b=jj2kuLjumxpBw8eCakc6nh3wV2TJjh4m/l+igVh8q7qgRMBTJk7A+nUTrpngkPTkDnWUMP 0vSGIoYQ//waGiYITOJtl409haHpPkb/vvkDvwzt8DFVHAPwoASrFWNlm0v04OrcDTU519 ol3+ZqIw+UuPl4oWKoBIP0xCEPNy4MU= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=BwIW27cY; spf=pass (imf25.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4dc87HmpeS9cE1L9M4FvapEXtqDd8oHbPk8aV/GQpko=; b=MgIA+O/xNdHkB/gVfAhSb/JFcSwMAnmUuOOO0wE63ae/VQ18fSD6c1+2QjlKF7ycRX4fL1 cF53Tzi8Mr3kyYTf+MM/jicRRvogjRbBETnFb120wJpcp47RFU5E7vhtZ42aGx/QHEXgOC 6vgQekgH+4i8dauiOt14ry39A9d/LNA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3F7925C0339; Tue, 1 Oct 2024 23:04:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8BA5C4CEC6; Tue, 1 Oct 2024 23:04:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823889; bh=iheYVdOI1mRov1x2wnyFTq0nLuVXvcgzNFY1vvTX4L4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=BwIW27cYksAnySxigWOYt0SrEnqSg8DQYIaOnWhOA0RmnhGPkZNsPdLvpGjXLHoFy x9mBOmkAgbznrCwLJIwQXwgbSpQgLgda83m7E8XTGR/hpwmO9+3OPAi1uU0TCEeGyM 9JiEyK/6y5TPZbGoIs2Q4X1QSD6nD+29VI2lTNHh20WKw6hGcZlOF91t4tyvyGGUud Er3KBwhnr6s/S5WpZBGIZsV6T9/+OZ8Q9UeC9TufeeP6UnCEheXFhvzHTC1pWfDdE7 blzYCs94us/bd2Nqjy+3llEwkSsm9Kk0bQaxm2WUjd4zYSbW2gZTb+pX3qgl8J3TvX ZINL9rlEvPKdg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:05 +0100 Subject: [PATCH v13 26/40] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-26-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=6331; i=broonie@kernel.org; h=from:subject:message-id; bh=iheYVdOI1mRov1x2wnyFTq0nLuVXvcgzNFY1vvTX4L4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Yz8d8MeWJ1s7RbiNfQuHzARatODnl4idncq8R cuNHIXOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+2AAKCRAk1otyXVSH0IwMB/ 9jNDjhhihZZ4eg1B5HLLhXzEXv8N0aVlgGh/C0HpKuP1JRpb9vWvmXYmEb9b+OED6jwkbAaDTq34DO tIgwn8Hxp1xHgkhwqJPTA/ZlaSRZsLMpjQGYO50gNphK4ZTqB8UsmomfvnmqpiHRG2Tvn9yfF6ctdn 6jCSM3nAAnS9z/iZyVIRdD+DJ6uqNygJh5d+zzcrtYXSjxfHHUH6WFm4VP9CsuiY/zjMTz3cQCR+GD Dkyz+qG+3r8mAsYatUuQH1MZvCZPtuexKj1rWX0DbluY1QzNURLAZ+Wzhk6r8UfrQ2C7Dpaj+1j8fk vzEPmC/B62LJ0D69GBKu8xUJsBBlQj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 6q8xkedhe7e5ua9rs6es8siiuj1h741i X-Rspamd-Queue-Id: 35CE5A000B X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727823890-418095 X-HE-Meta: U2FsdGVkX1+xvHXQgNnll5ggPTvatCgNwKSW/5Q+Odc7UImyrW1IUFEq3bE14TAUZgQHL434YLHsK0pbZyjPxCI9BPmsC7iJ1DMZTrKea9bDrK5r29EonVaOMBcBgHqvyW6TioDGSL3La2dKI6lJFY+eFQMEW4hibpBzlFcaUJNpCNgyN+aagfmFqjYF4EXnBdUFjbQpy2hT7tVfN1+/cLdMZdV2N5IX1Uk0Oe6PMuwy3ukNSyjqjlYyTqYx6kRhRKswSj9ko5iPAJAxqjq8N0BUEzLL85b25B4iHY6JNWEQ0PMPcj+ROdJ/Sn6YFSGOoax6R6M31UQLBn7sZnv5teZdxm/+0PLrggyhZuC+7DCSo21nQADzxqie8cgU5P0P0aBgQgNjIzfVNofLmZLFFpvMmYGHNzBAdEBebja2Y9o3/At2T4F8FbksCMaAf0B7unGy6E82rJTHut9zK4JeDkCIlmFNyrzJMyMrzWwdSM492T1YzvG/jDW00sNs3eFobmJNXBy4C7NHvPJ894spD7L7sY7MGDTIGMShQ1FQGMvRttrpLQb5azEDMYkp8t5nItzdSRBeK+27sxCQVhfANVzB1xLRRqQ/H1buGR/DF5AeCvQeuCuc2vA5eDJZXaZLnog+rl/5Jmy2YYVq2zFK6QJZoH2dNM2xiZmKAzCrfNkDP9nlKbIa4aIrT8HNqq85GYxgITtIuyQGVEKgxtRUZ1S/yKsEXbSP7ZwAgexacbXAXW8zp2WEufsP8B+ioAYNEKECarwrjf7IH2UX1rE+y93xZrEAVNyKou8ywYRy6gmMwagC3uiw0M3VPHZM8U72HCVJFCUyJp6jbq6XiRes5EJjyOSNIOXgAHvQfslijlfw8R+2zbIYPXqvWYaAwTdaFqtXXoPadm9RlYLkUquZor5o5smqx6AM6bL5Y5JkAGA4UaLolLqEq5x5TXW1mtkA7sKw5WimgoPtDYABGpJ ugrdh074 VV3foI2vyeS5Q9aub2OWljPMRVW9XNRGxWl2uZp75DDg4d9pGEIJKA+TehBYbIyFXHHbg5uHaK2QX7TMGDxe75q6eRHUzblvr8TMIAkM9TaNWaOEGw3r68OJ6MLCA2+RRmJYaVcJCLqmvxyVVerZjHxTqkX46bu6dFf7oeCSuTvJjK/BqwoX6UNsEbJlAhgfWR8bmWcZ7gZxOHCrQhelgeRrn/IHyigpVKSKB/sSQUAUJ/raK6+3CKyXrX0awLhuBMZY25BIbyFl121pJQYpSo3EskTHHjPzBKACQ1HlluTcz6nUC0uMAuYoJFcTEY6YyekXKms3CwG7fnTqSRwUR+1mngkpAOOG6TC2pxR3kCBiQmdp5EfPn3Juu9WBvaQ5MMqYJ+ibeqQ/IZYGyrwB8s8qnIBzApEjUP3Mv3jlC+rfrV/haqAk4LO6g2w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Reviewed-by: Catalin Marinas Reviewed-by: Thiago Jung Bauermann Acked-by: Yury Khrustalev Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 109 +++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index bb7af77a30a7..d42f7a92238b 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -183,6 +183,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index b5ab0e229a78..62d666278264 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -66,6 +66,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -198,6 +199,8 @@ struct user_ctxs { u32 fpmr_size; struct poe_context __user *poe; u32 poe_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -643,6 +646,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * If GCS is enabled we will add a cap token to the frame, + * include it in the GCSPR_EL0 we report to support stack + * switching via sigreturn if GCS is enabled. We do not allow + * enabling via sigreturn so the token is only relevant for + * threads with GCS enabled. + */ + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(0, &ctx->reserved, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + write_sysreg_s(gcspr, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -661,6 +740,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt = NULL; user->fpmr = NULL; user->poe = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -777,6 +857,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->fpmr_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -896,6 +987,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -1029,6 +1123,15 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } +#ifdef CONFIG_ARM64_GCS + if (system_supports_gcs() && (add_all || current->thread.gcspr_el0)) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } +#endif + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1136,6 +1239,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Tue Oct 1 22:59:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55DEACF318A for ; Tue, 1 Oct 2024 23:05:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DDC6F6B0121; Tue, 1 Oct 2024 19:05:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D8BD46B0123; Tue, 1 Oct 2024 19:05:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C071A6B0125; Tue, 1 Oct 2024 19:05:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9F4296B0121 for ; Tue, 1 Oct 2024 19:05:02 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 43FDA40D1B for ; Tue, 1 Oct 2024 23:05:02 +0000 (UTC) X-FDA: 82626565644.29.933E839 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 6177520008 for ; Tue, 1 Oct 2024 23:05:00 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="eRy/kctW"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823796; a=rsa-sha256; cv=none; b=awv49GOmLPSMu0dZ2AJeXAF7ODk6LwxF7au8M0vCWX+fZung03sal6b3KXqR9IoVj+JVDL eS60uqb6roFbymV5AQ2b6fPZrhKYRbdn4RuiczEnMFLR09IFalkw7fsRYM6kT3hfK2djD+ +tDj9WWVEJfv215YrGLi9c99aMi5iVc= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b="eRy/kctW"; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf03.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823796; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pItaQE5H3eRA0ypxjPZXP3ezpZw+nz/REhLu6sj4x90=; b=wGLqXzXgW4KUZisKX7pCLdSsGa2GfHJpmbGDwTtqeX/rVpJyNAvoH8hMV3SAgTubKtODeb EC7OtL/hh/hXMkSiUpz7Z4azkrQPdG5KwX/7Hre39lU8kwt662s925ST0JTfbZxHzTSJHp dupt8jdQ5fr6lbiQnkJn92uDRN9KHsQ= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 6B5955C53D4; Tue, 1 Oct 2024 23:04:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8CFCFC4CECF; Tue, 1 Oct 2024 23:04:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823899; bh=VAiC7wTRzpadh8RpHSWvVn3DPR/rNVWThbxqMFfnHEk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=eRy/kctW3nA/qJ93+WM+vITRctux1o0SD6GPKbIu8jj/YMt7AnIk6QFRLezzYyzuH SlcLCbUhqAUI1u30Po/NuBch0G0v0ql50IwITt34H7cQ62gIpWVQUIeHJ9tcQRMzTc uViUbs/Xvke/fjWiDksO4Qh2GN0gSj+Nk9UlnnP4YOWk25QjeTK3gKZLM8phKEA2k+ mjTPj4LrQGG7RmJEjAG85LAf7kBnQhfndAYVI+ip3Dyl1vcnUH0miYKXcExeKBvbav xfZGoiL38AAi6+Dr8MCWdJs/DMGV6gztdc8XmLv6yc/PWIpR7eLYMiUpADAIS6yUCs VOJL4q92nUy0w== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:06 +0100 Subject: [PATCH v13 27/40] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-27-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=4262; i=broonie@kernel.org; h=from:subject:message-id; bh=VAiC7wTRzpadh8RpHSWvVn3DPR/rNVWThbxqMFfnHEk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Z5vNb2IgxdeOBRBnWacqJsMskdit5gkN95CIq Z4SFLa+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+2QAKCRAk1otyXVSH0AD7B/ 90YcXso4DMluSzh5SnDnEMoZx98sERhuAysFMI+D8NQYKJCTCgbRD1UHKlev8+31TQjTM7cBYNPtTM M2nPE8s6UfeDzMcl0vw5RpKx5LCOmfb6By9Z0S/OOOBBDnhycSmaVuCWWHk1e6dDiF2fEeSs6Sn5vc BDdtHJpnVBlaBt5KecWXAU7R9Hda2+JhFtcTnYEu3PlCLUn8MK2iObaoVpv5VGApENQlXul5wDDgcA YjtMn40OZdA7GAQR5zJCgInDRJyMmkYBeRAvEBnSfi/l1QhqGRthlk7gspycrolcOCHSr0crpN7IZJ mVRvPfsG6jKAiyRP+nTBBXtTDR35tE X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 6177520008 X-Stat-Signature: 3cmhtorxdqujdt3dobtp4ss4wf3asrxs X-Rspam-User: X-HE-Tag: 1727823900-450276 X-HE-Meta: U2FsdGVkX1+P+3bIcL7I9Rqv/GtExoAoOhO/RoLdLtRZhyYdZcsNqi6krKUj5bx/m3tKX/9W2i4qlNw64onRZQdl5TFGUfIH+XHqqtfUuJiHaFOf0yGGO9IvwlebcRHNdb88uFJqjk8jkNO1RRMqceW+U+ZspBBbOXYiauJwfRk2EO/79v1BD60ZHn1t+T3g5L638IQF67PzDmPLKHQL5A7DiC+YCba5JGfTGPY7SegtKk2pgzC6le2OZbhxJMEzpo2vhYyeYfur8yW3e6uGbEdloZQPQxaagzgcTxB03wBPZ7bew71R24OJYTTUFjroa1ZitY+R6EihZpON1Fvx49voWCyoBwux4ujUHjaggjxUCC/MIXI971Qj5ConciqYOyxWn7bvrH6TxIDdTpiIPubvj1vvksp9xnpWl+ce8Ibw+K/jGsGon/ljPpDlOQsKT2IMl5GPOFhmiKdqFx+V5psmmrFZwZZKWWtlKeDZ2QJdTG4g9/F8vF2+1mCC7NWstM1M7EKqT/E/Xyp+blRlDju6v7WgvQDJBleVxfDMNI9aT3PUWeYGQL1kdLcDagO8zXxjAwCWzVkbryuSQ5uSGwPluVS/D5FFOKRAmzmgVilr6y0xbk769ssub2rl2oBi/WrwE8wX2Sq46KXy4YLxeFO8Y1/tpDhy+en2jog3LK9doDNFVN+KiBPb919xLHfLopQDVZeXiIMd2AhnqytQPKsS6UHQDJy7BcxRiyYxfwxVhy09lbVYi+X30kE3PFD1PWWtlxO8fTIYU/vg39MF7olnePq5HtR6++Qeskpq/KWlZCD29se/IVbDyq/GlhyNentFyeh3+sh63FPAHHK8bqXVyKeKFahDkwvgO/T9eQL8edihg1a2WYhiXGOBKuMAGeBdF1Oj/l3lKWpKHjJ6rmkWDRp24t+VmFMOeWtwpsP6gIQ4ri2/NpJfdWXL0xc0XebF7VtWQzoxXEx1Uil o+nG7b3o QX5jWNgdnA/DC0YYiO7YvOMUBjQYn8dMem7Uc3JYC8dtqS1UTjyVftUCAHHuVESXGj+YUDtYvc1pepisv/NaS6gcw6nVO5GgBkCNt4WljiUUxoP4YCwzbXKBWPmnec5MoeoUAMBDn3+ue7XIcxiGMwRVW7MdurmSTpyjJVtXx8jHTWVG1HlIWTOrh2xe0rL3xiUsxpFtp3ooayrIh/rG8mvLA2KDs+Bj+Iy0EdutB8x2LtFIUeFsLVyFkRaZTGb3sFy6TdBCbw0DrtvWq4XVrjnlkKsJ3dae/7YA5kxniQ/J1yAokmUSuW7mn1ghDDGnZiOhzOECehIRmJCE5DQkXLhflIQGhGwzmNsuEARjWiwMb2TPX57DD/1xdRKXPSRoAvW0WUuGCVH54GtTCHrzVZcKJpfkExd6uDGBYiJNd933c+uf5h7wFv7ZO6w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 