From patchwork Tue Aug 22 13:56:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136552 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3696438vqi; Tue, 22 Aug 2023 08:19:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF9PJG7PDs3eu3FnbaTr/HipjCbGy2f+sAWrmOe4Ss3q4A1/GlrRd4pWDN8ghpZxrh9b/ZF X-Received: by 2002:a05:6512:1194:b0:500:808c:91f7 with SMTP id g20-20020a056512119400b00500808c91f7mr4527455lfr.13.1692717591038; Tue, 22 Aug 2023 08:19:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692717591; cv=none; d=google.com; s=arc-20160816; b=D8oDGPoYWBtBhxbq1qBw2Ohn1HznI9159enoFRPVSW+vFvm+yRawk7ZA5C27y+WJ7b YLIUW4Wq5/9PnZ7r4xEU/QhL8GPmaK4gnWhDNy7tEBKUXwc/JFwCAC4AdVyZCXKq2Ajo mwsChkokikvjRMYWgrLP1Z6SDRoZXEWjZ/ET5ZYVgh4UOgpSC4PVyVS8s451w/fVuU0Z JBWWSIzZRKZSA6ZVfhVMCrw3+ZzK++6XI/SUbD7zjvQkxgTeKTSDsdx98V5Dz+z8HPc4 fxbTsjR9qPcAndHQ+yuL2qN6h+3fC6q6zKX1StnmkZOzRfEPYc2x5qKj/5WF1WkH4rsH dYVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=DbuZEnfEz8N4esDWlO+EFArbZ8jBkVnMQyeK4BYbEVk=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=cwudOMG7TS0y1SzVFYqjOq2wLH0FvkQjAzNZeXTrGkfgZENCSmFjhKfPN9sMrEY1ix tlFj7ThYpZ7IpBpw9uV304mSNal1tGhv+oEPj5YxlQ1iWRXhG3GE3wTmZw8P9C1fcpk7 Pg8sPUSS0uQrgi2CIBVUN/mOwf64y8Tg7y52PSr4hefxmxycHfw5vRWTUgb91UfNNKqz 5OwSHcVr6KEC/kdlbdObFjFzV0mDgg9sxTQBHfVgNV4xe3kWy4smmCEAko5/XwuNNOrY XSB2UOnusE4OQmADVG+xqYg6bFnKKq0XnMoY/SMYBQtI60vvvlpF9F4S9f1IF9q8PjN0 T/MQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qTm9XTGv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p22-20020a05640210d600b0052551d0ca26si7291297edu.21.2023.08.22.08.18.47; Tue, 22 Aug 2023 08:19:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qTm9XTGv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236258AbjHVODO (ORCPT + 99 others); Tue, 22 Aug 2023 10:03:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236234AbjHVODK (ORCPT ); Tue, 22 Aug 2023 10:03:10 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B82A7CD5; Tue, 22 Aug 2023 07:03:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3E90465726; Tue, 22 Aug 2023 14:03:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9638EC433CC; Tue, 22 Aug 2023 14:03:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692712987; bh=pFAvrTvTUMO0xGKH/cMXrv1R9nlyUOOKoHgSKri2XFo=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qTm9XTGvcYh+Br8eJUAeGbO/I6+6TObGxYTwfAxErZq7Ntyj+r+ZjZ36mVjjS7fby MGJHkozGMXiQgElJ1L/hdHWK5jS6K1IdwfgG9KFB0cPquHiAoreyGmmIaE94d5auZT rjpYop2VCduatHJPECR0bjHwBO9GubtNMy0N/6iGoLAWZEN1/T1a/pZ56+uoTSGifm wnKHoGJpjPpQVFEbG7W8LrY+Y/HsoFR9s1p6c//axRtaZ4h28qBqfFbSfM57TLqGYm bBjhEAgEE4xe1eR1F9baQN7ZtJmG9EQIaDzevsFHbvH7o4lc5g6GpvtWWOhLpiaI8I 5jsTDl5jo/oGQ== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:34 +0100 Subject: [PATCH v5 01/37] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-1-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1303; i=broonie@kernel.org; h=from:subject:message-id; bh=pFAvrTvTUMO0xGKH/cMXrv1R9nlyUOOKoHgSKri2XFo=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/wf8ItiVhhsjU1U1pKaopo/uh7rIWP4I7WMtBO inLmxduJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/8AAKCRAk1otyXVSH0AV6B/ 9NgV9lhw6oHPGtixcm5V3lAr7z+o9fWsFcBTBXWxSurUlb0XFjc+t7fDH7SvXhVDsM3caWcvDpNysc rUzR8kRdWUsc2c9LvqoaTcUMfW7SZ4LidddLAhjU+PCa1JGQoP92n9jN6TStbJ85YIH9l9KVVshmVZ XiPc6ANN4NmBzgKj9JGYlITGz4YnTicnXsOeD1e2p0e45JZx9f0hBIkU/lKRzsyIRzwpsY90K00Qz9 YGG3gusgb5P00L14xVRHrVAbuNMepnYq7a4rPyLGjenQCUiv8inCi9K4DWKE0JohN+V9sSbORNNply wIdHzUINXrAPZmj+TfHarlSM6uY9B7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774943040378114498 X-GMAIL-MSGID: 1774943040378114498 Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Tue Aug 22 13:56:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136560 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3717379vqi; Tue, 22 Aug 2023 08:51:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGYEynBDSUKOuj1h78lUUs4iXvqpa9DzZD31KnBIxWNRjVrWI4ShtE06vqrnUogW4G3qt+t X-Received: by 2002:a05:6a20:1c5:b0:140:8537:85c1 with SMTP id 5-20020a056a2001c500b00140853785c1mr6505953pzz.28.1692719511103; Tue, 22 Aug 2023 08:51:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692719511; cv=none; d=google.com; s=arc-20160816; b=RftvI+d9xnIqWwmiodqtLOqppCmfvIwNVftsI24BI8+YSWaen2k3x/GXeFqYxwXbr8 ySHUQcgy8ZZi//lRnHuvQLqMfKB6fpbywuVLhzgfzivHZddP3OcNP5dk51Rk41CJtTsf oPUQPHk5fjda33RXAPgUvnSrRojbA+V3F9EbdyaI2iGeNNOlgv4/7QHABqONqGDHpRjJ PDvQI7j4DXuuwJ+hU7ctkRe1dgX9L7wD6LNGA6cs33u24e3fTtHkQFYiSESHmsuYTHth xFV2ltWGy+1kHlJ3TBxROBTlsa1qBQrC2RyrxJ4Hs+b9SjAeazQGJoABcxfFdwN5D3ZT iykA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=ZjNg0k5JLv8meVnlQQnkT78Rd0wGAKwtkegHXDEiJaM=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=0sURqRQ9us455WJwFro4nLmhYdvf1nWQI+jPGw9t5hjqIb0H/JG2p4paVMYkhATHBr 1FzS5gG9wy0QWnJFiwZTfv1Uprcm+kOiLiPlr2SI5KYvGZjc/6V63nggqUc1QEreaRaR wnjiBB+fM8s115xWkRuxwaPzOsO8YYhQqKnf620cn0eE29aMJVFBc1DsnFfDkKiHUdnO vHP33gsG/TO4/Vth2SoKxzCgFiTZPOuQXc251ZVtFqw2PNNjLl4emJvljTFWu1KT4CcO 5R4GhvMKD1n1CcP88gPVMcMWeN6YPGvChFrD7U3UQSFbLAqt1TKExGojBMoOurBUi8SN Ix/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gxgJUaQv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k71-20020a63844a000000b0056b0b30d05csi1774795pgd.245.2023.08.22.08.51.37; Tue, 22 Aug 2023 08:51:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gxgJUaQv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234360AbjHVODw (ORCPT + 99 others); Tue, 22 Aug 2023 10:03:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236288AbjHVODt (ORCPT ); Tue, 22 Aug 2023 10:03:49 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 40D5FE5F; Tue, 22 Aug 2023 07:03:35 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A07C963A0E; Tue, 22 Aug 2023 14:03:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3089FC433AB; Tue, 22 Aug 2023 14:03:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713013; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gxgJUaQvy5XcROS6md5Iyq3IvRwllUFGSh7/wGQ7eqaMtdeiVs0DM0K3WdbkTzacE hZsYqB5ynIrK9bj8ilHCgmFyTR7YuvCa1BStsMUe0bucTXynu/hUaEOrIITUY8fHiU Mzrda+1IW6rodx6yXxbM9SkXxBWIR5SbPSTJEfxzJN5a5dBv6OVfT7B8sXDIAcWZFe oHwBCJoaYkJxmgOGzbOfdHAZ/wsKW1rIRiUwjqurKNkTNEF+Xhd6f7EJspjQLoYaC3 NOSIOa6QGwvsnJG6Ka7XP8gxlDU7cj2/2oMlZ1ybfpewshExT4I7RIns+k8x+i4Hwe UwJdj0K5HCI2w== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:38 +0100 Subject: [PATCH v5 05/37] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-5-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=8dG7a5zhnwPAZeiNFnvKUhXNUal9236c6/e90HmcsCA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/zCtdFWzHnlWug8mDyrQBzQGAK0DHuPph0D8Ch GC3bJQuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/8wAKCRAk1otyXVSH0AZ3B/ 92STkyE/qyhuJXP8cvdO4zowiqGHxKDQVlkdGEvqFsUNmFill+z3hdsi4uH9CPfBs70iMMIt9eXawf 5wCSSXuW5L6RwsU5/7qOYbsXRRk+kQ79UMHdrClm5s9UGgrVgeJ7jo15JjHDnUyYFhg3Nxqh0UKp9F cPOlTxdUfRq8/lrupQINYygUX/LVSkP2qdaFynvhkZkvKsTu+RHIlTI4rdCPJZ9Lq4DJA9Z32kIFKy LxvSAIX4IpcdnjgpmeWj/BxQ+mcR6reN9mim7fGdG4EhzZHrUPXDhI4gJ0kIGPWvaMA0Qa4UTJ7L0s 6wc0Ugx5e7MBzxYnOIyCRkX3Fg6ygf X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774945054538245543 X-GMAIL-MSGID: 1774945054538245543 FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 65866bf819c3..20c12e65a304 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1780,6 +1780,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2010,6 +2045,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2209,6 +2248,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2268,6 +2315,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Tue Aug 22 13:56:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136561 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3720305vqi; Tue, 22 Aug 2023 08:57:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFaeCJexyzipj7/C9JtirH8izLItCca1vM9A2KLVXfMlalCEZlPipOWsChF9tTeK2FDEGwN X-Received: by 2002:a17:907:78d6:b0:9a1:cbe5:7586 with SMTP id kv22-20020a17090778d600b009a1cbe57586mr183730ejc.35.1692719828980; Tue, 22 Aug 2023 08:57:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692719828; cv=none; d=google.com; s=arc-20160816; b=g1KTfqKpLTVpSdJszZpCOyxCODo7wV6if/KXXblJy98R5ppiCO/EQYLFTcU6WbuvOV xpy3ZhJUQ2NbJnL+ciar3olOUKLl5z9oPa6EKv/l7dqgkgqOHIXIhTzisI3tiAdmAy7o mrxnh0WRrY4IoEk0aJWB57LHU+f3o7rZaDitcXhGaV5qOKp/EPp8Wg/HvjsMFkkHjmlb GM7vUXO56ojClb5aQPzvaOvhqdNSs3lZGSjMeJ1w9IhWutVTNy6m+Ap6FyfAlLX7V73Y G3KcDUDjDcaJCKNb61kOUT/zl5BQYC77WWqnnOO5GWgcS910LW6kc5QsbfRxhdvjFFBZ CSRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=mJroho1o7mQ4v5IpLO3pGU+gSm8jYAJUrZ5Tuta6VfI=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=K3tj0D0ag8eblKcfCsDbr0RW8FS09nbdtFpW4ODTEo/U4nTr61dNHzjP6p7U+B3N6A KLGyPZToB9ZTllgL3sDDS8VJHKmn+IZ5dpTwb/gfUjQ9XsysNp0hnCj8EQhRnpbePp0/ wadk6r/ioLwHM2kNayeRKZA5WENiPhgFoO07H3RKoltSuCTylQRhA+iD/AY4gaLv1GBJ bZZISrbyJxIUF1u5bcU4meJNQpZTl4A61spjp6JM2LYj9DjHjsh0bqcssqXqrnRaH1wC WYKrjRaGWrJePulR9eT/70Os7iqWtBpHzLhEx/dOPN842T9xcpcSxCm3svSZ7JZnzBcY lNJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mlWvTaQN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j16-20020a17090686d000b00993860a6d36si7684598ejy.374.2023.08.22.08.56.44; Tue, 22 Aug 2023 08:57:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mlWvTaQN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236301AbjHVOEU (ORCPT + 99 others); Tue, 22 Aug 2023 10:04:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236325AbjHVOES (ORCPT ); Tue, 22 Aug 2023 10:04:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB4D7E4C; Tue, 22 Aug 2023 07:03:53 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6C83365781; Tue, 22 Aug 2023 14:03:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C568CC433AD; Tue, 22 Aug 2023 14:03:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713032; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mlWvTaQN07byyUzf1CBPUuiCl9atcm+iFpXcZmmFNSmydMgUfR9Rw39AUOJUkgAlY 2ZhFmfLAiOVE0KR5rqzK64Y9wa+362rOFL2nSiv41fd+92xgrMb5lXRk9amGjzDiPl imKu7mTPRF/okPy2sPUrCYGFbC/oj4SsClfRrGG6wEht1n0l52rv+nkpo5tVAWT/SV R0y/z2PghYtCsriK0v7vPuUS/hca6R6jYYbOMSH1xbdzhbXFvp9XQjG7QyZrcZaRH2 2lCoZdZXeFCb7YWDwQzZy/SaAlMuy3Ta7YsUBu07sb6hEvORsAGhsAW6ZfM5sbCzQa tRmUlf7VQmSYA== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:41 +0100 Subject: [PATCH v5 08/37] arm64/gcs: Provide copy_to_user_gcs() MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-8-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1292; i=broonie@kernel.org; h=from:subject:message-id; bh=BppDdcqjtJzUfuzafP5lgvHCeya4NknqM0BAXJ7ap7w=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/2Me+ug3ePxzuzvoPm/hkwGj724zhTCzq2OzFW adIGHHOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/9gAKCRAk1otyXVSH0HRNB/ 9IUqNzEcbTEiNkLKuvna5fOzaKYr0ARo6fUoTtLXYMcvFVGLqvFurGEIYTQ62h+JPsILa7aMNFnw4z VXRj2dmEWVI3pLWCLOr3qPOUTG+Vktj+ZmWNDlYliT8wxXwdr1uot7HkFAXMEMubHo+4yqgCyOzuBV D7Jazz4z1qhrfGraLs5Xba8n6eWy1dwiwOMOrOvyFmPFsamJeSsZAJ/AKIdra5hSkwWVGy0bh2I7YI nrtiIi9lgKkLnDsm2UMZiz2E6I91LWEdbrTyYOYaiTLKFYwfYf8GCOZRqeu08XGB9WIoOT5blki5S6 PMPDPPcgWVE8jZnwHus3N+ebSV+EmD X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774945387182049228 X-GMAIL-MSGID: 1774945387182049228 In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a copy_to_user_gcs() which does this. Since it is not possible to store anything other than a 64 bit value the interface is presented in terms of 64 bit values, using unsigned long rather than u64 due to sparse. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..24aa804e95a7 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,26 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline int copy_to_user_gcs(unsigned long __user *addr, + unsigned long *val, + int count) +{ + int ret = -EFAULT; + int i; + + if (access_ok((char __user *)addr, count * sizeof(u64))) { + uaccess_ttbr0_enable(); + for (i = 0; i < count; i++) { + ret = gcssttr(addr++, *val++); + if (ret != 0) + break; + } + uaccess_ttbr0_disable(); + } + + return ret; +} + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Tue Aug 22 13:56:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136568 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3745973vqi; Tue, 22 Aug 2023 09:34:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFUU1Q20oEYEAJxi7y3Jz8w8i1WZlqRoayMMh4r7pNrtT/2OIWa0kz2oZgvw2txRAxHfPix X-Received: by 2002:aa7:d502:0:b0:522:472c:cc36 with SMTP id y2-20020aa7d502000000b00522472ccc36mr9113280edq.4.1692722079267; Tue, 22 Aug 2023 09:34:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692722079; cv=none; d=google.com; s=arc-20160816; b=iaeX7AH3K3l5q+vu2rXsG08QKv6tqaRK4oVbgzij2O6uQELOyijtqM7j325U/nvP2f nLjQR6xKi5jta4uAUzDWJ/ZPpJ4cMC0LKA4cc1NuMYm8paRwuMXgefmBETG9YvJ7K/h1 2uBJ1hHXLj+xY45J3g03T6sn1TVFQ5D7RuYbm0TJ/9q3a0R2cL/Pw+BoqcsSbukuN4A4 Rie08Nlzz5T2MOcAMxix/HS5V/nYsmyYzWl7b0VwDh9slOJf2jR88iksW+UMDOSwbquB rZ0uRyu7k7gYkV/i+RcDAWcvf5hLcmh6OjqNA4eENqOITQt0wpiHYKkS2ungdyu5HcEP YmWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=UsQ4evMiiAYwQjdayZkqlkQ8Zju2zsq0zDtbSV9Oikk=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=IoDNBAwYQpYAjKDiX6e9MFV3H4aFhXQpQcZX8BTqIQndmgcaZK2Xr1/Sjk+LKEaeHE Ot6ApcuZ97jToa4IqgAWeNnQpMFl7ZwbIPfDlWC8VIOwzZsteRrVcuN3+YgJwNvA/UpT FalK/fljjj4BZ+5Gir0ro5TM/xiEVDkCLy5eGAbQx38n3aAgimvaNtMpcGUSrXUJh8Ra LgKy3Yywam+wPj2TFBgJAtnNzqxOZguqOegW0VP00jPqnmkiu7+s9hSZqBHHJ1O7hJeI HIpqGf8QV9oeFDOp8OtnsfjpDzMtmLkepCLo4dLApOH80Ijx0yiHUaJMM5gwb36OPFIf brjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gm44lb1O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v11-20020aa7d9cb000000b00529f5d8ee3fsi6292047eds.574.2023.08.22.09.34.06; Tue, 22 Aug 2023 09:34:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Gm44lb1O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236309AbjHVOE2 (ORCPT + 99 others); Tue, 22 Aug 2023 10:04:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236341AbjHVOEY (ORCPT ); Tue, 22 Aug 2023 10:04:24 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52459E57; Tue, 22 Aug 2023 07:04:00 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8A86465772; Tue, 22 Aug 2023 14:03:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C4C8C433B9; Tue, 22 Aug 2023 14:03:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713038; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Gm44lb1OIiur2ErWSm0bJWXftj+KzNuOgrIjuWkrniWEX/6m+60GL7eqSnE4XGJAo JqXsH61UMv7SajkmLtSB4Y+x9tRilyC4aTYriNQgj8I0NQIVKs9fscnbvIpdfA18t/ EC+zcW2SBzjW+tSjJJW9XPTh0cMThUWSFZDlHUinNMxA2AJn588xBIOgYZ8elIHmvN P1ltTRWjqjOh1pL3u68268I/khyQFbO4R7/S0GuVxD7XC2gypvVr3gEivsJwyV0TFU P/yNAmL6eQPf5WBEkpM3hWs/aiKdBgwKmrqeczrV6NpPCzVeUSDnoJcCi5TIc+9QS4 2CdYlI8QSh2/A== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:42 +0100 Subject: [PATCH v5 09/37] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-9-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2901; i=broonie@kernel.org; h=from:subject:message-id; bh=teb0sKS9busqSVOZxV9N3xrEhZqf3CdoVbQJObdkbLU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/2LCMqbwDztxrqMpNwVXemFsoZYDDfoYP8KPfw j1oK57uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/9gAKCRAk1otyXVSH0GWvB/ 97UAxRcmCfkVB6b8kBDSVXzdSs7X1Ik3oWgpf9EGshuT+8TCkb6EiKl9hjiuf+W+fXtYkA2OYrsRPT ZWC09bkTGoij/X2pZLkd8ksm+WApc4UT+SAR95XeHJws+fJe2HwPRYejAsy3vRFFwIUEDjM9MzElW2 LrrXxzE1/go+aHg+hwt2/S3GbeQngIRE5XOL7vHphrwmI0BQd1lsFb4HvQdgC253beL3z4qhyOZA9i 3IeHu9HfcfPjoRxh1cLH2pwH6Aw6fas30sooXE5IGZAcilEzyCprLMsxO0SD5pkjruLDlaBOljHFA8 CqeP5G7FFD0cP7A4fuIryfjdyNouTv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774947747459841893 X-GMAIL-MSGID: 1774947747459841893 Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 96e50227f940..189783142a96 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -831,6 +831,12 @@ static inline bool system_supports_tlb_range(void) cpus_have_const_cap(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_const_cap(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index f9d456fe132d..91a14a6ccb04 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -254,6 +254,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2219,6 +2221,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2715,6 +2723,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = ID_AA64MMFR2_EL1_EVT_IMP, .matches = has_cpuid_feature, }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index c80ed4f3cbce..ab582f592131 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -26,6 +26,7 @@ HAS_ECV HAS_ECV_CNTPOFF HAS_EPAN HAS_EVT +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Tue Aug 22 13:56:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136589 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3809187vqi; Tue, 22 Aug 2023 11:21:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHj6geS5KzDXSJ+uZe02Xc/GcyjnsPpjRoID9AH4SEs+nvMgATxP3MqKZ+ER3OF50ZgVDX1 X-Received: by 2002:a17:902:c1cd:b0:1c0:91f9:aca4 with SMTP id c13-20020a170902c1cd00b001c091f9aca4mr3055218plc.22.1692728508954; Tue, 22 Aug 2023 11:21:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692728508; cv=none; d=google.com; s=arc-20160816; b=luDNlHeA4M+Qf2fgzud1dJgiHqvdaGuyV5PEhG5zvTT24eNKFRh+r15oJmSDgQMlwx EVFkj7pbJqtmfYQtPFwZ0Rer69NjxYKd3E4W1YDNWNrxXycYHeju+cjnsObg1ybPsjdd OIu+uhc/xjwH1GAC046HVBgWCEnzw+FMZyD+J0g5ZHOKP+qmHjmDY0AsSYguCm6HRrmg ftzJj8OgJv5fxNgDjSM8q7TofaaHVFSZfEr8TSlqTor39eYX6CT+pzhowZOD06Z4Eh5T E+mDmKt/XxadLCYZJn9NJBuj2/OjvjLtZ11/imFplH2AgRJ0tLSWVz09W5jNlOZYWOKU 8k1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=w1OwbJ20P8HDRNdH1ygFX4S+EBsp6pZUUHI9nssVO9s=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=iMc68uZu/L5aSObdK/ZJpui4GjaF54BpWi0ruNXo1ritwCypM12irQWNmQ3pgFoojz b+psuihqhUk8EByRLpe3RcePL31wrjVcm/FE9jVoQkzha5ondI49D06ywbLVyp2B3Qi6 XlNvaTetihgYgTuSBSYlq5pLBztT8T7Vi1ZZEcGYYQOGhxTAY1N+f/BX+IWm30zcCMR4 yeeX0VUCa7Vie8AziddWxWtMn3hXcQsVknB1a/TDjWjT8s/NNlKDbOD+a0vOMTwpecP4 dORh4GiVqZQGxyX5ECdNZpFrxCm5xhzNhHfsPdrFcs/sNPwo3fXV2rdAZOACExShpjEG OKqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dRAAsGX9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x3-20020a170902a38300b001b4fc117bf0si8874150pla.116.2023.08.22.11.21.