From patchwork Wed Dec 11 15:41:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181263 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp701307ile; Wed, 11 Dec 2019 07:43:42 -0800 (PST) X-Google-Smtp-Source: APXvYqyUWp3aV37gJaYAnGY8PkmT6HMCi9mfYQN+m18oskoJKx+q47x60DP5VPhB56tHRvb7gDJE X-Received: by 2002:aca:1704:: with SMTP id j4mr3326761oii.21.1576079022207; Wed, 11 Dec 2019 07:43:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079022; cv=none; d=google.com; s=arc-20160816; b=k+O6DlfB46hPo8rogRGP4FO60SviI6sJbwZeOlLRfYH4MrTdE/Qjn60ieJt4/y5M4y viJ/GAbJNUCTKSYXvGo9jCoqvIAnqD2fYUZdmVn9bW3nqZIucq/T//h14Rn3un5lzDdy QD6/eIukZFPnRyQMtZvO2+uuLyD/gJGhzP1poJjVZLGgbTRGSac7ovf4+vnbOCKehIoP vBJI20/IYpopu6lOhwBcWkut4aW9ny9cfMrCfng1g6BDeDsmorSxTgYHTx30OMs1pCxY t1BidC7E5jhGCCveHvP6adT97GQUZSDfN8nzV7JAkCZMjbD2oaeMadf3UboiUFuehXve vX8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=QebfjIu1BY2Pb3nS1pbRo8zxLzcuq5WCUAnAe7D8+q0=; b=md/IVZmImt2U+9EHnVHpBFVwDya4BkhohKt35CLTCx5gyCU0jcmZs1YbZYFGfxjPYn 6rs+lGg4lrDLzva7TtezHwn1Y0GWcTyg8xJ6a02zMfXB93xNaDrJI018xKNpOTODBnoH 2eFQVmw23uR7sPHLUFIps4Fu3JAYYvdWHkl9hRKzdV1fqkyfjHSdk+lIi4IhWO0rlIaf D5X496F7ZdIMnBXkdvP3h8O2tNufnVCToJBmJ/YFM0nvy0OfYV6iVKALydoBndRcKjPn B9iOTzGq8lo5Re6UpIpNKULN0X0GcRt6Mem3kW0drSWg0W0g3ZLpSEWFzg/Rm9dNsX4N CDzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si1178532oto.127.2019.12.11.07.43.41; Wed, 11 Dec 2019 07:43:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388011AbfLKPnk (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:40 -0500 Received: from foss.arm.com ([217.140.110.172]:35356 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388678AbfLKPmw (ORCPT ); Wed, 11 Dec 2019 10:42:52 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0FC7631B; Wed, 11 Dec 2019 07:42:52 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5A4C03F52E; Wed, 11 Dec 2019 07:42:51 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 01/12] ELF: UAPI and Kconfig additions for ELF program properties Date: Wed, 11 Dec 2019 15:41:55 +0000 Message-Id: <20191211154206.46260-2-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin Pull the basic ELF definitions relating to the NT_GNU_PROPERTY_TYPE_0 note from Yu-Cheng Yu's earlier x86 shstk series. Signed-off-by: Yu-cheng Yu Signed-off-by: Dave Martin Reviewed-by: Kees Cook Signed-off-by: Mark Brown --- fs/Kconfig.binfmt | 3 +++ include/linux/elf.h | 8 ++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 12 insertions(+) -- 2.20.1 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index 62dc4f577ba1..d2cfe0729a73 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -36,6 +36,9 @@ config COMPAT_BINFMT_ELF config ARCH_BINFMT_ELF_STATE bool +config ARCH_USE_GNU_PROPERTY + bool + config BINFMT_ELF_FDPIC bool "Kernel support for FDPIC ELF binaries" default y if !BINFMT_ELF diff --git a/include/linux/elf.h b/include/linux/elf.h index e3649b3e970e..459cddcceaac 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -2,6 +2,7 @@ #ifndef _LINUX_ELF_H #define _LINUX_ELF_H +#include #include #include @@ -56,4 +57,11 @@ static inline int elf_coredump_extra_notes_write(struct coredump_params *cprm) { extern int elf_coredump_extra_notes_size(void); extern int elf_coredump_extra_notes_write(struct coredump_params *cprm); #endif + +/* NT_GNU_PROPERTY_TYPE_0 header */ +struct gnu_property { + u32 pr_type; + u32 pr_datasz; +}; + #endif /* _LINUX_ELF_H */ diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 34c02e4290fe..c37731407074 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -36,6 +36,7 @@ typedef __s64 Elf64_Sxword; #define PT_LOPROC 0x70000000 #define PT_HIPROC 0x7fffffff #define PT_GNU_EH_FRAME 0x6474e550 +#define PT_GNU_PROPERTY 0x6474e553 #define PT_GNU_STACK (PT_LOOS + 0x474e551) From patchwork Wed Dec 11 15:41:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181252 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700556ile; Wed, 11 Dec 2019 07:42:59 -0800 (PST) X-Google-Smtp-Source: APXvYqx6AhSVhVtUyeAYlyDFiq0OQrHTnSfYlIXsNFvcu5/RuhBC4D2yWlFxWE5iVY/vxM4Uwod1 X-Received: by 2002:a9d:684e:: with SMTP id c14mr2792942oto.340.1576078979195; Wed, 11 Dec 2019 07:42:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078979; cv=none; d=google.com; s=arc-20160816; b=K5XMqp0T6SxNuhaoMx/TwqfJG1KFFj0D5tvj5uS2r8CfbONPuVc4cEjTfN6QynpK4F X/RDe/mVlDqal0LB2c/IXfR5YuqDDgJUD+7GyjS3skZuoHInlV+wtKa8r92kKMRSc7G9 QN3VC8u3loL1g2ueIAVbOUBdAmMIskDBUH8vdc29WRQocUzyc7R1+vOoA3qN9vFwKas9 WIqiKm9DD5xxw2MCUc4rMaGq+J7cQfwKrXba3mznyOieel9p8cR6J/T+sN/xE/JE7PqS b+G+kygDa7WxFnYycuz9aoq0xBDP4nP48DpsNrwVHPhW9AaloNZM7t8Cq3N+eGBeSCld rq4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=AefwwKX3goUK1lloL+BzqiseELFxWnepWg0tIjjiNRA=; b=nu8EXImS/GttuVeuVUTF1bLyTZ8dsfDAs8KdmCj4cdiL4ZWWkwatIxRZA8ZpZGMV1p hT8bQd5uxez5N0kOcLTF8usjGPWCbM7V9x8SSgYgmW9R4pk3bOHFdQz8jzZB63YcRRzu TuVi47sLvTVRaD68TgGuT28MfR6i0YDl1uuRQJQ769yyHPdZOLBoCdihpKT6N/XvI7hM Tg+3yT6QU2x+MHTH0bI7UIU7nlzP75IF1T2jD6CtJqVQjj3xjF8s0MCQ2y7BX710ByKY 6mn0DJdn1zh6LiNUd2OVqGU8U2JrCFb020O2/iYXIah+Odg7+xADMhYWngpRhLk/SA4O 8Y1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z62si1371619oiz.271.2019.12.11.07.42.58; Wed, 11 Dec 2019 07:42:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388691AbfLKPm5 (ORCPT + 27 others); Wed, 11 Dec 2019 10:42:57 -0500 Received: from foss.arm.com ([217.140.110.172]:35382 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388681AbfLKPmy (ORCPT ); Wed, 11 Dec 2019 10:42:54 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3B71BDA7; Wed, 11 Dec 2019 07:42:54 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AD59D3F52E; Wed, 11 Dec 2019 07:42:53 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 02/12] ELF: Add ELF program property parsing support Date: Wed, 11 Dec 2019 15:41:56 +0000 Message-Id: <20191211154206.46260-3-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin ELF program properties will be needed for detecting whether to enable optional architecture or ABI features for a new ELF process. For now, there are no generic properties that we care about, so do nothing unless CONFIG_ARCH_USE_GNU_PROPERTY=y. Otherwise, the presence of properties using the PT_PROGRAM_PROPERTY phdrs entry (if any), and notify each property to the arch code. For now, the added code is not used. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- fs/binfmt_elf.c | 127 +++++++++++++++++++++++++++++++++++++++ fs/compat_binfmt_elf.c | 4 ++ include/linux/elf.h | 19 ++++++ include/uapi/linux/elf.h | 4 ++ 4 files changed, 154 insertions(+) -- 2.20.1 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index ecd8d2698515..f584da3c6932 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -39,12 +39,18 @@ #include #include #include +#include +#include #include #include #include #include #include +#ifndef ELF_COMPAT +#define ELF_COMPAT 0 +#endif + #ifndef user_long_t #define user_long_t long #endif @@ -678,6 +684,111 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, * libraries. There is no binary dependent code anywhere else. */ +static int parse_elf_property(const char *data, size_t *off, size_t datasz, + struct arch_elf_state *arch, + bool have_prev_type, u32 *prev_type) +{ + size_t o, step; + const struct gnu_property *pr; + int ret; + + if (*off == datasz) + return -ENOENT; + + if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN)) + return -EIO; + o = *off; + datasz -= *off; + + if (datasz < sizeof(*pr)) + return -EIO; + pr = (const struct gnu_property *)(data + o); + o += sizeof(*pr); + datasz -= sizeof(*pr); + + if (pr->pr_datasz > datasz) + return -EIO; + + WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN); + step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN); + if (step > datasz) + return -EIO; + + /* Properties are supposed to be unique and sorted on pr_type: */ + if (have_prev_type && pr->pr_type <= *prev_type) + return -EIO; + *prev_type = pr->pr_type; + + ret = arch_parse_elf_property(pr->pr_type, data + o, + pr->pr_datasz, ELF_COMPAT, arch); + if (ret) + return ret; + + *off = o + step; + return 0; +} + +#define NOTE_DATA_SZ SZ_1K +#define GNU_PROPERTY_TYPE_0_NAME "GNU" +#define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME)) + +static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, + struct arch_elf_state *arch) +{ + union { + struct elf_note nhdr; + char data[NOTE_DATA_SZ]; + } note; + loff_t pos; + ssize_t n; + size_t off, datasz; + int ret; + bool have_prev_type; + u32 prev_type; + + if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr) + return 0; + + /* load_elf_binary() shouldn't call us unless this is true... */ + if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY)) + return -EIO; + + /* If the properties are crazy large, that's too bad (for now): */ + if (phdr->p_filesz > sizeof(note)) + return -ENOEXEC; + + pos = phdr->p_offset; + n = kernel_read(f, ¬e, phdr->p_filesz, &pos); + + BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); + if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) + return -EIO; + + if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || + note.nhdr.n_namesz != NOTE_NAME_SZ || + strncmp(note.data + sizeof(note.nhdr), + GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) + return -EIO; + + off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, + ELF_GNU_PROPERTY_ALIGN); + if (off > n) + return -EIO; + + if (note.nhdr.n_descsz > n - off) + return -EIO; + datasz = off + note.nhdr.n_descsz; + + have_prev_type = false; + do { + ret = parse_elf_property(note.data, &off, datasz, arch, + have_prev_type, &prev_type); + have_prev_type = true; + } while (!ret); + + return ret == -ENOENT ? 