From patchwork Mon Mar 18 16:35:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10858023 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 64617139A for ; Mon, 18 Mar 2019 16:36:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 49E8728FE1 for ; Mon, 18 Mar 2019 16:36:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3DBFD290DF; Mon, 18 Mar 2019 16:36:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C7F8628FE1 for ; Mon, 18 Mar 2019 16:36:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726808AbfCRQgA (ORCPT ); Mon, 18 Mar 2019 12:36:00 -0400 Received: from foss.arm.com ([217.140.101.70]:37258 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726806AbfCRQf7 (ORCPT ); Mon, 18 Mar 2019 12:35:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 20D71165C; Mon, 18 Mar 2019 09:35:59 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id ED7E23F614; Mon, 18 Mar 2019 09:35:52 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart , Kees Cook , Kevin Brodsky , "Kirill A . Shutemov" , Kostya Serebryany , Lee Smith , Luc Van Oostenryck , Mark Rutland , Peter Zijlstra , Ramana Radhakrishnan , Robin Murphy , Ruben Ayrapetyan , Shuah Khan , Steven Rostedt , Szabolcs Nagy , Will Deacon Subject: [PATCH v2 1/4] elf: Make AT_FLAGS arch configurable Date: Mon, 18 Mar 2019 16:35:30 +0000 Message-Id: <20190318163533.26838-2-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318163533.26838-1-vincenzo.frascino@arm.com> References: <20190318163533.26838-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Currently, the AT_FLAGS in the elf auxiliary vector are set to 0 by default by the kernel. Some architectures might need to expose to the userspace a non-zero value to advertise some platform specific ABI functionalities. Make AT_FLAGS configurable by the architectures that require it. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov CC: Alexander Viro Signed-off-by: Vincenzo Frascino --- fs/binfmt_elf.c | 6 +++++- fs/binfmt_elf_fdpic.c | 6 +++++- fs/compat_binfmt_elf.c | 5 +++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 7d09d125f148..f699a9ef5112 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -84,6 +84,10 @@ static int elf_core_dump(struct coredump_params *cprm); #define ELF_CORE_EFLAGS 0 #endif +#ifndef ELF_AT_FLAGS +#define ELF_AT_FLAGS 0 +#endif + #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1)) #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) @@ -249,7 +253,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); NEW_AUX_ENT(AT_BASE, interp_load_addr); - NEW_AUX_ENT(AT_FLAGS, 0); + NEW_AUX_ENT(AT_FLAGS, ELF_AT_FLAGS); NEW_AUX_ENT(AT_ENTRY, exec->e_entry); NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index b53bb3729ac1..cf1e680a6b88 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -82,6 +82,10 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *, static int elf_fdpic_core_dump(struct coredump_params *cprm); #endif +#ifndef ELF_AT_FLAGS +#define ELF_AT_FLAGS 0 +#endif + static struct linux_binfmt elf_fdpic_format = { .module = THIS_MODULE, .load_binary = load_elf_fdpic_binary, @@ -651,7 +655,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); NEW_AUX_ENT(AT_PHNUM, exec_params->hdr.e_phnum); NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr); - NEW_AUX_ENT(AT_FLAGS, 0); + NEW_AUX_ENT(AT_FLAGS, ELF_AT_FLAGS); NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr); NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid)); NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid)); diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index 15f6e96b3bd9..a21cf99701ae 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -79,6 +79,11 @@ #define ELF_HWCAP2 COMPAT_ELF_HWCAP2 #endif +#ifdef COMPAT_ELF_AT_FLAGS +#undef ELF_AT_FLAGS +#define ELF_AT_FLAGS COMPAT_ELF_AT_FLAGS +#endif + #ifdef COMPAT_ARCH_DLINFO #undef ARCH_DLINFO #define ARCH_DLINFO COMPAT_ARCH_DLINFO From patchwork Mon Mar 18 16:35:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10858031 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5DD341669 for ; Mon, 18 Mar 2019 16:36:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4BEF028F9A for ; Mon, 18 Mar 2019 16:36:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3F0B62903C; Mon, 18 Mar 2019 16:36:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D143C28F9A for ; Mon, 18 Mar 2019 16:36:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727777AbfCRQgH (ORCPT ); Mon, 18 Mar 2019 12:36:07 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:37300 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726806AbfCRQgG (ORCPT ); Mon, 18 Mar 2019 12:36:06 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 87E5A1682; Mon, 18 Mar 2019 09:36:05 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 