From patchwork Wed Nov 22 09:42:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168227 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1205634vqb; Wed, 22 Nov 2023 01:43:34 -0800 (PST) X-Google-Smtp-Source: AGHT+IGSAewThRGbmhzhza6kOCpZqKp7r9UPskZ5fqaCrSkXjDzDoFKVq8msTALwOIbC/4V1+lca X-Received: by 2002:a05:6a20:a115:b0:18a:d5a6:7e14 with SMTP id q21-20020a056a20a11500b0018ad5a67e14mr1488257pzk.56.1700646213689; Wed, 22 Nov 2023 01:43:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646213; cv=none; d=google.com; s=arc-20160816; b=XhlSlTVrQavZew5U+ddj/77wU/yhmXJqEzdLVwuLgI82a5hBvSyFPaZ198k13anENW tMmil+lwf6u3Y1EUQfKdFNJx7bfC+2+OTwAmwvTWqZl8Myp6iqHR20YlsGnCZQZUWdkz 6xLR/9Dz1ONKhiO5z3KRkRHXd4TpeH9XyJMiLSOqX8vtQsBSrjV2ZyVh6oImTNgyVEEU uzQVQ3l9SUfq0aBmyAA+NoWVCA6RJWuQuYT0qfQxID/z09f8t/xvmByhzuDoRkuA6G/h hEHkZgkON9nrCNbdUkWsiOxqYluRezajslF7cWLWKB278sJinrXeiYrQzgU5JXbhWGX8 p67Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=0md5lKSrfFF/+d67+dSWGz9Xqa/Mx3egB9cc5ypcmdw=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=zpALg9SPVfDSCIi2SPZW+QauABJYwGhVcEc/64u/o3Y9aTdpwky8+F9le2XI8ERTVB /94e7wshQkgGsM2RbbE2PVsLDpIADesdyq/Pga85E9IwoLCUwFPHCmtjsRM2HzZfuSJU wxOyTJUR/FN0Vha1+cIdyQcsh3FY4Ua5JCi/mCWe16ccDxRI8Zi7AhMjbNQILzY6sdYO W5kzwki1bJQRXhcHCy5GpDVE62w91vUTZFGoniU0dkRExbPs63kL9L/L/A1qcxMdB2kB xfdmsyGKE3HhxYYhr4hUoUPUsbmzqCcy2UYdTeiMrxgLWqH7dUCrePZyVqINDwsMzOR+ Dqtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=q2GNnt1V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id g14-20020a17090a300e00b00280386ec042si1111306pjb.149.2023.11.22.01.43.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:43:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=q2GNnt1V; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 2E0CB81E0FF2; Wed, 22 Nov 2023 01:43:29 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343573AbjKVJn0 (ORCPT + 99 others); Wed, 22 Nov 2023 04:43:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235257AbjKVJnF (ORCPT ); Wed, 22 Nov 2023 04:43:05 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41F0DD67 for ; Wed, 22 Nov 2023 01:43:00 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 141ADC433C7; Wed, 22 Nov 2023 09:42:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646179; bh=LBKDiUG7NBwWsYEeStbCS35c5iJdRmlcOY1N9hBogGM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=q2GNnt1Vg0QJQRjesae4sFYhYpcYrw8xuFx8kU7s+OytKR4wzd1yCHi8+32jxqUC1 AWXRxXmwzXvoYtmicILUtYBc+WxAtCvvhpW99BVlem8s8EkD4oOaigl455Hy4ZYMx3 iZ58lbARbqthj3Fz/zCsx8LDPev0F8etIRFBxbkiJ/7XbkI11XtDhT+FZCdf/Y/fS8 JPsY05zr1HGkfkKAUW1l44mtjfkf1MS4IEFL6TYiUmj3frTdbz5owGw53mqr56wpEY ia86O0YKKUQGxM+0JZoc3SjjbemxCBARirVY0+Wq88KNiqBT29fwGRPlkuuiA9heEW AQSiIbLnkjP/Q== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:11 +0000 Subject: [PATCH v7 01/39] arm64/mm: Restructure arch_validate_flags() for extensibility MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-1-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1303; i=broonie@kernel.org; h=from:subject:message-id; bh=LBKDiUG7NBwWsYEeStbCS35c5iJdRmlcOY1N9hBogGM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz3ufb4BdT3G27Wye1QtqLYalH9gsoNYB6OX 7EyWk64VmOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M9wAKCRAk1otyXVSH 0HxEB/9DTjmmFbNFvHu6r1ymZm8lbbHpqTlnIGPujl+4mFYJWSjhEaVe181wljq4nhtxPsm0u3a dtx7lvzR0Vo0RuGiNEprMGOGHjwlvyFifKfYoG4Hx4DMRzjmHYt9ADFh8JeBcEB7b6VU+8Q54LP choSLtIxGB9bEyLaaFCHrXHn4bsHJebYUBC4hxEk6shMvhPPnKS5YH4sDQVR8xrEqqwA/0e0Nzc 5tg52h+rCta72nz4wUxtrmsCeWCqAeEWxTWayPeXLN4EyGQuAeIcLmLfXs+iQZGDJHimnFgJB+Q IZrJy/B0h5hSoxkO3lXClEw8RP6mm5v2VaonL/9R49GDeD3t X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:43:29 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256804328885518 X-GMAIL-MSGID: 1783256804328885518 Currently arch_validate_flags() is written in a very non-extensible fashion, returning immediately if MTE is not supported and writing the MTE check as a direct return. Since we will want to add more checks for GCS refactor the existing code to be more extensible, no functional change intended. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index 5966ee4a6154..c21849ffdd88 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -52,11 +52,17 @@ static inline bool arch_validate_prot(unsigned long prot, static inline bool arch_validate_flags(unsigned long vm_flags) { - if (!system_supports_mte()) - return true; + if (system_supports_mte()) { + /* + * only allow VM_MTE if VM_MTE_ALLOWED has been set + * previously + */ + if ((vm_flags & VM_MTE) && !(vm_flags & VM_MTE_ALLOWED)) + return false; + } + + return true; - /* only allow VM_MTE if VM_MTE_ALLOWED has been set previously */ - return !(vm_flags & VM_MTE) || (vm_flags & VM_MTE_ALLOWED); } #define arch_validate_flags(vm_flags) arch_validate_flags(vm_flags) From patchwork Wed Nov 22 09:42:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168228 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1205683vqb; Wed, 22 Nov 2023 01:43:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHMKnY2xJf3YSNIq1QrRGqsGiHTA/3pZWHbGyJq61YhkBPKCqdEX4kB6p59MvjdfJUtgZZ X-Received: by 2002:a17:90b:4c02:b0:285:34a5:2f5f with SMTP id na2-20020a17090b4c0200b0028534a52f5fmr1923246pjb.5.1700646221500; Wed, 22 Nov 2023 01:43:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646221; cv=none; d=google.com; s=arc-20160816; b=KkUR38KIPHZ0NnrUhmZytFxXY7bbQDjgobi9Hg1D9TPH9OencU0c0ERWy27YMlOLFy h/SFspygmRLS1xptGni27TZPbAq4bv4SujkuaWlIrs5HlXxyP+GQQSMTp5F7rB5z0UOh bKU0QV2fPpD965ZM/6HLGfyxUQDTQ+wsfALS9AuZ7H6dqQdNGiCzDqTGXDcx40HqTBY+ HWZIGgqdHFESRALjA8t8SR89Bo5HZXJGoJtRoroVQ3KsuSUUtXPUeFCrWe8uwgb7gHg0 lz+qAHvX7FUIt3BRnNbSVTQ8ST2aKXV24/UWXZsIdM7L74IueKk854Sm3usgXwesXW4/ iUKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=x/Cd06F2WL0upBscy50EDRzeuCtnVTQqbaxiU8EnLH8=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=J0iXTP/6fzimuZ9CsUgjRj7NsQ6nXGQu+nzYP441fF93it82UviFCvimDjfX4zKdT4 eQH0I1WvkTAQMKmsQXfdWQOMVpPjF3ecj1mjkGRMW4+gkCKXa4kY06WPti9nKrdvo48o 35zbCKLXAfaF1RgUguY67He3G4QR6YVjJrQT/Jf4s5jdOk/k0fWHuV+8mWtgiQPyq6qy OBvOWAwZZ4c06rOmLVyqqveF/7Q8pqpJO3nJeGkt9eb7zgQ0898NYtR7Pb+6JTh0zvge Ncy4GWfjldRLxXTByuty31jychQknxJNzDxhc/8MmwSlQ65OwGhNmQR512+KszzV6HkV Sl7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FleuH5So; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id y17-20020a17090abd1100b0027d01d450desi1125832pjr.86.2023.11.22.01.43.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:43:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=FleuH5So; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id D7A2880FCE78; Wed, 22 Nov 2023 01:43:38 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343632AbjKVJnc (ORCPT + 99 others); Wed, 22 Nov 2023 04:43:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343669AbjKVJnN (ORCPT ); Wed, 22 Nov 2023 04:43:13 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A29E610DB for ; Wed, 22 Nov 2023 01:43:07 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 57205C4339A; Wed, 22 Nov 2023 09:43:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646187; bh=m4jPC43T5RlVTTuFtgUTBLQ8flgL5CIMr0+I83wmp9I=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=FleuH5SorImAIbxUWn9gIWuXUzmHWtYH3b9xowe//GV3/74yObmNXfogVNve7sIMj WMccD4ck5U20K2khawd6OtRpGq5YYPh3DYluwm4oekpP+X5W1afPKhEcncJWsyokZT QuxFrZI6uGQHtD0B0H/NFs2v5M7obOC2y4z5qEvGaQcTlaGHI8gFJy8cINt6HOpNBp K3bLtzIeWHw19VB3+FfJUr8zsIUKPktHiO5WM6O/c+xCF/0Utvl1doa8s1wEEXWxf9 xz2MNNlEFg9Dt/5gSfJ0hfI1ZBoWYrrLiIr0R/772tncZSu8t3aGve5BSKnAjX0/Sx mqfMHDktPFbdw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:12 +0000 Subject: [PATCH v7 02/39] prctl: arch-agnostic prctl for shadow stack MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-2-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=4768; i=broonie@kernel.org; h=from:subject:message-id; bh=m4jPC43T5RlVTTuFtgUTBLQ8flgL5CIMr0+I83wmp9I=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz4jLDgXMldTx3cCVXtLYFoKWIKDnTUBfBl4 r79IyY18TGJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M+AAKCRAk1otyXVSH 0GGQB/4zpkMXgM4OIAIz0Opw5FgAenwHSga7889ghXvOsN574GY+2TGEUJbteagx1wJvOFXTp8j PGhBMiC5YswNbSMKRdHSQt7Hqlm0Xas/t3WyU7ijF9MgF1wtwunYkT8KOhMfqGGx1UD3LbbE9Kt SimxpwSP1rEIK5OLL6wyhewP+ds+FXd2X+Nq1lWtHDhm9wlB0EFBP7seUU1/d9QTejFvXQPFORs VKEkOsozSdF0M0xoLnRAm+22dflTFx4JIBq9YUZrUiN3NAS7GfwF1EPVRfADSMvKB2SudfaQxZh 6EegY7jED3NiJ6kFufmWOYnsKiRWrS9MmOlCBYd/02cPAtSs X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:43:39 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256812512665777 X-GMAIL-MSGID: 1783256812512665777 Three architectures (x86, aarch64, riscv) have announced support for shadow stacks with fairly similar functionality. While x86 is using arch_prctl() to control the functionality neither arm64 nor riscv uses that interface so this patch adds arch-agnostic prctl() support to get and set status of shadow stacks and lock the current configuation to prevent further changes, with support for turning on and off individual subfeatures so applications can limit their exposure to features that they do not need. The features are: - PR_SHADOW_STACK_ENABLE: Tracking and enforcement of shadow stacks, including allocation of a shadow stack if one is not already allocated. - PR_SHADOW_STACK_WRITE: Writes to specific addresses in the shadow stack. - PR_SHADOW_STACK_PUSH: Push additional values onto the shadow stack. These features are expected to be inherited by new threads and cleared on exec(), unknown features should be rejected for enable but accepted for locking (in order to allow for future proofing). This is based on a patch originally written by Deepak Gupta but modified fairly heavily, support for indirect landing pads is removed, additional modes added and the locking interface reworked. The set status prctl() is also reworked to just set flags, if setting/reading the shadow stack pointer is required this could be a separate prctl. Signed-off-by: Mark Brown --- include/linux/mm.h | 4 ++++ include/uapi/linux/prctl.h | 22 ++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 10462f354614..8b28483b4afa 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4143,4 +4143,8 @@ static inline bool pfn_is_unaccepted_memory(unsigned long pfn) return range_contains_unaccepted_memory(paddr, paddr + PAGE_SIZE); } +int arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status); +int arch_set_shadow_stack_status(struct task_struct *t, unsigned long status); +int arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_MM_H */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 370ed14b1ae0..3c66ed8f46d8 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -306,4 +306,26 @@ struct prctl_mm_map { # define PR_RISCV_V_VSTATE_CTRL_NEXT_MASK 0xc # define PR_RISCV_V_VSTATE_CTRL_MASK 0x1f +/* + * Get the current shadow stack configuration for the current thread, + * this will be the value configured via PR_SET_SHADOW_STACK_STATUS. + */ +#define PR_GET_SHADOW_STACK_STATUS 71 + +/* + * Set the current shadow stack configuration. Enabling the shadow + * stack will cause a shadow stack to be allocated for the thread. + */ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +/* + * Prevent further changes to the specified shadow stack + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_SHADOW_STACK_STATUS 73 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index e219fcfa112d..96e8a6b5993a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2301,6 +2301,21 @@ int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which, return -EINVAL; } +int __weak arch_get_shadow_stack_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2743,6 +2758,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, case PR_RISCV_V_GET_CONTROL: error = RISCV_V_GET_CONTROL(); break; + case PR_GET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_shadow_stack_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_shadow_stack_status(me, arg2); + break; + case PR_LOCK_SHADOW_STACK_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_shadow_stack_status(me, arg2); + break; default: error = -EINVAL; break; From patchwork Wed Nov 22 09:42:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168232 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206024vqb; Wed, 22 Nov 2023 01:44:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IEW/STWowjml2NC1eM5vfVDEu+edctHGWCzEhU4d7l5KNhItSBMIW4ImLtBB5lTJh2OnDte X-Received: by 2002:a17:90b:3e83:b0:27d:8b6f:a626 with SMTP id rj3-20020a17090b3e8300b0027d8b6fa626mr1829841pjb.13.1700646277643; Wed, 22 Nov 2023 01:44:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646277; cv=none; d=google.com; s=arc-20160816; b=FV+dB73lDg/Z1YxE2F4KL5OzADipcFYQMCME7Y0GoM5xF8WR16xz6EI2YKSeaGNAmK fVEAj8aFyUYZpc41RFr6IFKhhY+JziKuZlYG+PTJ9iaT8uG1jltMrdCT76bqbDSKqq5v UaJLQzC0yLLbzpT1Pwzav7csC2kCkxDAJuMw25WSTMObCHulka5eBM/NKVopXmIlbiWl rYSb/QnC5n068XqRjuBm1msXy4+3WnHoFgybw23IawsehIf3f6816nPDBS/JC7je0ZP0 XKyYDjXvV/z4KBdSaV6Jfimhm81bcz0rKTciNOwVEGWnQx0FdB+oKs6414ku9OscjpjB kkTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=pNe3T1oxurIRBMv7xR3XahEt98MWmkplNge008iSYbQ=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=Y30xltR3XcdteEDX+Br3oyha2f4XrU1CJJ857kUgK7Vd+GPQrzADcQTpZne85xPFvv m0FVfafBDAjzaOTT1m2MzaTg6/G4HpDfqhrNC8zUxf6pT2ReSTtFkba+NUYBqKFANG+q YfaCEOoKaGjd7+2pPZ/XjFabbsJHccW43YHfLlwlXsRjJgtGVHEvZSKSTz6MhsbUtLLu dylb6KJ0M8H2miefjPxlx/HfZZAXkO3uvMxejwL5ZsORg8EZ1CzJqo9QDnS9ysT2JQQ+ YRuIWz31vDGs5DnTAYZQvajOXYIEdW3LucbEC+4DBEhQ8DAMmJkMLHRsmWqADHEMcsU/ avZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VS4V1mmE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id hi21-20020a17090b30d500b002850d5f8ab3si1111175pjb.174.2023.11.22.01.44.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:44:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VS4V1mmE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id E381180EE785; Wed, 22 Nov 2023 01:44:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343669AbjKVJni (ORCPT + 99 others); Wed, 22 Nov 2023 04:43:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235331AbjKVJnX (ORCPT ); Wed, 22 Nov 2023 04:43:23 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6022E10FD for ; Wed, 22 Nov 2023 01:43:15 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB115C433C7; Wed, 22 Nov 2023 09:43:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646195; bh=EkyJ2sjNqguwXqxmxIIfJqgpolmeU80tDQ1mr2D5TfQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VS4V1mmE0ZeLoutxYILjpbDNn60e5Tw0OcoSbTasgmO/VejZ//vSk5A4xO+WKFwqr Vt+kO1vC6TXvQBTVbFHHuAp1E9yemr98c7HwHxCb8pBTuq2ba5qEzAzV28dH5jUvlU zMV7HFvQUN1V1bnbNkCq15iyICNQRqCvaWVMvZx4cPo7LnC/W6QUANmM/9t8FXhwrZ eQ+p2PRpxpv2DgKFpKGxSozrGbwpYTwkR7GsL9szoTE6zP6Poc7ZZozJj+u3Frk+Ot uAG2FJIIdF6HfISncjYll7FQ2wapnt8Bc+ndxxZBDEI5t7GlqrUHlXf3Jwmo1mtA3k w60pzdRod63Lw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:13 +0000 Subject: [PATCH v7 03/39] mman: Add map_shadow_stack() flags MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-3-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1759; i=broonie@kernel.org; h=from:subject:message-id; bh=EkyJ2sjNqguwXqxmxIIfJqgpolmeU80tDQ1mr2D5TfQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz5ctjongA13l+3s8rDr6lCcYzCiV/EZ+w01 Sjq0p1+agmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M+QAKCRAk1otyXVSH 0BmeB/0fdILWv3xnmoh3iIUnb+EGSP88bn3NvTdnqSR6EOCHL4XrJPUgwQteJL4EkrLBwM7IXDO phEWSI0/nmWusNr3v9UW6kZ1NmYF+253MWc4v54TjgzG9k4mafDzYYfcZzuGeMZK6JCCAWkGLr0 wv9DrCEa/2jyyNb5n2y+K8nYdNHuJuRrS+1Upl0ZSZ1w9M1JxGUsJgLvnPmoIDgcox7Wg6uxeHf BzbRTK0693utYKeBvr3gTPU/c80PO0X47jTSfpB+WRA2FLQW9FCrDBwc3Z6WFvN2+z7guWL/86q nFREV+64zb5OuzopYwcn7fjb3cADnfSnvSBqlAmHmHfk5T6+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:29 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256871027835993 X-GMAIL-MSGID: 1783256871027835993 In preparation for adding arm64 GCS support make the map_shadow_stack() SHADOW_STACK_SET_TOKEN flag generic and add _SET_MARKER. The existing flag indicats that a token usable for stack switch should be added to the top of the newly mapped GCS region while the new flag indicates that a top of stack marker suitable for use by unwinders should be added above that. For arm64 the top of stack marker is all bits 0. Signed-off-by: Mark Brown --- arch/x86/include/uapi/asm/mman.h | 3 --- include/uapi/asm-generic/mman.h | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/uapi/asm/mman.h b/arch/x86/include/uapi/asm/mman.h index 46cdc941f958..ac1e6277212b 100644 --- a/arch/x86/include/uapi/asm/mman.h +++ b/arch/x86/include/uapi/asm/mman.h @@ -5,9 +5,6 @@ #define MAP_32BIT 0x40 /* only give out 32bit addresses */ #define MAP_ABOVE4G 0x80 /* only map above 4GB */ -/* Flags for map_shadow_stack(2) */ -#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ - #include #endif /* _ASM_X86_MMAN_H */ diff --git a/include/uapi/asm-generic/mman.h b/include/uapi/asm-generic/mman.h index 57e8195d0b53..d6a282687af5 100644 --- a/include/uapi/asm-generic/mman.h +++ b/include/uapi/asm-generic/mman.h @@ -19,4 +19,8 @@ #define MCL_FUTURE 2 /* lock all future mappings */ #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + + #endif /* __ASM_GENERIC_MMAN_H */ From patchwork Wed Nov 22 09:42:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168234 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206454vqb; Wed, 22 Nov 2023 01:45:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IHtvH2mHX2ml6RbiW1mcA0vNVWoG3qBp7tZ1I27YrhUHS14c+Os5oLu2oDpU4rAxKZfYzS6 X-Received: by 2002:a17:902:d48d:b0:1ca:e4b:148d with SMTP id c13-20020a170902d48d00b001ca0e4b148dmr1600864plg.65.1700646338953; Wed, 22 Nov 2023 01:45:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646338; cv=none; d=google.com; s=arc-20160816; b=dGbs3ts4BRITE9ClneAQQBUGlneCYueIQehP488+l4Ihb5HX/km7lb++4f6zpDq21d wuMb+UC13MC8W3orHr2NilABrGdSZWY2TRL77J42JKwQ+3+OSpHATWV5o2Y8lKLe7ojI gNKCVklfyToMdQlRJKDVarx2v/4X543osoCjYfyLNaH1SL7PHwSjjgFCY3XWtkrjY+1D Vw3QRWa8tPUnDHKfDSun1x4VvwJV6nLnuriPMA0SUMvsyhurNUffrmJyPH5kQsIadcdW A3v+sjtfuq39lwYwvSXh/9l974gL4z706s2/uw2a4sE0QM1aTeGhrG3ocVJIouQbmHcX Y5hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=7UoFm5SVDocDJ2RGIB9LLgBQwfP1e0bUEXl3ZRm4uhs=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=OrUjaEzRm+KGQhIpgCsBIqSIv0eT8ZwlfQBhD/OwyT1w+BMYIBAhcVlazT0wcr+FUU mGLjYyRUOrUBb5WAXRFtyYwIH3B4P2KvPyhQ8UiOqsN5ZIOmJ0EJdib4qGadJVao8iLY SZhcDXXlmNjYyY18IYqh2J4jNpZiqrIx7jhI5voOgVsbDh7vmyFi1DtAQEaOjzIgMzEE wVZFA6Oa0LCStEXSAkQJVmly9xsWdK2CzclFGQ7bZ5/De6DsLm/29AmSxBljDRnuYQEr r/xb4tIlIfkCGcJ5EslPbBqtCM91WLSXOHU0EGbAZ+LASM1qOzRzsVgDloMEjSF0uv1A yh2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iIJ0MfSf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id l12-20020a170903120c00b001cc5ada2b94si13272582plh.366.2023.11.22.01.45.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:45:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=iIJ0MfSf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 9ADFA80EE7CD; Wed, 22 Nov 2023 01:44:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343588AbjKVJnm (ORCPT + 99 others); Wed, 22 Nov 2023 04:43:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343561AbjKVJn0 (ORCPT ); Wed, 22 Nov 2023 04:43:26 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09A18198 for ; Wed, 22 Nov 2023 01:43:23 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DEF8C433AD; Wed, 22 Nov 2023 09:43:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646202; bh=v46aUsbCUkfVZOkEZ7v0IxSRHU/syZrce+2sfpMy+L8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=iIJ0MfSfGFe4BnLUwdW5xpDU2/xqYSBGq5Cj51zuM4YqUFdMnvqeDyfxsUIisnU6b wUw0U8Wv0OtRwL9eJwl7JUSwkLZOKIYuD0AugCVQlgzdKZYYavos+tMW7NTLsmFKcC fUTaeAlnathNNURAxXfaZCeWFV55cs7UylMWhaFfEfZ8KPnWdlZD6rgrcgdbSK7hJg WbfctrcjTBpV2PpOorXe++LBEsLPqSRTj7lS0IvdWzi2ge+pX7iP5nGGrqwFD3lC2V BENoY33CIdapQ9DEX5gbQnb9HvHmnMnFes7cCOy49y2tQGmmB3gDv/79PJIL2Tb+ak 6A2RQiwxSADUA== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:14 +0000 Subject: [PATCH v7 04/39] arm64: Document boot requirements for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-4-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1640; i=broonie@kernel.org; h=from:subject:message-id; bh=v46aUsbCUkfVZOkEZ7v0IxSRHU/syZrce+2sfpMy+L8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz58KUrsysjlaWSzO1jYK55QY/WSRM85IGvg PxdQ5ZK0xyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M+QAKCRAk1otyXVSH 0B0qCACCvoOJm105lKv2ZPLjhkUmi7fDdR0EajV9UTvtTmDuiS9RoPv6qew3skKRJ2x99xSPM6Z MtWo+pWCObUZ/Em3l5ZBxXdf54PqlfguR3WeFcjJxgyWZFoYUbPGvfavfrfotOZEl8YyAR60lkT CE8NmFmf/pIXk4tmlokj6+AB4XXUAcDtuWo7w3VyW/4oC8t5jYKXNeusb7+/D03X7WNhzaqtsD8 E7hAKjI9aCqrTPVhf4fOkVUbCxisy/HohyaibsbUO56DDwyDFqhYNMmUsjPSZSKQXDMaY7nzsiX E2K+UxJ8O8oozTh0n/yiPavYQ+94mTSwGH/LNau3iMTKY0f+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:54 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256935278040252 X-GMAIL-MSGID: 1783256935278040252 FEAT_GCS introduces a number of new system registers, we require that access to these registers is not trapped when we identify that the feature is detected. Signed-off-by: Mark Brown --- Documentation/arch/arm64/booting.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/Documentation/arch/arm64/booting.rst b/Documentation/arch/arm64/booting.rst index b57776a68f15..de3679770c64 100644 --- a/Documentation/arch/arm64/booting.rst +++ b/Documentation/arch/arm64/booting.rst @@ -411,6 +411,28 @@ Before jumping into the kernel, the following conditions must be met: - HFGRWR_EL2.nPIRE0_EL1 (bit 57) must be initialised to 0b1. + - For features with Guarded Control Stacks (FEAT_GCS): + + - If EL3 is present: + + - SCR_EL3.GCSEn (bit 39) must be initialised to 0b1. + + - If the kernel is entered at EL1 and EL2 is present: + + - HFGITR_EL2.nGCSEPP (bit 59) must be initialised to 0b1. + + - HFGITR_EL2.nGCSSTR_EL1 (bit 58) must be initialised to 0b1. + + - HFGITR_EL2.nGCSPUSHM_EL1 (bit 57) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGRTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL1 (bit 53) must be initialised to 0b1. + + - HFGWTR_EL2.nGCS_EL0 (bit 52) must be initialised to 0b1. + The requirements described above for CPU mode, caches, MMUs, architected timers, coherency and system registers apply to all CPUs. All CPUs must enter the kernel in the same exception level. Where the values documented From patchwork Wed Nov 22 09:42:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168229 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1205843vqb; Wed, 22 Nov 2023 01:44:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IEjv8zzyPJXpS4BeUhN2f0UaepAxtJkXLpyqq4Mrro7FJWWGSg0L59Ld36eXS9ZL+L+Ob48 X-Received: by 2002:a17:90b:4ace:b0:27f:f260:ceaf with SMTP id mh14-20020a17090b4ace00b0027ff260ceafmr1695422pjb.10.1700646252240; Wed, 22 Nov 2023 01:44:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646252; cv=none; d=google.com; s=arc-20160816; b=Pf8nKW/Ks+HxnoUvzq7vnSxFYGKudP5bJtDDbOlQ3XQW20p+ylP8mZmWJMek9B2eb1 3BmdPka4ennFw+rhZvtsxnitF4BCKVCM4dgaceLOLOI4qnqq4k8C9R5lIPsgI380aYt9 iBSDMR9W0iQD0WyrNpqSJiWeiVKf1o8LfXPCowUfzbE4VDFyILMMFceLCCF0S1YaMgLM 1TUSXeQZvE4wIV8GgMXxs1MdN/eq4ulRuqVZImPk0+PbH+LWysEJfR3MP9DLgs3xSZQi TA8I4ZzbetYNAJRSZ4zph3/itG0brLGhdJ0XWfOJT43nxChwquaA3zcKriQmn3zq+rOd etqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=KbiCLrmvf7bjj9gb8AgsNSQUXCXzZRVASFj0Bv2Jn2A=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=b48DtoeLOWfR8RHdR8m4KlymayCgsvPLv5w8Ks5+iLg0Y63Pnzk3a3PnaPBC6LoDJy vlcAWq1ICtyzX4Ut6pNpD6DkdOUSgrauY5R5Bmm+dNuz0iqKYcGethWucSKNj5i0a74C IrPLBMgcmB3JbcJQC+Y1S+yIo9tsjMnsDJWGBbcfukFGh0SCom5XxT9wv92u+h0qT4HI QPanB26Nzg2sHBEqsI1tI/Hb4KwG/3YCcS84HUBl1SiDzu5VkJ5JA3dDrGTCdY1kJycy 2uAHrWEwZcZdYTS/5Pc2r7dqxbF7mPUP7DBMRdw7jpSYUWcKqRSpPkeW+b/v6RhhjfNM KcUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Qv4wreSI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id hi21-20020a17090b30d500b002850d5f8ab3si1110656pjb.174.2023.11.22.01.44.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:44:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Qv4wreSI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id C2D1081E1B5F; Wed, 22 Nov 2023 01:44:05 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235249AbjKVJn4 (ORCPT + 99 others); Wed, 22 Nov 2023 04:43:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235262AbjKVJnf (ORCPT ); Wed, 22 Nov 2023 04:43:35 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00AC9D7F for ; Wed, 22 Nov 2023 01:43:30 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 37A19C433C9; Wed, 22 Nov 2023 09:43:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646210; bh=L9ZRGf4mNC+FkwLFIfy9nFVoaeaPEXiAYS+7gHUi1aM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Qv4wreSIHv5Ype3rrIep2FDZ7oa0JFgTAurBBMARGex0o4XvAcaDvVDagnPxYpBs8 S0dZwlyIztWNnmtN29WH5IFf3Z4N5THAbBxDrk3ea8UARZshQREWPxgVR7Wv+igHTp M4Dd41SuepuOCJKUMQZRg3SP3Dlid7y4kz5nzFsXWlzTe5qHw1NvB7Cq67vDWXIc/1 ziE5HMgNniJ1C0aps5k2QVT1nyg5FKCSD9+DzweQF5qsd9Cm8/uxx+vVc85FFY1mC8 Dpg8R0WYdDuXT31mv3nxtJ11Fmfx3OguZUhTcNmu3wv5jvR0QBPbwLkT8ZPKRp1EKV 8SiewU3eO5sPw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:15 +0000 Subject: [PATCH v7 05/39] arm64/gcs: Document the ABI for Guarded Control Stacks MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-5-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=10660; i=broonie@kernel.org; h=from:subject:message-id; bh=L9ZRGf4mNC+FkwLFIfy9nFVoaeaPEXiAYS+7gHUi1aM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz6rEW3Yum0dqw0RdOxkewLl5v2bk8+GVDh6 TDhRy8sFkeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M+gAKCRAk1otyXVSH 0A3WB/9GAbpWImDGZqMaksFSfDV0vvm48cRi9UQP9h3li2xxngiotbFbNoY/F2rH7KBYTWmqEn/ hVUSdxoYyrkr2+FOtj2FGeqZ6i1NzhUhfn2FB8aQRHueO6Hmres3zdyKTON/0ZBnlxGFdX5QMMH S0b7vDZL1VNwR+2bfJJGv1PBvTDiGih/85wN9kG5J3YtMzVxlDlzdzsFNFwtgPm3CHIqo5Gkqm1 zHdfoXStP+WXM2PsCNcej+/PeTsPUigGoMSuG40U+vtMCtd75DrLgwrL5Kaz6fjvtaOJkvM7aar x6OErRhAEPoY63b68qVZC7SoZUTHnzKJSsj4+3yTty/wK7dv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:05 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256844624213663 X-GMAIL-MSGID: 1783256844624213663 Add some documentation of the userspace ABI for Guarded Control Stacks. Signed-off-by: Mark Brown --- Documentation/arch/arm64/gcs.rst | 233 +++++++++++++++++++++++++++++++++++++ Documentation/arch/arm64/index.rst | 1 + 2 files changed, 234 insertions(+) diff --git a/Documentation/arch/arm64/gcs.rst b/Documentation/arch/arm64/gcs.rst new file mode 100644 index 000000000000..c45c0326836a --- /dev/null +++ b/Documentation/arch/arm64/gcs.rst @@ -0,0 +1,233 @@ +=============================================== +Guarded Control Stack support for AArch64 Linux +=============================================== + +This document outlines briefly the interface provided to userspace by Linux in +order to support use of the ARM Guarded Control Stack (GCS) feature. + +This is an outline of the most important features and issues only and not +intended to be exhaustive. + + + +1. General +----------- + +* GCS is an architecture feature intended to provide greater protection + against return oriented programming (ROP) attacks and to simplify the + implementation of features that need to collect stack traces such as + profiling. + +* When GCS is enabled a separate guarded control stack is maintained by the + PE which is writeable only through specific GCS operations. This + stores the call stack only, when a procedure call instruction is + performed the current PC is pushed onto the GCS and on RET the + address in the LR is verified against that on the top of the GCS. + +* When active current GCS pointer is stored in the system register + GCSPR_EL0. This is readable by userspace but can only be updated + via specific GCS instructions. + +* The architecture provides instructions for switching between guarded + control stacks with checks to ensure that the new stack is a valid + target for switching. + +* The functionality of GCS is similar to that provided by the x86 Shadow + Stack feature, due to sharing of userspace interfaces the ABI refers to + shadow stacks rather than GCS. + +* Support for GCS is reported to userspace via HWCAP2_GCS in the aux vector + AT_HWCAP2 entry. + +* GCS is enabled per thread. While there is support for disabling GCS + at runtime this should be done with great care. + +* GCS memory access faults are reported as normal memory access faults. + +* GCS specific errors (those reported with EC 0x2d) will be reported as + SIGSEGV with a si_code of SEGV_CPERR (control protection error). + +* GCS is supported only for AArch64. + +* On systems where GCS is supported GCSPR_EL0 is always readable by EL0 + regardless of the GCS configuration for the thread. + +* The architecture supports enabling GCS without verifying that return values + in LR match those in the GCS, the LR will be ignored. This is not supported + by Linux. + +* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined + below for signals and should be ignored when parsing the stack if not + understood. + + +2. Enabling and disabling Guarded Control Stacks +------------------------------------------------- + +* GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS + prctl(), this takes a single flags argument specifying which GCS features + should be used. + +* When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack + and enables GCS for the thread, enabling the functionality controlled by + GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}. + +* When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled + by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes. + +* When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled + by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack. + +* Any unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL. + +* PR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same + values as used for PR_SET_SHADOW_STACK_STATUS. Any future changes to the + status of the specified GCS mode bits will be rejected. + +* PR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows + userspace to prevent changes to any future features. + +* There is no support for a process to remove a lock that has been set for + it. + +* PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the + thread that called them, any other running threads will be unaffected. + +* New threads inherit the GCS configuration of the thread that created them. + +* GCS is disabled on exec(). + +* The current GCS configuration for a thread may be read with the + PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that + are passed to PR_SET_SHADOW_STACK_STATUS. + +* If GCS is disabled for a thread after having previously been enabled then + the stack will remain allocated for the lifetime of the thread. At present + any attempt to reenable GCS for the thread will be rejected, this may be + revisited in future. + +* It should be noted that since enabling GCS will result in GCS becoming + active immediately it is not normally possible to return from the function + that invoked the prctl() that enabled GCS. It is expected that the normal + usage will be that GCS is enabled very early in execution of a program. + + + +3. Allocation of Guarded Control Stacks +---------------------------------------- + +* When GCS is enabled for a thread a new Guarded Control Stack will be + allocated for it of size RLIMIT_STACK or 4 gigabytes, whichever is + smaller. + +* When a new thread is created by a thread which has GCS enabled then a + new Guarded Control Stack will be allocated for the new thread with + half the size of the standard stack. + +* When a stack is allocated by enabling GCS or during thread creation then + the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will + be set to point to the address of this 0 value, this can be used to + detect the top of the stack. + +* Additional Guarded Control Stacks can be allocated using the + map_shadow_stack() system call. + +* Stacks allocated using map_shadow_stack() can optionally have an end of + stack marker and cap placed at the top of the stack. If the flag + SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack, + if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8 + bytes of the stack and if it is specified then the cap will be the next + 8 bytes. While specifying just SHADOW_STACK_SET_MARKER by itself is + valid since the marker is all bits 0 it has no observable effect. + +* Stacks allocated using map_shadow_stack() must have a size which is a + multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned. + +* An address can be specified to map_shadow_stack(), if one is provided then + it must be aligned to a page boundary. + +* When a thread is freed the Guarded Control Stack initially allocated for + that thread will be freed. Note carefully that if the stack has been + switched this may not be the stack currently in use by the thread. + + +4. Signal handling +-------------------- + +* A new signal frame record gcs_context encodes the current GCS mode and + pointer for the interrupted context on signal delivery. This will always + be present on systems that support GCS. + +* The record contains a flag field which reports the current GCS configuration + for the interrupted context as PR_GET_SHADOW_STACK_STATUS would. + +* The signal handler is run with the same GCS configuration as the interrupted + context. + +* When GCS is enabled for the interrupted thread a signal handling specific + GCS cap token will be written to the GCS, this is an architectural GCS cap + token with bit 63 set and the token type (bits 0..11) all clear. The + GCSPR_EL0 reported in the signal frame will point to this cap token. + +* The signal handler will use the same GCS as the interrupted context. + +* When GCS is enabled on signal entry a frame with the address of the signal + return handler will be pushed onto the GCS, allowing return from the signal + handler via RET as normal. This will not be reported in the gcs_context in + the signal frame. + + +5. Signal return +----------------- + +When returning from a signal handler: + +* If there is a gcs_context record in the signal frame then the GCS flags + and GCSPR_EL0 will be restored from that context prior to further + validation. + +* If there is no gcs_context record in the signal frame then the GCS + configuration will be unchanged. + +* If GCS is enabled on return from a signal handler then GCSPR_EL0 must + point to a valid GCS signal cap record, this will be popped from the + GCS prior to signal return. + +* If the GCS configuration is locked when returning from a signal then any + attempt to change the GCS configuration will be treated as an error. This + is true even if GCS was not enabled prior to signal entry. + +* GCS may be disabled via signal return but any attempt to enable GCS via + signal return will be rejected. + + +6. ptrace extensions +--------------------- + +* A new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and + PTRACE_SETREGSET. + +* Due to the complexity surrounding allocation and deallocation of stacks and + lack of practical application it is not possible to enable GCS via ptrace. + GCS may be disabled via the ptrace interface. + +* Other GCS modes may be configured via ptrace. + +* Configuration via ptrace ignores locking of GCS mode bits. + + +7. ELF coredump extensions +--------------------------- + +* NT_ARM_GCS notes will be added to each coredump for each thread of the + dumped process. The contents will be equivalent to the data that would + have been read if a PTRACE_GETREGSET of the corresponding type were + executed for each thread when the coredump was generated. + + + +8. /proc extensions +-------------------- + +* Guarded Control Stack pages will include "ss" in their VmFlags in + /proc//smaps. diff --git a/Documentation/arch/arm64/index.rst b/Documentation/arch/arm64/index.rst index d08e924204bf..dcf3ee3eb8c0 100644 --- a/Documentation/arch/arm64/index.rst +++ b/Documentation/arch/arm64/index.rst @@ -14,6 +14,7 @@ ARM64 Architecture booting cpu-feature-registers elf_hwcaps + gcs hugetlbpage kdump legacy_instructions From patchwork Wed Nov 22 09:42:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168230 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1205875vqb; Wed, 22 Nov 2023 01:44:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IHt/9IHx/hyIH+d5EBWoTGxD/rkuJvWB24gKTTwzY+pZ1X+i+RIdncwj1yTrXYLeW1/j998 X-Received: by 2002:a17:90b:1a8e:b0:280:fc4a:cbca with SMTP id ng14-20020a17090b1a8e00b00280fc4acbcamr3239554pjb.5.1700646257442; Wed, 22 Nov 2023 01:44:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646257; cv=none; d=google.com; s=arc-20160816; b=odZixu78pkUH1HmCNHjkLhQPnXjkSPamqghu2lORhvngg/Ak0LBNAPaw2JSX+asva6 pg67iKhiyNNO1+izEQhVcqPsWOb5XDPilI8M2rgNwoB6xrZak8Ypljt553kxvnOggIQf UqYNoibvAJ96QtS/TjaiAb9SAiSlPkm4OZfgGJVp3tgpuQzNNtH64CFkPyEZOPS4XUn5 dY3XoIBWUKNHydQQThwaRFAiKh/f1GAVuoMxIaIX1cd+imPFGSW8bH5HKQMTl+UYgNZ5 UPk4x+63347H3ODGMW5UuljeTMc0ensRzzoB16wxSnlNIHxkXdWHlLDsdia/k+a7wd2D k3nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=ICticieoVdVv9tpuonXHXGMhklRlVeNH6zs4ecRw8u4=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=z4H/PxjksK3a6LtMfF6S87xONhezedwWemhE0shQbe/lfwXO60UbgE/C9NcqwcvwcY Mciyi5N5r/JVtX0INvGA707NxD7mRdsk6o2b9Kzeqgrk0danH9+bzqjXyqqCPjqFA1x6 eLAson2iwPPb7GIaF9PGB7bv//jzCaZIKAynoRPHUV2U277Bmtmre5HNUX3UVdEKE8GI vklmmMSN5bEr5e9Xwea3Jq1qnQ4iL/+Ux4iC6yEvZ42x022P0eq4HMTWA2FoQ4k4DGjZ +F+c5+y9nFDU+neX9tClzoPPaTo9A3898yJ1r9iww42mpq/T2slZzzSZ5i//1/QK4On8 ZbQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=IkXRbg5b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id n6-20020a17090a9f0600b002852514eb5dsi1141396pjp.57.2023.11.22.01.44.