0 : ret; +} + static int load_elf_binary(struct linux_binprm *bprm) { struct file *interpreter = NULL; /* to shut gcc up */ @@ -685,6 +796,7 @@ static int load_elf_binary(struct linux_binprm *bprm) int load_addr_set = 0; unsigned long error; struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; + struct elf_phdr *elf_property_phdata = NULL; unsigned long elf_bss, elf_brk; int bss_prot = 0; int retval, i; @@ -731,6 +843,11 @@ static int load_elf_binary(struct linux_binprm *bprm) for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) { char *elf_interpreter; + if (elf_ppnt->p_type == PT_GNU_PROPERTY) { + elf_property_phdata = elf_ppnt; + continue; + } + if (elf_ppnt->p_type != PT_INTERP) continue; @@ -818,9 +935,14 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ + elf_property_phdata = NULL; elf_ppnt = interp_elf_phdata; for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++) switch (elf_ppnt->p_type) { + case PT_GNU_PROPERTY: + elf_property_phdata = elf_ppnt; + break; + case PT_LOPROC ... PT_HIPROC: retval = arch_elf_pt_proc(&loc->interp_elf_ex, elf_ppnt, interpreter, @@ -831,6 +953,11 @@ static int load_elf_binary(struct linux_binprm *bprm) } } + retval = parse_elf_properties(interpreter ?: bprm->file, + elf_property_phdata, &arch_state); + if (retval) + goto out_free_dentry; + /* * Allow arch code to reject the ELF at this point, whilst it's * still possible to return an error to the code that invoked diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index aaad4ca1217e..13a087bc816b 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -17,6 +17,8 @@ #include #include +#define ELF_COMPAT 1 + /* * Rename the basic ELF layout types to refer to the 32-bit class of files. */ @@ -28,11 +30,13 @@ #undef elf_shdr #undef elf_note #undef elf_addr_t +#undef ELF_GNU_PROPERTY_ALIGN #define elfhdr elf32_hdr #define elf_phdr elf32_phdr #define elf_shdr elf32_shdr #define elf_note elf32_note #define elf_addr_t Elf32_Addr +#define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN /* * Some data types as stored in coredump. diff --git a/include/linux/elf.h b/include/linux/elf.h index 459cddcceaac..7bdc6da160c7 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -22,6 +22,9 @@ SET_PERSONALITY(ex) #endif +#define ELF32_GNU_PROPERTY_ALIGN 4 +#define ELF64_GNU_PROPERTY_ALIGN 8 + #if ELF_CLASS == ELFCLASS32 extern Elf32_Dyn _DYNAMIC []; @@ -32,6 +35,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half #define Elf_Word Elf32_Word +#define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN #else @@ -43,6 +47,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half #define Elf_Word Elf64_Word +#define ELF_GNU_PROPERTY_ALIGN ELF64_GNU_PROPERTY_ALIGN #endif @@ -64,4 +69,18 @@ struct gnu_property { u32 pr_datasz; }; +struct arch_elf_state; + +#ifndef CONFIG_ARCH_USE_GNU_PROPERTY +static inline int arch_parse_elf_property(u32 type, const void *data, + size_t datasz, bool compat, + struct arch_elf_state *arch) +{ + return 0; +} +#else +extern int arch_parse_elf_property(u32 type, const void *data, size_t datasz, + bool compat, struct arch_elf_state *arch); +#endif + #endif /* _LINUX_ELF_H */ diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index c37731407074..20900f4496b7 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -368,6 +368,7 @@ typedef struct elf64_shdr { * Notes used in ET_CORE. Architectures export some of the arch register sets * using the corresponding note types via the PTRACE_GETREGSET and * PTRACE_SETREGSET requests. + * The note name for all these is "LINUX". */ #define NT_PRSTATUS 1 #define NT_PRFPREG 2 @@ -430,6 +431,9 @@ typedef struct elf64_shdr { #define NT_MIPS_FP_MODE 0x801 /* MIPS floating-point mode */ #define NT_MIPS_MSA 0x802 /* MIPS SIMD registers */ +/* Note types with note name "GNU" */ +#define NT_GNU_PROPERTY_TYPE_0 5 + /* Note header in a PT_NOTE section */ typedef struct elf32_note { Elf32_Word n_namesz; /* Name size */ From patchwork Wed Dec 11 15:41:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181253 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700600ile; Wed, 11 Dec 2019 07:43:02 -0800 (PST) X-Google-Smtp-Source: APXvYqzJrA++WHXMJlTmM/uVk3nW05vXycmhGZ6uiAmGhH99RvFp1vSYMk/xFkQYvCfT/d4ECMqG X-Received: by 2002:a05:6830:1d6a:: with SMTP id l10mr2837523oti.233.1576078982057; Wed, 11 Dec 2019 07:43:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078982; cv=none; d=google.com; s=arc-20160816; b=THkyLejUJvKDzrWP/YHHuk9WV2aKCXxltqEXb1u1cQsq21Fy/ugYYdaTOR5wYmg2wh ltcmYvhDRfDuqkzxaVHoz3D1g62Ck5MGtk/Vri9ZicbxWy0R4lJoEJb55BupbsCZ+KB8 34wu2A+AZbLeZZHVwlnki10oISffAMRDuxwboQILhlPPBxojRFtdg7tR/cBdbktv8Ovz cLXdjQ0v6J7tE+mUt82j3vT4V7wnt4bU0/XnlyI7onBevee5YGtGozx5cPFmWRtnou8y FgXp1n+QKzqhQv6EPMT5TB+bd9v7tCvegK2d2Wg3ZI6Mdf3Dfz0epS7/zu8W0zhPK86y 2mig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=fDKPby1LN20X4I8FeowWRVqj1zjgzx4i4vrwXMKUSqY=; b=NmBj/phBYoSHwMN1Gq3Pj5FJ8iQW7/+kFft5fnLB2Y/COo+AVFwvM4zWq4enzDcwkA 8I7IT7yK7zITVtDlBitJYQInjv7JIDeWIxRi5On8s+LdAWrmz/SA0OXPZxAPhLVx/x+l BSoHO0323CeX/YSj7gBJ3z3BzliK631ZIyZST5LPhqcrVnB9IHNIIemdZvDNwT11SRU1 gHxc1QJcus8iVG4hfni8Div5v5mVAkADlmA+6Dhx76iGCOBVs7ht4smEJDDkn/2F1xJk nSQn70qR1qZYP1ZYkx10dbt4IbfgPmhGMkQPzfkDn8EMqa3vRNbBFNA04aDSqeYmwoTM jWfA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z62si1371619oiz.271.2019.12.11.07.43.01; Wed, 11 Dec 2019 07:43:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388697AbfLKPnB (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:01 -0500 Received: from foss.arm.com ([217.140.110.172]:35414 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388684AbfLKPm5 (ORCPT ); Wed, 11 Dec 2019 10:42:57 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8A27B1007; Wed, 11 Dec 2019 07:42:56 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D7D073F52E; Wed, 11 Dec 2019 07:42:55 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 03/12] mm: Reserve asm-generic prot flag 0x10 for arch use Date: Wed, 11 Dec 2019 15:41:57 +0000 Message-Id: <20191211154206.46260-4-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin The asm-generic mman definitions are used by a few architectures that also define an arch-specific PROT flag with value 0x10. This currently applies to sparc and powerpc, and arm64 will soon join in. To help future maintainers, document the use of this flag in the asm-generic header too. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- include/uapi/asm-generic/mman-common.h | 1 + 1 file changed, 1 insertion(+) -- 2.20.1 diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h index c160a5354eb6..81442d2aaecb 100644 --- a/include/uapi/asm-generic/mman-common.h +++ b/include/uapi/asm-generic/mman-common.h @@ -11,6 +11,7 @@ #define PROT_WRITE 0x2 /* page can be written */ #define PROT_EXEC 0x4 /* page can be executed */ #define PROT_SEM 0x8 /* page may be used for atomic ops */ + /* 0x10 reserved for arch-specific use */ #define PROT_NONE 0x0 /* page can not be accessed */ #define PROT_GROWSDOWN 0x01000000 /* mprotect flag: extend change to start of growsdown vma */ #define PROT_GROWSUP 0x02000000 /* mprotect flag: extend change to end of growsup vma */ From patchwork Wed Dec 11 15:41:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181254 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700641ile; Wed, 11 Dec 2019 07:43:04 -0800 (PST) X-Google-Smtp-Source: APXvYqyfNwU3uZigH0GViuR+8312utkk2FtiQ60yEZ427DnJVZj5jfx3/ro0KJTO6KER4s/ylsvJ X-Received: by 2002:aca:fc06:: with SMTP id a6mr3139602oii.12.1576078984560; Wed, 11 Dec 2019 07:43:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078984; cv=none; d=google.com; s=arc-20160816; b=unU8jCPeO4sJMaQFkuRanLQcnb8cbrAczzwnBLIAhJ7s9AL/K1lvgUrl7DwVgd+6f+ Rr8lQ1QkAhKveF3JYa092gPpVRqbJFOMc6PC84JYkDcrjc35oKHxSQHquu9DY4w6rNOW 77HR4dtLIgp6eh9eSrBUnIwoclgODGNAnN+CXeSU6++oTM0R7sGR/K+lpmDZcTxv6JOs dc97TMz4PEJq2XdXjRXUXItA2vP/yxmqdGWS1j52Axkzp4zMbk1+BsVH+cc2U7d51k8h NQPYP/DXuZ4IaFwgCqMHbbzcIrcpsAdQBHMVTliM9pyZOY9WwaQ0z0xMIJ9wu4UZznMf 86nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=S7Q3e3lQHFkRHLsT4P2SwoEBUgZkrw8hozxWuDaM96M=; b=A8t1P8cTZ36cbwYIhVj12APSvVG6Lg7H/DtrJA566Na8rIHrQZyClVaFy83+mHS4nu fNjGXzXZallMrx5gdN1wEU151EydB88GInz/bwJEwHPDj0sCzd+OB0tRxBl+1sAIpUfd ZKWvX77HgnpdRoTC5BRMtgfqKjtF0JH5SA88mC4GScSMcKZfMpB6dYYJElrrGl/9QG4m uSvnRF6SnlWhNw4mEwNgMzLU/Zf+jGZNcSYS4YDkCR7AiwM8sTR57DhjRqf/xECLIEUZ gA/bf0BZUE0b7mrbLhioeZpQr2BuuEwCTlx2GW1oiaruJqg0wvTWnnaORHlrYnyIDQ2J oN8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z13si1399189oti.272.2019.12.11.07.43.04; Wed, 