63E6A3F614; Mon, 18 Mar 2019 09:35:59 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart , Kees Cook , Kevin Brodsky , "Kirill A . Shutemov" , Kostya Serebryany , Lee Smith , Luc Van Oostenryck , Mark Rutland , Peter Zijlstra , Ramana Radhakrishnan , Robin Murphy , Ruben Ayrapetyan , Shuah Khan , Steven Rostedt , Szabolcs Nagy , Will Deacon Subject: [PATCH v2 2/4] arm64: Define Documentation/arm64/elf_at_flags.txt Date: Mon, 18 Mar 2019 16:35:31 +0000 Message-Id: <20190318163533.26838-3-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318163533.26838-1-vincenzo.frascino@arm.com> References: <20190318163533.26838-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On arm64 the TCR_EL1.TBI0 bit has been always enabled hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. With the relaxed ABI proposed through this document, it is now possible to pass tagged pointers to the syscalls, when these pointers are in memory ranges obtained by an anonymous (MAP_ANONYMOUS) mmap() or brk(). This change in the ABI requires a mechanism to inform the userspace that such an option is available. Specify and document the way in which AT_FLAGS can be used to advertise this feature to the userspace. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov Signed-off-by: Vincenzo Frascino Squash with "arm64: Define Documentation/arm64/elf_at_flags.txt" --- Documentation/arm64/elf_at_flags.txt | 133 +++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 Documentation/arm64/elf_at_flags.txt diff --git a/Documentation/arm64/elf_at_flags.txt b/Documentation/arm64/elf_at_flags.txt new file mode 100644 index 000000000000..9b3494207c14 --- /dev/null +++ b/Documentation/arm64/elf_at_flags.txt @@ -0,0 +1,133 @@ +ARM64 ELF AT_FLAGS +================== + +This document describes the usage and semantics of AT_FLAGS on arm64. + +1. Introduction +--------------- + +AT_FLAGS is part of the Auxiliary Vector, contains the flags and it +is set to zero by the kernel on arm64 unless one or more of the +features detailed in paragraph 2 are present. + +The auxiliary vector can be accessed by the userspace using the +getauxval() API provided by the C library. +getauxval() returns an unsigned long and when a flag is present in +the AT_FLAGS, the corresponding bit in the returned value is set to 1. + +The AT_FLAGS with a "defined semantics" on arm64 are exposed to the +userspace via user API (uapi/asm/atflags.h). +The AT_FLAGS bits with "undefined semantics" are set to zero by default. +This means that the AT_FLAGS bits to which this document does not assign +an explicit meaning are to be intended reserved for future use. +The kernel will populate all such bits with zero until meanings are +assigned to them. If and when meanings are assigned, it is guaranteed +that they will not impact the functional operation of existing userspace +software. Userspace software should ignore any AT_FLAGS bit whose meaning +is not defined when the software is written. + +The userspace software can test for features by acquiring the AT_FLAGS +entry of the auxiliary vector, and testing whether a relevant flag +is set. + +Example of a userspace test function: + +bool feature_x_is_present(void) +{ + unsigned long at_flags = getauxval(AT_FLAGS); + if (at_flags & FEATURE_X) + return true; + + return false; +} + +Where the software relies on a feature advertised by AT_FLAGS, it +must check that the feature is present before attempting to +use it. + +2. Features exposed via AT_FLAGS +-------------------------------- + +bit[0]: ARM64_AT_FLAGS_SYSCALL_TBI + + On arm64 the TCR_EL1.TBI0 bit has been always enabled on the arm64 + kernel, hence the userspace (EL0) is allowed to set a non-zero value + in the top byte but the resulting pointers are not allowed at the + user-kernel syscall ABI boundary. + When bit[0] is set to 1 the kernel is advertising to the userspace + that a relaxed ABI is supported hence this type of pointers are now + allowed to be passed to the syscalls, when these pointers are in + memory ranges privately owned by a process and obtained by the + process in accordance with the definition of "valid tagged pointer" + in paragraph 3. + In these cases the tag is preserved as the pointer goes through the + kernel. Only when the kernel needs to check if a pointer is coming + from userspace an untag operation is required. + +3. ARM64_AT_FLAGS_SYSCALL_TBI +----------------------------- + +From the kernel syscall interface prospective, we define, for the purposes +of this document, a "valid tagged pointer" as a pointer that either it has +a zero value set in the top byte or it has a non-zero value, it is in memory +ranges privately owned by a userspace process and it is obtained in one of +the following ways: + - mmap() done by the process itself, where either: + * flags = MAP_PRIVATE | MAP_ANONYMOUS + * flags = MAP_PRIVATE and the file descriptor refers to a regular + file or "/dev/zero" + - a mapping below sbrk(0) done by the process itself + - any memory mapped by the kernel in the process's address space during + creation and following the restrictions presented above (i.e. data, bss, + stack). + +When the ARM64_AT_FLAGS_SYSCALL_TBI flag is set by the kernel, the following +behaviours are guaranteed by the ABI: + + - Every current or newly introduced syscall can accept any valid tagged + pointers. + + - If a non valid tagged pointer is passed to a syscall then the behaviour + is undefined. + + - Every valid tagged pointer is expected to work as an untagged one. + + - The kernel preserves any valid tagged pointers and returns them to the + userspace unchanged in all the cases except the ones documented in the + "Preserving tags" paragraph of tagged-pointers.txt. + +A definition of the meaning of tagged pointers on arm64 can be found in: +Documentation/arm64/tagged-pointers.txt. + +Example of correct usage (pseudo-code) for a userspace application: + +bool arm64_syscall_tbi_is_present(void) +{ + unsigned long at_flags = getauxval(AT_FLAGS); + if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) + return true; + + return false; +} + +void main(void) +{ + char *addr = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS, -1, 0); + + int fd = open("test.txt", O_WRONLY); + + /* Check if the relaxed ABI is supported */ + if (arm64_syscall_tbi_is_present()) { + /* Add a tag to the pointer */ + addr = tag_pointer(addr); + } + + strcpy("Hello World\n", addr); + + /* Write to a file */ + write(fd, addr, sizeof(addr)); + + close(fd); +} + From patchwork Mon Mar 18 16:35:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10858029 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA82714DE for ; Mon, 18 Mar 2019 16:36:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D045A28FE1 for ; Mon, 18 Mar 2019 16:36:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C22242936F; Mon, 18 Mar 2019 16:36:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3966928FE1 for ; Mon, 18 Mar 2019 16:36:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727813AbfCRQgM (ORCPT ); Mon, 18 Mar 2019 12:36:12 -0400 Received: from foss.arm.com ([217.140.101.70]:37352 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726806AbfCRQgM (ORCPT ); Mon, 18 Mar 2019 12:36:12 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EEC7B174E; Mon, 18 Mar 2019 09:36:11 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C9F083F614; Mon, 18 Mar 2019 09:36:05 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart , Kees Cook , Kevin Brodsky , "Kirill A . Shutemov" , Kostya Serebryany , Lee Smith , Luc Van Oostenryck , Mark Rutland , Peter Zijlstra , Ramana Radhakrishnan , Robin Murphy , Ruben Ayrapetyan , Shuah Khan , Steven Rostedt , Szabolcs Nagy , Will Deacon Subject: [PATCH v2 3/4] arm64: Relax Documentation/arm64/tagged-pointers.txt Date: Mon, 18 Mar 2019 16:35:32 +0000 Message-Id: <20190318163533.26838-4-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318163533.26838-1-vincenzo.frascino@arm.com> References: <20190318163533.26838-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On arm64 the TCR_EL1.TBI0 bit has been always enabled hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. With the relaxed ABI proposed in this set, it is now possible to pass tagged pointers to the syscalls, when these pointers are in memory ranges obtained by an anonymous (MAP_ANONYMOUS) mmap() or sbrk(). Relax the requirements described in tagged-pointers.txt to be compliant with the behaviours guaranteed by the ABI deriving from the introduction of the ARM64_AT_FLAGS_SYSCALL_TBI flag. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov Signed-off-by: Vincenzo Frascino --- Documentation/arm64/tagged-pointers.txt | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/Documentation/arm64/tagged-pointers.txt b/Documentation/arm64/tagged-pointers.txt index a25a99e82bb1..df27188b9433 100644 --- a/Documentation/arm64/tagged-pointers.txt +++ b/Documentation/arm64/tagged-pointers.txt @@ -18,7 +18,8 @@ Passing tagged addresses to the kernel -------------------------------------- All interpretation of userspace memory addresses by the kernel assumes -an address tag of 0x00. +an address tag of 0x00, unless the ARM64_AT_FLAGS_SYSCALL_TBI flag is +set by the kernel. This includes, but is not limited to, addresses found in: @@ -31,18 +32,23 @@ This includes, but is not limited to, addresses found in: - the frame pointer (x29) and frame records, e.g. when interpreting them to generate a backtrace or call graph. -Using non-zero address tags in any of these locations may result in an -error code being