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:44:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=IkXRbg5b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 60DAB80EE797; Wed, 22 Nov 2023 01:44:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235315AbjKVJoC (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235311AbjKVJnl (ORCPT ); Wed, 22 Nov 2023 04:43:41 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60A81D53 for ; Wed, 22 Nov 2023 01:43:38 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 130AEC4339A; Wed, 22 Nov 2023 09:43:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646218; bh=sAPCPg94+tnQw67CJNTbw1zQ3juZmRAe+Eh6kRT4gRc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=IkXRbg5bBWSUR+v3gfhiN3UWClgOifXCfJYdSSioSWvlRRW0PeQTS3840LnJeHTZ4 VoP/bZznXx/D8Zmd8/wg3SHiiXpdq9G7qXu0SHuGSzY3E9t8R3OaZw8DlZc41Hl497 kdEEsWXJpHK1VK2rDYLui9+R7Uo9Mlb9NwLVVUh7IldVFd9eFzYERwTx68oGWAaxwD 4cHNbjRbM4lBZ8/5G5l4KIIIyrrEi3vmyEqksXhSzmqSPbiTjemvRhc3jDYyfjIY4f tzU5DbkQd+AXeKkMRQ8qtIW90WHtI6KFwV0/j7Om0fl0b/6+HV2Eid1Lr4gKKzkPUb iKqusnHn1iNIg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:16 +0000 Subject: [PATCH v7 06/39] arm64/sysreg: Add new system registers for GCS MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-6-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1873; i=broonie@kernel.org; h=from:subject:message-id; bh=sAPCPg94+tnQw67CJNTbw1zQ3juZmRAe+Eh6kRT4gRc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz7ZHl1qts3vCkTyLrvdIYGWOcI1zxCo5W7w MWcYuLMMqmJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M+wAKCRAk1otyXVSH 0Ni7B/4s8EgRGzCroRrqSGQDamkc26auatPOVjhjcDAF4UzqAGfqte6xSPGtlM654rV6oxw4S74 ScqJVKLmOfCAkvCwX5BxxAlOSdeMqOK/FgKj9J+cM2W5+0AVlvUZv8vAGZIelYeutlHEFoMLD9P r+ONekQALp7T/WiFNBAEbhIqQK7O3EUizX/yHODMJPOzkRMgvLifseFZkrbV5bTKSKVr0pCB18m MCcrHY/O0TwRVMvKL5AYsOCdHTbLkn+Bj+t4hMu50SoZTrAN/9sJa+XlLNgT2Sm5DtgJNxunb1g ownRsis25uUJ0pSZSxZzqvPmmuSJZVa/rIVWAMDmhxRNHGC4 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256850275900155 X-GMAIL-MSGID: 1783256850275900155 FEAT_GCS introduces a number of new system registers. Add the registers available up to EL2 to sysreg as per DDI0601 2022-12. Signed-off-by: Mark Brown --- arch/arm64/tools/sysreg | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/arch/arm64/tools/sysreg b/arch/arm64/tools/sysreg index 96cbeeab4eec..d2ee46b63482 100644 --- a/arch/arm64/tools/sysreg +++ b/arch/arm64/tools/sysreg @@ -1790,6 +1790,41 @@ Sysreg SMCR_EL1 3 0 1 2 6 Fields SMCR_ELx EndSysreg +SysregFields GCSCR_ELx +Res0 63:10 +Field 9 STREn +Field 8 PUSHMEn +Res0 7 +Field 6 EXLOCKEN +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysregFields + +Sysreg GCSCR_EL1 3 0 2 5 0 +Fields GCSCR_ELx +EndSysreg + +SysregFields GCSPR_ELx +Field 63:3 PTR +Res0 2:0 +EndSysregFields + +Sysreg GCSPR_EL1 3 0 2 5 1 +Fields GCSPR_ELx +EndSysreg + +Sysreg GCSCRE0_EL1 3 0 2 5 2 +Res0 63:11 +Field 10 nTR +Field 9 STREn +Field 8 PUSHMEn +Res0 7:6 +Field 5 RVCHKEN +Res0 4:1 +Field 0 PCRSEL +EndSysreg + Sysreg ALLINT 3 0 4 3 0 Res0 63:14 Field 13 ALLINT @@ -2020,6 +2055,10 @@ Field 4 DZP Field 3:0 BS EndSysreg +Sysreg GCSPR_EL0 3 3 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg SVCR 3 3 4 2 2 Res0 63:2 Field 1 ZA @@ -2348,6 +2387,14 @@ Sysreg SMCR_EL2 3 4 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL2 3 4 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL2 3 4 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg DACR32_EL2 3 4 3 0 0 Res0 63:32 Field 31:30 D15 @@ -2407,6 +2454,14 @@ Sysreg SMCR_EL12 3 5 1 2 6 Fields SMCR_ELx EndSysreg +Sysreg GCSCR_EL12 3 5 2 5 0 +Fields GCSCR_ELx +EndSysreg + +Sysreg GCSPR_EL12 3 5 2 5 1 +Fields GCSPR_ELx +EndSysreg + Sysreg FAR_EL12 3 5 6 0 0 Field 63:0 ADDR EndSysreg From patchwork Wed Nov 22 09:42:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168231 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1205927vqb; Wed, 22 Nov 2023 01:44:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IG+wZZjWaXRC5y2RAPtQwWBhVQUAPIFvGYk7cZpZye+35cIcJuOtWAuFms//mpyHE9lmJwJ X-Received: by 2002:a05:6870:1f08:b0:1f5:cf59:1ed2 with SMTP id pd8-20020a0568701f0800b001f5cf591ed2mr2151314oab.13.1700646264725; Wed, 22 Nov 2023 01:44:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646264; cv=none; d=google.com; s=arc-20160816; b=yztTswgBZ+vFbIPdZw5C6H+yVUdOaA48LQ+xnnlzCzTBYvherCqAXXb+pnhqxBSbn8 KRira7bszcOyYLi0mZ+NyXXZ9wkk/fofsfgTm+VOTRyb8ys1SH5dOg9uVrI7O+qZWe/9 GRP2x4XF8cw4zdpSGLCHUgO3oqxghWfOUEQpaYQwzpkcJ4sv9znrN8oI6IuboO6QMYbk SmNclJVJszeEpiR6KJe0UnCVSFiuWI8rOfvtdGASjed8TYm+GDFOu6RkSLDm0CDmmlpG PrfH7Xr/6O8VOyTY/1LjOYgyqXGVLGXKbpr6j8PM+EmgzZxan555z9BQAo1Ulq0YHeso QeoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=TZ0ZwEmlv4C4jxhX8WtZ7aOr+nW8SCVOLuCCiD9LGas=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=UPquOAV7G5sdcSA+ql+lTWhuyhLsZ8dx3rf+5NAMiuTUyRKtM6+4prA8uZfgF7YvXn yM8z+AYBl/sS8rHAMmA9Z/c+FXOGl6lL1VQ+bFlxMGuWp7FjBxRL+b7Jc+uO+ksrX0op fReBQWQUrTYPnLbjmV59wX1gE6tyNcfycpJhrTHEpa4xfgZz7OhCeiij8/wPlvjzDxMZ vgIRCXw9eGb8GBbkV5EHbImC6OmwY+pQ8SA1b7eG8h2pZz1vcGi0Bk62nwjX80QFIdHF zbXX6/KKpCA6/CRiPYYx1TDSaee7LJj5Z+TQ7V1heaaCuWTXNRg4acMYU8F0ciVQWOmw yM3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qs5YB6BE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id l6-20020a056a00140600b006c32b301f74si12226742pfu.39.2023.11.22.01.44.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:44:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=qs5YB6BE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 3BA6381D8083; Wed, 22 Nov 2023 01:44:23 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235354AbjKVJoT (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39386 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235319AbjKVJnw (ORCPT ); Wed, 22 Nov 2023 04:43:52 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E70B61719 for ; Wed, 22 Nov 2023 01:43:45 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 77F1AC433C9; Wed, 22 Nov 2023 09:43:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646225; bh=AdenxNKaKLfO1zzZHzslCIJebdi1YPs1wuXZd9U1dO4=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qs5YB6BECnMAmghk+5k7QLjQ4iTf/O6w9uwKHheCTbxYsU4dCielXXbKpJWvVJbOO eHvstQrw3PY/tc2Itmd0DGJ7a9XLXgveUYEreP0NdC2bZwRKN8Csxmok8dA98yK6jJ pc/VhN++Iddv1n65+uxrwhQVBNX4wTnb4RntXV6p1LG9HjaGajgFeuYEg7d8W2vnS6 DsVLe11iXrOgM+nfF8hv0a4E3fBTkDuQgmYeEb5x+merErzYBI1UBOYtqum9DhkAEu iz1H6w7wU93+McmzZK2pTguofmFSA0eW8JcDbFbW+BkqVIf9s/MphpA8RcRNk9/QCg +DKBkAjfQe8QQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:17 +0000 Subject: [PATCH v7 07/39] arm64/sysreg: Add definitions for architected GCS caps MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-7-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1363; i=broonie@kernel.org; h=from:subject:message-id; bh=AdenxNKaKLfO1zzZHzslCIJebdi1YPs1wuXZd9U1dO4=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz8bmHxgHWCFRqVN8uz2M3iReNk3BZizcael fYUhMZ5DoWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M/AAKCRAk1otyXVSH 0F7RB/4ql9JuD5+zDZkKa3IqDccJ/whQ1MzEyDazvd5D9iSOO2uFVWKf/mgBe42Co9F7iJXvawY fnM4HLJ+2I6Jpps5E2t0pRb5MPSbFPYrmiDpnpwyH+gCNdD/ISBWGGKi19hQLMzotC2usKxe7n/ ZPPgZlodquDSXAvzd6yBK/QAT+KqARuuUYjttCxdlJOeU0BHNEbhz8/owbin6JfrC1GTlcGGFai aASFR2cqBA+/sxYNdN9NjVEQv2zxSBdFJ+zVZ1qt29sVNQq4+UVEYWYK5MXwadGBn1rZoKRfQA/ I2UNt33vEzbJko8U/aAkwKFHIOuyMBeaY7xivvSZlmH0QBVz X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:23 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256857355398009 X-GMAIL-MSGID: 1783256857355398009 The architecture defines a format for guarded control stack caps, used to mark the top of an unused GCS in order to limit the potential for exploitation via stack switching. Add definitions associated with these. Signed-off-by: Mark Brown --- arch/arm64/include/asm/sysreg.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 5e65f51c10d2..75a49b41fa93 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -1039,6 +1039,26 @@ #define PIRx_ELx_PERM(idx, perm) ((perm) << ((idx) * 4)) +/* + * Definitions for Guarded Control Stack + */ + +#define GCS_CAP_ADDR_MASK GENMASK(63, 12) +#define GCS_CAP_ADDR_SHIFT 12 +#define GCS_CAP_ADDR_WIDTH 52 +#define GCS_CAP_ADDR(x) FIELD_GET(GCS_CAP_ADDR_MASK, x) + +#define GCS_CAP_TOKEN_MASK GENMASK(11, 0) +#define GCS_CAP_TOKEN_SHIFT 0 +#define GCS_CAP_TOKEN_WIDTH 12 +#define GCS_CAP_TOKEN(x) FIELD_GET(GCS_CAP_TOKEN_MASK, x) + +#define GCS_CAP_VALID_TOKEN 0x1 +#define GCS_CAP_IN_PROGRESS_TOKEN 0x5 + +#define GCS_CAP(x) ((((unsigned long)x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + #define ARM64_FEATURE_FIELD_BITS 4 /* Defined for compatibility only, do not add new users. */ From patchwork Wed Nov 22 09:42:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168233 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206074vqb; Wed, 22 Nov 2023 01:44:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IHHu5Ljtn+BjdDJAByy2xUNmYpFwga5Tjev9zeKgljzjwyyboaCYpCYvG9bqnJJC56+qSBS X-Received: by 2002:a17:90b:3b92:b0:283:2612:7141 with SMTP id pc18-20020a17090b3b9200b0028326127141mr3248572pjb.13.1700646286071; Wed, 22 Nov 2023 01:44:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646286; cv=none; d=google.com; s=arc-20160816; b=IBQxVzZvx0pesjHRIBahGAVGxm0tpFHezJ9mP4xdYYxcm7uNvQCH511I59XMQ2RCp+ +a/zdUjh6uh3kbY4qQeEU/7SQ+iMdd4iTzRxX1JbfjJhKkFCr3+VDrCt11/dqlllx1xR ooeRIrG5JB7CZ+xW/dwAAgZ4UDT13CQxT85+3RiwA8SiIWgOF7zLRIqC/Cb5+E8aiIvv sExiFfAs1pgxJJMVgtoakpUvQP52+/1eN2DnEwIGP3uxAQbRlUQ1+DWGvbBXBjQVHC1f JBQqzdDRo1TFJnEAvS+Ds42UOxCkCkZDIBSXjgTAuejoaCXQ03dn3SWv335LhnrEDc72 WQfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=oHZQJerEJ1fGH3Iz56dN3F6DX5L5AytuCbA413DTvB0=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=pPctiPPEhknwR4LIABo9JLWZbq85jrIdLQLhcMmf2Ac3Tx90sGAqrPPovkyja8f574 t6OL8qXCx5yLer7UwjFEabnwlfWzGbGi1QWUXw81bTEwmZXnOepgh64CR7uO1Sh6If7o /OVFH4kia9A2QTO12fYfzzz62pcyUL5wFmqXWzzo0VGi3DzZwbrvFEdIQkZgxAcFZfup QlBt3XL7Wgk1gFKpw82vVPVBohzpoNTtEbr3s+7gPDdnwkLEwCUp8TCrl4iMjccCQlxj PjdAXcZtcfS7LkTXbOAhJECMbrCJIcBEhpuhD5leCJnaGCviYFa+pn1EG4YxU2+AXq1N xrCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jo0eqnhF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id l5-20020a17090a850500b002802928e7cesi1143347pjn.147.2023.11.22.01.44.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:44:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Jo0eqnhF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id D171081E1B4F; Wed, 22 Nov 2023 01:44:43 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343761AbjKVJo3 (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60498 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235345AbjKVJn7 (ORCPT ); Wed, 22 Nov 2023 04:43:59 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6DC22191 for ; Wed, 22 Nov 2023 01:43:53 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CF86C433CC; Wed, 22 Nov 2023 09:43:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646233; bh=Kj5ys8EZzcB9lauTa/2n/TuM+KU70CYN6cCdyA5umEU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Jo0eqnhFka9a7dffiKyy/h01WlRwGEogNuM4GOLoxUdOw9GTlY8Y8IsRwkGQAzVps ZejwMBmDzIrkQh7K7q2pQDPrZXsbBtCixxWp/qAS7BsVPKK22IOAiUXVCd05mRyTBF 4sHtlCXV5S5ajmQ08Ha0/qmbnTXoNEuvYf8Rpl3kx5lqfIJwozNKfyvlN0ixlabSCs z0tRYzkYowakVqbhA+GWa06AGpTmKfBv+oJbb2Y21eWQZergE/uRiRxQ0pVmATJcWM 102wKL6RaMwQ1C6yALuvXYKN5CI7cvjxWoE2cPJirA2ZviLOEi3nlbI0j8VIjMydt6 JEaT3JTOFHOeg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:18 +0000 Subject: [PATCH v7 08/39] arm64/gcs: Add manual encodings of GCS instructions MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-8-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2577; i=broonie@kernel.org; h=from:subject:message-id; bh=Kj5ys8EZzcB9lauTa/2n/TuM+KU70CYN6cCdyA5umEU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz8bXL6mSlClcxo2LLkqYujwDOa49MNEAxac 4wcHFzLkiKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M/AAKCRAk1otyXVSH 0GQIB/9o9cqptsu1ZwBDibIQWSTMXx2jyDsfuRCayo0AmyyLwhAIo2lXL771m3LtQpEJubjNSO3 PVjPlRoT2ipPWpt735Fg5NkUgjzEcT6xeT/oG5/YpHULuKMwSq9zvHV+woRV+lYiOZItIrNcgu+ GvMa1MuPADfJzXfw7QgtoClkc+6OfPC5vTsygXo0CEhRXV9O2659pBW0fQZPRmIa42fXbtTlpNK j3l29HNk16rpf+JFot2wdynC8PLWnTH38WB0LF2d+f+czqx+mOQs2STMWDPRpTF43MOm3QEIIJi SJNNHgxgi99OxRRLxuunS9Cf4qkX9bBRfInK56jnN8VLQHMW X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:44:44 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256880126282014 X-GMAIL-MSGID: 1783256880126282014 Define C callable functions for GCS instructions used by the kernel. In order to avoid ambitious toolchain requirements for GCS support these are manually encoded, this means we have fixed register numbers which will be a bit limiting for the compiler but none of these should be used in sufficiently fast paths for this to be a problem. Note that GCSSTTR is used to store to EL0. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 51 ++++++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 22 +++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h new file mode 100644 index 000000000000..7c5e95218db6 --- /dev/null +++ b/arch/arm64/include/asm/gcs.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Ltd. + */ +#ifndef __ASM_GCS_H +#define __ASM_GCS_H + +#include +#include + +static inline void gcsb_dsync(void) +{ + asm volatile(".inst 0xd503227f" : : : "memory"); +} + +static inline void gcsstr(u64 *addr, u64 val) +{ + register u64 *_addr __asm__ ("x0") = addr; + register long _val __asm__ ("x1") = val; + + /* GCSSTTR x1, x0 */ + asm volatile( + ".inst 0xd91f1c01\n" + : + : "rZ" (_val), "r" (_addr) + : "memory"); +} + +static inline void gcsss1(u64 Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline u64 gcsss2(void) +{ + u64 Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +#endif diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 14be5000c5a0..22e10e79f56a 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -425,4 +425,26 @@ static inline size_t probe_subpage_writeable(const char __user *uaddr, #endif /* CONFIG_ARCH_HAS_SUBPAGE_FAULTS */ +#ifdef CONFIG_ARM64_GCS + +static inline int gcssttr(unsigned long __user *addr, unsigned long val) +{ + register unsigned long __user *_addr __asm__ ("x0") = addr; + register unsigned long _val __asm__ ("x1") = val; + int err = 0; + + /* GCSSTTR x1, x0 */ + asm volatile( + "1: .inst 0xd91f1c01\n" + "2: \n" + _ASM_EXTABLE_UACCESS_ERR(1b, 2b, %w0) + : "+r" (err) + : "rZ" (_val), "r" (_addr) + : "memory"); + + return err; +} + +#endif /* CONFIG_ARM64_GCS */ + #endif /* __ASM_UACCESS_H */ From patchwork Wed Nov 22 09:42:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168239 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206957vqb; Wed, 22 Nov 2023 01:46:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IGs1oc0gSWtlVGR9kvE/Jfys8kS9Fs/fwIKiG/kloBiaN6ZDxxzAacTh/UBxIndxz0/UsPR X-Received: by 2002:a05:6870:6e0a:b0:1ea:323e:4f11 with SMTP id qt10-20020a0568706e0a00b001ea323e4f11mr1927455oab.3.1700646410544; Wed, 22 Nov 2023 01:46:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646410; cv=none; d=google.com; s=arc-20160816; b=aP7mh++LBr2GQEltF/4gfvfUuNhdJ7mo850VzOR8UVXkvBZfKAWS7NbU1Q0ZXws+xr WUPOeMrREv7WFWc7f8/pRvktMojVwNuYcygOtOieGueehjxphtt9cK3OSf/uVkBHDf5s Z02Hd4WEOyAEF6xJcliod9u1V4r5HN+l7QCCkwmRSaRYiMorCVMoLF5m3HAaIcwoVcG5 PehIf83dHp+Oyyf78FwL/jIS5KXG8kGomg5t4edTuk0G4E1vOmjc3IxQSKN3JAcj4Lsq cah1JQ/r/FPztv1l/ZDWtRS65UW1S0yxIc/nQlp9Nl6sfgYZNeK1827isUHi7XaWEtP0 6qmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=DV5bVXvTe0o/ha9GRNIs1yhe3QvFX1UsR7szIYiQiBI=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=yYrun5MffxK2jfwphNJP4bDj8KlMu/OWQbIeTQMCBtcG9TvW8dpwo63DwZkECrXXJc 6jGHGlWOD3TCLpVNF86ZE9mQi6tss7vFZOlcEHcXHtS92Ut3ejKsOE/cV1mLOm1QmIBv 2iBeRN0oG+L30Yo4KBhKBv12KXq52voCqGmCwqAZ1HibpIx1jv+EQp4ZEaZW16jQqIp8 hrYq3riT+VIFwnpAD8Xd7oDOPRR5OgDw2c67VVIVsAeioh6sB84xr75nE7OwJLslMdza FTYEePgTa0F47ecurLFsTUU/lRH9GQdcIGuEVV9nbTzjGiJ+SHoGVsLoDj3bEjAS57AT y3jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=skgEBYvx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id e11-20020a63f54b000000b0056a36ac322fsi11923364pgk.514.2023.11.22.01.46.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:46:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=skgEBYvx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id DA31381113BF; Wed, 22 Nov 2023 01:45:52 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235122AbjKVJof (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343595AbjKVJoP (ORCPT ); Wed, 22 Nov 2023 04:44:15 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E24CD1728 for ; Wed, 22 Nov 2023 01:44:00 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96852C433C8; Wed, 22 Nov 2023 09:43:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646240; bh=vd1vSvagODzOx6kbpI7IvwSkS4eBsjmFRyLwRdBrVrA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=skgEBYvx/fAYU83PbKMGhZ+jFRWnelXbJMhtlbDO94lZzbLAQu2e6sHPZRgWHd+sx gtvmAgwjSpvlSEQjQzBmlxxsXWS82g6bxtvPaFkQ8pvd5rEGx1NUa6mmsajYrS2HXJ 9SUa7yYSQ4By+Yl/Qgm1N6yHb1EuBPq31sojdUVFxdN/L6m2Rc5/En1jfZfcN6fVd0 1Hue8SThE2M1637XnM8B3AjO9hFNOP+uQE1W0maFQM8JCIjJ7WlFtq4sCyHcLk/Da8 60C8qJmM22SVHPuFPEY+HS4Qp3f7l5E4nEP4L2Ac7hl6Qa7XDz7Xjm83GZP/ILzYcJ 5IDYaXeS3YwZg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:19 +0000 Subject: [PATCH v7 09/39] arm64/gcs: Provide put_user_gcs() MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-9-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1037; i=broonie@kernel.org; h=from:subject:message-id; bh=vd1vSvagODzOx6kbpI7IvwSkS4eBsjmFRyLwRdBrVrA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz9ntfDGYRfW3xISuNKutZJXpSjiIRaViJ0k n4sUnukccCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M/QAKCRAk1otyXVSH 0N3bB/44FbabVeFeFQXmXvNQGbQr73EvxPiLmtFhVunzGXVexn0MqHJIPQxDC2ugEGWeKqK+7nz mHcpRXkSvzsDxa0SVk2G9hz7TrXNC6LMK87Ap6mUxpUx/sl71tnM08rKVQzi+iw4Ye5ZPtSiDWW L5diQOrA4wDNpimxkSurVohp7umfjFe/leUGxJGrezbj+MEWgxqb/endM8PgCOg4sdzQBljGFdX WMXW9ZlcwjjEOdBjomF3WAbeNIdpvDJQHFW9t9p9cLOLrxovGepwQ/qOzb7pt0bnZZ/ely3LOX/ 7IrP/ur/Ss2aXoZkMeS2okOUMjg3vSIb9e5S9aaS+RcHJC2B X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:45:53 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257010296646566 X-GMAIL-MSGID: 1783257010296646566 In order for EL1 to write to an EL0 GCS it must use the GCSSTTR instruction rather than a normal STTR. Provide a put_user_gcs() which does this. Signed-off-by: Mark Brown --- arch/arm64/include/asm/uaccess.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 22e10e79f56a..e118c3d772c8 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -445,6 +445,24 @@ static inline int gcssttr(unsigned long __user *addr, unsigned long val) return err; } +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr, + int *err) +{ + int ret; + + if (!access_ok((char __user *)addr, sizeof(u64))) { + *err = -EFAULT; + return; + } + + uaccess_ttbr0_enable(); + ret = gcssttr(addr, val); + if (ret != 0) + *err = ret; + uaccess_ttbr0_disable(); +} + + #endif /* CONFIG_ARM64_GCS */ #endif /* __ASM_UACCESS_H */ From patchwork Wed Nov 22 09:42:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168244 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207114vqb; Wed, 22 Nov 2023 01:47:17 -0800 (PST) X-Google-Smtp-Source: AGHT+IF63StHNzEoxeuXQHlMbk8z6fcPwv3cB0axOki5O/H0omUOKnUj5924eO9yLLY0x/NIQk3N X-Received: by 2002:a05:6a21:1c89:b0:187:e3a5:b35a with SMTP id sf9-20020a056a211c8900b00187e3a5b35amr1387283pzb.21.1700646437290; Wed, 22 Nov 2023 01:47:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646437; cv=none; d=google.com; s=arc-20160816; b=LH0ePW4uDkmSeps0JBfsaZGo34iyx2yRWI4swdxCxvQWI+BDUorEPGF9FH+u4nLGO7 rEhKl1U7ig/ayMo9aJ7zPMowq6hbnEgcWNOGZP4UhCwEQqLonFSmHNyqQQZZ9e5kH/KA uKTgoLXRfLn7HRL5KUVE7eQfJ0tr0Tz0y7CA9iiBtNhgdZyBvdiQQxCB8j57hYdaFRbK PNkdvKH8sqcIOp/qps32N5WvMcokPmQIa6gGuqPURKS5eBRoRBs/r/ktepWMEryyguwd uif+C82zPk5WFFmqzM3gAPHzY6KOiJ+ePRwAR/8bs3DtUyVyRpquusccD/BTTY7M1cIV J2Wg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=cEnjzLtEtU2/qgYRbmQ8ScupbG36KHsvEqwwkTuL5DM=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=pvvohHYY8vxQH7ruxVtWkT+8IM/ozWdjmn32z4Y6qG2YXwoQ1MVMNjlpy9riHctjel vIxjVE5uD3oDFdEWvk6BZZ06MvOOAYOtH9tvrSwMDL8UQgsVi6LVw/t30wGAuYzjsvSz JTQ8sV5KW6hFh7YJ9AJsx2kJ2S+VFda1nVruRQT01Y3sj/brXdvMBJf3ah3GbOlHwqHk +xBVfZu1Y7kyBUHyqNWreKiI8RwsL6baWsiMAG6SKOn94yR1tZK0Ms2+EsN/N8sRQ7u6 Yly8TAwUOtZ6GVwAbiCLGuKRDD6rTmEqaPnRXeOEemoNu7sd1ND40rqGKdcvxadnt4+d duBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OvKVQHJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id d15-20020a17090ad98f00b0027d54b9f379si1135029pjv.123.2023.11.22.01.47.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OvKVQHJl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 8045680EE794; Wed, 22 Nov 2023 01:46:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235362AbjKVJop (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343743AbjKVJoW (ORCPT ); Wed, 22 Nov 2023 04:44:22 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65E4510E4 for ; Wed, 22 Nov 2023 01:44:08 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 22E86C4339A; Wed, 22 Nov 2023 09:44:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646248; bh=i9QyE7h/VNfEY/fQWg1KcUCsnEaqWFpKvbtjF57JZIU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=OvKVQHJlaRBJIrr/EqVvB1Vhp4g6DB+5CWEBUGNM3o4IyXrYXjYMV9aL349rfMduV iC1sUc8GEMqhX9H+WRYy595ExaJkKlI4MNhh8kzV2HwPjOacNIQul8xtmQvxy/xNWy bJyZ92pIRTGziqyBTlQVmhpRcHecvfbBV8wVxA1Jl3BIzkpyZ6s/ZovvVa/P4DuGKH mxVnXURPLXu73B5K45nsYhJhGwSGJGkfi7MoHRbDJvnCRGQ5ZNTznbOFNqjlxfBHPi GJ1mJL/sYWm4X7XtGJckFaZSRb6p2wAJFNIMhy8vDr+jKDW1Wp5g6OdIf+KPnIfmWR oSzOQyZR1Z4qQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:20 +0000 Subject: [PATCH v7 10/39] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-10-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2922; i=broonie@kernel.org; h=from:subject:message-id; bh=i9QyE7h/VNfEY/fQWg1KcUCsnEaqWFpKvbtjF57JZIU=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz+s2txHvZTDwLAf6SOVjsd+5BN63pi8i51Z FULlftCXzOJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M/gAKCRAk1otyXVSH 0LSmCACGoUb2lLCDHWabC23R3Nx8VwtQ0tQQHq3bVsr9lWag6ifOZORAusKIlhzB1Oof9Iv9cBG 7FBO3D5ZhNs6EMIXSMOy38ifF/x/csaQnxTcH0SQxUa0yxqQabljmKvoALa4i6z2Sae8FCyOu5E bYUX0M3PHsUF5jPmg/O+j9TkHroXSXFGeQgLHN7x67h3d/QTmpeg1SC6AwlkZYnH/dUUQusDF4r mj6E+PFeikOSBCVgHbO/jkc02tozpz97gUJGsZ9H4glsVXGtiH+3gPm2IGliCtYTvx2Jwl0/Mu+ 7ZPEOpq55NzT3FgzhsBiZfL6DeYDKnu1Tu30JsJ4LpYGSAQ+ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257038237544442 X-GMAIL-MSGID: 1783257038237544442 Add a cpufeature for GCS, allowing other code to conditionally support it at runtime. Signed-off-by: Mark Brown --- arch/arm64/include/asm/cpufeature.h | 6 ++++++ arch/arm64/kernel/cpufeature.c | 16 ++++++++++++++++ arch/arm64/tools/cpucaps | 1 + 3 files changed, 23 insertions(+) diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index f6d416fe49b0..5696a55cc1f8 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -819,6 +819,12 @@ static inline bool system_supports_tlb_range(void) return alternative_has_cap_unlikely(ARM64_HAS_TLB_RANGE); } +static inline bool system_supports_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + alternative_has_cap_unlikely(ARM64_HAS_GCS); +} + int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt); bool try_emulate_mrs(struct pt_regs *regs, u32 isn); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 646591c67e7a..5477451cefa1 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -255,6 +255,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { }; static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_GCS), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_GCS_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_SME), FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_SME_SHIFT, 4, 0), ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_EL1_MPAM_frac_SHIFT, 4, 0), @@ -2242,6 +2244,12 @@ static void cpu_enable_mops(const struct arm64_cpu_capabilities *__unused) sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_MSCEn); } +static void cpu_enable_gcs(const struct arm64_cpu_capabilities *__unused) +{ + /* GCS is not currently used at EL1 */ + write_sysreg_s(0, SYS_GCSCR_EL1); +} + /* Internal helper functions to match cpu capability type */ static bool cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap) @@ -2731,6 +2739,14 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .matches = has_cpuid_feature, ARM64_CPUID_FIELDS(ID_AA64MMFR2_EL1, EVT, IMP) }, + { + .desc = "Guarded Control Stack (GCS)", + .capability = ARM64_HAS_GCS, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .cpu_enable = cpu_enable_gcs, + .matches = has_cpuid_feature, + ARM64_CPUID_FIELDS(ID_AA64PFR1_EL1, GCS, IMP) + }, {}, }; diff --git a/arch/arm64/tools/cpucaps b/arch/arm64/tools/cpucaps index b98c38288a9d..30d27f6301fd 100644 --- a/arch/arm64/tools/cpucaps +++ b/arch/arm64/tools/cpucaps @@ -28,6 +28,7 @@ HAS_EPAN HAS_EVT HAS_FGT HAS_FPSIMD +HAS_GCS HAS_GENERIC_AUTH HAS_GENERIC_AUTH_ARCH_QARMA3 HAS_GENERIC_AUTH_ARCH_QARMA5 From patchwork Wed Nov 22 09:42:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168235 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206494vqb; Wed, 22 Nov 2023 01:45:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IGZU1cEiKSPA5lmdJuTeQQJj7DNgIND3s6WCgXd2OHq5TYIzhd+RlXvzjkp/1+Ye1HgU/zg X-Received: by 2002:a05:6870:8e0f:b0:1ef:9d46:5c7a with SMTP id lw15-20020a0568708e0f00b001ef9d465c7amr2840233oab.0.1700646346503; Wed, 22 Nov 2023 01:45:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646346; cv=none; d=google.com; s=arc-20160816; b=dbA5mzGDmHYoMcjxNyyOJoIC9dXvuEHb5ShhYQhEC4/L8TkLuAFMzmrg5Tl7pn0+KW D6wQnwp5ZMCASx/klmpLtl0OPELI2t0ZHKYp897BEdH4XLa6Vjy7YhRjJ+/MpTmF+w0c RFj2VleCyS1yJ+OBouncLxPY7TXH5joaEQomGugIzAoH1TOOSvKxqWl9qQoL4mSNH2ZH qKq9PpyMOksFOdGHOQ0wVz5fV17RKZbemLstL3AJzhMP5YlBsLcRr+c7wF2AJXNLWt+h IPJUPMsX6OgufqZNnnwm1eudHXvOw1CHbq2reVft29vD1s7Tdm8DI3lGXxYUqRt3xwCO Qj1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=NSorrFaz1NAT3W8+gjPP65V3WERq3K/Abd+JMiBMrFQ=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=xBlbvkwpI1n/Sy195CISOMcLGrcMD5HU4y84wt2f/1EqWHKGurdnOx8vXR4qX7TuFK 1Mwj44dEaTI/yt3s0uUqOkhAUMqJ9L1GmYcc48Bi+ARePEEHd8lwOWgvKWqLx6UUtQon qyiC1Z9H1dTe6S/tGrBe2wrqkIQCwPGVT00a5muwx9ellcE9RwvwwHduRLsB2GGG4/21 REmuD07J+Kbr9ymErsphmzh/HmfLcxMFK16tr7/nsJgUwOm5opl+POEmuLtR9uvmrkrX Ssusz/sxswg9Bro+y9bDcaplQcCrSItEdWmbgC67fbGHGv+zxvsMEXsgVFjA6f0l7W4w AFAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h210R7jL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id q24-20020a63e958000000b005898699b2afsi12636684pgj.176.2023.11.22.01.45.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:45:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h210R7jL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 6B19A8070331; Wed, 22 Nov 2023 01:45:23 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343602AbjKVJow (ORCPT + 99 others); Wed, 22 Nov 2023 04:44:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343675AbjKVJoa (ORCPT ); Wed, 22 Nov 2023 04:44:30 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD22BD50 for ; Wed, 22 Nov 2023 01:44:15 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9F7A2C433CA; Wed, 22 Nov 2023 09:44:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646255; bh=gCkTJXN9hgWCfubwLDLAmQpOXrRFEWNkqe7LcsfqPUI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=h210R7jLnqkzHFNW2i+bNC/uW8728czTflygATeqPHl26mTG4iNTO/3gkMXGYPXFf PH8vpoZOA7k8ZL9aFvlCjOOCziT6vy26FbZL1HE665xm4hvAUJvhE2zp6t9hzCfeqo t3IJNIHcA7tQBbVdWXAS2/RmKl+4V3XS5f8pVjvm5p17xaH9rKDG8KJPCnyHe4rKv0 HxFWNWYXflOIzbRkGZ3oNzHRXJweodM+ntU8HkYYfwHN9YnMhlU/AiZ+ctbxSLTi3K 3WwpCNuPtS29zMJyc0EWpf9s7RymWtpI9ltp4+horOAkwOTgBysp6m7F9DquRI7H+/ 0znHAiLzjXVdg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:21 +0000 Subject: [PATCH v7 11/39] arm64/mm: Allocate PIE slots for EL0 guarded control stack MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-11-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2936; i=broonie@kernel.org; h=from:subject:message-id; bh=gCkTJXN9hgWCfubwLDLAmQpOXrRFEWNkqe7LcsfqPUI=; b=owGbwMvMwMWocq27KDak/QLjabUkhtTYM/8lHrpkfRDKsNrcv+HM4ftX0yZd2fNToL57XXlv5 UOvmIi3nYzGLAyMXAyyYoosa59lrEoPl9g6/9H8VzCDWJlApjBwcQrARDYpsP937Bf6G8WaH8wS YTJz+hT7PkttgeLI1xVXNCfMl/p82eTBruI2duXO/qP+f9YFX1rxK9B2h3NLW5GFu63oJoVFOc7 nV3j7lmhOOmrZMmGVgMOGJ4cce5+8qrfkvBvQJLSi70Sdr71Os2Jxf7PPrIgIzU8e9Wx3HhrOE3 ysuznx3ozqD5f5a+2631l8OJr1ce1l7+Soja23YtudX1UYLvRvdFzOZWPi92LpBmcVmZ5psxr/6 r3u15w538Em9ti7wptlYtEt+X7dAtEnsv4v5Hn4b9vTpHNKzlr3+ULlnBjm/GI4y7naUo9PZJX0 9sqNSfN2StnU8k4oPOfcdSVw4iMT1+awP0b8OSEmRlssAQ== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:45:23 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256943654546677 X-GMAIL-MSGID: 1783256943654546677 Pages used for guarded control stacks need to be described to the hardware using the Permission Indirection Extension, GCS is not supported without PIE. In order to support copy on write for guarded stacks we allocate two values, one for active GCSs and one for GCS pages marked as read only prior to copy. Since the actual effect is defined using PIE the specific bit pattern used does not matter to the hardware but we choose two values which differ only in PTE_WRITE in order to help share code with non-PIE cases. Signed-off-by: Mark Brown --- arch/arm64/include/asm/pgtable-prot.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h index e9624f6326dd..297a645e8a0f 100644 --- a/arch/arm64/include/asm/pgtable-prot.h +++ b/arch/arm64/include/asm/pgtable-prot.h @@ -127,15 +127,23 @@ extern bool arm64_use_ng_mappings; /* 6: PTE_PXN | PTE_WRITE */ /* 7: PAGE_SHARED_EXEC PTE_PXN | PTE_WRITE | PTE_USER */ /* 8: PAGE_KERNEL_ROX PTE_UXN */ -/* 9: PTE_UXN | PTE_USER */ +/* 9: PAGE_GCS_RO PTE_UXN | PTE_USER */ /* a: PAGE_KERNEL_EXEC PTE_UXN | PTE_WRITE */ -/* b: PTE_UXN | PTE_WRITE | PTE_USER */ +/* b: PAGE_GCS PTE_UXN | PTE_WRITE | PTE_USER */ /* c: PAGE_KERNEL_RO PTE_UXN | PTE_PXN */ /* d: PAGE_READONLY PTE_UXN | PTE_PXN | PTE_USER */ /* e: PAGE_KERNEL PTE_UXN | PTE_PXN | PTE_WRITE */ /* f: PAGE_SHARED PTE_UXN | PTE_PXN | PTE_WRITE | PTE_USER */ +#define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER) +#define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER) + +#define PAGE_GCS __pgprot(_PAGE_GCS) +#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO) + #define PIE_E0 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_GCS) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ @@ -143,6 +151,8 @@ extern bool arm64_use_ng_mappings; PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) #define PIE_E1 ( \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_NONE_O) | \ + PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_R) | \ PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RW) | \ From patchwork Wed Nov 22 09:42:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168237 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206943vqb; Wed, 22 Nov 2023 01:46:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IFnV8AIYuLh8PYi0MTss7JE9TJSjFT6GSuGNjpiUHWrkkFuXee3Omw5W80MuS0DoBzgutdb X-Received: by 2002:a05:6359:5e96:b0:16e:111:5c5a with SMTP id px22-20020a0563595e9600b0016e01115c5amr687156rwb.16.1700646408154; Wed, 22 Nov 2023 01:46:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646408; cv=none; d=google.com; s=arc-20160816; b=MDx5sTEYGgiHOH6rF+im3sPh8yYsziZdFNLSqly48Fb0Sw7333dEWpNZy/2u4wM8ci s313ozqkpW9O6kBwxij7YJeRjY+KeJCJIjwChMoFwkqJ+B0BaDYh0vcL6U2MTKZD6pBX VViYhXB7+4edz2orGt/pYGBRG6UjBrEpf+LsyAZHyfnTI7J4h/xYO8F0M97xSxtcF1/Q gPfJY2Tx8IgsnPs7R3rJjDMKWpm4FKSE8guL28QSy+Zao7a1rncZlgcrz7e70yUqoBiB Oy9X7gIKVEcoIBI2TdZFgwGUIz9HVUf/WjPq6V9G66os2kYulahuRWuuGVfcFDTYL6gv CiUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=ibX+h2ew3ywDs3y5/V0WozUSvEovuEkFpmJ1Sw1wP7g=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=boWqe6N8/9S1f/hSYnpDhnZKPQPW+0psjwEUTfmZ0zVhKGDDEhYtuJbcWMFJHF6Ok+ aOM1OH3gm6TooG1XGQsn4tr2lYb6Eq2CO7hz+5fhbjQnLmqgcYPi9SF8/4oQsV7RZuoq +VE1Hf1Fx3Xj/vek3M4+VtCHSAitksKDrijAB8HuIPbF6CA+omlC4mk9JTKjfHbG/e/U ADfKaPoxAl1ajw1Ba49H6ItMab6sL6B2h7YONJ0pF3dProxa5WLyBaRMLavdcZxF0ZkU mUqM35OCjnQK4EB3VWaiiM7iGzx5ehCwNCuzhJppp1GEFDPLGedPkrWoUKtV3wnDtR2h 1ODQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DhF0C8ob; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id cm11-20020a056a020a0b00b005aaefc07ccfsi12645139pgb.36.2023.11.22.01.46.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:46:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DhF0C8ob; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 6B463806D477; Wed, 22 Nov 2023 01:45:39 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235311AbjKVJpG (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235338AbjKVJok (ORCPT ); Wed, 22 Nov 2023 04:44:40 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3468C171F for ; Wed, 22 Nov 2023 01:44:23 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 041B7C43397; Wed, 22 Nov 2023 09:44:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646262; bh=Df+HY0dV5R5n1ih4MqR1JvyrE5qdgwZR/dZq7PG88vE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=DhF0C8obSjt9Nfr4iuhMF+MfrBzvOMHkq9LmVgyYKZnO9fIVLqs7HPAS+n3JPEKJ0 dLQEv4IqHz985M/9vF5RA3TEblITjIIzbNMwRKx3W4AeIrzRpwLIpvKWycDupEWd4k HDnsgVbJ2E80hUb0HTiGD+TfDklzJH8Ma+jZ6ZDSObz510LSGSdIjpW/3G98VBnzUv DxrYCGKBYiovBFq7e5dPgwWVI3DxTMzU2LE/Db2CvFUUPnnfx59dYtoZlztgKFgZdC Xnv3q15QP1P/yyGxaz73jzcQ0IOLjraOoSEdX2zUMo2fgiDmta5EVVRM0eoUCmP1lx wbCpNkVqokZ9Q== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:22 +0000 Subject: [PATCH v7 12/39] mm: Define VM_SHADOW_STACK for arm64 when we support GCS MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-12-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2038; i=broonie@kernel.org; h=from:subject:message-id; bh=Df+HY0dV5R5n1ih4MqR1JvyrE5qdgwZR/dZq7PG88vE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXcz/qzN33RRp1sMMsdDeIWGemytfZkpPWLo4a cwQK9wJLbWJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3M/wAKCRAk1otyXVSH 0CJlB/42DNRC926QZda7ZgVHwYfL0gTMCpMI6gcouqu0xgA1HTtwNrwD613VnSOoyxtfTGVzCMY tsVAy8UOqNqRN6Dz4Zh0A+WmkLl1I5GdvGmF54We0wD2eSV5cLIVOIbdhyzcHObAzfkNwcd8LZV xX6x0wVfcf5dhIKnwCSx7NL3qmoP/2RuVklEW90UpGYkcYj/L3FIb/kydQwjinq8/NYa8ybu2FI iPgL35MV+Ppu4QMvQxgI4+09gl+0XIjyeFDoigRWiF/oIFAz8r4t9jdHMwTU+YpNFLdNthAWQ/S faocMmU8q7Y6bz+9r3UGqczI7+EUjPo4aNc0Gwlh0vqeaAX/ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:45:39 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257007846572684 X-GMAIL-MSGID: 1783257007846572684 Use VM_HIGH_ARCH_5 for guarded control stack pages. Signed-off-by: Mark Brown --- Documentation/filesystems/proc.rst | 2 +- fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 49ef12df631b..1dfc5cb20f28 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -570,7 +570,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking - ss shadow stack page + ss shadow/guarded control stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index f0a904aeee8e..29fd7d6fbeb0 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -701,6 +701,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ #ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK [ilog2(VM_SHADOW_STACK)] = "ss", +#endif +#ifdef CONFIG_ARM64_GCS + [ilog2(VM_SHADOW_STACK)] = "ss", #endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 8b28483b4afa..3c96fc6c1128 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -352,7 +352,17 @@ extern unsigned int kobjsize(const void *objp); * for more details on the guard size. */ # define VM_SHADOW_STACK VM_HIGH_ARCH_5 -#else +#endif + +#if defined(CONFIG_ARM64_GCS) +/* + * arm64's Guarded Control Stack implements similar functionality and + * has similar constraints to shadow stacks. + */ +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#endif + +#ifndef VM_SHADOW_STACK # define VM_SHADOW_STACK VM_NONE #endif From patchwork Wed Nov 22 09:42:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168243 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207101vqb; Wed, 22 Nov 2023 01:47:16 -0800 (PST) X-Google-Smtp-Source: AGHT+IHKx7OGivjZ38lFmdfSfsWbr+gm8u9N+nQJswV1imhaV4So7azrmaHnbwiYIFog1TCBdwWI X-Received: by 2002:a17:902:d4d1:b0:1cc:3825:7ba2 with SMTP id o17-20020a170902d4d100b001cc38257ba2mr1855832plg.4.1700646436055; Wed, 22 Nov 2023 01:47:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646436; cv=none; d=google.com; s=arc-20160816; b=aZN/mnHE4DMos9cFIfjF166EDcG85dJLoPIp0go/ZPjl/ClPM/bUYZPi6EkuWGbvQJ 8rjMnyKMZafl7bXt+WoaFMIcgPBYLNa3UwggBOoIXMxa+afVYv3IHejRM0cEtM4SXYHm eQTOiYqh8TVT+gavaTU07AL32EFGLDdtm0TFqZxz/tqlOpRisjbry1Cok//61h+5bsbH tKtnxGPclabU6t829M8JcuuG8MV29ep3uolqyKq+YgTZ4fUmReNmr1MhtfA1lvNBwYXH +ei2idA44Yu/oihGLnlu+ZG4MmkMoqGCjKvhHPFYFnAhbx8b2lLanZTzHDvHdGLFt10D tG3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=Arbjk0aSXvp932aR/l2/MuAVze6JtdDBpxWCzpTeg2M=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=Aj/PEIWWJbg0Q7GDcx56EJQy6dIwrCubTLqDaEYgpdYqsBOe0WNpOoOv1br4wu1Yyv ATm/VlowvUYHLNfEblDcajjfhsc3CzGDJfdDYoesmxBUykeGHPs2FN6g+dDYkvzr40rb 12MrOb6NOw8OJif2IcX4GlCHsdrBhW5Hmn7eEFsoe4KiCSEzMnejEkfacYPzMBKKKyo2 0K3OacTRxUB1h2CqJim1dgcQp5WIkQZ+aQwczcVJQBvzmOChPHHx0ItsXZQytf9ObWLF zw38YC/rWvkyf1mQ0g8X75Vb3oULphJAhsh61R2JZ8kg4xY2b0BhOAgkYd0kcEjF4UIc bTEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rTp3IgyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id jf22-20020a170903269600b001cf75ba66d5si1915809plb.184.2023.11.22.01.