11 Dec 2019 07:43:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388705AbfLKPnD (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:03 -0500 Received: from foss.arm.com ([217.140.110.172]:35440 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388621AbfLKPnA (ORCPT ); Wed, 11 Dec 2019 10:43:00 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0E74F30E; Wed, 11 Dec 2019 07:42:59 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 321FB3F52E; Wed, 11 Dec 2019 07:42:58 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 04/12] arm64: Basic Branch Target Identification support Date: Wed, 11 Dec 2019 15:41:58 +0000 Message-Id: <20191211154206.46260-5-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin This patch adds the bare minimum required to expose the ARMv8.5 Branch Target Identification feature to userspace. By itself, this does _not_ automatically enable BTI for any initial executable pages mapped by execve(). This will come later, but for now it should be possible to enable BTI manually on those pages by using mprotect() from within the target process. Other arches already using the generic mman.h are already using 0x10 for arch-specific prot flags, so we use that for PROT_BTI here. For consistency, signal handler entry points in BTI guarded pages are required to be annotated as such, just like any other function. This blocks a relatively minor attack vector, but comforming userspace will have the annotations anyway, so we may as well enforce them. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- Documentation/arm64/cpu-feature-registers.rst | 2 + Documentation/arm64/elf_hwcaps.rst | 4 ++ arch/arm64/Kconfig | 26 +++++++++++++ arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/cpufeature.h | 6 +++ arch/arm64/include/asm/esr.h | 2 +- arch/arm64/include/asm/exception.h | 1 + arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/mman.h | 37 +++++++++++++++++++ arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/pgtable.h | 2 +- arch/arm64/include/asm/ptrace.h | 8 ++++ arch/arm64/include/asm/sysreg.h | 4 ++ arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/mman.h | 9 +++++ arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/cpufeature.c | 33 +++++++++++++++++ arch/arm64/kernel/cpuinfo.c | 1 + arch/arm64/kernel/entry-common.c | 11 ++++++ arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/signal.c | 16 ++++++++ arch/arm64/kernel/syscall.c | 18 +++++++++ arch/arm64/kernel/traps.c | 8 ++++ include/linux/mm.h | 3 ++ 24 files changed, 196 insertions(+), 4 deletions(-) create mode 100644 arch/arm64/include/asm/mman.h create mode 100644 arch/arm64/include/uapi/asm/mman.h -- 2.20.1 diff --git a/Documentation/arm64/cpu-feature-registers.rst b/Documentation/arm64/cpu-feature-registers.rst index b6e44884e3ad..400e14009008 100644 --- a/Documentation/arm64/cpu-feature-registers.rst +++ b/Documentation/arm64/cpu-feature-registers.rst @@ -174,6 +174,8 @@ infrastructure: +------------------------------+---------+---------+ | SSBS | [7-4] | y | +------------------------------+---------+---------+ + | BT | [3-0] | y | + +------------------------------+---------+---------+ 4) MIDR_EL1 - Main ID Register diff --git a/Documentation/arm64/elf_hwcaps.rst b/Documentation/arm64/elf_hwcaps.rst index 7fa3d215ae6a..2997d7b398ce 100644 --- a/Documentation/arm64/elf_hwcaps.rst +++ b/Documentation/arm64/elf_hwcaps.rst @@ -204,6 +204,10 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. +HWCAP2_BTI + + Functionality implied by ID_AA64PFR0_EL1.BT == 0b0001. + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index b1b4476ddb83..39292a0fc603 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1484,6 +1484,32 @@ config ARM64_PTR_AUTH endmenu +menu "ARMv8.5 architectural features" + +config ARM64_BTI + bool "Branch Target Identification support" + default y + help + Branch Target Identification (part of the ARMv8.5 Extensions) + provides a mechanism to limit the set of locations to which computed + branch instructions such as BR or BLR can jump. + + To make use of BTI on CPUs that support it, say Y. + + BTI is intended to provide complementary protection to other control + flow integrity protection mechanisms, such as the Pointer + authentication mechanism provided as part of the ARMv8.3 Extensions. + For this reason, it does not make sense to enable this option without + also enabling support for pointer authentication. Thus, when + enabling this option you should also select ARM64_PTR_AUTH=y. + + Userspace binaries must also be specifically compiled to make use of + this mechanism. If you say N here or the hardware does not support + BTI, such binaries can still run, but you get no additional + enforcement of branch destinations. + +endmenu + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index b92683871119..23518d70e304 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -56,7 +56,8 @@ #define ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM 46 #define ARM64_WORKAROUND_1542419 47 #define ARM64_WORKAROUND_1319367 48 +#define ARM64_BTI 49 -#define ARM64_NCAPS 49 +#define ARM64_NCAPS 50 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 4261d55e8506..dc39ca83de19 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -613,6 +613,12 @@ static inline bool system_has_prio_mask_debugging(void) system_uses_irq_prio_masking(); } +static inline bool system_supports_bti(void) +{ + return IS_ENABLED(CONFIG_ARM64_BTI) && + cpus_have_const_cap(ARM64_BTI); +} + #define ARM64_BP_HARDEN_UNKNOWN -1 #define ARM64_BP_HARDEN_WA_NEEDED 0 #define ARM64_BP_HARDEN_NOT_REQUIRED 1 diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index cb29253ae86b..390b8ba67830 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -22,7 +22,7 @@ #define ESR_ELx_EC_PAC (0x09) /* EL2 and above */ /* Unallocated EC: 0x0A - 0x0B */ #define ESR_ELx_EC_CP14_64 (0x0C) -/* Unallocated EC: 0x0d */ +#define ESR_ELx_EC_BTI (0x0D) #define ESR_ELx_EC_ILL (0x0E) /* Unallocated EC: 0x0F - 0x10 */ #define ESR_ELx_EC_SVC32 (0x11) diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h index 4d5f3b5f50cd..3384cbe2f89c 100644 --- a/arch/arm64/include/asm/exception.h +++ b/arch/arm64/include/asm/exception.h @@ -35,6 +35,7 @@ asmlinkage void enter_from_user_mode(void); void do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs); void do_sp_pc_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs); void do_undefinstr(struct pt_regs *regs); +void do_bti(struct pt_regs *regs); asmlinkage void bad_mode(struct pt_regs *regs, int reason, unsigned int esr); void do_debug_exception(unsigned long addr_if_watchpoint, unsigned int esr, struct pt_regs *regs); diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 3d2f2472a36c..f9e681df33d0 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -86,6 +86,7 @@ #define KERNEL_HWCAP_SVESM4 __khwcap2_feature(SVESM4) #define KERNEL_HWCAP_FLAGM2 __khwcap2_feature(FLAGM2) #define KERNEL_HWCAP_FRINT __khwcap2_feature(FRINT) +#define KERNEL_HWCAP_BTI __khwcap2_feature(BTI) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h new file mode 100644 index 000000000000..081ec8de9ea6 --- /dev/null +++ b/arch/arm64/include/asm/mman.h @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include +#include +#include + +static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot, + unsigned long pkey __always_unused) +{ + if (system_supports_bti() && (prot & PROT_BTI)) + return VM_ARM64_BTI; + + return 0; +} +#define arch_calc_vm_prot_bits(prot, pkey) arch_calc_vm_prot_bits(prot, pkey) + +static inline pgprot_t arch_vm_get_page_prot(unsigned long vm_flags) +{ + return (vm_flags & VM_ARM64_BTI) ? __pgprot(PTE_GP) : __pgprot(0); +} +#define arch_vm_get_page_prot(vm_flags) arch_vm_get_page_prot(vm_flags) + +static inline bool arch_validate_prot(unsigned long prot, + unsigned long addr __always_unused) +{ + unsigned long supported = PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM; + + if (system_supports_bti()) + supported |= PROT_BTI; + + return (prot & ~supported) == 0; +} +#define arch_validate_prot(prot, addr) arch_validate_prot(prot, addr) + +#endif /* ! __ASM_MMAN_H__ */ diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h index d9fbd433cc17..c422f03ad411 100644 --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -150,6 +150,7 @@ #define PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ #define PTE_NG (_AT(pteval_t, 1) << 11) /* nG */ +#define PTE_GP (_AT(pteval_t, 1) << 50) /* BTI guarded */ #define PTE_DBM (_AT(pteval_t, 1) << 51) /* Dirty Bit Management */ #define PTE_CONT (_AT(pteval_t, 1) << 52) /* Contiguous range */ #define PTE_PXN (_AT(pteval_t, 1) << 53) /* Privileged XN */ diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 5d15b4735a0e..3e13e415119e 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -662,7 +662,7 @@ static inline phys_addr_t pgd_page_paddr(pgd_t pgd) static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { const pteval_t mask = PTE_USER | PTE_PXN | PTE_UXN | PTE_RDONLY | - PTE_PROT_NONE | PTE_VALID | PTE_WRITE; + PTE_PROT_NONE | PTE_VALID | PTE_WRITE | PTE_GP; /* preserve the hardware dirty information */ if (pte_hw_dirty(pte)) pte = pte_mkdirty(pte); diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index fbebb411ae20..212bba1f8d84 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -35,8 +35,16 @@ #define GIC_PRIO_PSR_I_SET (1 << 4) /* Additional SPSR bits not exposed in the UABI */ +#define PSR_BTYPE_SHIFT 10 + #define PSR_IL_BIT (1 << 20) +/* Convenience names for the values of PSTATE.BTYPE */ +#define PSR_BTYPE_NONE (0b00 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_JC (0b01 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_C (0b10 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_J (0b11 << PSR_BTYPE_SHIFT) + /* AArch32-specific ptrace requests */ #define COMPAT_PTRACE_GETREGS 12 #define COMPAT_PTRACE_SETREGS 13 diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 6e919fafb43d..3f4710f23277 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -510,6 +510,8 @@ #endif /* SCTLR_EL1 specific flags. */ +#define SCTLR_EL1_BT1 (BIT(36)) +#define SCTLR_EL1_BT0 (BIT(35)) #define SCTLR_EL1_UCI (BIT(26)) #define SCTLR_EL1_E0E (BIT(24)) #define SCTLR_EL1_SPAN (BIT(23)) @@ -599,10 +601,12 @@ /* id_aa64pfr1 */ #define ID_AA64PFR1_SSBS_SHIFT 4 +#define ID_AA64PFR1_BT_SHIFT 0 #define ID_AA64PFR1_SSBS_PSTATE_NI 0 #define ID_AA64PFR1_SSBS_PSTATE_ONLY 1 #define ID_AA64PFR1_SSBS_PSTATE_INSNS 2 +#define ID_AA64PFR1_BT_BTI 0x1 /* id_aa64zfr0 */ #define ID_AA64ZFR0_SM4_SHIFT 40 diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a1e72886b30c..363f569cf599 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -65,5 +65,6 @@ #define HWCAP2_SVESM4 (1 << 6) #define HWCAP2_FLAGM2 (1 << 7) #define HWCAP2_FRINT (1 << 8) +#define HWCAP2_BTI (1 << 9) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/include/uapi/asm/mman.h b/arch/arm64/include/uapi/asm/mman.h new file mode 100644 index 000000000000..6fdd71eb644f --- /dev/null +++ b/arch/arm64/include/uapi/asm/mman.h @@ -0,0 +1,9 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI__ASM_MMAN_H +#define _UAPI__ASM_MMAN_H + +#include + +#define PROT_BTI 0x10 /* BTI guarded page */ + +#endif /* ! _UAPI__ASM_MMAN_H */ diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7ed9294e2004..09e66fa5f13a 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -46,6 +46,7 @@ #define PSR_I_BIT 0x00000080 #define PSR_A_BIT 0x00000100 #define PSR_D_BIT 0x00000200 +#define PSR_BTYPE_MASK 0x00000c00 #define PSR_SSBS_BIT 0x00001000 #define PSR_PAN_BIT 0x00400000 #define PSR_UAO_BIT 0x00800000 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 04cf64e9f0c9..bb95963ea90c 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -172,6 +172,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -1267,6 +1269,21 @@ static bool can_use_gic_priorities(const struct arm64_cpu_capabilities *entry, } #endif +#ifdef CONFIG_ARM64_BTI +static void bti_enable(const struct arm64_cpu_capabilities *__unused) +{ + /* + * Use of X16/X17 for tail-calls and trampolines that jump to + * function entry points using BR is a requirement for + * marking binaries with GNU_PROPERTY_AARCH64_FEATURE_1_BTI. + * So, be strict and forbid other BRs using other registers to + * jump onto a PACIxSP instruction: + */ + sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_BT0 | SCTLR_EL1_BT1); + isb(); +} +#endif /* CONFIG_ARM64_BTI */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1566,6 +1583,19 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .sign = FTR_UNSIGNED, .min_field_value = 1, }, +#endif +#ifdef CONFIG_ARM64_BTI + { + .desc = "Branch Target Identification", + .capability = ARM64_BTI, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_cpuid_feature, + .cpu_enable = bti_enable, + .sys_reg = SYS_ID_AA64PFR1_EL1, + .field_pos = ID_AA64PFR1_BT_SHIFT, + .min_field_value = ID_AA64PFR1_BT_BTI, + .sign = FTR_UNSIGNED, + }, #endif {}, }; @@ -1662,6 +1692,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(SYS_ID_AA64ZFR0_EL1, ID_AA64ZFR0_SM4_SHIFT, FTR_UNSIGNED, ID_AA64ZFR0_SM4, CAP_HWCAP, KERNEL_HWCAP_SVESM4), #endif HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_SSBS_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_SSBS_PSTATE_INSNS, CAP_HWCAP, KERNEL_HWCAP_SSBS), +#ifdef CONFIG_ARM64_BTI + HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_BT_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_BT_BTI, CAP_HWCAP, KERNEL_HWCAP_BTI), +#endif #ifdef CONFIG_ARM64_PTR_AUTH HWCAP_MULTI_CAP(ptr_auth_hwcap_addr_matches, CAP_HWCAP, KERNEL_HWCAP_PACA), HWCAP_MULTI_CAP(ptr_auth_hwcap_gen_matches, CAP_HWCAP, KERNEL_HWCAP_PACG), diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 56bba746da1c..2c67ce0a7eb6 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -84,6 +84,7 @@ static const char *const hwcap_str[] = { "svesm4", "flagm2", "frint", + "bti", NULL }; diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index 5dce5e56995a..d64358a9794f 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -188,6 +188,14 @@ static void notrace el0_undef(struct pt_regs *regs) } NOKPROBE_SYMBOL(el0_undef); +static void notrace el0_bti(struct pt_regs *regs) +{ + user_exit_irqoff(); + local_daif_restore(DAIF_PROCCTX); + do_bti(regs); +} +NOKPROBE_SYMBOL(el0_bti); + static void notrace el0_inv(struct pt_regs *regs, unsigned long esr) { user_exit_irqoff(); @@ -255,6 +263,9 @@ asmlinkage void notrace el0_sync_handler(struct pt_regs *regs) case ESR_ELx_EC_UNKNOWN: el0_undef(regs); break; + case ESR_ELx_EC_BTI: + el0_bti(regs); + break; case ESR_ELx_EC_BREAKPT_LOW: case ESR_ELx_EC_SOFTSTP_LOW: case ESR_ELx_EC_WATCHPT_LOW: diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 6771c399d40c..a7d00e335fc6 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1853,7 +1853,7 @@ void syscall_trace_exit(struct pt_regs *regs) */ #define SPSR_EL1_AARCH64_RES0_BITS \ (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ - GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) + GENMASK_ULL(20, 13) | GENMASK_ULL(5, 5)) #define SPSR_EL1_AARCH32_RES0_BITS \ (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index dd2cdc0d5be2..b089eff158e5 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -730,6 +730,22 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[29] = (unsigned long)&user->next_frame->fp; regs->pc = (unsigned long)ka->sa.sa_handler; + /* + * Signal delivery is a (wacky) indirect function call in + * userspace, so simulate the same setting of BTYPE as a BLR + * . + * Signal delivery to a location in a PROT_BTI guarded page + * that is not a function entry point will now trigger a + * SIGILL in userspace. + * + * If the signal handler entry point is not in a PROT_BTI + * guarded page, this is harmless. + */ + if (system_supports_bti()) { + regs->pstate &= ~PSR_BTYPE_MASK; + regs->pstate |= PSR_BTYPE_C; + } + if (ka->sa.sa_flags & SA_RESTORER) sigtramp = ka->sa.sa_restorer; else diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c index 9a9d98a443fc..ef80ecbd6eaf 100644 --- a/arch/arm64/kernel/syscall.c +++ b/arch/arm64/kernel/syscall.c @@ -98,6 +98,24 @@ static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr, regs->orig_x0 = regs->regs[0]; regs->syscallno = scno; + /* + * BTI note: + * The architecture does not guarantee that SPSR.BTYPE is zero + * on taking an SVC, so we could return to userspace with a + * non-zero BTYPE after the syscall. + * + * This shouldn't matter except when userspace is explicitly + * doing something stupid, such as setting PROT_BTI on a page + * that lacks conforming BTI/PACIxSP instructions, falling + * through from one executable page to another with differing + * PROT_BTI, or messing with BYTPE via ptrace: in such cases, + * userspace should not be surprised if a SIGILL occurs on + * syscall return. + * + * So, don't touch regs->pstate & PSR_BTYPE_MASK here. + * (Similarly for HVC and SMC elsewhere.) + */ + cortex_a76_erratum_1463225_svc_handler(); local_daif_restore(DAIF_PROCCTX); user_exit(); diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 73caf35c2262..84c7a88dd617 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -408,6 +408,13 @@ void do_undefinstr(struct pt_regs *regs) } NOKPROBE_SYMBOL(do_undefinstr); +void do_bti(struct pt_regs *regs) +{ + BUG_ON(!user_mode(regs)); + force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); +} +NOKPROBE_SYMBOL(do_bti); + #define __user_cache_maint(insn, address, res) \ if (address >= user_addr_max()) { \ res = -EFAULT; \ @@ -750,6 +757,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_CP10_ID] = "CP10 MRC/VMRS", [ESR_ELx_EC_PAC] = "PAC", [ESR_ELx_EC_CP14_64] = "CP14 MCRR/MRRC", + [ESR_ELx_EC_BTI] = "BTI", [ESR_ELx_EC_ILL] = "PSTATE.IL", [ESR_ELx_EC_SVC32] = "SVC (AArch32)", [ESR_ELx_EC_HVC32] = "HVC (AArch32)", diff --git a/include/linux/mm.h b/include/linux/mm.h index c97ea3b694e6..0a2db242fd56 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -329,6 +329,9 @@ extern unsigned int kobjsize(const void *objp); #elif defined(CONFIG_SPARC64) # define VM_SPARC_ADI VM_ARCH_1 /* Uses ADI tag