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 11:21:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dRAAsGX9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2DBEA36B0E; Tue, 22 Aug 2023 10:23:18 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236368AbjHVOEv (ORCPT + 99 others); Tue, 22 Aug 2023 10:04:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236358AbjHVOEs (ORCPT ); Tue, 22 Aug 2023 10:04:48 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12ED9E45; Tue, 22 Aug 2023 07:04:21 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4A4DA65792; Tue, 22 Aug 2023 14:04:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD285C433C8; Tue, 22 Aug 2023 14:04:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713057; bh=fYSc6YldDz9f4Wg0F4vCCpyazEEr65gHlcDJxqefLXM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dRAAsGX9NQcMTa6eDbu6Tqs9RxRB5S5O4R9jCuHb2OQzuZkg4eItQ1lYOm3LAkrrB 7oYfctWxhLj/jt70PAvNfFtMY9G9e5i+ecr7xA61ELZwQo6kHP/NWVFIAiIu3f+3+4 H90+VbQOlXvBNgtiFTibSSe2vAvRZ/sQby+T6aJt/RBGpCqiiKW4cLZlkwdWAQDtbq Gp+Tdz+PPhLjTSw2Af0B1azcJik4Q51rrKko9u9U++73PXF/LZMSBnctKSHhse3OFE kKAL8bKKirnLI2q5/Y0dwJ6qjf0+DP4mkM8ysdhjYYQlorvtaS6vniIxJ/giKUdQA9 Nl+zR7rAwwaWg== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:45 +0100 Subject: [PATCH v5 12/37] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-12-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1756; i=broonie@kernel.org; h=from:subject:message-id; bh=fYSc6YldDz9f4Wg0F4vCCpyazEEr65gHlcDJxqefLXM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/5PuMIq9BeN3C01qO5ocLYTnlKxWd1K2qibZTk qwPJmcmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/+QAKCRAk1otyXVSH0IUQB/ 9L+p/pe8VJG6Xh+181btNdS+8+jqn1Yk5PtFIxvU5J2m5z8vS9N1POMNvUX0r6O/SW5UoitDMDdz0L 8CJpwAh9YougsmhMN8+JzS5SAPv/Vh51y37mtNY5GfahOxketQtY1D2P955vTu0cDrsG/4l753eld4 3M591bLEc2Ke1tUf7tpsjZQR7VebXEdd5Lm+zcDr3e3JJGV5xLbv/uKjAVvUxxc5+Nx5aGTL+XpL4z qsnKGvb334j8M7hf84I4o1U0+ir3YzDo7udMaAZjAybVwDbLhJaD2XOHfiVzmTyps9zwcoJ7lVgFyw qCXDWPEi9HXbD8VkR+zsq41rp1BVF0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774954489429627347 X-GMAIL-MSGID: 1774954489429627347 Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 6 ++++++ arch/arm64/mm/mmap.c | 13 ++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..4c4615867713 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,12 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* An executable GCS isn't a good idea */ + if (vm_flags & (VM_EXEC | VM_ARM64_BTI)) + return false; + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e6fc7ef83ea1 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,9 +79,20 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } + /* VM_ARM64_BTI on a GCS is rejected in arch_valdiate_flags() */ if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Tue Aug 22 13:56:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136594 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3811373vqi; Tue, 22 Aug 2023 11:25:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEsxDCLQQhTRZ6VyjNyhGq4lpKyTtdHynGMLAvVvdf7PRYo+zNBVXverc2qZWFWxLq37jzk X-Received: by 2002:a05:6a20:3d91:b0:133:be9d:a9e6 with SMTP id s17-20020a056a203d9100b00133be9da9e6mr14451109pzi.17.1692728749846; Tue, 22 Aug 2023 11:25:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692728749; cv=none; d=google.com; s=arc-20160816; b=MaUBTDC2L/AaJT9Mo2Lh++yC5hqQTbGCESs3e22JhTMOEiQ0ZSJ7aZ8ePaj9sd5PHl 5nWoBisY9pz8hP0mMb6rHoqqBGFwIAbB3mGYWW3RUKyZVMXcYgDHQ8V0BIeopXbo6uz8 /SOSB0D9Fi3Top7XPPhis6leNXdhxo2O4tJ6CWbd/uGMZeaNekn43g+wnjif1OdX09fS Ib9JKBR337yGsqVxPUXYFTJ86lYxuSNLwosDgEWeI+RTj/XFAI24G/FGRM0/+qqC3tkG XvEV/Q7A/8KZMmvvi8S7mDF/yH9ipibvdBHQnsZJKL2d74asUzNbSCdG/stB8a/2AFiL fFGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=qn2wictEWB8wzi6RrERix0h5HYhcy7w/c2/srM6xMb4=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=rRt8QoWxuLbNbl0a45crOSat2ZbhCeZ2hpGZrW0X/S8Jntw6qy6fVkwkMdgP3agCy4 RtCQVUPfO3yCQXNeDNEJfWSKD+cT28IbPsUfbk06AI21h4qiu2cjE+pIFiBBDzNVTZgm 8/KnDUWjQb3RMPVbRG3BalgdPeHQf/9h3Y47pEAdmSMahHH4IXga9bBc6veOZ4vuuBJv 8asztYsY8GmrzJYYwS+6gry49gHtnEdNOuUHLIcHHevrTKafoZsuF18iXejN4sKAqkKn 0mr8fS/HPnRckK3m8dFy3nH6vHFNq8qPiRiwIsIFcYDQ0AtXat9xC68qgLWGcPl+Tsn3 OhHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RCqk+m47; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id z2-20020a63ac42000000b00553800fe4dcsi3055740pgn.583.2023.08.22.11.25.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 11:25:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=RCqk+m47; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8A144398AE; Tue, 22 Aug 2023 10:24:11 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236246AbjHVOFE (ORCPT + 99 others); Tue, 22 Aug 2023 10:05:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236400AbjHVOFB (ORCPT ); Tue, 22 Aug 2023 10:05:01 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7CE99E5D; Tue, 22 Aug 2023 07:04:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7C7E2657A7; Tue, 22 Aug 2023 14:04:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F0922C433CA; Tue, 22 Aug 2023 14:04:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713063; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RCqk+m47/b5oHaZ/1B7AckLPjxeFflR5uvj4P08XSiPQe8kqjItk7kcv9/mTaexbd oG1uUYZzlINkKJ1EtUN7rMgHVY3ELd4gwPlGZQh3cEchNr8uWF+NyBnkq+YTweMKtI lVZYsN/CNP6k36YydVJLgNv+kUGd+gHse4l/ueEAaKlI7oxEHR1yxzpDs1Ll65V8yh Xu0U7Lo01W56XviOnbZP3QB4fMwXf0mdA26Cu/OLS2mi7VWuo5BhrA+7CBoW4yPUZ7 PFwrQrlLxiDYoA5hbQyoDK2PIJy8ZdCbGj9P2NrsrWdQaXr92VbjyPCg5FUauhrTYV SD3s8KT+NxQNw== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:46 +0100 Subject: [PATCH v5 13/37] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-13-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5343; i=broonie@kernel.org; h=from:subject:message-id; bh=tjbWwPwmImMptyDPc55s3c7Oj7q65gF9QqqfPkrYo0c=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/6AHYHf7W6pdvodyEwO+Essp58pjlzx9Bd3yyH N/jhqSqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS/+gAKCRAk1otyXVSH0A47B/ sE/DNEBmtyZi27FTcHyMq2hTww99gioyBIL60ulWDm1glKQO1pj1+h/N6/IdTwgDYIA/J7zwO5B+rA EACRzKbOspBdaKgPGAu3qgY8KkuQ6xCnO7pgYVjlZc2Z7t+otM6GWnPd3fAv3rDXKRGoU7IwL6AL/M r+JUmgGZ3dHg4GOel9YrtAW9w/cpBagnUkKV7K8rYVunarnUGe6P4zK+gFkxTwv5IlfZHcojaEWUSf uTjwPwfL1yJl+zCdQgnRJejY85VLVYOD+Jjv1PNoJAJO8t6YZdmYvne4r88CHCniHExK/Bs5OMIRKr /GrENFHK36+hqocZgHmnv5qePOPi2I X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774954741603590693 X-GMAIL-MSGID: 1774954741603590693 GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index d3dd05bbfe23..a5bb00f58108 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -364,6 +364,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1136,6 +1142,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 2ca2973abe66..5b2f238d33be 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1768,6 +1768,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2080,6 +2097,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2162,6 +2183,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, From patchwork Tue Aug 22 13:56:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136602 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3820262vqi; Tue, 22 Aug 2023 11:43:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4LLE63DKkYeYVofhL2npYKm/cZ5NxqGhHoNEr1r9DPchecXJV0rWIvTBMhGuXtu51osZo X-Received: by 2002:a05:6a00:10c8:b0:68a:4103:9938 with SMTP id d8-20020a056a0010c800b0068a41039938mr6586180pfu.0.1692729808279; Tue, 22 Aug 2023 11:43:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692729808; cv=none; d=google.com; s=arc-20160816; b=vYY2eitDmYFpYySFMuJ4SlHZ9Msxzx+96dFZAa7tVMrHoH924RHjf7yp3GznvcI8sg E4FPa/svP24+45fC/0arpX3OqlEI5N1f3/4xz+8AMVD9rQyOGANNBiKhHxuGJ0W2E6GB 05zVxr+SfUNvSGHzbOkN8W2SG5bqq9Q19Q7b2R4znJjc6TP/KFEz20Bzn3yptxAaYLMS rDYufn2PC5eyjFv0w1WQW6iicjNcbQ9G1JaFMxMQ/8oy3/RNb10qWFYs+HzJO/0quERf tXUGg7NRor1pnqk+T2gI3i3d5pO6qhdiYGI9fccIgdc0rRqrgXRtQRWuN2Kprrnvti3s 5rBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=GVW/Wb+UQgRbZFsiBWrQq9WDN9Jw1tFXrIhcblQEjIs=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=V4esf0cUCVXcM9zbcZpqll7Wuu0rJ81cvmhDiB5udcrAxxS5edWOvUF6Rto9HScG6y BhYDQV3QrFU2GRNhIK5LE6FsPFZBYtsrcanuilUXidNMS86qb7OVxw/w7ocMAe6YwUjX sfP4ZrM5kwvvGq/BP+xK97674fSy1aEX8G3uAnlpH35sDDd4HZbhy55r6Ss3uPkPZZv7 gS7e/tMXmJAk/9cdv0G96HotOvEadZg6BuencOVSFWhenD4jyQ8YwSZgfdJ6hx21THva rZS7xxU7YWQqgeUHS5vWE018qV+IOqN+BHZN5JpPsJv76J7viaAzwul7QfcbGnHTXz42 Wa9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VFvp4KQn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id cl4-20020a056a0032c400b0066e96a581c8si9562487pfb.261.2023.08.22.11.43.