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=rTp3IgyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 4B8D18087E37; Wed, 22 Nov 2023 01:45:48 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343615AbjKVJpK (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235359AbjKVJop (ORCPT ); Wed, 22 Nov 2023 04:44:45 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0981D78 for ; Wed, 22 Nov 2023 01:44:30 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50C67C433C7; Wed, 22 Nov 2023 09:44:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646270; bh=qEFrCNf3UEgHGW1T9wtS9jRJz/KS9KwPB3lxI2GEsTI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=rTp3IgyIvQfGD4I+L4TFOAbCJv9NbsiNeIDD4RtpVFyB4VfP3fsoai+tC4z4rivNB 8csRCTYL8ZxeIFyOEnSQA4auqXLMjPB0TV4q9PD4M8mgIYeKJidyttb6RB1TqgN3n/ 7KFCMpd6Y97LNcgEUgDa3TuB2NG38oyO3WYbYyT4ZlzJStWJg4OpYtI1zx1GNbFLcQ EqvGVx0LQC1NgAEZKJhwgqD7BpUehJeQAuBogQ81mPWkWennLwbFNmzi6M9MU9ePt7 EfPhNaYflYB6bWpv0JVKbnZGesMDPr2M3n8dHIwjEE+6mu+EB7/vi4iVvbD9/uCSfp qfBU5xs5TJplw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:23 +0000 Subject: [PATCH v7 13/39] arm64/mm: Map pages for guarded control stack MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-13-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1837; i=broonie@kernel.org; h=from:subject:message-id; bh=qEFrCNf3UEgHGW1T9wtS9jRJz/KS9KwPB3lxI2GEsTI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0A24D56zutL8bLQvd52fo0wC43SRULlWAh1 +rU/4PE4q6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NAAAKCRAk1otyXVSH 0HxeB/wMjuD6MVRsjymmm5q0PFo3mPpIDfrsn5bfPM93xyIkhexzp3o8MKMLZJR6AyWc5SU9ANA 9VNb9/Gq2SqulwM+T75NERQoIaX5QN0rnERoUsbZEovn2OVcl1rKgSR9V3pSg6Qe7bTHQI1RXba 52pV6lnw7K6QWG67Rs68SOCjwuPipie41cnu7hHYrKAVPUJgJ3xAaTF3zvDCHGppy2hPtemSDue xvPJt2OEUG/I7wwXpBQXAIdu64425sWrMATEdrAKaBbTDiRIX3QHYitwt4URVvOPC092qkbtgUq ocdLzNoIZ+MRZVauVM6J+z8pX5L1QoZViXQ6EXKLKo+5igsQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:45:49 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257037391054431 X-GMAIL-MSGID: 1783257037391054431 Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown --- arch/arm64/include/asm/mman.h | 9 +++++++++ arch/arm64/mm/mmap.c | 13 ++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h index c21849ffdd88..6d3fe6433a62 100644 --- a/arch/arm64/include/asm/mman.h +++ b/arch/arm64/include/asm/mman.h @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) return false; } + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + /* + * An executable GCS isn't a good idea, and the mm + * core can't cope with a shared GCS. + */ + if (vm_flags & (VM_EXEC | VM_ARM64_BTI | VM_SHARED)) + return false; + } + return true; } diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 645fe60d000f..605d4e6edc1d 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,9 +79,20 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } + /* VM_ARM64_BTI on a GCS is rejected in arch_valdiate_flags() */ if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP; From patchwork Wed Nov 22 09:42:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168238 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206950vqb; Wed, 22 Nov 2023 01:46:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IHqnSf3pwRkAbsDCLHZIehGSZZm3H7YMfy4+TFjL9s1f1ndPspP5Os3HXRsumbui5AtxhNW X-Received: by 2002:a05:6871:724a:b0:1f5:ecc7:2ee4 with SMTP id ml10-20020a056871724a00b001f5ecc72ee4mr2641337oac.6.1700646409315; Wed, 22 Nov 2023 01:46:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646409; cv=none; d=google.com; s=arc-20160816; b=YT7qN1gX8bxsSej4uofwSU0KkQ2HfeQm2wpY1mIPfZoY35ncy9V+OVGVGymjIT7yi2 jqxKW6PcqDkxvT1XsK585iIv/OXWeSy+u5nm2oUxClOQfhZx6o07gD6ZH6ptdcXkyIRt v9lKB+Wi1oqc5PrkR4DqDiUNxepA5vmM9NlgIIhfpnmfTqAozXxjyxtgJVomKnIaNcrI mMkZBbwuOxYBpwqvqM24P2OQ03HJ4dsNrqp1tdmRlFcfI8P/2Uh9KQg6HofPMrkWXZyY KkSNh+EFE6/ps47Msc+W2ifXtLuLL1WI7NVE4PULV0uJGtHOjTuOIVrZzmiq3EY5IfjL UVGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=n3malbSPeu/Q5hS55bgQ6p7fHqRVphzv9TdTOkJrikw=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=qtso5D2qEOEXoJmJPUw6yxVhd8P/ny/OgWPAY4QMnaylYaQ1rhhQ34nyVXd/9LYb83 0XZ3sYtmw8maJD55eiTShugckSlf24EB9yfzj1/I+s4pB1ccDGqR1RMWwIfVXg4DsJUo 7ksVJuW9s4N5qyNZ3r1ocbCm4v9VhK4FbZBu+Gzbqk60e4Yl+/J356sPzXUy960z1x94 mKIh/IIpKm/t8CZChwbzCn/5s3rx0A4sNTHwfgqufoyePK8JDGAyDJPSHP191p1HLEP3 3uL14/WRg50eOcz/Ja66lXY9Y5he9l1lX0D4n0q+PvOjbKtKi988SPavOJ3oYhOotZK6 qwXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lBBiPkfs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id q27-20020aa7983b000000b006b6119c4695si12059620pfl.380.2023.11.22.01.46.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:46:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lBBiPkfs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 007D38114EC4; Wed, 22 Nov 2023 01:45:52 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235302AbjKVJpY (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343729AbjKVJpC (ORCPT ); Wed, 22 Nov 2023 04:45:02 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D54110CF for ; Wed, 22 Nov 2023 01:44:38 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id AB45FC43142; Wed, 22 Nov 2023 09:44:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646277; bh=701JTF9Jvt7MHb4vzhbZhtT7BBJBuznNuW3VQeP4Dqk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=lBBiPkfs1bDvDwjHk4OkCK/FLfl/DjbD4UXXRmnc6yFzF5zap9dV3IJ72+bcXHLdR tUb7tOWPLx3jyiV+kFx1gYyjX76ecQ9jUUhXAFPxP3MT9oDHjvRaYtVWbg7PEzj2xv 35tvDg3WO/auArFeFCucrYnv98XyP7Q9zZVWus1BTU9i5jNDTO6JUUSp7efT6qfpp4 kNbXvyIW8LgU9/jn09Puy6NA0jHcD+6ZD9V3T6NpokLSw8zrlewKqnApU8DlaGUI11 e86Pgu50Yp02rHLvXaKF0MTkm15a2boO2lGqfFFeQz6uJtO+40YZewfERRgzR+47r4 AeAJJBAkAlg+A== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:24 +0000 Subject: [PATCH v7 14/39] KVM: arm64: Manage GCS registers for guests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-14-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5364; i=broonie@kernel.org; h=from:subject:message-id; bh=701JTF9Jvt7MHb4vzhbZhtT7BBJBuznNuW3VQeP4Dqk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0BfEgkkRq/SykifBOr7DH7c9OzUQTfc3qa1 neFhSoEgA+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NAQAKCRAk1otyXVSH 0MFTB/9Zui5cCedvHBD+Vs/u3hLqGSWuJf2lHM51ej/6t6eS1XaHSrFKXdLgTCQYE9smlvcGNQo r4+cJ9fLfz1oQl0jGvRlS6Bnx2jTNrWGGdnFhMgZDfO5xrvSpRjjmXpk3+SRnO4OjVVSGfdAnRS yHzmj/yQQSFe0bfTWBWitkGKeJJcQe/vtDdswlJP2slDDHoCFndFuD21dGsTA+oBvEwSrtNAK0b chDLJDM+svT3/5T0sbV2cWltxUQ5VLZFcpuat5k1Z3WG1YZbg5zH+e+q2CPy36NMutNgtGWpmOV 9/jMEPsWOhkDS2qH1SdZl7RFJHJybmOLGPChu233YdOu3sod X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:45:53 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257009407154423 X-GMAIL-MSGID: 1783257009407154423 GCS introduces a number of system registers for EL1 and EL0, on systems with GCS we need to context switch them and expose them to VMMs to allow guests to use GCS. Traps are already disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_host.h | 12 ++++++++++++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 17 +++++++++++++++++ arch/arm64/kvm/sys_regs.c | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 824f29f04916..2b09805da26a 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -401,6 +401,12 @@ enum vcpu_sysreg { PIR_EL1, /* Permission Indirection Register 1 (EL1) */ PIRE0_EL1, /* Permission Indirection Register 0 (EL1) */ + /* Guarded Control Stack registers */ + GCSCRE0_EL1, /* Guarded Control Stack Control (EL0) */ + GCSCR_EL1, /* Guarded Control Stack Control (EL1) */ + GCSPR_EL0, /* Guarded Control Stack Pointer (EL0) */ + GCSPR_EL1, /* Guarded Control Stack Pointer (EL1) */ + /* 32bit specific registers. */ DACR32_EL2, /* Domain Access Control Register */ IFSR32_EL2, /* Instruction Fault Status Register */ @@ -1177,6 +1183,12 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu); #define kvm_vm_has_ran_once(kvm) \ (test_bit(KVM_ARCH_FLAG_HAS_RAN_ONCE, &(kvm)->arch.flags)) +static inline bool has_gcs(void) +{ + return IS_ENABLED(CONFIG_ARM64_GCS) && + cpus_have_final_cap(ARM64_HAS_GCS); +} + int kvm_trng_call(struct kvm_vcpu *vcpu); #ifdef CONFIG_KVM extern phys_addr_t hyp_mem_base; diff --git a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h index bb6b571ec627..ec34d4a90717 100644 --- a/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h +++ b/arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h @@ -25,6 +25,8 @@ static inline void __sysreg_save_user_state(struct kvm_cpu_context *ctxt) { ctxt_sys_reg(ctxt, TPIDR_EL0) = read_sysreg(tpidr_el0); ctxt_sys_reg(ctxt, TPIDRRO_EL0) = read_sysreg(tpidrro_el0); + if (has_gcs()) + ctxt_sys_reg(ctxt, GCSPR_EL0) = read_sysreg_s(SYS_GCSPR_EL0); } static inline bool ctxt_has_mte(struct kvm_cpu_context *ctxt) @@ -62,6 +64,12 @@ static inline void __sysreg_save_el1_state(struct kvm_cpu_context *ctxt) ctxt_sys_reg(ctxt, PAR_EL1) = read_sysreg_par(); ctxt_sys_reg(ctxt, TPIDR_EL1) = read_sysreg(tpidr_el1); + if (has_gcs()) { + ctxt_sys_reg(ctxt, GCSPR_EL1) = read_sysreg_el1(SYS_GCSPR); + ctxt_sys_reg(ctxt, GCSCR_EL1) = read_sysreg_el1(SYS_GCSCR); + ctxt_sys_reg(ctxt, GCSCRE0_EL1) = read_sysreg_s(SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { ctxt_sys_reg(ctxt, TFSR_EL1) = read_sysreg_el1(SYS_TFSR); ctxt_sys_reg(ctxt, TFSRE0_EL1) = read_sysreg_s(SYS_TFSRE0_EL1); @@ -95,6 +103,8 @@ static inline void __sysreg_restore_user_state(struct kvm_cpu_context *ctxt) { write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL0), tpidr_el0); write_sysreg(ctxt_sys_reg(ctxt, TPIDRRO_EL0), tpidrro_el0); + if (has_gcs()) + write_sysreg_s(ctxt_sys_reg(ctxt, GCSPR_EL0), SYS_GCSPR_EL0); } static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) @@ -138,6 +148,13 @@ static inline void __sysreg_restore_el1_state(struct kvm_cpu_context *ctxt) write_sysreg(ctxt_sys_reg(ctxt, PAR_EL1), par_el1); write_sysreg(ctxt_sys_reg(ctxt, TPIDR_EL1), tpidr_el1); + if (has_gcs()) { + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSPR_EL1), SYS_GCSPR); + write_sysreg_el1(ctxt_sys_reg(ctxt, GCSCR_EL1), SYS_GCSCR); + write_sysreg_s(ctxt_sys_reg(ctxt, GCSCRE0_EL1), + SYS_GCSCRE0_EL1); + } + if (ctxt_has_mte(ctxt)) { write_sysreg_el1(ctxt_sys_reg(ctxt, TFSR_EL1), SYS_TFSR); write_sysreg_s(ctxt_sys_reg(ctxt, TFSRE0_EL1), SYS_TFSRE0_EL1); diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index 4735e1b37fb3..300719f82dd1 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -1876,6 +1876,23 @@ static unsigned int mte_visibility(const struct kvm_vcpu *vcpu, .visibility = mte_visibility, \ } +static unsigned int gcs_visibility(const struct kvm_vcpu *vcpu, + const struct sys_reg_desc *rd) +{ + if (has_gcs()) + return 0; + + return REG_HIDDEN; +} + +#define GCS_REG(name) { \ + SYS_DESC(SYS_##name), \ + .access = undef_access, \ + .reset = reset_unknown, \ + .reg = name, \ + .visibility = gcs_visibility, \ +} + static unsigned int el2_visibility(const struct kvm_vcpu *vcpu, const struct sys_reg_desc *rd) { @@ -2223,6 +2240,10 @@ static const struct sys_reg_desc sys_reg_descs[] = { PTRAUTH_KEY(APDB), PTRAUTH_KEY(APGA), + GCS_REG(GCSCR_EL1), + GCS_REG(GCSPR_EL1), + GCS_REG(GCSCRE0_EL1), + { SYS_DESC(SYS_SPSR_EL1), access_spsr}, { SYS_DESC(SYS_ELR_EL1), access_elr}, @@ -2309,6 +2330,7 @@ static const struct sys_reg_desc sys_reg_descs[] = { { SYS_DESC(SYS_SMIDR_EL1), undef_access }, { SYS_DESC(SYS_CSSELR_EL1), access_csselr, reset_unknown, CSSELR_EL1 }, { SYS_DESC(SYS_CTR_EL0), access_ctr }, + GCS_REG(GCSPR_EL0), { SYS_DESC(SYS_SVCR), undef_access }, { PMU_SYS_REG(PMCR_EL0), .access = access_pmcr, .reset = reset_pmcr, From patchwork Wed Nov 22 09:42:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168245 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207141vqb; Wed, 22 Nov 2023 01:47:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IGdnb5qxhT1tYnMZLnRTzg9afZMr/QdlrsZgctk6XBQCorYV45Vlh5p41E1gyUi/OWPQ9B0 X-Received: by 2002:a05:6870:2894:b0:1f9:5407:4c34 with SMTP id gy20-20020a056870289400b001f954074c34mr2439293oab.29.1700646440985; Wed, 22 Nov 2023 01:47:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646440; cv=none; d=google.com; s=arc-20160816; b=vsZzgb/reLPaaMYBY9Ou/OXTFTsywYZsnsumQ4e/1AD5cacJPjXbYrJQFKZvmQBH6i HK//f48WyrR8wYM3IG8wcBWWbLbrh8lD9qtDoLwr0f0fH5onIUjB3N/6RkS0J2Doy03E 8nX2Jd4gVR7HhCqGoyqcTRx103agJeQxGgFxTcMs0x0yhhbxHPKiVExtTqjcEYOu9z3W iavEiHTfK2ll6kCzSpzcaVkyxfnfTIE8VW2DTBPFCtZt6FS9n0dwWA4iRevaea32l7/7 mwQ2hD5JjfpaCXg6TVPbNJ7i05P50MODGt9hvoatjHszEpr7qOgnC7qwzmstR2FXOScy Df6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=u9Kh223n1sw2bA4JKVyqpsNW0iXZWBnYpCmPJVjaA/w=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=m0PD0Cj3C9sUNqESz8stGjdr7vDSQnYedcNQG/fi/USWouoRnNh1imRgPb4o0worla KvPZrIQD8zfLOgJZQrGeOWOQzUsuc+5H2sY/aIVpA/bLJJm4uE+eZoqbZ1Pm/izJoHkE 0htdHubTAPXBUcRbmW00EIU3aawQ5RAgQGsaklQ7qhJsnMeR+fK/QCCE/f/JG8GNaDHd u4NExwpSLRKg3sMU4nBpwm4AmHCGl+TLmC3e990YTUPStWDDzz4USG4drc/XiYXxQBz3 BZs8flCofszBHtCOUs+lU41CTVUSnW5cL8E7ljGm0J8vr9lYg2TLeLkLiYm22hHwTwM2 nwCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SyPO5tjn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id f189-20020a6251c6000000b0069342aef90bsi11870516pfb.3.2023.11.22.01.47.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=SyPO5tjn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id ECC8F80EE7CD; Wed, 22 Nov 2023 01:46:27 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343682AbjKVJpe (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343671AbjKVJpI (ORCPT ); Wed, 22 Nov 2023 04:45:08 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9AAE310F8 for ; Wed, 22 Nov 2023 01:44:45 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70B4AC433C7; Wed, 22 Nov 2023 09:44:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646285; bh=eAZyVctWUIW822C6a4XspzvFhF8YmdJ2KmfW+KTTZkg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=SyPO5tjneJ1lWQ6vMvro8FogjGi2iuc2b+pcmTXuO8VKhRqYlvw00yJlvvbHsdh84 TjGzB+y7+/Y3Q920f0JAUO7oIDuDC/YZstqwF38A6ixh909kP+lzJHULCdJGX+fIzu q2JxSOEaKpH+uJ3EXxGW9/9dWeXbeAXUDeWofNO1W6RlsAf2V1MwnpzjgSB/ogU4X+ iQxSL+7QlIiwyGcC1yZ1M5CuYrxppxx40R+51v4wstppfqJqFFJl8enKcPtvvp49Ck 5eg7e8+cZV57vDaFzG3Pv8smXqbDeUH6q2VouWbCf5uw9sS0ZDl4rykCqfkbJEE4hX ADwfS0/JxHqSg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:25 +0000 Subject: [PATCH v7 15/39] arm64/gcs: Allow GCS usage at EL0 and EL1 MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-15-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2246; i=broonie@kernel.org; h=from:subject:message-id; bh=eAZyVctWUIW822C6a4XspzvFhF8YmdJ2KmfW+KTTZkg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0CgBXsZyH7UmX+GJUnolHom10FZwrrBFtz2 fm0irI1LESJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NAgAKCRAk1otyXVSH 0DSKB/0YQg4ct+cd7LzPnbzosVtkcpo9NOAazn/sUsJ2DtI354warKGrRY6PxciWlxzrMDgiIus HiJme7H4zGCw0IDbOmwwTfwCBkzLrvskL6mtcVElBOwwj0p22FxA2z06bnEyl+hOGCVOvm6HJGr S2L6/PMBzs/qmDYtEl04cqXyrEjy7B073aCQ39bj4OWb8e9pd1x45oG1v1BG9nEsklqU/iYgKZl +W/7rPeizJfM/yQ1ZEYuaJ73f8isMI/FMN+vA1i0JVuceYiVSaL7GypOFOYgDGwoP/Xmt6S2aUk PoVEJ298MhJe8H7+mrvEZOIqa4+3U3qcVTURWXFcrBZzuVbh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:28 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257042205596340 X-GMAIL-MSGID: 1783257042205596340 There is a control HCRX_EL2.GCSEn which must be set to allow GCS features to take effect at lower ELs and also fine grained traps for GCS usage at EL0 and EL1. Configure all these to allow GCS usage by EL0 and EL1. Signed-off-by: Mark Brown --- arch/arm64/include/asm/el2_setup.h | 17 +++++++++++++++++ arch/arm64/include/asm/kvm_arm.h | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/el2_setup.h b/arch/arm64/include/asm/el2_setup.h index b7afaa026842..17672563e333 100644 --- a/arch/arm64/include/asm/el2_setup.h +++ b/arch/arm64/include/asm/el2_setup.h @@ -27,6 +27,14 @@ ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 cbz x0, .Lskip_hcrx_\@ mov_q x0, HCRX_HOST_FLAGS + + /* Enable GCS if supported */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_hcrx_\@ + orr x0, x0, #HCRX_EL2_GCSEn + +.Lset_hcrx_\@: msr_s SYS_HCRX_EL2, x0 .Lskip_hcrx_\@: .endm @@ -190,6 +198,15 @@ orr x0, x0, #HFGxTR_EL2_nPIR_EL1 orr x0, x0, #HFGxTR_EL2_nPIRE0_EL1 + /* GCS depends on PIE so we don't check it if PIE is absent */ + mrs_s x1, SYS_ID_AA64PFR1_EL1 + ubfx x1, x1, #ID_AA64PFR1_EL1_GCS_SHIFT, #4 + cbz x1, .Lset_fgt_\@ + + /* Disable traps of access to GCS registers at EL0 and EL1 */ + orr x0, x0, #HFGxTR_EL2_nGCS_EL1_MASK + orr x0, x0, #HFGxTR_EL2_nGCS_EL0_MASK + .Lset_fgt_\@: msr_s SYS_HFGRTR_EL2, x0 msr_s SYS_HFGWTR_EL2, x0 diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h index b85f46a73e21..e4b6a29879b7 100644 --- a/arch/arm64/include/asm/kvm_arm.h +++ b/arch/arm64/include/asm/kvm_arm.h @@ -103,9 +103,9 @@ #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) #define HCRX_GUEST_FLAGS \ - (HCRX_EL2_SMPME | HCRX_EL2_TCR2En | \ + (HCRX_EL2_SMPME | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn |\ (cpus_have_final_cap(ARM64_HAS_MOPS) ? (HCRX_EL2_MSCEn | HCRX_EL2_MCE2) : 0)) -#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En) +#define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_GCSEn) /* TCR_EL2 Registers bits */ #define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) From patchwork Wed Nov 22 09:42:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168236 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206666vqb; Wed, 22 Nov 2023 01:46:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IE3Fe3UlNLkOLl7fjtemTvqicMun5iavtc4X2XX32HfyUyJaK/Wv5kZl40xX2H70BDcMY2F X-Received: by 2002:a9d:7690:0:b0:6c0:9e24:6eab with SMTP id j16-20020a9d7690000000b006c09e246eabmr2055435otl.33.1700646372348; Wed, 22 Nov 2023 01:46:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646372; cv=none; d=google.com; s=arc-20160816; b=U9LZBeQB8dPIwo84HuDu7rk4pc2kA0+iBaLG5K6Loz6I8uEJABuejdnRpq2f8+KtgZ oiMZCJE5T5W3uTA7A+aR5hhzUSotrr/CpiJ1zeZKJ5+RgKVU3NXSgQlPWQjeXfYrMzRb nv/7VsRt5WI/fBpLdJ2D8/abTqZVpDyvvqwZ3RaPHIQ5OQtjowpmg4UyF8QEuB1a9WE/ 6Lli5plDW8ohjC8zVOS+gvzsRO1KDICpxgJ73y16ALbGoAFr78QOOlIIkFVIdHIiqU33 4zj5VaFZrAyvM0wruoj3um7j7s6eOncXHDQn+rMMw2oXbW1ZdNPCvgL3dFpeGXUvViv/ hTAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=V005LwtjUfEy1OzahQ56WzeSFrnTdi98gEeViD70LKc=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=bKVH081ytCLf8P383EaQInFqwAOpzPsHIeRVDJLitLiYvQ5O32/JIPWoA8m8zEBTED 3IgOGRWV4STTskLq5MyvGswUF3wtS0rOz/QXu1goZT7L4FiKnJ3VBaJDsWeLWHNiEgjn xzz5LpXhk0CqnyGPfg96Hiu3gZX4qwwtR8rlxzfLT+H+lLwlc8sMIQBZV2JVjNos8eYT 28ya2v77kEvBvOGJefSa8cQiSBWBtZst0VuAN+FfZ1uPWMQ/I5pRxeBZmtSuTOnui2C9 POp5pgppnwzLpMFHWDanSw5Tx6via06bGSiAby5AOn6j9sC9Jfh48aTpT2MhjmOSOMF9 BMBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="p0Z/U7xM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id cn5-20020a056a020a8500b005b92ab9ce80si13503254pgb.460.2023.11.22.01.46.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:46:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="p0Z/U7xM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 6623681E783A; Wed, 22 Nov 2023 01:46:09 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343734AbjKVJps (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235269AbjKVJpU (ORCPT ); Wed, 22 Nov 2023 04:45:20 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C5E219B4 for ; Wed, 22 Nov 2023 01:44:52 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B6165C433CD; Wed, 22 Nov 2023 09:44:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646292; bh=HrTZdiDMDN2AL5+FFpvaO5U1EqVinVUtyfSdqXL4wYA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=p0Z/U7xMPKgM32RdtDRReCBHmtw+qLgWMkmr9fAlX9sTPpSTX1kzT1b4Ax8iNZTQ1 SDpqnAv/m3xI6cskZjeIJXtgnHudh+xvZe8lSAZLVs7RjUByzMaLt84cVni6atFfi1 +X3DScY2qReqW23WxMSFy7bEE8mBc2v/XGgaKns+PNuVAPlMnGMDRcv9OEpAI4D/om CpDnm2ALUXUkqaRpqSUp+bCmc6Y3gqo06ZtP0UHlplrxt73e4QcDOclNWVf+LnjHaN QXl+y5Ql95Ai80nNQ7l/b37t+jrxyuqXFBUhUW9i2y6qZpxx91LF6ySTkMQLR3is6Y lXvqWl1Km6fLA== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:26 +0000 Subject: [PATCH v7 16/39] arm64/idreg: Add overrride for GCS MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-16-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1992; i=broonie@kernel.org; h=from:subject:message-id; bh=HrTZdiDMDN2AL5+FFpvaO5U1EqVinVUtyfSdqXL4wYA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0CojGZj7s7XLMcN8F+/cIfToo5TSu1/o7Jx iRDev9LKKeJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NAgAKCRAk1otyXVSH 0IzPCACBRiVUTa+NHQT8XYai1y7/yLDxXJtjiAwGWCackHesESEtvValhKUigkGVJTRmqHLXptp cfwVGt2mctgc4HJtz8X8e6HP2UNCAeeD3OzagUJnZaDRGgKuFx6WxtnBaxjDKorTWBOhf6WqttU iV+LqXArWC0PbuMC2DgqoQwv6zSNVIeG0//Fhbwj7qd/pve5AUJV5aFS8zHE0FBOSbKfDl5y15z Xn+yX4gbWJIf0xIN4DDjLjwN3Jl0uM2gMo9nMACXRJvrQLhHqw3BjMF7ida4CqfIiVvU/BTHlpI jlGGSl6tFko0XV6J3tsrAJW+uVFoylFuxbpJ/cMFFFqzZs5R X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:09 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783256970439313164 X-GMAIL-MSGID: 1783256970439313164 Hook up an override for GCS, allowing it to be disabled from the command line by specifying arm64.nogcs in case there are problems. Signed-off-by: Mark Brown --- Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ arch/arm64/kernel/idreg-override.c | 2 ++ 2 files changed, 8 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 65731b060e3f..e2282f310ad7 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -418,9 +418,15 @@ arm64.nobti [ARM64] Unconditionally disable Branch Target Identification support + arm64.nogcs [ARM64] Unconditionally disable Guarded Control Stack + support + arm64.nomops [ARM64] Unconditionally disable Memory Copy and Memory Set instructions support + arm64.nopauth [ARM64] Unconditionally disable Pointer Authentication + support + arm64.nomte [ARM64] Unconditionally disable Memory Tagging Extension support diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index 3addc09f8746..cc059ba39d58 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -99,6 +99,7 @@ static const struct ftr_set_desc pfr1 __initconst = { .override = &id_aa64pfr1_override, .fields = { FIELD("bt", ID_AA64PFR1_EL1_BT_SHIFT, NULL ), + FIELD("gcs", ID_AA64PFR1_EL1_GCS_SHIFT, NULL), FIELD("mte", ID_AA64PFR1_EL1_MTE_SHIFT, NULL), FIELD("sme", ID_AA64PFR1_EL1_SME_SHIFT, pfr1_sme_filter), {} @@ -178,6 +179,7 @@ static const struct { { "arm64.nosve", "id_aa64pfr0.sve=0" }, { "arm64.nosme", "id_aa64pfr1.sme=0" }, { "arm64.nobti", "id_aa64pfr1.bt=0" }, + { "arm64.nogcs", "id_aa64pfr1.gcs=0" }, { "arm64.nopauth", "id_aa64isar1.gpi=0 id_aa64isar1.gpa=0 " "id_aa64isar1.api=0 id_aa64isar1.apa=0 " From patchwork Wed Nov 22 09:42:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168246 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207147vqb; Wed, 22 Nov 2023 01:47:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmYlUNU5OvrcouD9RJDq7/yzHz9Pc9qpgFRa/wuaHH6v3Jky2a26dpW+kp/wv/IGYEM9pj X-Received: by 2002:a17:902:e5c6:b0:1cf:662b:44f9 with SMTP id u6-20020a170902e5c600b001cf662b44f9mr1881627plf.69.1700646441598; Wed, 22 Nov 2023 01:47:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646441; cv=none; d=google.com; s=arc-20160816; b=JpqAiGl2jWTmGe0eSN1sm3Dc3hcuhJ4seT2p+DEUEYdBu6NTyzBUMVUC7zk+wFUmiW DlEEcB1og7ksFnDQ4cXKzRxzl5K/uQvSz/D4cEyx7A0M/5LhqGEjPFJ2TpQiPwxlbwgi eHSFE4//qCHhKbWhq07UCHWXB8+dOivxWEKaVLC95wdSW8PvTADXb/iltFZSQNUP8ECy iGKVt1QhDPW6O39kPDxZ8gVIVNw7Yk7kkrMdCtdwE/m87ZZ/xEQElyJvWXWtS8TQEUhb 9Mi3WpNCvCpQpYDet5STnxVB0T/kDhFGwGQjWWRk34Jh2oIsYgQAKk5r4uXaouV+x39T E37A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=urIKzgF+gbFci+9gR98y0hlMG49q807Mv9quL2usDL0=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=jKhF1czV9rHeCnWtqWvh6oMRt0apUd9FQtK7WXZ/mpv5ZorFPh/5MlkIafqD1mxbs3 E05aUA3f21VVSeMrwXahbpxFb7e0uRPaY0RwzXPSqaE0ucSC7oc4D7ACUuIeo39zvv+V nRCol0jQYagMNiddjPoOiC9SBgv1cEJidjUJbaJU6lQWMjRQWr6b1DHKEp5panzOiUzG +pX9ssM6kb/gKyyMIoqZUFE8XtO2DRdyGcSjj+ecpqx+C662BsuPNfXHznq+9SqiQ+vY ILJGh7j5pIKy/cubiNgR9UjW1odD8lbtzzpUpli6nb8E6Q9OTQYD8U6dqcUwtTfdHv5M qr2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hzQJt+Qj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id m3-20020a170902bb8300b001ca38020ca3si11518343pls.629.2023.11.22.01.47.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=hzQJt+Qj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 511D380206D2; Wed, 22 Nov 2023 01:46:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343788AbjKVJp6 (ORCPT + 99 others); Wed, 22 Nov 2023 04:45:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235359AbjKVJpb (ORCPT ); Wed, 22 Nov 2023 04:45:31 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6EF2DD56 for ; Wed, 22 Nov 2023 01:45:00 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 11890C433C9; Wed, 22 Nov 2023 09:44:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646299; bh=aU3xh1nd0j/0DloWdWCWjw7vV0cVDgM+Blqu3VdYPtQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=hzQJt+QjotGyzdW5aJXId+R762os1ez45wKIR4uvXUTtbTXvvCKCEaxjLQyE5+11O K/3A3ODSi956zsBNcLEf8f9eLMdYm4TfOH9+z7tMTrIVtOdP9B4+I+wuRvMERobQ0h JUCP4jebtXbiUqppMsA8G+rhZvXVKolcxtB4XUuTV/t0oWGtgR4VblnkO4cK75mYwx 9qI5OOQOQdgWtzvzwMesWgtsn9CBkG0LqBT1uOptR+3dcOUP2In7IV76hwF2BkIhlS 3YE7/eFIr9cmqTmfXYxf0PZPbAKrclY8V1Irgn/qaq2Sr3mVtzvKuhhfqIj/o2sm81 2gp9m8bABLqRQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:27 +0000 Subject: [PATCH v7 17/39] arm64/hwcap: Add hwcap for GCS MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-17-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2995; i=broonie@kernel.org; h=from:subject:message-id; bh=aU3xh1nd0j/0DloWdWCWjw7vV0cVDgM+Blqu3VdYPtQ=; b=owGbwMvMwMWocq27KDak/QLjabUkhtTYs8yBxYdLZ52e+l5Oe09GrZNLak6ww3nOF9bCn5eUz FSfv86zk9GYhYGRi0FWTJFl7bOMVenhElvnP5r/CmYQKxPIFAYuTgGYiBcP+z8LRdmId5Olin8b 5BuLuhe2H8zc9ODU6aXpE8zOPVi9ocN05a+2aUysdeZfqnTPtFgnF7PO8Qh455/rUsuYdEXCoWZ e5IkWn8z3tRp6xy/cEp5xxCrjXWG54XKjD0tzVhQL8U0tviwncOXjLeGMSaYXTx7ZMyv5ZSe/z9 KE6susi0KynUof7X5r/u7qHfdQVpVtXS8614fxdCQcYuox5Nz0pPapaL5lp2gH9/Zn+zrrWY6+C l5S0Cl4egfbyxm98Wl8aS1hDzNipDcaelg8K3/9QGndFfevh306TfLYk3wcJffkljH++LlJwvkP m6kTi1VGgv/ioufK5joTf4rHJIo9vjD7mFjODZHj5Qq/AA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:37 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257043149661723 X-GMAIL-MSGID: 1783257043149661723 Provide a hwcap to enable userspace to detect support for GCS. Signed-off-by: Mark Brown --- Documentation/arch/arm64/elf_hwcaps.rst | 3 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 9 insertions(+) diff --git a/Documentation/arch/arm64/elf_hwcaps.rst b/Documentation/arch/arm64/elf_hwcaps.rst index ced7b335e2e0..86d4ace9c75c 100644 --- a/Documentation/arch/arm64/elf_hwcaps.rst +++ b/Documentation/arch/arm64/elf_hwcaps.rst @@ -317,6 +317,9 @@ HWCAP2_LRCPC3 HWCAP2_LSE128 Functionality implied by ID_AA64ISAR0_EL1.Atomic == 0b0011. +HWCAP2_GCS + Functionality implied by ID_AA64PFR1_EL1.GCS == 0b1 + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index cd71e09ea14d..e01e6b72a839 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -142,6 +142,7 @@ #define KERNEL_HWCAP_SVE_B16B16 __khwcap2_feature(SVE_B16B16) #define KERNEL_HWCAP_LRCPC3 __khwcap2_feature(LRCPC3) #define KERNEL_HWCAP_LSE128 __khwcap2_feature(LSE128) +#define KERNEL_HWCAP_GCS __khwcap2_feature(GCS) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index 5023599fa278..996b5b5d4c4e 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -107,5 +107,6 @@ #define HWCAP2_SVE_B16B16 (1UL << 45) #define HWCAP2_LRCPC3 (1UL << 46) #define HWCAP2_LSE128 (1UL << 47) +#define HWCAP2_GCS (1UL << 48) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 5477451cefa1..dab80391543f 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2859,6 +2859,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(ID_AA64ZFR0_EL1, I8MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEI8MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F32MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF32MM), HWCAP_CAP(ID_AA64ZFR0_EL1, F64MM, IMP, CAP_HWCAP, KERNEL_HWCAP_SVEF64MM), +#endif +#ifdef CONFIG_ARM64_GCS + HWCAP_CAP(ID_AA64PFR1_EL1, GCS, IMP, CAP_HWCAP, KERNEL_HWCAP_GCS), #endif HWCAP_CAP(ID_AA64PFR1_EL1, SSBS, SSBS2, CAP_HWCAP, KERNEL_HWCAP_SSBS), #ifdef CONFIG_ARM64_BTI diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index a257da7b56fe..d557ee301464 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -130,6 +130,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_SVE_B16B16] = "sveb16b16", [KERNEL_HWCAP_LRCPC3] = "lrcpc3", [KERNEL_HWCAP_LSE128] = "lse128", + [KERNEL_HWCAP_GCS] = "gcs", }; #ifdef CONFIG_COMPAT From patchwork Wed Nov 22 09:42:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168241 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207057vqb; Wed, 22 Nov 2023 01:47:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IGCxuhxMJOsr0Hbk+5Vo9EBycVyn2yfhQF9Ra2oV9jMd5TEThIZ1Pid4XC/b3K+OvKenOr5 X-Received: by 2002:a05:6870:b91:b0:1f5:56b2:e502 with SMTP id lg17-20020a0568700b9100b001f556b2e502mr2703084oab.0.1700646430784; Wed, 22 Nov 2023 01:47:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646430; cv=none; d=google.com; s=arc-20160816; b=qXbhmZVzgyxhicbHSN6DF3/Mqcf55RjkAsA0gM7/YTpEXx89lcHpQX7GCeG0pgWjse OgZiRY6elXg7ECkzhF4gmvezh0Cdka/TBtCJpIzdE3mWG7vb3VWcLUzooo3UuBpnVLEK fMuoxOeQ9G+AiwwMRiwQk51U76zb9PYvZylscrRqFEJN7LEX4n3v5CNvVBbI9Agm1IRb DDvBBfjIt0TqUae+ZhdOTIIc48iDZBP+FfvOhyGoLvhj3V48DrgejC0QvsA7rfqZRYd8 NP7O+YOYVOZcLyLsr8LE61C42oAqrYS0H3LuF3PWvwm/BRIWik9Qbj8SXeg8kAN0Rioc 1UjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=dTfoVphkMmVvpDJF2+yr5qTfG4ThDXv19nEGC0eJiI4=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=LtxaRzWv10t9Jl/aZv/PUWAkxVbV9YeOytqaZQ+keh7VWNoN0oKU7LiXxXHk/zed5P vCXMOj4YWU9nYnsQVRzPF+BB3NV0kP4QGtyobpP3nZ67BvOZk4iQnESzQpc510cIHAMk t6gRTM2G7LZ0EiE9dt1sC8rQk4rI0iD8s/D8OExKvTnXqWNU0MNpTiIR8XDS/CLzAC2s ilG605sc+QFKL0G7wSfnVXDcPbpzVRC6d4u8nLcSfZsE0ER2K2I7ir+Qy9m8Rrf9iODQ VHvffx8QZXkEyNy8pDTwPLPsISWWLjo4XsZGbDND7DddWLskEPFm9AyAQUfI4sSzVEiB WVlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CCDro7Jo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id u15-20020a63140f000000b005898b0b851asi11928680pgl.530.2023.11.22.01.47.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CCDro7Jo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 5C8788114EE1; Wed, 22 Nov 2023 01:46:52 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343744AbjKVJqF (ORCPT + 99 others); Wed, 22 Nov 2023 04:46:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343733AbjKVJpj (ORCPT ); Wed, 22 Nov 2023 04:45:39 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A66EDD67 for ; Wed, 22 Nov 2023 01:45:07 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5952CC43395; Wed, 22 Nov 2023 09:45:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646307; bh=wVOlZmCKBUn1jhAhbimvszXVMnUi4v3Lr4IoEItDOBs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=CCDro7JouQ3Wb7ftL82yuN3B5sn74lazOO3cAMtOK6GH2SXVkLKS+Ls4+euuZ/BZ9 d0Itf5FF7PBzbZNWp1TOl5glUhjk7qsABIUeecVHaajClACNOB4FXPUfDBG4QmMxQr t6ITemYbCzbCSH9f+1Gwaz4hI0MGFv6kG4swHP5mlAAw5T4CWQaZJr3TWYl08fVmK4 n7rkJNNHIoDZf6vWLnpGDczTKD09XOfpL3/BAhQcWr1iSGTEId5z52kCD00ZLmbM4O ff2/7uIIOpZ69Ftmi0srAFO8J8ZcjVhhhF2FuvFtXG5uFA/VlpdhES5TGYqk4zULSy J+gI8bXr3IVxQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:28 +0000 Subject: [PATCH v7 18/39] arm64/traps: Handle GCS exceptions MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-18-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=6026; i=broonie@kernel.org; h=from:subject:message-id; bh=wVOlZmCKBUn1jhAhbimvszXVMnUi4v3Lr4IoEItDOBs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0E3ICrmSHwaAjqaVf1FJF/zyEXU93LK20k7 YokMTr6WAKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NBAAKCRAk1otyXVSH 0KxzB/4gPmBtGMVYhHYiouneb0CaF9tVHpcoWEOMsDM5SAo4ONxsRNygZjO8ze0HGXstBrRQ1r4 GHNRMG0fOupLravoefTRskl4NTos7JFpQIqzCDXUFL7jhyVUQqvCO0zrXloM3LHzXSYuaAwA9+n r1JDfXrk8MYDd3W1aeizdTj6qmJsOsQWkzx0f3LzaJ55XYKtMUIQ3ud476aDDIKEx+x756F6X52 m0LXzmpBtHt7wzhYOTYRBOFb7gfQfBhCTf5LICgyFMQBOfX8qSe3MLats9o2ORh3F29flpP8xE+ vkuOX1VnQDO6I9IVjpBimFsiRvjMYdX8JDF6N9ru9NR2hV4P X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:52 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257032084858146 X-GMAIL-MSGID: 1783257032084858146 A new exception code is defined for GCS specific faults other than standard load/store faults, for example GCS token validation failures, add handling for this. These faults are reported to userspace as segfaults with code SEGV_CPERR (protection error), mirroring the reporting for x86 shadow stack errors. GCS faults due to memory load/store operations generate data aborts with a flag set, these will be handled separately as part of the data abort handling. Since we do not currently enable GCS for EL1 we should not get any faults there but while we're at it we wire things up there, treating any GCS fault as fatal. Signed-off-by: Mark Brown --- arch/arm64/include/asm/esr.h | 28 +++++++++++++++++++++++++++- arch/arm64/include/asm/exception.h | 2 ++ arch/arm64/kernel/entry-common.c | 23 +++++++++++++++++++++++ arch/arm64/kernel/traps.c | 11 +++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index ae35939f395b..a87a8305051f 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -51,7 +51,8 @@ #define ESR_ELx_EC_FP_EXC32 (0x28) /* Unallocated EC: 0x29 - 0x2B */ #define ESR_ELx_EC_FP_EXC64 (0x2C) -/* Unallocated EC: 0x2D - 0x2E */ +#define ESR_ELx_EC_GCS (0x2D) +/* Unallocated EC: 0x2E */ #define ESR_ELx_EC_SERROR (0x2F) #define ESR_ELx_EC_BREAKPT_LOW (0x30) #define ESR_ELx_EC_BREAKPT_CUR (0x31) @@ -382,6 +383,31 @@ #define ESR_ELx_MOPS_ISS_SRCREG(esr) (((esr) & (UL(0x1f) << 5)) >> 5) #define ESR_ELx_MOPS_ISS_SIZEREG(esr) (((esr) & (UL(0x1f) << 0)) >> 0) +/* ISS field definitions for GCS */ +#define ESR_ELx_ExType_SHIFT (20) +#define ESR_ELx_ExType_MASK GENMASK(23, 20) +#define ESR_ELx_Raddr_SHIFT (10) +#define ESR_ELx_Raddr_MASK GENMASK(14, 10) +#define ESR_ELx_Rn_SHIFT (5) +#define ESR_ELx_Rn_MASK GENMASK(9, 5) +#define ESR_ELx_Rvalue_SHIFT 5 +#define ESR_ELx_Rvalue_MASK GENMASK(9, 5) +#define ESR_ELx_IT_SHIFT (0) +#define ESR_ELx_IT_MASK GENMASK(4, 0) + +#define ESR_ELx_ExType_DATA_CHECK 0 +#define ESR_ELx_ExType_EXLOCK 1 +#define ESR_ELx_ExType_STR 2 + +#define ESR_ELx_IT_RET 0 +#define ESR_ELx_IT_GCSPOPM 1 +#define ESR_ELx_IT_RET_KEYA 2 +#define ESR_ELx_IT_RET_KEYB 3 +#define ESR_ELx_IT_GCSSS1 4 +#define ESR_ELx_IT_GCSSS2 5 +#define ESR_ELx_IT_GCSPOPCX 6 +#define ESR_ELx_IT_GCSPOPX 7 + #ifndef __ASSEMBLY__ #include diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index ad688e157c9b..99caff458e20 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -57,6 +57,8 @@ void do_el0_undef(struct pt_regs *regs, unsigned long esr); void do_el1_undef(struct pt_regs *regs, unsigned long esr); void do_el0_bti(struct pt_regs *regs); void do_el1_bti(struct pt_regs *regs, unsigned long esr); +void do_el0_gcs(struct pt_regs *regs, unsigned long esr); +void do_el1_gcs(struct pt_regs *regs, unsigned long esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned long esr, struct pt_regs *regs); void do_fpsimd_acc(unsigned long esr, struct pt_regs *regs); diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 0fc94207e69a..52d78ce63a4e 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -429,6 +429,15 @@ static void noinstr el1_bti(struct pt_regs *regs, unsigned long esr) exit_to_kernel_mode(regs); } +static void noinstr el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_kernel_mode(regs); + local_daif_inherit(regs); + do_el1_gcs(regs, esr); + local_daif_mask(); + exit_to_kernel_mode(regs); +} + static void noinstr el1_dbg(struct pt_regs *regs, unsigned long esr) { unsigned long far = read_sysreg(far_el1); @@ -471,6 +480,9 @@ asmlinkage void noinstr el1h_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_BTI: el1_bti(regs, esr); break; + case ESR_ELx_EC_GCS: + el1_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_CUR: case ESR_ELx_EC_SOFTSTP_CUR: case ESR_ELx_EC_WATCHPT_CUR: @@ -650,6 +662,14 @@ static void noinstr el0_mops(struct pt_regs *regs, unsigned long esr) exit_to_user_mode(regs); } +static void noinstr el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + enter_from_user_mode(regs); + local_daif_restore(DAIF_PROCCTX); + do_el0_gcs(regs, esr); + exit_to_user_mode(regs); +} + static void noinstr el0_inv(struct pt_regs *regs, unsigned long esr) { enter_from_user_mode(regs); @@ -732,6 +752,9 @@ asmlinkage void noinstr el0t_64_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_MOPS: el0_mops(regs, esr); break; + case ESR_ELx_EC_GCS: + el0_gcs(regs, esr); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 215e6d7f2df8..fb867c6526a6 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -500,6 +500,16 @@ void do_el1_bti(struct pt_regs *regs, unsigned long esr) die("Oops - BTI", regs, esr); } +void do_el0_gcs(struct pt_regs *regs, unsigned long esr) +{ + force_signal_inject(SIGSEGV, SEGV_CPERR, regs->pc, 0); +} + +void do_el1_gcs(struct pt_regs *regs, unsigned long esr) +{ + die("Oops - GCS", regs, esr); +} + void do_el0_fpac(struct pt_regs *regs, unsigned long esr) { force_signal_inject(SIGILL, ILL_ILLOPN, regs->pc, esr); @@ -838,6 +848,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_MOPS] = "MOPS", [ESR_ELx_EC_FP_EXC32] = "FP (AArch32)", [ESR_ELx_EC_FP_EXC64] = "FP (AArch64)", + [ESR_ELx_EC_GCS] = "Guarded Control Stack", [ESR_ELx_EC_SERROR] = "SError", [ESR_ELx_EC_BREAKPT_LOW] = "Breakpoint (lower EL)", [ESR_ELx_EC_BREAKPT_CUR] = "Breakpoint (current EL)", From patchwork Wed Nov 22 09:42:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168240 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1206991vqb; Wed, 22 Nov 2023 01:46:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IFNkEKGeX7wrYxiQBK/BqT8CX1xeT1GVAfdxaH2A08kJNKPmWXRuBfjHYajbwWD6cdY9urt X-Received: by 2002:a05:6a20:258d:b0:18b:3401:5c56 with SMTP id k13-20020a056a20258d00b0018b34015c56mr3116305pzd.22.1700646419118; Wed, 22 Nov 2023 01:46:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646419; cv=none; d=google.com; s=arc-20160816; b=eb7aZK6Qo0kxIwn9nncU7vBVumyn//Cre13LEzmhBxw5toQfLk0I9uJmwr0hCJUTjA bEoxfvBsy61tOz5l11xAEWpwEeZ6enxWygH/TdxJQ6H6EYUhtm9L7Ngz20dJTO/Q5Seb oiuy7k5bEo9hcek32lJ8OmW49g87MYfY1wuoCib5ZJ8eNJ8YTM9fBKt/By1YctpGXmQ3 BUJrQTwlMQ33H9vAZtdcnKH4AHUWE2ITWYzuWccLAxXUU5wzmJEsx63oIJjFmUs1dQnI M/esN7WIGf1M3eF7/acuTPwb2VzfBL6SawU/k0D39d0LE3E9W44RjghaHvkWLNi3Ri54 lkig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=I9GWmG1KSAG6j6NmhLXBB8A12JAWTxVIAAxeTQpcgyE=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=jtDYS1H2qAelGfGC8l+BLnoTBuFx5XinXD+2ar7j2yeQ1OtMgZLNaDVu2kU3oPr9Ft j49mjxtLEPyDf99sOaISVamgXrls62rVmTiGc21Sw3HxlPVZ+l55JJqHpGjZiYgxoQB6 1uQuQEyhqrWYPVN5qtefYXXj8LSDEuQxXR0EpCIUfmfgwyjr6IwoVcORi8Uo5lDs+Y+P aPeW3E3VWi2Jv6FXoJjmiKovmYuYXYMuE0JlkxjXqROwR3KCMIZrI5OdyRt0MauddPpB /KBAWiDEcR/VR3w0CKTk98QMYZSWAlLlZgVfdp632VRSaKeciXQ/g4DigFSr8ByydcuY AsSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="l/tPHDZN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id w2-20020a056a0014c200b006cb894c66edsi7418939pfu.93.2023.11.22.01.46.