for access control */ # define VM_ARCH_CLEAR VM_SPARC_ADI +#elif defined(CONFIG_ARM64) +# define VM_ARM64_BTI VM_ARCH_1 /* BTI guarded page, a.k.a. GP bit */ +# define VM_ARCH_CLEAR VM_ARM64_BTI #elif !defined(CONFIG_MMU) # define VM_MAPPED_COPY VM_ARCH_1 /* T if mapped copy of data (nommu mmap) */ #endif From patchwork Wed Dec 11 15:41:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181255 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700667ile; Wed, 11 Dec 2019 07:43:06 -0800 (PST) X-Google-Smtp-Source: APXvYqxte3HJKHhw5ozUG0IZ0z61f2W5uaWACTfbcyhQ6C31VnNmSRQleBvdhOjqd9ntDgoNcYs2 X-Received: by 2002:aca:7244:: with SMTP id p65mr3140488oic.50.1576078986015; Wed, 11 Dec 2019 07:43:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078986; cv=none; d=google.com; s=arc-20160816; b=XXFtoMGPUx64pnQvVDSA2qU/iyGuinnInV2/4p0PsPAzFUeEHCWHUhY8okIYRCJGRv yGY4IfPvEbSRLvlV6D9DkJ/n5WhRwecmPlTIhNKmPSkpX7L2dUrnvk4GeaEkI465kPLn MatFr9DiFzDjpp1qxkeA2VHNArrjwgHmaIqQAkTjU5BTxF9lFpvF+VyUv0v8NeN3j39w KNkTSGlCPo/V9IqFTpOZnRtmdvZb1Ryb8NZZD965ecdISjl8ZHTcfdCSmsty7EG8RoUG TNzqL1bHDKf2tjm3A5ZM6YyL4j9YVa1k2hDrgRMGr/Tsir/AjDrjr+FB4nkHWGfWdjir Z4Ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=BkTUE3oMc8HYNz1WxDfVuM4KXBNzmY6V134Vm1KBjPE=; b=oANW2bnf65tiWnkpcK7EIpKh0JZC0sMlo7JeQEZMHNXNDEULdIZm0GKL0djZvrkQrc jPN/yUMBKGQmUeUOEYU1fHrRuOoH9/gVRrFQ6CrJT8/RPUPPzl5HqsyBIaIxCTG6fB1s 7eHw2TxcfRE4ZQBek+j4xxI7g/SHb4lFbJzoJU8oqbKWzzi7TtPsNv1g/SX+RIYhxfsz n9dBhfBmdSydziw4l71a7tsRI1pEvgaj6x1U6VHoFBGNGrxdPFB5h0a+UH5cI33PCb+n q0gxiXx1hiMWJsZHx7t2vfWj9Meevp3f5yTaZcK+DX8dZjJMxOVqxJdUzaGjkoBpaNU3 5VZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z25si1334169oto.211.2019.12.11.07.43.05; Wed, 11 Dec 2019 07:43:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388095AbfLKPnE (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:04 -0500 Received: from foss.arm.com ([217.140.110.172]:35468 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388699AbfLKPnB (ORCPT ); Wed, 11 Dec 2019 10:43:01 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 595591063; Wed, 11 Dec 2019 07:43:01 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A7CCE3F52E; Wed, 11 Dec 2019 07:43:00 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 05/12] elf: Allow arch to tweak initial mmap prot flags Date: Wed, 11 Dec 2019 15:41:59 +0000 Message-Id: <20191211154206.46260-6-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin An arch may want to tweak the mmap prot flags for an ELFexecutable's initial mappings. For example, arm64 is going to need to add PROT_BTI for executable pages in an ELF process whose executable is marked as using Branch Target Identification (an ARMv8.5-A control flow integrity feature). So that this can be done in a generic way, add a hook arch_elf_adjust_prot() to modify the prot flags as desired: arches can select CONFIG_HAVE_ELF_PROT and implement their own backend where necessary. By default, leave the prot flags unchanged. Signed-off-by: Dave Martin Reviewed-by: Kees Cook Signed-off-by: Mark Brown --- fs/Kconfig.binfmt | 3 +++ fs/binfmt_elf.c | 18 ++++++++++++------ include/linux/elf.h | 12 ++++++++++++ 3 files changed, 27 insertions(+), 6 deletions(-) -- 2.20.1 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index d2cfe0729a73..2358368319b8 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -36,6 +36,9 @@ config COMPAT_BINFMT_ELF config ARCH_BINFMT_ELF_STATE bool +config ARCH_HAVE_ELF_PROT + bool + config ARCH_USE_GNU_PROPERTY bool diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index f584da3c6932..ae74195a0529 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -541,7 +541,8 @@ static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ -static inline int make_prot(u32 p_flags) +static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state, + bool has_interp, bool is_interp) { int prot = 0; @@ -551,7 +552,8 @@ static inline int make_prot(u32 p_flags) prot |= PROT_WRITE; if (p_flags & PF_X) prot |= PROT_EXEC; - return prot; + + return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp); } /* This is much more generalized than the library routine read function, @@ -561,7 +563,8 @@ static inline int make_prot(u32 p_flags) static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, struct file *interpreter, - unsigned long no_base, struct elf_phdr *interp_elf_phdata) + unsigned long no_base, struct elf_phdr *interp_elf_phdata, + struct arch_elf_state *arch_state) { struct elf_phdr *eppnt; unsigned long load_addr = 0; @@ -593,7 +596,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { int elf_type = MAP_PRIVATE | MAP_DENYWRITE; - int elf_prot = make_prot(eppnt->p_flags); + int elf_prot = make_prot(eppnt->p_flags, arch_state, + true, true); unsigned long vaddr = 0; unsigned long k, map_addr; @@ -1039,7 +1043,8 @@ static int load_elf_binary(struct linux_binprm *bprm) } } - elf_prot = make_prot(elf_ppnt->p_flags); + elf_prot = make_prot(elf_ppnt->p_flags, &arch_state, + !!interpreter, false); elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE; @@ -1182,7 +1187,8 @@ static int load_elf_binary(struct linux_binprm *bprm) if (interpreter) { elf_entry = load_elf_interp(&loc->interp_elf_ex, interpreter, - load_bias, interp_elf_phdata); + load_bias, interp_elf_phdata, + &arch_state); if (!IS_ERR((void *)elf_entry)) { /* * load_elf_interp() returns relocation diff --git a/include/linux/elf.h b/include/linux/elf.h index 7bdc6da160c7..1b6e8955c597 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -83,4 +83,16 @@ extern int arch_parse_elf_property(u32 type, const void *data, size_t datasz, bool compat, struct arch_elf_state *arch); #endif +#ifdef CONFIG_ARCH_HAVE_ELF_PROT +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, + bool has_interp, bool is_interp); +#else +static inline int arch_elf_adjust_prot(int prot, + const struct arch_elf_state *state, + bool has_interp, bool is_interp) +{ + return prot; +} +#endif + #endif /* _LINUX_ELF_H */ From patchwork Wed Dec 11 15:42:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181262 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp701140ile; Wed, 11 Dec 2019 07:43:32 -0800 (PST) X-Google-Smtp-Source: APXvYqxpQQG5hP+zV36tBctF8v+HJiq2XN70xaz97uIAl5/03xF1/hs2FDWllqk+JcBgVlt6YV3g X-Received: by 2002:a05:6830:1707:: with SMTP id 7mr2854845otk.185.1576079012672; Wed, 11 Dec 2019 07:43:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079012; cv=none; d=google.com; s=arc-20160816; b=HO3LEuAAj+zl4B9Sg9aVI4zQqn2f4lYsspzidJa8vtZu2aKs7cY+0lCrwAD24e5wrG WKcPsbDv5Bc/tatlVibt+PJpQcTesAvuZs7Z5xpz5hHmbB+Y22lkt5Uvd33cOczv2V2y 3eH+Tqi1NjuYXAanovTU1/fvZITQLJYHX33whp7pombeuW0XyOoeKOCJ9/I6aJ6n+1/C lEo2LvJyYNjTmqlKaU5j7gYDXZlC8GJBcpKBOOKCVhbwD2b6o1yCvwKQRKzXZo4Vkx5Z SOi2Ns49fLBiiyoE7trSla2YROtDSs3VB+0syYfuGhY8EetZheQfjzrotFb3HDkG01cJ +ogw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=f8leG4Jrs0l4s/zCtEr+zHKqI3NtOWEpu/cLoaFFi3I=; b=yLJ2MZlOIuBGj+Pp8bzu7ni/+r1+N/Jqk+D6XG1bUObK5d4iJwGrKNSr0w9DHh7w3c 63SJu5aPUAp0neQswalR+RgGaT6+QLEoW7Ye+X8KfxW3R5JSQJ5sj3mcNkYme3OVB3tL 3nBTntkNwd7x0RG++WiRgDuejG/8t0SYRCIwu1CiHusf67l6pDsix7BBTlBxNRJKwDjU EbRRFU0ox51nW+RUATKEPZPvqjb3quk5vV9quF4cSrkMYY6UGuwHZi27l+WcieOlatIX UfwSESW8y5iTgbVR8JRVbQgxiZPXfKYkSMz68tk7p7Yn7EN2tVl14YvoGjhWCJCQFeDN i/5Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p124si1589286oib.224.2019.12.11.07.43.32; Wed, 11 Dec 2019 07:43:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729784AbfLKPnL (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:11 -0500 Received: from foss.arm.com ([217.140.110.172]:35498 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388709AbfLKPnE (ORCPT ); Wed, 11 Dec 2019 10:43:04 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 83CFC31B; Wed, 11 Dec 2019 07:43:03 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 00EC83F52E; Wed, 11 Dec 2019 07:43:03 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 06/12] arm64: elf: Enable BTI at exec based on ELF program properties Date: Wed, 11 Dec 2019 15:42:00 +0000 Message-Id: <20191211154206.46260-7-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin For BTI protection to be as comprehensive as possible, it is desirable to have BTI enabled from process startup. If this is not done, the process must use mprotect() to enable BTI for each of its executable mappings, but this is painful to do in the libc startup code. It's simpler and more sound to have the kernel do it instead. To this end, detect BTI support in the executable (or ELF interpreter, as appropriate), via the NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot flags for the process' executable pages to include PROT_BTI as appropriate. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- arch/arm64/Kconfig | 3 +++ arch/arm64/include/asm/elf.h | 50 ++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/process.c | 19 ++++++++++++++ include/linux/elf.h | 6 ++++- include/uapi/linux/elf.h | 6 +++++ 5 files changed, 83 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 39292a0fc603..ea3a5150f5f6 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -9,6 +9,7 @@ config ARM64 select ACPI_MCFG if (ACPI && PCI) select ACPI_SPCR_TABLE if ACPI select ACPI_PPTT if ACPI + select ARCH_BINFMT_ELF_STATE select ARCH_CLOCKSOURCE_DATA select ARCH_HAS_DEBUG_VIRTUAL select ARCH_HAS_DEVMEM_IS_ALLOWED @@ -33,6 +34,7 @@ config ARM64 select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST + select ARCH_HAVE_ELF_PROT select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_INLINE_READ_LOCK if !PREEMPT select ARCH_INLINE_READ_LOCK_BH if !PREEMPT @@ -62,6 +64,7 @@ config ARM64 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT select ARCH_KEEP_MEMBLOCK select ARCH_USE_CMPXCHG_LOCKREF + select ARCH_USE_GNU_PROPERTY if BINFMT_ELF select ARCH_USE_QUEUED_RWLOCKS select ARCH_USE_QUEUED_SPINLOCKS select ARCH_SUPPORTS_MEMORY_FAILURE diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index b618017205a3..8bc154ce4e00 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -114,7 +114,11 @@ #ifndef __ASSEMBLY__ +#include #include +#include +#include +#include #include /* for signal_minsigstksz, used by ARCH_DLINFO */ typedef unsigned long elf_greg_t; @@ -224,6 +228,52 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm, #endif /* CONFIG_COMPAT */ +struct arch_elf_state { + int flags; +}; + +#define ARM64_ELF_BTI (1 << 0) + +#define INIT_ARCH_ELF_STATE { \ + .flags = 0, \ +} + +static inline int arch_parse_elf_property(u32 type, const void *data, + size_t datasz, bool compat, + struct arch_elf_state *arch) +{ + /* No known properties for AArch32 yet */ + if (IS_ENABLED(CONFIG_COMPAT) && compat) + return 0; + + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { + const u32 *p = data; + + if (datasz != sizeof(*p)) + return -EIO; + + if (IS_ENABLED(CONFIG_ARM64_BTI) && + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) + arch->flags |= ARM64_ELF_BTI; + } + + return 0; +} + +static inline int arch_elf_pt_proc(void *ehdr, void *phdr, + struct file *f, bool is_interp, + struct arch_elf_state *state) +{ + return 0; +} + +static inline int arch_check_elf(void *ehdr, bool has_interp, + void *interp_ehdr, + struct arch_elf_state *state) +{ + return 0; +} + #endif /* !__ASSEMBLY__ */ #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 71f788cd2b18..37c508f409ac 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -18,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -649,3 +651,20 @@ asmlinkage void __sched arm64_preempt_schedule_irq(void) if (static_branch_likely(&arm64_const_caps_ready)) preempt_schedule_irq(); } + +#ifdef CONFIG_BINFMT_ELF +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, + bool has_interp, bool is_interp) +{ + if (is_interp != has_interp) + return prot; + + if (!(state->flags & ARM64_ELF_BTI)) + return prot; + + if (prot & PROT_EXEC) + prot |= PROT_BTI; + + return prot; +} +#endif diff --git a/include/linux/elf.h b/include/linux/elf.h index 1b6e8955c597..5d5b0321da0b 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -63,7 +63,11 @@ extern int elf_coredump_extra_notes_size(void); extern int elf_coredump_extra_notes_write(struct coredump_params *cprm); #endif -/* NT_GNU_PROPERTY_TYPE_0 header */ +/* + * NT_GNU_PROPERTY_TYPE_0 header: + * Keep this internal until/unless there is an agreed UAPI definition. + * pr_type values (GNU_PROPERTY_*) are public and defined in the UAPI header. + */ struct gnu_property { u32 pr_type; u32 pr_datasz; diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 20900f4496b7..c6dd0215482e 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -448,4 +448,10 @@ typedef struct elf64_note { Elf64_Word n_type; /* Content type */ } Elf64_Nhdr; +/* .note.gnu.property types for EM_AARCH64: */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000 + +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) + #endif /* _UAPI_LINUX_ELF_H */ From patchwork Wed Dec 11 15:42:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181256 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700753ile; Wed, 11 Dec 2019 07:43:10 -0800 (PST) X-Google-Smtp-Source: APXvYqwCdcDcPpqApeDl+HuLbaSh4Q2+cOZyT+7aMSRea1xjWKWuVGNvGs0cuCqtWPHaNh1bunCK X-Received: by 2002:a9d:58c9:: with SMTP id s9mr2566817oth.121.1576078990734; Wed, 11 Dec 2019 07:43:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078990; cv=none; d=google.com; s=arc-20160816; b=KRg4pkH9ULzQtcMKjpt0gtrOPm3ohQoHfyeMNF5Ph6/4BI1sUOekkqJKLVqzrtjBdZ xwMmBnBUSADNryvDDZ9/XWV0q7aZ/WLDsGHdJ+ua9jOrucKroB1jkr5ZviO2qoP5JULW GTWPerfdlKEEh6/Xew5Gf1NygluhDuL6w9bhQS+x2Mnza5nZMxQz9jThzzoyMHCTZy/6 Q94mIckzbluDxOhZlYsGpfzqh1j4hPivh9D4fwySLd9tJTutU1zNzjcnPLRzpphM+JwL qB0EMSzvhYERY+SWkVMzFq+Q/nssaVMObbJFydIr8sVpV575pbi67EpLIQL8+y/naKwU FlEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=S1SnB9EaiC7baDFTFO7cCuMYBobNtYsX6n3JZVtRjjM=; b=BoLp/BaTYlClWgUFC1a6n8USd6DC+0MKq1KYG58hHjvnI1HPUZ/oPEKRpCzBIWaUNi 142hBDzt0ZrS6YkTZ79Zw97/HczcaF5OVsFPmj4Bn/KIyg1gMo1CkKxxD+1+fW1glnzo 7JJ58Q4kqTGxU8eJ4PXhbMKID3R5GlibkQMlnNhxShc/qEvQIsM+b3c9rYbu3XUHCOGF pVEx8rw60G0ui4+SWDFnGVoT4jVAeHNxM1skDhRnDBEsEOjFtMsdcpHzO45vGnupAVn0 VEWzbBfeZN0WpspsDoqeK8QfiW7438XMK8/sxDcS2HclEBzYgIgIzuK9jBL263j00Ao9 sL3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 185si1340581oie.52.2019.12.11.07.43.10; Wed, 11 Dec 2019 07:43:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729315AbfLKPnI (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:08 -0500 Received: from foss.arm.com ([217.140.110.172]:35524 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387912AbfLKPnG (ORCPT ); Wed, 11 Dec 2019 10:43:06 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D0D8CDA7; Wed, 11 Dec 2019 07:43:05 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2962D3F52E; Wed, 11 Dec 2019 07:43:05 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 07/12] arm64: BTI: Decode BYTPE bits when printing PSTATE Date: Wed, 11 Dec 2019 15:42:01 +0000 Message-Id: <20191211154206.46260-8-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin The current code to print PSTATE symbolically when generating backtraces etc., does not include the BYTPE field used by Branch Target Identification. So, decode BYTPE and print it too. In the interests of human-readability, print the classes of BTI matched. The symbolic notation, BYTPE (PSTATE[11:10]) and permitted classes of subsequent instruction are: -- (BTYPE=0b00): any insn jc (BTYPE=0b01): BTI jc, BTI j, BTI c, PACIxSP -c (BYTPE=0b10): BTI jc, BTI c, PACIxSP j- (BTYPE=0b11): BTI jc, BTI j Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- arch/arm64/kernel/process.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 37c508f409ac..e8eb70cd3fa0 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -211,6 +211,15 @@ void machine_restart(char *cmd) while (1); } +#define bstr(suffix, str) [PSR_BTYPE_ ## suffix >> PSR_BTYPE_SHIFT] = str +static const char *const btypes[] = { + bstr(NONE, "--"), + bstr( JC, "jc"), + bstr( C, "-c"), + bstr( J , "j-") +}; +#undef bstr + static void print_pstate(struct pt_regs *regs) { u64 pstate = regs->pstate; @@ -229,7 +238,10 @@ static void print_pstate(struct pt_regs *regs) pstate & PSR_AA32_I_BIT ? 'I' : 'i', pstate & PSR_AA32_F_BIT ? 'F' : 'f'); } else { - printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO)\n", + const char *btype_str = btypes[(pstate & PSR_BTYPE_MASK) >> + PSR_BTYPE_SHIFT]; + + printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO BTYPE=%s)\n", pstate, pstate & PSR_N_BIT ? 'N' : 'n', pstate & PSR_Z_BIT ? 'Z' : 'z', @@ -240,7 +252,8 @@ static void print_pstate(struct pt_regs *regs) pstate & PSR_I_BIT ? 'I' : 'i', pstate & PSR_F_BIT ? 'F' : 'f', pstate & PSR_PAN_BIT ? '+' : '-', - pstate & PSR_UAO_BIT ? '+' : '-'); + pstate & PSR_UAO_BIT ? '+' : '-', + btype_str); } } From patchwork Wed Dec 11 15:42:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181258 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700901ile; Wed, 11 Dec 2019 07:43:18 -0800 (PST) X-Google-Smtp-Source: APXvYqxZ63i/NmFLfY6O8NDGUyvW5iLo/76jhaQGjlNXEud/XQ/o69yhyYg5JrAubtAsRCPz3ija X-Received: by 2002:aca:a9cd:: with SMTP id s196mr3320527oie.166.1576078998222; Wed, 11 Dec 2019 07:43:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078998; cv=none; d=google.com; s=arc-20160816; b=SEk2UvD2ELDL5/zYc/bdQ7IPdWcnL+ZUGvp3OMfy+/njTW+rbXC/kwb+p9jUzm/0rb z9OSc7JHdqGQbhLh6UuwZ2JWWFL1UZVnLkz1AT2ht4WFJ30hubi7eTvmQL/hqV8ullgo f4Mcv+ii9Kpg9HzXb8VrMB1ie+p8yvnllfNlVhi9qs607oFxdakwNm06NgqWsJL5S0bV y1ttWYSy09D+0chU5bNnJchvubO1CSzp+xEoVKEjsD92LjVgr6kM3c0U7I4YGntBTJnh GeCbo2foNg8lYHT0tKm2YB6Q97db+vXTJG/BOmyoAfof5727EekXDRnaQsKTCf3AsbrL 4d4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=eQNn68b3ary2zQb2XowfkyoxB7ExLQgUtCBhoPy5M+E=; b=rydDukSqJ8++0hAO/Wnn4eEL9anKqQiUQ+sTQFkzaGPzmThlD+Vw1dxKIaiPlOF6ND 8aocJuh7CfWgEqDsvnRxWmqSi70hSNk1j3B9nJaUCKkwFcToHmY7TniUkuS+vT3ENinU pMdUAeWlqRhfTU2QMnHs0lRAPOVfc2THTwuIxKH675AuAUm+UVqqFVOt4SITfE21DF2x F3RtmgonIOVWZO2pfeMZAIjBahPxPcD+fCbShYIg7AP9Xyf+xt5P8jibAoKXiI5rrEVf holEjYhZewAmP/Dfxe/01MBtQc5JKVLtLT/dIkySqNef2deoLpJMNlulDoxm9Q18Stqk BeLA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 185si1340581oie.52.2019.12.11.07.43.17; Wed, 