62 +++++++++++++++++++++++++++++++++++- include/uapi/linux/elf.h | 1 + 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index b756578aeaee..6c1dcfe6d25a 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -1473,6 +1474,52 @@ static int poe_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (!system_supports_gcs()) + return -EINVAL; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + if (!system_supports_gcs()) + return -EINVAL; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1503,7 +1550,10 @@ enum aarch64_regset { REGSET_TAGGED_ADDR_CTRL, #endif #ifdef CONFIG_ARM64_POE - REGSET_POE + REGSET_POE, +#endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, #endif }; @@ -1674,6 +1724,16 @@ static const struct user_regset aarch64_regsets[] = { .set = poe_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index b9935988da5c..9adc218fb6df 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -443,6 +443,7 @@ typedef struct elf64_shdr { #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ #define NT_ARM_FPMR 0x40e /* ARM floating point mode register */ #define NT_ARM_POE 0x40f /* ARM POE registers */ +#define NT_ARM_GCS 0x410 /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Tue Oct 1 22:59:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818928 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF83BCF318A for ; Tue, 1 Oct 2024 23:05:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8384B680035; Tue, 1 Oct 2024 19:05:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7C11468002B; Tue, 1 Oct 2024 19:05:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 63A09680035; Tue, 1 Oct 2024 19:05:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4415E68002B for ; Tue, 1 Oct 2024 19:05:13 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F329F40EC9 for ; Tue, 1 Oct 2024 23:05:12 +0000 (UTC) X-FDA: 82626566064.07.E065539 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id 25110C001C for ; Tue, 1 Oct 2024 23:05:10 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B5J7eMmH; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823783; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8e0Edpe1vMepDAYRcr6UO0nBXWo8D6fC8WArj8f1tuc=; b=dK2ES1UtszaNW+IfsLMlt1Dapq1XwxR8ZLNsqIvmC1zhOShYSP713R8MXTiSGFrPy2ExXG 0IeoagFny5COBN+w2t43scxYIE1ZTrvyrWyyFHywqjIHqKdqRSu+zZJ+rRXnLGoRbzUDuj rOFBuWrN9hj6+faux24f2WoPRXbl844= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823783; a=rsa-sha256; cv=none; b=KvPjY5YUKvaK2t3WRfCtJ/CxBQbpHeYPo2olSgn7/gwcHbUC0MRcAl56fc32LQ3qZqmYU3 W296lNihC/Lp17/xYQdtZzwnGlovQNM86AqX67SFjtC85X3E9oh8HliGKWFRdCEw+uymxm nqsMVVExGa5ofhxQy4F5RpEs9ZuqONc= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B5J7eMmH; spf=pass (imf10.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 3F4535C555B; Tue, 1 Oct 2024 23:05:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2430C4CEC6; Tue, 1 Oct 2024 23:04:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823910; bh=atDZEtbemNIieqZC6RtXrtbJMuxF2tLKf2K/TSJvVes=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=B5J7eMmHKHd97SZEJxiVYhbNX/Ks8kJn5Nue5+50O9KQLxkG1E+ZShZeg7g74vkcV A18Gq9rmhXe19Z4kUcF+pJs+Qtvsqr91+6+b7Kbsshk5rbEYcPSxMF6dM0k1CoOe1h e7cF+4+kslmzvSIQSqXfflUfAQAyfMhFn+CLChMvKBH4y0HQkYfZBLgHsx4waUTth1 FFWq7cK+cnEGEWp6Vnhnn8l3ARtW5Mw5+nZSWMAvmkBEWfgsMfYi/qYMdxye19J2jn B7Sl2jtRZqa10PTgSCq8QLQWkDF2ckA/wZ0Me+T/OCoSkGoPz9AVJA8AU9mCB+UO5i YC+XhEF1TuzLw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:07 +0100 Subject: [PATCH v13 28/40] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-28-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1477; i=broonie@kernel.org; h=from:subject:message-id; bh=atDZEtbemNIieqZC6RtXrtbJMuxF2tLKf2K/TSJvVes=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7Zc7rKkETgD5/LTaxxdr7BGJRS0qSsZjNw/txV r2Wuw/+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+2QAKCRAk1otyXVSH0M+qB/ 91ODENwPWdKuLlElj/7OYeWGSCjN5ITwHJ4ppzWwF1BP5tpBhvEs9TuGenH2UXxcohCfUT6yjbeNU7 BqHi1YY0+wQUtr4ulVRIVOnj1gq7q8h/tS/NBM0kzuoPNW/h3FxRY8l5bCnYAo5i4/0MKAznj5S5pL tj2aRrRznvG5Pj2t4m43nTUIxrTduG05Cdqisl6Txjh+LJSLhBOsiLtFeWGetiiTrHDcpNisfrWB/g INyNQ3jEJ06Kni4oXAI1kFQBiWcbUVqmeRHJg4jEpObnjwLN4GS3NWbsDfDtfdFgL9q0FM2zOz1vfP x+uZvUmrp6KnGE2kvCpjKmctHavSdF X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: gur17i1b7z3fy1uend3rr4bg1j4uywk1 X-Rspamd-Queue-Id: 25110C001C X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1727823910-204711 X-HE-Meta: U2FsdGVkX18mwqHW3E7j5xZvubGiRiccINccp69lI+NH//YnYFZzXxJ0HmhAGffVxUqM21U1guR3PKQBQhuo/pGmC/EMQBvB0uwlZud6/mg92oilkt0P8wwDodVDhFdHu2QaXmp8BVmNnl8OYMMR1GDdNowO33jVX3WbZqG0zfZd8ErHsNsqJwyC6r1bGgbD7eXs7udkK+Oij5NQQbJdFB4oo0TGNfM5m52iE5AP0Rm+nfZ9/yt2v3TNs3VFHsHOdClw2VUPYZU5YX/9PEsY64UJ2fbSERvEvc9jd5VT9ySik7C4vOb5QCbaepBNSPt08f5DGMkdGWiXK8j8QWTGzfTGOlUvR5hZ0wAyY9ibmu4LadGQMY/ndxr91X7Lea3udJYF0LvcADVxHmNORNygbXA4NSIyRT0GGLbr6MnwXAfrzG9Recpyz5+cheWgjKGs2DvJ33xOv5gKpXLY9hYNOlrnNvOp7hDs3zyV3fp+TmfbgQ72qoLE44n5VNDIEYy5Wr1aD2DEDCZeWyTXgwOtwtcL5MNXTVb0nsNQ148DLsAv06EpajabkODIbxLQD4nH/rBx4YAFD6yQLtTlyxzMaDi0FBOvod/MKRi/lcHgRmswhgWWJSNnyG+JjqwgFJtv+BzbPkyaLZFDZx4McD65/6GIxLO8o7Ha3Wk5204GusBjwt0D9R11enFV3UQRh51l3H5D/+z/DpIQNYCX09WJAcuFxBj1kX3vz3v9KcFSyyEkqxDkDiPXSBbw/JjocT12IYyu2GpS5IU6Q+4cva3/PgLhZALzoJYz02ZWruZdJYKdN8HZ/X3CqFOTHuk7vGRSOFhPRkRtGNrF8mdw6tmagqzoNZ++c5uV/ViSCttwU2hSFiUrxApQtdLMlvrQRt6SKZ78XKnATUESdimwSLcuOVoqsJyF+9jVNlSQQ4XLqTGOlXrZP73Kwy2O4lH6ZebYOaw3Bk+n5X7bUQM6plz ws91zLZN m9oQDFcULnn5115QID8GaHEjqkBxL0rOeFlRGhwNFMfz9bMWJNuaRmxxB1Lu8MsmG5sKT7i/aSAG7f/z3bU0kKTyXoJazsbxbGi4Hz3B9NljMR/54m/QjQyk4lXL4RYAaLcZgK1Ix7GfGTfrlHoamEZfqx4OMSaVD476KMR/SMET+gJ2m45dFb1NPqC9RyLzOR1qgHYvu6dUw26j04OeGvdWSt/rUxLdL9JmpWZdx9Nctbkj37/DXFgbzaA/2jCEP3FNTmPnVb2a6AufCFWdkJ1GBhytM9+LJmJMdfI4wj21l5aREYTSuSmX3U+eaZlZOhqxOVvyCGAyjEEseFFVUBGB4JQcTReYjm8FuzEriN/A96eO9N6tnRNqUiDPNvUdjTIuVBt/qzpya345Ruu0vyopHhIQxwgCttKBj5UySCxBZJBuEVqrwWfFjMA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Reviewed-by: Thiago Jung Bauermann Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 3e29b44d2d7b..dcb12f041c13 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2178,6 +2178,27 @@ config ARCH_PKEY_BITS endmenu # "ARMv8.9 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + depends on !UPROBES + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Tue Oct 1 22:59:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818929 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8293CF318A for ; Tue, 1 Oct 2024 23:05:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4B84D680036; Tue, 1 Oct 2024 19:05:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 465D668002B; Tue, 1 Oct 2024 19:05:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2DF27680036; Tue, 1 Oct 2024 19:05:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0E11968002B for ; Tue, 1 Oct 2024 19:05:25 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BA026A0667 for ; Tue, 1 Oct 2024 23:05:24 +0000 (UTC) X-FDA: 82626566568.15.344295D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf18.hostedemail.com (Postfix) with ESMTP id D17871C0014 for ; Tue, 1 Oct 2024 23:05:22 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uJXPg19K; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823819; a=rsa-sha256; cv=none; b=JxwrVuTFgkE8Ls4D9haJgcJBXBV04NBTxrDeRu7naLrcPEseak9PnHWuu0aDg7kC34Ml9r gvclN3r0/09P/gNnYsqYd/C/HzuJw9CJgHZizv4rj65ubkxrbYh+ddOpLxH/ixt06wS9Nm hqrL6WOOSK3SuIdXUoXMRpWy5c5PqRw= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=uJXPg19K; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf18.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823819; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RBVr/fog5unVx5vWdswcdMuMzdFFdJMVIP1drUnBO9c=; b=8Ccw4uA3KwOCNM6lV/PckVRfm3IxnWAHBx8sQYDtn5jwcOAQf6kAtLKh2sTrVjoGpJ7vhr MA46pm+tUZLJJ19OIbfYzJaFmxF950JT6yoUn36w2ViF50FjuAs2auUUjcZ1j3WOPu2K0Q 4A91FmFk4f/UprL3gjH6ZKdgTQDcuH0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D97975C53D4; Tue, 1 Oct 2024 23:05:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9DAA8C4CECD; Tue, 1 Oct 2024 23:05:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823921; bh=GLmI6hHYoj5JZxZG0yzjYcX6pFmL0ulwYTdiG1C9KyE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uJXPg19KQ4tuAtY+0FftA0aaVagRDKUP20/lvTlKZqQNQbewcQSTrzzRjoEKtm7nC n2gnfGJgNbPJyhuX549Sf61XlHumAKixbFpVzyS0gAlTSOu2rOnV1rMKQCIr0OtWJd I1AK5W+WInFWvg2NnDZUXd1vn4u/Dsgt+pJ/0MjdgWn+6w7MuOpry4WuIcg7X/n2yE YQdkhFe/WEsOi4KYSlH3gv7VkD5L4j+ugX1LlJl/z65lw6o99jyLOVA/XqHs+nYczF V7AZSwEA8Q+34VDDyEn/3lQnLrPQ6NzYFY6CrlnYSTnKIpVdC21YseK5tgwYCXHyWY yRYWEbR10J9qQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:08 +0100 Subject: [PATCH v13 29/40] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-29-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1350; i=broonie@kernel.org; h=from:subject:message-id; bh=GLmI6hHYoj5JZxZG0yzjYcX6pFmL0ulwYTdiG1C9KyE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7aBg3m0n8js+N3r2y9s0x83zZGeJav6qRQG+DB SlM8+uyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+2gAKCRAk1otyXVSH0N8jB/ 9NrJV4u3pB6B+x7xy0q+Ych1nU+TZ7sIKyruiwgrncB9J5+7CklyjjjmcPn3gOVQEtoA+/W9aZ4lEZ NN4iZrw584yNtE+jBySXR0AMtH/u8xnbsfg7FJ9I0Cj5hS/wV7mYGSJhslLHzjeZZ5pOKEI3ZktG0f rH7Ob41i25UTAnvjwOautvPOk+SBOSZU6l7PcfCJteHFeR+WWAq4qJu+Hf9SLx6YXmk3DvKSlJbLp+ 2UcwdwWpPxRIlDKjTI0I4B5yTh6lvfjpP3yw9D6OkVVwcJPuOZdwL+tuHc9v9FubA3/dyFTCAqvs8a VimlYJHj8X/waleY1JeJKtP3jXoEnJ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D17871C0014 X-Stat-Signature: 3zeuc5sxfg3cc1sb58sq8iymri7f8ztd X-Rspam-User: X-HE-Tag: 1727823922-563716 X-HE-Meta: U2FsdGVkX19o6co50+etxSh08Rfo9KFvPA89w4MGnWCs2J9/Ke1+rsdjueQzLPD+XikgyLwTuwX7U94F9GhvlFI8z4aLI3WHpcw8g7+Gg3yD1gWeoNnlnhDwDMCyWQB6SGNmdx7u9kZkETaEwNDt0bpSpPyYV12/uVOfr4NqnhHybr0xaEpq3l5YL99Az/IDmV4vK/EXQ/9t5RqreJjrppiC+oVgMLK2pVvQ4JIZ8LRZcpHu9j62QX3+aB3nK3mWUX5RDtvISHMYttR+LAB+mv0syHwA0zoxZ9n/diItGQs8pNaIqYP8T42HRhZbHDcW3/2l2WvJS4Z+E/Qqt4jSthXYTdF8XwhSRkzyq8YY1Ux5sk7GoxAAK79bXkJw/dTel8qpkw8/L4BjeaTKP2AfclcnNJOCCmDPtb+YDZiu5XelTygFPGIc7LhuWU/qg6EYiU1v2DtwL1WHhlwohlNNukdw5CMFUsqjb5ikpd2LriFUQNyxgP5kQKHrQMIvNr8HOWX9q0eTunbx1e96JSP4FJPwKLLdGU00E1XCP90bvzW25Ho8GpihWS3Ln3l/0B16CVNXzcKNu3ZNk9zp+1+p6mO9mG1+xTud1Sm4m5HR5izz5qCr7fw7TeDeU2AToRnAthTfs7ZOgmxnC/KmLlggqv8+5CzORNk8vPpZzEkhwkV2BoHQYYcERO42Oq73Z5dvdh5y8wp380NYjxmXSmc81Eit+ngrsb3J/gFVMXBEjYoGuRXLI0y3v6y0uCtibEtSpTta+RCmCF2I652Iu3PT0xdxNfpvhLOpwHyMXnozD0ftxkZ8ctxop24miKxbli84heisOge5pj0+kBbSVBZ8thLCpN+i5J6aG0PLbO+dAL8GwrB8VMV4ITOrjSDHW/FCKW8BNAGoHsgMGwuDSMxHP53/rfmK445ASBW7EEGNfDhRblHVnBKedG6kKVrqEe9TaH1wilg9Egxou+EdA/H gLym4gPd 1GzXVx/1rIs6L0YNjz3vrvEA8sCe2dx07VNR2dk7jKOGFFA/myY84FKvRM2OYdmGZ8YoAFicsdA9jbsJjq/P8UW+WBOERcHSo7F7Ab5RC6N3HPHU1g+oXuYmAwASe5vihk1YBaW+wy8CaRbZAdrCQJPt/oEONdGxmvb3koHXLcw97/yHCtp6elenvBtGDT7jR9u3qbsDW0ZRxsZxcXQ7w5yfRtTnK5qkXjO5b8E823Utqb0s15QxvZfmozlE/Ovp2GlGIY01olHdNgPiPVtIwABDVj4Za0Jp+Zu/GMoukf2/C9Vh217j5Ap7ghl3m70YQjSfuxdNErqRYHwRZO9vvFWeu37Je1Z1DybdWJS59BPJb7l2Taq5CXjbIIg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index f2d6007a2b98..1f07772ae578 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -98,6 +98,17 @@ static void fpmr_sigill(void) asm volatile("mrs x0, S3_3_C4_C4_2" : : : "x0"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -534,6 +545,14 @@ static const struct hwcap_data { .sigill_fn = fpmr_sigill, .sigill_reliable = true, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP, + .hwcap_bit = HWCAP_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Tue Oct 1 22:59:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818968 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37318CF3189 for ; Tue, 1 Oct 2024 23:05:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B9300680037; Tue, 1 Oct 2024 19:05:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B42CB68002B; Tue, 1 Oct 2024 19:05:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9BEA3680037; Tue, 1 Oct 2024 19:05:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 7A8FB68002B for ; Tue, 1 Oct 2024 19:05:36 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 3D935C0E86 for ; Tue, 1 Oct 2024 23:05:36 +0000 (UTC) X-FDA: 82626567072.10.780C5EA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id 51A75160007 for ; Tue, 1 Oct 2024 23:05:34 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iLfN8hK6; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823807; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PyYnSoOyEusG5JhBP2WPTO2VqcvdPRaer3YfAWYhKWw=; b=TKLoVdC5c+RCmY2Ony63UxFz0VVJZi8rebFXVS6nw2v/AGzw7BYs3LzjbVrGLxEut8w230 iRXuYqoC4+uNISbr+PAwfg4MMjq9aS9NlRX+KYrJt5R+6FJ7Ugg2CI5eoQKNizIyJPf9HF mh1jzj/9P3ZYVtJpbtGOUGFmoHUZ0JQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823807; a=rsa-sha256; cv=none; b=xF9zw9BSEgeYXHqodr/qAQD+IVnMsQsecpPPn72/ZIoRaPuS78bcflLtTBJmrpXU5QI74W 1mxJZTnoYQQaf3oQDjvBgA/Bizel9BW9pcUR3kVT+hx/upnyiyBPZz+yFujh3okm4Sirwn UheB/6n32Lo+pjByd4uEYYyuQyK7+vE= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iLfN8hK6; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 6ED1C5C06A8; Tue, 1 Oct 2024 23:05:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4A385C4CEC6; Tue, 1 Oct 2024 23:05:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823933; bh=qbIXmU2eUtmemMq8xp+h1yj3ghFTmpSN4hiSxbQmL24=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iLfN8hK6fHJsCL43iSYWHnlQe8lmB/0kpA5kef24n6vIHD3puN6AUc0DPk4sOqABb wWAjZyCkgL0G9BIFMcx8vXrgyMxvMHHfYAHX+x+mB0u7AfBeK8aepBzLUdkq6pOEZv N56GqM7jshutguOWelLOOIe09qymjx/165hlaMxOg7nQT69Losj8yjFsr85AwUTXyZ c+lc9rAWrd+ijT8JfypMqXpIHR89Q94sffXErVyiSHR+KNkso6Qb3wgi5CScjjwN3+ cA7pnI/kGEugcQvkMWCHyU01V4KUQOzIthpcHlAIkQa2BGUJojXKuFps2EShSHPk/9 U6SlBWyZTQfgw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:09 +0100 Subject: [PATCH v13 30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-30-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1892; i=broonie@kernel.org; h=from:subject:message-id; bh=qbIXmU2eUtmemMq8xp+h1yj3ghFTmpSN4hiSxbQmL24=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7b2/iy2LdLJp3um+baJpFqFpKYtxnFOd3PCELd fKwZqKaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+2wAKCRAk1otyXVSH0NHEB/ 9EKBm0Nlsi2M1QMfMGnwSQGrHLQyo0Ec2/WoKudVqFQEvsSyGbPTSFYvGmQ1dt68l8+uMZJF6ZolQ6 +p9amzeznqBLv2udaMcOQCbVRNUVkhWWEVPH03tjMMJ2JCfAhJiu5tWmU+AO3dNrD0+IKLhlvAy7a4 ytAjYf8dykZi4yMOOBEZVFM2y0oDkNBzrnLNudtDx1M0m5EGTdCOtsOuOgbcYE3iCawBsDuPo5PVii W2sqXjLa0a3JOYmFrJ+qR3PhmfLgNx6tlv0SDPPQuPqi6bStN5a3v662I9gyQ3nFzHQQPFLgjdhlGT zbzEjrNGMmUur+kCBdWhwHlyVS3mx9 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 51A75160007 X-Stat-Signature: 43pt794cf3cqtnch7h7rz5nwrasek71s X-HE-Tag: 1727823934-792516 X-HE-Meta: U2FsdGVkX1+ZBoxmvaB+4mNhXNPK2GCtxZ30RfvuuKkJ7nhKXFQesfqz2CIoEmXBZcs6NafrLyo3eTW8fwCSAsehNdVmiRSReuTUTChZFd1uo7jVWoo8n+CnnH+6rSERfiPezUuxafYt7kZnuMI6+Vq5AU4ShwztEArH6xMl7zRSHH5o7ueQnXr/myhkr9yQYRWTkQTBXRJOZbnwVQS5iHU4rGGq7hu5Ah2fGbKM0TUYh4knbyFcFOB+cyhn7A9iP5bTp/ener5U9ilYuXaEZFxQ+07DlKqQsWh5Qv6gedK61oltVjsgaxWdLEXT2ANLIMSwflvMjVJ28NcSuuww0mzHWdlKBLAkGcgo8hlF5gCP72+ms1ue0kb31fO1eF1DUN6ZHchq0Zrs6bXCVTgpZ4wpYpFcEnse+nSumkuF5x9k4uRweLdTTn/fzLrcBKBfniwbe5Jkna/wrwvi2pwXqFnXcwe00F1KRH3yL6XnGRdJeowdoWVOJtQH2rYVM9xMzon9w9wQJhBl+zQ4HnbQV+yDlHc14zJFRfHjf7WrfrefG8nEPtxQplo2nB4ww+/Jg0DqjewpWvkJBEbJSoE+xgMNXpv07sWbDWQTzgZE3x6YkW9XTpH8QjZ/+gbVTxAJWyBrBiDnxcErC4/uub4GYt+AX4lmTEdr6BbBBPtdGWgzWIBgFwei6QdL21+Dp4hqEkTj5U0GdSi2P9EavKDy9FWPNH2LYl1BSUsndThi4VsQWkOXuq85QM2V2/8mvmhSoDaxjx9vmE7EB93+N9gcWwf7318tu6H/CYD8xL/CZRiGmGH/YwTAZYo+tmLd1EBPZce6GfdoCdbpu670hqJ7ISpYKLUt+zL7C5cQ05SvIo5xOypGD/kMj9v/R1qy7BDQic9QfuA/YowxVDW9gBXc6MBtsYg3lGlcMhSuNjvIda5dK9/d0/LbRwiQiludjhclWr5gl4SG5AUvGq0raf2 BSae9xSk +ivX23fMifX+ubGf1tmFxu+Fs9ZY9IFtQnJ1rZ8OiWyDt08YlEWq4NMksvjYlrx1gWYjNYwD0bKjkCQWiSkmApLS05FlOvuheVvdwAIhFWba0I01pzMke37TVdx4zUQq0Ky9AhgZCihPlH4y8fKyHl8FRU0Xkke5klc6FWwFDq0U+iwxZRv8CjNdyGRsG9d80yel2IL6E+n3gYsjahprFMYFi9tmGgKOr/WepXYLPTftzWLiH6MPBpt+eZdnmvmY621qkTGI7A2GbPuwQ24pyg00JnSUczsn6rouzawi2qauz0iSXHpBGZa69+35goRldc/RF3TAskexI29zG2wvuPydr9C7RY0n+g1QFuNpm2ftYG2gFzmSpuxAJzw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..dcc49e3ce1eb 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP) & HWCAP_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Tue Oct 1 22:59:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818969 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4358CF318A for ; Tue, 1 Oct 2024 23:05:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 579C8680038; Tue, 1 Oct 2024 19:05:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 500CD68002B; Tue, 1 Oct 2024 19:05:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 37D4F680038; Tue, 1 Oct 2024 19:05:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 13B9B68002B for ; Tue, 1 Oct 2024 19:05:47 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D49A5161182 for ; Tue, 1 Oct 2024 23:05:46 +0000 (UTC) X-FDA: 82626567492.13.DFE2A39 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf08.hostedemail.com (Postfix) with ESMTP id 91CE216001C for ; Tue, 1 Oct 2024 23:05:44 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kx1yRMnd; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823804; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fhtSc8NG4a+F4JDAzBFIpzFLOAqbkYD7lVEHdcAH91o=; b=3qPwfAiBB4Mq1Lb1asZpWOXibGgGuhT7AKjBihMJBqZKS3svHVhz6Hgifx0TOnmZWW789b 4nHgq17Xc3j+bKj6IPH1ME0qtBqj4E/z4dJ58zvD2I46z8/fG92GgyhVs85yahBZ2bRwU5 UcHLFJQukrceFar2ebTsX1h3WrPK/dk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823804; a=rsa-sha256; cv=none; b=F8kEvDXThq2p5OVZUVShJWX0yDazMBwsk7NDSa0nibnJF1vhRhkJWHeiYTqXZLjXhz4QLW SMCzsBLujCkTw5pyIRkpk1/RMMoyPo5p80aTr3xpgn95nNWKiZg7CHqihU2lSkDH8R7euT t8HUBPzbiXKZTMrpip539li82YVwEN4= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=kx1yRMnd; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf08.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8C8F15C53D4; Tue, 1 Oct 2024 23:05:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3CC6C4CECD; Tue, 1 Oct 2024 23:05:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823943; bh=ioeceP+BFqA3jud12cOD0sJcVjWnQPo6t2cQSXLuyHs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=kx1yRMndAjUJvJPAMXQ2VC6z8G7NmOrbYUt2g6DGAQP0QBoyDPQi+1Se7fH8Pxi44 8mvl5WOTzRbf99m4gw2xagRAK2roEvxigIh1LXSaGpVE34YNdy5aUzv5WeL8D50IOT LUIhobuoHDtNwmChk2d2L9GtjRFAmIkRCV/UIyyK9WYiAVu33DZwXkDtiAKB7Um1EA EVPUikALWWsBe23EXO3le7nTxuwuXLjQ8OEss6r4D6OZptAp6Q/LVdwoGlMKt3MQVA uGFLZvzjwVHUBTCE493ZGDPjR4ai6lU73zH9qbTRrb8MSLsUN1vOls8dpEDDhNArWo uYO311Tyxczrg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:10 +0100 Subject: [PATCH v13 31/40] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-31-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=1664; i=broonie@kernel.org; h=from:subject:message-id; bh=ioeceP+BFqA3jud12cOD0sJcVjWnQPo6t2cQSXLuyHs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7cl2+Mx+1HhzjopTN729pEuYjBFsWKPZlO2MdU P92ymjqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+3AAKCRAk1otyXVSH0Ig8B/ 9GZyQlFK4iDt8NbeQZL9to6g92whSIQqB6IZ/45SH8X0FcRvl3aYwQRzVYoXwCsi7Rd7Wv899pD2hg ETXnYNckPSxj+/Hg+b1GAPnHeWVVBVjFf8tQZkfBj/aqGF7dehT2mEkIn7I6Ne5FEEegty03McxT3B SQ+9/X4Gicx8vTjF13/ij+9T9m+D2zXt56RjM4bGDcoEqX8z+sSm3fys+crSlDhD0b9wgtVkjrO2LG KqizOqhNT1kF2bGNuK5x+U3FUcjJ6C7g9QR0DUYFUb+s2hLLRGPa7qNnCVj8aIjJj1o7x1xiOmBXOj hPUP7NjNQh7lMAUg9LW0vgYN3lcBvk X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 91CE216001C X-Stat-Signature: ew7nm8567frmqqbxn3ecmfrof9gptqmr X-Rspam-User: X-HE-Tag: 1727823944-974311 X-HE-Meta: U2FsdGVkX1+x0ZNHOQ6+tyut/H1f6TE259+xNgrJgba7Fn8YGsGiNs+WG07ycs40ZB4kINy4ckcc2VvuEEOFeCarsYhjUJF7YYaAbUIkKdqwjB+WZulVyPSnZaV/JlHjE8n5jKBuJ1IfW8PeKNmD120uV8LMj9py/rcA78e2D6WDxKeb01698zbJn9/CmfbfTYjR0m77WcgzLlBfw3fwXun71rJQb88jGLSt32BFELN/duhlwP2y0N1bVo+TPuopCG8es2NVhX93w/6V0r++LuEw4OPcZ3SDkcWEp512Ccj3EJzP64wfsCGCeNRxXKk/VBhUyZDFhuhjwS161D9L6yuHNK+K3IPkssR1UD1y6DDiASWpgtItquhEk4aVNoejv9w3zX01dTMjyJOP5CT3383NiwzxW4gbiKww3oatFKHTRr7yxCtW8O4zznkmQdZv3zbBH+4ZwH26HTq4geRJQSPr4YkcfUvUSOtSGYXA3uGvhiksY4bOE6AcacssDdcJm9tEgdkBhUrCKrTWzkan5Ni/nPCVGLw5I++jyp1P73u+kHrcr16y+VNUBI3rDopGqPl6U53zrfnsYuIfQ0TovVMOXrSAaV8TqruidkCXSkVCI71EYaNR2SV059royGZ36Jo+blhYpChzEKNDxiQteElxUuKHbdR19OySh+t0Cf5ZYli0s2bbjQPq7eD0BjbxaK9sWIWV125NiesEKQ+G1Mnr/B23Af0IqJLDrTYusvDIAcA3xw3wjgLQiLN63TrWrBYjCFQ9nlBe1vpLKziYWRyKFtLTKyf63T7sVwjrfM4MDtAcFBNT7cGRzRib76pfPefkYvtaJ8xRRK0QoV6JRtm5l0BqTZTxn3ZL5mBnxJu8vln092wV9F9nDtZ/2D31mFf8JBKo7utAyeds1CgsFvMQSEZTCt4VXlw+B0KOm8XsWg+rHhLL9obLU6fajlKL/rW6Xr/IMJUf+MkTmAe 7r6lRgOR fHKG2fl+NnRfjGv5t2z4NoRhU74aEJi8B/AFJSKFATUmqpPYqR8KHGfI4ICZZOe+MW15MgAyn9G/yvCvyyci7SgSSDKy8CkCNXWCQFLrUWqa7+8RmtYsGPD9ZXZfd4tsKBgEt4UyjkVHbGUolNqxO1bgPGHo8mHb9xfIU8bBD+dWqK4KC+P2H7CsDxqAdmMwNRRBnWHte6XEsoWpYeyt+icsfTle6EKxho9vPLaILlpPDdHpPwzrFhV8/6oSxoout4TBs9AZ2yJaBKFM7YlZEFYjY4PJJ12buxHHQow1/f66PQvggVSYmYgor9HTDPmzWqPI0vqk/YEi87BrsNBYZ44Suq9bfm+Cjto5e8BltiFomE/OS8odeum5ZRQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index e6daa94fcd2e..0c1a6b26afac 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -198,6 +198,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) *err = "Bad size for fpmr_context"; new_flags |= FPMR_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index 9872b8912714..98b97efdda23 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -20,6 +20,7 @@ #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) #define FPMR_CTX (1 << 5) +#define GCS_CTX (1 << 6) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Tue Oct 1 22:59:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 508FDCF3189 for ; Tue, 1 Oct 2024 23:05:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D41E5680039; Tue, 1 Oct 2024 19:05:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CC9BA68002B; Tue, 1 Oct 2024 19:05:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B436C680039; Tue, 1 Oct 2024 19:05:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 956C368002B for ; Tue, 1 Oct 2024 19:05:57 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 462CA1205A9 for ; Tue, 1 Oct 2024 23:05:57 +0000 (UTC) X-FDA: 82626567954.24.1235DEF Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf12.hostedemail.com (Postfix) with ESMTP id 750224000C for ; Tue, 1 Oct 2024 23:05:55 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oWWWef7q; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823891; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NGfpJipuxUwuswqsylvjSBnVKR0RQiXc2ynBOEzzq/w=; b=rNg5hAM/Us23DtTZtjVF49obuFDh1oFlWr5VVv5QVz3zlrbR6Xh8zz4C2DiU/IDUjLOprR nE+AHwSAj20FyFj3udoHj74FY9cN6PzbmnripmtGIGn9O96pqK/w9vXasI+d73DR1YduNI aYJGJAqOdAbLOkcAcLKLmLaDYr06Naw= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=oWWWef7q; spf=pass (imf12.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823891; a=rsa-sha256; cv=none; b=LdCAMfYzHVXeqOWiYworqLo0vo9uRV9E2bbmpDLZqdhUfI9MwyvM8VCk8Hyan1Ru03Jfyf v2hSB27OL0SatygX24gO0XsGEYFJKzneCvL/Ee56OhbT/KeuuihoWMu2Ztewruvs5IKiJ9 8dwlLwkXfBBLyZgAhnYQrQnxgBK6Deg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8CA025C0068; Tue, 1 Oct 2024 23:05:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E5472C4CEC6; Tue, 1 Oct 2024 23:05:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823954; bh=HmmAMUZllaI31DzUS2UptX/TOKKFhFSrPJJKYwJO4R8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oWWWef7qAoDsa3O284WmbA0+4gtsVF9fQGw5bErbwRfW/G/3F2SnO82AUhRfOPPKp 8iSUpwDGzBViwQtHsL3bQEW8BkhBnpj9tsYQ9f2AEG1HMszClmQxtjptGjzvfdp9TR 2tnBMAP2zHB7RwsCEnx1Q9Jw/Er87rPJHsfadtyl3WUB9Qp8Z5LArX/rxGdsCM4okJ AwQM6Sb3okhzC6Iz/NkZ7AYbUJHbyTX09NUjSYuyaWLQV++JhEiAu5b3rjgLU71fgb Qm6GFQeB2KZVXCXH7y0lGxAjEK9TD15YOJxqXZCZHRmKZNCIA0RDT7Xp5ibX4kyD39 l4XZfCeHsT78w== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:11 +0100 Subject: [PATCH v13 32/40] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-32-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2693; i=broonie@kernel.org; h=from:subject:message-id; bh=HmmAMUZllaI31DzUS2UptX/TOKKFhFSrPJJKYwJO4R8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7d5yGKXzr5saRN3DNRkwpkNhqMTqqjdMk4lgiz LOIonX6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+3QAKCRAk1otyXVSH0JaKB/ 91iK7iv9R+ueyloiMWoxyPRjComH147TYmfbIX9Ykm8qRaL4igLeAchB/ATQueCmLNC6Pxpeowl4QZ NYwqAhZdyqAlYXQZc7c4+Rg4CRUKUKUsWKWX7sfqAgnoXhUYaitLkAb34xofi2MRlJ6FLRrENO1XVf DSLs8fbdKAurGonLAbqeHFbVzI5LfwqHtakqeDAH8dvk2F9Tmt7xxdlnRP3qt8APEzJfneZp5Vf5io QROYJbPR8axNhug6Vn8nmgIjd6adwj+/ZoxkkVwwNWTu6IcwnjuV7KdVL6Z0H1siVkldER5/d0RtbK j4xQwxJqxUFu2TYrOofQwMa8i38WEN X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 750224000C X-Stat-Signature: fpuriec14fj4km695awcjkyjxiq4m3kd X-HE-Tag: 1727823955-411718 X-HE-Meta: U2FsdGVkX1/H6kEV6TCd5e09qxLSzQ+OoM6HxQhY4091tfaGrO5+iifSTdm7I/zEPy5ALHcyJlVgKCtQ5fW1OuD3Itr+3zcbRgbDAPc74192tucNgcITXJxcMnT2YQ3R9TWK/4yZ41j+FOZXprJKZGSu+HHjXMEW6M0z6EHzpCxyEdQp9w5jRyO85adEAyhcgUPPxdaXAhBTIYovJh5MkoTeNGyAtd2GIaE4mCRzl+ptGvfIE88QGR30pBRGibEY+kADsjZBbBFgunpTmtMIbpoTjrBZIfKl2MEkwON18bxyfbP+4RQwRgm6kE0bEFJlN30X6yE9T3VT7BjrIbrRpdmJvnBISBJRHUQaIVMAItRGdaH0M/tglVJUpz3V1Ppp5Du/FfxuS4drJy9r6N6CKSzFQ5RWpOLmr9DdP6NV1Js+Wo36TsX5TIsngNlNgvyo71Ap5m68IcmTLrrPCtO04bJoq5ZnFOH1+cn8gWOCyreBKXbB+BM1xNbKVRmj2OqIFaf6GrAJd7iyBsULoom8RmVuj0muHB/ZRWDF3J87xZ91uWLq8OGDLcXqOhJSpccannVaItgY2Em3WnYVk22rP5lOJWgnPfxt2da3ffsBCIclOyc8wQ2XXxhGuC8JN0HtD1ytImeC9BWEKYD4NhzJFubunpZCoupqcgIwYYae2PdS6a6WvILrsF/6cng6Jiu5IKq7Rb63kQpeGny4UmYRIcYh4vxHOXzmcP3bcnuqHtm6TUB2XjeCzyOEBcvJuq0B6SmYwMGds+EKU2GGMHjN8+uk/13UwvfD9tobaCT+scXxS+ALfzGJ8gfdKB/f8ukaan0eLusNIRbIhOL9O6Bc/UEe0U8zqPk6ZSKjjKI3sHePtwbI9UvWC7h25NdE40DpiiTR7w53Chii0XUyWU6hsEoUR36HU4DIBkD2xyE6rbSlgXAmN1iCfVhyi3HElgln0jDu+D8qDTxm6fQIE02 Y6nZX65K f9Hdx1p3GuxZKQzWroEkFKlxaBMdHntXuPRbF1W+8gi2D68YUyV9xkPyXn8Q+aOqdOp5WZRjeWeiejsJl1sKh97co1aUXebfy1yZqJirhgYZ0LJ0YyiWdFGFxvHCTNI0EnNOUfLNB7H+4a8WJ7ifflWct3ej82NLTXuUUhdTd49KT8W5SewAIa5wkVt4ZdpFmprsLyOLxtejDRlqTvS73+cHpmosNCcSLnsGXvBOKEWjPJkeRScDnL6rptqD/pQwNXiBxXHN4LIMSTqwNQxl26L5500vR4n71NHgdsYRMGqN4NmUm49FiwGR7ADr2RBkB/6ljWolu8zPplJD3FYAGIWFDP0jQ4VQ8I+O7h8mvcwhNwl4ni7FsvRt46tQNukRN3UTIMJY6nT/ZdrUobKnnlkB3G7gLI0H9AOea0WF5aMSMySc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index dcc49e3ce1eb..5d3621921cfe 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Tue Oct 1 22:59:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818971 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FD7DCF3189 for ; Tue, 1 Oct 2024 23:06:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 21D3468003A; Tue, 1 Oct 2024 19:06:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1CF1B68002B; Tue, 1 Oct 2024 19:06:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 06DDA68003A; Tue, 1 Oct 2024 19:06:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D73BF68002B for ; Tue, 1 Oct 2024 19:06:07 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 926641A05DF for ; Tue, 1 Oct 2024 23:06:07 +0000 (UTC) X-FDA: 82626568374.16.D196E47 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf17.hostedemail.com (Postfix) with ESMTP id BEC7540014 for ; Tue, 1 Oct 2024 23:06:05 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KV82DSy+; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823926; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GEiNLGIiMXg/p6vgOFqkZ8cwyaFCDmtOtstx+RWKpTI=; b=Z6dMPi6WTwSCysvwAiFsgio5pVETQosF/9WaEf71gzbxjcKPFQivilWbjO+zgnUJCDX1o4 AVeu+7c3ViziKnrqKfHmMHBHLKrvMszNUsWjyNbvDMF5JNu5aOibHxmP5QirbHYYkWhEOp 3HYimC5jNO1aVzjY9WPOKkgdVRV+a+4= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=KV82DSy+; spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823926; a=rsa-sha256; cv=none; b=X8asLsxzyU++JAydIeRW2GKxwjBAl9VVusA8avzTdJWUv6rnMThmprDkwSkOHb1Kj/tjpK NW7a2ws/gX6oUDZNo9vW39zsKn+79B57k8lsZj/riJrkUIp4eU+6eAPxK2XeNBTS+Cyfvd 29cLXo6XB7paXfTl/tRadNMvFW02jUc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id BE7925C05AF; Tue, 1 Oct 2024 23:06:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DCF33C4CEC6; Tue, 1 Oct 2024 23:05:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823964; bh=19z3q1N+rcWG0DFUf6My/1AgzJOufQ/JNcKyEmN/p3Y=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KV82DSy+ohyCor80Y95ssnPy9/5R3+2W7ZiIGHy2LQHI6Qf9BKg8XMS1rPgzsWRQ0 Edh1B3qMwJYXXNeP7VutuQW0zLERpKCpf/wtsDgrsHhY+h5dkmwOiBJFlm0uf9JIh+ hjq8BSsizzypVeePrI96IRQA1zzWmp+si/1bWCfLrobtQjK2dWwPWfuufQBDKMlsmV i4U5ASjpODqfmZ81DURKpo9lHxoSF1hTeoZkVHB5+Nd7TAMuXbx1Ntu7CqwGcd15QH u32ryEa7cvLG+XK+aYa0ohKnI2KqIE3yjYxTVUHdi6ZhxfVTpFsjbNfaV1IwpcnWbe zIBOba17Y7QIg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:12 +0100 Subject: [PATCH v13 33/40] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-33-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3654; i=broonie@kernel.org; h=from:subject:message-id; bh=19z3q1N+rcWG0DFUf6My/1AgzJOufQ/JNcKyEmN/p3Y=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7dLuslwYJAZsSlXEDHT3DZwfgYSUphJG7e7vub cxzbxKeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+3QAKCRAk1otyXVSH0O5DB/ 44EHOBqEPw1qRb3OoYtvOUL4xA5H8ccsJm+p0AzKoVipAm4tchEtuDLsOdMHxqSDnIH/dwx2sV0/Tk Gbk80LlT1IooEVt16p1ksKqFYmF8zUmAJTigMph/o7VpMiZKS5FN4PXkjOGJM6h9sR53MnMjnu16He ApbNTjd0Rh3p7TyWmY3HbQkkrK+N98HfLtmVD9drsinBMvPuPe8Gpn6mi7C8BrSzzCZD9SmHMDtTci ctnUDPkgIRb0UubC5hzm4/faVEH7voFALnLFwIHwcysr01kl1zKHOGaFzDfa2iQoAy4Aj5dVrulfkn 2Epdx2z2EiYyemXE99DH7AhEO3braT X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: b4fhb7jjgyt7fehmnrt1akt6ydaujjs5 X-Rspamd-Queue-Id: BEC7540014 X-Rspamd-Server: rspam11 X-HE-Tag: 1727823965-973942 X-HE-Meta: U2FsdGVkX1+lPCotl8QglmRZv+5hzdMc1MZLA26l6Gai/KuUQk1NJtYEYNPT7ZKyOwszJiSsobFpp2bHa7CchcaGKJGyeWPRaXhUvMlQaM26bjnz1V1Lu3GyNzBIxm6/6rBHH/tp6j41tuugmYH74NX605Hav6mqv43LwgheYs0kyeQpcmauZAwqtbdQF2hD3oDSMhoNvdkkfsGf9o46mR7uKSygtbxCPEZs/0Da2oweX1rB5PXJg4/UisCfmdpE0gw6MXM3JpiKVarY/diD3MnPaN+HCrSYx/ZvIAj0JY3wAmcagBHtHfjOODLQNL4CB8G3MX8pgrnrd/i+nCQIb29WwzODqdCQvOTrxU5g1KWuYrwTMdoR2Bu2qqzI+pcaFxwCQOlCUCBx5iJafDR6urQGJC4tSjR0o0aySC4+deuVhm12K8ZW8gasIc+pEnzO392X84NDWsh6x+aUy6yYx87V0aKO5qL87mzyRV91N2lWBTspFvD5i6JLfyVY32zjmciL1UVWx3eVdU53d2+kinxJetfmg8SYAc5/DDRRBiYTsjNgOvcDnUhXSRig+kX/lcux+HYsh0p6qpq9tR79P/7zrS8eIW5n0QuLzqpLU/ynRBMwC2S87+dXTYcb6uWN6aRtLk5n0FrlPOHV4bETH+rFtW9/14NXimyfyEwimfhYMAbpwm2CyjJ11Wt7c06zUA+YmCh4lrybNb1K+l328laFWqxTsjq2l8M6OdsgFn811CNpUH+b13Xs8M8CmPYLLOEpNPusvq07eM/p8rohaZSPUA74OXqLtkiahU1seA0HkonQEWH4CcR8BABTuJMXof7nsJz6d1dpH5S5Qd3l+530giZwi3639+Ce2ap+cHXZdBQ4Kf+NdjnCy81gqMVGD9XUwxUy1rYwl7yAsiMsX9b5aQMBE9ePJ6Kdu0/Umes/mat4BzmnI2b2OMwhjbFDN4ak8WsrDpYNWSsjE0S