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:46:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="l/tPHDZN"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 09AFA81EEBD7; Wed, 22 Nov 2023 01:46:53 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343697AbjKVJqU (ORCPT + 99 others); Wed, 22 Nov 2023 04:46:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343767AbjKVJpu (ORCPT ); Wed, 22 Nov 2023 04:45:50 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1EA3F10D1 for ; Wed, 22 Nov 2023 01:45:15 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BEE1DC433C8; Wed, 22 Nov 2023 09:45:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646314; bh=BzV/RIjxnxMn9VbcnDWXuF4bpk5mXr34eQJiBtwP4NE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=l/tPHDZNixS3bQk2n+SQhubpzTfcvaboniqmwUh/PTbCtGaJTfzsMFW7xRRZgI7QS iDE7cilI1DbJeAIwmDbOwO1mCCxOaIuTdR27BQhkBBc96Q7dT+6aLYUnAWSz4LUfqS wca9ympps1BSiJrViPZBxwqOIYjvs+Cu2pjPu8UHjcTdLxe209jcyhOb8S+92tP93r azGWWAvwK+SVC3z+7QS1CM2oNASn21FY+PMbJs3GDyS8RPf8e/bhbklg09GkGiJIcg hdpXy/Qq3ZPD9ODrfB7CvUWAmiZpuaUPoVHyapkCxoEFHvcrqWe74qnkqE/a3ZRzPR Yb5KCzU8Uh2Xg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:29 +0000 Subject: [PATCH v7 19/39] arm64/mm: Handle GCS data aborts MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-19-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5688; i=broonie@kernel.org; h=from:subject:message-id; bh=BzV/RIjxnxMn9VbcnDWXuF4bpk5mXr34eQJiBtwP4NE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0FZrStz9Xr8Prvr2S0JFwovux2nNPRmOouZ p8eOCwtpimJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NBQAKCRAk1otyXVSH 0NmMB/9iOfF48aW2DH8GfqhVA2m6OttDsfi8udYamecnJPcdti7OK5IEBs6O/7ccnIxI6+Dt8H3 Dm4IDlD9qdSD04W5mGrRffn6p3plw6PmIuzC7gd4iqjAG+6QDVAnQ2vRWkISWgXJ8VojIpu5cJg jETt5f7+meyZpX7Dz6KDygBxHgMpOs4Ua9UmN/yeDU6ZMIpCMGqOljcXee/8Xg5yn2itZwWOs0b MM2K35WGayANmXha1Z1vIME/dVrDqVqaF81BflwSn+dVaBejDxkNnVaECEDo4Y6qvCWsBs1OrYL OSJsoHrfhXZPAVAeHEiCu4/SYLssCMlwH/7uyX4yQ17OTMQx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:46:53 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257019586858679 X-GMAIL-MSGID: 1783257019586858679 All GCS operations at EL0 must happen on a page which is marked as having UnprivGCS access, including read operations. If a GCS operation attempts to access a page without this then it will generate a data abort with the GCS bit set in ESR_EL1.ISS2. EL0 may validly generate such faults, for example due to copy on write which will cause the GCS data to be stored in a read only page with no GCS permissions until the actual copy happens. Since UnprivGCS allows both reads and writes to the GCS (though only through GCS operations) we need to ensure that the memory management subsystem handles GCS accesses as writes at all times. Do this by adding FAULT_FLAG_WRITE to any GCS page faults, adding handling to ensure that invalid cases are identfied as such early so the memory management core does not think they will succeed. The core cannot distinguish between VMAs which are generally writeable and VMAs which are only writeable through GCS operations. EL1 may validly write to EL0 GCS for management purposes (eg, while initialising with cap tokens). We also report any GCS faults in VMAs not marked as part of a GCS as access violations, causing a fault to be delivered to userspace if it attempts to do GCS operations outside a GCS. Signed-off-by: Mark Brown --- arch/arm64/mm/fault.c | 79 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 8 deletions(-) diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c index 460d799e1296..28de0807b4a1 100644 --- a/arch/arm64/mm/fault.c +++ b/arch/arm64/mm/fault.c @@ -494,13 +494,30 @@ static void do_bad_area(unsigned long far, unsigned long esr, } } +/* + * Note: not valid for EL1 DC IVAC, but we never use that such that it + * should fault. EL0 cannot issue DC IVAC (undef). + */ +static bool is_write_abort(unsigned long esr) +{ + return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); +} + +static bool is_gcs_fault(unsigned long esr) +{ + if (!esr_is_data_abort(esr)) + return false; + + return ESR_ELx_ISS2(esr) & ESR_ELx_GCS; +} + #define VM_FAULT_BADMAP ((__force vm_fault_t)0x010000) #define VM_FAULT_BADACCESS ((__force vm_fault_t)0x020000) static vm_fault_t __do_page_fault(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, unsigned int mm_flags, unsigned long vm_flags, - struct pt_regs *regs) + unsigned long esr, struct pt_regs *regs) { /* * Ok, we have a good vm_area for this memory access, so we can handle @@ -510,6 +527,26 @@ static vm_fault_t __do_page_fault(struct mm_struct *mm, */ if (!(vma->vm_flags & vm_flags)) return VM_FAULT_BADACCESS; + + if (vma->vm_flags & VM_SHADOW_STACK) { + /* + * Writes to a GCS must either be generated by a GCS + * operation or be from EL1. + */ + if (is_write_abort(esr) && + !(is_gcs_fault(esr) || is_el1_data_abort(esr))) + return VM_FAULT_BADACCESS; + } else { + /* + * GCS faults should never happen for pages that are + * not part of a GCS and the operation being attempted + * can never succeed. + */ + if (is_gcs_fault(esr)) + return VM_FAULT_BADACCESS; + } + + return handle_mm_fault(vma, addr, mm_flags, regs); } @@ -518,13 +555,18 @@ static bool is_el0_instruction_abort(unsigned long esr) return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW; } -/* - * Note: not valid for EL1 DC IVAC, but we never use that such that it - * should fault. EL0 cannot issue DC IVAC (undef). - */ -static bool is_write_abort(unsigned long esr) +static bool is_invalid_el0_gcs_access(struct vm_area_struct *vma, u64 esr) { - return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM); + if (!system_supports_gcs()) + return false; + if (likely(!(vma->vm_flags & VM_SHADOW_STACK))) { + if (is_gcs_fault(esr)) + return true; + return false; + } + if (is_gcs_fault(esr)) + return false; + return is_write_abort(esr); } static int __kprobes do_page_fault(unsigned long far, unsigned long esr, @@ -573,6 +615,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, /* If EPAN is absent then exec implies read */ if (!alternative_has_cap_unlikely(ARM64_HAS_EPAN)) vm_flags |= VM_EXEC; + /* + * Upgrade read faults to write faults, GCS reads must + * occur on a page marked as GCS so we need to trigger + * copy on write always. + */ + if (is_gcs_fault(esr)) + mm_flags |= FAULT_FLAG_WRITE; } if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) { @@ -594,6 +643,20 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, if (!vma) goto lock_mmap; + /* + * We get legitimate write faults for GCS pages from GCS + * operations, even when the initial operation was a read, as + * a result of upgrading GCS accesses to writes for CoW but + * GCS acceses outside of a GCS must fail. Specifically check + * for this since the mm core isn't able to distinguish + * invalid GCS access from valid ones and will try to resolve + * the fault. + */ + if (is_invalid_el0_gcs_access(vma, esr)) { + vma_end_read(vma); + goto lock_mmap; + } + if (!(vma->vm_flags & vm_flags)) { vma_end_read(vma); goto lock_mmap; @@ -623,7 +686,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr, goto done; } - fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, regs); + fault = __do_page_fault(mm, vma, addr, mm_flags, vm_flags, esr, regs); /* Quick path to respond to signals */ if (fault_signal_pending(fault, regs)) { From patchwork Wed Nov 22 09:42:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168247 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207244vqb; Wed, 22 Nov 2023 01:47:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IF2jOv37hFiGAzlfrRTu7hv9suEbr0izYPCBpExDJOtRLBEs4w0BKfH/PrJUj4f+hs5SLwO X-Received: by 2002:a17:902:eb4b:b0:1ca:362b:166c with SMTP id i11-20020a170902eb4b00b001ca362b166cmr1737075pli.61.1700646457295; Wed, 22 Nov 2023 01:47:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646457; cv=none; d=google.com; s=arc-20160816; b=bmDsyuyZP05QXl+WL+2Bqa3Y0TIKoIEzdYY9yj+VIm5nmavWuRLBh4AQQoBVxiV39q x7859smpAFAUxYYs3bT29ky+kXPgkl6XkDA1+RAbIRJeTYdg50wMeJqDRlHnKstqg7Wq UUKHvFLXH8B1JJgdEUoEihVteXEiReMY6lH8Qb/Xejj6uASqepoPm1ObwDslWUpt6WMW m3706HGIKvlMCPKmv1a2Oeg9Tm75YtQDdqWj71c/jisUoLhXiTSdwkm4EJACZNXBuLlL 66g3PnZV6uFoMzPlBszFovjUFbVk3ivjMYBTJRj2LJ2TfDBKX98X+uB2ZDXdKcdfbJjQ yMgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=OMVGeJMiw8fMaWxcNSDT95DTRXpFwkThaBAazRFpyyM=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=p/u9yxLNPuUm2czjiHEhb3tUVKjCgIS7WawFw3rKfanGPYFo9/eG5M4xtuIdO8sipi QfSdMVJoO2evR6gI3n5mIzYDa7hus0R/wYlWaUPbVgmkB2MrtuIKnMf5ARt2oz0I/US2 G/Ha1Q29NUgOs5Fin0U6q3h/mg78KWW+q+/IbF0zq488wK34u7jTtnZ5hpj3frN26IGc 01dKKcGdsRbJDyCgufhESrv3fGIlfcXoNyy9gaDsXwQoQv/+mneoU0SIRqf5in9qctom 2zQ1F0TPXT5oT8l4w5apfd7j2DwtN+bq87PsdtmSEi4BngEFE6UrUUA+KQRBkYTeqlqa JHeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HdxWHgkS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id p12-20020a170902e74c00b001b8b4330585si96131plf.510.2023.11.22.01.47.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=HdxWHgkS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id E045E80EE799; Wed, 22 Nov 2023 01:47:13 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235360AbjKVJqb (ORCPT + 99 others); Wed, 22 Nov 2023 04:46:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343674AbjKVJp7 (ORCPT ); Wed, 22 Nov 2023 04:45:59 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D01410CA for ; Wed, 22 Nov 2023 01:45:22 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3C129C433CB; Wed, 22 Nov 2023 09:45:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646322; bh=xkbuSU3P8z04kIlYSUCRz7O7y1/tSlbAvMwotpjCBPk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=HdxWHgkSs4SFLRZkLxTS8ApdtxYDE6ESk+4DkzcS0pHqww1toP/eM7xIeE51YKf7C EzB1y2Os8mFSF+wDsb+uqyAg/66WmovXFrqOoptTDEKFyb1gySVSXEoCi5vrCGSwiI eRbT7RoAhPw/YjlpIgZEN8fB1asMEPGD85s5jEW827GiRPesCDVkdMjCuO9lFOZsEf iiD8sK9QKZ8u9RCc7VI0dR7/dDfYEX031t1GbBgRAnjSjFQswZxxbb+FbpQK5yz43v wH5hwTd93/S6DZPtfY3i4+PBSiRrrHqm2TL3rXgRSuvKAMry3V4l9nqY3YN6nfIL6O u7krLo9/TeqsQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:30 +0000 Subject: [PATCH v7 20/39] arm64/gcs: Context switch GCS state for EL0 MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-20-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=6699; i=broonie@kernel.org; h=from:subject:message-id; bh=xkbuSU3P8z04kIlYSUCRz7O7y1/tSlbAvMwotpjCBPk=; b=owGbwMvMwMWocq27KDak/QLjabUkhtTYs6zTqwzUVtu96LM3b9AszJB6vyrzRWA+m/qdvhb9e u2mPQs7GY1ZGBi5GGTFFFnWPstYlR4usXX+o/mvYAaxMoFMYeDiFICJ2B9l/8Pp6iqWpimsUvR4 bUSxv+CVpd/X8V9P8ZV25uqddOa655a5eb+7VuVyPy9PSfQ1dY2Rz9RpNapJ5JjX9Fn1tZqbfGZ 5kJlmofvZqxzV86vzp7gz/p9WsobfUmKG2QWjI2zKyh89K8587T4X+3apRG7wzW13s2sOKy7I1k /vMVogkX2j59CRJc6m6guEvY5+lSrv3HfWJ7pzuc5135zCLddiY8sz/sZlNypdOhF5pUz6o9fDY xP6U2/wPhOfaamiYDPHf+3sriO1J+fLl1ffOLyBy5vpHH+wv8fuDzozzrGl735+wGR9eb3hlssb r//8/qul1mVj0fwG/z2ph7/WT3iyLjRyXxzfPMGy/GnzAA== X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:47:14 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257059215276144 X-GMAIL-MSGID: 1783257059215276144 There are two registers controlling the GCS state of EL0, GCSPR_EL0 which is the current GCS pointer and GCSCRE0_EL1 which has enable bits for the specific GCS functionality enabled for EL0. Manage these on context switch and process lifetime events, GCS is reset on exec(). Also ensure that any changes to the GCS memory are visible to other PEs and that changes from other PEs are visible on this one by issuing a GCSB DSYNC when moving to or from a thread with GCS. Since the current GCS configuration of a thread will be visible to userspace we store the configuration in the format used with userspace and provide a helper which configures the system register as needed. On systems that support GCS we always allow access to GCSPR_EL0, this facilitates reporting of GCS faults if userspace implements disabling of GCS on error - the GCS can still be discovered and examined even if GCS has been disabled. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 24 ++++++++++++++++ arch/arm64/include/asm/processor.h | 6 ++++ arch/arm64/kernel/process.c | 56 ++++++++++++++++++++++++++++++++++++++ arch/arm64/mm/Makefile | 1 + arch/arm64/mm/gcs.c | 39 ++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 7c5e95218db6..04594ef59dad 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -48,4 +48,28 @@ static inline u64 gcsss2(void) return Xt; } +#ifdef CONFIG_ARM64_GCS + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE; +} + +void gcs_set_el0_mode(struct task_struct *task); +void gcs_free(struct task_struct *task); +void gcs_preserve_current_state(void); + +#else + +static inline bool task_gcs_el0_enabled(struct task_struct *task) +{ + return false; +} + +static inline void gcs_set_el0_mode(struct task_struct *task) { } +static inline void gcs_free(struct task_struct *task) { } +static inline void gcs_preserve_current_state(void) { } + +#endif + #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index e5bc54522e71..c28681cf9721 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -179,6 +179,12 @@ struct thread_struct { u64 sctlr_user; u64 svcr; u64 tpidr2_el0; +#ifdef CONFIG_ARM64_GCS + unsigned int gcs_el0_mode; + u64 gcspr_el0; + u64 gcs_base; + u64 gcs_size; +#endif }; static inline unsigned int thread_get_vl(struct thread_struct *thread, diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 7387b68c745b..fd80b43c2969 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -271,12 +272,32 @@ static void flush_tagged_addr_state(void) clear_thread_flag(TIF_TAGGED_ADDR); } +#ifdef CONFIG_ARM64_GCS + +static void flush_gcs(void) +{ + if (!system_supports_gcs()) + return; + + gcs_free(current); + current->thread.gcs_el0_mode = 0; + write_sysreg_s(0, SYS_GCSCRE0_EL1); + write_sysreg_s(0, SYS_GCSPR_EL0); +} + +#else + +static void flush_gcs(void) { } + +#endif + void flush_thread(void) { fpsimd_flush_thread(); tls_thread_flush(); flush_ptrace_hw_breakpoint(current); flush_tagged_addr_state(); + flush_gcs(); } void arch_release_task_struct(struct task_struct *tsk) @@ -474,6 +495,40 @@ static void entry_task_switch(struct task_struct *next) __this_cpu_write(__entry_task, next); } +#ifdef CONFIG_ARM64_GCS + +void gcs_preserve_current_state(void) +{ + if (task_gcs_el0_enabled(current)) + current->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); +} + +static void gcs_thread_switch(struct task_struct *next) +{ + if (!system_supports_gcs()) + return; + + gcs_preserve_current_state(); + + gcs_set_el0_mode(next); + write_sysreg_s(next->thread.gcspr_el0, SYS_GCSPR_EL0); + + /* + * Ensure that GCS changes are observable by/from other PEs in + * case of migration. + */ + if (task_gcs_el0_enabled(current) || task_gcs_el0_enabled(next)) + gcsb_dsync(); +} + +#else + +static void gcs_thread_switch(struct task_struct *next) +{ +} + +#endif + /* * ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT. * Ensure access is disabled when switching to a 32bit task, ensure @@ -533,6 +588,7 @@ struct task_struct *__switch_to(struct task_struct *prev, ssbs_thread_switch(next); erratum_1418040_thread_switch(next); ptrauth_thread_switch_user(next); + gcs_thread_switch(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/mm/Makefile b/arch/arm64/mm/Makefile index dbd1bc95967d..4e7cb2f02999 100644 --- a/arch/arm64/mm/Makefile +++ b/arch/arm64/mm/Makefile @@ -10,6 +10,7 @@ obj-$(CONFIG_TRANS_TABLE) += trans_pgd.o obj-$(CONFIG_TRANS_TABLE) += trans_pgd-asm.o obj-$(CONFIG_DEBUG_VIRTUAL) += physaddr.o obj-$(CONFIG_ARM64_MTE) += mteswap.o +obj-$(CONFIG_ARM64_GCS) += gcs.o KASAN_SANITIZE_physaddr.o += n obj-$(CONFIG_KASAN) += kasan_init.o diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c new file mode 100644 index 000000000000..b0a67efc522b --- /dev/null +++ b/arch/arm64/mm/gcs.c @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include + +#include +#include + +/* + * Apply the GCS mode configured for the specified task to the + * hardware. + */ +void gcs_set_el0_mode(struct task_struct *task) +{ + u64 gcscre0_el1 = GCSCRE0_EL1_nTR; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE) + gcscre0_el1 |= GCSCRE0_EL1_RVCHKEN | GCSCRE0_EL1_PCRSEL; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_WRITE) + gcscre0_el1 |= GCSCRE0_EL1_STREn; + + if (task->thread.gcs_el0_mode & PR_SHADOW_STACK_PUSH) + gcscre0_el1 |= GCSCRE0_EL1_PUSHMEn; + + write_sysreg_s(gcscre0_el1, SYS_GCSCRE0_EL1); +} + +void gcs_free(struct task_struct *task) +{ + if (task->thread.gcs_base) + vm_munmap(task->thread.gcs_base, task->thread.gcs_size); + + task->thread.gcspr_el0 = 0; + task->thread.gcs_base = 0; + task->thread.gcs_size = 0; +} From patchwork Wed Nov 22 09:42:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168242 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207065vqb; Wed, 22 Nov 2023 01:47:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IGOLMc3Go00sx63vr+unQkSirfRmFBJTjFj3m1O0Y1bSe947cffzFS6Wccgd0eMaXiPbQV4 X-Received: by 2002:a05:6870:e0d1:b0:1f9:9ad0:cd3d with SMTP id a17-20020a056870e0d100b001f99ad0cd3dmr105926oab.4.1700646431604; Wed, 22 Nov 2023 01:47:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646431; cv=none; d=google.com; s=arc-20160816; b=PcvmNGA5znNvrhLyKDgqD4tzWSaEajyOqBkI67rwrUxl47/kGZPNqOYQFRyDlwWhyF 9izHsGmPU2yX6XZNavMr7dXiNAwpac/S7szGJBmgg97Bu+WAAI2ThRKylUDgSron0UUW 8F4+XdnSCTg2jDAZzvHTsawiXKRTs15pl7Y7cwfoiFfNQFly48SNOh2tgYZsVpBxPJV/ 4qMGFmnaC9NQbB7qq7zfS3SCA4eGRJsy7gCOPorgVik1SpvfrvCBEqM1ulhgGbBfFMgv muDWIlVAu107hPP/Nj2XePNp9iYD8AUVdXi0N+C9V1gYhrqH0KyfIphOyxpl7JuGTGkL qUCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=vPP0ivvZvNMMnbhuwiLOgwkFhM81YmO5+/+Uo6KwZAo=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=zTD/Q4N7CdTMFoXprsmXFYo5rhb8k0udI5iVbmunPZ90BOhAcHljqIV3glROnyNPUs gh9wr9TDGGHEkqtSIzJsSp0t7VB+yWJQbXn7x1t/BYM2/Jk4Afi7iBMb02aMHtgeAzuZ lV/n7+T8rvRK5TbRdHk1BMOC+FaQyNwEAPnRxP3jWOQjJSmWXqKx/9q3rMQzm+nRCzO4 inqQvCoyyffMtqsC6ZepRXDKxeT7wM2spmKUOoiZdB4FXaRNrlQH+Wt10oL0Oh8T9rWa i3wuynpgWe9Wh2JSw/7LEF3M5zaAkmrRSBQTRILTfQ8cEkUEfLcwlcL3VGnj9SU3rCTO wAag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="J/t21EOt"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id e36-20020a631e24000000b005b8ebaa2937si12522154pge.47.2023.11.22.01.47.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="J/t21EOt"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id B4FD68104994; Wed, 22 Nov 2023 01:47:06 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235374AbjKVJqn (ORCPT + 99 others); Wed, 22 Nov 2023 04:46:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235056AbjKVJqQ (ORCPT ); Wed, 22 Nov 2023 04:46:16 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE8BF10F8 for ; Wed, 22 Nov 2023 01:45:29 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8BBB3C433C7; Wed, 22 Nov 2023 09:45:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646329; bh=p7vhwNE+CJYbXpRAkTVE4uNTVeLjV9vl6fV2mHCV5l8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=J/t21EOtX9LkHO6S2pMhuc938Wc3YdgkYmn0ooGJB+tFn7kn2xaS1fJa9v/tWKi43 ZTDDKJiFXArP+8mEXvmx2sBLcyO6KjFUwilZJ9QSpTmZBHex9DHtV7uGhhjFfTOdHA BFtt+5Y6vqCpuXIYKBUJbZqMwDI8e9aBheS5w/j6wc1DsyC3Z2ID5HtMpFHCoHTcJo rWLQurPTEuIvboKnpuVymwk7QeZNeC8YHWb609HHt82+32TM1oD3/3qoKdGeGwAAaa xy2l0tOR5Nb7hVNhSMufPGx6/Ar5BoHrwMGH9nsGTb2eLlGyS1xBLrlgKhaomAQEKx tYJH4Vzj89TFg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:31 +0000 Subject: [PATCH v7 21/39] arm64/gcs: Allocate a new GCS for threads with GCS enabled MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-21-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5979; i=broonie@kernel.org; h=from:subject:message-id; bh=p7vhwNE+CJYbXpRAkTVE4uNTVeLjV9vl6fV2mHCV5l8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0GtL0+c11OyZaFaNeVlqO8pwcT9Q3SQtGvl DiVL+0NZkSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NBgAKCRAk1otyXVSH 0I5ZB/9ZoJk5A/i0hsPYxTWiFmHCmO/wYkYfWs9TeOH7TaQylRIdkTSuSPmzgHhApbE5QeBZyaU uS997l8TNA33lJJ2js6ybFa7dhO+PFXo/WWqrdncps5Mt7P8IC0Zd/Z4jyBPVQumNeLPc2oJD5D uW83f704kQiGeBYcxmPTNph0Iy2NoFCK2tjIHAQ/zeTosrqitio0MFnrAvbvWNl5t/K3F67Tp6B Bf7jfpqYvIL/b83Z9wbP3/iID7f1dllpQQH5JL/Ig4/pVRu10RPXKm8ia5gAOIBI4b2tXMldcdb 2y5Sqo6qdVr9SvMj0mxKxslcvS7VqlDB4ZvxXeja7O8Ko7EQ X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:47:06 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257032373481317 X-GMAIL-MSGID: 1783257032373481317 When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack. clone3() has been extended to support this case, allowing userspace to explicitly request the size for the GCS to be created, but plain clone() is not extensible and existing clone3() users will not specify a size. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one thread so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 4G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications. GCSs allocated via this mechanism then it will be freed when the thread exits. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 9 ++++++ arch/arm64/kernel/process.c | 25 +++++++++++++++ arch/arm64/mm/gcs.c | 76 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 110 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 04594ef59dad..c1f274fdb9c0 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -8,6 +8,8 @@ #include #include +struct kernel_clone_args; + static inline void gcsb_dsync(void) { asm volatile(".inst 0xd503227f" : : : "memory"); @@ -58,6 +60,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); #else @@ -69,6 +73,11 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } +static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + return -ENOTSUPP; +} #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index fd80b43c2969..588d2bc4b329 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -285,9 +285,29 @@ static void flush_gcs(void) write_sysreg_s(0, SYS_GCSPR_EL0); } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + unsigned long gcs; + + gcs = gcs_alloc_thread_stack(p, args); + if (IS_ERR_VALUE(gcs)) + return PTR_ERR((void *)gcs); + + /* Ensure the current state of the GCS is seen by CoW */ + gcsb_dsync(); + + return 0; +} + #else static void flush_gcs(void) { } +static int copy_thread_gcs(struct task_struct *p, + const struct kernel_clone_args *args) +{ + return 0; +} #endif @@ -369,6 +389,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) unsigned long stack_start = args->stack; unsigned long tls = args->tls; struct pt_regs *childregs = task_pt_regs(p); + int ret; memset(&p->thread.cpu_context, 0, sizeof(struct cpu_context)); @@ -410,6 +431,10 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.uw.tp_value = tls; p->thread.tpidr2_el0 = 0; } + + ret = copy_thread_gcs(p, args); + if (ret != 0) + return ret; } else { /* * A kthread has no context to ERET to, so ensure any buggy diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index b0a67efc522b..0d4881173b5f 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -8,6 +8,82 @@ #include #include +static unsigned long alloc_gcs(unsigned long addr, unsigned long size, + unsigned long token_offset, bool set_res_tok) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long mapped_addr, unused; + + if (addr) + flags |= MAP_FIXED_NOREPLACE; + + mmap_write_lock(mm); + mapped_addr = do_mmap(NULL, addr, size, PROT_READ | PROT_WRITE, flags, + VM_SHADOW_STACK, 0, &unused, NULL); + mmap_write_unlock(mm); + + return mapped_addr; +} + +static unsigned long gcs_size(unsigned long size) +{ + if (size) + return PAGE_ALIGN(size); + + /* Allocate RLIMIT_STACK/2 with limits of PAGE_SIZE..2G */ + size = PAGE_ALIGN(min_t(unsigned long long, + rlimit(RLIMIT_STACK) / 2, SZ_2G)); + return max(PAGE_SIZE, size); +} + +unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) +{ + unsigned long addr, size; + + /* If the user specified a GCS use it. */ + if (args->shadow_stack_size) { + if (!system_supports_gcs()) + return (unsigned long)ERR_PTR(-EINVAL); + + size = args->shadow_stack_size; + + if (size < 8) + return (unsigned long)ERR_PTR(-EINVAL); + + } else { + /* + * Otherwise fall back to legacy clone() support and + * implicitly allocate a GCS if we need a new one. + */ + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(tsk)) + return 0; + + if ((args->flags & (CLONE_VFORK | CLONE_VM)) != CLONE_VM) { + tsk->thread.gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + return 0; + } + + size = args->stack_size; + } + + size = gcs_size(size); + addr = alloc_gcs(0, size, 0, 0); + if (IS_ERR_VALUE(addr)) + return addr; + + tsk->thread.gcs_base = addr; + tsk->thread.gcs_size = size; + tsk->thread.gcspr_el0 = addr + size - sizeof(u64); + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Wed Nov 22 09:42:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168250 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207365vqb; Wed, 22 Nov 2023 01:48:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IFQ1IUx7HXVA9bCIwfVtI93BiPgJK+egAiMCiS0gIcXdQYapYaUNTRkR8cgzxgg0JoZKTEb X-Received: by 2002:a05:6e02:1d09:b0:359:4d54:52f5 with SMTP id i9-20020a056e021d0900b003594d5452f5mr2052788ila.0.1700646483874; Wed, 22 Nov 2023 01:48:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646483; cv=none; d=google.com; s=arc-20160816; b=lxXsaQnIbZJ1eYTBS3+9bY2kQRpw907DryIJfvQvSqdZlHaiACZhjTUUgXRu1QmUfj vgwq0isLWRUs2SlwB5STyQ82rTHwkbkm9r+qv38MU0IkPT/0dJLxvLMgB7JDEtg+bUFu 1kzVg1kTXyt704pzl8McZN+7M+2aJcwWrqN8+Ak7f41tR6UTxOLCthiACL71GU1uynj/ cYsFiO6G/+EsLSlh0hyzy1mQtdN+HXADvj3WrXzIcLr9dNYwQF5/dKX9D5EO4QuZe/X4 rdvG4oE5oP1mmwKO2d1DH16L579DfO/o9rI2bSBzk7A4wovmJli3evgSqeqMMuduBhgr P6+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=Sfm+zGm8gQVD9hEtJsdOIJdLxVtR9XcyUBct7dLRVTw=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=sNHpVSVKEOyIpSPR75VeFT3aCyU0F4AXoAUNlgrnasdkwfYD1bMzISnHIpm2kC3kra 0rxCX4AmkwltbSNbpuak4KjtT3DzjkQUmZYmTTrG1NBsxPJ5j0YeB1v+bCl4YyTVpig4 sIYAc+9lolDp9WVWeC8TDXnAM9+kSahGg82ATxFLm+eWYcs7j3NS6nnTP5fg53iTUej1 M8kHc0wEY7wdg5rZLKxl/24I4XeVuyqOcrX/uRhPZHn4dYAyzNO3rwNu6/653QkNGZ5R weZilGEkT/ONhuVe6TDMn+1e2hMJrvI3jXsobpnoBeqkNN8DhXh3k4k7QXnxDyS3959I 1vng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EpTv0RoK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id q14-20020a63e20e000000b0056f7f18bbfdsi12406754pgh.632.2023.11.22.01.48.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EpTv0RoK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 8C0B680206D4; Wed, 22 Nov 2023 01:47:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235256AbjKVJq5 (ORCPT + 99 others); Wed, 22 Nov 2023 04:46:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343768AbjKVJqW (ORCPT ); Wed, 22 Nov 2023 04:46:22 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45C9C10F2 for ; Wed, 22 Nov 2023 01:45:37 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D60BAC433C9; Wed, 22 Nov 2023 09:45:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646336; bh=x72fc+VK4oqJgPWdK4g1pRbvmyi52iEXFShOF15RYHs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EpTv0RoKA17/YgCmkJvV8UuVMOQQW4ty21K7jgH8A/zDrtvbdpHZTrkYfvOzn+Jrc PH9eCQwcx73OSxmNFKy6ELZOWGHDJDHp0DJAay+QyWiC3TQTN3uXMeyeM6Ok7/BnDh QqagZTyt/OwGcuBf3c5ln+69zT4wXopP+IhTN341xkPTlZ+qaoT1p+o9IVqjmGFiCh Q2mpgFpunOaHVub8T0um/ENHsTvoE9G7IVDz4lazbW0UPSQxbUJXEMd6NA/7iB/2k6 rs4/3VYRT42yIe5Zv6PcFG1LwXPMzzULY2KwPyMGGSbntuGWCJu60ncwjmLo15AQCa BBo0vEZz1QLog== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:32 +0000 Subject: [PATCH v7 22/39] arm64/gcs: Implement shadow stack prctl() interface MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-22-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5675; i=broonie@kernel.org; h=from:subject:message-id; bh=x72fc+VK4oqJgPWdK4g1pRbvmyi52iEXFShOF15RYHs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0HgY785xSQh4xaC5GmEKN/hUf0aNGwZWzsN J+sB9i9FraJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NBwAKCRAk1otyXVSH 0AVEB/9YxdfnJWe4XxsXvdgrnhh9yBgTzfPpy2Cfm+j5T5DjzF64dE8vzpwqEryRhKs6H0GDUgS f3Jbjko6vejw/6rhQCpSZ8l5czU1WZGMsl/06vE7gRABuHVq5MwmtZvHXeUsAHT0lRk7eSUotPZ C/ZwzmQLUgbPJovfzpfOAsLW5P0b/EapVNA2oFIdHZtMM//qhB7pyw6q51/cZ90L6yAuUYN7fyS 0pJ8ll7w0v7j6BQ5KvRe+p08dRCuinUdbs2R5crhSIdKxhW15xbYoFkFVL33HR2qasw0LE/AlOu /tAyjhhLeY0t8V+jk4kMFBDWkGOb4SlNjRsZuVJeFVbOOcUy X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:47:35 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257087443171636 X-GMAIL-MSGID: 1783257087443171636 Implement the architecture neutral prtctl() interface for setting the shadow stack status, this supports setting and reading the current GCS configuration for the current thread. Userspace can enable basic GCS functionality and additionally also support for GCS pushes and arbatrary GCS stores. It is expected that this prctl() will be called very early in application startup, for example by the dynamic linker, and not subsequently adjusted during normal operation. Users should carefully note that after enabling GCS for a thread GCS will become active with no call stack so it is not normally possible to return from the function that invoked the prctl(). State is stored per thread, enabling GCS for a thread causes a GCS to be allocated for that thread. Userspace may lock the current GCS configuration by specifying PR_SHADOW_STACK_ENABLE_LOCK, this prevents any further changes to the GCS configuration via any means. If GCS is not being enabled then all flags other than _LOCK are ignored, it is not possible to enable stores or pops without enabling GCS. When disabling the GCS we do not free the allocated stack, this allows for inspection of the GCS after disabling as part of fault reporting. Since it is not an expected use case and since it presents some complications in determining what to do with previously initialsed data on the GCS attempts to reenable GCS after this are rejected. This can be revisted if a use case arises. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 22 ++++++++++ arch/arm64/include/asm/processor.h | 1 + arch/arm64/mm/gcs.c | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index c1f274fdb9c0..48c97e63e56a 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -50,6 +50,9 @@ static inline u64 gcsss2(void) return Xt; } +#define PR_SHADOW_STACK_SUPPORTED_STATUS_MASK \ + (PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH) + #ifdef CONFIG_ARM64_GCS static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -63,6 +66,20 @@ void gcs_preserve_current_state(void); unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, const struct kernel_clone_args *args); +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + unsigned long cur_val = task->thread.gcs_el0_mode; + + cur_val &= task->thread.gcs_el0_locked; + new_val &= task->thread.gcs_el0_locked; + + if (cur_val != new_val) + return -EBUSY; + + return 0; +} + #else static inline bool task_gcs_el0_enabled(struct task_struct *task) @@ -78,6 +95,11 @@ static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, { return -ENOTSUPP; } +static inline int gcs_check_locked(struct task_struct *task, + unsigned long new_val) +{ + return 0; +} #endif diff --git a/arch/arm64/include/asm/processor.h b/arch/arm64/include/asm/processor.h index c28681cf9721..029d20ea7878 100644 --- a/arch/arm64/include/asm/processor.h +++ b/arch/arm64/include/asm/processor.h @@ -181,6 +181,7 @@ struct thread_struct { u64 tpidr2_el0; #ifdef CONFIG_ARM64_GCS unsigned int gcs_el0_mode; + unsigned int gcs_el0_locked; u64 gcspr_el0; u64 gcs_base; u64 gcs_size; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 0d4881173b5f..315bd698de86 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -113,3 +113,85 @@ void gcs_free(struct task_struct *task) task->thread.gcs_base = 0; task->thread.gcs_size = 0; } + +int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg) +{ + unsigned long gcs, size; + int ret; + + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* Reject unknown flags */ + if (arg & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + ret = gcs_check_locked(task, arg); + if (ret != 0) + return ret; + + /* If we are enabling GCS then make sure we have a stack */ + if (arg & PR_SHADOW_STACK_ENABLE) { + if (!task_gcs_el0_enabled(task)) { + /* Do not allow GCS to be reenabled */ + if (task->thread.gcs_base) + return -EINVAL; + + if (task != current) + return -EBUSY; + + size = gcs_size(0); + gcs = alloc_gcs(task->thread.gcspr_el0, size, + 0, 0); + if (!gcs) + return -ENOMEM; + + task->thread.gcspr_el0 = gcs + size - sizeof(u64); + task->thread.gcs_base = gcs; + task->thread.gcs_size = size; + if (task == current) + write_sysreg_s(task->thread.gcspr_el0, + SYS_GCSPR_EL0); + + } + } + + task->thread.gcs_el0_mode = arg; + if (task == current) + gcs_set_el0_mode(task); + + return 0; +} + +int arch_get_shadow_stack_status(struct task_struct *task, + unsigned long __user *arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + return put_user(task->thread.gcs_el0_mode, arg); +} + +int arch_lock_shadow_stack_status(struct task_struct *task, + unsigned long arg) +{ + if (!system_supports_gcs()) + return -EINVAL; + + if (is_compat_thread(task_thread_info(task))) + return -EINVAL; + + /* + * We support locking unknown bits so applications can prevent + * any changes in a future proof manner. + */ + task->thread.gcs_el0_locked |= arg; + + return 0; +} From patchwork Wed Nov 22 09:42:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168255 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207668vqb; Wed, 22 Nov 2023 01:48:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IHzO81rzt9/gwv2LR5w4vK+y81D18w/GePSTLxEf+77igPA+T32p9IFOKi/HG/eifCdwLL1 X-Received: by 2002:a05:6808:1383:b0:3b8:3e9c:7b6f with SMTP id c3-20020a056808138300b003b83e9c7b6fmr1246387oiw.18.1700646530824; Wed, 22 Nov 2023 01:48:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646530; cv=none; d=google.com; s=arc-20160816; b=xpH+CLaAkMIA4YSG3TLrWYWxjFCsuj6zbvoAOSwjtGSLIaqj6R9ELPR66TCLWAJa1E wT+a7KpHhyHhWqX8X+ZCgX8rl49LZbaO+KGr9N7gEwtzWlS+6qyoFngR7nF69F2E3H1A HvwFduOm06Z10L48oRx1pF/jaBsS8430awAEHICohPrYNj7wux+/rG9DZuZq1ZtFDAus q71ATrSIGPQWN2hIB7igEwI6vAT9MHSVZi7yy/1OsRePJvb+JWPAvypYQJDwBKVQL3pC 3cn78OfVFoumIryKIthZq3kgQPkdJIHe7YzQ3jNNrfPtIZUc8G4ou+Lc0qchfPeTUj0P faTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=AyBaOQ3NkTpOcB9oET87q4a6TvzX+i0b1HDg+2aunOo=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=khzwkaPbbyn2ACFgoS/1GvBAe5pKXI72+clVLOyns7Bdp1DE9t9HGiahmZppGEy+He sAAp50AK1mlP1x9eHlX134xXqs+YqlAoqATcMkabqD61KVZlB8QeqTXf0TenMVN9sjY0 n6sdCcNV/eWxvbqnK/RmNfsaxBN/gxEXH0oF9smeg6f1pxFGD607ww6sWDE3FpNhkM8F /REDAP2qfMsSliJYvT4i1fuxzn9e46Dv8tebpDajhA4IAzSUDI7DjFYSSvGXYr+auV0Z hxDn8wHO+csnJh7bQFDMUZz2yyLjtjX88n8lYN4B4c3Ao5O9rq2j8XM3v0GPm0pocDwV DaQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="K/G00O1W"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id t18-20020a056a0021d200b006cbbd5a2137si3402991pfj.359.2023.11.22.01.48.