11 Dec 2019 07:43:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387797AbfLKPnO (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:14 -0500 Received: from foss.arm.com ([217.140.110.172]:35554 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388698AbfLKPnJ (ORCPT ); Wed, 11 Dec 2019 10:43:09 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 28A7130E; Wed, 11 Dec 2019 07:43:08 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 75FC63F52E; Wed, 11 Dec 2019 07:43:07 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Rutland , Mark Brown Subject: [PATCH v4 08/12] arm64: unify native/compat instruction skipping Date: Wed, 11 Dec 2019 15:42:02 +0000 Message-Id: <20191211154206.46260-9-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin Skipping of an instruction on AArch32 works a bit differently from AArch64, mainly due to the different CPSR/PSTATE semantics. Currently arm64_skip_faulting_instruction() is only suitable for AArch64, and arm64_compat_skip_faulting_instruction() handles the IT state machine but is local to traps.c. Since manual instruction skipping implies a trap, it's a relatively slow path. So, make arm64_skip_faulting_instruction() handle both compat and native, and get rid of the arm64_compat_skip_faulting_instruction() special case. Signed-off-by: Dave Martin Reviewed-by: Mark Rutland Signed-off-by: Mark Brown --- arch/arm64/kernel/traps.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 84c7a88dd617..de01e5041d4d 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -269,6 +269,8 @@ void arm64_notify_die(const char *str, struct pt_regs *regs, } } +static void advance_itstate(struct pt_regs *regs); + void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) { regs->pc += size; @@ -279,6 +281,9 @@ void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) */ if (user_mode(regs)) user_fastforward_single_step(current); + + if (regs->pstate & PSR_MODE32_BIT) + advance_itstate(regs); } static LIST_HEAD(undef_hook); @@ -641,19 +646,12 @@ static void advance_itstate(struct pt_regs *regs) compat_set_it_state(regs, it); } -static void arm64_compat_skip_faulting_instruction(struct pt_regs *regs, - unsigned int sz) -{ - advance_itstate(regs); - arm64_skip_faulting_instruction(regs, sz); -} - static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) { int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; pt_regs_write_reg(regs, reg, arch_timer_get_rate()); - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); } static const struct sys64_hook cp15_32_hooks[] = { @@ -673,7 +671,7 @@ static void compat_cntvct_read_handler(unsigned int esr, struct pt_regs *regs) pt_regs_write_reg(regs, rt, lower_32_bits(val)); pt_regs_write_reg(regs, rt2, upper_32_bits(val)); - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); } static const struct sys64_hook cp15_64_hooks[] = { @@ -694,7 +692,7 @@ void do_cp15instr(unsigned int esr, struct pt_regs *regs) * There is no T16 variant of a CP access, so we * always advance PC by 4 bytes. */ - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); return; } From patchwork Wed Dec 11 15:42:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181257 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700852ile; Wed, 11 Dec 2019 07:43:15 -0800 (PST) X-Google-Smtp-Source: APXvYqyF2qZDr8jx2yDHwAH72udOkK5p3OjTNISAv/Hbwcmo6PSYmsEVe/1QSUm0/anXpeZRlNWw X-Received: by 2002:aca:b588:: with SMTP id e130mr3113627oif.169.1576078995604; Wed, 11 Dec 2019 07:43:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576078995; cv=none; d=google.com; s=arc-20160816; b=MWxk9x5kTpwdgjb2EbbsOfkR02dZOViUvhrRARVQteNbhE4Hl1+FiWWeYmNGwqbxPZ OwjCzou4gq2rYRNUu3/RRtvs8ET4WFu8q9khEisjDx8RhMvlBC33Xhe6XawuqvvSr6IL KYzJoAk6IsHLagXa3SgUPcfQ6KZeQMhkLVM5nO2oCgqTmZTGsrfW4OzqSnKzRoqeDH3y bSWpn1ElvfydbGwLHsvobBWe9ihy4/AWyYukHkZc/M8A8ZAEkpcj4MkSR9vfH5xK8E8K OsQAKi1dqy/u0fLWOeM1gIJp+l7Zy59xKQNgu/7F1IR5p9YG8k8nph6g7+RsHHJ0KQck IfCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=4S0cpP+tUnagHySWs6Aqtio4TuIshfpQY80/KGMhtso=; b=U/VSijFL4mopX8D/s/jnQvEtP0Rh3o0vVsmM0Z+SFJaC22eF2gEF3K8fIfdMYukJw5 0G2sjBce/TzfHOGwfEevO07fg33zFsb+9xBs2w0tM7sTRKspvB2JPbhS6jcwZgXeX/HC JvlhLGADw6XheZQDWWKPTQAWrTuV/HochW5yyJgzUU2YEcTXRKPMJN9M0Kb9H7hOOBz+ KajMVtyI1YNOy7UtO/Qo4+Vdjga0IeITeNwWNBrXUHkLDmuB7PkJN79GBwIEB53Nw/0t Qcn5UIoZyrbxXNrHZfxBXi1+geaCC5KF6+K9YebgIbCmBlgmS6xFe5w+3GbrhzFBBF1E gHrw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 185si1340581oie.52.2019.12.11.07.43.15; Wed, 11 Dec 2019 07:43:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388729AbfLKPnO (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:14 -0500 Received: from foss.arm.com ([217.140.110.172]:35582 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387912AbfLKPnM (ORCPT ); Wed, 11 Dec 2019 10:43:12 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 799B4DA7; Wed, 11 Dec 2019 07:43:11 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C52103F52E; Wed, 11 Dec 2019 07:43:10 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 09/12] arm64: traps: Shuffle code to eliminate forward declarations Date: Wed, 11 Dec 2019 15:42:03 +0000 Message-Id: <20191211154206.46260-10-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin Hoist the IT state handling code earlier in traps.c, to avoid accumulating forward declarations. No functional change. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- arch/arm64/kernel/traps.c | 101 ++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 52 deletions(-) -- 2.20.1 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index de01e5041d4d..bf79d8024fbe 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -269,7 +269,55 @@ void arm64_notify_die(const char *str, struct pt_regs *regs, } } -static void advance_itstate(struct pt_regs *regs); +#ifdef CONFIG_COMPAT +#define PSTATE_IT_1_0_SHIFT 25 +#define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) +#define PSTATE_IT_7_2_SHIFT 10 +#define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) + +static u32 compat_get_it_state(struct pt_regs *regs) +{ + u32 it, pstate = regs->pstate; + + it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; + it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; + + return it; +} + +static void compat_set_it_state(struct pt_regs *regs, u32 it) +{ + u32 pstate_it; + + pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; + pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; + + regs->pstate &= ~PSR_AA32_IT_MASK; + regs->pstate |= pstate_it; +} + +static void advance_itstate(struct pt_regs *regs) +{ + u32 it; + + /* ARM mode */ + if (!(regs->pstate & PSR_AA32_T_BIT) || + !(regs->pstate & PSR_AA32_IT_MASK)) + return; + + it = compat_get_it_state(regs); + + /* + * If this is the last instruction of the block, wipe the IT + * state. Otherwise advance it. + */ + if (!(it & 7)) + it = 0; + else + it = (it & 0xe0) | ((it << 1) & 0x1f); + + compat_set_it_state(regs, it); +} void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) { @@ -575,34 +623,6 @@ static const struct sys64_hook sys64_hooks[] = { {}, }; - -#ifdef CONFIG_COMPAT -#define PSTATE_IT_1_0_SHIFT 25 -#define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) -#define PSTATE_IT_7_2_SHIFT 10 -#define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) - -static u32 compat_get_it_state(struct pt_regs *regs) -{ - u32 it, pstate = regs->pstate; - - it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; - it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; - - return it; -} - -static void compat_set_it_state(struct pt_regs *regs, u32 it) -{ - u32 pstate_it; - - pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; - pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; - - regs->pstate &= ~PSR_AA32_IT_MASK; - regs->pstate |= pstate_it; -} - static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) { int cond; @@ -623,29 +643,6 @@ static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) return aarch32_opcode_cond_checks[cond](regs->pstate); } -static void advance_itstate(struct pt_regs *regs) -{ - u32 it; - - /* ARM mode */ - if (!(regs->pstate & PSR_AA32_T_BIT) || - !(regs->pstate & PSR_AA32_IT_MASK)) - return; - - it = compat_get_it_state(regs); - - /* - * If this is the last instruction of the block, wipe the IT - * state. Otherwise advance it. - */ - if (!(it & 7)) - it = 0; - else - it = (it & 0xe0) | ((it << 1) & 0x1f); - - compat_set_it_state(regs, it); -} - static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) { int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; From patchwork Wed Dec 11 15:42:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181260 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp701001ile; Wed, 11 Dec 2019 07:43:24 -0800 (PST) X-Google-Smtp-Source: APXvYqxkhUwrOSzHLk2uyoQYnbnD+nGGFI5pNOSgXYQBsPBlc+k8SiZyQdK15L6C26DeP0dtPe8f X-Received: by 2002:a05:6830:22ee:: with SMTP id t14mr2659729otc.236.1576079004649; Wed, 11 Dec 2019 07:43:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079004; cv=none; d=google.com; s=arc-20160816; b=l293pSMDyzeMUTO+ce/SMxJi7pV4waa0wRmJpSf/AdxtzLcCy5ZrPNzaV2FTKCknZ+ M2tF2yEZkDBr31ppYNixC0noKD3dH5OMn3fSLadPsCoRSZuG6Zbu2VqWYfkuyCE2kBuY nAsjAN8cVCeIBLqqmYwcVNExw7D6CxoqWqG1jJGYXb5BXVkk7wstMX5ywJujPUQRWCN4 tB2kIK/bptWssqxgjwSsQ4ztFAswM9paaR0xiJvts3/Tl95gXesE+oMMZW9bQPa7Z4SB JUAgPiABc5zhsorhzxmb3RqblDhQqzCOF0MueMnKtU09evmIaj1Hx0svA//Z3zlFVe+k tGmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=e9YqLX5MhzVOhNDAP+AZg2FrvXUvfjQM7El1wCaw0nE=; b=xI2hkB4JR380dxXppE9jw2YXgYERXPVgWx+gi0sYPvpQDFnjyMX/8Hyoh78FFI2512 RxcvIIpOYc6jE1ymCLHYIVe1xmYX0y81Bkso+wOmzzfsfbR464lA1PQRaWZHJH7Qjk8Q ME9+qaXIqF7RFhteNgwK1242RxDladxbpYWuh8K5ZWd29bgrwWXklaahzFJQ2XknNXc4 fM8JcQobUd7y5j3TlwGziIpIkAe2ePpXVd9oMnaXv8vEQae4yQBZRYotdHKTqZJ0cwh0 M2T34lQsB/uPOeKzz5VsukzN7gyKKpBntOY5b57uFD0euiPuJ5DL6joSJWfQUEbFMALn jKiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c131si1166055oig.170.2019.12.11.07.43.23; Wed, 11 Dec 2019 07:43:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387851AbfLKPnT (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:19 -0500 Received: from foss.arm.com ([217.140.110.172]:35612 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388372AbfLKPnO (ORCPT ); Wed, 11 Dec 2019 10:43:14 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9F2D431B; Wed, 11 Dec 2019 07:43:13 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1EE213F52E; Wed, 11 Dec 2019 07:43:13 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 10/12] arm64: BTI: Reset BTYPE when skipping emulated instructions Date: Wed, 11 Dec 2019 15:42:04 +0000 Message-Id: <20191211154206.46260-11-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin Since normal execution of any non-branch instruction resets the PSTATE BTYPE field to 0, so do the same thing when emulating a trapped instruction. Branches don't trap directly, so we should never need to assign a non-zero value to BTYPE here. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- arch/arm64/kernel/traps.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.20.1 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index bf79d8024fbe..9fc05ae500e6 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -332,6 +332,8 @@ void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) if (regs->pstate & PSR_MODE32_BIT) advance_itstate(regs); + else + regs->pstate &= ~PSR_BTYPE_MASK; } static LIST_HEAD(undef_hook); From patchwork Wed Dec 11 15:42:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181259 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp700963ile; Wed, 11 Dec 2019 07:43:22 -0800 (PST) X-Google-Smtp-Source: APXvYqz6HYrloK8zxGUWwbxgHzqIKynP7QE1PoT/7NB/4JUnfvNio5vgw8zHPdi0QOw+h8Q1hYpQ X-Received: by 2002:aca:fdc2:: with SMTP id b185mr3382842oii.74.1576079002384; Wed, 11 Dec 2019 07:43:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079002; cv=none; d=google.com; s=arc-20160816; b=XXMNzVFiGJ0UTlRECUrg1/q35pgWwSU8eq4O0EWfea/QERlq+U+nDCUGGH21FQoRN9 VgL3zWzaHr4kHQtUODa9jYMTqQodmHK2IJqOvHjcJN5bb5KH+moQqZfTdTP5GXFuOMp/ ps9XUU5WYgu0RsnSF1OMsVHVz4lPNVXxBBjpvFwZCzenoGyd00eA9YSESZC4QHEZtP8q ScrqWzlpzqARJfHtksQMg3ac9M0wNfI3OAJFB6JsaaGZVdFc2er4Z5nW+94G3BycBK0V +dvq0Zenf0XWp7SQEDCGjWLkMgtLIwmmUtQJUNcEX6GCiKiovzt3m4l7DqN+o9x0PJDt eB1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=vpl2P6UO5jzxb8HeyntRKDCXPB5CQyax+bousJop3xA=; b=t61nR/bhQZMMjE9pJH56qwDkG/xnj+YjHFTx0S7mmtLzn1u5vOxw3XOOlD5Ocwj5LF 15Hc2mlzQOAlVpH2R2Mx0V2d2Pwb/a1lPSXSPzPdsbWni3e8hg6ymqJaJJ9rLEhX3JsQ vT4sE2wdIWkvjex/ZV3r7CdUPG9d/Hb64iUzXt/EX2QPHDOZQF6Q8bJMQNvhcbmwtNe/ SXyeJxV4opqAl5w1c1+1unNClqZDOYmZUXrbVGZZOBvJO/zw1epnHWnv/fE3bbzPZ4sZ H3+IoVq41+d+ua/LIjftojlRMWsYM4ED9hJjf6bWZsRbvDZnZgKm5Ueg+qWpliDe5s7g 3H2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c131si1166055oig.170.2019.12.11.07.43.22; Wed, 11 Dec 2019 07:43:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388741AbfLKPnU (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:20 -0500 Received: from foss.arm.com ([217.140.110.172]:35634 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731277AbfLKPnQ (ORCPT ); Wed, 11 Dec 2019 10:43:16 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EB6A71007; Wed, 11 Dec 2019 07:43:15 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 448323F52E; Wed, 11 Dec 2019 07:43:15 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Dave Martin , Mark Brown Subject: [PATCH v4 11/12] KVM: arm64: BTI: Reset BTYPE when skipping emulated instructions Date: Wed, 11 Dec 2019 15:42:05 +0000 Message-Id: <20191211154206.46260-12-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Martin Since normal execution of any non-branch instruction resets the PSTATE BTYPE field to 0, so do the same thing when emulating a trapped instruction. Branches don't trap directly, so we should never need to assign a non-zero value to BTYPE here. Signed-off-by: Dave Martin Signed-off-by: Mark Brown --- arch/arm64/include/asm/kvm_emulate.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.20.1 diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index 5efe5ca8fecf..05fb1b4e0fa2 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -470,10 +470,12 @@ static inline unsigned long vcpu_data_host_to_guest(struct kvm_vcpu *vcpu, static inline void kvm_skip_instr(struct kvm_vcpu *vcpu, bool is_wide_instr) { - if (vcpu_mode_is_32bit(vcpu)) + if (vcpu_mode_is_32bit(vcpu)) { kvm_skip_instr32(vcpu, is_wide_instr); - else + } else { *vcpu_pc(vcpu) += 4; + *vcpu_cpsr(vcpu) &= ~PSR_BTYPE_MASK; + } /* advance the singlestep state machine */ *vcpu_cpsr(vcpu) &= ~DBG_SPSR_SS; From patchwork Wed Dec 11 15:42:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 181261 Delivered-To: patch@linaro.org Received: by 2002:a92:3001:0:0:0:0:0 with SMTP id x1csp701053ile; Wed, 11 Dec 2019 07:43:28 -0800 (PST) X-Google-Smtp-Source: APXvYqxdRXPg0ABpnpvN8Z3drfFYT/EBcg6YaWhzgFieJaC1wthS3Bw8RfRafxmn70vkjglFIPT+ X-Received: by 2002:aca:fc02:: with SMTP id a2mr3092741oii.38.1576079008119; Wed, 11 Dec 2019 07:43:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576079008; cv=none; d=google.com; s=arc-20160816; b=MjOqS/8pQ0MmXcGR+PKxk4siaigqdqYU3fh7fSifAZE0QjPfXPJ0KlZfAlMhdZDk1Q 1xdCmWIVxGVM9OolCJZ3YUAPpTsj6LWJ4MSouCHuZTEW0iEPryum4q/7lzArCoIHvCFQ eZOyJ2m5JtGwaSvfTxHS+KilIFjN4TxzWwNKvZy/eI5lcJs7amJA9G0zSRnqJ7g9fRfR XtZR3Qil+psl0gRPTB9fsbA4WsDYkLWtT7b8eLkwswtCAPsTEkrmNZvTxIXPdKS5XF87 BX/LJPurT4XydyEwqyrHKcvZnN9XIiM9XyGhXBseZrFhWf0ZZcxdwa63yfUk1RcVoL7P wHBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=8zIpPeR6Yv0wwJx2DRNtTBxCRw5Cps6ULfMNqVjDUk8=; b=hnaTjL4abDb08r8hNw6Glq2C6gCrqzM1ga+TqLyI1PLTS8z2IdMiPt/orAqFD9bt9M 1hgkEQH/sbYwqEBYlBka2SMsdLdP5PW0vTqq8riAEHn1RVE0fSgMvFXFHyqNjf0Jzw7v 2iCCtFaQvW7DgWlFx//hKNt3kuXydrolzMhC7IK11hf9WKka8TX9W5gTkD/1bvPSVQKR CehRDbBvxf1wf4SAuAIxV1mhNVVAzSvmCSxyYK8YZd6LwuYcaSm8Gy8hY0+T4UP/aPbR yXeX3KgMcVnNpk0YTnq6jUh9zd37u/tmUJ0n2Tx3ItNg9sC18Ysu1HkAVmpv3nKr60yU +Drw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s64si1374401oig.147.2019.12.11.07.43.27; Wed, 11 Dec 2019 07:43:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388742AbfLKPn0 (ORCPT + 27 others); Wed, 11 Dec 2019 10:43:26 -0500 Received: from foss.arm.com ([217.140.110.172]:35658 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387846AbfLKPnS (ORCPT ); Wed, 11 Dec 2019 10:43:18 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4613630E; Wed, 11 Dec 2019 07:43:18 -0800 (PST) Received: from localhost (unknown [10.37.6.21]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 93B5C3F52E; Wed, 11 Dec 2019 07:43:17 -0800 (PST) From: Mark Brown To: Catalin Marinas , Will Deacon Cc: Paul Elliott , Peter Zijlstra , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , Marc Zyngier , Eugene Syromiatnikov , Szabolcs Nagy , "H.J. Lu" , Andrew Jones , Kees Cook , Arnd Bergmann , Jann Horn , Richard Henderson , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Thomas Gleixner , Florian Weimer , Sudakshina Das , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Mark Brown Subject: [PATCH v4 12/12] arm64: mm: Display guarded pages in ptdump Date: Wed, 11 Dec 2019 15:42:06 +0000 Message-Id: <20191211154206.46260-13-broonie@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191211154206.46260-1-broonie@kernel.org> References: <20191211154206.46260-1-broonie@kernel.org> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org v8.5-BTI introduces the GP field in stage 1 translation tables which indicates that blocks and pages with it set are guarded pages for which branch target identification checks should be performed. Decode this when dumping the page tables to aid debugging. Signed-off-by: Mark Brown --- arch/arm64/mm/dump.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.20.1 diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c index 0a920b538a89..880bd5160dc2 100644 --- a/arch/arm64/mm/dump.c +++ b/arch/arm64/mm/dump.c @@ -143,6 +143,11 @@ static const struct prot_bits pte_bits[] = { .val = PTE_UXN, .set = "UXN", .clear = " ", + }, { + .mask = PTE_GP, + .val = PTE_GP, + .set = "GP", + .clear = " ", }, { .mask = PTE_ATTRINDX_MASK, .val = PTE_ATTRINDX(MT_DEVICE_nGnRnE),