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 11:43:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VFvp4KQn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 29F6F5CFA0; Tue, 22 Aug 2023 10:27:56 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236204AbjHVOFP (ORCPT + 99 others); Tue, 22 Aug 2023 10:05:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60764 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236354AbjHVOFL (ORCPT ); Tue, 22 Aug 2023 10:05:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03843E46; Tue, 22 Aug 2023 07:04:50 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3CC1F6572D; Tue, 22 Aug 2023 14:04:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CA557C433C8; Tue, 22 Aug 2023 14:04:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713088; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VFvp4KQnPyU2rWEfjMMrh+j9Lx2GSKt7vrJSKS6QpMLJ5ThXjdS81B7yXUnwegUCG UNPeiT2uXRIR7zF29isIbOv1B5b10NMFx+loedPnhg+/G3Vu+anfvZSk/gfLQZ1AIz xA4dppy8Q6L1uUDDzbydR17zlvTgp9gKggKKyaFrlBK3C/o0zfeR9wYjF/czlR7eJb JjpHZrGcHbHFJy0xQu98hTDXoPOZa3pXy5+pDYi+duYDDJEj1vDunL3PEONor2wn6K FHmZsX9FlLK2tBH8OAczAGU/2uc9zW3TM+8tKoZJQ7Za2z+Ot0tUJ/ykM/kmEoqGCU AIT2kCOmHUuIg== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:50 +0100 Subject: [PATCH v5 17/37] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-17-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=sSLA8c9zD81mYMEEIJgpRALMzE62vMXK9V14WuQWjaE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5L/91gGtCTa81js6HUfc/KOxz76ZImClOzmKE3PL n6kyoR2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOS//QAKCRAk1otyXVSH0A6/B/ 9WTHcev1+Jc8U6IHhxNKxL9A//TRcWISzTvABnCwLPHQJeNv7c0ag/W7YsnAy3/83D6IoWNpUYVLjq u8teZ0BKbmIOkfWdfbDgQypF14UsWn8WcsSlnQ9xcYNGmLZ3a7GjDfYftdeplq2rB3IJCzOabnYR2q 7VWIPho8MSr7iwfzugxrD3AbogETKz9QK9rzYe7fSXDPvTxuBJWSX8rzEMzIOaflFVguj7ZaI7cybn lzd/B0YeXDYBe4i3xSorAVpiBVZ7XgC3+x96c0rfFVpW2hhSOAR1TXs3AOYCR+ZUpxA18wfD7OZLsz WZC+qX328xIjTyrDsacGCWcWtTylKd X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774955851417338953 X-GMAIL-MSGID: 1774955851417338953 A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 6b2e0c367702..4d86216962e5 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -400,6 +400,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -442,6 +451,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -621,6 +633,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -701,6 +721,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 8b70759cdbb9..65dab959f620 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -884,6 +894,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Tue Aug 22 13:56:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136558 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3713431vqi; Tue, 22 Aug 2023 08:45:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGVaUAaOIPNmLrYPC8wxIhtcgQzKabHc3MRhMZtjIsihJ3vOh/dvR8PMTrw2wLn8kwD2q0O X-Received: by 2002:a05:6a20:3d83:b0:133:6219:15e2 with SMTP id s3-20020a056a203d8300b00133621915e2mr13764434pzi.21.1692719115111; Tue, 22 Aug 2023 08:45:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692719115; cv=none; d=google.com; s=arc-20160816; b=W1PXAMRd7bGkwOGDrAU5hlcWBK5avchUN90yj8HxgHO26VDHAsiFakXHTmamzBdGx3 83JyUs0JG/KEmjDnsWLEEl6Pc0wVXoux39SSy4Vvcry9vRVsEHO+1UiaXn5oOb3T6TiO Qzq+ThIi3NbU2B4CcL5cffPtXuWkPLl0M3QybfLdOTZlgVJ9iqce8Eu7smw4W/U3g7cR vQ/graIsQzDEuMtdYnVPkn8A4hLUcSTfh5OV6IrXRzE53PM9KIEaYoZiZUiFB5mqsWPP 1qAqIvzKHgRSBGAnjXhpbZOnxyWcPFp7XOx1h96MbAluCKiX4ZXD9ockcCFb0yKTYpFV GU9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=jqqxR4XARW1rUHakRYBlw+bU+9kC7PaRHNoeI3Q33yI=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=oMWVqZqVFHuqj8zO3bl8BGd89q4Im+sF6vEOOqwnIv37641VginS1sio3VzTPkfvOG o1yuBOyP4k53mrvgZzh+0dNzT7bUlPh4XJyg36LUcRf8D+KiOSIPaxYnxZFgvHW4WPpJ Vco+7AyPa6cD+Zs1Jp96OPAeUGy2BaxN9zKS4nX+oDcUA69VmwC5W5qv5SlamN3ZsYdR RlyKf7uMpWU/Z4Hdts2PL744+fW2kx2Ll4sYIsmnLyv2uhE0thwIcC92g23aCxH6xHDS shUIXFc+3+of0i+PSRKudjlV5RcHCieeKPyy5qvSVJAmzcc+ct/x2XK5SOGUBrfKx2Jg lrBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=apmSXf70; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id br7-20020a056a00440700b0068a47fe470csi4863651pfb.200.2023.08.22.08.44.53; Tue, 22 Aug 2023 08:45:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=apmSXf70; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236491AbjHVOHP (ORCPT + 99 others); Tue, 22 Aug 2023 10:07:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236499AbjHVOHM (ORCPT ); Tue, 22 Aug 2023 10:07:12 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9A40C10C0; Tue, 22 Aug 2023 07:06:44 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1B82C6572D; Tue, 22 Aug 2023 14:05:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A035FC433C9; Tue, 22 Aug 2023 14:05:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713113; bh=wOX/VCidy7u5iRp7jBzI1P7kDYiqBOUXs9IWPVUSObE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=apmSXf70i+L2CfCRz42YhP1pkXCBW8zxOoSAszXGPD6JyVqTj0ly+IxPBY5nE/2yS pneznh6M4XSaoTsMNELVPJL/XORyPibcdwVz5zCz4cE7Ut6tu2oD2FGaxtO01/juGa 0AndYXALyRcMZhtNeBxpzmvYkNkKt4u6AhaJYnjLGYbzGiZ6mKHhT2G5gbw3B/Ox9A cnmaX3vyQF2cmcvZ9zrn/lRVXZh8Zg52hFtIMJlYWk0TZGYGMQGFBs2sPSwOBi3vAw SK9vHl5fi+0PimT2GL2p2hVG05NLnQw24S1wUzBMZmIz6hZA17A2HMrQj0gc+lDHQu qqIPHOS3f5S0w== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:54 +0100 Subject: [PATCH v5 21/37] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-21-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5673; i=broonie@kernel.org; h=from:subject:message-id; bh=wOX/VCidy7u5iRp7jBzI1P7kDYiqBOUXs9IWPVUSObE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAA2xXU0yOlZuLfjAjUHXBIFEmNGeUAu5yPZAcb hB8xI5mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTAAAAKCRAk1otyXVSH0JrtB/ 9wcNsUF8PghBmNZpEF7fn73il0mXg+vUlQy+1+X2sjHfJLltiZBoSsDu07/any1RTGyLgpQGTl3C2S Ns3AQV03nr6RqnTNSnxUeYrbtTsAJjq+lV/f72XH2eLjA74KWQ2xKYj1nZ9+BqetsMWZQF2Mc80Vln d8RXI07c4O5cGMYoW3uvvkYHAHVpTAlXXDv+xpTIvTtSS2p9zIEdk611xwk2FAZV5E1zXMYkWrmtdh DzVpkMZcbHMD6BvC5JBpF9lP9sJfTe7dw3S5qsIrfZKqJmFt1DoVi1+g0pp55+ranSbsRgYZyDgULE euQstx5ph7QA8i6DtFq28FcNRG86QU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774944638885451091 X-GMAIL-MSGID: 1774944638885451091 Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 4371a2f99b4a..c150e76869a1 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,6 +48,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -61,6 +64,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags, size_t size); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -76,6 +93,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c28681cf9721..029d20ea7878 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index cb0a64bf90af..2b2223b13fc3 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -84,3 +84,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Tue Aug 22 13:56:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136549 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3671917vqi; Tue, 22 Aug 2023 07:43:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHmhSadR+DKwobnv4f1g9NDxpEpJcC7utFJphib6CBAHqf3I2CUyQYpF9XHd2JMUUukgWCj X-Received: by 2002:aa7:d7d4:0:b0:522:2ba9:6fce with SMTP id e20-20020aa7d7d4000000b005222ba96fcemr7125305eds.8.1692715411265; Tue, 22 Aug 2023 07:43:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692715411; cv=none; d=google.com; s=arc-20160816; b=GnbXI7CFhvlIPYDDj+qyfy4YYWO0p3hs/v5IpDLGHZtZVhlMuDsvX5fl4JN5N3cg2g YnlFa8bvh83IsC1QaypqNFQP3vfHpoNqgCXXeBH45wO2whWBZJkVeGGSpl20bgkR3ECQ kRzjpMux2Z+REZYGThZHRYJonhTQDjke5uYu7ml5xnecJMn7iH+04q4nC8pucQG3WzF2 gFArcw6rcud/kFpxnVAkePrTMpUrGTV8WgbmoQkvsbZ73h3l8Q1s2JZ7+iPbe3BWd0IE 4OVlY4hGiPZoh1bogBYfOPrnYaOcA7J2JkPy+SD13DW6cC99cVpnnbJUAA5v0u1QAFJt f3aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=xCS6oO96mMNygXjkUYGClWFjgA3dbpPZR7bvhgrLE4c=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=rAWSuEdKcZcvrIZdEIngYTNG+F4NHur4QKP3sUTI73JIWi/uAPapkkAVCk4NXMszqP h5oIsZXzRz7BZGsp8KDEs+28f+OQZkG5XEl5ZFzVpqHHwW0PB0WamOOt+Eu5j0mcnawP hAS0qRVaZWpjxinbtYCvZf6uv/gSbx8Fen6DW37kBnek8FCoN6udj2HUe8f8iUH7GRAI qQmO9hT+ZB7DJ2mImFb63k5mUsv4ez5HiquSTUcSWpT99EWmiXVzAHN1qqglLCkzBcfH sUWxszB11rShu5OjXBgHyTYUUw6jjQsv3lNMXBw0Pettkd5FkJBQXUGVZr/MeceJSwVE Yr2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uV47zMyN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p5-20020a056402044500b00521e784bbbesi7466226edw.15.2023.08.22.07.43.05; Tue, 22 Aug 2023 07:43:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uV47zMyN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232957AbjHVOGQ (ORCPT + 99 others); Tue, 22 Aug 2023 10:06:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233337AbjHVOGI (ORCPT ); Tue, 22 Aug 2023 10:06:08 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EFD9E56; Tue, 22 Aug 2023 07:05:42 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D3067649B4; Tue, 22 Aug 2023 14:05:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54D3CC433C7; Tue, 22 Aug 2023 14:05:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713132; bh=oHAoMyZjF9g9W2qKAKfFFNVap7j750I1wK7h+SBfGKM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uV47zMyNVSy8lZoEqOFp/weZrgIWcrdmMRDiveKCVZQndjxELzRXvFwV375l1ULG9 NxC3UN1CfZIPv5jxt4Yn3UCNv5ohrIrEOq5Z9gwKZh/QfoP73v897TbKjGTJPLgp7e knqzGb80zdsUBmK3q30iN5QCO6C2OTdqNzZ6ieAIywu7McPLWfzHcjwSmQGVyAfZRe Pr0rEM9wgopdS2QkbGgRAPKdLOLVILjY2Q77kdpU7LHBveB4MIPH8WUvBK939vwhG3 HtsC3PqrX9/PbfRXyQfq778E5ISQZLmyoz/F7g6t2LCYJ+BnjUJDqf13NCgHDNRfaP yJFQ/8TejBicw== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:57 +0100 Subject: [PATCH v5 24/37] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-24-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=oHAoMyZjF9g9W2qKAKfFFNVap7j750I1wK7h+SBfGKM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MACn9EM8kDg4Zd3ABXmAqIDrZFZKjm8ByzT0FPn wa1aYZ2JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTAAgAKCRAk1otyXVSH0GpaB/ 9Q9EST0r4US0yp6YSqWBa/X5sqL9DzJGuN65ghuYKH6I/9GnJA9X05tAFD18Y8pVaTr5eqVhd8kdLR GS1gSb0sAZyxgOHjScDx2UIHcqBnAdRbAsRtx7osjPHuZocaqeYe2dstvM5jS75++IU1WiCgdSLhXr RY6FsHcS+WW6Sw/Euai/4J/VSJmkpdlnE1lkUB1PDIJeo22GfNCFB0dFM1vaqs5WYqF46KY4Ha/AWF m82DuyoKwhlI7woW+z61J3H9MqYAJFOfjW2JYzBU/+JAsG4NADaHMZ/7VOiTmhYhD2bULjHLdaOO9B u3vDP0dEBlB9/4zoY62abIFNV8i05P X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774940754912979627 X-GMAIL-MSGID: 1774940754912979627 Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 97004c52aea3..78370cf9576a 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -87,6 +87,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -213,6 +214,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -605,6 +608,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -621,6 +700,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -715,6 +795,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -834,6 +925,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -948,6 +1042,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1041,6 +1142,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Tue Aug 22 13:56:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136550 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3679889vqi; Tue, 22 Aug 2023 07:57:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGd7uSYkZLb27HApDs5Oy9KjP4mlzHBYozhfRYc1xVEF9NwaxSNtDQcAi1thhRNFWTGNb/l X-Received: by 2002:a17:906:846b:b0:9a1:b528:d0f6 with SMTP id hx11-20020a170906846b00b009a1b528d0f6mr3082447ejc.27.1692716277299; Tue, 22 Aug 2023 07:57:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692716277; cv=none; d=google.com; s=arc-20160816; b=IMSi7nme5wkpZWqRzQOw3tF5EOyXhc7DzeCZG1mZONNMLcWIde071tdURhs4+AH0NK 4RIxw3Ds7KPsJdXF+fveaJCsygreT3k1qFGjXgpcMUcDmzeYAhjGlcxYWQBesERAz8+O Yv62Abw4BBCi2QjRrUPt31hQAfk4UpwQMih/oth+RVQIVRMlX0lTE2WCDDCtS78sxPHR F8heuWQ0I7xwpAQXiTNKS6EwGKkuqJPnxAcmSoCY8C2F2KHmcD5Vgx8Co/3CvEHwGXqr dJyORUlzVcNcV2Jau9PvxFMSokYvyE7EFz2J/vzK83t+JCRFCTCEQ/UCb86S6BQYqIf7 QdIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=rBUveOFNyLmKHpyboESrLGoDgyUMFgFTlL3hGsNHemk=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=P9aW+37Yg5hPWXZVB9Dl8AL4F+Av3ftWTqquntBTipi9RFRKlx5EBlEr0U3qdtM0Xm DjgRroQ/8aVdWblQ2NSLMfilMasPJA0nPkz7/NtfGD7Px0NaADl7AYHWgUJGA1mlQJtI QrThQLfRlW33Fwczyjae6SDLieBStr8/iLHeLBcQUIdj1KHanT3VI6tiIyY/KGiaxbUL hkCiCui02VR9n6QAknbHjDvehqTOvwFgZBc1xNmkvkfT6zUPlWYzBfPlbkZJGCZ95vQM 7xKhA2VlosEI9BUF4m8Lsh/xmHzNLtOqM1kjXzdonWzIXN5fn5lNTbu/PvR0QuqnynNv ORtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KI9BiFgE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w15-20020a170906b18f00b0098df1cbe2acsi8037801ejy.997.2023.08.22.07.57.30; Tue, 22 Aug 2023 07:57:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KI9BiFgE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234951AbjHVOHH (ORCPT + 99 others); Tue, 22 Aug 2023 10:07:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233411AbjHVOHF (ORCPT ); Tue, 22 Aug 2023 10:07:05 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BB20E6F; Tue, 22 Aug 2023 07:06:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EFFD665433; Tue, 22 Aug 2023 14:05:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85016C433CA; Tue, 22 Aug 2023 14:05:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713138; bh=DpZhswk3pFnI/AW797F4UsIB+Gb0Tunks8tC2WEtzQY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=KI9BiFgEPLnl0qQJLEI+qSuGWe/L9LZyjFgjB9jr5fxGDXI9pth2VTDN7uPhQohQr FPROvWnamDdcixi9r9PLXzgy7fBu1IASt0nBftU/a+CrePaR4k+uwV6Qm3QLV3wceE G+xRSjpd3Febv1tw1YY/fPGfGAjXXprlmT+5ZL9QxOqpTNB4/vpKMo8r8N42EhhTdn dcxnC2nJXk0dlJSiE/jbqdwc1gqpHyqUJi3f1xxdvdaYKlle8unIsiODLk1W8yFPNE ty8akJsFZuQUWrp7A/ufu8MjgvLkTqGhrMJnBxxnMmfU043269sIcHsmKZPjBcPDHW riyQrtp6iKh8g== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:58 +0100 Subject: [PATCH v5 25/37] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-25-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=DpZhswk3pFnI/AW797F4UsIB+Gb0Tunks8tC2WEtzQY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAD4UAuvxPCD+2JS/1OYO1FSVdbr2FHfLZY2xqB xvsTtfOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTAAwAKCRAk1otyXVSH0Lv4B/ 90Fqj+pTPrC/kAVg7I0H0jlhgLYerpXbxl/3W5uR9/E9BxRJzwjqwMKuibxpRI18gc7vazYb560u+o TdllO1UdCgUHyuyYTi+zHu2FRjhPDDJVrp9LnGebV9afCbvZtI3iAqIV30KRZTT9iXWXq5NSxNRCFf sHq9rxGA4snGp0pKG4RnYt4HWH4KHBeTucSGJEGOt1S2LLEsk0AmjNO3BjP4gpY2IccsNGfnp6Zni0 6U8db/6Vp/yjXq4JsER/LNeCm9rUfwKaPFDYoBLgpOFlRFNDYa+Ou7wBmbn/naBnp2Y2+G3sWdCDU8 /PB6fkyY7lP10BIhQnIlA9YhiY9WN3 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774941663600530944 X-GMAIL-MSGID: 1774941663600530944 Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 187aa2b175b4..308a8a149717 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1408,6 +1409,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1436,6 +1482,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1586,6 +1635,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 0c8cf359ea5b..00f698a2ab17 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -438,6 +438,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Tue Aug 22 13:56:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136557 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3709852vqi; Tue, 22 Aug 2023 08:39:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHqm7E+mVIQrSwLDj7HGbpAseE+7Fkjuf847mE9IADUd9ArlJfsr7s1R9H4Rtvsb+V2fuec X-Received: by 2002:a05:6e02:1bcc:b0:348:ac7f:69a2 with SMTP id x12-20020a056e021bcc00b00348ac7f69a2mr63516ilv.15.1692718775191; Tue, 22 Aug 2023 08:39:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692718775; cv=none; d=google.com; s=arc-20160816; b=CwVkQQIoHKbsRIumEjUE10xUjkrZsm2XtLiyzH5IPN0ZIc/vLamqAaFZ/ep8O3YBf4 YeU9EcB69mgKZwnOaaQxJIv8+nomJzQMCT3ZPQ3XmcUZ64aK4qSGQyJEYZls6n+ujg30 w2e+bKLnVz1/7oXG7YLIhIY9/TKB8kBbPseRZMe1xMnfAl6Z1uYd3IghGMcNoRAqEYH9 YrTTPnoMb9xEt9zQTaorP0tctaQePGn/pH54WbpJ2e8i0CLl2h5OY4nrPsc6dy2GAME7 GGpS8y20CmKxUMUFqjg0JIkcpRhijUvBIjZkA/9NqiMOaqIH7Kl+ejYRWKkTVfFaDnXP rKoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=BnTPNnb7vLdvFR5WbrJlLKVTi36UZPFC5Hk16d0IDAo=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=CIznEd7zMzf5FLDaRMEMmOQxNPNJ7LVBELNqF4mkPflm6hUQqaKft0LWy8igzVVBoN oksMXlMLG/v86apyUN4M6KiK7IoL6K/A0TM74d3aAOewcDCVaA49vRnwzF+RxMd+Fze6 A88UyPAbHmOzzOCQtctNne4j8jKmVIW5X3xRcxYz/kVziPpoFzrWQsSwV7fTLavdllY3 dtLGRWqrb0PjbMuPBDjyhvBVldk3xGsubG18mxbNLk3IQhtWapRCPv31vPBg/zYN/hnq uN3SZaGeRm5z5SXKeUYScfbyeLazHuRmcfeh3kWMCLZyJbiOV7DhmfUs/hpMj5szvKPG IrNw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dIUxNRrQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v202-20020a6361d3000000b0056c2845f076si4712863pgb.17.2023.08.22.08.39.21; Tue, 22 Aug 2023 08:39:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dIUxNRrQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236463AbjHVOGS (ORCPT + 99 others); Tue, 22 Aug 2023 10:06:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236455AbjHVOGM (ORCPT ); Tue, 22 Aug 2023 10:06:12 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2652E40; Tue, 22 Aug 2023 07:05:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EDB996546C; Tue, 22 Aug 2023 14:05:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2EEFC433CD; Tue, 22 Aug 2023 14:05:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713145; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=dIUxNRrQkD1AC9FBGH+9l0U9ZvUnTLslHNuzmoBYliSNiMjoHbh5dJU/cPaxEgnvQ fMyAmRdE1xxwHRmv2U0FDuaP0YabymuRE8p0HIUJdDHdd18evke32ASlni9odJAKqm kJOGYpk59tFXT22PC74wYB0KIJoWfCpeiU5hhDWUB9vH/IwGogNDkAhhlDJaR2e373 LaFNUIb/I4uzxYcTrr/taSDf1/Nn2KftPmQOmW8Q1wQ8E6JrC7klyzXff58QuUzCTL c3dqlJL3znAzBR6J4dn2qXFtJNYquax4v2ho5W2IWp4/tesIKEI19VWSJXP5CLEOMF 0fTJUjT2+MvZA== From: Mark Brown Date: Tue, 22 Aug 2023 14:56:59 +0100 Subject: [PATCH v5 26/37] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-26-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1334; i=broonie@kernel.org; h=from:subject:message-id; bh=H5XnWdFwxjuGxEH72kUlpbP8cfBTQj97MLlaTYR448U=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAEgUhGnrifDQTFSNQG5IJMFO4vUClMyRD9oH4B Sm9h0T+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTABAAKCRAk1otyXVSH0JoWB/ 4ztlxfSdMS7IVWSbChfjGpFHRePzfGZHEaisYlp3k0kgZx8bcwjiV3o02hzm5zftIak8w79jWQSmd3 