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="K/G00O1W"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 2CDEA8114EC4; Wed, 22 Nov 2023 01:48:40 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343595AbjKVJrA (ORCPT + 99 others); Wed, 22 Nov 2023 04:47:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60506 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235351AbjKVJqb (ORCPT ); Wed, 22 Nov 2023 04:46:31 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E00619AD for ; Wed, 22 Nov 2023 01:45:45 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FF98C43395; Wed, 22 Nov 2023 09:45:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646345; bh=NWVJpdky41RR5z+76XsSxPAX8JBO81FQgE/78Pibz4I=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=K/G00O1WsBVKAEIul9z7M9wwqUCctNvCWPIaRc94+Gvlyf4ztcyShJLjmynNGk+0B 7hq8h2uawUA22gE15dEZ51ZTQ925UaN/8M9vgcTDnOwWQsuUaff39e7A4k0MYaYQei kbeJ26pPSy+RavFC5jiQzP68OxdewcWNTDUx+97/iR+Wod7dBZrpJhL+zFSllgaOU4 tTAwtGqFpeCW/XVRsAzFRAm4U0v25Q+Vt+EYrKl876crUoM8lp3JjUPcemuqRNmigp osHPuhMKVym0baNytxZlIId5GP3XNo+tBA2/HwMdSZQ13zyKoep+bol7KRP3sZl1Y6 5c5nQ4gyCyVog== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:33 +0000 Subject: [PATCH v7 23/39] arm64/mm: Implement map_shadow_stack() MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-23-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3103; i=broonie@kernel.org; h=from:subject:message-id; bh=NWVJpdky41RR5z+76XsSxPAX8JBO81FQgE/78Pibz4I=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0Ip6PqHo/mfAIYxGDeH30hQhlkTVEtnfk4p U/mjwHwk4uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NCAAKCRAk1otyXVSH 0MvzB/9fzWnM1qf2rhce2NWjEOKbFvvKGljLcOVUTHACXD9yQBR9F7owkcySZ9VXjzQbfvkKGXP 9KBhY9vBnEONt/apYyW01/mhfN+uI9680+VgwQRrwPP2yyMoTRFej/ZISyD4X7zqhOohmgBMTls we4TRIcF7x/2ZIRovz3jyjHZW4De+AalqERXlrJXgUEBHNiMQyi97JE+muLMn0kqMhzS0KM0fqo EUqWgO/phoFoU4p6c8gieIGuKOJ8elT3uUiZAeB+kK2rCc7bZbL9koFjnhS4mYcFlRDToQhQpFv GD6HdRG8hNRI9z4hGkH/MB88HcPqkexmwToLVqmqilFiuS8b X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:40 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257136548376451 X-GMAIL-MSGID: 1783257136548376451 As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page. Implement this for arm64. Two flags are provided, allowing applications to request that the stack be initialised with a valid cap token at the top of the stack and optionally also an end of stack marker above that. We support requesting an end of stack marker alone but since this is a NULL pointer it is indistinguishable from not initialising anything by itself. Since the x86 code has not yet been rebased to v6.5-rc1 this includes the architecture neutral parts of Rick Edgecmbe's "x86/shstk: Introduce map_shadow_stack syscall". Signed-off-by: Mark Brown --- arch/arm64/mm/gcs.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 315bd698de86..02f8f6046c10 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -84,6 +84,67 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, return addr; } +SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) +{ + unsigned long alloc_size; + unsigned long __user *cap_ptr; + unsigned long cap_val; + int ret = 0; + int cap_offset; + + if (!system_supports_gcs()) + return -EOPNOTSUPP; + + if (flags & ~(SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER)) + return -EINVAL; + + if (addr && (addr % PAGE_SIZE)) + return -EINVAL; + + if (size == 8 || size % 8) + return -EINVAL; + + /* + * An overflow would result in attempting to write the restore token + * to the wrong location. Not catastrophic, but just return the right + * error code and block it. + */ + alloc_size = PAGE_ALIGN(size); + if (alloc_size < size) + return -EOVERFLOW; + + addr = alloc_gcs(addr, alloc_size, 0, false); + if (IS_ERR_VALUE(addr)) + return addr; + + /* + * Put a cap token at the end of the allocated region so it + * can be switched to. + */ + if (flags & SHADOW_STACK_SET_TOKEN) { + /* Leave an extra empty frame as a top of stack marker? */ + if (flags & SHADOW_STACK_SET_MARKER) + cap_offset = 2; + else + cap_offset = 1; + + cap_ptr = (unsigned long __user *)(addr + size - + (cap_offset * sizeof(unsigned long))); + cap_val = GCS_CAP(cap_ptr); + + put_user_gcs(cap_val, cap_ptr, &ret); + if (ret != 0) { + vm_munmap(addr, size); + return -EFAULT; + } + + /* Ensure the new cap is viaible for GCS */ + gcsb_dsync(); + } + + return addr; +} + /* * Apply the GCS mode configured for the specified task to the * hardware. From patchwork Wed Nov 22 09:42:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168248 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207280vqb; Wed, 22 Nov 2023 01:47:43 -0800 (PST) X-Google-Smtp-Source: AGHT+IEY1wFVEeSy60cQJcET/79l3lyJeUSp9Hs00lVaF5yzuyiyeOa0DKuwMBUgE/0JD8GjfTQb X-Received: by 2002:a05:6a20:441a:b0:18a:d4ea:1678 with SMTP id ce26-20020a056a20441a00b0018ad4ea1678mr2806640pzb.15.1700646463233; Wed, 22 Nov 2023 01:47:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646463; cv=none; d=google.com; s=arc-20160816; b=X5lDrQ93xtud4v9fB99WPJFEJkgkH6Zw7sevy8hTWuI/xK27dFkRi7gtJiSnh0MgAW 6mMQfvAGUnGEHZ68YtJtA0xDrdOhU+MyXCzWWgGbl7FcDRs5sBJUXZCKeEDNT926U/+6 P4PFtNPvQ7fe0YIx5DOtGw8DNQwi83bnsM8n+1Uh3nBaELjNvqgk3oZWDGmIFh2HH8ky xxEPlhPuxDIpWryzbZfRusx7L+XQO2ti6lrcJinKWFUPST5MyKjPuVAcoYBwQTvbJF8Z uWz0TnZ/5yjvGA0A+5ljPyZSfFslxtPpvE+p/vS6YRf3MZCh/50J8gPqudtugMqtU/El sGEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=TQXMdHVoTmLA5Q3fomDDtlfqXWGUedrm0qb0+CB2cYg=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=ztlTRIr2I6fqTE7+8uIiX9zNlMbUH3On/4377k8lz02qNX/PvMQJ7f8wQQbAAw4bb4 J0PvQZZVqzLTff3OJDov1JaaMkUvl2uluAOONN19zKhkjqlxBVCZ56eoEhrE06TMdIBU NXl/fWGd/WVgY7eNqSN7iBVwzOaVuwVvZmKaOlyyYB22L6+D4igey0aVF8t+6hif0OuJ uptbHLZs/4kPt+uM45LX4Z3tODy3vRuHTBQfUNMGSgaXxFZzG8uV0Chy+3qKtfh33E92 FC0yCaQFnLWj33w5nqdOQJbXfEoRJSSjKBWnxI8B7sDryBXZOE/FPr1F2elNNAVWFuQj TJ3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U4bwvIok; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id fj31-20020a056a003a1f00b0068fe12b361dsi12466464pfb.249.2023.11.22.01.47.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:47:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=U4bwvIok; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 9883F8163C25; Wed, 22 Nov 2023 01:47:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343656AbjKVJrT (ORCPT + 99 others); Wed, 22 Nov 2023 04:47:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235332AbjKVJqq (ORCPT ); Wed, 22 Nov 2023 04:46:46 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB793D49 for ; Wed, 22 Nov 2023 01:45:55 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8647C433C7; Wed, 22 Nov 2023 09:45:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646355; bh=JSMKZVTb8W/3p+ZC0+L/d3j69dhWO4dnKUlZwbrdLaI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=U4bwvIokG8EBOx6vV6+qI7PoxqEUT6THnfDrDq1mSrjFlRQnyk3mldrsV93A4RKJa Ab8+infWBXCxq3HWoxF+Rgts7qb5Vr9GbzdBdzX/QP4QpKQkQ/2QSTT6x6sIwYWirn BLgVCFQxL/e9dcHNNRJqWIJv1XpTSq+v9BRpNLM63JBxA/EL4GPQZ+FSB1yvjDF/tE jRAhvJCYRVY545coOpYO4b6zCpWJhzoa76at3Ag5n/yOKCf71oXBG5yOJ99685CWe+ jTWgch4JvU7mTRWUWV7ZCIyXqDxDJmYJXJkS661Flns6yYwdYHYwa9X38FpoqqL1K+ j2c9XuOOQDc9Q== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:34 +0000 Subject: [PATCH v7 24/39] arm64/signal: Set up and restore the GCS context for signal handlers MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-24-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7224; i=broonie@kernel.org; h=from:subject:message-id; bh=JSMKZVTb8W/3p+ZC0+L/d3j69dhWO4dnKUlZwbrdLaI=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0JNdS11sr/Hjge1PGfZqER4xUAoTpU9oiaf FJ+aEPK/b+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NCQAKCRAk1otyXVSH 0BhgB/9wTBjvZo5XENLoyEPM8e1KArN74mpxK9+U6onYgUXq7Hkos33gETCBKyt4RZgN1HezEtY KP/9WhVc+tZTxnGd6ycY8s+k7os236QxAWzAgt/ivN+S9uYY0GTGs0l9VE9Nz9kHLzFLIy0SttB w2sViEpIqU8+ewskH7BJA6S4qgEFx4XmvWi/sr1O3Opj6EqosGlFI4l2VkWKqWEvBydESKE9HQB 1pTNOoiYU+pTtqjt/ghPMIK0/A/yUfohxaYdvnuvApLKrxOk2qwBGsNyvzT4aNk/qMgbw5OZ/JV aX1ofsQjx23b5yhe9sX8DOrhH8LfB7WGT1kAxw1at/EmK8q0 X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:47:35 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257065739435129 X-GMAIL-MSGID: 1783257065739435129 When invoking a signal handler we use the GCS configuration and stack for the current thread. Since we implement signal return by calling the signal handler with a return address set up pointing to a trampoline in the vDSO we need to also configure any active GCS for this by pushing a frame for the trampoline onto the GCS. If we do not do this then signal return will generate a GCS protection fault. In order to guard against attempts to bypass GCS protections via signal return we only allow returning with GCSPR_EL0 pointing to an address where it was previously preempted by a signal. We do this by pushing a cap onto the GCS, this takes the form of an architectural GCS cap token with the top bit set and token type of 0 which we add on signal entry and validate and pop off on signal return. The combination of the top bit being set and the token type mean that this can't be interpreted as a valid token or address. Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 1 + arch/arm64/kernel/signal.c | 129 +++++++++++++++++++++++++++++++++++++++++-- arch/arm64/mm/gcs.c | 1 + 3 files changed, 126 insertions(+), 5 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index 48c97e63e56a..f50660603ecf 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -9,6 +9,7 @@ #include struct kernel_clone_args; +struct ksignal; static inline void gcsb_dsync(void) { diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 0e8beb3349ea..b5dff91274fb 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #include @@ -34,6 +35,37 @@ #include #include +#ifdef CONFIG_ARM64_GCS +/* Extra bit set in the address distinguishing a signal cap token. */ +#define GCS_SIGNAL_CAP_FLAG BIT(63) + +#define GCS_SIGNAL_CAP(addr) ((((unsigned long)addr) & GCS_CAP_ADDR_MASK) | \ + GCS_SIGNAL_CAP_FLAG) + +static bool gcs_signal_cap_valid(u64 addr, u64 val) +{ + /* + * The top bit should be set, this is an invalid address for + * EL0 and will only be set for caps created by signals. + */ + if (!(val & GCS_SIGNAL_CAP_FLAG)) + return false; + + /* The rest should be a standard architectural cap token. */ + val &= ~GCS_SIGNAL_CAP_FLAG; + + /* The cap must have the low bits set to a token value */ + if (GCS_CAP_TOKEN(val) != 0) + return false; + + /* The cap must store the VA the cap was stored at */ + if (GCS_CAP_ADDR(addr) != GCS_CAP_ADDR(val)) + return false; + + return true; +} +#endif + /* * Do a signal return; undo the signal stack. These are aligned to 128-bit. */ @@ -815,6 +847,45 @@ static int restore_sigframe(struct pt_regs *regs, return err; } +#ifdef CONFIG_ARM64_GCS +static int gcs_restore_signal(void) +{ + u64 gcspr_el0, cap; + int ret; + + if (!system_supports_gcs()) + return 0; + + if (!(current->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return 0; + + gcspr_el0 = read_sysreg_s(SYS_GCSPR_EL0); + + /* + * GCSPR_EL0 should be pointing at a capped GCS, read the cap... + */ + gcsb_dsync(); + ret = copy_from_user(&cap, (__user void*)gcspr_el0, sizeof(cap)); + if (ret) + return -EFAULT; + + /* + * ...then check that the cap is the actual GCS before + * restoring it. + */ + if (!gcs_signal_cap_valid(gcspr_el0, cap)) + return -EINVAL; + + current->thread.gcspr_el0 = gcspr_el0 + sizeof(cap); + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else +static int gcs_restore_signal(void) { return 0; } +#endif + SYSCALL_DEFINE0(rt_sigreturn) { struct pt_regs *regs = current_pt_regs(); @@ -841,6 +912,9 @@ SYSCALL_DEFINE0(rt_sigreturn) if (restore_altstack(&frame->uc.uc_stack)) goto badframe; + if (gcs_restore_signal()) + goto badframe; + return regs->regs[0]; badframe: @@ -1071,7 +1145,50 @@ static int get_sigframe(struct rt_sigframe_user_layout *user, return 0; } -static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, +#ifdef CONFIG_ARM64_GCS + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + unsigned long __user *gcspr_el0; + int ret = 0; + + if (!system_supports_gcs()) + return 0; + + if (!task_gcs_el0_enabled(current)) + return 0; + + /* + * We are entering a signal handler, current register state is + * active. + */ + gcspr_el0 = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0); + + /* + * Push a cap and the GCS entry for the trampoline onto the GCS. + */ + put_user_gcs((unsigned long)sigtramp, gcspr_el0 - 2, &ret); + put_user_gcs(GCS_SIGNAL_CAP(gcspr_el0 - 1), gcspr_el0 - 1, &ret); + if (ret != 0) + return ret; + + gcsb_dsync(); + + gcspr_el0 -= 2; + write_sysreg_s((unsigned long)gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} +#else + +static int gcs_signal_entry(__sigrestore_t sigtramp, struct ksignal *ksig) +{ + return 0; +} + +#endif + +static int setup_return(struct pt_regs *regs, struct ksignal *ksig, struct rt_sigframe_user_layout *user, int usig) { __sigrestore_t sigtramp; @@ -1079,7 +1196,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[0] = usig; regs->sp = (unsigned long)user->sigframe; regs->regs[29] = (unsigned long)&user->next_frame->fp; - regs->pc = (unsigned long)ka->sa.sa_handler; + regs->pc = (unsigned long)ksig->ka.sa.sa_handler; /* * Signal delivery is a (wacky) indirect function call in @@ -1119,12 +1236,14 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); } - if (ka->sa.sa_flags & SA_RESTORER) - sigtramp = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + sigtramp = ksig->ka.sa.sa_restorer; else sigtramp = VDSO_SYMBOL(current->mm->context.vdso, sigtramp); regs->regs[30] = (unsigned long)sigtramp; + + return gcs_signal_entry(sigtramp, ksig); } static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, @@ -1147,7 +1266,7 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); err |= setup_sigframe(&user, regs, set); if (err == 0) { - setup_return(regs, &ksig->ka, &user, usig); + err = setup_return(regs, ksig, &user, usig); if (ksig->ka.sa.sa_flags & SA_SIGINFO) { err |= copy_siginfo_to_user(&frame->info, &ksig->info); regs->regs[1] = (unsigned long)&frame->info; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 02f8f6046c10..6f51429c5a46 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -6,6 +6,7 @@ #include #include +#include #include static unsigned long alloc_gcs(unsigned long addr, unsigned long size, From patchwork Wed Nov 22 09:42:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168257 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207888vqb; Wed, 22 Nov 2023 01:49:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IF2Abi3Y52O3Wsi7TFWPKcz/sYOGR7FqZOGJ+oysfqr6ixtnmOdM6NnuXBya1DiyQJyN+Pe X-Received: by 2002:aca:1919:0:b0:3ae:5c36:99b2 with SMTP id l25-20020aca1919000000b003ae5c3699b2mr1910269oii.55.1700646566888; Wed, 22 Nov 2023 01:49:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646566; cv=none; d=google.com; s=arc-20160816; b=zztmctvmOYYY+soLydCHeqnPMQVy3qL8MPT4Samvv2RfwBv/f1GB4Y32iTlaMi77/3 j3vNC96rXTBrFxv9+EPaWZOzQngxX7UW7drBLzaRpbIIfhIsCmzEzZxRcTXyep9Y8iL7 qpws67oj8F1i1Q9j71NaOLRSiJdPdayacYw/M0/SbIl4KMYxjQMNize7SiTlD1J8bGMq mBrn2n+wIuASOSgqfd1E7UkW06utu4LELWepGBfSKmrUA4yPZMSZo9n+awemAHlkgdoz 8r8tHWEvvYuUwRo17MqcEQBnz4bvcLUj6XgyD+0OU2HBCfO67psE1+7hshrDP3GAmn8o CSkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=kUdewf5TeEI+0UiBru498KG2Xvb/Y79qEfeBgcbbr8Y=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=ripkDcSnqDnQc3Jaq2uGMecnQPNEuR37YsxM+QCNuV7x6NNn75IfeU7LbzD0CH5Sp/ P3LKG2sGb9UcCElJgD51ZV99TVs9ec3ChYNipIH1pUE6ZIYP3NVojOeviFWB8s+YMvo2 KZ84qPwsOlKX/YPoNjGVmFGSaFa+zDyvyDwBwbz5L0yvKesmn32QMGkUAZJ9rTfn0JRT Z6Aolf2v3miB/3UxvsuHpzYPQ9NoNDqbW+bf77g+vXpYMO1oejkSm8Ho3lTzPm1iVLl0 8RNoOIOlLYMBcZcqzO8tHAxNVafpt8YLJ/lot4d8A4wI6HI5VuWIwxTIKjMdcBDJraCK TZAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fKnWI82w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id f35-20020a635123000000b005c1b58a321asi12633956pgb.411.2023.11.22.01.49.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:49:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fKnWI82w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id B95358114ECF; Wed, 22 Nov 2023 01:49:14 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343780AbjKVJrc (ORCPT + 99 others); Wed, 22 Nov 2023 04:47:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343677AbjKVJrC (ORCPT ); Wed, 22 Nov 2023 04:47:02 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4236E1BFB for ; Wed, 22 Nov 2023 01:46:05 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0329AC433C9; Wed, 22 Nov 2023 09:45:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646365; bh=OmIISmzme0R4+ZZhAdBzRBNSULPhQIu1MUcvbR0SztM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fKnWI82whn0XtZdXkPreiufY8bmPTbg/EhFaJf6C45E2ClZ6Xv2Zhoc7zg0gpoeKF brXoGKtIf3FI21RXrD8eJdIK6zfz+RvJtBibK7z+vO32SdMZw0j02YzIsdu8hFM69t k5vymDvbbKl+So6XOiIp2P1QrhzMC8diEO4SkAXIaJT+8b/RFjhLN8r5ZCcg8ozxox s3ru+GLB8ogDtroFfmq7CVBeUd55pS39+ibUDo4S0B5qsBQA+/XTrb4PzFS9Fcq58F qp9aZp7TCaLSSPxRfKqFXEemhscbubzUQLAS4H3J2bluTM/10+9X4yKtBNgwLSoSrv DEQ1osdYiB55g== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:35 +0000 Subject: [PATCH v7 25/39] arm64/signal: Expose GCS state in signal frames MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-25-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=5977; i=broonie@kernel.org; h=from:subject:message-id; bh=OmIISmzme0R4+ZZhAdBzRBNSULPhQIu1MUcvbR0SztM=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0JHIYxL2UrB1tx7MSl6aRe7ZhUp/W9tRbtj gsL6qbyLg6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NCQAKCRAk1otyXVSH 0ItlB/97EBZweJSTZu8YX5Q8kOJfn4Y40tfmiBjCNZTMEzx/rxeR5DJ2uOALUItLzFzYwbr7xXt wlujHSBFfUEgz0xA9ogYtQECmdVjCE/1BTflw4B4J9zHnKw44v3FiJJJ4dLxTsH7E2+7s250vqt YKDkAz/HyNgSwVgfXy1zwlwovNqebe6+TENHaZPYUSn5eb5Yfm/ZX1+3AZQ35aDuvaAvvw5w0H9 EOdFTsc5+LnecbmGHXGtOqbJCISKXhAQDlvu6GklYlCoex0A0rt9J1XZJz3zxYcZvNiJUG45SgD WDFtGSLC6tHpbS+rC3B+RRoHZwnU+qXse8UzLqUFOyrB50aY X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:49:15 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257174121238523 X-GMAIL-MSGID: 1783257174121238523 Add a context for the GCS state and include it in the signal context when running on a system that supports GCS. We reuse the same flags that the prctl() uses to specify which GCS features are enabled and also provide the current GCS pointer. We do not support enabling GCS via signal return, there is a conflict between specifying GCSPR_EL0 and allocation of a new GCS and this is not an ancticipated use case. We also enforce GCS configuration locking on signal return. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/sigcontext.h | 9 +++ arch/arm64/kernel/signal.c | 107 +++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/arch/arm64/include/uapi/asm/sigcontext.h b/arch/arm64/include/uapi/asm/sigcontext.h index f23c1dc3f002..7b66d245f2d2 100644 --- a/arch/arm64/include/uapi/asm/sigcontext.h +++ b/arch/arm64/include/uapi/asm/sigcontext.h @@ -168,6 +168,15 @@ struct zt_context { __u16 __reserved[3]; }; +#define GCS_MAGIC 0x47435300 + +struct gcs_context { + struct _aarch64_ctx head; + __u64 gcspr; + __u64 features_enabled; + __u64 reserved; +}; + #endif /* !__ASSEMBLY__ */ #include diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index b5dff91274fb..7ff775495f3e 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -88,6 +88,7 @@ struct rt_sigframe_user_layout { unsigned long fpsimd_offset; unsigned long esr_offset; + unsigned long gcs_offset; unsigned long sve_offset; unsigned long tpidr2_offset; unsigned long za_offset; @@ -214,6 +215,8 @@ struct user_ctxs { u32 za_size; struct zt_context __user *zt; u32 zt_size; + struct gcs_context __user *gcs; + u32 gcs_size; }; static int preserve_fpsimd_context(struct fpsimd_context __user *ctx) @@ -606,6 +609,82 @@ extern int restore_zt_context(struct user_ctxs *user); #endif /* ! CONFIG_ARM64_SME */ +#ifdef CONFIG_ARM64_GCS + +static int preserve_gcs_context(struct gcs_context __user *ctx) +{ + int err = 0; + u64 gcspr; + + /* + * We will add a cap token to the frame, include it in the + * GCSPR_EL0 we report to support stack switching via + * sigreturn. + */ + gcs_preserve_current_state(); + gcspr = current->thread.gcspr_el0; + if (task_gcs_el0_enabled(current)) + gcspr -= 8; + + __put_user_error(GCS_MAGIC, &ctx->head.magic, err); + __put_user_error(sizeof(*ctx), &ctx->head.size, err); + __put_user_error(gcspr, &ctx->gcspr, err); + __put_user_error(current->thread.gcs_el0_mode, + &ctx->features_enabled, err); + + return err; +} + +static int restore_gcs_context(struct user_ctxs *user) +{ + u64 gcspr, enabled; + int err = 0; + + if (user->gcs_size != sizeof(*user->gcs)) + return -EINVAL; + + __get_user_error(gcspr, &user->gcs->gcspr, err); + __get_user_error(enabled, &user->gcs->features_enabled, err); + if (err) + return err; + + /* Don't allow unknown modes */ + if (enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + err = gcs_check_locked(current, enabled); + if (err != 0) + return err; + + /* Don't allow enabling */ + if (!task_gcs_el0_enabled(current) && + (enabled & PR_SHADOW_STACK_ENABLE)) + return -EINVAL; + + /* If we are disabling disable everything */ + if (!(enabled & PR_SHADOW_STACK_ENABLE)) + enabled = 0; + + current->thread.gcs_el0_mode = enabled; + + /* + * We let userspace set GCSPR_EL0 to anything here, we will + * validate later in gcs_restore_signal(). + */ + current->thread.gcspr_el0 = gcspr; + write_sysreg_s(current->thread.gcspr_el0, SYS_GCSPR_EL0); + + return 0; +} + +#else /* ! CONFIG_ARM64_GCS */ + +/* Turn any non-optimised out attempts to use these into a link error: */ +extern int preserve_gcs_context(void __user *ctx); +extern int restore_gcs_context(struct user_ctxs *user); + +#endif /* ! CONFIG_ARM64_GCS */ + static int parse_user_sigframe(struct user_ctxs *user, struct rt_sigframe __user *sf) { @@ -622,6 +701,7 @@ static int parse_user_sigframe(struct user_ctxs *user, user->tpidr2 = NULL; user->za = NULL; user->zt = NULL; + user->gcs = NULL; if (!IS_ALIGNED((unsigned long)base, 16)) goto invalid; @@ -716,6 +796,17 @@ static int parse_user_sigframe(struct user_ctxs *user, user->zt_size = size; break; + case GCS_MAGIC: + if (!system_supports_gcs()) + goto invalid; + + if (user->gcs) + goto invalid; + + user->gcs = (struct gcs_context __user *)head; + user->gcs_size = size; + break; + case EXTRA_MAGIC: if (have_extra_context) goto invalid; @@ -835,6 +926,9 @@ static int restore_sigframe(struct pt_regs *regs, err = restore_fpsimd_context(&user); } + if (err == 0 && system_supports_gcs() && user.gcs) + err = restore_gcs_context(&user); + if (err == 0 && system_supports_tpidr2() && user.tpidr2) err = restore_tpidr2_context(&user); @@ -949,6 +1043,13 @@ static int setup_sigframe_layout(struct rt_sigframe_user_layout *user, return err; } + if (system_supports_gcs()) { + err = sigframe_alloc(user, &user->gcs_offset, + sizeof(struct gcs_context)); + if (err) + return err; + } + if (system_supports_sve() || system_supports_sme()) { unsigned int vq = 0; @@ -1042,6 +1143,12 @@ static int setup_sigframe(struct rt_sigframe_user_layout *user, __put_user_error(current->thread.fault_code, &esr_ctx->esr, err); } + if (system_supports_gcs() && err == 0 && user->gcs_offset) { + struct gcs_context __user *gcs_ctx = + apply_user_offset(user, user->gcs_offset); + err |= preserve_gcs_context(gcs_ctx); + } + /* Scalable Vector Extension state (including streaming), if present */ if ((system_supports_sve() || system_supports_sme()) && err == 0 && user->sve_offset) { From patchwork Wed Nov 22 09:42:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168251 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207377vqb; Wed, 22 Nov 2023 01:48:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IHLY3C8rH/ry+8JFsVMBdDSi4FU6WLSj8HpRXlhOb75Ejwt2SsNNLrXXAk9+50412xJXpjB X-Received: by 2002:a17:903:32c7:b0:1cf:51c5:d427 with SMTP id i7-20020a17090332c700b001cf51c5d427mr1980079plr.65.1700646485563; Wed, 22 Nov 2023 01:48:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646485; cv=none; d=google.com; s=arc-20160816; b=Ckri22bBIzOALuH3WQILXTn1XwwnN77xqwnAQWMQv3XPTtGZFqAuzJKanhzLfDBb0E NJi2FygcncfA01sHCxkj9o7Dd63iz2QUxixVVojEi5faDtLaIBzL+RShSNWuXHVxGPUJ 4NJC0ePdUPu26yFDEvVA5Lc0k9R0mJjQGPeLShtSRGH5TbbUfYLNe7E27iOy3x40enoK NhpBna0A6O88gLFSzT1H8nMAndH6co8eSgSaOcEnWiEI8Lxx0JzsqyMG2VUdTYYdU2Y7 LG4vlEaN+nFu16+jCXNCmXKQBbjyFC1LBXwmwV4am5XuIs7Xl8uwrVbmnvOuB4T4JKzJ 2PCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=nGowsrdBIlCMrQN6IvwN6mQelvaNZeDEi5rXdHlD8sI=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=XKTcQzlTowimm3RMfKfQE302dnXw4VQDfmFIj/fAcjHpKGKBBySMEyENkSHn/DRh3E q0OMpV83tG1uoseEgiyHsLTO1K0OEfNQPmy85l11Oll+QS5+ehHCWoAaL6H1Y+ywvRPN 2MHCuTTkZt09PzeDpMkpsS+09ICO+wIv86j3upbbMfH4VqJyuq0GapoabsaiTbcjnth3 gsoHA5qpKX9DP3VbBjXJn3J6E5THLNJwVepUVXWasXTSgTFqF5EsuaiNaLAl2VyBNhdq aemaT6WJeoclOwy1wjMx+5cPDrF5nVlF6abLnRy2AucUm9goBa9DNXRqEAPZDM97GZdl UV6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bO+EDdYB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id k3-20020a170902c40300b001c5de4a5b4esi13282243plk.597.2023.11.22.01.48.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bO+EDdYB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id C74B581F3321; Wed, 22 Nov 2023 01:48:02 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343709AbjKVJrp (ORCPT + 99 others); Wed, 22 Nov 2023 04:47:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343683AbjKVJrT (ORCPT ); Wed, 22 Nov 2023 04:47:19 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 938E9D7F for ; Wed, 22 Nov 2023 01:46:14 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF243C433CC; Wed, 22 Nov 2023 09:46:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646374; bh=bFlT5/awvXTof78KkT1d+gL2ROO+ZrM5pYa3JBpSrio=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bO+EDdYB5VGZElKlGYPJaeuv0B0743DFAhHLmHDfS9M0pJeWV2FZLMZufVNyS02Pn 3CVj+UIACeUO0f8m2Lax3vNWcBPC8/DXe9LIx5KIVvKh55IiqceB7ZxMI+nUQmZ7OC 9NSrb2VB37RIVzuPiya49btFNT5kYwkg9iWQhaTiLYeLBPnfJa9WNUXAxK6tCfuIuG /U7dh9bY2lHlTjRUkVkSUempfu0xOSDHy3z8PJ8jM0rf6MWntWPo6zSBbbaP2v7EzY fu1GvOiR2woyzqDToJtuvf52Q5ny48mcXnET+shaTjYgo1uLZ/+ZJOVvrWLFKxw8uB 8F6iv99DT2QAw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:36 +0000 Subject: [PATCH v7 26/39] arm64/ptrace: Expose GCS via ptrace and core files MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-26-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=4259; i=broonie@kernel.org; h=from:subject:message-id; bh=bFlT5/awvXTof78KkT1d+gL2ROO+ZrM5pYa3JBpSrio=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0KraBhWo8Yu9TsgTVu/cTEFTnLR7d01WQ+/ 8pSUITq4fKJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NCgAKCRAk1otyXVSH 0E7dB/9HiqI+MMrMcBA7CHdbJrqryaQT8IGaG8oX639MqYezbjknfbchZggQZNm1U2FGnXbkzku R87sUnYn3bidqmXKt+kRRarvJZZQ8COkGq8aRjZid/yhSg7PXgkZx3llJdei8n5JgyhBt1KVlIv bSltKZCWQZdAXrB8J6PGZJGxfOqwbBkIIQZIEF+IoBgpwOHcag9PjYwiQ5e1xIKqtcYTzkqIUuI 0Ob0Q9V/CR3tpxTzo766EQy7Y7M+yQ3nijDLSrpclfVRXwydQMDiiFr8+psvaol5E43QTIEpwpF YFDWWKN2iQqVHZm3hxklP8V2dgmJ6RHM8XFM5BCIkCQa89Qv X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:02 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257089441387192 X-GMAIL-MSGID: 1783257089441387192 Provide a new register type NT_ARM_GCS reporting the current GCS mode and pointer for EL0. Due to the interactions with allocation and deallocation of Guarded Control Stacks we do not permit any changes to the GCS mode via ptrace, only GCSPR_EL0 may be changed. Signed-off-by: Mark Brown --- arch/arm64/include/uapi/asm/ptrace.h | 8 +++++ arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 68 insertions(+) diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7fa2f7036aa7..0f39ba4f3efd 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -324,6 +324,14 @@ struct user_za_header { #define ZA_PT_SIZE(vq) \ (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq)) +/* GCS state (NT_ARM_GCS) */ + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; + #endif /* __ASSEMBLY__ */ #endif /* _UAPI__ASM_PTRACE_H */ diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 20d7ef82de90..f15b8e33561e 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -1409,6 +1410,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct } #endif +#ifdef CONFIG_ARM64_GCS +static int gcs_get(struct task_struct *target, + const struct user_regset *regset, + struct membuf to) +{ + struct user_gcs user_gcs; + + if (target == current) + gcs_preserve_current_state(); + + user_gcs.features_enabled = target->thread.gcs_el0_mode; + user_gcs.features_locked = target->thread.gcs_el0_locked; + user_gcs.gcspr_el0 = target->thread.gcspr_el0; + + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); +} + +static int gcs_set(struct task_struct *target, const struct + user_regset *regset, unsigned int pos, + unsigned int count, const void *kbuf, const + void __user *ubuf) +{ + int ret; + struct user_gcs user_gcs; + + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); + if (ret) + return ret; + + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) + return -EINVAL; + + /* Do not allow enable via ptrace */ + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) + return -EBUSY; + + target->thread.gcs_el0_mode = user_gcs.features_enabled; + target->thread.gcs_el0_locked = user_gcs.features_locked; + target->thread.gcspr_el0 = user_gcs.gcspr_el0; + + return 0; +} +#endif + enum aarch64_regset { REGSET_GPR, REGSET_FPR, @@ -1437,6 +1483,9 @@ enum aarch64_regset { #ifdef CONFIG_ARM64_TAGGED_ADDR_ABI REGSET_TAGGED_ADDR_CTRL, #endif +#ifdef CONFIG_ARM64_GCS + REGSET_GCS, +#endif }; static const struct user_regset aarch64_regsets[] = { @@ -1587,6 +1636,16 @@ static const struct user_regset aarch64_regsets[] = { .set = tagged_addr_ctrl_set, }, #endif +#ifdef CONFIG_ARM64_GCS + [REGSET_GCS] = { + .core_note_type = NT_ARM_GCS, + .n = sizeof(struct user_gcs) / sizeof(u64), + .size = sizeof(u64), + .align = sizeof(u64), + .regset_get = gcs_get, + .set = gcs_set, + }, +#endif }; static const struct user_regset_view user_aarch64_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 9417309b7230..436dfc359f61 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -440,6 +440,7 @@ typedef struct elf64_shdr { #define NT_ARM_SSVE 0x40b /* ARM Streaming SVE registers */ #define NT_ARM_ZA 0x40c /* ARM SME ZA registers */ #define NT_ARM_ZT 0x40d /* ARM SME ZT registers */ +#define NT_ARM_GCS 0x40e /* ARM GCS state */ #define NT_ARC_V2 0x600 /* ARCv2 accumulator/extra registers */ #define NT_VMCOREDD 0x700 /* Vmcore Device Dump Note */ #define NT_MIPS_DSP 0x800 /* MIPS DSP ASE registers */ From patchwork Wed Nov 22 09:42:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168249 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207355vqb; Wed, 22 Nov 2023 01:48:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IEJGFZmdqfPePCuy6iKZu1HYDVecilzJSrkCjV1BXL563vsOCpU4co+3l6zUgJ8L6jalzmL X-Received: by 2002:a05:6a20:12c3:b0:18b:37a3:9281 with SMTP id v3-20020a056a2012c300b0018b37a39281mr1506820pzg.22.1700646482278; Wed, 22 Nov 2023 01:48:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646482; cv=none; d=google.com; s=arc-20160816; b=UAj8IEo8AkbeFPkbSML1FAaC8bjMzgZNpxDsSWKsVH6TlC2YxrrZwVJXeLaoB30l2b mM5qJe+0FDtLVwLrBh/QUWR+lBLRnWPCqh1cxBlt6lei0uQkPrx1PYv8pkT+CQ1hlRJ0 NaG8h8wCct59Pl+vJtf8Y5adKfORiK8fu2v+uSNx5x0zMGePFYvYWvLNJ+ydxeBWX/4H 5GvJYZyFDOxHgdNBEKfEihXwQ8i3Bnd04rkRg5K+DIAAPJE4pytXt8w0vi39eyApb9jc lWhfBVGU/eU88lAu/+ofnsECJNP4k5Y+/td64U/cSwSQkZhWZZgklWPtsCbQUGRx9Vt+ TZ7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=fzbo3KR4MOr1ZmKxTJQohTxFt954ex0BmbuXA1ZQ+UM=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=g8dk6o741uxSVa9swee3qtgMP9ZKLmbMLhhGH17qXWSLGpgE9rU91dbbfCLP2d+xHU Zvje1UYTUmj+XPMx++1issY5LW6ui8WME93WwMuOoOutdJghzGdu3fNrm5bwR6Muc+kI IVVFtl3H+SRUXS1XYgrtO4XDJFY0wJZBByRdsEopMTdEjE9zzHfqIn577ZK9WWZ3WQpr /oZF/hwIk2dYGTGkmcZOP+gxQs8wJBFUF3MJLAx24cMQmhGP3i/2Wg88M5HuGsKn+RxN 7DfFmq92XYplswWQbopPg1NsT5OUseIRA+bh8Zvmd76ICQP+4Adxtt24GQgATd35VVr7 +K6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="ZNt/mhOl"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id h6-20020a170902704600b001cc76bea4fesi11767793plt.163.2023.11.22.01.48.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="ZNt/mhOl"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 4792881F3335; Wed, 22 Nov 2023 01:47:58 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235354AbjKVJrz (ORCPT + 99 others); Wed, 22 Nov 2023 04:47:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343704AbjKVJrY (ORCPT ); Wed, 22 Nov 2023 04:47:24 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89ADC1725 for ; Wed, 22 Nov 2023 01:46:23 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 866E8C43395; Wed, 22 Nov 2023 09:46:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646383; bh=0y6nS2SVdzl2qxV5TcDCnpKi8YQvhWLC/gR5WsuQggw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ZNt/mhOldQGyAGrFdcd7zCoYi9c4Cpbfl611N1nCbvre1FYvH7Zl1qxYMHlLUXK/R oTr4pGgCl3ZqkdfLg9vxV823aJQE0eCLlAhRLaW1gT0pmdwjk38uP6NXqfphyDxggd Nce0uiHdxAcfp2N1Y9laenaA7HV7sOUFODNyqrBMy7XcrOzKnRNQTKmHrYboi3WFf4 QOpE3cQlVvo2KE6NieOOuSEronhIGHfX5fucm1ZO0NVH0NxleNUmMK8+wdtaJLpRNh bN4Wz6vhiC+V3XP1enBFhlP/PZm5aE6IiSJnXGkBC62BqC2W7W+tQNNElkgCPc4NEY Pt1AESbQWlpmQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:37 +0000 Subject: [PATCH v7 27/39] arm64: Add Kconfig for Guarded Control Stack (GCS) MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-27-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1372; i=broonie@kernel.org; h=from:subject:message-id; bh=0y6nS2SVdzl2qxV5TcDCnpKi8YQvhWLC/gR5WsuQggw=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0LjTRQMrZZBOJgPLB48tbG4uiml7CZIDEV5 uQD798eCNqJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NCwAKCRAk1otyXVSH 0Iq3B/9HlE8pfPFk2nuyqu1U5wC2TDnfo30tlZoqa72rjxWoZMeOZIt03d7ifiDGT60BAhV7DR/ X2q4ijl0gxsqAdoQTECIT09I17i0jhkg4sOrFnUM9S88Dc3B+OIQORdu8k6AozeCurJMkcd/ICY snWt5N0Nh2ox8T7U6IwsCVSrOZfctm8ylWDVAVHxsy53/DBhuI0FtT+rlbYGseRcYj1zRLPXpf+ BVttx7Ntz2AelFYWVTuV1+GEKIwFIHMxKR/QSrU8uS9CzItwTUAOZKN30cLz7YqjsJMsYAnSVKN Bd8Eqt+f6s9NrIoUWZmOF8FfRH4sNLQwPl0XXWRCxkdsmJNx X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:47:58 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257085910815637 X-GMAIL-MSGID: 1783257085910815637 Provide a Kconfig option allowing the user to select if GCS support is built into the kernel. Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7b071a00425d..05cffc0f5786 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2078,6 +2078,26 @@ config ARM64_EPAN if the cpu does not implement the feature. endmenu # "ARMv8.7 architectural features" +menu "v9.4 architectural features" + +config ARM64_GCS + bool "Enable support for Guarded Control Stack (GCS)" + default y + select ARCH_HAS_USER_SHADOW_STACK + select ARCH_USES_HIGH_VMA_FLAGS + help + Guarded Control Stack (GCS) provides support for a separate + stack with restricted access which contains only return + addresses. This can be used to harden against some attacks + by comparing return address used by the program with what is + stored in the GCS, and may also be used to efficiently obtain + the call stack for applications such as profiling. + + The feature is detected at runtime, and will remain disabled + if the system does not implement the feature. + +endmenu # "v9.4 architectural features" + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y From patchwork Wed Nov 22 09:42:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168252 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207408vqb; Wed, 22 Nov 2023 01:48:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IFjzP9SH0rN0P6u35zKtwt5iYrSE4aBpcBjhObzyyQABx1LBIaM8AEEj6Swsa688RoRZlLt X-Received: by 2002:a17:902:6ac3:b0:1cc:2a23:cbab with SMTP id i3-20020a1709026ac300b001cc2a23cbabmr1722190plt.27.1700646491796; Wed, 22 Nov 2023 01:48:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646491; cv=none; d=google.com; s=arc-20160816; b=yruogYu+Yyb9Du/3dQxNvENl5A5XuCau/oe9GJ0HyBASsA0K80bzkWdhNIkd9cyI0r +JO8xbLU+bzW+QueLVTQWOFH+MmYHld7VxxPalKnej+pZYDMWhA74rRZyi4vbB7FRRKh 67r5iEa9q5TB3hTDG4b2W2fV0xHtreRxJv59FHbuUkD+3fqnTXWlJR6dZWH0Hw8XcBPI mzOw2Vh79HZrI5Et8sOxeUlZXyB+gRhY+/xR7eZ/kwWojusKuYs1Ykv1ujy8WZ7bKUz0 /gC8LbEvAA4hRImFN6eZe7N2SUITqMN/aPmniQfq+zzW7KlpLiCOpu8+zGuEhln6Ur7V NF2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=ca9++bFNJIk1cLKn1TH2rm1ajrTk7LHzLeyWpvr3bRM=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=rUDipnBdIHNei6CNcVzDD7vsMirmuI0f3Qc6ASNLkXf25mUL0xj5wiF3WHGSD9RSow cjkt/C+d1cP0NIXJXRMLisZN+aGlNX7945zvqHZZchEGR6VGUPIkvj2AUSVUKuili8hQ 61N5MlT6mYbHZmJZN4mc3TAglEFhcEsgl36TLRF8/XH3qfN9ewex/wT9jHCNKsFBDIBh QSkjDVSNBwv8wItwBDymjanDWAvMaG+iPQ/JEc/3Z4DjR7HFU/jK4jDMnGm2F/Q/htoi q0Wl9mHOYaj2H5SCwtdfB4l750PODx2Lij1d9oz1IArOw4mYxDG7DylxwiljxmUhdoCT vBaw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fUa44Bi6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id i4-20020a17090332c400b001ce16042690si255152plr.323.2023.11.22.01.48.