returned, a (fatal) signal being raised, or other modes -of failure. +Using non-zero address tags in any of these locations when the +ARM64_AT_FLAGS_SYSCALL_TBI flag is not set by the kernel, may result in +an error code being returned, a (fatal) signal being raised, or other +modes of failure. -For these reasons, passing non-zero address tags to the kernel via -system calls is forbidden, and using a non-zero address tag for sp is -strongly discouraged. +For these reasons, when the flag is not set, passing non-zero address +tags to the kernel via system calls is forbidden, and using a non-zero +address tag for sp is strongly discouraged. Programs maintaining a frame pointer and frame records that use non-zero address tags may suffer impaired or inaccurate debug and profiling visibility. +A definition of the meaning of ARM64_AT_FLAGS_SYSCALL_TBI and of the +guarantees that the ABI provides when the flag is set by the kernel can +be found in: Documentation/arm64/elf_at_flags.txt. + Preserving tags --------------- @@ -57,6 +63,9 @@ be preserved. The architecture prevents the use of a tagged PC, so the upper byte will be set to a sign-extension of bit 55 on exception return. +This behaviours are preserved even when the ARM64_AT_FLAGS_SYSCALL_TBI flag +is set by the kernel. + Other considerations -------------------- From patchwork Mon Mar 18 16:35:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vincenzo Frascino X-Patchwork-Id: 10858039 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0AB99139A for ; Mon, 18 Mar 2019 16:36:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC59228F9A for ; Mon, 18 Mar 2019 16:36:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DFF0B290DF; Mon, 18 Mar 2019 16:36:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B43928F9A for ; Mon, 18 Mar 2019 16:36:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727847AbfCRQgT (ORCPT ); Mon, 18 Mar 2019 12:36:19 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:37392 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726806AbfCRQgS (ORCPT ); Mon, 18 Mar 2019 12:36:18 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 623681A25; Mon, 18 Mar 2019 09:36:18 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3D9E83F614; Mon, 18 Mar 2019 09:36:12 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart , Kees Cook , Kevin Brodsky , "Kirill A . Shutemov" , Kostya Serebryany , Lee Smith , Luc Van Oostenryck , Mark Rutland , Peter Zijlstra , Ramana Radhakrishnan , Robin Murphy , Ruben Ayrapetyan , Shuah Khan , Steven Rostedt , Szabolcs Nagy , Will Deacon Subject: [PATCH v2 4/4] arm64: elf: Advertise relaxed ABI Date: Mon, 18 Mar 2019 16:35:33 +0000 Message-Id: <20190318163533.26838-5-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190318163533.26838-1-vincenzo.frascino@arm.com> References: <20190318163533.26838-1-vincenzo.frascino@arm.com> MIME-Version: 1.0 Sender: linux-kselftest-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On arm64 the TCR_EL1.TBI0 bit has been always enabled hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. Set ARM64_AT_FLAGS_SYSCALL_TBI (bit[0]) in the AT_FLAGS to advertise the relaxation of the ABI to the userspace. Cc: Catalin Marinas Cc: Will Deacon CC: Andrey Konovalov Signed-off-by: Vincenzo Frascino --- arch/arm64/include/asm/atflags.h | 7 +++++++ arch/arm64/include/asm/elf.h | 5 +++++ arch/arm64/include/uapi/asm/atflags.h | 8 ++++++++ 3 files changed, 20 insertions(+) create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h diff --git a/arch/arm64/include/asm/atflags.h b/arch/arm64/include/asm/atflags.h new file mode 100644 index 000000000000..b20093d61bf2 --- /dev/null +++ b/arch/arm64/include/asm/atflags.h @@ -0,0 +1,7 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_ATFLAGS_H +#define __ASM_ATFLAGS_H + +#include + +#endif diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index 6adc1a90e7e6..73d5184a4dd9 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -16,6 +16,7 @@ #ifndef __ASM_ELF_H #define __ASM_ELF_H +#include #include /* @@ -167,6 +168,10 @@ do { \ NEW_AUX_ENT(AT_IGNORE, 0); \ } while (0) +/* Platform specific AT_FLAGS */ +#define ELF_AT_FLAGS ARM64_AT_FLAGS_SYSCALL_TBI +#define COMPAT_ELF_AT_FLAGS 0 + #define ARCH_HAS_SETUP_ADDITIONAL_PAGES struct linux_binprm; extern int arch_setup_additional_pages(struct linux_binprm *bprm, diff --git a/arch/arm64/include/uapi/asm/atflags.h b/arch/arm64/include/uapi/asm/atflags.h new file mode 100644 index 000000000000..1cf25692ffd6 --- /dev/null +++ b/arch/arm64/include/uapi/asm/atflags.h @@ -0,0 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __UAPI_ASM_ATFLAGS_H +#define __UAPI_ASM_ATFLAGS_H + +/* Platform specific AT_FLAGS */ +#define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) + +#endif