aN3YkxU5jhpqq63aESrUMuKSdYOeIUwRDsu+s8slntzbARzAKK5Efjuzees8q/RKdd91jRnEOBAxgD HUsvaCGLSybMULc1imROdMfNWAef8n0HAHB6WQCtfcoBe7Pmv6V2eFz++vPOyyYRthGKShLfjHO9CF joqJBr0GX+lqZ//ckS4sVPKa8Aop/jc6SHwCaKJ1UCZx+6yMg1Q1o1EuCa3Mad1di9PSbfEMe6d6Qf 5Zt2G62F0VAglOrKBiG+LBDf7/bObx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774944282371434102 X-GMAIL-MSGID: 1774944282371434102 Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index a2511b30d0f6..b5ef1a698770 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2093,6 +2093,25 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Tue Aug 22 13:57:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136577 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3789805vqi; Tue, 22 Aug 2023 10:49:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGSKf0j5yunCoBKkjS9WBnfm/7HZLyZXa74Huf5Kh7cGFAPQUsOhtn3+vbeUg4VXmoO4EBi X-Received: by 2002:a05:6a20:3d20:b0:137:2f8c:fab0 with SMTP id y32-20020a056a203d2000b001372f8cfab0mr10172965pzi.49.1692726547242; Tue, 22 Aug 2023 10:49:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692726547; cv=none; d=google.com; s=arc-20160816; b=S5xopeDMMA/xpDAORdmiSqIWTFS4FHQJxXjOamBu3xUvhwHyv76vifMSqTjagC792W 9lcTBfVnACE5hVxTMAd5asDygIFZ/FqBLM1Tj4FgcGlDWw114hrMhj7NMAgyVJ7hbBjU yKZ7BdpG8cFplAZL6kaL92gdRGATYrHTfLMfm438GBIMqoGa8KR7RFM4HBicyOlXyh9x oqXuvpxwsc9gCbHRvFR5dwZQcxsNOUdjdXiRELZIVm+QZ98vAqL5GaigZ5TFIRs5L1lW J3u+C9hQeVitU6QaC3TzSt8FW/Ay2wYEBPxuvQ44dS2y4IqAzfqvrte/NUzIOQj7d/JP C/Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=VZa+yVxoJy4ei1p3UG9WfSrCLoFBnIYNn1ZiZhJXbbg=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=IcUIm40d4l04EjoAVZdeADY4Bs44CBMz6n9ivtz4yE1+4herp/xipBVCR4wW3lzc/v p9+IQIWDZHGoBKFqKqRVPaTSOF801zvZLdbpwWQu87HsMjhmKtoLR+EYB2RGLSERgq/8 iLSpaolB7HyjIhIreifW6K5RUEZmPVjEFABGh54V7gYpot9wLqgvnGkFUddxpVqR/HcQ GeGVLZ/M080k9EEo7QuqNEgGHp2R75DRvZwozSPqtTMK99N4A9I0XI5S2K4T0k8cfHPX 6K8DRQZWGdFXHSUZY0YO2r+GCYXFcydqDJS3oD3RD9qrcsonDrNclspms1C0iWXlDfIp yLeg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gP9A+b1H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id bw8-20020a056a00408800b0068a6294e632si2550810pfb.186.2023.08.22.10.49.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 10:49:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gP9A+b1H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 8777E7D83; Tue, 22 Aug 2023 10:17:57 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233273AbjHVOUb (ORCPT + 99 others); Tue, 22 Aug 2023 10:20:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235340AbjHVOUb (ORCPT ); Tue, 22 Aug 2023 10:20:31 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B571B1BE; Tue, 22 Aug 2023 07:20:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0B3C664451; Tue, 22 Aug 2023 14:05:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 41D76C433CA; Tue, 22 Aug 2023 14:05:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713158; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gP9A+b1HzhHJiT1F4bdDZzJB+Kw0p+eXo0v/P+dPIVFOsxYSgHcC0CP9RO6rXtxWR hMKxtPAnwCepSywokGXiKPaFD05t8txpPLEP64kXEVWLBqUvUjJRy9oUPmIFRia1r4 b+uutZgItL7Z5SFOuIQynsUG5fILGtGaqNntU04ub0rJ3bQxNrF8WprpJzNyzlFdv6 /9lRarB/6pp5xQ2/ef9T8/uTNBwOqyVmBimCA6JBAfH13lvzeoPZf6jkVFTEZBUM8/ N/VijmrLALPIiriMal7i4Ilox18fjOQl0dhXD4e/jA75oFmKWm+RhgrRKFkQLUQTFa 32TBOYqFOhLzg== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:01 +0100 Subject: [PATCH v5 28/37] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-28-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=Go+3eKanODPQVKnV1QnMIrC75/lXwO2PkPnkMfOn2oA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAFQYUTz//x5ckqwC2O/FhWGiN1vKBvthv6xsqS x0RUTwqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTABQAKCRAk1otyXVSH0EgYB/ 93+Qd6TuAOmA1X1TNTKSnDg5urc26kXvTXggBZyppzFFhBTKiFjvBnXDxlq6IbK0FnJIHL9Stz+fqh MTf6riUSqW1bQkCHuGFXXtKwq4P7Nv4qAeJOXoj2gtuDfnQNzBuLHvewcxbyUpaH74WocVn4s5k53F a29PA6NMFb3UsfeH0k+h3WehfkJe6ph8o7uHn0h2lgRjEfWdN8BFLOsY69BIpulERd0AToy1zxOVlB 1vMEq71vTGn446QjiJPAR5nDEOxfYBU3KUcsTUOUMCWPYHp+hYlTLMcF+NeKiLoqv1/4I+NKaD0NO/ xNrl5pV/0cJ8ej3Lc5v+Fxqw7JOK9A X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774952431786248684 X-GMAIL-MSGID: 1774952431786248684 In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Tue Aug 22 13:57:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136597 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3817369vqi; Tue, 22 Aug 2023 11:36:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHNcxz9acvq7uK19Dm/bJVN+sR/TIdxzhfyxIZLpAWqFQPclPV/SG1zPu/MG3GbDCjqEO/4 X-Received: by 2002:a17:902:eb46:b0:1bf:6aed:5cd3 with SMTP id i6-20020a170902eb4600b001bf6aed5cd3mr6539513pli.52.1692729408606; Tue, 22 Aug 2023 11:36:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692729408; cv=none; d=google.com; s=arc-20160816; b=QdqgQ1Yi7kOMpMYT4pO4HaX4hwPEx3fBoFV8XAU4mAxBGpcDelzdaMZNvYMT/a657o TE8JL7lI1Nk5pOhtpBfGa3jZ0Zzsrq1G6NGsWK+V8QeQ8VSkW7D6UKo98lBo5JEbbd0+ pxw++lt+L9uZKR+pME1guXDCCw4HgJO6ed5yVnBz2P4hYw7FMLJkdUWkANYnHWYTsDaJ upSSZYlsrWkJEf3uciq/QZEf1aG/f9MrejEfcdJWv01Qo3/JoERAJ0uagpyJOrOnxLlu 9edm7KPoKTvLcf/FN0CJ/Y2hUNy9R0ffYJV52ZBsy+bTzMaVSMilAnfrFG2/NcObOmjA VCYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=TaUp99b44iUnlMtvSudETccqnnb9sSnSJn4v5t3dhRw=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=FpM8SGFOHfKCw7TJDElAGvvP5PfJwIEqjJ5fcXBgojwx9gu2JaNt6OKevaY43UYydt ORfe4qePw9yZBf7hsGZqojSO5o+o3k9G6yYvo2BTSXKore4CqsuX86xJClskTd7AkJs5 5mrLcygkNkgCJxKeHCjaqXyLuTOrB34oeIAWdzmwM1gMTKQ38hNxFAgqLVtSE60aqb7e DTam0AAcYUUEXCDesmaU8iHyQW1C2VEmJQuOaLNrm3nNtLGpkvYWYA3MT7crMz8s64Lg yNlEmE/dC6M9nP+yoxxh8BcVQ04FXxKc6brHwbrK2sps24mXrM2jByAK+R8e6bdfIIgD B26w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gtfQ2eW3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id x1-20020a170902ec8100b001c0953d0055si1242893plg.262.2023.08.22.11.36.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 11:36:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=gtfQ2eW3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 68B0650B3C; Tue, 22 Aug 2023 10:26:28 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232069AbjHVOHx (ORCPT + 99 others); Tue, 22 Aug 2023 10:07:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236003AbjHVOHt (ORCPT ); Tue, 22 Aug 2023 10:07:49 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43866E54; Tue, 22 Aug 2023 07:07:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9E941657EB; Tue, 22 Aug 2023 14:06:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D456BC433C9; Tue, 22 Aug 2023 14:06:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713174; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=gtfQ2eW31f6EPU9vC6jaCRN6ETmWtVfR2JPeox/XV6bFDROD9T8s41V0GwPsdAem6 7LDDumT9QjrJcQxARUyWQrdQ8r2+ycpGiVtD9zW3j1SpgBIAdcfjlrnB5t078QEBJ/ DD4Xmy3gAmUpRwzV8Ub8mq5ZUD9oQF9PMPUQaf+wL1MnA7IXwexTme3IzgczB1tiTb ksrN+PpzLSpiSCNVo4IchLh16Xn+sbaI3igTa9UuBzQiWj7FjIxDIc0+1YhWosYP8D J6SXnLIBasAt6auBVfvnhR6k6LIrvw5dKo7urlKjiztwctP+QP9e2gd0bukiQOSW/e H582JM0FJVAqQ== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:03 +0100 Subject: [PATCH v5 30/37] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-30-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=JCh6BoCIOxePO8zZIr/FO/CERnc7ZRYHEz9dpM/Qpg4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAHcjsNO7smB/74EiLS77FhppKM7afGt2YS6K5l nBpEcyaJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTABwAKCRAk1otyXVSH0OtxB/ 4jPEVKdIAA0EEkMwF/8Q0alre/8aJFx1dJApbT94iIbPK0Y4+ycUhtoft7gWrnvejV/z1RAHs+lpww xZNxzxjleB1SeaTkhxO0iU5fieOPtAeMQZNkZCIAqM/LttFE3qr5bqvbLVqp0a9kADY1UcsSurmssy hDnQRZtJ8fbUNg7WzFAMkDvUqMwPkJnBHyduNhextwpvEXcDcrFoUGUb3Yj0qVbXqmrN+Jfx1oreqs y79wUbM4DcNg6qdoOPdeF0qSMk3mPWa0J+vornvymgF44G3A7Z0TfmyGnJt7El3KWQTFtyEShTbFOH 3fkRz7gP+qwymWNRCDfIDUHfizUtAq X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774955432300906469 X-GMAIL-MSGID: 1774955432300906469 Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Tue Aug 22 13:57:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136551 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3687687vqi; Tue, 22 Aug 2023 08:07:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFq9VqyZPmBOEwo5vhGnVIjkq33BlGQBIjMck27Ib8t+/mWecZaaRcCxKGqq/2VpCc/AaTy X-Received: by 2002:a05:6512:32d0:b0:4f9:cd02:4aec with SMTP id f16-20020a05651232d000b004f9cd024aecmr7832306lfg.29.1692716867742; Tue, 22 Aug 2023 08:07:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692716867; cv=none; d=google.com; s=arc-20160816; b=WjEuWb8XF8X05jgaGVoVZe7RC71NKr5WNZRWIlGartFaSzH6NA1wDhLPE/3MOxPVro g/1DCl1sBF9c9PxSSVdQ1puleRzKi4yMpuRQh2ABHdtMhB6n4aEhsTAeNiDNNg751P7E uBjt/wxM5SABxD6Anm/HJ0pTQLMbipzrAfWQs9mAKc18ZIcONMP/mBjH4wFTAZklcP5B DTAKV4ct/fZAhqESeKYr1JUUh4fIBRqCxCbXPvvVPKRyCn2SsxAEBH98ZiNDrkTVjGDV WvD/3ytcH337f4o3/qz81aPVPADmI9UEEJ9jFUTEzEE1GKVC1tJUm7LTHkjwDW9Dn1Cq DLdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=nDVR3fn2xd0MNSzIh34zJUX6KbyaSvUYB+1ILixlbyQ=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=w+SdURMYBlwNXNftJSJZRXyLPP4FPj4/uyXgKfrlA2OVCkx7LSCLj5lBT599LcU0hK