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fUa44Bi6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 82F148163C30; Wed, 22 Nov 2023 01:48:07 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235243AbjKVJsD (ORCPT + 99 others); Wed, 22 Nov 2023 04:48:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235122AbjKVJrf (ORCPT ); Wed, 22 Nov 2023 04:47:35 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1ECC81737 for ; Wed, 22 Nov 2023 01:46:32 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9A99AC43391; Wed, 22 Nov 2023 09:46:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646391; bh=I+uVw8aipGa+8Ns9k+b3dq26kNHNXYgyRv4lZpoE8Nc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fUa44Bi64x8jXoE/MvI8BIoiZzNypKXZeeiprmYPWGJR3lX5FGydI1vtuAYWadks7 UasgH5m/KtJQsDRJFu9SVTzRRZ09vZBslyb0Ho2ASTSMbx7DP6p+CS8+ianT5KLmas tJXDc07OIjutHkKJCdOQ9rbHFcS+M1Xk9x0/2ZDaXRW8l9gWOsMXGxNr64kYyyP2wN wkARHPE4CLrm5Ok5GqnIBpxAl47axEAxsh9fxCbSQqsYrNum0vfC6FHddFrleyQ0jj 1fispSHLot6aPOIBz5WXtqFTgm3jtICwL5ybtt6OQ3R735RlkVitJiiQ8Rd9rwhnj7 yf08/Sy6l7Hug== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:38 +0000 Subject: [PATCH v7 28/39] kselftest/arm64: Verify the GCS hwcap MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-28-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; i=broonie@kernel.org; h=from:subject:message-id; bh=I+uVw8aipGa+8Ns9k+b3dq26kNHNXYgyRv4lZpoE8Nc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0MyzVIJO4Kid9gCsCQr45ifThlTEHkARV/j UTsXVxwqbuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDAAKCRAk1otyXVSH 0PTmCACERewHlO0lUDAx7VBob22qNqbBIi4nI0finRcfRAMHGdVUVIxWAqs+6UQtEQWTanwoxxh RHNYkE5AnkhBIVqgo9rPkkciwxmqsPMafm9s1H0t/nysi4FdiMxIMpg6pQt0D3ydQ1Psg/yCml7 nbLsDLWDnrT2PZBbwMSZdbxpf6TLjfDdFnf2PqTp7lJXdovzdfaZM83h4amYvIT+snl3MZDg+DE yO8Tc24qt+aAP5Fbjm4kLsSFx2poUdmSadKGczZTZxfOnsCSNiQjkj2FshEGptZPCYDyN1vmU0z I1pxYkitO980tsJqitFcBPPgoo+CvzMYooor7SZAL9CXXBHj X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:07 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257095882907040 X-GMAIL-MSGID: 1783257095882907040 Add coverage of the GCS hwcap to the hwcap selftest, using a read of GCSPR_EL0 to generate SIGILL without having to worry about enabling GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/abi/hwcap.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c index 1189e77c8152..bc9e3250a9df 100644 --- a/tools/testing/selftests/arm64/abi/hwcap.c +++ b/tools/testing/selftests/arm64/abi/hwcap.c @@ -63,6 +63,17 @@ static void fp_sigill(void) asm volatile("fmov s0, #1"); } +static void gcs_sigill(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); +} + static void ilrcpc_sigill(void) { /* LDAPUR W0, [SP, #8] */ @@ -360,6 +371,14 @@ static const struct hwcap_data { .cpuinfo = "fp", .sigill_fn = fp_sigill, }, + { + .name = "GCS", + .at_hwcap = AT_HWCAP2, + .hwcap_bit = HWCAP2_GCS, + .cpuinfo = "gcs", + .sigill_fn = gcs_sigill, + .sigill_reliable = true, + }, { .name = "JSCVT", .at_hwcap = AT_HWCAP, From patchwork Wed Nov 22 09:42:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168253 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207516vqb; Wed, 22 Nov 2023 01:48:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IF6BnuYNARV/EOD++Rw7lwYH/7fIr5meONQBD8hYusQFVdBD8CddKFvftqDH30ppuM7swor X-Received: by 2002:a05:6a00:c90:b0:6b7:18c1:c09a with SMTP id a16-20020a056a000c9000b006b718c1c09amr1794367pfv.5.1700646506469; Wed, 22 Nov 2023 01:48:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646506; cv=none; d=google.com; s=arc-20160816; b=Wdio1WVD0Vjh9haDJ3A2layB/GKCO4bjcI6xqLq58rhOil6JAktUH/jd3NzC2DJ/x4 uwtThSsvoBkerx7ZgnTNC5AUVvz7scrozvr1hhsDLA0KIrt5nX1XuAnEz0Uh+mtV8Znu QAVYeGkdx1KQC6RexPF6bpJbvoI7GR/0cYT4KKRgv1XrD5cl2JDQtvDoO54MIIzeHtc7 O7EnWKdjgOC9O53ugYG9lV/8XK+VRgb7Lx6ydMhqDAazJhbCCJSIZhYnGgZtJPJMTXDu ACY/+Lp3FlcUAQ8RJXydIiVLWpENEqvZEquGHkRLzs1BI5G/+2NmufF3hQX4UHuSoGwY Vi2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=+yPK72IDWPizGwnzq/hEJFw0qTsKEBkl+c/fPfZYSgc=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=c8y3nF+hJGiKMefEfvakLvu3aw7VqYddIpWyQLE+YEcZxeZUM8l+V6ROPzBbNZU1/w QIjLzBzDftT2TDzwttStzYUoRdspmk1xdIu7UNi1n49K9QsWww8pSgJHiKKFbx3NNNyj t+FM8qO3xYfPH3IwGfnQNq39rr8l9Iv/rBCqlu4WAdEf+aXdGrZ/W4beuvUJfzoYbvbJ TABixu/nDu/SGNVU98IHtboADk0ucvdoTCHPTfBDGAA2aPy3gPgkU/WUE7QadNO2/eGb aqXKwHFA+7u2ejIja/btndzBDIv45aSBDTZEj4/Q3YIlKjnKfx/vVZuHeiAk9oFK4VSC yxUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p3JwdAwl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id 36-20020a631464000000b005be1ee5dfc7si12464424pgu.9.2023.11.22.01.48.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p3JwdAwl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 6B4C881EEBCB; Wed, 22 Nov 2023 01:48:23 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343717AbjKVJsQ (ORCPT + 99 others); Wed, 22 Nov 2023 04:48:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343718AbjKVJrp (ORCPT ); Wed, 22 Nov 2023 04:47:45 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3A5710F3 for ; Wed, 22 Nov 2023 01:46:41 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 495C6C433C8; Wed, 22 Nov 2023 09:46:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646401; bh=eI3VK56kyhvq7JOnBJXgl6j+EIFmz1Cd350CxZrMcNA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=p3JwdAwl1IwDl1cRu279YeAAcZ/jDDNBFvD6epk9Cj3NAtBjknB4UKuxychR75RtB FhjbV32JXVmGGIo7RvOYvZI21X1Va108tpxqaoXhAlxRto69QxeD4jrYLKfxzRH+xS fS4SsKyIPwP7gr6HZsK/zCT+FGosjhk9bH6qPcKXRN5/Gg8IcmfmTi+fnplKR0d3NB d4XtyugCFtLBNbW2QMhR75JadHd3ITyQBaQ4BS9ZMhBgxqaRG6GWK5XglKVU3qBEyH 51/2dg7wqDRYv0qDxXDHavJlTBhDl1MK0iQvFuQaTnqc0cUJPWw7BCj4c2ii5isa1m 5uI1oYMi+XrMQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:39 +0000 Subject: [PATCH v7 29/39] kselftest/arm64: Add GCS as a detected feature in the signal tests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-29-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1828; i=broonie@kernel.org; h=from:subject:message-id; bh=eI3VK56kyhvq7JOnBJXgl6j+EIFmz1Cd350CxZrMcNA=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0MpoaH+B7so44Op51dKDPnZ+HR/liFSB4lO rxQeP/wL7iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDAAKCRAk1otyXVSH 0OPrB/0bYwxvcTBgjII2I1FWsRdgrDk0RAdSe1MhLGxQngmZhESoEneo2Hq5C+22QiDRyqPOBWG NBhs+DcJn2N8QakBKktW1j2hZa/f2Fq4KvqQXWzEzaozqttPg3+lRVUc/+5XW2a+SMylEt1YziP D2jfrKJj4dayCnvjh7KLRR9I6EXK8+UH3eNDRgBoO3xugNgtV822vuRQkc43QiV5uAvpfJ3I5ZM ddSrXmzHk2QU0QffGhU8k1hfn4I2IqmpsZW99HiDapofjAKTjk9jUeKd4kbu3X+PH/DOibREYO3 VHJNr+Al5/4t9DoAy8UzphVB0ymspKLRJlwLJbX6p/eOOAfu X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:23 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257110829256085 X-GMAIL-MSGID: 1783257110829256085 In preparation for testing GCS related signal handling add it as a feature we check for in the signal handling support code. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/test_signals.h | 2 ++ tools/testing/selftests/arm64/signal/test_signals_utils.c | 3 +++ 2 files changed, 5 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 1e6273d81575..7ada43688c02 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -35,6 +35,7 @@ enum { FSME_BIT, FSME_FA64_BIT, FSME2_BIT, + FGCS_BIT, FMAX_END }; @@ -43,6 +44,7 @@ enum { #define FEAT_SME (1UL << FSME_BIT) #define FEAT_SME_FA64 (1UL << FSME_FA64_BIT) #define FEAT_SME2 (1UL << FSME2_BIT) +#define FEAT_GCS (1UL << FGCS_BIT) /* * A descriptor used to describe and configure a test case. diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 0dc948db3a4a..89ef95c1af0e 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -30,6 +30,7 @@ static char const *const feats_names[FMAX_END] = { " SME ", " FA64 ", " SME2 ", + " GCS ", }; #define MAX_FEATS_SZ 128 @@ -329,6 +330,8 @@ int test_init(struct tdescr *td) td->feats_supported |= FEAT_SME_FA64; if (getauxval(AT_HWCAP2) & HWCAP2_SME2) td->feats_supported |= FEAT_SME2; + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + td->feats_supported |= FEAT_GCS; if (feats_ok(td)) { if (td->feats_required & td->feats_supported) fprintf(stderr, From patchwork Wed Nov 22 09:42:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168254 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207603vqb; Wed, 22 Nov 2023 01:48:40 -0800 (PST) X-Google-Smtp-Source: AGHT+IE/PEinZYlU7XUUlpKF/tG4F9AAx8E7eS9qffdAwCgd6nWoQHAskC1OwKxrHw2ZyeSFcsl8 X-Received: by 2002:a05:6e02:1a0c:b0:35a:f493:5667 with SMTP id s12-20020a056e021a0c00b0035af4935667mr1780820ild.20.1700646519979; Wed, 22 Nov 2023 01:48:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646519; cv=none; d=google.com; s=arc-20160816; b=PrpXSKBAXZyDIThgFb2XUjHogIzGqwrpDP8IUtXKOWxUkS4fE/qUMwlH4DycfDLnHB 89ktqIsLqti0gs31hcEskSQ7rSdS+Hb1SZ9iAWA4uR/CF7B9CI7Tftn7OgA/QtIqdBh3 wzdjY4607GzqKyW93Ff9s2Gg4lyPOEOK3f6qu/2O0sC7lE7OzxHOqIspFbj1eYiOpzvP j5sPGofKQXfCbFtZM+gi7GNqXqGt7LbYg+xkQGZFDDCXwSUeYh6yM6s1bqw6UQRkgEu7 s3VwOgU9/rr6iiG4uhU8OppOVk2S1Zvsly/xQq39IE5xqTC8pVrI5X6Yk1T2Y41L18bU moIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=y26ddMOg9K/y/tJ2sKEQf/YeocVRTVypBE9Q+/+9A7M=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=ERU4e18ejMhD4JYR6sbUMEh+AcRdEmmCdNUJhNP/BNAZA1/kuHRVDjQkby6ob/jlVm XOssk+XVfiA7N6LL8Kle0EZuS6J4qGO5hRaFzvIYhL60G7dxf+5OM8+Td+p0ojqauPYK w3oErzqZJCmButs2hoxVW19qoLE4HhlDCRGiKP//RbqGYEfsKBvY7r3GY0xN/CTUrupM PCxU+GTmbw4Q/3JTj1aM69M40iRa96z//z7tW7Eq8yaSGvfyoAiOpkS5cFXYCQacEzB9 q5Te65oaBNYpVFROLS0CoWTiyNOAM19WFzKDWzORrmQYBnsU+Wg0RMsVfOAUwYRSKmJr Wo+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PZ1Wx9Tk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id h37-20020a635765000000b005be1ee5be76si12012340pgm.373.2023.11.22.01.48.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:48:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=PZ1Wx9Tk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6E06E8163C16; Wed, 22 Nov 2023 01:48:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343573AbjKVJsX (ORCPT + 99 others); Wed, 22 Nov 2023 04:48:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343676AbjKVJr4 (ORCPT ); Wed, 22 Nov 2023 04:47:56 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38445211B for ; Wed, 22 Nov 2023 01:46:51 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8857C433CA; Wed, 22 Nov 2023 09:46:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646410; bh=T2ruSLpA9W494zUv5Qepx8+aOeVctWYAUnjtvSwySvY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=PZ1Wx9TkLoV/X+IrvGpvBxm3p6Izmd9GqK9jyOJc9sy1HNqn/hpBB9IDGY/YnItPC FxNsykRf6mVt0YMlfyr+sN6Ms9T7RVQaFkNsTC97fEZO+fUPVL3W+m9G0jzYB6qJvU fcOq4KiCnX3OIM7tYWZAgS1Dfpg9op6/746si+Kwinx4ZMTj3QHxm/4lY+A9etL2tm 3tDVaZcBXqr6AloxwT6VSntqHTUxAhWdYRr3+uHHBcI2CVZGpeWf/WO77bzijAhQMP IgOKUS9jtIu55IdkUoQbVxx5C6B0g0nizVlIJwBO2KFoLMsKjJTn1z7CT9vjorguIK mbuF/n9+xD0Xw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:40 +0000 Subject: [PATCH v7 30/39] kselftest/arm64: Add framework support for GCS to signal handling tests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-30-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=1590; i=broonie@kernel.org; h=from:subject:message-id; bh=T2ruSLpA9W494zUv5Qepx8+aOeVctWYAUnjtvSwySvY=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0NR2aczxjlGYq03aKOVjt4W10C6p38XrK+J oS87f9vTxSJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDQAKCRAk1otyXVSH 0Ad/B/0VsxBXosT03kzkufFFapLPj6qQjPHPpPO24L3muhblnM2KlRjG3UB0MkKu0OEUIMVyUho SY91EGTkHNCVXdHw/Lpc1koXFKbfRMmvqbBknEVQQu1QuaxEHVqSeecnRQ8PvGmxep+HblX3Qgb KR3G5zVXW9eN7I2W5giFJfKIIVQ8LQDfzz89bwRkq7w/kCa7nvvQSOYd0aY7jokuRUL7OrvZL6W jk+8SBvujVBd0652MR+Sut6kI5bVnfQMcKoXiaAFeUEuhmIbkk7sG3L2Kd3VY6lOxsTMibSGZL+ UgM9uLhNy73cMheqzSwzPPmyYw652KL+eUp2gxUIYbYB5b4J X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:37 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257125642187530 X-GMAIL-MSGID: 1783257125642187530 Teach the framework about the GCS signal context, avoiding warnings on the unknown context. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 7 +++++++ tools/testing/selftests/arm64/signal/testcases/testcases.h | 1 + 2 files changed, 8 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 9f580b55b388..1cd124732be4 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -209,6 +209,13 @@ bool validate_reserved(ucontext_t *uc, size_t resv_sz, char **err) zt = (struct zt_context *)head; new_flags |= ZT_CTX; break; + case GCS_MAGIC: + if (flags & GCS_CTX) + *err = "Multiple GCS_MAGIC"; + if (head->size != sizeof(struct gcs_context)) + *err = "Bad size for gcs_context"; + new_flags |= GCS_CTX; + break; case EXTRA_MAGIC: if (flags & EXTRA_CTX) *err = "Multiple EXTRA_MAGIC"; diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.h b/tools/testing/selftests/arm64/signal/testcases/testcases.h index a08ab0d6207a..9b2599745c29 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.h +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.h @@ -19,6 +19,7 @@ #define ZA_CTX (1 << 2) #define EXTRA_CTX (1 << 3) #define ZT_CTX (1 << 4) +#define GCS_CTX (1 << 5) #define KSFT_BAD_MAGIC 0xdeadbeef From patchwork Wed Nov 22 09:42:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168263 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1210521vqb; Wed, 22 Nov 2023 01:57:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IGrCWp3Dkmp994Bhx5E0Sk1sxwHY41AQjJjO9bVtN8i8tRlA9tKRq0LvnwbaKcv27NSphyd X-Received: by 2002:a17:903:18f:b0:1cc:6e8f:c14e with SMTP id z15-20020a170903018f00b001cc6e8fc14emr2430783plg.15.1700647021011; Wed, 22 Nov 2023 01:57:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700647020; cv=none; d=google.com; s=arc-20160816; b=SfvHuYDbLc/uoorj2Z1R+dcgMlKqiFIm5TVmFjRFGVooJIcaPKP0t1RMLYKdmPbNuZ ImMcbFW9sn+vx4pmvUVnhrSYjjLimv3fyUUpoySVPFbH+SclaG6iu0MeWGdIB8KS4pnc sITivXKDhfDScDGf0zuYbH/mwF//vsAUAvJpCYfxMFjhR/FV4wzFlWyNPPTlBqFXGVqQ cTmXW3k8idUZAoOwC72PqwajylfXJKytBJ7tTHAJ076qvvd4oTlIHKIZ9FVWjx+8iU+i RcJcRT5IjfGR4SHPbzUSbU2BMXsvbu7Bx5KWHyfgQagH5H7/H+Iuwfch1BFSKe7LqtQB wyQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=2ozZbRaYs/+0MGSubF2558RGu/iy7kUlYOSh8sIY7uI=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=neMAT1dTAcaIFsdFjf2gc+jisjoso7JC8BAlSGN87qdn4+wz52lckJr3zkislt5H8l uCS64V9WO/CmY1oTPANqsyUZfIXUh6V/o1lvbL6e0BaePuMoCk0NjMlwNvtdJJM93kZO t6vJ8ZkaOdOZINSKQoxqjV+d1rnVhVq05DLtsUHxaLzDIu1JL0NdSMSeIXAnrgUOtHzz xYviAt5JIEb0YLeo6eR0J8mcSBnqZ4PbhkiIsFOMJxvIw4h1nYWo0c79Irt89XHo/Sbc dUItYUbtpSYHOYON49qCIQwadR9vmeXLOmGSIFEDgQplwL+J7k+yoXDr7H0kfqdDm1xo R3nA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=syOMsnFW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id q4-20020a17090311c400b001c753d6b95fsi12835157plh.315.2023.11.22.01.57.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:57:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=syOMsnFW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 6BC3E81ADB46; Wed, 22 Nov 2023 01:56:58 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343731AbjKVJ4t (ORCPT + 99 others); Wed, 22 Nov 2023 04:56:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37358 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235433AbjKVJ4l (ORCPT ); Wed, 22 Nov 2023 04:56:41 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76793212E for ; Wed, 22 Nov 2023 01:47:01 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6C568C4167D; Wed, 22 Nov 2023 09:46:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646421; bh=qxIqlAUMc2bBTJ1O51B6Tb6fnmxFBkD4x3sOYOI7QNE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=syOMsnFWzOG+xmHUkIsaKs6NTpc6AaYK4nG1MDHbqXgrSkOqjN7up45LrEl5p7Kj8 Ym73t13eE56T+NFw9qfvMT6cKIN/58qjCmJqzZxAJ1kGvbKFLul5nd9dC6SQUz1jrA EXxSfZQgZcLsl/twjdlg0vE6CSiRLXxi/NK/28aJYlwlXlwyWmtSXRBJT/xwFsHoxv cnjdJbcrEHQku+7vy1h9M37JgKh9Q68/onZlKJEqYCHDVnv0PkCs/RRlNmSkgV+RF4 oOhzEu7XmVtkSX4RB82dUstRQ0AKsXe8scyUjoFXpHdqZZGidv6d7sY3xjsf23P0T0 9QQcGPMdtp0aw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:41 +0000 Subject: [PATCH v7 31/39] kselftest/arm64: Allow signals tests to specify an expected si_code MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-31-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2627; i=broonie@kernel.org; h=from:subject:message-id; bh=qxIqlAUMc2bBTJ1O51B6Tb6fnmxFBkD4x3sOYOI7QNE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0OiKQHWj96U6Iv+vrEb7owlLDF7A+UeVAJW s3BN30QZ7mJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDgAKCRAk1otyXVSH 0Cj/B/4v4VwoMeU53pDf1fNeG//YL1WSnuk6c3A7i2dDESTIut5NK5DCoQTU6va5PSrNx6bHcHQ U209ci3F/Zr+o/E5MK0xtlUtuT0eeijo8MCPj04SF2s9C7Dh86AMZ5nTAvggAIsFDYLgQgOmNM+ XlQhib+aoBQStnNJmu+VdxLsNvBqIxdMk0E5RP7S8lMT9FNHmPXIsAfuYt4IpvN/kglnDyFWP2g AlBAMocbBXbx6N9D+rWLO3KOz7hiQ9AVkz/OUwp5hFzfb6hy96kQW529H3py/8jX/rxRH/DfOlw srt4yM6xjmvQ1TSj6Nvsge/pgI2bILXYvrzKkwYSC4BlkQsu X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:56:58 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257650603696465 X-GMAIL-MSGID: 1783257650603696465 Currently we ignore si_code unless the expected signal is a SIGSEGV, in which case we enforce it being SEGV_ACCERR. Allow test cases to specify exactly which si_code should be generated so we can validate this, and test for other segfault codes. Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.h | 4 +++ .../selftests/arm64/signal/test_signals_utils.c | 29 ++++++++++++++-------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.h b/tools/testing/selftests/arm64/signal/test_signals.h index 7ada43688c02..ee75a2c25ce7 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.h +++ b/tools/testing/selftests/arm64/signal/test_signals.h @@ -71,6 +71,10 @@ struct tdescr { * Zero when no signal is expected on success */ int sig_ok; + /* + * expected si_code for sig_ok, or 0 to not check + */ + int sig_ok_code; /* signum expected on unsupported CPU features. */ int sig_unsupp; /* a timeout in second for test completion */ diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c index 89ef95c1af0e..63deca32b0df 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.c +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c @@ -143,16 +143,25 @@ static bool handle_signal_ok(struct tdescr *td, "current->token ZEROED...test is probably broken!\n"); abort(); } - /* - * Trying to narrow down the SEGV to the ones generated by Kernel itself - * via arm64_notify_segfault(). This is a best-effort check anyway, and - * the si_code check may need to change if this aspect of the kernel - * ABI changes. - */ - if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { - fprintf(stdout, - "si_code != SEGV_ACCERR...test is probably broken!\n"); - abort(); + if (td->sig_ok_code) { + if (si->si_code != td->sig_ok_code) { + fprintf(stdout, "si_code is %d not %d\n", + si->si_code, td->sig_ok_code); + abort(); + } + } else { + /* + * Trying to narrow down the SEGV to the ones + * generated by Kernel itself via + * arm64_notify_segfault(). This is a best-effort + * check anyway, and the si_code check may need to + * change if this aspect of the kernel ABI changes. + */ + if (td->sig_ok == SIGSEGV && si->si_code != SEGV_ACCERR) { + fprintf(stdout, + "si_code != SEGV_ACCERR...test is probably broken!\n"); + abort(); + } } td->pass = 1; /* From patchwork Wed Nov 22 09:42:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168256 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1207779vqb; Wed, 22 Nov 2023 01:49:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IGiV9rXiMiqcoK9KQouMN/XpYq95jnmbnR6YB/3pnEyXUkX62mzbORKynL8vgdVfA11uNMy X-Received: by 2002:a17:90b:33c8:b0:27d:6404:bffc with SMTP id lk8-20020a17090b33c800b0027d6404bffcmr1953964pjb.1.1700646550889; Wed, 22 Nov 2023 01:49:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646550; cv=none; d=google.com; s=arc-20160816; b=ZPXWbKWvQLuu/34DcX5zYNwpkSh42gkincnigVmqYlJrkmJwKiKOv21QoRuBb6szHO jvGxlLg18//KRpFbbBhumu+n4Bx5oyopSq7JccfHBeruLmSlUtkaNuBDhGLeXK3XyZt7 Eo3E4yD4XB+QlkjMXLeDIqYOr5iOez3i+HiKz1wGo1TxlUm6MPqHivjPiEqLc40+4FEm YEPMYZSiNQ4xgRvDjBVtXWt1vN+3AjJTBWdLYu9zY/zMLeWdq/OgllIkUAUtp+W5RBQF DIrP3PyU3x3SED4O62s/ROgIlSNoG/ZcAFHezc+Uqg2KC0qtk3PzyFHPOsXROE7ypFel zeyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=WdLZmli9vg8t6fe84vUBdKw/nM+D1l+ZQgyfXgsT10E=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=CpexD/tpd/3FK1/teajEr+79Vj7dNppPnM9YBF5TAqieVM3/os57UmtzpOHVu0FxaR HWWCD/F3hz45TqKUW5dtQFnQ9wanQCMXAfmH7wxYRNQLcrYaPldE2QMkT2hLnhGgfuzJ 15Lyh6NN0J78k4kzulzz9RnLM1gRHhFe2EgZs5Z1pRjT4uSL7if5kj9nBza840aTpY31 Lw2DxumOH/2GB81dFH7lb5p0/Q6AkwJ1JjrXkOsh1ns6ZBDoq58WhMw76wuzEAGJA+Wk 7zT8oKDDaoPMJCJkFpDPptIotWwjFi2lLHxCPjz0Ffm+SaPh3+D6rHLMfRp8GmWqkUZh dIjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y9kSWTAV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id lt21-20020a17090b355500b0026961fdd37bsi1079588pjb.97.2023.11.22.01.49.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:49:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y9kSWTAV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 2A6958114ED5; Wed, 22 Nov 2023 01:48:59 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235397AbjKVJsn (ORCPT + 99 others); Wed, 22 Nov 2023 04:48:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60506 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343716AbjKVJsQ (ORCPT ); Wed, 22 Nov 2023 04:48:16 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED3C419B5 for ; Wed, 22 Nov 2023 01:47:09 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 88DA2C433CB; Wed, 22 Nov 2023 09:47:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646429; bh=b3DUElLZ+Soh0Lccqy2ZSImkcM7zO9jMiCyb9nDJSwQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Y9kSWTAVK98zhtVsyhDnKInGWdD30T07Ake/yR4jhC/+XLRShZE6i/o1V6NRBUhLz Dxrc74iwZWGjxvodTdGkItzPGoLKXLdxFS2Kgf26ynO1y5UO6mFbuGEYFRezPYZ3SN BJ6+Cpt7eYespf4hYmoUEvmoRFweNTPbyCFCCMewFKq5ZNXVlAgNurJYmvFMgcKAoz 6A5VkqVZkQux3aS2rdDhZOMzrDvsDBVF7gmWW8Wtj1s1MwxG9PDWzmbqkEHXCrQaYg nTZt+W8U2etS7jdzyurIciWhdn9ueX+xYQm+Qiv9r0ECdsUBfiYa9tDRxTCLuOOVc8 ssLs3BiYaclDw== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:42 +0000 Subject: [PATCH v7 32/39] kselftest/arm64: Always run signals tests with GCS enabled MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-32-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3590; i=broonie@kernel.org; h=from:subject:message-id; bh=b3DUElLZ+Soh0Lccqy2ZSImkcM7zO9jMiCyb9nDJSwQ=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0Pq69NiV0DZvuQOBOHTJq4Hskdu8ueWsh0A OXrPDovxWCJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDwAKCRAk1otyXVSH 0AvKB/4gIm6EQumGj0Sww0FN0GocO/C+BLqTbwD6sziQA+cF0OfObYvSHOKFbMlhgZBDcbxRj+H 28uewK7t1SSYel2V8C+ykywrGEfBsUBjsriI5E5CfKOsPUhqtYwfEvHNoVySVobx5Rc1uodWehE wD4kxoZug4GzX0A1HdT4HPvZzCYUzCDXeyINi68DPqWrwit2CvDnkhjf8gGKqotnS4KnvHmhtcG C29Newlq2zS23qzht35JcPjfcn8Y1kR1IcN6GlS81iqTMkIEXYrjUAOl11+nDynG8e7kSOrapK7 71JfVueE4JJPVZeyyV05a7VJNsMwlN+yEcRjJzeJj1TAN/mD X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:48:59 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257157825544194 X-GMAIL-MSGID: 1783257157825544194 Since it is not possible to return from the function that enabled GCS without disabling GCS it is very inconvenient to use the signal handling tests to cover GCS when GCS is not enabled by the toolchain and runtime, something that no current distribution does. Since none of the testcases do anything with stacks that would cause problems with GCS we can sidestep this issue by unconditionally enabling GCS on startup and exiting with a call to exit() rather than a return from main(). Signed-off-by: Mark Brown --- .../testing/selftests/arm64/signal/test_signals.c | 17 ++++++++++++- .../selftests/arm64/signal/test_signals_utils.h | 29 ++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/test_signals.c b/tools/testing/selftests/arm64/signal/test_signals.c index 00051b40d71e..30e95f50db19 100644 --- a/tools/testing/selftests/arm64/signal/test_signals.c +++ b/tools/testing/selftests/arm64/signal/test_signals.c @@ -7,6 +7,10 @@ * Each test provides its own tde struct tdescr descriptor to link with * this wrapper. Framework provides common helpers. */ + +#include +#include + #include #include "test_signals.h" @@ -16,6 +20,16 @@ struct tdescr *current = &tde; int main(int argc, char *argv[]) { + /* + * Ensure GCS is at least enabled throughout the tests if + * supported, otherwise the inability to return from the + * function that enabled GCS makes it very inconvenient to set + * up test cases. The prctl() may fail if GCS was locked by + * libc setup code. + */ + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) + gcs_set_state(PR_SHADOW_STACK_ENABLE); + ksft_print_msg("%s :: %s\n", current->name, current->descr); if (test_setup(current) && test_init(current)) { test_run(current); @@ -23,5 +37,6 @@ int main(int argc, char *argv[]) } test_result(current); - return current->result; + /* Do not return in case GCS was enabled */ + exit(current->result); } diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 762c8fe9c54a..1e80808ee105 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -18,6 +18,35 @@ void test_cleanup(struct tdescr *td); int test_run(struct tdescr *td); void test_result(struct tdescr *td); +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* + * The prctl takes 1 argument but we need to ensure that the other + * values passed in registers to the syscall are zero since the kernel + * validates them. + */ +#define gcs_set_state(state) \ + ({ \ + register long _num __asm__ ("x8") = __NR_prctl; \ + register long _arg1 __asm__ ("x0") = PR_SET_SHADOW_STACK_STATUS; \ + register long _arg2 __asm__ ("x1") = (long)(state); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ + }) + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) From patchwork Wed Nov 22 09:42:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168265 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1210668vqb; Wed, 22 Nov 2023 01:57:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IEVfr7OdRpuTEfMp47zfUdbQkv80jXhZulWQqmOg/qDdlgsy0ItOekAJFrA7jFs0b1MuJQ3 X-Received: by 2002:a17:90a:d57:b0:280:85a:b425 with SMTP id 23-20020a17090a0d5700b00280085ab425mr1710290pju.49.1700647046068; Wed, 22 Nov 2023 01:57:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700647046; cv=none; d=google.com; s=arc-20160816; b=ZVLtkyhxAwOr4v+doN9gOtXS9thBhbyWnW1fEqe3V1fW/1nlAl0dyk4pbRtfbO2dAZ VJ7sQiqk3LIpP7iua5plDFnoi9jMsjNGKFMmnUsIeAKAhv6J3MTxqKTLlx2qv6SApLxB uXP7OGPjYJ8so/h0OOFbnD5xiNHnOotJfFy9dhJnN/1dBU7oymXYzp5L4zjeesLvL5sB E/8L2oPMq21TTrko1lm7B99/IKEh2yax3wig9qTLMC7gCPgG297RJnX5Lm3ZluLlrYiM aSsnFVbf9ISZzDIF6mOfDOWpt71fulEIeMPdm8N1onen8ck07XQtpzuJ7tvyMz85+f6s HTLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=IyLuedUWxIuVW+hBuiGvQQhpvyZuGLxwcGsJToJTFpw=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=GVz24cPXEzKtWGrbVwOkogZjz7AIRlG/X0LBvBVrhsmxKyo0RFO95J92AOiyNnaFjN /MGeOs2ukL/Bprpk8jxHj8xCGvOBkHWs5w0dsIfQ/1S/77uBwSUKOyDQnmG1DsqZ7fp6 YnpX6Qze9aFNfFtj8N6VNdteJxBbcirGzimtexJI2IeDufgNzzRL+7jJQ8bO1eDQ03OQ HfZmJsAdYvD6p86EKFoQIovs1mxOi6xlNJMDzcXEtRj99/+rJTMGb4LMTZlTy3c14IpX d6nOMdTabU81w8F/p1/bgAwgD0tvuNy1mh8DSE3fa1koHZDjD4KKoPMNMgObWcZwv9i9 rO4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mrQEru6U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id pv18-20020a17090b3c9200b0027d4684804dsi1213472pjb.122.2023.11.22.01.57.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:57:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=mrQEru6U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id B897581ADB7D; Wed, 22 Nov 2023 01:57:12 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343750AbjKVJ5E (ORCPT + 99 others); Wed, 22 Nov 2023 04:57:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235347AbjKVJ4p (ORCPT ); Wed, 22 Nov 2023 04:56:45 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA291D47 for ; Wed, 22 Nov 2023 01:47:18 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF758C433C9; Wed, 22 Nov 2023 09:47:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646438; bh=fd8/cfgrFfzpt2lwLCcC40w5n1WmV3tDKMJNBUAz6S0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=mrQEru6UqcQG3kmh3zGDnmQlXjA0eIKg8zenwv1l/XR3Dg7szS339bGIZh9BFm1Yk P1AIfRE2XzOMbX/PuCKYsMmKkpi2972srVgCpJYYBG3wITIgz9Zyw55f9UNoj77FhE FzIlVixUqKmjSUPDH60z5vYW+0+kVgeP+7yW8Ul3Y4XOxJjc0HX38hmrh61CxuN9To ZUirmXZ7+WbL1G8x1dT/R0iZK00g1pWAkMjvt82ZhuLi5OmwZ6AK6JYpTsrEGrCZuv j4FgEzgFyZxCnExeVsUpmq0HzZcim0g8I5vplJmnHGwMsRA/3ohMGUGCyLiM9KN3Si TYzFXlBNsH5cQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:43 +0000 Subject: [PATCH v7 33/39] kselftest/arm64: Add very basic GCS test program MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-33-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=14970; i=broonie@kernel.org; h=from:subject:message-id; bh=fd8/cfgrFfzpt2lwLCcC40w5n1WmV3tDKMJNBUAz6S0=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0PQh7pjrRYnlrLrpuindC5JLbPPt4Kx5awS WgIPTusXEuJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NDwAKCRAk1otyXVSH 0JY1B/96J7GYvZ9NL4qhsuoGQz6SomkCN+gDSk3QczolnszCDJVS+6leV5AOmBbCVzF+XJCMa9X XhHVTECyEGkrduwrTmdUcl+MsqxBPFKzuO44CkzP4dNWWUEWJNACeA9hYFM8WWi+8/2M36TX+zI y2bw/NJhTabfRyceyD9rZ7Tw1+7U1ipIJTeqU5P/BZxkWpCkMeWAPiXyQwA5UcBkINsbpQXX8lK 6K0P8pa9VNQlO4nUe6SFHNauimmxzM+v7U/+JdLFYghzg6kAm9fJbBOmZ2s0YsInb1RPrPOi/Uf +eb+bOFAbNltdxaTf3G6NqzvvTuI5vUBE0TrbZZgECFs3ICa X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:57:13 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257676691837641 X-GMAIL-MSGID: 1783257676691837641 This test program just covers the basic GCS ABI, covering aspects of the ABI as standalone features without attempting to integrate things. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 18 ++ tools/testing/selftests/arm64/gcs/basic-gcs.c | 428 ++++++++++++++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 90 ++++++ 5 files changed, 538 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index 28b93cab8c0d..22029e60eff3 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi gcs else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore new file mode 100644 index 000000000000..0e5e695ecba5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -0,0 +1 @@ +basic-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile new file mode 100644 index 000000000000..61a30f483429 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2023 ARM Limited +# +# In order to avoid interaction with the toolchain and dynamic linker the +# portions of these tests that interact with the GCS are implemented using +# nolibc. +# + +TEST_GEN_PROGS := basic-gcs + +include ../../lib.mk + +$(OUTPUT)/basic-gcs: basic-gcs.c + $(CC) -g -fno-asynchronous-unwind-tables -fno-ident -s -Os -nostdlib \ + -static -include ../../../../include/nolibc/nolibc.h \ + -I../../../../../usr/include \ + -std=gnu99 -I../.. -g \ + -ffreestanding -Wall $^ -o $@ -lgcc diff --git a/tools/testing/selftests/arm64/gcs/basic-gcs.c b/tools/testing/selftests/arm64/gcs/basic-gcs.c new file mode 100644 index 000000000000..3ef957e0065f --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/basic-gcs.c @@ -0,0 +1,428 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#include +#include + +#include + +#include +#include +#include + +#include "kselftest.h" +#include "gcs-util.h" + +/* nolibc doesn't have sysconf(), just hard code the maximum */ +static size_t page_size = 65536; + +static __attribute__((noinline)) void valid_gcs_function(void) +{ + /* Do something the compiler can't optimise out */ + my_syscall1(__NR_prctl, PR_SVE_GET_VL); +} + +static inline int gcs_set_status(unsigned long mode) +{ + bool enabling = mode & PR_SHADOW_STACK_ENABLE; + int ret; + unsigned long new_mode; + + /* + * The prctl takes 1 argument but we need to ensure that the + * other 3 values passed in registers to the syscall are zero + * since the kernel validates them. + */ + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, mode, + 0, 0, 0); + + if (ret == 0) { + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &new_mode, 0, 0, 0); + if (ret == 0) { + if (new_mode != mode) { + ksft_print_msg("Mode set to %x not %x\n", + new_mode, mode); + ret = -EINVAL; + } + } else { + ksft_print_msg("Failed to validate mode: %d\n", ret); + } + + if (enabling != chkfeat_gcs()) { + ksft_print_msg("%senabled by prctl but %senabled in CHKFEAT\n", + enabling ? "" : "not ", + chkfeat_gcs() ? "" : "not "); + ret = -EINVAL; + } + } + + return ret; +} + +/* Try to read the status */ +static bool read_status(void) +{ + unsigned long state; + int ret; + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &state, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("Failed to read state: %d\n", ret); + return false; + } + + return state & PR_SHADOW_STACK_ENABLE; +} + +/* Just a straight enable */ +static bool base_enable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE failed %d\n", ret); + return false; + } + + return true; +} + +/* Check we can read GCSPR_EL0 when GCS is enabled */ +static bool read_gcspr_el0(void) +{ + unsigned long *gcspr_el0; + + ksft_print_msg("GET GCSPR\n"); + gcspr_el0 = get_gcspr(); + ksft_print_msg("GCSPR_EL0 is %p\n", gcspr_el0); + + return true; +} + +/* Also allow writes to stack */ +static bool enable_writeable(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE writeable failed: %d\n", ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Also allow writes to stack */ +static bool enable_push_pop(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with push failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +/* Enable GCS and allow everything */ +static bool enable_all(void) +{ + int ret; + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH | + PR_SHADOW_STACK_WRITE); + if (ret) { + ksft_print_msg("PR_SHADOW_STACK_ENABLE with everything failed: %d\n", + ret); + return false; + } + + ret = gcs_set_status(PR_SHADOW_STACK_ENABLE); + if (ret) { + ksft_print_msg("failed to restore plain enable %d\n", ret); + return false; + } + + return true; +} + +static bool enable_invalid(void) +{ + int ret = gcs_set_status(ULONG_MAX); + if (ret == 0) { + ksft_print_msg("GCS_SET_STATUS %lx succeeded\n", ULONG_MAX); + return false; + } + + return true; +} + +/* Map a GCS */ +static bool map_guarded_stack(void) +{ + int ret; + uint64_t *buf; + uint64_t expected_cap; + int elem; + bool pass = true; + + buf = (void *)my_syscall3(__NR_map_shadow_stack, 0, page_size, + SHADOW_STACK_SET_MARKER | + SHADOW_STACK_SET_TOKEN); + if (buf == MAP_FAILED) { + ksft_print_msg("Failed to map %d byte GCS: %d\n", + page_size, errno); + return false; + } + ksft_print_msg("Mapped GCS at %p-%p\n", buf, + (uint64_t)buf + page_size); + + /* The top of the newly allocated region should be 0 */ + elem = (page_size / sizeof(uint64_t)) - 1; + if (buf[elem]) { + ksft_print_msg("Last entry is 0x%lx not 0x0\n", buf[elem]); + pass = false; + } + + /* Then a valid cap token */ + elem--; + expected_cap = ((uint64_t)buf + page_size - 16); + expected_cap &= GCS_CAP_ADDR_MASK; + expected_cap |= GCS_CAP_VALID_TOKEN; + if (buf[elem] != expected_cap) { + ksft_print_msg("Cap entry is 0x%lx not 0x%lx\n", + buf[elem], expected_cap); + pass = false; + } + ksft_print_msg("cap token is 0x%lx\n", buf[elem]); + + /* The rest should be zeros */ + for (elem = 0; elem < page_size / sizeof(uint64_t) - 2; elem++) { + if (!buf[elem]) + continue; + ksft_print_msg("GCS slot %d is 0x%lx not 0x0\n", + elem, buf[elem]); + pass = false; + } + + ret = munmap(buf, page_size); + if (ret != 0) { + ksft_print_msg("Failed to unmap %d byte GCS: %d\n", + page_size, errno); + pass = false; + } + + return pass; +} + +/* A fork()ed process can run */ +static bool test_fork(void) +{ + unsigned long child_mode; + int ret, status; + pid_t pid; + bool pass = true; + + pid = fork(); + if (pid == -1) { + ksft_print_msg("fork() failed: %d\n", errno); + pass = false; + goto out; + } + if (pid == 0) { + /* In child, make sure we can call a function, read + * the GCS pointer and status and then exit */ + valid_gcs_function(); + get_gcspr(); + + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret == 0 && !(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + ret = -EINVAL; + } + + exit(ret); + } + + /* + * In parent, check we can still do function calls then block + * for the child. + */ + valid_gcs_function(); + + ksft_print_msg("Waiting for child %d\n", pid); + + ret = waitpid(pid, &status, 0); + if (ret == -1) { + ksft_print_msg("Failed to wait for child: %d\n", + errno); + return false; + } + + if (!WIFEXITED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + if (WEXITSTATUS(status)) { + ksft_print_msg("Child exited with status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } + +out: + + return pass; +} + +/* Check that we can explicitly specify a GCS via clone3() */ +static bool test_clone3(void) +{ + struct clone_args args; + unsigned long child_mode; + pid_t pid = -1; + int status, ret; + bool pass; + + memset(&args, 0, sizeof(args)); + args.flags = CLONE_VM; + args.shadow_stack_size = page_size; + + pid = my_syscall2(__NR_clone3, &args, sizeof(args)); + if (pid < 0) { + ksft_print_msg("clone3() failed: %d\n", errno); + pass = false; + goto out; + } + + /* In child? */ + if (pid == 0) { + /* Do we have GCS enabled? */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &child_mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", + ret); + exit(EXIT_FAILURE); + } + + if (!(child_mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in child\n"); + exit(EXIT_FAILURE); + } + + ksft_print_msg("GCS enabled in child\n"); + + /* We've probably already called a function but make sure */ + valid_gcs_function(); + + exit(EXIT_SUCCESS); + } + + if (waitpid(-1, &status, __WALL) < 0) { + ksft_print_msg("waitpid() failed %d\n", errno); + pass = false; + goto out; + } + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) == EXIT_SUCCESS) { + pass = true; + } else { + ksft_print_msg("Child returned status %d\n", + WEXITSTATUS(status)); + pass = false; + } + } else if (WIFSIGNALED(status)) { + ksft_print_msg("Child exited due to signal %d\n", + WTERMSIG(status)); + pass = false; + } else { + ksft_print_msg("Child exited uncleanly\n"); + pass = false; + } + +out: + return pass; +} + +typedef bool (*gcs_test)(void); + +static struct { + char *name; + gcs_test test; + bool needs_enable; +} tests[] = { + { "read_status", read_status }, + { "base_enable", base_enable, true }, + { "read_gcspr_el0", read_gcspr_el0 }, + { "enable_writeable", enable_writeable, true }, + { "enable_push_pop", enable_push_pop, true }, + { "enable_all", enable_all, true }, + { "enable_invalid", enable_invalid, true }, + { "map_guarded_stack", map_guarded_stack }, + { "fork", test_fork }, + { "clone3", test_clone3 }, +}; + +int main(void) +{ + int i, ret; + unsigned long gcs_mode; + + ksft_print_header(); + + /* + * We don't have getauxval() with nolibc so treat a failure to + * read GCS state as a lack of support and skip. + */ + ret = my_syscall5(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, + &gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_skip("Failed to read GCS state: %d\n", ret); + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode, 0, 0, 0); + if (ret != 0) + ksft_exit_fail_msg("Failed to enable GCS: %d\n", ret); + } + + ksft_set_plan(ARRAY_SIZE(tests)); + + for (i = 0; i < ARRAY_SIZE(tests); i++) { + ksft_test_result((*tests[i].test)(), "%s\n", tests[i].name); + } + + /* One last test: disable GCS, we can do this one time */ + my_syscall5(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0, 0, 0, 0); + if (ret != 0) + ksft_print_msg("Failed to disable GCS: %d\n", ret); + + ksft_finished(); + + return 0; +} diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h new file mode 100644 index 000000000000..b37801c95604 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -0,0 +1,90 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2023 ARM Limited. + */ + +#ifndef GCS_UTIL_H +#define GCS_UTIL_H + +#include + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef __NR_prctl +#define __NR_prctl 167 +#endif + +/* Shadow Stack/Guarded Control Stack interface */ +#define PR_GET_SHADOW_STACK_STATUS 71 +#define PR_SET_SHADOW_STACK_STATUS 72 +#define PR_LOCK_SHADOW_STACK_STATUS 73 + +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) + +#define PR_SHADOW_STACK_ALL_MODES \ + PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | PR_SHADOW_STACK_PUSH + +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ +#define SHADOW_STACK_SET_MARKER (1ULL << 1) /* Set up a top of stack merker in the shadow stack */ + +#define GCS_CAP_ADDR_MASK (0xfffffffffffff000UL) +#define GCS_CAP_TOKEN_MASK (0x0000000000000fffUL) +#define GCS_CAP_VALID_TOKEN 1 +#define GCS_CAP_IN_PROGRESS_TOKEN 5 + +#define GCS_CAP(x) (((unsigned long)(x) & GCS_CAP_ADDR_MASK) | \ + GCS_CAP_VALID_TOKEN) + +static inline unsigned long *get_gcspr(void) +{ + unsigned long *gcspr; + + asm volatile( + "mrs %0, S3_3_C2_C5_1" + : "=r" (gcspr) + : + : "cc"); + + return gcspr; +} + +static inline void __attribute__((always_inline)) gcsss1(unsigned long *Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static inline unsigned long __attribute__((always_inline)) *gcsss2(void) +{ + unsigned long *Xt; + + asm volatile( + "SYSL %0, #3, C7, C7, #3\n" + : "=r" (Xt) + : + : "memory"); + + return Xt; +} + +static inline bool chkfeat_gcs(void) +{ + register long val __asm__ ("x16") = 1; + + /* CHKFEAT x16 */ + asm volatile( + "hint #0x28\n" + : "=r" (val) + : "r" (val)); + + return val != 1; +} + +#endif From patchwork Wed Nov 22 09:42:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168260 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1208911vqb; Wed, 22 Nov 2023 01:52:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IHtYkgaqXYSE5V/deIEbdgOOQekUlLRdtliG4qiOJ61V0aWPbRNRIzzyGRh6oOyJh+SewjP X-Received: by 2002:a05:6a00:9395:b0:6c3:74d6:595a with SMTP id ka21-20020a056a00939500b006c374d6595amr1806850pfb.13.1700646747329; Wed, 22 Nov 2023 01:52:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646747; cv=none; d=google.com; s=arc-20160816; b=iyWxuG/CU7WWWwA7rrmvGUgyMqes2uaIGxOXzw2ZckJbgUFgSg6ov4ZWwtKsk+uaHY XHJSnoIZVoblwxqxVgn0PZpA0jPlF8HWiCNQA//Y/WCmwzdKIyhlRwGOxn5q3JQgUPm3 gGFES6q5le5dWyOmF+PRlJqzIErM6pnH3lRsxj42zdw85ucyG2VchCAPm/u9yZLF6Vvq 7UlYobFUe/oJp8piR9/SpDGQiDGe0g9SfE5kUV6cdyYY7w05xvw6Bwj5fX5/Rdtz5z2O p+X4QhH72czU0ugVH0V8x9c47Fx9WGXakX5TI5lRT9iDj/yquA1jz8mUWp+4NodiCZoM Ys4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=Lzalqc9txhhm+/4hWLLdvtEyxOk3CueDCg1LBC6Rb2M=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=CbdA1wxje59SA8uM4SrQ52tX3ij7Myp/Inr743nxj4IFxkarIEZZu0xVLEHtjF2yOk 29BGgEp58yzXFHOSG7G1anz7SotAYThVgaYA4FBg5ZIByf9HIicMMKxUcYLvwrG1Ch7J jd5nq0RMKM/7hPP48Z2xH2S/xQCViilwDq2ieBxDVNfaRbknYfezYcDX9+vlZ2gmnmIZ ErhYF3wUIx+IQLq1yTmU/gBCj01k9pvEcScUnfs+4oLlA0v3CF+MDrGjukAwmZozaOkl 9qLIUGGCxlq8Um9nokCZx9eyrjO3gjPMaPgR/p2F98N6LUqP7eWDWursweOQXpJFKYAN v6Fg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fUwhc6da; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id b17-20020a656691000000b005c1b30caebasi12796436pgw.654.2023.11.22.01.52.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:52:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fUwhc6da; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 7F691807515A; Wed, 22 Nov 2023 01:50:11 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235315AbjKVJs4 (ORCPT + 99 others); Wed, 22 Nov 2023 04:48:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235301AbjKVJsi (ORCPT ); Wed, 22 Nov 2023 04:48:38 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0D2B26BF for ; Wed, 22 Nov 2023 01:47:27 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DBF92C433C8; Wed, 22 Nov 2023 09:47:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646447; bh=sEl9MC/DNin35BZFtSi9ZbFCRBERfcoa8BWyWFkgIWs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fUwhc6da4HCUQ1JOyKirZiHK2/ANZrrzC4GfdOdjuxw1++Bvu/NPAks/8twja0DQR zws3cwSCHEfo0kOz55Xzp1swY+xP4eN3m+Ns6NbaN4/z+fOyFV+SoPWdjiHhEkrwpp azekmZi61JlG9VeBGnD62iVW7AgIJQjpTighx6gj8h/hTue2+sajCxlYF4qCbyElfq OaucMa/GBhKQxAm0BuhuivNyfu/CA0/OnXwPIF2B4Vd376Khc2TmSbIiBAM4MKgguf Zf8kR1LYqAO2J8F3+rK2G4OBWeBr+NMzRJmGzVXLgdGjkR3rGqfnRwiaDGbsJLUQBk GfGj5EqPEaYsg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:44 +0000 Subject: [PATCH v7 34/39] kselftest/arm64: Add a GCS test program built with the system libc MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-34-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=21534; i=broonie@kernel.org; h=from:subject:message-id; bh=sEl9MC/DNin35BZFtSi9ZbFCRBERfcoa8BWyWFkgIWs=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0QU2t12cNjneFFrmYQPVNXh0mD+p4w3pRe5 sa6Q9N29buJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NEAAKCRAk1otyXVSH 0FR1B/9dCNVB8gGgvRug+3mlZdIZTvcfwrzGaPPt/CkX/qYvH4UWG3/jz+yNQkgi38N4lNoBqxC CTvEmVhbj2r8hZY7pWEg3TvWDH88a4ppv8L4muH07peqmUxeeaxE6WtNDv07+1j6UaOtNGkbGet F4Bdh2Xr/vTMfohH/OLbEWCHgmgPRyWVvvry2CqVmnRZhHHbFHD2TWey93+K4I1umx/xXwg9wU/ Gssvk355I2czO73nbnCYPi3BxFbVYih4w/ItEed0/WPHV57XCJ29i/X1FuURaw5F6iMP5pXSpHH yV3nhxLQMIgnq1VPC0zDQrksrApM9DmcMbHX403nXGON2CTG X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:50:11 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257363708447789 X-GMAIL-MSGID: 1783257363708447789 There are things like threads which nolibc struggles with which we want to add coverage for, and the ABI allows us to test most of these even if libc itself does not understand GCS so add a test application built using the system libc. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 4 +- tools/testing/selftests/arm64/gcs/gcs-util.h | 10 + tools/testing/selftests/arm64/gcs/libc-gcs.c | 742 +++++++++++++++++++++++++++ 4 files changed, 756 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0e5e695ecba5..5810c4a163d4 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1 +1,2 @@ basic-gcs +libc-gcs diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 61a30f483429..a8fdf21e9a47 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,9 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs + +LDLIBS+=-lpthread include ../../lib.mk diff --git a/tools/testing/selftests/arm64/gcs/gcs-util.h b/tools/testing/selftests/arm64/gcs/gcs-util.h index b37801c95604..4bafd1d7feb5 100644 --- a/tools/testing/selftests/arm64/gcs/gcs-util.h +++ b/tools/testing/selftests/arm64/gcs/gcs-util.h @@ -16,6 +16,16 @@ #define __NR_prctl 167 #endif +#ifndef NT_ARM_GCS +#define NT_ARM_GCS 0x40e + +struct user_gcs { + __u64 features_enabled; + __u64 features_locked; + __u64 gcspr_el0; +}; +#endif + /* Shadow Stack/Guarded Control Stack interface */ #define PR_GET_SHADOW_STACK_STATUS 71 #define PR_SET_SHADOW_STACK_STATUS 72 diff --git a/tools/testing/selftests/arm64/gcs/libc-gcs.c b/tools/testing/selftests/arm64/gcs/libc-gcs.c new file mode 100644 index 000000000000..58141d46f861 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/libc-gcs.c @@ -0,0 +1,742 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + */ + +#define _GNU_SOURCE + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +static noinline void gcs_recurse(int depth) +{ + if (depth) + gcs_recurse(depth - 1); + + /* Prevent tail call optimization so we actually recurse */ + asm volatile("dsb sy" : : : "memory"); +} + +/* Smoke test that a function call and return works*/ +TEST(can_call_function) +{ + gcs_recurse(0); +} + +static void *gcs_test_thread(void *arg) +{ + int ret; + unsigned long mode; + + /* + * Some libcs don't seem to fill unused arguments with 0 but + * the kernel validates this so we supply all 5 arguments. + */ + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret != 0) { + ksft_print_msg("PR_GET_SHADOW_STACK_STATUS failed: %d\n", ret); + return NULL; + } + + if (!(mode & PR_SHADOW_STACK_ENABLE)) { + ksft_print_msg("GCS not enabled in thread, mode is %u\n", + mode); + return NULL; + } + + /* Just in case... */ + gcs_recurse(0); + + /* Use a non-NULL value to indicate a pass */ + return &gcs_test_thread; +} + +/* Verify that if we start a new thread it has GCS enabled */ +TEST(gcs_enabled_thread) +{ + pthread_t thread; + void *thread_ret; + int ret; + + ret = pthread_create(&thread, NULL, gcs_test_thread, NULL); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ret = pthread_join(thread, &thread_ret); + ASSERT_TRUE(ret == 0); + if (ret != 0) + return; + + ASSERT_TRUE(thread_ret != NULL); +} + +/* Read the GCS until we find the terminator */ +TEST(gcs_find_terminator) +{ + unsigned long *gcs, *cur; + + gcs = get_gcspr(); + cur = gcs; + while (*cur) + cur++; + + ksft_print_msg("GCS in use from %p-%p\n", gcs, cur); + + /* + * We should have at least whatever called into this test so + * the two pointer should differ. + */ + ASSERT_TRUE(gcs != cur); +} + +/* + * We can access a GCS via ptrace + * + * This could usefully have a fixture but note that each test is + * fork()ed into a new child whcih causes issues. Might be better to + * lift at least some of this out into a separate, non-harness, test + * program. + */ +TEST(ptrace_read_write) +{ + pid_t child, pid; + int ret, status; + siginfo_t si; + uint64_t val, rval, gcspr; + struct user_gcs child_gcs; + struct iovec iov, local_iov, remote_iov; + + child = fork(); + if (child == -1) { + ksft_print_msg("fork() failed: %d (%s)\n", + errno, strerror(errno)); + ASSERT_NE(child, -1); + } + + if (child == 0) { + /* + * In child, make sure there's something on the stack and + * ask to be traced. + */ + gcs_recurse(0); + if (ptrace(PTRACE_TRACEME, -1, NULL, NULL)) + ksft_exit_fail_msg("PTRACE_TRACEME", strerror(errno)); + + if (raise(SIGSTOP)) + ksft_exit_fail_msg("raise(SIGSTOP)", strerror(errno)); + + return; + } + + ksft_print_msg("Child: %d\n", child); + + /* Attach to the child */ + while (1) { + int sig; + + pid = wait(&status); + if (pid == -1) { + ksft_print_msg("wait() failed: %s", + strerror(errno)); + goto error; + } + + /* + * This should never happen but it's hard to flag in + * the framework. + */ + if (pid != child) + continue; + + if (WIFEXITED(status) || WIFSIGNALED(status)) + ksft_exit_fail_msg("Child died unexpectedly\n"); + + if (!WIFSTOPPED(status)) + goto error; + + sig = WSTOPSIG(status); + + if (ptrace(PTRACE_GETSIGINFO, pid, NULL, &si)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + if (errno == EINVAL) { + sig = 0; /* bust group-stop */ + goto cont; + } + + ksft_print_msg("PTRACE_GETSIGINFO: %s\n", + strerror(errno)); + goto error; + } + + if (sig == SIGSTOP && si.si_code == SI_TKILL && + si.si_pid == pid) + break; + + cont: + if (ptrace(PTRACE_CONT, pid, NULL, sig)) { + if (errno == ESRCH) { + ASSERT_NE(errno, ESRCH); + return; + } + + ksft_print_msg("PTRACE_CONT: %s\n", strerror(errno)); + goto error; + } + } + + /* Where is the child GCS? */ + iov.iov_base = &child_gcs; + iov.iov_len = sizeof(child_gcs); + ret = ptrace(PTRACE_GETREGSET, child, NT_ARM_GCS, &iov); + if (ret != 0) { + ksft_print_msg("Failed to read child GCS state: %s (%d)\n", + strerror(errno), errno); + goto error; + } + + /* We should have inherited GCS over fork(), confirm */ + if (!(child_gcs.features_enabled & PR_SHADOW_STACK_ENABLE)) { + ASSERT_TRUE(child_gcs.features_enabled & + PR_SHADOW_STACK_ENABLE); + goto error; + } + + gcspr = child_gcs.gcspr_el0; + ksft_print_msg("Child GCSPR 0x%lx, flags %x, locked %x\n", + gcspr, child_gcs.features_enabled, + child_gcs.features_locked); + + /* Ideally we'd cross check with the child memory map */ + + errno = 0; + val = ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL); + ret = errno; + if (ret != 0) + ksft_print_msg("PTRACE_PEEKDATA failed: %s (%d)\n", + strerror(ret), ret); + EXPECT_EQ(ret, 0); + + /* The child should be in a function, the GCSPR shouldn't be 0 */ + EXPECT_NE(val, 0); + + /* Same thing via process_vm_readv() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(rval); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_writev(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + EXPECT_EQ(val, rval); + + /* Write data via a peek */ + ret = ptrace(PTRACE_POKEDATA, child, (void *)gcspr, NULL); + if (ret == -1) + ksft_print_msg("PTRACE_POKEDATA failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, 0); + EXPECT_EQ(0, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* Restore what we had before, this time with process_vm_writev() */ + local_iov.iov_base = &rval; + local_iov.iov_len = sizeof(val); + remote_iov.iov_base = (void *)gcspr; + remote_iov.iov_len = sizeof(rval); + ret = process_vm_readv(child, &local_iov, 1, &remote_iov, 1, 0); + if (ret == -1) + ksft_print_msg("process_vm_writev() failed: %s (%d)\n", + strerror(errno), errno); + EXPECT_EQ(ret, sizeof(rval)); + + EXPECT_EQ(val, ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL)); + + /* That's all, folks */ + kill(child, SIGKILL); + return; + +error: + kill(child, SIGKILL); + ASSERT_FALSE(true); +} + +FIXTURE(map_gcs) +{ + unsigned long *stack; +}; + +FIXTURE_VARIANT(map_gcs) +{ + size_t stack_size; + unsigned long flags; +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_cap) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k_marker) +{ + .stack_size = 2 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s2k) +{ + .stack_size = 2 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k_cap) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s3k_marker) +{ + .stack_size = 4 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s4k) +{ + .stack_size = 4 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_cap) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k_marker) +{ + .stack_size = 16 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s16k) +{ + .stack_size = 16 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_cap) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k_marker) +{ + .stack_size = 64 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s64k) +{ + .stack_size = 64 * 1024, + .flags = 0, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_cap) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_TOKEN, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k_marker) +{ + .stack_size = 128 * 1024, + .flags = SHADOW_STACK_SET_MARKER, +}; + +FIXTURE_VARIANT_ADD(map_gcs, s128k) +{ + .stack_size = 128 * 1024, + .flags = 0, +}; + +FIXTURE_SETUP(map_gcs) +{ + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, + variant->flags); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + variant->stack_size); +} + +FIXTURE_TEARDOWN(map_gcs) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, variant->stack_size); + ASSERT_EQ(ret, 0); + } +} + +/* The stack has a cap token */ +TEST_F(map_gcs, stack_capped) +{ + unsigned long *stack = self->stack; + size_t cap_index; + + cap_index = (variant->stack_size / sizeof(unsigned long)); + + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + + ASSERT_EQ(stack[cap_index], GCS_CAP(&stack[cap_index])); +} + +/* The top of the stack is 0 */ +TEST_F(map_gcs, stack_terminated) +{ + unsigned long *stack = self->stack; + size_t term_index; + + if (!(variant->flags & SHADOW_STACK_SET_MARKER)) + return; + + term_index = (variant->stack_size / sizeof(unsigned long)) - 1; + + ASSERT_EQ(stack[term_index], 0); +} + +/* Writes should fault */ +TEST_F_SIGNAL(map_gcs, not_writeable, SIGSEGV) +{ + self->stack[0] = 0; +} + +/* Put it all together, we can safely switch to and from the stack */ +TEST_F(map_gcs, stack_switch) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test */ + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* We should be able to use all but 2 slots of the new stack */ + ksft_print_msg("Recursing %d levels\n", cap_index - 1); + gcs_recurse(cap_index - 1); + + /* Pivot back to the original GCS */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + + gcs_recurse(0); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +/* We fault if we try to go beyond the end of the stack */ +TEST_F_SIGNAL(map_gcs, stack_overflow, SIGSEGV) +{ + size_t cap_index; + cap_index = (variant->stack_size / sizeof(unsigned long)); + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; + + /* Skip over the stack terminator and point at the cap */ + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: + cap_index -= 2; + break; + case SHADOW_STACK_SET_TOKEN: + cap_index -= 1; + break; + case SHADOW_STACK_SET_MARKER: + case 0: + /* No cap, no test but we need to SEGV to avoid a false fail */ + orig_gcspr_el0 = get_gcspr(); + *orig_gcspr_el0 = 0; + return; + } + pivot_gcspr_el0 = &self->stack[cap_index]; + + /* Pivot to the new GCS */ + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + gcsss1(pivot_gcspr_el0); + orig_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", + pivot_gcspr_el0, get_gcspr(), + *pivot_gcspr_el0); + + ksft_print_msg("Pivoted, GCSPR_EL0 now %p\n", get_gcspr()); + + /* New GCS must be in the new buffer */ + ASSERT_TRUE((unsigned long)get_gcspr() > (unsigned long)self->stack); + ASSERT_TRUE((unsigned long)get_gcspr() <= + (unsigned long)self->stack + variant->stack_size); + + /* Now try to recurse, we should fault doing this. */ + ksft_print_msg("Recursing %d levels...\n", cap_index + 1); + gcs_recurse(cap_index + 1); + ksft_print_msg("...done\n"); + + /* Clean up properly to try to guard against spurious passes. */ + gcsss1(orig_gcspr_el0); + pivot_gcspr_el0 = gcsss2(); + ksft_print_msg("Pivoted back to GCSPR_EL0 0x%lx\n", get_gcspr()); +} + +FIXTURE(map_invalid_gcs) +{ +}; + +FIXTURE_VARIANT(map_invalid_gcs) +{ + size_t stack_size; +}; + +FIXTURE_SETUP(map_invalid_gcs) +{ +} + +FIXTURE_TEARDOWN(map_invalid_gcs) +{ +} + +/* GCS must be larger than 16 bytes */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) +{ + .stack_size = 8, +}; + +/* GCS size must be 16 byte aligned */ +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) { .stack_size = 1024 + 1 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) { .stack_size = 1024 + 2 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) { .stack_size = 1024 + 3 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) { .stack_size = 1024 + 4 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) { .stack_size = 1024 + 5 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) { .stack_size = 1024 + 6 }; +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) { .stack_size = 1024 + 7 }; + +TEST_F(map_invalid_gcs, do_map) +{ + void *stack; + + stack = (void *)syscall(__NR_map_shadow_stack, 0, + variant->stack_size, 0); + ASSERT_TRUE(stack == MAP_FAILED); + if (stack != MAP_FAILED) + munmap(stack, variant->stack_size); +} + +FIXTURE(invalid_mprotect) +{ + unsigned long *stack; + size_t stack_size; +}; + +FIXTURE_VARIANT(invalid_mprotect) +{ + unsigned long flags; +}; + +FIXTURE_SETUP(invalid_mprotect) +{ + self->stack_size = sysconf(_SC_PAGE_SIZE); + self->stack = (void *)syscall(__NR_map_shadow_stack, 0, + self->stack_size, 0); + ASSERT_FALSE(self->stack == MAP_FAILED); + ksft_print_msg("Allocated stack from %p-%p\n", self->stack, + (unsigned long)self->stack + self->stack_size); +} + +FIXTURE_TEARDOWN(invalid_mprotect) +{ + int ret; + + if (self->stack != MAP_FAILED) { + ret = munmap(self->stack, self->stack_size); + ASSERT_EQ(ret, 0); + } +} + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) +{ + .flags = PROT_EXEC, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, bti) +{ + .flags = PROT_BTI, +}; + +FIXTURE_VARIANT_ADD(invalid_mprotect, exec_bti) +{ + .flags = PROT_EXEC | PROT_BTI, +}; + +TEST_F(invalid_mprotect, do_map) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, variant->flags); + ASSERT_EQ(ret, -1); +} + +TEST_F(invalid_mprotect, do_map_read) +{ + int ret; + + ret = mprotect(self->stack, self->stack_size, + variant->flags | PROT_READ); + ASSERT_EQ(ret, -1); +} + +int main(int argc, char **argv) +{ + unsigned long gcs_mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + /* + * Force shadow stacks on, our tests *should* be fine with or + * without libc support and with or without this having ended + * up tagged for GCS and enabled by the dynamic linker. We + * can't use the libc prctl() function since we can't return + * from enabling the stack. Also lock GCS if not already + * locked so we can test behaviour when it's locked. + */ + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { + gcs_mode = PR_SHADOW_STACK_ENABLE; + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + gcs_mode); + if (ret) { + ksft_print_msg("Failed to configure GCS: %d\n", ret); + return EXIT_FAILURE; + } + } + + /* Avoid returning in case libc doesn't understand GCS */ + exit(test_harness_run(argc, argv)); +} From patchwork Wed Nov 22 09:42:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168264 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1210545vqb; Wed, 22 Nov 2023 01:57:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IG9V9fgwKPwVNVE3hGI6QzNMXfOZI+CTrGFShUMpz533/o5NzGC4zpyO1c7AK+W0KSAM8gB X-Received: by 2002:a54:4416:0:b0:3b6:701b:97f3 with SMTP id k22-20020a544416000000b003b6701b97f3mr1739841oiw.57.1700647025467; Wed, 22 Nov 2023 01:57:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700647025; cv=none; d=google.com; s=arc-20160816; b=rijf6LO9UFh6gGyngOu3eiOB1S4segduFKiShqRMk62ZQWfvoAwFdjuBnpCHcYahq1 D7d9do/V5Ag1+F/rjE9zOV7j2Eqcz+ovSQ6DMwrofwua+1ZCdq5MlAa54hkVy0n4keYh rP0i6qPprKufY+bLyjgt4AeDwDYFwcA4WbEYgx7xhT1CoxEytRBodf5sRjUE3es+1YsO +LZ2SOtpua4WmL96Yib76sGdextGz4w1xeMiIIq8AIv+bMBsZG5DGa9cZgywW/Z0rQuj GTEcneSUmPufIDsTDaRJu/uTv01oTTNN3X/13AfNY5AvCgBKD9CPnIb5GdcIV/V7Ahvq 3gqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=GalVSC6rr/Hea1I+hx1kwCDZhCMKe4O85XK5pBaDCk0=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=eW7D7xvqf+ixecUcYqf/dlBzSnKkjOohMpQI6rX+LQSgOpmf15p6gkodwMbINtbqBg J5fh9eNjXH6yyFKDb2MADBkvmeU+JEjpWPmcY4nDlD8DdxQtz9tToV2SoIEmwXoeeB1N OH6w7Njs0xyPjef7FMUOYykLS+WhsXwL66d3FILeE5PrUaVuTaoaKXahuW9VARqVUU85 CzrDTpIl1xJJh+RJdSbDAndWTGnLkivwojHZBELNT5ym1JwXF0bx8Oi8ymzEXeFccz33 AZgytq7Ka2Py9Ff/VAr4CSMffcdVufjB22qm9qVRWB8dhzDvGwnkrv3GAzTwHy698XkD oemA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LB7SgNo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id x65-20020a636344000000b005b106cd44casi12312459pgb.145.2023.11.22.01.57.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:57:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=LB7SgNo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id E2A9B8114EDA; Wed, 22 Nov 2023 01:56:57 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235326AbjKVJ4o (ORCPT + 99 others); Wed, 22 Nov 2023 04:56:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37168 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235276AbjKVJ4e (ORCPT ); Wed, 22 Nov 2023 04:56:34 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0AEFD271F for ; Wed, 22 Nov 2023 01:47:35 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4F21C433CA; Wed, 22 Nov 2023 09:47:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646455; bh=IY5iS/oB2kmvzWci1tpDsay+5IRKl4+rZruMuksVAkE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=LB7SgNo6RWsd/lBKNFyJagX+3r7PWPvlIJ5G3FMo2sllE01HAa9PKVh2iTUQC1Rb0 yJO3uvkYJBQLOOKiPyugzUzRJOTqPRpAXQEHDVNvJz+dmwM9loA2xCVU0eBxB3Adhk 4eSvxd0/5uB+sqB75puTFV1XqKmTd3U0Gw31hE0HN6Hm27frLA/QcTSwmZEi+tgcDJ CrMhDqL4E66FQF+J95ojydeB9TeDY71OMglxa5YAcKrxIFSz3hAI+zVA8FGHv8xGjH Y5hgS/ewIyrkErkAXzLwEgeiwm9G3lgz4rDYZhyOrYs6lKfIfkWGMCC+hbucH9LeSw 3D7zj3rB2jY2Q== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:45 +0000 Subject: [PATCH v7 35/39] kselftest/arm64: Add test coverage for GCS mode locking MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-35-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7316; i=broonie@kernel.org; h=from:subject:message-id; bh=IY5iS/oB2kmvzWci1tpDsay+5IRKl4+rZruMuksVAkE=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0R4LQ2MwbVplKl/x3FSskzznneCR0XUHsAY ynLlIjNK3GJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NEQAKCRAk1otyXVSH 0E0WB/9tkEX9bs6tnZMZkzAOlUq8oTeqBNNURyadraQK2/RhxR4Sy+dX4QUAjn/b45ZksrLYaWY bcOelN06l97omQdTH6MJ4L/6kUTEafS/Ev4AUAQNjnyWSNkqgunuuq9dwz004R3UXCTWQYNkYQX HG2Ivmx378wXBBzq9LcKWfObX4bk9rAmTOp+RwzKVQwavq9+YIZ7u7TrjibaNUyb4vYYWoDDpmT smMy1dPOM/qExaIIV8j/HbHFNDKkfhLqt8Wsw0PR8c/smnGUz3BHs8VKklqSDgxE0CGIkKN6mKP pyaZ1dWc8QfLKzLZZMEUhb5Xt4ZvlwpIIHbYlm1gvInEP27j X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:56:58 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257655275755778 X-GMAIL-MSGID: 1783257655275755778 Verify that we can lock individual GCS mode bits, that other modes aren't affected and as a side effect also that every combination of modes can be enabled. Normally the inability to reenable GCS after disabling it would be an issue with testing but fortunately the kselftest_harness runs each test within a fork()ed child. This can be inconvenient for some kinds of testing but here it means that each test is in a separate thread and therefore won't be affected by other tests in the suite. Once we get toolchains with support for enabling GCS by default we will need to take care to not do that in the build system but there are no such toolchains yet so it is not yet an issue. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 1 + tools/testing/selftests/arm64/gcs/Makefile | 2 +- tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 5810c4a163d4..0c86f53f68ad 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,2 +1,3 @@ basic-gcs libc-gcs +gcs-locking diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index a8fdf21e9a47..2173d6275956 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,7 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking LDLIBS+=-lpthread diff --git a/tools/testing/selftests/arm64/gcs/gcs-locking.c b/tools/testing/selftests/arm64/gcs/gcs-locking.c new file mode 100644 index 000000000000..f6a73254317e --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-locking.c @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2023 ARM Limited. + * + * Tests for GCS mode locking. These tests rely on both having GCS + * unconfigured on entry and on the kselftest harness running each + * test in a fork()ed process which will have it's own mode. + */ + +#include + +#include +#include + +#include + +#include "kselftest_harness.h" + +#include "gcs-util.h" + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +/* No mode bits are rejected for locking */ +TEST(lock_all_modes) +{ + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, ULONG_MAX, 0, 0, 0); + ASSERT_EQ(ret, 0); +} + +FIXTURE(valid_modes) +{ +}; + +FIXTURE_VARIANT(valid_modes) +{ + unsigned long mode; +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable) +{ + .mode = PR_SHADOW_STACK_ENABLE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_VARIANT_ADD(valid_modes, enable_write_push) +{ + .mode = PR_SHADOW_STACK_ENABLE | PR_SHADOW_STACK_WRITE | + PR_SHADOW_STACK_PUSH, +}; + +FIXTURE_SETUP(valid_modes) +{ +} + +FIXTURE_TEARDOWN(valid_modes) +{ +} + +/* We can set the mode at all */ +TEST_F(valid_modes, set) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + _exit(0); +} + +/* Enabling, locking then disabling is rejected */ +TEST_F(valid_modes, enable_lock_disable) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, 0); + ASSERT_EQ(ret, -EBUSY); + + _exit(0); +} + +/* Locking then enabling is rejected */ +TEST_F(valid_modes, lock_enable) +{ + unsigned long mode; + int ret; + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, -EBUSY); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, 0); + + _exit(0); +} + +/* Locking then changing other modes is fine */ +TEST_F(valid_modes, lock_enable_disable_others) +{ + unsigned long mode; + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + ret = prctl(PR_LOCK_SHADOW_STACK_STATUS, variant->mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ALL_MODES); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, PR_SHADOW_STACK_ALL_MODES); + + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + variant->mode); + ASSERT_EQ(ret, 0); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + ASSERT_EQ(ret, 0); + ASSERT_EQ(mode, variant->mode); + + _exit(0); +} + +int main(int argc, char **argv) +{ + unsigned long mode; + int ret; + + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) + ksft_exit_skip("SKIP GCS not supported\n"); + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &mode, 0, 0, 0); + if (ret) { + ksft_print_msg("Failed to read GCS state: %d\n", ret); + return EXIT_FAILURE; + } + + if (mode & PR_SHADOW_STACK_ENABLE) { + ksft_print_msg("GCS was enabled, test unsupported\n"); + return KSFT_SKIP; + } + + return test_harness_run(argc, argv); +} From patchwork Wed Nov 22 09:42:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168258 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1208010vqb; Wed, 22 Nov 2023 01:49:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IGPOQbu+gdrsKDN0TtBG4fb6suGOmtnHc+Y+9wDJOhJJtmhI/KfOBlisvroT2r96qNK1fMH X-Received: by 2002:a05:6a20:a11c:b0:187:29f9:e12e with SMTP id q28-20020a056a20a11c00b0018729f9e12emr2416324pzk.29.1700646587608; Wed, 22 Nov 2023 01:49:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646587; cv=none; d=google.com; s=arc-20160816; b=SHd+ip0RwKD+/rHuGasO4jQ0ICj/WzgC8aGd9kIxvr0s0qOWyXU/Dl+l2B1c1K0jnZ MRIi/r/XBRF9r8OOinX7HIqJjYYWon2m7RKHI7s8H5DN+Nv5DLjbQCAQvZCWyozq+EWr pf67WUXujZPJkw9dztyQh2KdWadOFZAeo3oGewVMuxS9DksmpnnO5zqrpCAK0KOc7rWZ G+pxm9cH8RPFART9ZVBWItQc4u+BDofkSyRtZXh6ikPDJI0coC76cmjm9P3YZDRD6kJE LctuGZp6X13wCVJ/Z463Nkn9nVzYNxRlWEfhv5biTtE9lAnV+sv//opEcR3bk+0oOex2 69ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=DAlS0Tj8dESViz13uELdnBhCuD1iDMSb81RyUExzXr0=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=TrYGCr7CYU/4ECuVBycyZM1pktFVoC4C8UmYKyB5QA4UE7VP2RYKjDlQi+ObaEc/5m qDkjJNb6So/16+zv57LYCPQeqpAfm+VvmdOmFyRb+53VvE67oc6ovgH77tiJr6CGNJtO eav8W+p2DNxs8lAvZaxoQ9N7YJ59JdvVnnxfalHusR0w54Ru5DmK/rxmibIjMr1IzrF3 3PD/HsoEPjtFbBLuhILe4rqI1IGZ50YQFxKtqvmQdjOCHaqmOzE/X+H3ybqQNaRka5/Q N0sDAfLux2mCObXFX2urj9idjJGJiXh0+d294o/q5VFkRyRX9rTFs5XSR/YXbxvP4Tr2 lPkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ywa3gvZI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id t21-20020a635355000000b005c277f3387asi1254114pgl.18.2023.11.22.01.49.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:49:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Ywa3gvZI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 28B588089E5E; Wed, 22 Nov 2023 01:49:28 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235387AbjKVJtT (ORCPT + 99 others); Wed, 22 Nov 2023 04:49:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235269AbjKVJsv (ORCPT ); Wed, 22 Nov 2023 04:48:51 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FBD510DA for ; Wed, 22 Nov 2023 01:47:45 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3B5EEC433C9; Wed, 22 Nov 2023 09:47:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646465; bh=MI0LRzv/CnL02f+ePch+Fotbaf/ZIsCKXG1L5yOkLjk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Ywa3gvZIzbHX19sdDR3iSXFkVjG+uXkPj0iU25B9oUD7dxQyZ9c6vPyNhwMJu15Sd 7xf4bOoi9bR6CLOdJE7Q30WLFlP68q2449OUPueGDVqEt1PPN8ziJQDVwajr7HXnKn jenL2oigoHxOqbN9MCVCqTV26soaoYn3Z3oiMiCsmBjQLS0KN9F29E1YJHhzSYLFtc 2caUr0/dKKT8zHGssR/edtXcl/PX/Q63Y8n7OqqXRIAXqMtBbo9bFR8SkR92zkGBnT uDu4rPIHZPJoIUwtF5NiO943tF01uc0NBUAys/gCApvYLuiVUDFxSfZh4EizaEDQ00 85J+73D/fQHKg== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:46 +0000 Subject: [PATCH v7 36/39] selftests/arm64: Add GCS signal tests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-36-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=7315; i=broonie@kernel.org; h=from:subject:message-id; bh=MI0LRzv/CnL02f+ePch+Fotbaf/ZIsCKXG1L5yOkLjk=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0Sl2L5LlM9CvN5WixGcKmWWlz3Vh415242G BHROm//p6eJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NEgAKCRAk1otyXVSH 0ENnCACEUYcUbSULpQDwN0+R82xtUdAL2izfo63h2TQ0EPelqY3WJiCaE4plzvEfbU+UevJLigk Erw1ScYLhpM/L69tnZNOL/azHYoQK6Qsk2bOoL5LWyHdK/JjJ5LxtENZPBpLIfR294oNMbNAJxz odS5jiMRa5jats+k6PfyEobikErpFyFIjnz5NlrXqvtrbClW4ampNFy5CH48nfvmGtr9xZh3h70 buffxqOZQjWkWEAW25+SxIPLD8r6HyH1O3PjAvXSQXj0Xp+2GVmH/HPUB3FrlRTPKtRjV8Cmthp ggdZxNS/Xc7s/ZFQ9TC+CAvpOU0N4rRhb7aOhZM1Q0H8Hj4H X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:49:28 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257196181899382 X-GMAIL-MSGID: 1783257196181899382 Do some testing of the signal handling for GCS, checking that a GCS frame has the expected information in it and that the expected signals are delivered with invalid operations. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/signal/.gitignore | 1 + .../selftests/arm64/signal/test_signals_utils.h | 10 +++ .../arm64/signal/testcases/gcs_exception_fault.c | 59 ++++++++++++++++ .../selftests/arm64/signal/testcases/gcs_frame.c | 78 ++++++++++++++++++++++ .../arm64/signal/testcases/gcs_write_fault.c | 67 +++++++++++++++++++ 5 files changed, 215 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/.gitignore b/tools/testing/selftests/arm64/signal/.gitignore index 839e3a252629..26de12918890 100644 --- a/tools/testing/selftests/arm64/signal/.gitignore +++ b/tools/testing/selftests/arm64/signal/.gitignore @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only mangle_* fake_sigreturn_* +gcs_* sme_* ssve_* sve_* diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.h b/tools/testing/selftests/arm64/signal/test_signals_utils.h index 1e80808ee105..36fc12b3cd60 100644 --- a/tools/testing/selftests/arm64/signal/test_signals_utils.h +++ b/tools/testing/selftests/arm64/signal/test_signals_utils.h @@ -6,6 +6,7 @@ #include #include +#include #include #include @@ -47,6 +48,15 @@ void test_result(struct tdescr *td); _arg1; \ }) +static inline __attribute__((always_inline)) uint64_t get_gcspr_el0(void) +{ + uint64_t val; + + asm volatile("mrs %0, S3_3_C2_C5_1" : "=r" (val)); + + return val; +} + static inline bool feats_ok(struct tdescr *td) { if (td->feats_incompatible & td->feats_supported) diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c new file mode 100644 index 000000000000..532d533592a1 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_exception_fault.c @@ -0,0 +1,59 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +/* This should be includable from some standard header, but which? */ +#ifndef SEGV_CPERR +#define SEGV_CPERR 10 +#endif + +static inline void gcsss1(uint64_t Xt) +{ + asm volatile ( + "sys #3, C7, C7, #2, %0\n" + : + : "rZ" (Xt) + : "memory"); +} + +static int gcs_op_fault_trigger(struct tdescr *td) +{ + /* + * The slot below our current GCS should be in a valid GCS but + * must not have a valid cap in it. + */ + gcsss1(get_gcspr_el0() - 8); + + return 0; +} + +static int gcs_op_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + +struct tdescr tde = { + .name = "Invalid GCS operation", + .descr = "An invalid GCS operation generates the expected signal", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sig_ok_code = SEGV_CPERR, + .sanity_disabled = true, + .trigger = gcs_op_fault_trigger, + .run = gcs_op_fault_signal, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c new file mode 100644 index 000000000000..d67cb26195a6 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_frame.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static union { + ucontext_t uc; + char buf[1024 * 64]; +} context; + +static int gcs_regs(struct tdescr *td, siginfo_t *si, ucontext_t *uc) +{ + size_t offset; + struct _aarch64_ctx *head = GET_BUF_RESV_HEAD(context); + struct gcs_context *gcs; + unsigned long expected, gcspr; + int ret; + + ret = prctl(PR_GET_SHADOW_STACK_STATUS, &expected, 0, 0, 0); + if (ret != 0) { + fprintf(stderr, "Unable to query GCS status\n"); + return 1; + } + + /* We expect a cap to be added to the GCS in the signal frame */ + gcspr = get_gcspr_el0(); + gcspr -= 8; + fprintf(stderr, "Expecting GCSPR_EL0 %lx\n", gcspr); + + if (!get_current_context(td, &context.uc, sizeof(context))) { + fprintf(stderr, "Failed getting context\n"); + return 1; + } + fprintf(stderr, "Got context\n"); + + head = get_header(head, GCS_MAGIC, GET_BUF_RESV_SIZE(context), + &offset); + if (!head) { + fprintf(stderr, "No GCS context\n"); + return 1; + } + + gcs = (struct gcs_context *)head; + + /* Basic size validation is done in get_current_context() */ + + if (gcs->features_enabled != expected) { + fprintf(stderr, "Features enabled %llx but expected %lx\n", + gcs->features_enabled, expected); + return 1; + } + + if (gcs->gcspr != gcspr) { + fprintf(stderr, "Got GCSPR %llx but expected %lx\n", + gcs->gcspr, gcspr); + return 1; + } + + fprintf(stderr, "GCS context validated\n"); + td->pass = 1; + + return 0; +} + +struct tdescr tde = { + .name = "GCS basics", + .descr = "Validate a GCS signal context", + .feats_required = FEAT_GCS, + .timeout = 3, + .run = gcs_regs, +}; diff --git a/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c new file mode 100644 index 000000000000..126b1a294a29 --- /dev/null +++ b/tools/testing/selftests/arm64/signal/testcases/gcs_write_fault.c @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (C) 2023 ARM Limited + */ + +#include +#include +#include + +#include +#include + +#include "test_signals_utils.h" +#include "testcases.h" + +static uint64_t *gcs_page; + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 452 +#endif + +static bool alloc_gcs(struct tdescr *td) +{ + long page_size = sysconf(_SC_PAGE_SIZE); + + gcs_page = (void *)syscall(__NR_map_shadow_stack, 0, + page_size, 0); + if (gcs_page == MAP_FAILED) { + fprintf(stderr, "Failed to map %ld byte GCS: %d\n", + page_size, errno); + return false; + } + + return true; +} + +static int gcs_write_fault_trigger(struct tdescr *td) +{ + /* Verify that the page is readable (ie, not completely unmapped) */ + fprintf(stderr, "Read value 0x%lx\n", gcs_page[0]); + + /* A regular write should trigger a fault */ + gcs_page[0] = EINVAL; + + return 0; +} + +static int gcs_write_fault_signal(struct tdescr *td, siginfo_t *si, + ucontext_t *uc) +{ + ASSERT_GOOD_CONTEXT(uc); + + return 1; +} + + +struct tdescr tde = { + .name = "GCS write fault", + .descr = "Normal writes to a GCS segfault", + .feats_required = FEAT_GCS, + .timeout = 3, + .sig_ok = SIGSEGV, + .sanity_disabled = true, + .init = alloc_gcs, + .trigger = gcs_write_fault_trigger, + .run = gcs_write_fault_signal, +}; From patchwork Wed Nov 22 09:42:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168259 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1208082vqb; Wed, 22 Nov 2023 01:50:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IF720b8y2MCn51Y4cvWQzruzKROPEA9diC+uZqm97KXhlIHJaWMfBQ0VAZu4qUD9uZuJNbx X-Received: by 2002:a05:6a20:5485:b0:187:e9c4:32e4 with SMTP id i5-20020a056a20548500b00187e9c432e4mr1866940pzk.13.1700646600643; Wed, 22 Nov 2023 01:50:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646600; cv=none; d=google.com; s=arc-20160816; b=wRSE1YyBxejCEV3VinZ2TDuUB0VixrO7LFI9WZZre/3A7L85XcRis9+i1SDIbDE1Eh 08oaBZvU9HyWyBNGLYxsUzSPcq/TxHqH1h81jNmK3S/C7cqrO8h4INY0rF1FK9CD0UgL 9CH20bR2Yeb2d1qFrVd+ZAIs4tbgIgJp2wa+v0+BFGeykEa3mgsVD7gXEIfxNlEjAcSB ANk3Y7ZgUrkguTsj7Ve6oFD8Wc6Llsr7uJRIX9aZCR4u9QdEyzUX6CDHXa7caoazzkhp EU0kU+skKse+8zxIO0+LQhLKhOn3T5gH1n/ZfRrklNZwMnGfLXFUqE/Z6COIPnmI6RL4 5KZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=31mpmwSNllgUVKtsMX3zcWSmBgA5hmlhyoErO+Y8jk4=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=cesUF55lV/38NK3bg2eXH+Npghr02ABpUolhnyO1wIsOQPm/cOl2RkdAfJXaRmB0RI 6P2bPlWEA/7owuQwynYZEhP2vaREWLlMgOcZzGtPJFcqZ7VFUr6mWvhSAbxgk2sLsHfW SZHnwjvk/SbhKG8k//D0+nCj6IPUcMwSn9JtscTXXuQdVcX3z4+DOa5e1y5pmZwPw4vh wpiOJ+uTbN6dckkPbQ6hb0xsC08X2hYJzSXNbuaO1Vm108sjnyUzXdUu3IqDBBENnEXS fj31VHY+4dBdADw1Ww14NTfb1cQupfdNEMpCV2bRX+sIreuFCxZ1K4yovmz/gl19L1Ee J6+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VTfCt5Jk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id t4-20020a17090abc4400b0028047ab56desi1155899pjv.36.2023.11.22.01.50.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:50:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VTfCt5Jk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 6BBCE81E7813; Wed, 22 Nov 2023 01:49:54 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343773AbjKVJti (ORCPT + 99 others); Wed, 22 Nov 2023 04:49:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235358AbjKVJtC (ORCPT ); Wed, 22 Nov 2023 04:49:02 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D892410D5 for ; Wed, 22 Nov 2023 01:47:54 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 716F5C433CA; Wed, 22 Nov 2023 09:47:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646474; bh=8h4PDzJe8RjVew6BhwmHNeyc214Uhnuy6Y86+OPZqvw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=VTfCt5JkV+3ZknfE1kWEnGBNKOi8vM0WJjx8C5Ewthj/W0w1tvry9bX2fqoGle0I7 4ZTaO8VN6BDOWCbo9MVsJtfmsoGNKgS/8cMkh6vR5z/fGrOL2196d87UyeP7EbnNoB m+ebPkB2gwqSLmQgvLYcmAOnX6iBy8CDZtTR9RCsYLUQU58ubP8RTlY2o3/fN96Tgn T4ESs43VPLeBK2CN8yLzYxWst4SAMJXt5cUHEZTU7iOtDlr35gsMZYGRyZjcqb/DVu 9XoZ/Yq3bhNKe9pAEGWSHhNZCnO1m1kkEqQLs4V0N1i8IYcP3iwZF1RGuaYPs+fWDW InHKZxfsOX0vA== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:47 +0000 Subject: [PATCH v7 37/39] kselftest/arm64: Add a GCS stress test MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-37-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=21150; i=broonie@kernel.org; h=from:subject:message-id; bh=8h4PDzJe8RjVew6BhwmHNeyc214Uhnuy6Y86+OPZqvw=; b=owGbwMvMwMWocq27KDak/QLjabUkhtTYs0LqxTN5/XV0rvl/bS9tEHyWuOHYYe1ydcvSxd909 GI3mLl3MhqzMDByMciKKbKsfZaxKj1cYuv8R/NfwQxiZQKZwsDFKQATkXjM/j9HPzZAlNetqPa4 SaVjUDHzPK00zksRX3aYvjHX9zBc0yWes2Czh8v1SXzTeNIYnC95KMpfVY67KTCtPqyO/1Jlkc2 nuQfNkrhqrVZNn3A293wez2q5kOL1W8SONX/T9nWL36rSvaHM5ecfz9+PGEWmfCo+sNdSZ9rJ3y uK9fYv7xL2Ff2Umvjy2a1I64Dzrlpx6mqTp/gJFe5PXTJ3OUfFVOeotht3dN+/ZFWZ/T/rz6SJ3 o8MbSS50yemh219Ga+SH3DUl+nYc5cu4XsJcYJGr5h+nebpMU1kVYj+FRmqp6Kd6LtW6rs/94Kp OaxsDT9WTNZ6MdN6qtoG5QLWiHau3rakHBa5P9uSajMA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:49:54 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257209929700016 X-GMAIL-MSGID: 1783257209929700016 Add a stress test which runs one more process than we have CPUs spinning through a very recursive function with frequent syscalls immediately prior to return and signals being injected every 100ms. The goal is to flag up any scheduling related issues, for example failure to ensure that barriers are inserted when moving a GCS using task to another CPU. The test runs for a configurable amount of time, defaulting to 10 seconds. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/gcs/.gitignore | 2 + tools/testing/selftests/arm64/gcs/Makefile | 6 +- tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 .../selftests/arm64/gcs/gcs-stress-thread.S | 311 ++++++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 532 +++++++++++++++++++++ 5 files changed, 850 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/gcs/.gitignore b/tools/testing/selftests/arm64/gcs/.gitignore index 0c86f53f68ad..1e8d1f6b27f2 100644 --- a/tools/testing/selftests/arm64/gcs/.gitignore +++ b/tools/testing/selftests/arm64/gcs/.gitignore @@ -1,3 +1,5 @@ basic-gcs libc-gcs gcs-locking +gcs-stress +gcs-stress-thread diff --git a/tools/testing/selftests/arm64/gcs/Makefile b/tools/testing/selftests/arm64/gcs/Makefile index 2173d6275956..d8b06ca51e22 100644 --- a/tools/testing/selftests/arm64/gcs/Makefile +++ b/tools/testing/selftests/arm64/gcs/Makefile @@ -6,7 +6,8 @@ # nolibc. # -TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking +TEST_GEN_PROGS := basic-gcs libc-gcs gcs-locking gcs-stress +TEST_GEN_PROGS_EXTENDED := gcs-stress-thread LDLIBS+=-lpthread @@ -18,3 +19,6 @@ $(OUTPUT)/basic-gcs: basic-gcs.c -I../../../../../usr/include \ -std=gnu99 -I../.. -g \ -ffreestanding -Wall $^ -o $@ -lgcc + +$(OUTPUT)/gcs-stress-thread: gcs-stress-thread.S + $(CC) -nostdlib $^ -o $@ diff --git a/tools/testing/selftests/arm64/gcs/asm-offsets.h b/tools/testing/selftests/arm64/gcs/asm-offsets.h new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S new file mode 100644 index 000000000000..4fe8695333e5 --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress-thread.S @@ -0,0 +1,311 @@ +// Program that loops for ever doing lots of recursions and system calls, +// intended to be used as part of a stress test for GCS context switching. +// +// Copyright 2015-2023 Arm Ltd + +#include + +#define sa_sz 32 +#define sa_flags 8 +#define sa_handler 0 +#define sa_mask_sz 8 + +#define si_code 8 + +#define SIGINT 2 +#define SIGABRT 6 +#define SIGUSR1 10 +#define SIGSEGV 11 +#define SIGUSR2 12 +#define SIGTERM 15 +#define SEGV_CPERR 10 + +#define SA_NODEFER 1073741824 +#define SA_SIGINFO 4 +#define ucontext_regs 184 + +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define GCSPR_EL0 S3_3_C2_C5_1 + +.macro function name + .macro endfunction + .type \name, @function + .purgem endfunction + .endm +\name: +.endm + +// Print a single character x0 to stdout +// Clobbers x0-x2,x8 +function putc + str x0, [sp, #-16]! + + mov x0, #1 // STDOUT_FILENO + mov x1, sp + mov x2, #1 + mov x8, #__NR_write + svc #0 + + add sp, sp, #16 + ret +endfunction +.globl putc + +// Print a NUL-terminated string starting at address x0 to stdout +// Clobbers x0-x3,x8 +function puts + mov x1, x0 + + mov x2, #0 +0: ldrb w3, [x0], #1 + cbz w3, 1f + add x2, x2, #1 + b 0b + +1: mov w0, #1 // STDOUT_FILENO + mov x8, #__NR_write + svc #0 + + ret +endfunction +.globl puts + +// Utility macro to print a literal string +// Clobbers x0-x4,x8 +.macro puts string + .pushsection .rodata.str1.1, "aMS", @progbits, 1 +.L__puts_literal\@: .string "\string" + .popsection + + ldr x0, =.L__puts_literal\@ + bl puts +.endm + +// Print an unsigned decimal number x0 to stdout +// Clobbers x0-x4,x8 +function putdec + mov x1, sp + str x30, [sp, #-32]! // Result can't be > 20 digits + + mov x2, #0 + strb w2, [x1, #-1]! // Write the NUL terminator + + mov x2, #10 +0: udiv x3, x0, x2 // div-mod loop to generate the digits + msub x0, x3, x2, x0 + add w0, w0, #'0' + strb w0, [x1, #-1]! + mov x0, x3 + cbnz x3, 0b + + ldrb w0, [x1] + cbnz w0, 1f + mov w0, #'0' // Print "0" for 0, not "" + strb w0, [x1, #-1]! + +1: mov x0, x1 + bl puts + + ldr x30, [sp], #32 + ret +endfunction +.globl putdec + +// Print an unsigned decimal number x0 to stdout, followed by a newline +// Clobbers x0-x5,x8 +function putdecn + mov x5, x30 + + bl putdec + mov x0, #'\n' + bl putc + + ret x5 +endfunction +.globl putdecn + +// Fill x1 bytes starting at x0 with 0. +// Clobbers x1, x2. +function memclr + mov w2, #0 +endfunction +.globl memclr + // fall through to memfill + +// Trivial memory fill: fill x1 bytes starting at address x0 with byte w2 +// Clobbers x1 +function memfill + cmp x1, #0 + b.eq 1f + +0: strb w2, [x0], #1 + subs x1, x1, #1 + b.ne 0b + +1: ret +endfunction +.globl memfill + +// w0: signal number +// x1: sa_action +// w2: sa_flags +// Clobbers x0-x6,x8 +function setsignal + str x30, [sp, #-((sa_sz + 15) / 16 * 16 + 16)]! + + mov w4, w0 + mov x5, x1 + mov w6, w2 + + add x0, sp, #16 + mov x1, #sa_sz + bl memclr + + mov w0, w4 + add x1, sp, #16 + str w6, [x1, #sa_flags] + str x5, [x1, #sa_handler] + mov x2, #0 + mov x3, #sa_mask_sz + mov x8, #__NR_rt_sigaction + svc #0 + + cbz w0, 1f + + puts "sigaction failure\n" + b abort + +1: ldr x30, [sp], #((sa_sz + 15) / 16 * 16 + 16) + ret +endfunction + + +function tickle_handler + // Perhaps collect GCSPR_EL0 here in future? + ret +endfunction + +function terminate_handler + mov w21, w0 + mov x20, x2 + + puts "Terminated by signal " + mov w0, w21 + bl putdec + puts ", no error\n" + + mov x0, #0 + mov x8, #__NR_exit + svc #0 +endfunction + +function segv_handler + // stash the siginfo_t * + mov x20, x1 + + // Disable GCS, we don't want additional faults logging things + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, xzr + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + + puts "Got SIGSEGV code " + + ldr x21, [x20, #si_code] + mov x0, x21 + bl putdec + + // GCS faults should have si_code SEGV_CPERR + cmp x21, #SEGV_CPERR + bne 1f + + puts " (GCS violation)" +1: + mov x0, '\n' + bl putc + b abort +endfunction + +// Recurse x20 times +.macro recurse id +function recurse\id + stp x29, x30, [sp, #-16]! + mov x29, sp + + cmp x20, 0 + beq 1f + sub x20, x20, 1 + bl recurse\id + +1: + ldp x29, x30, [sp], #16 + + // Do a syscall immediately prior to returning to try to provoke + // scheduling and migration at a point where coherency issues + // might trigger. + mov x8, #__NR_getpid + svc #0 + + ret +endfunction +.endmacro + +// Generate and use two copies so we're changing the GCS contents +recurse 1 +recurse 2 + +.globl _start +function _start + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 + cbz x0, 1f + puts "Failed to enable GCS\n" + b abort +1: + + mov w0, #SIGTERM + adr x1, terminate_handler + mov w2, #SA_SIGINFO + bl setsignal + + mov w0, #SIGUSR1 + adr x1, tickle_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + mov w0, #SIGSEGV + adr x1, segv_handler + mov w2, #SA_SIGINFO + orr w2, w2, #SA_NODEFER + bl setsignal + + puts "Running\n" + +loop: + // Small recursion depth so we're frequently flipping between + // the two recursors and changing what's on the stack + mov x20, #5 + bl recurse1 + mov x20, #5 + bl recurse2 + b loop +endfunction + +abort: + mov x0, #255 + mov x8, #__NR_exit + svc #0 diff --git a/tools/testing/selftests/arm64/gcs/gcs-stress.c b/tools/testing/selftests/arm64/gcs/gcs-stress.c new file mode 100644 index 000000000000..23fd8ec37bdc --- /dev/null +++ b/tools/testing/selftests/arm64/gcs/gcs-stress.c @@ -0,0 +1,532 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2022-3 ARM Limited. + */ + +#define _GNU_SOURCE +#define _POSIX_C_SOURCE 199309L + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../../kselftest.h" + +struct child_data { + char *name, *output; + pid_t pid; + int stdout; + bool output_seen; + bool exited; + int exit_status; + int exit_signal; +}; + +static int epoll_fd; +static struct child_data *children; +static struct epoll_event *evs; +static int tests; +static int num_children; +static bool terminate; + +static int startup_pipe[2]; + +static int num_processors(void) +{ + long nproc = sysconf(_SC_NPROCESSORS_CONF); + if (nproc < 0) { + perror("Unable to read number of processors\n"); + exit(EXIT_FAILURE); + } + + return nproc; +} + +static void start_thread(struct child_data *child) +{ + int ret, pipefd[2], i; + struct epoll_event ev; + + ret = pipe(pipefd); + if (ret != 0) + ksft_exit_fail_msg("Failed to create stdout pipe: %s (%d)\n", + strerror(errno), errno); + + child->pid = fork(); + if (child->pid == -1) + ksft_exit_fail_msg("fork() failed: %s (%d)\n", + strerror(errno), errno); + + if (!child->pid) { + /* + * In child, replace stdout with the pipe, errors to + * stderr from here as kselftest prints to stdout. + */ + ret = dup2(pipefd[1], 1); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Duplicate the read side of the startup pipe to + * FD 3 so we can close everything else. + */ + ret = dup2(startup_pipe[0], 3); + if (ret == -1) { + fprintf(stderr, "dup2() %d\n", errno); + exit(EXIT_FAILURE); + } + + /* + * Very dumb mechanism to clean open FDs other than + * stdio. We don't want O_CLOEXEC for the pipes... + */ + for (i = 4; i < 8192; i++) + close(i); + + /* + * Read from the startup pipe, there should be no data + * and we should block until it is closed. We just + * carry on on error since this isn't super critical. + */ + ret = read(3, &i, sizeof(i)); + if (ret < 0) + fprintf(stderr, "read(startp pipe) failed: %s (%d)\n", + strerror(errno), errno); + if (ret > 0) + fprintf(stderr, "%d bytes of data on startup pipe\n", + ret); + close(3); + + ret = execl("gcs-stress-thread", "gcs-stress-thread", NULL); + fprintf(stderr, "execl(gcs-stress-thread) failed: %d (%s)\n", + errno, strerror(errno)); + + exit(EXIT_FAILURE); + } else { + /* + * In parent, remember the child and close our copy of the + * write side of stdout. + */ + close(pipefd[1]); + child->stdout = pipefd[0]; + child->output = NULL; + child->exited = false; + child->output_seen = false; + + ev.events = EPOLLIN | EPOLLHUP; + ev.data.ptr = child; + + ret = asprintf(&child->name, "Thread-%d", child->pid); + if (ret == -1) + ksft_exit_fail_msg("asprintf() failed\n"); + + ret = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, child->stdout, &ev); + if (ret < 0) { + ksft_exit_fail_msg("%s EPOLL_CTL_ADD failed: %s (%d)\n", + child->name, strerror(errno), errno); + } + } + + ksft_print_msg("Started %s\n", child->name); + num_children++; +} + +static bool child_output_read(struct child_data *child) +{ + char read_data[1024]; + char work[1024]; + int ret, len, cur_work, cur_read; + + ret = read(child->stdout, read_data, sizeof(read_data)); + if (ret < 0) { + if (errno == EINTR) + return true; + + ksft_print_msg("%s: read() failed: %s (%d)\n", + child->name, strerror(errno), + errno); + return false; + } + len = ret; + + child->output_seen = true; + + /* Pick up any partial read */ + if (child->output) { + strncpy(work, child->output, sizeof(work) - 1); + cur_work = strnlen(work, sizeof(work)); + free(child->output); + child->output = NULL; + } else { + cur_work = 0; + } + + cur_read = 0; + while (cur_read < len) { + work[cur_work] = read_data[cur_read++]; + + if (work[cur_work] == '\n') { + work[cur_work] = '\0'; + ksft_print_msg("%s: %s\n", child->name, work); + cur_work = 0; + } else { + cur_work++; + } + } + + if (cur_work) { + work[cur_work] = '\0'; + ret = asprintf(&child->output, "%s", work); + if (ret == -1) + ksft_exit_fail_msg("Out of memory\n"); + } + + return false; +} + +static void child_output(struct child_data *child, uint32_t events, + bool flush) +{ + bool read_more; + + if (events & EPOLLIN) { + do { + read_more = child_output_read(child); + } while (read_more); + } + + if (events & EPOLLHUP) { + close(child->stdout); + child->stdout = -1; + flush = true; + } + + if (flush && child->output) { + ksft_print_msg("%s: %s\n", child->name, child->output); + free(child->output); + child->output = NULL; + } +} + +static void child_tickle(struct child_data *child) +{ + if (child->output_seen && !child->exited) + kill(child->pid, SIGUSR1); +} + +static void child_stop(struct child_data *child) +{ + if (!child->exited) + kill(child->pid, SIGTERM); +} + +static void child_cleanup(struct child_data *child) +{ + pid_t ret; + int status; + bool fail = false; + + if (!child->exited) { + do { + ret = waitpid(child->pid, &status, 0); + if (ret == -1 && errno == EINTR) + continue; + + if (ret == -1) { + ksft_print_msg("waitpid(%d) failed: %s (%d)\n", + child->pid, strerror(errno), + errno); + fail = true; + break; + } + + if (WIFEXITED(status)) { + child->exit_status = WEXITSTATUS(status); + child->exited = true; + } + + if (WIFSIGNALED(status)) { + child->exit_signal = WTERMSIG(status); + ksft_print_msg("%s: Exited due to signal %d\n", + child->name); + fail = true; + child->exited = true; + } + } while (!child->exited); + } + + if (!child->output_seen) { + ksft_print_msg("%s no output seen\n", child->name); + fail = true; + } + + if (child->exit_status != 0) { + ksft_print_msg("%s exited with error code %d\n", + child->name, child->exit_status); + fail = true; + } + + ksft_test_result(!fail, "%s\n", child->name); +} + +static void handle_child_signal(int sig, siginfo_t *info, void *context) +{ + int i; + bool found = false; + + for (i = 0; i < num_children; i++) { + if (children[i].pid == info->si_pid) { + children[i].exited = true; + children[i].exit_status = info->si_status; + found = true; + break; + } + } + + if (!found) + ksft_print_msg("SIGCHLD for unknown PID %d with status %d\n", + info->si_pid, info->si_status); +} + +static void handle_exit_signal(int sig, siginfo_t *info, void *context) +{ + int i; + + /* If we're already exiting then don't signal again */ + if (terminate) + return; + + ksft_print_msg("Got signal, exiting...\n"); + + terminate = true; + + /* + * This should be redundant, the main loop should clean up + * after us, but for safety stop everything we can here. + */ + for (i = 0; i < num_children; i++) + child_stop(&children[i]); +} + +/* Handle any pending output without blocking */ +static void drain_output(bool flush) +{ + int ret = 1; + int i; + + while (ret > 0) { + ret = epoll_wait(epoll_fd, evs, tests, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_print_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + for (i = 0; i < ret; i++) + child_output(evs[i].data.ptr, evs[i].events, flush); + } +} + +static const struct option options[] = { + { "timeout", required_argument, NULL, 't' }, + { } +}; + +int main(int argc, char **argv) +{ + int seen_children; + bool all_children_started = false; + int gcs_threads; + int timeout = 10; + int ret, cpus, i, c; + struct sigaction sa; + + while ((c = getopt_long(argc, argv, "t:", options, NULL)) != -1) { + switch (c) { + case 't': + ret = sscanf(optarg, "%d", &timeout); + if (ret != 1) + ksft_exit_fail_msg("Failed to parse timeout %s\n", + optarg); + break; + default: + ksft_exit_fail_msg("Unknown argument\n"); + } + } + + cpus = num_processors(); + tests = 0; + + if (getauxval(AT_HWCAP2) & HWCAP2_GCS) { + /* One extra thread, trying to trigger migrations */ + gcs_threads = cpus + 1; + tests += gcs_threads; + } else { + gcs_threads = 0; + } + + ksft_print_header(); + ksft_set_plan(tests); + + ksft_print_msg("%d CPUs, %d GCS threads\n", + cpus, gcs_threads); + + if (!tests) + ksft_exit_skip("No tests scheduled\n"); + + if (timeout > 0) + ksft_print_msg("Will run for %ds\n", timeout); + else + ksft_print_msg("Will run until terminated\n"); + + children = calloc(sizeof(*children), tests); + if (!children) + ksft_exit_fail_msg("Unable to allocate child data\n"); + + ret = epoll_create1(EPOLL_CLOEXEC); + if (ret < 0) + ksft_exit_fail_msg("epoll_create1() failed: %s (%d)\n", + strerror(errno), ret); + epoll_fd = ret; + + /* Create a pipe which children will block on before execing */ + ret = pipe(startup_pipe); + if (ret != 0) + ksft_exit_fail_msg("Failed to create startup pipe: %s (%d)\n", + strerror(errno), errno); + + /* Get signal handers ready before we start any children */ + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handle_exit_signal; + sa.sa_flags = SA_RESTART | SA_SIGINFO; + sigemptyset(&sa.sa_mask); + ret = sigaction(SIGINT, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGINT handler: %s (%d)\n", + strerror(errno), errno); + ret = sigaction(SIGTERM, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGTERM handler: %s (%d)\n", + strerror(errno), errno); + sa.sa_sigaction = handle_child_signal; + ret = sigaction(SIGCHLD, &sa, NULL); + if (ret < 0) + ksft_print_msg("Failed to install SIGCHLD handler: %s (%d)\n", + strerror(errno), errno); + + evs = calloc(tests, sizeof(*evs)); + if (!evs) + ksft_exit_fail_msg("Failed to allocated %d epoll events\n", + tests); + + for (i = 0; i < gcs_threads; i++) + start_thread(&children[i]); + + /* + * All children started, close the startup pipe and let them + * run. + */ + close(startup_pipe[0]); + close(startup_pipe[1]); + + timeout *= 10; + for (;;) { + /* Did we get a signal asking us to exit? */ + if (terminate) + break; + + /* + * Timeout is counted in 100ms with no output, the + * tests print during startup then are silent when + * running so this should ensure they all ran enough + * to install the signal handler, this is especially + * useful in emulation where we will both be slow and + * likely to have a large set of VLs. + */ + ret = epoll_wait(epoll_fd, evs, tests, 100); + if (ret < 0) { + if (errno == EINTR) + continue; + ksft_exit_fail_msg("epoll_wait() failed: %s (%d)\n", + strerror(errno), errno); + } + + /* Output? */ + if (ret > 0) { + for (i = 0; i < ret; i++) { + child_output(evs[i].data.ptr, evs[i].events, + false); + } + continue; + } + + /* Otherwise epoll_wait() timed out */ + + /* + * If the child processes have not produced output they + * aren't actually running the tests yet. + */ + if (!all_children_started) { + seen_children = 0; + + for (i = 0; i < num_children; i++) + if (children[i].output_seen || + children[i].exited) + seen_children++; + + if (seen_children != num_children) { + ksft_print_msg("Waiting for %d children\n", + num_children - seen_children); + continue; + } + + all_children_started = true; + } + + ksft_print_msg("Sending signals, timeout remaining: %d00ms\n", + timeout); + + for (i = 0; i < num_children; i++) + child_tickle(&children[i]); + + /* Negative timeout means run indefinitely */ + if (timeout < 0) + continue; + if (--timeout == 0) + break; + } + + ksft_print_msg("Finishing up...\n"); + terminate = true; + + for (i = 0; i < tests; i++) + child_stop(&children[i]); + + drain_output(false); + + for (i = 0; i < tests; i++) + child_cleanup(&children[i]); + + drain_output(true); + + ksft_print_cnts(); + + return 0; +} From patchwork Wed Nov 22 09:42:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168266 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1211044vqb; Wed, 22 Nov 2023 01:58:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IF+9Jp2LpynVLG2jHCPzXoFoZ7MDHp1zJ565jlsxsm2heC/zvG0Z+iik3S3iHMFCrlgIOh0 X-Received: by 2002:a17:90b:4f4c:b0:280:2985:56af with SMTP id pj12-20020a17090b4f4c00b00280298556afmr2052247pjb.45.1700647112355; Wed, 22 Nov 2023 01:58:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700647112; cv=none; d=google.com; s=arc-20160816; b=ijrDICU8S3SyKABk7xbbyvyKGAsVKgl4fwEVBjn5UUvxgptzNQ/fGSezkmZRf2wWJh BvA12/b2zgmviA4hmZqb4POyYvqSIJ1+2tVrrvzbiPOg0Qe7ItUpyV2FrIduHxJQSGHy 7Z6q4yP16W/wbx1UCpLmFnOTmZjyYWrhDqkVDtzov+tNzOlmSrvHl5mX+5+AUpHq74ta Ixr//FN0SdKeu9Ips0knd9lIbcV6FxM08+0u+ki9MiALCPPHmzEWaogGIlApquWsxy4D hWg4rlb1Te/fFjFayIFMZgujdRTZjfnOxStWsVG5jse0il519E03Wi3nnncDSYluSOWE 0fgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=lARH0LXYpPyl6/xq0Q87ae+WghUwtBsjqC5c6hCRo2I=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=y1E0e59LzhXxDBqHiPp7gTSdMwAYtGKqF6rkDFfkZEAq724ujDtz7tu25GjVSthpY/ wcP31NbhJzu0PU9NaeXqpX8I9pcHtyQEhn/WtpCdJyCZK5eDSTO+nnEhzd/lx7P+WWY6 XrnLsmmkYDkvc9ANTgEcICVLGRbTy4BAlqgxhA0NrLRMUAOFP17JIzwJvGkl/OFNhw5S L8S/d5GWrIZ4h2CloRHo5ed4yblZDLCqfcR3yocbxmtp1Q7/VpdAXI3sZx267Gr4kl1y x6acuT1PHhBFvEI/5DSuQZgufM2mJh5VEKuy8AIVNhZipRlnXEu5rq3kIFEd6st+gvLA G9QA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ky+pdXFq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id nb9-20020a17090b35c900b0028525bf33basi1191259pjb.39.2023.11.22.01.58.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:58:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ky+pdXFq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 50B8A812F45F; Wed, 22 Nov 2023 01:57:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343773AbjKVJ5G (ORCPT + 99 others); Wed, 22 Nov 2023 04:57:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235369AbjKVJ4q (ORCPT ); Wed, 22 Nov 2023 04:56:46 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C444A1998 for ; Wed, 22 Nov 2023 01:48:03 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 07F11C433C8; Wed, 22 Nov 2023 09:47:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646483; bh=eSCNvWDUi17fRk35d8u5Mk3lnX0Qn/saq0Me9ODMcog=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ky+pdXFqPVvbwLOQUIF5KSUAApd5yTfp+EINHRoVxbFevJpHoyzBoj2b888ngusWk yaqfFa8QVfN25G/u7QdOYZUJScjAIgS0W5IYixhIMpxpcucqib0pQ39x4ovpU/4ei1 gVrQagiEjXeCrqjKfim7+VoJe9JtEaWSBTdRJi46N1fKsiwXaGv2WafWlU+6dHq8lN uzmYGPrRen1M+iAo+Yib/uD572QUkvKLXEUJXCTK8GbUTZNFIdU2G16bmX0oplRg+W IAO1TThYj30cSZq36jN5aITacV3zTcxa2zJi6aLLFWvZTAsyIT/vGN0hdk74aRrUiq hXdb6F28yuOyA== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:48 +0000 Subject: [PATCH v7 38/39] kselftest/arm64: Enable GCS for the FP stress tests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-38-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=3085; i=broonie@kernel.org; h=from:subject:message-id; bh=eSCNvWDUi17fRk35d8u5Mk3lnX0Qn/saq0Me9ODMcog=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0TxVaHhiADHB3bt1cHAI20VA1kqzEuj0fpj P2J54lQhOyJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NEwAKCRAk1otyXVSH 0JlxB/9FubKE8WWTJdmyYLHbycLew6cc6wkr4QsEGDYSbvsH6yUlHMaOFlF8K4bCuYzdet4kVjB djl3tnOX8toJbJGgztTuvNDASojBPp75eEaXXBNPtkn8zEZOzMvgXvd09/n0HmXffwhqFr2N495 TLue+HbFeVDNc0fCIhADVuCrpK+5PEiISx974vYRYvwsGyqLh59DxFuqqJgWVatzyni7JXJWWmJ 6wgvUBPx9mGzmUZGFi5H5tD93ZTl3+/CXDEPsk4m3sH7wOkaH9ohDus3PfpTRW42Vdad9uAvR4I A8kL/AC9KhHYrCxP1U84b4R0Y0z+oLl66/wYlFmPpOJWkdaU X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:57:16 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257746530167020 X-GMAIL-MSGID: 1783257746530167020 While it's a bit off topic for them the floating point stress tests do give us some coverage of context thrashing cases, and also of active signal delivery separate to the relatively complicated framework in the actual signals tests. Have the tests enable GCS on startup, ignoring failures so they continue to work as before on systems without GCS. Signed-off-by: Mark Brown --- tools/testing/selftests/arm64/fp/assembler.h | 15 +++++++++++++++ tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 ++ tools/testing/selftests/arm64/fp/sve-test.S | 2 ++ tools/testing/selftests/arm64/fp/za-test.S | 2 ++ tools/testing/selftests/arm64/fp/zt-test.S | 2 ++ 5 files changed, 23 insertions(+) diff --git a/tools/testing/selftests/arm64/fp/assembler.h b/tools/testing/selftests/arm64/fp/assembler.h index 9b38a0da407d..7012f9f796de 100644 --- a/tools/testing/selftests/arm64/fp/assembler.h +++ b/tools/testing/selftests/arm64/fp/assembler.h @@ -65,4 +65,19 @@ endfunction bl puts .endm +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +.macro enable_gcs + // Run with GCS + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, xzr + mov x3, xzr + mov x4, xzr + mov x5, xzr + mov x8, #__NR_prctl + svc #0 +.endm + #endif /* ! ASSEMBLER_H */ diff --git a/tools/testing/selftests/arm64/fp/fpsimd-test.S b/tools/testing/selftests/arm64/fp/fpsimd-test.S index 8b960d01ed2e..b16fb7f42e3e 100644 --- a/tools/testing/selftests/arm64/fp/fpsimd-test.S +++ b/tools/testing/selftests/arm64/fp/fpsimd-test.S @@ -215,6 +215,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S index 547d077e3517..e29ab7c4e824 100644 --- a/tools/testing/selftests/arm64/fp/sve-test.S +++ b/tools/testing/selftests/arm64/fp/sve-test.S @@ -378,6 +378,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // Irritation signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/za-test.S b/tools/testing/selftests/arm64/fp/za-test.S index 9dcd70911397..f789694fa3ea 100644 --- a/tools/testing/selftests/arm64/fp/za-test.S +++ b/tools/testing/selftests/arm64/fp/za-test.S @@ -231,6 +231,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT diff --git a/tools/testing/selftests/arm64/fp/zt-test.S b/tools/testing/selftests/arm64/fp/zt-test.S index d63286397638..ea5e55310705 100644 --- a/tools/testing/selftests/arm64/fp/zt-test.S +++ b/tools/testing/selftests/arm64/fp/zt-test.S @@ -200,6 +200,8 @@ endfunction // Main program entry point .globl _start function _start + enable_gcs + mov x23, #0 // signal count mov w0, #SIGINT From patchwork Wed Nov 22 09:42:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 168261 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2b07:b0:403:3b70:6f57 with SMTP id io7csp1209095vqb; Wed, 22 Nov 2023 01:53:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IHUW9fznnMjMlRbR/MxPutNiVP98QfApyqS0qPn97b2e29zv8fu1A/AhZemK+gHYwtalgO8 X-Received: by 2002:a05:6808:ab8:b0:3b2:f557:666e with SMTP id r24-20020a0568080ab800b003b2f557666emr2009762oij.19.1700646781427; Wed, 22 Nov 2023 01:53:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700646781; cv=none; d=google.com; s=arc-20160816; b=iP0RcEi4KVzuu6PiXJaIx3fgyoAp7on/0WKB6Oz3ex9jmufE81BHG6EoWQxhf0WulB 5KVoed9gJ+wOg3pejaCZTa9seQ4ZsH8rDceMzME4E7+ExpM1mwTZfbnZ9Pe4uepvWUoT zM8A2NwlnCDpx6POYvIeDP9Z+bZcN0vm3T/4intf6FNrd5ZzFVOKyUnut/RGw/lXmYm4 MJYQgIK4wAjqd7NBLXFDVe9j9CivMJCBI+/65XgoFTh4GiXWU5KuRwJwYKSvibNlrG/f QuTV7kk9dY44SO0W/cmlPhKI6VMu8YtqlhqGlDRL1gRC8KJBBLCSEVOcBEQrC38+zPA4 5RAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=GQzGkKqFdDjtW47t1neXVo9WE7wwJKuc9BPZVSbCuv0=; fh=DBA09WWQvC/ITzWF++5486U2O7bEUYFtf23DC3t+lKo=; b=oEdExN1cgil/BoSjqFQi4ihv/AeQGFoXZNWPzuN+zfbVgKZ/oDHoo84RBq7pY4KWNh ebaM61WDmu10cdmRQB9D1sDCjap9TRMCLLW4rXcUxPeL3JtxNAVXnof+BU5w9KLL8BLR hYXcPtBDSbKkYc3mFo27mpuiOpFSp72hHfN3H3ExnKfR/5Jxi2GcsnloFZZPJWM7ggp9 fY3eSYcvDJj22kYWMrepSc6preLluFbAklCsLhbWhlefFTj1meGbEkAWr4s47ZlLNxGx FAFDqrr/wLBxAKYwE6girJCyn+8zBad/TohKB1ilbUL4AIqpyIuWX7LgTTWHT37RO9fg LfJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uZVDPcKF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id x4-20020a626304000000b006cb2db00287si10915062pfb.340.2023.11.22.01.53.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 01:53:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uZVDPcKF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id D717B808A8C0; Wed, 22 Nov 2023 01:50:18 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235294AbjKVJtw (ORCPT + 99 others); Wed, 22 Nov 2023 04:49:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50770 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235278AbjKVJtS (ORCPT ); Wed, 22 Nov 2023 04:49:18 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DBE410DC for ; Wed, 22 Nov 2023 01:48:12 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EB795C433C9; Wed, 22 Nov 2023 09:48:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700646492; bh=+DcIGbRVvw60QaNepPSRFBnETXstp9aOb5bVveLOaFg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uZVDPcKFka+wlMJXjfzajobqpM6EaIscRoqp8YtTGuiZLIBclLh/18h+beyzfCCak O611N3cFEGc9ooTue7jvmAjHduLzlohXVD9CMIjCWn79H/TlnFbuXsNc8sX94PgzpD CziDJmtJS4Lxr7Q90BN45O6K7RZDp60OhWbeVYOizHCAv+pOxqIKTxJVflyNZ+J6XH /WFEwQWOydbHD+eyzieR8s/u37khmup0ORNwiLjGPrd5KdyWHwd+12K9tNSjVXsVMU h4yc9Yk3hd0sUoKwmILtXr0+4rKmOlfPSNZJELuR9deSXlQR1au1DbSTFSMH3s0Dw3 UjGBYMzpNCEaQ== From: Mark Brown Date: Wed, 22 Nov 2023 09:42:49 +0000 Subject: [PATCH v7 39/39] kselftest/clone3: Enable GCS in the clone3 selftests MIME-Version: 1.0 Message-Id: <20231122-arm64-gcs-v7-39-201c483bd775@kernel.org> References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> In-Reply-To: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-0438c X-Developer-Signature: v=1; a=openpgp-sha256; l=2416; i=broonie@kernel.org; h=from:subject:message-id; bh=+DcIGbRVvw60QaNepPSRFBnETXstp9aOb5bVveLOaFg=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBlXc0Uf5JbJdKOG4lKmXzlRMK5DRWagk6L/dGG+ 23SAtCf39uJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZV3NFAAKCRAk1otyXVSH 0HKwB/44qmjC2meQurJ74cEJ5LyDpr1HY6Y1uWSWnrnkSyRi8ifcJAyyiipIeWWT2m2p19Mpf+V 5qrOSTOZdbGPeoAgIKaULvFGqHP/ksUE8h92lW7xsOkWWWvpcMBPOCkmhlsIYyaWpVOSMobVII8 PBDQf7mV3cJuvY8YfCMIkBz3Ul6mwtxdu9vNby4YUtXDRU9U3cGAcL6XtW3KntS2xI0+aDTcs7i YX48MJ+hv3H+CYavScUNHVuNSx8y1Q3eta1i1xV3wGLOaAAxBPAvtoCuwkfsLCOAy6jNqbmbBPU 2P7pVrY78UsvDTA8mvMcJrJSnASVS4HY2NdgEMkZbCxKMCbn X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 22 Nov 2023 01:50:19 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783257399026390414 X-GMAIL-MSGID: 1783257399026390414 In order to allow testing without full userspace support for shadow stacks the clone3() selftests open code enabling them at runtime, hook up arm64 support. Signed-off-by: Mark Brown --- tools/testing/selftests/clone3/clone3.c | 37 +++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tools/testing/selftests/clone3/clone3.c b/tools/testing/selftests/clone3/clone3.c index dbe52582573c..6114a33d6ec2 100644 --- a/tools/testing/selftests/clone3/clone3.c +++ b/tools/testing/selftests/clone3/clone3.c @@ -432,6 +432,43 @@ static inline void enable_shadow_stack(void) #endif +#ifdef __aarc64__ +#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define ENABLE_SHADOW_STACK +static inline void enable_shadow_stack(void) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ENABLE); + if (ret == 0) + shadow_stack_enabled = true; +} + +#endif + #ifndef ENABLE_SHADOW_STACK static void enable_shadow_stack(void) {