FT0T1Ved 1ttgnVYSTc7YeG/eU/GqPhmVVjzEZExx/HpfbZiURq/+3ZR26mOA27gpvCCvDX9ewoDXeAhfEazCPtq1pIKDBGGe6rkY137/gCXTgq5w6bbaaPf6diiKGGJShcS8bjKmXHcPqh/eTtErnp8GF7KtX2mB9EVy7sdPf2JsgxB22dRQ+x0kCSfNyUs/wF3gg3O3r0i6SKgzplgdf0K+QNF6yclVQlTG/jhe24LtjHfoUvefp2Vb6FK4f5ZDnYDiLyXk5StB+rdgGN6kzx7CX2o72TdVZn2GYWCxwch7qfryWmH8WjWh409FX5fK9kxX74DLT2n7CrB+kSrzeHF5Z0d3M1HCyhyOirgPsoY9VsB3utSREJ0+au/CwalwobDrQkZc8ZwZj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..1304c8ec0f2f 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP) & HWCAP_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Tue Oct 1 22:59:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818972 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B744BCF3189 for ; Tue, 1 Oct 2024 23:06:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5031D68003B; Tue, 1 Oct 2024 19:06:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4B39C68002B; Tue, 1 Oct 2024 19:06:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B89668003B; Tue, 1 Oct 2024 19:06:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 06BD868002B for ; Tue, 1 Oct 2024 19:06:19 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B466A160D89 for ; Tue, 1 Oct 2024 23:06:19 +0000 (UTC) X-FDA: 82626568878.30.AEC0E8A Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf11.hostedemail.com (Postfix) with ESMTP id CFAF040013 for ; Tue, 1 Oct 2024 23:06:17 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YkFNSpYQ; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823912; a=rsa-sha256; cv=none; b=q6c3yQH7xPCEGGnAz3+DHQ/eB16BnhE+oSYJVVagw6z24sOClqsb9Q/jHK1KIs3+opCWti TZ1vzk0zDRBSfohpDiySDQ6a6N/zDH4RUCsiKCVvab5Uh7sneVk8oxBihjJ+yVFCcB9Uhb sR9MpSVu1Z/5uLiTAbc5U2uS2HUN99Y= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YkFNSpYQ; spf=pass (imf11.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823912; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Gp7oQlg4lw92+cMWZe10Sl3/MtQqR9auQB63GDN2O5A=; b=ytyQrzwEeyLTCGxMfX0nwIRdE4FVU1Y4GnzMXzhD4PIRDLWleEzwvNvNOx7NS6jRDGMxBj YbTUZY984JTUJEVvEPNCgCiirMMe5jCLYzn2KmnHJ7CDbmTmstuo9O1/DCBvbpl44yrLUj UZuRiy4yo2sxJmph7wovQHuWyegowrI= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id C25605C0068; Tue, 1 Oct 2024 23:06:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A025C4CECD; Tue, 1 Oct 2024 23:06:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823976; bh=Q17T+yWBmbeXt5IFTELe5+0SvI5sZQYMONrJzT8GYVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=YkFNSpYQeheyRp/N67f4dTfhLKXJEhHMycTSTF3CBcydocntNO5yVgSUbG6pLZ+Bd UP6P1YxDY8UwOkkUGwW50AE7NFURvXzc18llA6fzDVXVWyVWwKGHLM9WJ1kMvYpSuQ gkXl0fmwFUcKMOUpXgrv+V+NxK2JIq4AHuSmFclAK5KNUzPWM0gq/YxzuV/3yZduz/ 3DFKwVMmet18n6cmZgNhsxsgSX/8cRxRCW4bJilPl2Ct4NyBQIXO8+jvk7ocEhknD8 mG6mbBtO+UH79ssG9U0or9su377IpqyXyKOfFNH74ErV0EovWRZ+Krfg/7S1EGmZ6Y yJ5ELXtWGMlEw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:13 +0100 Subject: [PATCH v13 34/40] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-34-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=13394; i=broonie@kernel.org; h=from:subject:message-id; bh=Q17T+yWBmbeXt5IFTELe5+0SvI5sZQYMONrJzT8GYVk=; b=owGbwMvMwMWocq27KDak/QLjabUkhrQ/dfcMi/V2LnBafPKHKOvyryFTisX4bRS/ibrkx1o1WL34 9uRUJ6MxCwMjF4OsmCLL2mcZq9LDJbbOfzT/FcwgViaQKQxcnAIwkTIt9v/u+579nS1+778BW7KLqA JPXkqboN8Eva89r0KsDSfr6t/REfu7fp+n/daPAs2d5wxE1XY1FAdnPlpStmTJoZteSt83/NvAyPi1 vbHi6APphWo5iX0HLuuXnnE56BfjXF8vaJRq75uYPuFLoUr35cPbK1plrV1eJCqmMPx3WbKz8NWzPx PkBX87GC6sqV2Qpb1a5pXh+sKkC/fSfm8pVM2tKS/iLXo4z0vllj+P3KtNWkp7RZlz+F2f6li0u6w6 9jgn6+M0l30VPRvl8+4z5f4v3iAtraVcdSPCcZZAfvJtuSk+L5xLaueterlG/HHRddOuAo/qAxxOrL k/p5+68DGoxadPsiU0xFSjniEPAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: i9aog3wwhwiap61zw6of9rzxwpcs855j X-Rspamd-Queue-Id: CFAF040013 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727823977-953726 X-HE-Meta: U2FsdGVkX189HAI3m2ozSaVOi0CtNn3Z4BzUax0J8wnnCyYr2BHv2qUWlxsx/HeuyYS7JipMrVRPvFWHAxRIhHwDQ1dIRShEJf1iuMm9W34/JhxH/OxPJ7M5rCZ5YpYoSGZuT50EvepqG9i9zGZNPzoC3l8U7m+HKWOEjLk2qmNV6uHyNaK4we2QqQ4vvLjToHuvUbom7fiUGFm3TubIXdfGEUajNhitDyw7y0nR80Ctv4lNZTsUwJxOSPjNGxHU/6W9qMPFCBLc3xfhKv/yTzLUglRNJo9UfHso6kV5Nf1UzepX+ABVEg+3dvSk8wbPty4nW0oSzZleHfnkNcugTZTbvDEKXv4XkU5TFFnLARk+eC+tUYcozDl/ETP+Zv0nqxT0RJc4BkDJm2CK9ml0P0SzY9y+DTNyJMZPqV5QMaFDnhHFzhRA4F/nWbP2c2zRNcY4Og1VW0nDL0MD1Bfb79XdnlAxJAFPtOgF7XXmVNZ3I/DgtyRAX9Yinumdiu4UdsusF9JDi11/ShP64LbSikxBaxpY7h4Ggp7ywvM+VLeVkEirv/HfadTjWV8MKmW153+ABzd88hC7vr3W/gHKP5XGzf/sVNgqNsL//m8xXtY7KG/pKn9RlW/+hP2V7HB4JJXYzRaOBXOXgcPevsut29zpTh3FFRzUoZvToTNc+ivaC+FAwxGCYB0/RWpZWEIksSqR3d5yn0AghDWgctetUeRMO/WDo2/WTRyEKcfIJjPTmqHbgGZj1vkPIhi7TeQJy7WFFnmu5ggvhhbvL3jn0n+pumHe0Yg+YM8GOTivfFKKIG3mzj31zASCW1XP4tfMWJCjSTDQPKOp2ZGAtb0M8I1Qo4Ch74xZQNFuw6LOuLOkLro+ZHhPCDQ7sNHMCgGMyDsDAk+2j7dpNjj0Vr4ojqG7bnvGXs0XVwPoDk5KY/Qa10RnlX484t0anI/0KMAsYzHW/3d8SgGcxzwq/0K 3oF4EMVo Os7K8BHC1Ryf3ZQ09emnapL/W29PXMlQ6byl6G24yM2Y29Xsx4Jzh5MM95TFg7ZDIapI7B5kKC/JtSxU9aPHXqePsIzVT0q+nUgfXxXwP0itUFiJ2uuamVuTKUEaJvDgtlniVlGf6QvNMyz737YFce2rMg8sxwl92aDQV3SFr7DMeN5i2suSoeOfOU3HQzImmiQ2M1n43JmTF8/9XrrzV7InMHexmFUbavgoNVq+eEu8D6UHKSf3wOuQofphCPTxHwnegOijgC/ZqQA75x2WWoNGRoEchuXzlhYcMt5qd/KC10mrMQxdF8vsf+LjNrwW01NsLhzhVdjKk+MSesrMRQ1oFIfHI8HwjVFWSBV2PjySDG/+CXV7wyvyGH3v6Dt1Xg74f X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 357 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 467 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..3fb9742342a3 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,357 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %lx not %lx\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %lu byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (void *)((uint64_t)buf + page_size)); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%llx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%llx not 0x%llx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%llx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%llx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %ld byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..1ae6864d3f86 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 74 +#define PR_SET_SHADOW_STACK_STATUS 75 +#define PR_LOCK_SHADOW_STACK_STATUS 76 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Tue Oct 1 22:59:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818973 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B281CF318A for ; Tue, 1 Oct 2024 23:06:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A369C68003C; Tue, 1 Oct 2024 19:06:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9E3F168002B; Tue, 1 Oct 2024 19:06:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 81D7C68003C; Tue, 1 Oct 2024 19:06:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5B3AD68002B for ; Tue, 1 Oct 2024 19:06:31 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0975CC0C8A for ; Tue, 1 Oct 2024 23:06:30 +0000 (UTC) X-FDA: 82626569382.06.06470ED Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 27E6E4000E for ; Tue, 1 Oct 2024 23:06:28 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=acTFoEeM; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823895; a=rsa-sha256; cv=none; b=VTE6nozNAvaQxwbN7cBJ20LnFopjA72Ak+HJHf88nnY7dc4snO3Ec0cdimogFu7ye1QQDd a5Xv8ZUXPZenQzaUTU8RJgP0uMTx7uoc5kc/M2VUvDAsNTqtsudM54KgPA67cmWAdiv1Lu jdlmv5+tm3Lkw5NtxI/0JNM3KRrnwIo= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=acTFoEeM; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823895; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=w871JsnssjDe9qJAYyJkRwXCIcx6XbXD6plY2gkSBpg=; b=ZfU5nDI0fKlDk3B0wC+RJitvzLbc3v+rU9FYAOLz/rzEbg/Cj2Dsb8O5hyVCqhJSxPtPER bus35ud2EM15fMXNRvjIRs7pfbsldu/go2iE//Kt95br3ZoKP0EBXgcMceDszl0ysI+s6A GalcGCNecbr2TIzqPv8cVOVAM5ovtkc= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 222AE5C05A0; Tue, 1 Oct 2024 23:06:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B219C4CEC6; Tue, 1 Oct 2024 23:06:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823987; bh=mB3mQ2RtdZ2CVBaEiVdcb8a3t9QHOKZ1lrMWhww5HBc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=acTFoEeMu7pVvspxJNCu1c3W4Aldp53RDYVe2cp3x/GkPfNWtuHorSueN9Xrgq9qk G0RIIGeu3mmCwDnV2CWtnAc6Az6jG90zPSUIQsNW0CN1yG79t1Zw9s1awMDlwAzv3n UrYX+aSG4onHcnX0cETLT9ry2zYKrF77sWfsoY4tH2KK3rLgO7swPuCKmPTbrTAaU5 Steb/ll0PFWpRrhLle/M4HT7nZ1KDSGaWu5YHH9p5VISz9nL48TgJKDOlePC30GAl4 a7PxlWyIcc4jFrv2xjc5y1iFxEUjO5Su+VwsjFaA6B7oJaARcve0EqMRVB9ZGgiheM PKwsS/Tqgr3Fg== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:14 +0100 Subject: [PATCH v13 35/40] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-35-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=21197; i=broonie@kernel.org; h=from:subject:message-id; bh=mB3mQ2RtdZ2CVBaEiVdcb8a3t9QHOKZ1lrMWhww5HBc=; b=owEBbAGT/pANAwAKASTWi3JdVIfQAcsmYgBm/H7f6YxJHvEvM0wLfPe2XHCvQVwkhgY1rl0TG5Ed Wce8tzKJATIEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+3wAKCRAk1otyXVSH0B4xB/ ig0by/FtPpV22+ndhZboNlWFamEW6eK/1CUb6kkJ/HQJyj/StX7rSuT6leDMj2/7UJkk9Ho/jGCU1u EysaPVxQRQg4wDcRpTdou+SqCUSluwjN+LKvfCqCHsyULIEiZs9Q9AIvHr7X8BPXBXDiKFHNEVkOqf CplOleXhQtcnwzPP/HUHQONMp/HZWpG6FZXIAcA6K/1nhD3GX0Ep2HgEusIvXUnpyKZvNkZya0SQ1d 0DD9DkwyZ31F3TRSi+iqKla1ULjk0BarsmXhArUQPK4PeiK4iBT5WUOdUSxT+3Yeu+Jnbc6I1jjncK whf1U0KWa/S9dB5qqTtRHkCY3pdsM= X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Queue-Id: 27E6E4000E X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: ebaitk6fxs7jwe3gcz76bm9wcqcta9br X-HE-Tag: 1727823988-747201 X-HE-Meta: U2FsdGVkX1+0oj1LWyt0akq7x248OEuAd0BAGj+ptCTHKSL6b3DjoxXI+lWhjURSAHN+1i0+qIokooMkWFx8KOYlpvqQD9bkYKECGIi6m41AvtR/6eBluyzyhqMVOk10FxmAxMuSJG0q4hQKw+V++mIHyjqE64YwBCwVQ8TWlkjx2Shrjy0eYUA9yukjD01+eScMaSFDJz7o8SKdHPagw8SW5l8ePpnWUi/rtYLbkXOAiEbAbR4og1733EbZTSQ8S22EQcpRiXQ00ofdjCStFjCtDU7t0wbxpAh6GwC9vuXTOhdGB64cniRM5DOaKZW55nJ/cSTZyBwq3nM+Df7HIhYsk0di5oXCtR+z5L/FhgnxfF9rZZMnfh/zzav0Fdum3seuK8znRyCtfkxlokxoZznckdMyPDc8779Y/3ILXqNeNdhsAjcb9pO5IbOjcOBT5kPx8tl/igOIrlMk/IXwpIbs+eoXUdcHD+jbGkSJyG2ctUsuG4HGJqtcywri9QulGnmt0KkQxQzx7CfDzBMwR9lLWMBlp+AIqVmfnQKWdolvPdm3H3+CbImxNKSESRoUuASTZP/nM13IVAK+VAmKmJ2W9BtXzP/lLdcksPabrjTh4vvNdYKk77u9p7N6HumMcd9yjqSsO8qaGA+erw+tWH3qWgEeXnc35Md9VzD4poZ0g0H5p9oLH4Y3CX4f8SHR2FGPptZsgjnvg6z/f9lijHuUTKV7y9uPbxMtWXA2IMb3QKf2tNuRYopQt9Kl41bwZTBu8SUeKPcAVlacn7+nzFPAoeNQ84nM92v3/A4hfQQu+k0+L2Lr5V+qfFxFJSpoYh/wv4MqWRLLbilgycSXDvcmpXhF2Ubd/If62wpv6JmNc6WcRqdTUIJ3LitFAUlHwiZSvfCVJij7UjZ0d7/pB3PudDMLHpAGiBlcGQiOBn3KGUgX+p44gfjZ01lml7MzZ/OIj8kNDoHW643JlH9 f8URwbNv 3+VrGsNRM9YVxDYtvlgwp5uxuaPKod/8uZjKjB3G/kmlDJ9XgwJSwAA79OwykSi2p2fdzRkgHQT/85PNxhbkwVwCV3ZC/efxLZ360ddi8IsfGz3a6HnhMSbA8h8+xzb+KvUipTQOHCbxCd/TSIprqN4TGAgMmVMdJ/sycPl6Yw5KQsu12XtWtDDoS4OKc7KnjZbc8aVp7xn+OqPLuRgcqdjbVonJacmEfBLE32hCvlGvI3RZHNQK4HQWFSR9ZgbnzV0kPwI45gsFmkVgLjtNpyfTXgYxsATmZnWdwDQjZZn8zKVECZA87h+OlyBhLLAjMo5ruD0adahBYsMNgB0F7f6MyLXR10LDyp6Pyqhb4yU7n20C+EVW63nZIoDFiRGdDAhkZ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 728 +++++++++++++++++++++++++++ 4 files changed, 742 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index 1ae6864d3f86..c99a6b39ac14 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x410 + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 74 #define PR_SET_SHADOW_STACK_STATUS 75 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..17b2fabfec38 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,728 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %lu\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME %s", + strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP) %s", + strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %llx, locked %llx\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, val); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + get_gcspr(), orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %zu levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, orig_gcspr_el0, + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %zu levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%p\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP) & HWCAP_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Tue Oct 1 22:59:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818974 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CDE6CF318A for ; Tue, 1 Oct 2024 23:06:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 023D168003D; Tue, 1 Oct 2024 19:06:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F146668002B; Tue, 1 Oct 2024 19:06:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB78C68003D; Tue, 1 Oct 2024 19:06:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id B670F68002B for ; Tue, 1 Oct 2024 19:06:41 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 5199D141082 for ; Tue, 1 Oct 2024 23:06:41 +0000 (UTC) X-FDA: 82626569802.26.5A639CF Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf26.hostedemail.com (Postfix) with ESMTP id 9461F140007 for ; Tue, 1 Oct 2024 23:06:39 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sF0vzapk; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823978; a=rsa-sha256; cv=none; b=UuCKlI6P27e6dDwxFs9q6XxIo0UQxOB6PQlxNa6u2FK6E7wv6h2+Ep5soyJvmUAZ4XFD6F QRNrOtSkKT0JoEoVvAXCwOglxC5O4B3mG+Mjv/X0ufxv3pTK6FJiODkOkFdMJL90SfjlGj OSanjFunIi57BZlCBI8hnNbZmR7vH7E= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=sF0vzapk; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf26.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823978; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=djWkkQJqS47t9Ws8YI1DK+6nZrq+sA911sh7UG9LF34=; b=qI76YN4MAVgpvzyriVL7hkeBykJfMsCp1e+yJW2NW8avGp0pIm6uBVSd20Gycbrb6Fib5y y7lBO89Pmh+HCQb8G2Bqfu5Mz/R6d058uHUjtdXDChUWUKwnhG5wlI9+ezEF2dqYvr+shI I9mDZa0hJNEfY+6Gj34l6lM5TY9QSNE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 58603A43329; Tue, 1 Oct 2024 23:06:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 774DAC4CED2; Tue, 1 Oct 2024 23:06:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727823998; bh=Keu8ANmZTdMHjv5XQqqLSm0bGXVuBnTuWvLw/oRshns=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=sF0vzapkZ6OWVZ0k/kSzj3dKXchXzPS8npUmWJm1MibYtXim0Q9mxZwMWt97Di6xU yda6vZmOzJlaTRdQT2nxKlx9PcxcmeUxFRTv3juYtpJgOn1vaCcg1jaqPL1PPqxujd 7TuUsHctTr/bSf6uZlOYdv0qiVEXBHPousZcV8ZuvmzC10O3rKJQqPnnjo6ANTQbSq oV5u++OT6okSC9IE/37dGxczAWt268dY6guvk/M0eAqQ9wDSMOLN53HqS5ZVAv20Dp v9NkRpNaV2Bs19uxW+xQ4VJoATkfLh9VT9jvZwgQVU5xHwRdyg3XlTKeFsJ5OgwiAF LO80OecjvMfQw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:15 +0100 Subject: [PATCH v13 36/40] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-36-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=7444; i=broonie@kernel.org; h=from:subject:message-id; bh=Keu8ANmZTdMHjv5XQqqLSm0bGXVuBnTuWvLw/oRshns=; b=owGbwMvMwMWocq27KDak/QLjabUkhrQ/dQ9seMOy9MQMBIJ+ba6S1nVc7f8h0+Ve3ik2vRO8cwRe Oe/sZDRmYWDkYpAVU2RZ+yxjVXq4xNb5j+a/ghnEygQyhYGLUwAmIhbG/r9AVzTE7VlHEu8a91ecHA f2KbDWB+VsursoMLVvTcYLlk+TfV4sU2EK2eZb+qFWYNlJhx1qW20EVdMUejhU2SyiF8/fPz/D9Zlx +34bz/r7F5TTAk3OyMwqbJHjeH805R3XSf4XORIiKYnbc5VVrXsy/x1qnOVUf9fS/9lxyat9/gsfrY 6pD4r+7X1PQFL+Ma/MgpKjnSszynmzP1TKKoh4yMRsL1r0/XXChhtO8wUWCy9ybnwY1pzsPPe6SYpb xO7VO6RmC/5d8TbIu3+awIT5M9YZPinXiZYTm/67mPm6iGDzU3P+DU+rUzPL8459OGb06qyu0y+2Aj /NK9WPfTL53i+SePD25PyIo/McAQ== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspam-User: X-Stat-Signature: tjts3aapm6hrsxgun3zw6riq4x6k6mcc X-Rspamd-Queue-Id: 9461F140007 X-Rspamd-Server: rspam02 X-HE-Tag: 1727823999-314888 X-HE-Meta: U2FsdGVkX1+dT4kYuL/PhXe3fXHZWFKibMFHDcRpOvlsldzhGDe2oeVGD1zcZvdXuPUa1Fsd6+bvsX6B5D6RwvvHKiq3TJ8iNtZx1phs7b6Gtd9G0NMp4aT1qDTQSivirkCz/jCcBO89uli/ZOyOvk+bGDsCjnUwASUEYZpSSM14v9XxX8iulhUrX7nPQjZa3LcQM8DV93O0AUKYGFe3bNaUGBvD7Daanpb0L94aMs8XgeKqUryaFv7jq+fc61ID5ITYaoAceGwE7xFYESIyd9kvCbqf9hHm85VGYIA/tB1sa/cYk5QYU9583IQKebWtXmxcaq9qFFVe5yIppUGfafhrbPZ3wmNhA9L4XkY0MGhYT4eF0H6VQnnBD1JRjY+Tna3yAfCcBREAFGkwKRZPL9Xhit6ehTRVzqc4juE90XeKtVDRA3EvydFJ66kVcnSM4EfkTX/fBcfBx4EH1ppQhnx3/8tU2MMPa3tz0A0g0EejBi6ip6IdHC5+3TxT2EPL8kEgRQmlfBHkyerx7Se6hhV/tC/poDvU/Zkj+cWT2HNn7pnz0alvur09Gi8SAKiV6M8XGb0uNQo0EVYdVi7H022mERnlszYaROpQCAcH3ZyWtDRQsBzIehD99iZr8oj/r7YtQBbGYQiC9EZPYjz5mAHwfyUKOa9iP1M141tNzTXmPk+dHxt7Is5aXZFc2vnPhj4dPtbp3DEF3RqRzpfW8KPI5no9+SgOIOsTYCM2cPH++NUm57GNPYoMgASHu0DTwXOcxvu34N8ftUkjrlhvH0mSissAQhBYmq/Qz0sQRXxRDIDGvSxsN3SSbrpgBsZlLw+JHQ0MxWr34lQxUwEqXDzXdgDVn4SvhDU/E1hgZE/t/ns85nxLNpnZixIlXb6dzniKBugWZ+8ELjyiQ214JI5IpzOG9stFlH+nWPpK1uts2D4w71923+iaxJo5mRq0y1+uBW4vRPN0VRKhf24 eCZiCQG0 eFiYow4r9yY+qpV4qQFr3kKlzlSfl2KrbYR8zEcMcz7AEHQozWX0pTaqo9Z0ZtHtD+5nkHY0e6PBLFAP5QNixaxotrblmLyB3ikD471JtUwEoyJTivCkMAW2EEA/3nsMNA0mwZI6KHJ0sleS24lpAsOAVH/8tpNF6DlgPxzMhkjX1Wv7pPha7K5YM2pwrTtAE4s77aO9K363TPmOzPD9hB2J4GNzL86wDVD8hRisHZCJ66fqUhxbVPUcbCPiLe32lxOjl1KikU56M6Zk0yT2eNPJyM5uIQvE/HhsDBkQirqglqbp9Sbql8zX02cYsfwkkTqF8vygwjEDmy2WqwKuI7pCBDna7sMLdNfmqcYaOhADKspze4eE7d/6d5w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..989f75a491b7 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP) & HWCAP_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Tue Oct 1 22:59:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818975 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1FFBCF3189 for ; Tue, 1 Oct 2024 23:06:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7EAFB68003E; Tue, 1 Oct 2024 19:06:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 79AAA68002B; Tue, 1 Oct 2024 19:06:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5EE1568003E; Tue, 1 Oct 2024 19:06:53 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4029668002B for ; Tue, 1 Oct 2024 19:06:53 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 0635D1A15EE for ; Tue, 1 Oct 2024 23:06:53 +0000 (UTC) X-FDA: 82626570306.19.F70A91D Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf27.hostedemail.com (Postfix) with ESMTP id 2C7C04001A for ; Tue, 1 Oct 2024 23:06:51 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tbbkJUPB; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823883; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4e3t3TZqnVWGkYovz+AibeyJBxH761TYNhpbw9o33G0=; b=kxgR2k7SjDe6t67OT/o65tFHBkCJhpOE0XFtKBPXAxQy/8Tvx3bF1NBqOJthnvdpsBuMrB 2UVi4/ijNbMIUc0N3YwpAfwCav3lDEstZhnwVR3Np5KBho5NjznjIMU4EiGm6wDXUyuE7/ hzUCk8hg4oUENOs6wPnnMYkRLrrGYlU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823883; a=rsa-sha256; cv=none; b=Ozg/zlEPbOXQjBHKuAC4m1g323xWzjKkry3yLBurUcvdVjdrDBCq+oMxy00KtPWlHUmH0j 1AcoHg4gXwZOOQfMQINNce+cRoW3+6Cuv8kwwdXhtpQiJEdGUzgms5xV8dFVekOmDPWeLf e7anSNi560FCKym9jRlkOPtnApHTMMY= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=tbbkJUPB; spf=pass (imf27.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 41D4A5C05AF; Tue, 1 Oct 2024 23:06:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 16857C4CEC6; Tue, 1 Oct 2024 23:06:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727824010; bh=upHGZblTuLizXaQNMQxngoEnM6NYFrLpBNo8BN2MbdE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=tbbkJUPBmRMqyIaBDd6Q63wpK0zxwau0IVmLoz+0ujSCe/HvZ26zswb/mwvcHBVf/ /H047g2MCGX5UsJ2vEGDux/2ltWHuT3XAktEEPs0gN1VzWQQvOH1TwD1HBhv+m/wD1 2mvSUwmJl6+FN/kjwP62P1dq1k2junQvamqoXbvS5hJSM3EahSkFIFnh1Y5aXAL5VI Z9LB8i0+OJtGb7cQrQpJVh5eWrsETnT4zTcBAMciXZYZpig6v3NYjpspmPmyPRWDlP DmWKnD3Bnq9WewEtED337smlplmjpqdhhS5QHo3UtNCjQS9zwv0754YGKxAZzOs/f4 /rPAcIcpMd7dw== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:16 +0100 Subject: [PATCH v13 37/40] kselftest/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-37-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=7712; i=broonie@kernel.org; h=from:subject:message-id; bh=upHGZblTuLizXaQNMQxngoEnM6NYFrLpBNo8BN2MbdE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7gM/OWu2x9+hKafeCVH+LGEoGo2V4EZNpUgOge B4SJHUiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+4AAKCRAk1otyXVSH0LQLB/ 9wIkVJw+VOo8XI3Ks6OkRHiWvCjUBSz1o/k8tBn/+V+a0EtOLElpoOEmhwfcPAxw6kvGKtT51ZLKzr A8c//P1qQuW0US7tI2nljQILXL2eRsvpIFHQ+mKetzLvOF3I9LB/mJzW6d47BHGb3lxA5sB3SiSxXY CCWmU1FUfFouvzFnYOGVs572LFfiCFjVGAwTdQSQYgo8vZsLg901QipsINFCso2tu/XhT06eNzOKmn G5nnln3wXU0kRoWYEGT2KRNMIJJAlb7kWRGnSU5XxITdS9aONhBwJw3A6e0H0EkXmg2H2K8fI3VtTt Je/pOK9N1hdlgoyXdmCxYxkUsGxSpC X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: uzswyb94wycaa7uuymckcuw1nha6tdh7 X-Rspamd-Queue-Id: 2C7C04001A X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1727824011-431251 X-HE-Meta: U2FsdGVkX19eOjw9wruqjVLZlVMCARMtL4GqlMQrb4H96iDjq+SrSIXBHKryvC3sCvR9BDddlZNV+qKdgOr/s9V9niPInhR80CB77zAdilQYKFwYjALyjhnMbiIwxqP6CvKg7vVvgiycA1uaWWhM96uvEEAkEkXa93fkf2YkimRg56OlTBNRu0EN18K6Uimz158lPnmtK6RkUiFBN2/ELW7Zwd9KYj/jVwytx6q1PjSY9Mj4a2NZdEo10WteWhsAGAFdAHgWlp3Ml/geDjAuI19WrXN5/dHUwK6Ws/2pXvKGKX4B3KafYaEOHr2qJ1TvtqKrRdBbTjEgPQ+hgU6EG9M8Ey2kjE/xGv8OfqHjinSJjpG9B5pBMvNp6kTwiJFAcPNjvY0+xtKSJJnt2dAU/gaz7gxsOHwJs6OPwnrlwCdf3RHd3c570NPXmOr4i74HKMv6BGWbR2EklzuP9o31fbyQI/CMh8EWIfOsol14VGDSglUBnRqnPOChb7RIfGrXBfTt+U+c5P4Vffq2bGpl0UnokDPJXARwHP3b4d0QNxQZAohArFn8Nz9Z7G7QqlRuaV8b+nZRsRyw1PHF0nAf2gopiUnReYxaIz1Uu/I4jGWSIqd9wm1YFvHFKBj43LTYhrPY58OvclWqWGj8iwNSSXwI57xKYtEPvZAMvQepuhnrjPbTMkIYiO9szyogSMkRC85Zp50NT7kBDlRU3HIgTmqtbLIucKNq/6SmsUDUDwakFa304wkF1cdr1ZY+EgPy31UAtfMX8DGV3fQxyv2+JDrLvwuVcEkp1Rkvzy50WK29hZdH7/ilC5LiTVMeGBTlk/uS5ho4SyFXtNOmI89g6AdY8PwWC/zR51tlPLpI8msUvYVHO/FN+eeln6APsjEqG4jCXEdHx9JqSrzs6JlZoANz2GjLmfSlbPMPU4fhqwLyw+1pvm+91NeoMfEY5/cBAqX366zCiKEbkrwxxVd EID22K/7 iOyTodfiGWP171sLOGsIba9hsM7zFRCHqQMVj82TuRWUg+9c6yABdKk8vfd66ZEnP/y8aGgYbAJSZQp3sv5rng5SATh4Fe83fX4sA0DTBAsaIykQFB8X+f5/0WM+iy2qoeo1YPSrE/A7ys3ieZ1WXXw8jq5bIMEOrnXtQ3itzoUHd7l+snShv/zY+HfM2nU9vdBEyfQ2Psh5XAfSYrh+ytrz5gJo21RZPHBKoUamgJKykvXZcDVex4W0Ls7xOSOBAPrAjsEAm0KJpkhW18SbwDFSoT9qztBuB4jJGowyA28EbH7Oa3OoSGajbMYblhEhqtM46CQgqdKgEVjHOliAAvMHh92frJ0ZGgeueGuWtAQIBgSi+1Fys9BNsr0e5dy4ZOdZp X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 62 +++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 88 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 ++++++++++++++++ 5 files changed, 228 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index b2f2bfd5c6aa..b257db665a35 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -3,6 +3,7 @@ mangle_* fake_sigreturn_* fpmr_* poe_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..6228448b2ae7 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,62 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* + * We should get this from asm/siginfo.h but the testsuite is being + * clever with redefining siginfo_t. + */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..b405d82321da --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + uint64_t *u64_val; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + + /* Ensure that the signal restore token was consumed */ + u64_val = (uint64_t *)get_gcspr_el0() + 1; + if (*u64_val) { + fprintf(stderr, "GCS value at %p is %lx not 0\n", + u64_val, *u64_val); + return 1; + } + + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..faeabb18c4b2 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Tue Oct 1 22:59:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818976 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4358CF3189 for ; Tue, 1 Oct 2024 23:07:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 30C1768003F; Tue, 1 Oct 2024 19:07:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B98868002B; Tue, 1 Oct 2024 19:07:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0E4F068003F; Tue, 1 Oct 2024 19:07:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id DA9BB68002B for ; Tue, 1 Oct 2024 19:07:05 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 81B361C20F4 for ; Tue, 1 Oct 2024 23:07:05 +0000 (UTC) X-FDA: 82626570810.20.234ABE7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf28.hostedemail.com (Postfix) with ESMTP id A50BFC0010 for ; Tue, 1 Oct 2024 23:07:03 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nozd5hPc; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823958; a=rsa-sha256; cv=none; b=aEvcHh8EnjjJit1QZzAF9xy7nFDECx+cn9PRJFZVLC/iGBFeYcxxl8OhBAwxdYr8WN3ncO E9vbWO52W3lY/r8KAlNdyp3syf4kqPAr9C7riarDFaPp5CoaL70QRL2oRF+gAuJI9P5Lo7 Vj1S+wre0pddSuFdx2Y5G5IgEPRCVcs= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=nozd5hPc; spf=pass (imf28.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823958; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RxBr8IkcXHwI0HGVhTKoLuKj1zBx9oj2PH79amptln8=; b=2yoHYjJivlbwpxTVhfOPjhonuGHewp7ZVcwJtVlaemsBQPR0pzfnkE/1TZVppe8J6j1tmo Gk+2PiHb70t7y+yWRCzaOeuDnz2Iuaz3HCJtqLtyH74RxDiCNE06pHE0Wkfln4EiQWKcKr XkbzK/yS2mgWsV2euqMmh3S5lERahS0= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id B23495C06A8; Tue, 1 Oct 2024 23:06:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AA355C4CEC6; Tue, 1 Oct 2024 23:06:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727824022; bh=y2JDbrLAwwW8QwfmD140EDad9A018uPPmRKANTo668U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=nozd5hPcT6FL+5TdSKS+gT6iveAYwbb8gEl2Rn3kEZkSpRwYuDbaDNCi4Hy8QNhxA yuiAqGgyhXVgpl4CeNS4XF7LJRv3S6BmdRij5P1oosq1PqxAHXoh26ZhO7CXr2H88h kItDRzX5DNF0UkWArKNe/j8YlfOwVsrdoe8hsZkhcLnpXRx8+y1Qf0AqSukDz6QHzS zwQ50gAR3Z2aBxG77QW08H9fjwlf/nOpoME7GF+NwwYs9RTW9gWxZEMNjbYGCv9Yt/ xm4WqHBTw3S3nz8wdInLadPu95t73UtlMipca9iXcBmtcv5uCpioIS+2u+ZI+hfvxQ GMAnz8eJS05sQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:17 +0100 Subject: [PATCH v13 38/40] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-38-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=21256; i=broonie@kernel.org; h=from:subject:message-id; bh=y2JDbrLAwwW8QwfmD140EDad9A018uPPmRKANTo668U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7hmnxCWdb1zqbs2xx4abtsmcUvLZCrVdBcfUl1 ict8qtKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+4QAKCRAk1otyXVSH0MNHB/ sHXfp1r/TQZrYOp5s01GLwIk0xJIzqyUTV5H/uZCC9xnb+lD6j2D8jPz1huQkAjtnz+1ovI1wP9I3r SHIPks4Z5XxTuf8vmPeVyke9r4VjujXML6y1+FFFhS3onFu/o6dPz+XiLzM0mPojbbxK9xJKgEeNin XyU/e6Wc5JFuRiXQDb3KdJtsoj5F4UtOD+e9vonAczCzWOllpaoH7yGeYVuj8xLcZQS9Vd6Q+P5YAH YgN+2ZCtDSNT32PcyJDsRIGKxPwrhmy72v4UGdcAioRDXvw018H1sACMola6MVZl0E+CCVgR/QIihz PQl4GRRw8AQglIm7mU9fXkKm1qu//j X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: oxiu61bb8p5wszdfkqgmjjgd3fzt46jx X-Rspamd-Queue-Id: A50BFC0010 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727824023-277009 X-HE-Meta: U2FsdGVkX1+Izm9+vSok9ZrwFp4x7bh5du9NH+3LLtUYbrq7VYQneuqR19FCYwNAi0OmPC0gBlPuTXuNeJLfqFGpmrfjHejis+6J4KGYJg0gM9Lnjb0qTBXEenMeOa/D7AFnAjs5FD7XLOMXO2QAev2wTl/djGzB+qkJOCe35A0vlHCvl7CoxDXccmMh5ff8PZS1t6Ky5oaqh44HR9ID6kMS5QyGgheM565HjEJMShcRvy2cEeC5XXcy5QJPOCvIaDdDSs9c+6AjfRZJdyGQDtcEIqTo67Q8UXYZjP309POZ25xIAeNYgBaNA48DIE9llLBMKPVo42DhE5XSk2TA02BS0tptO1ANHqLUc7RqMGW4y/po0M0VGzViuYxY3q3gfl43q+M4tG8D6r2OhwuX4SY2VMbRJbKp12jHetjYMzg68L2BwunhweT7Aae8hzEXB0IdPzQLPkP3zkM+8jgN7DnkFTnCbWslYFYJzIH5yG78dg08Kr7rhvysFC4yFafallPgtPlbpQC1hfFljaou6zXgpql258LEv3AAF8Cm/b8PG19RpgBmSwozDJXT28a5vgxukar9T9Dhad827HHy/aEerlXXahbQopFo35r2gTn4O4LdWD/X8NeMek5niuXli3ERRfJUipfynVlOND4NknhRsgYz1KEb5MxBme8s+utdbff4d8S/N2teXd640sgZUMxSgnrFoX30rRlVGuIlIgwV9siH6Y61rmW9ITQOAO+0+24GRSdhYOBWHLZSWa7KEbN+mYcFHPu4wSLEoD9rfC9sPLJXy95/7K5X/eqHbnKN/x5yuf39mXDu/x7wG/BDZO667i685lHa37RLwa4rMqcirAOga5DJLsMIQhbTQm43y8NMwNNNzjLps+hfgpnQS2j96I+QzNnZt5NLmr25+ozfpGF8gtl2H6WWNPQ64Th+B2wZ2EsrGYceN8bb935WE0z3Jd6zliS35upB96e Haf4Rvh4 Ivu+J8tUmJOwZbmiUl3Oc58Ic/iqMMSC1xh8HJvacBNrM6d9g1TiidWabSlby6T/FnsPstVIYlnVapI7xmGLI8T5E3xQV/jreyR0vYqUiiD1zajvAnycYkhzIwWO36z5zTTJzlzQiji4Xd8biWzXbsy/H/cnFRmENEPSuMtXZltzPvdsOfjtt3cxHEMv1X4NgRa4rmfC0lVR424RnnJ9o4R5pDCSIa63HaabZFM2zj1b7VQykgGjjuswcXgWbzoiTGwfc8/CaDr+LAKpV+dhSLfw18Zycn5RBN8v3r/i1JTcjHUtYHNHbKx7G2Ns4YHI9jpa2cTVR+Ej8rBYtx78HoamvI1JbZ1dWXVRUaNdaOzewa3Qxuqd7MzgJsfkZKjiDz6C4 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 530 +++++++++++++++++++++ 5 files changed, 848 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..b88b25217da5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endm + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..bdec7ee8cfd5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,530 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP) & HWCAP_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_finished(); +} From patchwork Tue Oct 1 22:59:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 527F1CF3189 for ; Tue, 1 Oct 2024 23:07:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D9011680040; Tue, 1 Oct 2024 19:07:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D401168002B; Tue, 1 Oct 2024 19:07:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BBB01680040; Tue, 1 Oct 2024 19:07:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 9A72568002B for ; Tue, 1 Oct 2024 19:07:15 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 507361409B5 for ; Tue, 1 Oct 2024 23:07:15 +0000 (UTC) X-FDA: 82626571230.25.989554B Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 813A7A0006 for ; Tue, 1 Oct 2024 23:07:13 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pGG18lc2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823930; a=rsa-sha256; cv=none; b=KW2uSa/dKcpanj1EbJ/lJMmBvg67SclcSM/9LhCZQCLsiBiatt3vWtnGrDxBReKjKUZoNM KUIJczTlIq1hM0iYCVyB5p4B72vl4ZMwpqh3bmstBNUfyaixi1etoA7/3LAbx/nlUOJWah JJsHUcdRmgpDNKHeSoHFGOQt5F+q2JY= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=pGG18lc2; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823930; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=D8pupPtAUC/PefOJZOlK/94OO4LdMLysuROmTkPxi+M=; b=ohhIVt/0jSFHSu67tB0Cf4wXMbPwW5jWVKadGtk2IxZYCHiTwnfxZlQN41BGkEdD1GSl9a Ax3tuuJVUkodUHHrsGpZjEkVqR05NeZ3XPqc3r7eg8Z3b8TozLgIiISyULnhSpv5uiIfRx syQiJUHlRsbeGBkLU9zWxjrVesvjFvo= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 8D8515C0339; Tue, 1 Oct 2024 23:07:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 079AFC4CED1; Tue, 1 Oct 2024 23:07:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727824032; bh=ZVQOrXstPU5gR3A8Ckx0lxDGx6pZ/VSu5l6FgDY2wws=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=pGG18lc2vPv29gIqkMAgxe+tMLf+4YOSLTVwbD/QjeQ+DvjTcSnhA7jJROEaXnoqZ Sk7q9z9Ik6EYvQw8wHgkFpjni48cdseqWXNSDA3ME5Y4jiMtNIFbXFi/Q4Y6Qx9DwF CjbEr1Q9cpzsDu2LAVgTT9fQjiQWKTngRmKBXEN7BSy7+OVyloW50UqBsYSAQgLQzI dfLXYIT6H9J9EGSKdxsCiJYQYuaK6ZHNrAAHm9yKovSUDtANbzIELnFp7jRx4qdDNO t/OM6qvVSZzaXHRKgKE3J05TO1D0sCqUjuUxevCHFlz6IcybO63cbV6unXyWRUYs81 /uCRBTD6TpHcQ== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:18 +0100 Subject: [PATCH v13 39/40] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-39-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=3215; i=broonie@kernel.org; h=from:subject:message-id; bh=ZVQOrXstPU5gR3A8Ckx0lxDGx6pZ/VSu5l6FgDY2wws=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7irfZPEvRvl3o5vpBr8BsBVzwq7I5CnEYGxfwZ gyf+MGWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+4gAKCRAk1otyXVSH0DS3B/ 96I6K/hdbGr5DSrgzJPe0+7XKencBMwk/ceJm2y031cJaJPViPOQuTZAendfczyGkbAaZt9UeDVPAO gCkbqR4XLO9PBxjo5YScfTmU9r99+zSj+zwQC5ucr66eT1x77VygKzJd8j2rR1NQZy3HquSDHylyJC ESOMtP6qcQKwhdA09cJ8P0dj/L95TlsXTza8OyudflyIIVmrrmpDc09CU+GCTAfUusoUv9E42T4DBi TW0WXck2w1AHyKmsaRL0eCusUSj9mjvtBiInM5ZzFL6Li07LZB1ECqhlt4eYMKED4AvXPIrM4w5bqY Sud8jJ/dLx7hEM40eyum2Ok+hHChEA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 813A7A0006 X-Stat-Signature: 84jcy6q64nz51uj7gbezzqfzo1sfcsky X-Rspam-User: X-HE-Tag: 1727824033-913815 X-HE-Meta: U2FsdGVkX1/BIPoOCuVWgdyY7wZXEh8eboN8zO2gPmFM0I5KoLFqZJbAP6lhYjleM+cGrzsHtIlhVea6E3fcfJOWIOFNw7fqr3HWTGHaM9L5giykyqfWuhkBqejiI5w+kngwm04uRxRpJsr6FeRtQ75e7p2llVBmj6CfcMe9qedEhyocfen0QIHXhjkMHZ0lJo4PutG+MOi1+rcboyw9sdllLou3Vbe4mYhjQrho3SSGmT0oCkMJ8mxtOYmYJW5QrPJRG7yBq3M3qNxwR+eTXsWijHOVB3n7THwBuSjb9qpCYF7/ihJt/99nRITl9sQlra6QHAkKy6iLdJAsmgE7NmAXYXpzatUMPzBAXPb9Pbh+SkS5vU0evBeg+0wn6azdDlXWoV5aYo7ahLPc+vfLEYhIN95iiBl24TcUlKwYf/cpwCJ7kfE+Q83DjQSMoHv0+O1PZnK293gKQLq7aeuIXARBe24u18QyUg0ZWboUjfB11DCuY8Mk7N78iUGGspfuHWguNCZ0ZyDBgBZx47A6uvSTsdHlYxid1xTmJCdx02Qhg3wjBiPB8PdxxLzSvZXxjq4eRcnCCTN4k/hmXTyHyfi8g0SHZrRECJT+EIZyklEsf3jXNVVZZXaGduTPjD6ScIYzC71N+YGEi2A2oppsaBXcZt1IVEC11ZRAbEGhLT/ps2BYHMl4GGA0q2AGkclZyor/TYv74SFGhTxIRQhL5HRKhUbF6Opjv1Bf/7OuTpzOekteiZbhfBmOZJFjBY+4ULBZoUAB8opiVGfdOiLI+mlvgbNIRduCKOXC7qQTaeASaUWGoJkZxqVZrrOwLlmuqfNIOzmkMe0sQp37fJzcAwGDPHu2UFVTXNrR0TTmRa38nKcG09wGoNdoWPxXysUya/55wWwp9rnQhq0HjSQQTQ/9L2iUarnAy7/1P5zyR8xRYBbG7C28TMcs6AA1O8VEMAYlzTX7DTCQOMm7hZf bmAZrRwi rogAR4egPsxA16ttFB4OqCuOV7STLNTMTV/+vCokQu0jWKjW5Edd5qLeQlKB0dq4cdP6uSIV/KFAmTgf6s/tqLtJNfQ67tcHs3dzVFByVyQ4+BIumIfGo7dfgpt++3I4ZUHq0TXOnCHY0TlsoVY7DXFrzjVpNHGgZRXs1o+XvE+N01Iug2V4tO3GIo3aMGypKlJot4dSIb2Qhy0MMbsbOhkVjoqCybi6DREDSfuF4ZxLKQgji4orsCGA6KSF5awLhqBNSRQ8RxNe7g/F1gKJUwMiC64Crh3sVzH68WFH9ObYvp0yLexqPlga7+sWZDHxpqyqJVN4yLXnGkigwMV1ZERX8vw8Kh7GLnwLfwPXXkCraE6lwX+mtRtqOG/KWmeK50T1x X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Reviewed-by: Thiago Jung Bauermann Tested-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..1fc46a5642c2 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index fff60e2a25ad..2fb4f0b84476 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 095b45531640..b2603aba99de 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index b5c81e81a379..8d9609a49008 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT From patchwork Tue Oct 1 22:59:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13818978 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0C37CF318A for ; Tue, 1 Oct 2024 23:07:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 469B3680041; Tue, 1 Oct 2024 19:07:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3CADD68002B; Tue, 1 Oct 2024 19:07:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 24690680041; Tue, 1 Oct 2024 19:07:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 0564C68002B for ; Tue, 1 Oct 2024 19:07:25 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C666EC0AF9 for ; Tue, 1 Oct 2024 23:07:24 +0000 (UTC) X-FDA: 82626571608.26.27E81A4 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 0BCBC40009 for ; Tue, 1 Oct 2024 23:07:22 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MlMuheBU; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727823978; a=rsa-sha256; cv=none; b=mlGFKJkkPmoWGV66tw7lAuZnZSa5vnLVukbh2c8DRdRuVoMrDA83ULwXAspPOXgc/7Ro1m 1H3kTBPPgO6Br+pasKEsxa9Zb76iov/lMdliijFPTkKV+S6eeCQIdkNsV3EDvW28G41bqK BuYvbgl8CyEjjxDG0RB/P/zPgPr+wEk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MlMuheBU; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727823978; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IUUB8QNT+jLHX9OG6ZdcM4mCPmiewIQpENAOxXcj/Ws=; b=D7jEukm9r/AuGG1Zpp5EZNyPwtKlmmQhpVjCM6p1vwbJwoBSFZa+oJ9CorjaYFH9Sx6b+R 643tvFBRiv9vIARgNN9TUWa1jNPX9XVq/fusVrt/H25b0//KDr7XPjZOS2FzG6/lQwwIql Mrth9XVieXh6BhAKVB+FTelCwGj6G2M= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 17DC75C05A0; Tue, 1 Oct 2024 23:07:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2416C4CEC6; Tue, 1 Oct 2024 23:07:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727824041; bh=j6IIdqnHFeQum6z66KX3fHgl2RzDdY03fDwrd4bo9J4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=MlMuheBUz9TDrNZYXlk1//cCagyMhWpLR/SGxdIhq25FU+GmsM9wO7eQvhmd0z5nE 83lXiVJxTeqY5wHk8bzg6jShROnWKZ+lB6WEmLzR1fjQKCqx2ZVf9Cv8cFnFILwoiA F/1RU4x4fX9e6v/AIlXDtOx/CrYpVJNB99SHnzBBZE8Kg7Wgb7LCN8VJ311tPLDfz2 etBgdgfLrtXLe/uFUkHHHOwYXUgCE7taIIEUJv7aGC9IqZKm6Rdx6AAuJ6gaeGMwAA YX9XTcwUh9AMMrlMQRkCsGpUNfuR2D1s6RYLyjvTtWewz3gL6ch+5sTU0a7Tsv5Wlh a07Ozo2sKVw2w== From: Mark Brown Date: Tue, 01 Oct 2024 23:59:19 +0100 Subject: [PATCH v13 40/40] KVM: selftests: arm64: Add GCS registers to get-reg-list MIME-Version: 1.0 Message-Id: <20241001-arm64-gcs-v13-40-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.15-dev-99b12 X-Developer-Signature: v=1; a=openpgp-sha256; l=2416; i=broonie@kernel.org; h=from:subject:message-id; bh=j6IIdqnHFeQum6z66KX3fHgl2RzDdY03fDwrd4bo9J4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm/H7jXlZsyr1+7roR/ZRU6a6ost0JSw7SFgAbAQjO xwJbQc+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZvx+4wAKCRAk1otyXVSH0I//B/ 4vOMUsdK63kNQyVzSZDRn7qmBg3F1T4vHXcC4pbPIxVJCkLTtjsMmQyQC4O5xFSsh3MdZ2n/zkY+RB OGjrdX1UWguJggO+skYEssBRt3LCT1U4DkVsT7HBHEHvwbwyiNDwJvke6m7i/vrm8OvLEunaT7mku4 hkGqiVlSrXxsje+lpEJews5xOhtfs+x0tz5eRbsj8EYyRPNpU8nV30/XAF+lQSfam5chnnMBTF1LH/ adX/YvsJtRLVtJVhfHJtoj69nD/7FJekPVdjsN5+81ApUOobQNwSxHvsE6bbVmRm+KxZl9R5lWIQdj yXgi4EeOV0ewNakXwRY7QF3rT0VO6A X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: m53fpzy11wc8jtgoccn5n1rj3qjy9nrd X-Rspamd-Queue-Id: 0BCBC40009 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1727824042-561671 X-HE-Meta: U2FsdGVkX1+cRgpuXJmvTJGMlcalcgHIrj5mfrvOp58TCyD64Qx+Bi2cdHvZTRtKdCGkyW05r28Hy9y1V/H+BOwb+TTFEnJDyu54pilxtzUvMSdxSBTtR1Np+smdQ1KWIxzl78EwYZVPgLF3mxPRiOeY58P5o6OJ+izLyNfu9VVW+sirtOCI8ZyQ3zjn7h4gxHWPL2m6w2OkK2kK+RPwqvGpuMMXCv2wPvEpyFJel+F4qCwjJyAUuF1nhglGAT3IZSOr4dLl4Yp6uW3hD6amkRjHO9MwSWlViq/ZbIZfVFoOg8pld6Wz7o0gngIcib555sCt6xKvhfTxscqVzOyJyG6GFF7z8mMPVSIsEdgV/M75WP0t7XgUtnXP0MK/KBJEbzb0llM29xRg/5OdS8HTXklfmc9M7Ms6e4G7nrHrMj1TQ9gOW+//HpscLbzz2enIsIobXAFUVYNPKWQvHN6sYSs3U5HoFieIT02sbOlb1eT0q0mPSs5gjc9hJpKYjjb9+qtkqGuEouOjDBTQXNtxYPuS8in/6jbhWjQ++oniV0ymlD6e/PBc0KIe8pVe+cupPzPv2r3QPg6t0TONcvKVl51XLL77XIMILZvJlsqiA3PsP7nKQ2HniZdaZdjqc1JYg4xO3zGqaHf9HE+VfHKvvm24mvvrFIurP+UCiwfhHoC5aOstXQKXClShHqLEZrCEjgv1d6Hl3XFFY+AtCYHRI3S0nf7lNBstoxb8M7lZ5thTHITDmynZHHaH/5q77rnEQSZwoSQBM1IY81/foy81dN3Ep79IdgPG+EOeHOkTgaNu3RFu6QF7e7anZA/OJiyjOlbGM7NZiqdwMj82ekzBtgysx9o2VTAQdvaLYB6PMWtIini9rEkGePB8yY2hki8IcIK+pS9fuVbR76sok1TNcZ8WyUPY2dX30YYvdJOAENJruYrwgL0EbK+ITuvn1LgBYjt24OI8ZhmWFpNVq2M lCQTz69e FFDY1pWqTLB6wdXvO8NztkSTyqW078GUPUPyebQJBgUWpMsTPsAoztBaTTpPtHcFo+3qlLqDy/OUZbyUfXEb7V1rTXIHBlNEDpC0GYHmwEUXWoZRL1t06nP4ZvtD2pKEeWpTOUqszcuRiOUtfpXYJML87m20UwrNN7waihPpy2q6GHtzQvCUdgD09Tzt+wFvfxx0zu61l6b/TuNrLc1SXciOdNku5J45VcbnLZ03WRWj2NGpPzc/ODToEaCU6gFJqiIx3yMSIzV7UsFQvxvb+QFYGUkNA8yLd+knaPi6YkRHhSFIyvX+ipIQ3m3MlG4BLxCnjEejHqlBMtAIbTcXrWQTdqTomD+PLtbi5XHV/gokHKnnd59DDFs5XUfJFy8cKQiOf X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: GCS adds new registers GCSCR_EL1, GCSCRE0_EL1, GCSPR_EL1 and GCSPR_EL0. Add these to those validated by get-reg-list. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Mark Brown --- tools/testing/selftests/kvm/aarch64/get-reg-list.c | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/kvm/aarch64/get-reg-list.c b/tools/testing/selftests/kvm/aarch64/get-reg-list.c index d43fb3f49050..c17451069a15 100644 --- a/tools/testing/selftests/kvm/aarch64/get-reg-list.c +++ b/tools/testing/selftests/kvm/aarch64/get-reg-list.c @@ -29,6 +29,24 @@ static struct feature_id_reg feat_id_regs[] = { 0, 1 }, + { + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, + { + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 + }, { ARM64_SYS_REG(3, 0, 10, 2, 2), /* PIRE0_EL1 */ ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ @@ -52,6 +70,12 @@ static struct feature_id_reg feat_id_regs[] = { ARM64_SYS_REG(3, 0, 0, 7, 3), /* ID_AA64MMFR3_EL1 */ 16, 1 + }, + { + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ + ARM64_SYS_REG(3, 0, 0, 4, 1), /* ID_AA64PFR1_EL1 */ + 44, + 1 } }; @@ -472,6 +496,9 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 2, 0, 1), /* TTBR1_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 2), /* TCR_EL1 */ ARM64_SYS_REG(3, 0, 2, 0, 3), /* TCR2_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 0), /* GCSCR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 1), /* GCSPR_EL1 */ + ARM64_SYS_REG(3, 0, 2, 5, 2), /* GCSCRE0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 0), /* AFSR0_EL1 */ ARM64_SYS_REG(3, 0, 5, 1, 1), /* AFSR1_EL1 */ ARM64_SYS_REG(3, 0, 5, 2, 0), /* ESR_EL1 */ @@ -488,6 +515,7 @@ static __u64 base_regs[] = { ARM64_SYS_REG(3, 0, 13, 0, 4), /* TPIDR_EL1 */ ARM64_SYS_REG(3, 0, 14, 1, 0), /* CNTKCTL_EL1 */ ARM64_SYS_REG(3, 2, 0, 0, 0), /* CSSELR_EL1 */ + ARM64_SYS_REG(3, 3, 2, 5, 1), /* GCSPR_EL0 */ ARM64_SYS_REG(3, 3, 10, 2, 4), /* POR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 2), /* TPIDR_EL0 */ ARM64_SYS_REG(3, 3, 13, 0, 3), /* TPIDRRO_EL0 */