ttSWLCfsRdGHj6DSIRReCfG8aoyfOkb3UUXr5TbqwuAbHP8Dn9+TurfxMWETR3glr70z bgeTQMdL1IU+RRBZfhvajbsvm1sofFMVnXEBzEWCINCa5FQgxzbLCTFARirJhdVT4hFC AlM/zCcw9fcUJJArG3ZaI1Qs2EUqLOuhlr1megJBtO6fvnq+47FQlexQEZ6jmdd+0dbj 5FozcvsxEDQQB4s0YuHhhyAbUHa7BC635yWrIQToZZJj87kcaejVXzW7EPQ9jRgmKhzl oNgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="MqAwb/aW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y15-20020aa7d50f000000b00523d1ab159csi7710566edq.674.2023.08.22.08.07.18; Tue, 22 Aug 2023 08:07:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="MqAwb/aW"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235246AbjHVOMf (ORCPT + 99 others); Tue, 22 Aug 2023 10:12:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234115AbjHVOMe (ORCPT ); Tue, 22 Aug 2023 10:12:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5664CF7; Tue, 22 Aug 2023 07:12:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1368C657F2; Tue, 22 Aug 2023 14:06:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B54DBC433CA; Tue, 22 Aug 2023 14:06:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713181; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=MqAwb/aWxREwi9w3daLu0ewAyXCvv6r/RCVXRhhcSOIAkDUF0lGX9nzO4iiqQTH6x AsYtF89WylBwuYjEQf8qAuzSf8g4oVDmufDb8abGzwwdBWy+OhEhFYhFfdfHqa4P/+ jlxNmMfibruPS3XserjLyma1YWPCWPBFF/5Bg7zW+d8uovlRM/WN8201iM6MgJirXG CbL8oShaVgiSN8f4YOBnQ4zm1uJ4EzlzkKkAnLbV1LWFNtkWUQLsPaHja7q7DPhLNI jDheQxm71CxrbYXWYn8aDD3CPMttYd6E7v4eQxNmjx0n1e8k8LUIB28zy8hZH0tW9e G6AsrAEV4ALzQ== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:04 +0100 Subject: [PATCH v5 31/37] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-31-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=Nuasx9Ylf/ySuoGV/J7jU7muHvsTQeng/1l4pki2YVk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAIYtmVyvEH4RH6kobbZ8dzV0Gh6wuRozucrRx7 JOJxU7qJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTACAAKCRAk1otyXVSH0CCEB/ 9N3VecI4j96Dnvvms8ya9WkFGh6Q+CSjjT5/AqC8D3DTGm5A5sBZVKIlFaeCvdh4EB/LeXgLHAXebT 2O38tF8Or4+k4HX6rV9gB+E7oN/Fw/GEPEjINm9fqHQRneMAp36veUqZxzay6pLDW9uLUfQ5SPboIX rxqlKPLBnX217YDQGBzgL2YTTetcZU/iMkZDQ0siZsz2w6Mp2EET9m2X9RIc76wLVEF3woH68SoqGW BsvzbOJPfmzYTZbxJvYsqZCKLfyRaMnp32w7hkRP9EW0AbPC25SpEUEDHLzlPJ4wC7YmQHlLKLok4q UTYrhIX6jwnyJPUXPxpjYgqctF8DuY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774942282180857278 X-GMAIL-MSGID: 1774942282180857278 Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 222093f51b67..1cea64986baa 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -16,6 +16,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Tue Aug 22 13:57:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136546 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3664978vqi; Tue, 22 Aug 2023 07:31:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGBDlPQ5kLgYYv4ar4JMIptEJ8LOXHQT8Y809cxTXdS/OrfiWzLP5/ffbCD09by1jl3jmVk X-Received: by 2002:a05:6a20:3945:b0:140:3554:3f44 with SMTP id r5-20020a056a20394500b0014035543f44mr13638864pzg.22.1692714697468; Tue, 22 Aug 2023 07:31:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692714697; cv=none; d=google.com; s=arc-20160816; b=MbE1f3XjFZjTeZA+ImJhN9k6+815rp9e56VJdlrp2nC0sgX4zfo/ecsr/3E5ausWZZ 0V/s/FB8x+AFuB2Ly6ysUYFB1bu5kYvnO8CBHf20D86DRGeG6HgwZm+UIRjdsGQtt156 qmoQbmGn6mbLB8GdU9xvBXx9cFcSBExMFRWYSTHL5DeVClBrn/g71r6BrCvFs/mXc81c sBEeg5PLezxKg6EQZUYJacqZPxLBBn5hsXItvBYq5Snrn7exHR/nSehxlg2QxdgnpF4/ cNmBEV7MkVmqX0YeM58DEgaZ4fM/oTs0fSUmtDDs6HArYhPoaqWU+6JgwDsJwS/T8wPO rSlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=mVg5lNNwPmOw8uU+Gz7X4e2BpArWtQcspVOOgRt3l3E=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=xNSwSZbwpTccYEZy4pNzIcy/Jjmv75F1xzdXb4EvihgzqYcs5HFXnySnKmMLaK7tEa /8jQvwVvJr77oPYjgnS0+o/vZ1of2FxuoDB0LqvKGmE9CbBUK091vIvFUQg+gReewZ4O LtKnudTrYxXZlFxURiu6at6h9AKXb90OSlSbFQ0BBjjfFrvYJI6N5KzvPnvLjMA/uYzb QqzTzVsynKR9F/vbYkvgcSGswZZD+dekXe/gxJ1xUoI1NAISdTm7jqeKI4sgLK0qLYA1 T0huCb1Hlh/iDs0NTgxuHxjkVY8TSwu8CL1tBN1FTYM4iZbcJ5oneVDcxlFFyJeATs6b 6NAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=luBfV+U8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w71-20020a63824a000000b005667bb2eb0dsi8691009pgd.276.2023.08.22.07.31.22; Tue, 22 Aug 2023 07:31:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=luBfV+U8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233245AbjHVOIA (ORCPT + 99 others); Tue, 22 Aug 2023 10:08:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44582 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236543AbjHVOH6 (ORCPT ); Tue, 22 Aug 2023 10:07:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E3A611BD; Tue, 22 Aug 2023 07:07:35 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A72D162342; Tue, 22 Aug 2023 14:06:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CCBD8C433AB; Tue, 22 Aug 2023 14:06:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713187; bh=2OtNZCRR73e9BT9sCUty0Rswxnw5SlnDqASkhgLcsC0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=luBfV+U8UTgi/C4M8wUKPuUHfcterFmuvkfbSV+imo3y3/7fa3PznVATGiqBRuUac RRUJ/tGe0lYEHy/SYsfRh7AT046Xq98EGMziduvUne8XNI7KCDC+4JtN6FXJhkIq66 YHEarU7He+V9m4rc9pGgRqwB+og/L+hggYRqhw0tQLOigLB89djyKiCgObH03QVsVc ZdD8714M3ndXAGdo51UvJ9uVLfMJkxSWhp+8erWNhMtQz81JCBa3mdi0RMYagZiJei HcbkFXVVII6b/VvRagWP9zd+8nAnMoFpgS3NTdE/Bwy/aO7d6Wuv1bQ+Rc7eHdKlL0 BI7LUjEsKMXqw== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:05 +0100 Subject: [PATCH v5 32/37] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-32-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=13218; i=broonie@kernel.org; h=from:subject:message-id; bh=2OtNZCRR73e9BT9sCUty0Rswxnw5SlnDqASkhgLcsC0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAJVsQnwiegKfVoGsO6rHhyTvkVy178wblgxi1H riXjSVSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTACQAKCRAk1otyXVSH0NV/B/ 4mV+ltQitrM7FIHDKIhAOyXGPywXHETE3NajWJN+Q5k8gkmWnWctZcvmmTK+myduVY2cnuTD8T60se KTcijhOuV8QE3tRyqKyGEYgb2xoxE+XskAzV+BHfvlsZuStasXU4CeyR5AMswbY0yzjOnHy1nkpiJ9 JbASfxLztJ75UWG7ca8qnkC2Erqjv7ENfOAcA4rRpg3tsNdjqpylGTLHJlp4JTdnYVsxk9Cfu8TZRq 2r4Z4DvjyPALXPu0slVbZVTDrSiWNATqi0ed2RmO5M8shWc5ksEbZvT4kpuntxEo2Nw+/gj4N+7NHQ FMVYNJCSflEs4vDl8e0hiVcYtZbQN7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774940006687289390 X-GMAIL-MSGID: 1774940006687289390 This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 356 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 +++++++ 5 files changed, 466 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..0fac554a3c4d --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,356 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..65e6de583506 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Tue Aug 22 13:57:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136559 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3716942vqi; Tue, 22 Aug 2023 08:51:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFQR5+g8DSbjVnl/P5NplCQ2EY6k4Om3hDtaJHJ7EhLGARha6nt1rwL7SaiIHIgTx9Uum/A X-Received: by 2002:a05:6a20:1445:b0:13d:df16:cf29 with SMTP id a5-20020a056a20144500b0013ddf16cf29mr10209027pzi.15.1692719460335; Tue, 22 Aug 2023 08:51:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692719460; cv=none; d=google.com; s=arc-20160816; b=IDU1dKyqNmJr9zzrVounyuFfxFPqiAPuAq6ZZ6bPXcy+juutzhPYJp3BrQObtfrqaR D6xk+CzBzdBzGWbAScKBuqYC6GW40qAfGk345o4gekdbeLoJTEEZgZN+LyDaoacABNDS SZ3xZSsGhVSFk1nkTs2SuDDMGKuti5seDgXg4dCjXpBJKGWDPUAYLhb5p/yoEczaxgMs M/SP1P8yR/3TvyYxSsRqYghtH2bWHBTWKGdbtYnoNCai1y3or/6KQBqmlc/QqBRBVNaP xHNQe7SjgG9/0yCYV34JiB6L5XghM7InJ9tUqmkWR1GGg9ZSFJTBcv8t9gXpMW3Lbf8E IJqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=wVIQOatPna0iFL3WRNbrJxMJgExIxYsZk6uwuE1VaNI=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=FRUToARS+RNqvKhGChHpThaR7PNw4OgoHYYukhkaIoO+J9oYerN7V8sZZJmhS3n5iw 9yXq/lhLQmo3eKlE/25tVYHYsmTz7chhZjq/zjpiTeqQNJ6lb/yS30LqMPw6WGiaL0tq g+/MJUyzEP84KcEptkFxV4Og6IvfDRyIZ47bg8IQ0kgVjD1B4SMf0iT7brPWRaJTAkmM 8i00wLKnHNBDzaoAO5hl1lfrGnBEVThF1WZx8SG/fVAl3B0+QkVEEaRECGvnGbkM0wZM QrHoFGJsaPJ7296HC2y4Mg9eBCIZPsPrZ23jEs1X+pDsaW+XQ9+/XK5rt78RJRy2S3k4 xx5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oGhOPTxr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h21-20020a056a00231500b006872dd77e47si9330126pfh.155.2023.08.22.08.50.45; Tue, 22 Aug 2023 08:51:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=oGhOPTxr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236572AbjHVOIm (ORCPT + 99 others); Tue, 22 Aug 2023 10:08:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236570AbjHVOIZ (ORCPT ); Tue, 22 Aug 2023 10:08:25 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA91210C2; Tue, 22 Aug 2023 07:08:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 6737165779; Tue, 22 Aug 2023 14:06:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E6B23C433CC; Tue, 22 Aug 2023 14:06:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713200; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=oGhOPTxrLq1eKbVQKPaxgctNFLZqJGTIu1jYpH5/KlUWfbHvzUF5qGKSCXOz+e+HK 8q1pBeWvRtSjYsjKGz1CRNBdHgXEwEoyW3e/JtAU1dTn99DFmooTQeI5RMAo02Bdke XDJdb/ojMFNU3FgSmhC8MsEcmznxpvNjj4zzP4fPhFJrbMgtju6z+X+QyI1fqaYw2D IkvnBZAlTvxtQo+o0GubdqPx1wmVffRrvaXxWPf3OPtFo+JuHz3jFtBiSJTxs2Grcx 0PJxqRRszQ99gX04GKzmwsA84WOuC8aPeF6A1yD6rjz8NofdDQrPT/PYL1MoY8pDWu l9oi7emfqpKBg== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:07 +0100 Subject: [PATCH v5 34/37] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-34-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=IP7maWyjZ0dh+q8gDfrxLaUB03tkGEoqGc+9eYXpRWY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MAKy+iQ2AZOug6MVquBG2PZF6HCUevMpNKDceOj 8g+uWMeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTACgAKCRAk1otyXVSH0O5pB/ 45roDlHDGyifEjEoVf2q2HEV20cf7DMj66U8sfuA1zNrPGlrcKbDjwUMN9ygb39pTSUmlv2492Je7p QHEu6L3IVzIFPQR0LkcgMv+gDiwZsOCRMVYdWJ0/pqTtKskyhk8mOUO4plpEma5fI7HeU+LEQj8ET5 XoOEAUS8BSSAEemgkLzBaF1utQHH8P9f//2RLUrVBe7bv2xP/dI2t87s48VBUC0RPN3/24E1aTABl9 8rGGU5dCq/U2iY2ht811cvi3awSNPKPSwjXd0rbNng3Q26b0gEyujWQqgXqgEYTZypudWhW1frLjU6 m2Xtp9BNOT9qPLwYBjFQ/o0CmMDygb X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774945000533289275 X-GMAIL-MSGID: 1774945000533289275 Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Tue Aug 22 13:57:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136565 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3736598vqi; Tue, 22 Aug 2023 09:19:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG+qdS5RqjMwkVFzly/FIFSVPJk47G4a3VjL65yENmHX+NBjaEiD8yHr0dH6C+qFq2EEpNL X-Received: by 2002:a05:6a20:138f:b0:140:bd85:15a5 with SMTP id hn15-20020a056a20138f00b00140bd8515a5mr6767893pzc.39.1692721171103; Tue, 22 Aug 2023 09:19:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692721171; cv=none; d=google.com; s=arc-20160816; b=cK2oH++IGqCO7rTvEzsczu4BWxqyLX0IwafWW2LnRH735QWtJp/9Do7NAX2BzWGMTs /Ul4MA8TIhT7aXTE6hvgs0QerSo5Ws7eSlJ3K7KNKphH3z93gxJa0DQET+DRqVZpiMom /9JJ1lQiPVlk2P91xHPux9Xxr/1yJ7zFGGK5ylQFvbFiEqSsnQOoLeB0wMaL/mTCBWOF m9dG60Dx5XnrbD7PVGO3toBq9n38A15Zl07yGsQyFZiPMZecTi3Ae0QeE2B5A9YAtwDR LTK1e1b8N1HgLoiCbzAqESJNL/HPLQZYDC9FiCYbTOM/7E62lbmwwePRHoqgMEKskXxD W9dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=jIwMC/bqbkUcFEJdr7ERJSD27N7UwacVww2kxw5A5eE=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=ocn1PlJrjAfRYxVNZYQTy0XVmJSm9r/mCUArsxgs4zEdN1b/MTUo5jkhDQGLs/rYYX CeIYousQGFeEGxAO5WU3T9+9FEnM2OkRwlRo0nZGWvFHifMzmaGiKu+WymqX2xhiWmv5 o5DT/QKLKLfkLoIBYtoIfO8WHB+8JIL3k4QIO3YnFjsxN3w2XARcwRtpzTtqfOXBRILk OkdelGptoZPlDd/Zh3lsiL+sI3nWVzOUhJmCJk1nhQB/LaNco7yV5qpP2LWZyM8/zirb UCGrNZZfhcCQNu9EGr757bEHApfQWflch70SCqwz39oY8mdN10YUnOTG/tHyi5ZgFf29 ylow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Vf67Oq+B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a192-20020a6390c9000000b005652bd3d3absi9687538pge.43.2023.08.22.09.19.09; Tue, 22 Aug 2023 09:19:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Vf67Oq+B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236596AbjHVOIo (ORCPT + 99 others); Tue, 22 Aug 2023 10:08:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236629AbjHVOI0 (ORCPT ); Tue, 22 Aug 2023 10:08:26 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5B7110E7; Tue, 22 Aug 2023 07:08:07 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 7934E634F6; Tue, 22 Aug 2023 14:06:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 25486C433BC; Tue, 22 Aug 2023 14:06:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713206; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Vf67Oq+BXJSDpfmdTpFzV7RyrFQOBnbtLpugMJFwwqVZKA4H0j3bpxysoceVemJpD kVeNd3DHr05TMcVL8RHw7zDOkFCcrouGrMvhZ5brLh1D6BrXxZH6hEFFO1bFEwpu13 ccgDUpOTonZ/txRzFQLyu2PFhfLgn7Od66QfQA03TeW+cL3dTWPUbDomYVmEYUY/l6 UGoRLZoygKezwvbIa0vXvYgwxESaAimHaamIrEmvwi9YE3u5hDB0Lfna8dt2VUgMRb Vix9vmRGY18bUA2NP5d3g4ViqzlNl6KulaHLxJ3mQgipygm2ho4WLhy5bUGBeuqcK8 +gIe3Hy82edgA== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:08 +0100 Subject: [PATCH v5 35/37] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-35-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=7313; i=broonie@kernel.org; h=from:subject:message-id; bh=VKZ6TiHFuT5aAiOwah57tTttkzurhwux6QHXIkpaxF8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MALm6KX/GtWe1iKyD4vcolQvfJmaPZitADLUn1G ogI67nWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTACwAKCRAk1otyXVSH0FT4B/ 9/h8W+WhzVsDXWpwyHRrnvMxhXBocAk2NhKtbtx093Z+pzjiVVWNmZ8Qjhtq8hbXXxJiAWwWXmh4g6 Jqp8ffo0w7rEA6vSNFetSzPMGJmeYvDRQfZlbAqbV1/bjgU6ip1X3JzjwIJN1AC30wrW+Yh+Y629SS UlmhVLLAF9vm9wO00xDXSIhTVKSyFBerBhNXKiGZ+gAmoxiOfDX9/37GP2dcpYIkGau0zLl4s0BM0G gI2TWrzQb8fweyOYspKPtn5ZLkGev7uO7bcqHwdvj98vDYJeSSCQrpYAthQU7Wp95CaWqgxjFe3JWS QJIWzU7L42HocPLdFgi8Yo26G1wndp X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774946794589492291 X-GMAIL-MSGID: 1774946794589492291 Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1cea64986baa..d41f237db28d 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include "test_signals.h" @@ -45,6 +46,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Tue Aug 22 13:57:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 136591 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3810509vqi; Tue, 22 Aug 2023 11:24:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEKbitUGNveqeXkmTbGFB2jZuzvVi/NNV3yLmilcLyyMK6pXsUDucEYiyWGBLCldIPAHQhZ X-Received: by 2002:a05:6a21:3d84:b0:13d:ea25:9656 with SMTP id bj4-20020a056a213d8400b0013dea259656mr8333522pzc.60.1692728657005; Tue, 22 Aug 2023 11:24:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692728656; cv=none; d=google.com; s=arc-20160816; b=D3hkXiYzlT8UCzICh/xDgv47m3u5qGyBj63G8ixtkeVWQOrAm6bPjutY0ISSHc3VKj Q/Js9oWtQVYNTXQqtLkd9n8zj65vR8jEOj67FY7uy37Nk/zRuE0xZveTT8FkzHql/kNd 8Jn60iBgoVP2SV/z/dTVhQ4+Q4+YgTLpYckvC1LVE59JtC6gKN/zFXmMKfR5lJ/eHf4E lAFxj80aouTCvFzNMnTcT6pEBTQ/W0l7a62F5i4KHj6lG+Xi0oahjXqnOMmWWR3hQSWI uo3kqFfnn4MM13BdkLac1YcFhXMfZZOEEz8om4TIQSy0Jj7DkCeY4i2WAg9RQmRIfN50 Afsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=c422h9hePWFZGXVEyc1SJULBUM8N+meybf6z8umXg3Q=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=pWtYuGVPwcuZGl9JZJ+abpsNY7lzh0YkfvPszVllCpGk6YBCkYIivrulREZCPNQJIM OOUBxjdVeq8csJPuC6jzBu0rms6xbFLFlkWF1qlQGvdcfVKHqi8CuVZ6HcUarf8FbR6n gFP1Jm0KCu2T3Vv72NPlWsFNa4s/P0mo71QTYRhQr/8RFTYg3hpSWIeGOlpoxgPS5m/C twjfeOXataKj6w/SF0vBni1zw2sUk3oi/CY1h5vafvMnixCiYE1hepBTYXBBOOiF3Z6q RosPC9PW3oYVcGOvDZvXEiw/F+0PukFOy5aCbYIeLNwGirAjE/LV76Ivqwy7GT2HQl1/ 7R3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Lodozd7l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id cn15-20020a056a00340f00b0068781a6993bsi9084467pfb.276.2023.08.22.11.24.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 11:24:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Lodozd7l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0D4693DD0D; Tue, 22 Aug 2023 10:23:52 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236644AbjHVOI1 (ORCPT + 99 others); Tue, 22 Aug 2023 10:08:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236589AbjHVOIX (ORCPT ); Tue, 22 Aug 2023 10:08:23 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2F75E58; Tue, 22 Aug 2023 07:07:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 09E3461587; Tue, 22 Aug 2023 14:07:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4D8DC433C8; Tue, 22 Aug 2023 14:06:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692713219; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Lodozd7lEcs8J8FHBWLzVHqcOediGHFTgfJTa8pByGLpGgE9Q/VT6PR8A4mOPzYND 0KSwGzmqkW7hGOD0yjOwIlAVM5Tgey2CgQIQAzDxCQtAduKwx3YTSwqwT2ykASKHZ+ gsbGmVZFTV2NezkO3DVeHrsFeKeoBprifsT1k9Hdhhz8I9ppAJNE3rKe0X2XyIolrU SR/2hnR8YcJaBeRb3a6+UDlBVdgD4NYymWgF2gb8gL3OEL5eP9J2wsIK+135u1b1YE L0py6zI5WnusoyHZZm5LHVDhTfEoPicpqiNM6HhpE9bbUMYdCfKB+MrMU/oqnYlKnD l9rK9n4JLQ9EQ== From: Mark Brown Date: Tue, 22 Aug 2023 14:57:10 +0100 Subject: [PATCH v5 37/37] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20230822-arm64-gcs-v5-37-9ef181dd6324@kernel.org> References: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> In-Reply-To: <20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-034f2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=o3F0gqwirOzTh8gwGkZMmsXM7Yu/yi+gPnGo/AGnFQM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBk5MANh6zZuU8eIQ51uNZ/NOE2FMu2W5WwarFAKQ4/ z+TXFFWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZOTADQAKCRAk1otyXVSH0GsJB/ 4wKNrGwCSwijToaO8YpJXzGD9AtXsF3A1WkYgSJizhypJazSZrPix+J3YxSC6VvSvp1yAyxQ6HEqpE sDL1EvYX9GSXJbRnHsPE3Jm0uQjbCZRWa8nPi5dJgslWqF5/lALnitZADjBWV+hiyjLEt6kg5wbbyO Ls+zjygM+M8lBrHe0oOBiR5bRJZD9RcB+6HIAW+lqniWADoj7cdAfOa28StXYilwhXMffRAs7XX274 knCUAPnvn3q3YnF36F/uqXOqYBTfGa+vzZSO4I5X2FpWi8fWnaUVmHfnI7/vjtkMGISJn7FhFBJWIj sTYdbVsWLxUbx4Jex1+ysaixwFtpt7 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774954644441787278 X-GMAIL-MSGID: 1774954644441787278 While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 4328895dfc87..486634bc7def 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT