From patchwork Thu Oct 10 18:44:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175814 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683038ill; Thu, 10 Oct 2019 11:45:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqx5hNlmxWuCQgVxSIPWbkyTtlS6D+L+pkJHOUm+/Fa7RkO4Ld1uWlpMrE3r5qGVQoQZkoYW X-Received: by 2002:a05:6402:1817:: with SMTP id g23mr9601706edy.26.1570733135240; Thu, 10 Oct 2019 11:45:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733135; cv=none; d=google.com; s=arc-20160816; b=QUP0vg0HYp8JAzorwgeqWiV7kOlPqTnxCC+CoOkVB8BIzc60xqhmYSiKNQsUsPHfiD pjy4TvwPUwv+XBkZDRIQIXA3Z2A0LVi38QS2Ctx9v33NEALq2Sw3aBSmNW+w4DXBJUrl MK5thVHyKsMHfMJZuiaSx1fAkkFfCTh6Z5ACnq9sTjEWF1maMPBJltmBrPQ6XUvOOeNF V4TuauGq43jTsQC949Q58WtS5c8m2pZVhBM0xjiMhAHoJFjoFsxNkeJrg/YS9rUt0GIy xXSYvbyqhBNMa0GGvDU8BwYdIY+faMyrEeYyAOfdY4tO96pup3iYvPZdeEGmYKdkA9yN PHjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=ANN5cN195MmjwES4H0We2PeazLTk3q9fFcaZMS1XNFQ=; b=VpNIv3vLeW1QbIpwbHre5Yx6BKrw2j4YBnMFfBYK/LAOY+D+XJpZ5QZ3o0zjhJxhHZ Bq8axeDFTRj1Bkf1ioq76N62kGMKtI0fzAjjq2+qbZUd8daAiyUA6OBmaqv0aDo9/Nc3 SMh3Mm7CFmohcgqchi2I2EuTswuS4pjcqyGcXfURA7P8+2qTsc5TwzFr355b5lTyLlMj w6EvWx64mlYYbqiD+yr9uivl9ReUAtFXr5ESYHv9ptnUa+P6v773PvQqKxvT16sz1tCd FJqQqrpwdG0wGfE1MYozLfrSrTSuk4sAOvfCLlR/2LGo8SeWYKi4hI3Hitllw8BY1AD/ WsEw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si3576260edw.51.2019.10.10.11.45.35; Thu, 10 Oct 2019 11:45:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727131AbfJJSpd (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:33 -0400 Received: from foss.arm.com ([217.140.110.172]:38286 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSpd (ORCPT ); Thu, 10 Oct 2019 14:45:33 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9494328; Thu, 10 Oct 2019 11:45:32 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id E54C13F703; Thu, 10 Oct 2019 11:45:29 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 01/12] ELF: UAPI and Kconfig additions for ELF program properties Date: Thu, 10 Oct 2019 19:44:29 +0100 Message-Id: <1570733080-21015-2-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Pull the basic ELF definitions relating to the NT_GNU_PROPERTY_TYPE_0 note from Yu-Cheng Yu's earlier x86 shstk series. Signed-off-by: Yu-cheng Yu Signed-off-by: Dave Martin --- Changes since RFC v2: * Fix struct gnu_property indentation to follow the linux coding style --- fs/Kconfig.binfmt | 3 +++ include/linux/elf.h | 8 ++++++++ include/uapi/linux/elf.h | 1 + 3 files changed, 12 insertions(+) -- 2.1.4 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index 62dc4f5..d2cfe07 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -36,6 +36,9 @@ config COMPAT_BINFMT_ELF config ARCH_BINFMT_ELF_STATE bool +config ARCH_USE_GNU_PROPERTY + bool + config BINFMT_ELF_FDPIC bool "Kernel support for FDPIC ELF binaries" default y if !BINFMT_ELF diff --git a/include/linux/elf.h b/include/linux/elf.h index e3649b3..459cddc 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -2,6 +2,7 @@ #ifndef _LINUX_ELF_H #define _LINUX_ELF_H +#include #include #include @@ -56,4 +57,11 @@ static inline int elf_coredump_extra_notes_write(struct coredump_params *cprm) { extern int elf_coredump_extra_notes_size(void); extern int elf_coredump_extra_notes_write(struct coredump_params *cprm); #endif + +/* NT_GNU_PROPERTY_TYPE_0 header */ +struct gnu_property { + u32 pr_type; + u32 pr_datasz; +}; + #endif /* _LINUX_ELF_H */ diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 34c02e4..c377314 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -36,6 +36,7 @@ typedef __s64 Elf64_Sxword; #define PT_LOPROC 0x70000000 #define PT_HIPROC 0x7fffffff #define PT_GNU_EH_FRAME 0x6474e550 +#define PT_GNU_PROPERTY 0x6474e553 #define PT_GNU_STACK (PT_LOOS + 0x474e551) From patchwork Thu Oct 10 18:44:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175815 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683095ill; Thu, 10 Oct 2019 11:45:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqzIk5uNmd4cJlzs+W194M/g2PIhXuDJL6PdxSpH5w/cJE9e+2oAyr64g30leT0A3RXgR1QY X-Received: by 2002:a05:6402:1492:: with SMTP id e18mr9488203edv.140.1570733137790; Thu, 10 Oct 2019 11:45:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733137; cv=none; d=google.com; s=arc-20160816; b=O/d9hvoCM/jvT0C8YnXiDnpkaBBTXVKgEL+YYrrc2h7qL8Z4hnl9NDZmu5eIfNgF+e S/qjlWdy8LU+OMV99/tHqdCgeufLxU7uRrxxXHpD/E245VmbOQNpeW4PPkxckdbB6wj7 l8xokn7PtMv24xjtWLgpgvScu/OUU+9HnChon8GhIAcN+PNnU7B1kYCub/rj1A5w9gHs QUq6PH1f9dMYNtIJs3DIxBBfqnU0H3ThvzTnfRPDsFTnIIdAbqLk9UAbRYK5g4RjP+o0 xs7zDenZ4GRkfHhXYsiqND6rlGxIQV6AxUPAKyuUJNZsNTtjw+wb62yIeqJnsDfTe3Ml KN5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=h/gs1UjXkE7Qqq4TOJoMDeRyPdHNMTNfTAbcXzGBXLo=; b=jpOgnncyjn4KB50l+9nCbIGeHGxp35g8wuU2fAvO/uObe5If07WxCl+3qy7YqafJlQ uun0rYlHu4mH5FxrWtw9TtQrL+6/76KmTPJQ9TIOH0Y+CEBN5PVkKcjAxQHpS5Ix6D6G 2e+2YbFNucRXtV/BVJf1c2VPadjjpq9AYQKy+ZMCaqUeBtsJXLs4wvMwISuESICVHCoQ Ct2N5AX6E/7ljhii25rzA6aUIOfJVsswALnhUzLGXQ9bkeHqA4BlaHmJX/Gj/rKiBOdA xxMKvc9Zk9JcHBzrsuOU94jw0mwHydHE5rHELpMgUXhP2lsDZKuRupXmTB9AoHUfWwSi CTaA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si3576260edw.51.2019.10.10.11.45.37; Thu, 10 Oct 2019 11:45:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727151AbfJJSph (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:37 -0400 Received: from foss.arm.com ([217.140.110.172]:38314 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSpg (ORCPT ); Thu, 10 Oct 2019 14:45:36 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7CAF71000; Thu, 10 Oct 2019 11:45:35 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CD2713F703; Thu, 10 Oct 2019 11:45:32 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 02/12] ELF: Add ELF program property parsing support Date: Thu, 10 Oct 2019 19:44:30 +0100 Message-Id: <1570733080-21015-3-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ELF program properties will be needed for detecting whether to enable optional architecture or ABI features for a new ELF process. For now, there are no generic properties that we care about, so do nothing unless CONFIG_ARCH_USE_GNU_PROPERTY=y. Otherwise, the presence of properties using the PT_PROGRAM_PROPERTY phdrs entry (if any), and notify each property to the arch code. For now, the added code is not used. Signed-off-by: Dave Martin --- [Dropped Kees' Reviewed-by -- rework in parse_elf_property() needs review.] Changes since RFC v2: * Rework parse_elf_property() for clearer tracking the current parsing cursor in the property data. o is now the current offset into data. datasz is now kept updated to reflect the amount of data _remaining_ starting at offset o. This hopefully makes "next item size > remaining data size" checks more intuitive. The final offset is assigned back to *off on success, as before. * Rename elf*_gnu_property_align #defines to upper case, to reflect the fact that these are contants, not type name aliases. --- fs/binfmt_elf.c | 127 +++++++++++++++++++++++++++++++++++++++++++++++ fs/compat_binfmt_elf.c | 4 ++ include/linux/elf.h | 19 +++++++ include/uapi/linux/elf.h | 4 ++ 4 files changed, 154 insertions(+) -- 2.1.4 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index c5642bc..ae345f6 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -39,12 +39,18 @@ #include #include #include +#include +#include #include #include #include #include #include +#ifndef ELF_COMPAT +#define ELF_COMPAT 0 +#endif + #ifndef user_long_t #define user_long_t long #endif @@ -670,6 +676,111 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, * libraries. There is no binary dependent code anywhere else. */ +static int parse_elf_property(const char *data, size_t *off, size_t datasz, + struct arch_elf_state *arch, + bool have_prev_type, u32 *prev_type) +{ + size_t o, step; + const struct gnu_property *pr; + int ret; + + if (*off == datasz) + return -ENOENT; + + if (WARN_ON(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN)) + return -EIO; + o = *off; + datasz -= *off; + + if (datasz < sizeof(*pr)) + return -EIO; + pr = (const struct gnu_property *)(data + o); + o += sizeof(*pr); + datasz -= sizeof(*pr); + + if (pr->pr_datasz > datasz) + return -EIO; + + WARN_ON(o % ELF_GNU_PROPERTY_ALIGN); + step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN); + if (step > datasz) + return -EIO; + + /* Properties are supposed to be unique and sorted on pr_type: */ + if (have_prev_type && pr->pr_type <= *prev_type) + return -EIO; + *prev_type = pr->pr_type; + + ret = arch_parse_elf_property(pr->pr_type, data + o, + pr->pr_datasz, ELF_COMPAT, arch); + if (ret) + return ret; + + *off = o + step; + return 0; +} + +#define NOTE_DATA_SZ SZ_1K +#define GNU_PROPERTY_TYPE_0_NAME "GNU" +#define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME)) + +static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, + struct arch_elf_state *arch) +{ + union { + struct elf_note nhdr; + char data[NOTE_DATA_SZ]; + } note; + loff_t pos; + ssize_t n; + size_t off, datasz; + int ret; + bool have_prev_type; + u32 prev_type; + + if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr) + return 0; + + /* load_elf_binary() shouldn't call us unless this is true... */ + if (WARN_ON(phdr->p_type != PT_GNU_PROPERTY)) + return -EIO; + + /* If the properties are crazy large, that's too bad (for now): */ + if (phdr->p_filesz > sizeof(note)) + return -ENOEXEC; + + pos = phdr->p_offset; + n = kernel_read(f, ¬e, phdr->p_filesz, &pos); + + BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); + if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) + return -EIO; + + if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || + note.nhdr.n_namesz != NOTE_NAME_SZ || + strncmp(note.data + sizeof(note.nhdr), + GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr))) + return -EIO; + + off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, + ELF_GNU_PROPERTY_ALIGN); + if (off > n) + return -EIO; + + if (note.nhdr.n_descsz > n - off) + return -EIO; + datasz = off + note.nhdr.n_descsz; + + have_prev_type = false; + do { + ret = parse_elf_property(note.data, &off, datasz, arch, + have_prev_type, &prev_type); + have_prev_type = true; + } while (!ret); + + return ret == -ENOENT ? 0 : ret; +} + static int load_elf_binary(struct linux_binprm *bprm) { struct file *interpreter = NULL; /* to shut gcc up */ @@ -677,6 +788,7 @@ static int load_elf_binary(struct linux_binprm *bprm) int load_addr_set = 0; unsigned long error; struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; + struct elf_phdr *elf_property_phdata = NULL; unsigned long elf_bss, elf_brk; int bss_prot = 0; int retval, i; @@ -724,6 +836,11 @@ static int load_elf_binary(struct linux_binprm *bprm) char *elf_interpreter; loff_t pos; + if (elf_ppnt->p_type == PT_GNU_PROPERTY) { + elf_property_phdata = elf_ppnt; + continue; + } + if (elf_ppnt->p_type != PT_INTERP) continue; @@ -819,9 +936,14 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ + elf_property_phdata = NULL; elf_ppnt = interp_elf_phdata; for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++) switch (elf_ppnt->p_type) { + case PT_GNU_PROPERTY: + elf_property_phdata = elf_ppnt; + break; + case PT_LOPROC ... PT_HIPROC: retval = arch_elf_pt_proc(&loc->interp_elf_ex, elf_ppnt, interpreter, @@ -832,6 +954,11 @@ static int load_elf_binary(struct linux_binprm *bprm) } } + retval = parse_elf_properties(interpreter ?: bprm->file, + elf_property_phdata, &arch_state); + if (retval) + goto out_free_dentry; + /* * Allow arch code to reject the ELF at this point, whilst it's * still possible to return an error to the code that invoked diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index b7f9ffa..67896e0 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -17,6 +17,8 @@ #include #include +#define ELF_COMPAT 1 + /* * Rename the basic ELF layout types to refer to the 32-bit class of files. */ @@ -28,11 +30,13 @@ #undef elf_shdr #undef elf_note #undef elf_addr_t +#undef ELF_GNU_PROPERTY_ALIGN #define elfhdr elf32_hdr #define elf_phdr elf32_phdr #define elf_shdr elf32_shdr #define elf_note elf32_note #define elf_addr_t Elf32_Addr +#define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN /* * Some data types as stored in coredump. diff --git a/include/linux/elf.h b/include/linux/elf.h index 459cddc..7bdc6da 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -22,6 +22,9 @@ SET_PERSONALITY(ex) #endif +#define ELF32_GNU_PROPERTY_ALIGN 4 +#define ELF64_GNU_PROPERTY_ALIGN 8 + #if ELF_CLASS == ELFCLASS32 extern Elf32_Dyn _DYNAMIC []; @@ -32,6 +35,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half #define Elf_Word Elf32_Word +#define ELF_GNU_PROPERTY_ALIGN ELF32_GNU_PROPERTY_ALIGN #else @@ -43,6 +47,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half #define Elf_Word Elf64_Word +#define ELF_GNU_PROPERTY_ALIGN ELF64_GNU_PROPERTY_ALIGN #endif @@ -64,4 +69,18 @@ struct gnu_property { u32 pr_datasz; }; +struct arch_elf_state; + +#ifndef CONFIG_ARCH_USE_GNU_PROPERTY +static inline int arch_parse_elf_property(u32 type, const void *data, + size_t datasz, bool compat, + struct arch_elf_state *arch) +{ + return 0; +} +#else +extern int arch_parse_elf_property(u32 type, const void *data, size_t datasz, + bool compat, struct arch_elf_state *arch); +#endif + #endif /* _LINUX_ELF_H */ diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index c377314..20900f4 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -368,6 +368,7 @@ typedef struct elf64_shdr { * Notes used in ET_CORE. Architectures export some of the arch register sets * using the corresponding note types via the PTRACE_GETREGSET and * PTRACE_SETREGSET requests. + * The note name for all these is "LINUX". */ #define NT_PRSTATUS 1 #define NT_PRFPREG 2 @@ -430,6 +431,9 @@ typedef struct elf64_shdr { #define NT_MIPS_FP_MODE 0x801 /* MIPS floating-point mode */ #define NT_MIPS_MSA 0x802 /* MIPS SIMD registers */ +/* Note types with note name "GNU" */ +#define NT_GNU_PROPERTY_TYPE_0 5 + /* Note header in a PT_NOTE section */ typedef struct elf32_note { Elf32_Word n_namesz; /* Name size */ From patchwork Thu Oct 10 18:44:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175816 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683153ill; Thu, 10 Oct 2019 11:45:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqxWYp6NhxD/MERCIgkelyxSF2QBPckNX38S3W7gGH0u5K6K6EfQw7ZSZoJzhC6YdB7eo6vv X-Received: by 2002:a17:906:4d50:: with SMTP id b16mr9513698ejv.245.1570733141030; Thu, 10 Oct 2019 11:45:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733141; cv=none; d=google.com; s=arc-20160816; b=QtMltoFDDCeSY/egpXUOvI6PWlCe/hh9tBY3X+g3Xe1Y289RuCXW6Bo1QqiqZt7IaN 4RtS9Q6D5gXcL4lFkqRqK+CRhi/uZGrufwnPWqYfeQJFgLN+ieCXziVx7Y+cZg4wSF6Z BxXZTWA4UBo1Qzj5yXmSgKS+THfpuO71PGKkglHQCr8EPaLI69nIKJSviGPt9FADnGas qS9gDtUTSXRV7FEXzr5D4ftlMCofrP6g6/Rv40vDD69ADTh4hSwSbaZHgrh4k9khrHxv GkOFmgBGy83h8kt+S3i+QucjjfUC6etujxutGAkyGU5KLMjqE37xehpNupDfy/yKpShs 6B3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=3Hera2G2eiKAaU3Aim9i6wg/7ybKyQW86IKeDQBRQ6c=; b=ps/rmBPnBTZi7BQCURyLPbSEveIJBWbr/X1Ph/sYc2mjFJ2Kb9t98flJ7A/qC75Cp1 4x2mz1QsV6q2QJ/XWvu9sPiyctfW//1j8TL10vFSIqScxAw4PaRp6cxDQ01bBqZ4A+7n 9+7iH5MSY3afDuPHjvVHMy8HBtFLEBkgrWve+sNaIPLyeRsqvx5xW/hRSB9KEJssUW2i YfKJAgE4HrY27qgav70VNAxiaX7ZsHkNdDi3Z9g5i73wmZszAJnofl8FOAVsilkyu3R1 c7GG8LCrVAKzfMC6D5gY5q5hlNh2PT4cHdovidKnVBBgrRfYYy5AruNzQ66T4b5C6CjP Jz6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c31si3894492edb.309.2019.10.10.11.45.40; Thu, 10 Oct 2019 11:45:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727169AbfJJSpk (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:40 -0400 Received: from foss.arm.com ([217.140.110.172]:38338 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSpj (ORCPT ); Thu, 10 Oct 2019 14:45:39 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 891B01570; Thu, 10 Oct 2019 11:45:38 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B54033F703; Thu, 10 Oct 2019 11:45:35 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 03/12] mm: Reserve asm-generic prot flag 0x10 for arch use Date: Thu, 10 Oct 2019 19:44:31 +0100 Message-Id: <1570733080-21015-4-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The asm-generic mman definitions are used by a few architectures that also define an arch-specific PROT flag with value 0x10. This currently applies to sparc and powerpc, and arm64 will soon join in. To help future maintainers, document the use of this flag in the asm-generic header too. Signed-off-by: Dave Martin --- include/uapi/asm-generic/mman-common.h | 1 + 1 file changed, 1 insertion(+) -- 2.1.4 diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h index c160a53..81442d2 100644 --- a/include/uapi/asm-generic/mman-common.h +++ b/include/uapi/asm-generic/mman-common.h @@ -11,6 +11,7 @@ #define PROT_WRITE 0x2 /* page can be written */ #define PROT_EXEC 0x4 /* page can be executed */ #define PROT_SEM 0x8 /* page may be used for atomic ops */ + /* 0x10 reserved for arch-specific use */ #define PROT_NONE 0x0 /* page can not be accessed */ #define PROT_GROWSDOWN 0x01000000 /* mprotect flag: extend change to start of growsdown vma */ #define PROT_GROWSUP 0x02000000 /* mprotect flag: extend change to end of growsup vma */ From patchwork Thu Oct 10 18:44:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175817 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683221ill; Thu, 10 Oct 2019 11:45:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqyiZ+i1cjVNGIj6Ld6JDM/1AEylhMWnGaar4GRsRqt53G6bpoyPyegdP9hqqCjLYLaLOwxX X-Received: by 2002:a17:906:f110:: with SMTP id gv16mr9799820ejb.331.1570733144108; Thu, 10 Oct 2019 11:45:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733144; cv=none; d=google.com; s=arc-20160816; b=B/tDn/7bKo1mbUeF3OGsDktZwkAoN8GSopPOhSAsgMqm7XGPGLxVDeJnO6o3BRufYh qi4bJ0Fljomwty6W3gukc379pq/ynGe76r4wZRIjdoE3Zkj62xbmaCyLb1Y2E5WVyyqY /ZV9Uz/pDrgje+Gje2UNDVqpf6QhTt8bhhjFGnOlMPR0oLrejSlEaIFR221zmODs+uMn 2aKYz50O4LdQsOhJHm5mCQ4uWRwddQT9C29bMdgriGKjwGIayF6asrSngL6u54hc/MSf Xw77F6ty54zNzDkyF8RwGjZpxTFO+cihm6eK0Dm1Bui7DN6WooyC7T6+R3SOsVwCAb4h MC2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=T3/tOgmVVIGbRXem5cYWpA1Wv2q5h/S5WJBUiU715IM=; b=SF0yY3r745z5FsFcuIz1atRKnQWyAGjB1aLMVKuhzyqAYexYdwi3LUMzLS9X+6to8i Ja/9vUVd6ZTLdArZH2H9itncIj+XKimI+ijCpIHYApBbw3uZ5zG9/LjRUYAFVsEGM4Lx mMJ4MEcFCP+2vSitETWZeBMChcNS5jsQV9fKCas3csY7MM1ntBBaFexya6JJ3NZ/dYQ4 YS0yG4CMTKdFZMjZuf7jDqKshr/hLO44fJE9+O5G+p/IqL7GMbARtv9DJKHuETxWtME+ 7YXVikZSzNcJGHR+OIQE5VCh0ejfdjDtG8SiYgdrY+h7vguX/wTJgVAnqakbaFL0eqUa snwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c31si3894492edb.309.2019.10.10.11.45.43; Thu, 10 Oct 2019 11:45:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727191AbfJJSpn (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:43 -0400 Received: from foss.arm.com ([217.140.110.172]:38368 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSpm (ORCPT ); Thu, 10 Oct 2019 14:45:42 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 71A3128; Thu, 10 Oct 2019 11:45:41 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C1A123F703; Thu, 10 Oct 2019 11:45:38 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 04/12] arm64: docs: cpu-feature-registers: Document ID_AA64PFR1_EL1 Date: Thu, 10 Oct 2019 19:44:32 +0100 Message-Id: <1570733080-21015-5-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit d71be2b6c0e1 ("arm64: cpufeature: Detect SSBS and advertise to userspace") exposes ID_AA64PFR1_EL1 to userspace, but didn't update the documentation to match. Add it. Signed-off-by: Dave Martin --- Note to maintainers: * This patch has been racing with various other attempts to fix the same documentation in the meantime. Since this patch only fixes the documenting for pre-existing features, it can safely be dropped if appropriate. The _new_ documentation relating to BTI feature reporting is in a subsequent patch, and needs to be retained. --- Documentation/arm64/cpu-feature-registers.rst | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 2.1.4 diff --git a/Documentation/arm64/cpu-feature-registers.rst b/Documentation/arm64/cpu-feature-registers.rst index 2955287..b86828f 100644 --- a/Documentation/arm64/cpu-feature-registers.rst +++ b/Documentation/arm64/cpu-feature-registers.rst @@ -168,8 +168,15 @@ infrastructure: +------------------------------+---------+---------+ - 3) MIDR_EL1 - Main ID Register + 3) ID_AA64PFR1_EL1 - Processor Feature Register 1 + +------------------------------+---------+---------+ + | Name | bits | visible | + +------------------------------+---------+---------+ + | SSBS | [7-4] | y | + +------------------------------+---------+---------+ + + 4) MIDR_EL1 - Main ID Register +------------------------------+---------+---------+ | Name | bits | visible | +------------------------------+---------+---------+ @@ -188,7 +195,7 @@ infrastructure: as available on the CPU where it is fetched and is not a system wide safe value. - 4) ID_AA64ISAR1_EL1 - Instruction set attribute register 1 + 5) ID_AA64ISAR1_EL1 - Instruction set attribute register 1 +------------------------------+---------+---------+ | Name | bits | visible | @@ -210,7 +217,7 @@ infrastructure: | DPB | [3-0] | y | +------------------------------+---------+---------+ - 5) ID_AA64MMFR2_EL1 - Memory model feature register 2 + 6) ID_AA64MMFR2_EL1 - Memory model feature register 2 +------------------------------+---------+---------+ | Name | bits | visible | @@ -218,7 +225,7 @@ infrastructure: | AT | [35-32] | y | +------------------------------+---------+---------+ - 6) ID_AA64ZFR0_EL1 - SVE feature ID register 0 + 7) ID_AA64ZFR0_EL1 - SVE feature ID register 0 +------------------------------+---------+---------+ | Name | bits | visible | From patchwork Thu Oct 10 18:44:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175818 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683294ill; Thu, 10 Oct 2019 11:45:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqw59uiesP2o6nLHG69KtMs0IQVI5Az/zPpz8ir5Ryix0RXfJiaeYgZV+17bkRacBaEwXV8Q X-Received: by 2002:a50:9f68:: with SMTP id b95mr9468692edf.301.1570733148555; Thu, 10 Oct 2019 11:45:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733148; cv=none; d=google.com; s=arc-20160816; b=jT9YMkdawGZTU8K6v+xktb1gFTUdv0z6tQAlCurAFkEzfH8O3ovTVol8jV8+f+1Bcp cxWQ3gnZCDItuxakx8i6SPexCubS+j0DyBHHhdMxzvVpujjP4s68KkOd8L86Th5GdvGm qPr8jyGJxM6Sm16+unxmOVz6zggBlov4ciKHjIhsCOK4+KCKncMuM/wbIKUybPhJ+7kz 5rnAzVYomv3pgCAG9nwA9Pl2TX4pDNHmsQE3GkK7DPmKEg8sHk3YuuSnLsbUfEsLWKe5 mdcLu+a/Y21tf+9gqmWyKLAbxulE7Zjf9XgtlR2deRT6P+Ng9acY8b0JkQ6TYwSGv5LS MvtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=tr0/E0lpA38yQlqFXxX3X99IgK795FZDcVhdoqDpIsQ=; b=yCTNcxauubaQfZxc5sPgYey7vKPkqQgaKBK0NZ+lpounCndZsOunfkftV/IHd3tm1m Xn+obi6Rf3r5wZBz13rmJqIe4Qc1Dp81/rRkBcJHqRSpJ7CEwQ2e5EMUuV3DbD6SKGM6 JHC9mo0Z6N7ox9GU7KZ5GZPH1RDNb1xxKlrAlSooXPztaUsL/ItjPT7ciEGw3XL0XCwG fitJOAC8pGwZ06/KZTtyZoxgjXv1/G4iFzZMFATdPz9NsKWLsYTLAqp+z/r46GZHYrsf LAeX4qgv6vJ3T8FmTm7Y8BmXUvoqhjpSv6Erl4kYkXFnMSpKOLAMPWn/lLh55G6eZvvi ij5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d25si3473579edv.319.2019.10.10.11.45.48; Thu, 10 Oct 2019 11:45:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727216AbfJJSpr (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:47 -0400 Received: from foss.arm.com ([217.140.110.172]:38400 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSpp (ORCPT ); Thu, 10 Oct 2019 14:45:45 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 74E961000; Thu, 10 Oct 2019 11:45:44 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AAB923F703; Thu, 10 Oct 2019 11:45:41 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 05/12] arm64: Basic Branch Target Identification support Date: Thu, 10 Oct 2019 19:44:33 +0100 Message-Id: <1570733080-21015-6-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch adds the bare minimum required to expose the ARMv8.5 Branch Target Identification feature to userspace. By itself, this does _not_ automatically enable BTI for any initial executable pages mapped by execve(). This will come later, but for now it should be possible to enable BTI manually on those pages by using mprotect() from within the target process. Other arches already using the generic mman.h are already using 0x10 for arch-specific prot flags, so we use that for PROT_BTI here. For consistency, signal handler entry points in BTI guarded pages are required to be annotated as such, just like any other function. This blocks a relatively minor attack vector, but comforming userspace will have the annotations anyway, so we may as well enforce them. Signed-off-by: Dave Martin --- Changes since v1: * Configure SCTLR_EL1.BTx to disallow BR onto a PACIxSP instruction (except via X16/X17): The AArch64 procedure call standard requires binaries marked with GNU_PROPERTY_AARCH64_FEATURE_1_BTI to use X16/X17 in trampolines and tail calls, so it makes no sense to be permissive. * Rename PROT_BTI_GUARDED to PROT_BTI. * Rename VM_ARM64_GP to VM_ARM64_BTI: Although the architectural name for the BTI page table bit is "GP", BTI is nonetheless the feature it controls. So avoid introducing the "GP" naming just for this -- it's just an unecessary extra source of confusion. * Tidy up masking with ~PSR_BTYPE_MASK. * Drop masking out of BTYPE on SVC, with a comment outlining why. * Split PSR_BTYPE_SHIFT definition into this patch. It's not useful yet, but it makes sense to define PSR_BTYPE_* using this from the outset. * Migrate to ct_user_exit_irqoff in entry.S:el0_bti. --- Documentation/arm64/cpu-feature-registers.rst | 2 ++ Documentation/arm64/elf_hwcaps.rst | 4 ++++ arch/arm64/Kconfig | 23 +++++++++++++++++++ arch/arm64/include/asm/cpucaps.h | 3 ++- arch/arm64/include/asm/cpufeature.h | 6 +++++ arch/arm64/include/asm/esr.h | 2 +- arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/mman.h | 33 +++++++++++++++++++++++++++ arch/arm64/include/asm/pgtable-hwdef.h | 1 + arch/arm64/include/asm/pgtable.h | 2 +- arch/arm64/include/asm/ptrace.h | 3 +++ arch/arm64/include/asm/sysreg.h | 4 ++++ arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/include/uapi/asm/mman.h | 9 ++++++++ arch/arm64/include/uapi/asm/ptrace.h | 1 + arch/arm64/kernel/cpufeature.c | 33 +++++++++++++++++++++++++++ arch/arm64/kernel/cpuinfo.c | 1 + arch/arm64/kernel/entry.S | 11 +++++++++ arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/kernel/signal.c | 5 ++++ arch/arm64/kernel/syscall.c | 18 +++++++++++++++ arch/arm64/kernel/traps.c | 7 ++++++ include/linux/mm.h | 3 +++ 23 files changed, 171 insertions(+), 4 deletions(-) create mode 100644 arch/arm64/include/asm/mman.h create mode 100644 arch/arm64/include/uapi/asm/mman.h -- 2.1.4 diff --git a/Documentation/arm64/cpu-feature-registers.rst b/Documentation/arm64/cpu-feature-registers.rst index b86828f..c96c7df 100644 --- a/Documentation/arm64/cpu-feature-registers.rst +++ b/Documentation/arm64/cpu-feature-registers.rst @@ -174,6 +174,8 @@ infrastructure: +------------------------------+---------+---------+ | SSBS | [7-4] | y | +------------------------------+---------+---------+ + | BT | [3-0] | y | + +------------------------------+---------+---------+ 4) MIDR_EL1 - Main ID Register diff --git a/Documentation/arm64/elf_hwcaps.rst b/Documentation/arm64/elf_hwcaps.rst index 91f7952..296dcac 100644 --- a/Documentation/arm64/elf_hwcaps.rst +++ b/Documentation/arm64/elf_hwcaps.rst @@ -201,6 +201,10 @@ HWCAP2_FRINT Functionality implied by ID_AA64ISAR1_EL1.FRINTTS == 0b0001. +HWCAP2_BTI + + Functionality implied by ID_AA64PFR0_EL1.BT == 0b0001. + 4. Unused AT_HWCAP bits ----------------------- diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 41a9b42..159ee69 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1410,6 +1410,29 @@ config ARM64_PTR_AUTH endmenu +menu "ARMv8.5 architectural features" + +config ARM64_BTI + bool "Branch Target Identification support" + default y + help + Branch Target Identification (part of the ARMv8.5 Extensions) + provides a mechanism to limit the set of locations to which computed + branch instructions such as BR or BLR can jump. + + This is intended to provide complementary protection to other control + flow integrity protection mechanisms, such as the Pointer + authentication mechanism provided as part of the ARMv8.2 Extensions. + + To make use of BTI on CPUs that support it, say Y. + + Userspace binaries must also be specifically compiled to make use of + this mechanism. If you say N here or the hardware does not support + BTI, such binaries can still run, but you get no additional + enforcement of branch destinations. + +endmenu + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h index f19fe4b..946165e 100644 --- a/arch/arm64/include/asm/cpucaps.h +++ b/arch/arm64/include/asm/cpucaps.h @@ -52,7 +52,8 @@ #define ARM64_HAS_IRQ_PRIO_MASKING 42 #define ARM64_HAS_DCPODP 43 #define ARM64_WORKAROUND_1463225 44 +#define ARM64_BTI 45 -#define ARM64_NCAPS 45 +#define ARM64_NCAPS 46 #endif /* __ASM_CPUCAPS_H */ diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h index 9cde5d2..84fa48f 100644 --- a/arch/arm64/include/asm/cpufeature.h +++ b/arch/arm64/include/asm/cpufeature.h @@ -613,6 +613,12 @@ static inline bool system_has_prio_mask_debugging(void) system_uses_irq_prio_masking(); } +static inline bool system_supports_bti(void) +{ + return IS_ENABLED(CONFIG_ARM64_BTI) && + cpus_have_const_cap(ARM64_BTI); +} + #define ARM64_BP_HARDEN_UNKNOWN -1 #define ARM64_BP_HARDEN_WA_NEEDED 0 #define ARM64_BP_HARDEN_NOT_REQUIRED 1 diff --git a/arch/arm64/include/asm/esr.h b/arch/arm64/include/asm/esr.h index cb29253..390b8ba 100644 --- a/arch/arm64/include/asm/esr.h +++ b/arch/arm64/include/asm/esr.h @@ -22,7 +22,7 @@ #define ESR_ELx_EC_PAC (0x09) /* EL2 and above */ /* Unallocated EC: 0x0A - 0x0B */ #define ESR_ELx_EC_CP14_64 (0x0C) -/* Unallocated EC: 0x0d */ +#define ESR_ELx_EC_BTI (0x0D) #define ESR_ELx_EC_ILL (0x0E) /* Unallocated EC: 0x0F - 0x10 */ #define ESR_ELx_EC_SVC32 (0x11) diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 3d2f247..f9e681d 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -86,6 +86,7 @@ #define KERNEL_HWCAP_SVESM4 __khwcap2_feature(SVESM4) #define KERNEL_HWCAP_FLAGM2 __khwcap2_feature(FLAGM2) #define KERNEL_HWCAP_FRINT __khwcap2_feature(FRINT) +#define KERNEL_HWCAP_BTI __khwcap2_feature(BTI) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h new file mode 100644 index 0000000..cbfe3238 --- /dev/null +++ b/arch/arm64/include/asm/mman.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __ASM_MMAN_H__ +#define __ASM_MMAN_H__ + +#include + +#define arch_calc_vm_prot_bits(prot, pkey) arm64_calc_vm_prot_bits(prot) +static inline unsigned long arm64_calc_vm_prot_bits(unsigned long prot) +{ + if (system_supports_bti() && (prot & PROT_BTI)) + return VM_ARM64_BTI; + + return 0; +} + +#define arch_vm_get_page_prot(vm_flags) arm64_vm_get_page_prot(vm_flags) +static inline pgprot_t arm64_vm_get_page_prot(unsigned long vm_flags) +{ + return (vm_flags & VM_ARM64_BTI) ? __pgprot(PTE_GP) : __pgprot(0); +} + +#define arch_validate_prot(prot, addr) arm64_validate_prot(prot, addr) +static inline int arm64_validate_prot(unsigned long prot, unsigned long addr) +{ + unsigned long supported = PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM; + + if (system_supports_bti()) + supported |= PROT_BTI; + + return (prot & ~supported) == 0; +} + +#endif /* ! __ASM_MMAN_H__ */ diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h index 3df60f9..f85d1fc 100644 --- a/arch/arm64/include/asm/pgtable-hwdef.h +++ b/arch/arm64/include/asm/pgtable-hwdef.h @@ -150,6 +150,7 @@ #define PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ #define PTE_NG (_AT(pteval_t, 1) << 11) /* nG */ +#define PTE_GP (_AT(pteval_t, 1) << 50) /* BTI guarded */ #define PTE_DBM (_AT(pteval_t, 1) << 51) /* Dirty Bit Management */ #define PTE_CONT (_AT(pteval_t, 1) << 52) /* Contiguous range */ #define PTE_PXN (_AT(pteval_t, 1) << 53) /* Privileged XN */ diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index 7576df0..a7b5a81 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -679,7 +679,7 @@ static inline phys_addr_t pgd_page_paddr(pgd_t pgd) static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { const pteval_t mask = PTE_USER | PTE_PXN | PTE_UXN | PTE_RDONLY | - PTE_PROT_NONE | PTE_VALID | PTE_WRITE; + PTE_PROT_NONE | PTE_VALID | PTE_WRITE | PTE_GP; /* preserve the hardware dirty information */ if (pte_hw_dirty(pte)) pte = pte_mkdirty(pte); diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index fbebb41..7d4cd59 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -35,7 +35,10 @@ #define GIC_PRIO_PSR_I_SET (1 << 4) /* Additional SPSR bits not exposed in the UABI */ +#define PSR_BTYPE_SHIFT 10 + #define PSR_IL_BIT (1 << 20) +#define PSR_BTYPE_CALL (2 << PSR_BTYPE_SHIFT) /* AArch32-specific ptrace requests */ #define COMPAT_PTRACE_GETREGS 12 diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 972d196..58a5e5e 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -510,6 +510,8 @@ #endif /* SCTLR_EL1 specific flags. */ +#define SCTLR_EL1_BT1 (BIT(36)) +#define SCTLR_EL1_BT0 (BIT(35)) #define SCTLR_EL1_UCI (BIT(26)) #define SCTLR_EL1_E0E (BIT(24)) #define SCTLR_EL1_SPAN (BIT(23)) @@ -599,10 +601,12 @@ /* id_aa64pfr1 */ #define ID_AA64PFR1_SSBS_SHIFT 4 +#define ID_AA64PFR1_BT_SHIFT 0 #define ID_AA64PFR1_SSBS_PSTATE_NI 0 #define ID_AA64PFR1_SSBS_PSTATE_ONLY 1 #define ID_AA64PFR1_SSBS_PSTATE_INSNS 2 +#define ID_AA64PFR1_BT_BTI 0x1 /* id_aa64zfr0 */ #define ID_AA64ZFR0_SM4_SHIFT 40 diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index a1e7288..363f569 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -65,5 +65,6 @@ #define HWCAP2_SVESM4 (1 << 6) #define HWCAP2_FLAGM2 (1 << 7) #define HWCAP2_FRINT (1 << 8) +#define HWCAP2_BTI (1 << 9) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/include/uapi/asm/mman.h b/arch/arm64/include/uapi/asm/mman.h new file mode 100644 index 0000000..6fdd71e --- /dev/null +++ b/arch/arm64/include/uapi/asm/mman.h @@ -0,0 +1,9 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI__ASM_MMAN_H +#define _UAPI__ASM_MMAN_H + +#include + +#define PROT_BTI 0x10 /* BTI guarded page */ + +#endif /* ! _UAPI__ASM_MMAN_H */ diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h index 7ed9294..09e66fa 100644 --- a/arch/arm64/include/uapi/asm/ptrace.h +++ b/arch/arm64/include/uapi/asm/ptrace.h @@ -46,6 +46,7 @@ #define PSR_I_BIT 0x00000080 #define PSR_A_BIT 0x00000100 #define PSR_D_BIT 0x00000200 +#define PSR_BTYPE_MASK 0x00000c00 #define PSR_SSBS_BIT 0x00001000 #define PSR_PAN_BIT 0x00400000 #define PSR_UAO_BIT 0x00800000 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 9323bcc..4bab6e7 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -171,6 +171,8 @@ static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = { static const struct arm64_ftr_bits ftr_id_aa64pfr1[] = { ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_SSBS_SHIFT, 4, ID_AA64PFR1_SSBS_PSTATE_NI), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_BTI), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR1_BT_SHIFT, 4, 0), ARM64_FTR_END, }; @@ -1260,6 +1262,21 @@ static bool can_use_gic_priorities(const struct arm64_cpu_capabilities *entry, } #endif +#ifdef CONFIG_ARM64_BTI +static void bti_enable(const struct arm64_cpu_capabilities *__unused) +{ + /* + * Use of X16/X17 for tail-calls and trampolines that jump to + * function entry points using BR is a requirement for + * marking binaries with GNU_PROPERTY_AARCH64_FEATURE_1_BTI. + * So, be strict and forbid other BRs using other registers to + * jump onto a PACIxSP instruction: + */ + sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_BT0 | SCTLR_EL1_BT1); + isb(); +} +#endif /* CONFIG_ARM64_BTI */ + static const struct arm64_cpu_capabilities arm64_features[] = { { .desc = "GIC system register CPU interface", @@ -1560,6 +1577,19 @@ static const struct arm64_cpu_capabilities arm64_features[] = { .min_field_value = 1, }, #endif +#ifdef CONFIG_ARM64_BTI + { + .desc = "Branch Target Identification", + .capability = ARM64_BTI, + .type = ARM64_CPUCAP_SYSTEM_FEATURE, + .matches = has_cpuid_feature, + .cpu_enable = bti_enable, + .sys_reg = SYS_ID_AA64PFR1_EL1, + .field_pos = ID_AA64PFR1_BT_SHIFT, + .min_field_value = ID_AA64PFR1_BT_BTI, + .sign = FTR_UNSIGNED, + }, +#endif {}, }; @@ -1655,6 +1685,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { HWCAP_CAP(SYS_ID_AA64ZFR0_EL1, ID_AA64ZFR0_SM4_SHIFT, FTR_UNSIGNED, ID_AA64ZFR0_SM4, CAP_HWCAP, KERNEL_HWCAP_SVESM4), #endif HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_SSBS_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_SSBS_PSTATE_INSNS, CAP_HWCAP, KERNEL_HWCAP_SSBS), +#ifdef CONFIG_ARM64_BTI + HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_BT_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_BT_BTI, CAP_HWCAP, KERNEL_HWCAP_BTI), +#endif #ifdef CONFIG_ARM64_PTR_AUTH HWCAP_MULTI_CAP(ptr_auth_hwcap_addr_matches, CAP_HWCAP, KERNEL_HWCAP_PACA), HWCAP_MULTI_CAP(ptr_auth_hwcap_gen_matches, CAP_HWCAP, KERNEL_HWCAP_PACG), diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 05933c0..e1fd053 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -84,6 +84,7 @@ static const char *const hwcap_str[] = { "svesm4", "flagm2", "frint", + "bti", NULL }; diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 84a8227..6c5adea 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -737,6 +737,8 @@ el0_sync: b.eq el0_pc cmp x24, #ESR_ELx_EC_UNKNOWN // unknown exception in EL0 b.eq el0_undef + cmp x24, #ESR_ELx_EC_BTI // branch target exception + b.eq el0_bti cmp x24, #ESR_ELx_EC_BREAKPT_LOW // debug exception in EL0 b.ge el0_dbg b el0_inv @@ -887,6 +889,15 @@ el0_undef: mov x0, sp bl do_undefinstr b ret_to_user +el0_bti: + /* + * Branch target exception + */ + ct_user_exit_irqoff + enable_daif + mov x0, sp + bl do_bti + b ret_to_user el0_sys: /* * System instructions, for trapped cache maintenance instructions diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index 21176d0..ff5ea70 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -1853,7 +1853,7 @@ void syscall_trace_exit(struct pt_regs *regs) */ #define SPSR_EL1_AARCH64_RES0_BITS \ (GENMASK_ULL(63, 32) | GENMASK_ULL(27, 25) | GENMASK_ULL(23, 22) | \ - GENMASK_ULL(20, 13) | GENMASK_ULL(11, 10) | GENMASK_ULL(5, 5)) + GENMASK_ULL(20, 13) | GENMASK_ULL(5, 5)) #define SPSR_EL1_AARCH32_RES0_BITS \ (GENMASK_ULL(63, 32) | GENMASK_ULL(22, 22) | GENMASK_ULL(20, 20)) diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index dd2cdc0..4a3bd32 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -730,6 +730,11 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, regs->regs[29] = (unsigned long)&user->next_frame->fp; regs->pc = (unsigned long)ka->sa.sa_handler; + if (system_supports_bti()) { + regs->pstate &= ~PSR_BTYPE_MASK; + regs->pstate |= PSR_BTYPE_CALL; + } + if (ka->sa.sa_flags & SA_RESTORER) sigtramp = ka->sa.sa_restorer; else diff --git a/arch/arm64/kernel/syscall.c b/arch/arm64/kernel/syscall.c index 871c739..b6b8e48 100644 --- a/arch/arm64/kernel/syscall.c +++ b/arch/arm64/kernel/syscall.c @@ -98,6 +98,24 @@ static void el0_svc_common(struct pt_regs *regs, int scno, int sc_nr, regs->orig_x0 = regs->regs[0]; regs->syscallno = scno; + /* + * BTI note: + * The architecture does not guarantee that SPSR.BTYPE is zero + * on taking an SVC, so we could return to userspace with a + * non-zero BTYPE after the syscall. + * + * This shouldn't matter except when userspace is explicitly + * doing something stupid, such as setting PROT_BTI on a page + * that lacks conforming BTI/PACIxSP instructions, falling + * through from one executable page to another with differing + * PROT_BTI, or messing with BYTPE via ptrace: in such cases, + * userspace should not be surprised if a SIGILL occurs on + * syscall return. + * + * So, don't touch regs->pstate & PSR_BTYPE_MASK here. + * (Similarly for HVC and SMC elsewhere.) + */ + cortex_a76_erratum_1463225_svc_handler(); local_daif_restore(DAIF_PROCCTX); user_exit(); diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 34739e8..15e3c4f 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -406,6 +406,12 @@ asmlinkage void __exception do_undefinstr(struct pt_regs *regs) force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); } +asmlinkage void __exception do_bti(struct pt_regs *regs) +{ + BUG_ON(!user_mode(regs)); + force_signal_inject(SIGILL, ILL_ILLOPC, regs->pc); +} + #define __user_cache_maint(insn, address, res) \ if (address >= user_addr_max()) { \ res = -EFAULT; \ @@ -737,6 +743,7 @@ static const char *esr_class_str[] = { [ESR_ELx_EC_CP10_ID] = "CP10 MRC/VMRS", [ESR_ELx_EC_PAC] = "PAC", [ESR_ELx_EC_CP14_64] = "CP14 MCRR/MRRC", + [ESR_ELx_EC_BTI] = "BTI", [ESR_ELx_EC_ILL] = "PSTATE.IL", [ESR_ELx_EC_SVC32] = "SVC (AArch32)", [ESR_ELx_EC_HVC32] = "HVC (AArch32)", diff --git a/include/linux/mm.h b/include/linux/mm.h index cc29227..5ed5a99 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -329,6 +329,9 @@ extern unsigned int kobjsize(const void *objp); #elif defined(CONFIG_SPARC64) # define VM_SPARC_ADI VM_ARCH_1 /* Uses ADI tag for access control */ # define VM_ARCH_CLEAR VM_SPARC_ADI +#elif defined(CONFIG_ARM64) +# define VM_ARM64_BTI VM_ARCH_1 /* BTI guarded page, a.k.a. GP bit */ +# define VM_ARCH_CLEAR VM_ARM64_BTI #elif !defined(CONFIG_MMU) # define VM_MAPPED_COPY VM_ARCH_1 /* T if mapped copy of data (nommu mmap) */ #endif From patchwork Thu Oct 10 18:44:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175819 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683344ill; Thu, 10 Oct 2019 11:45:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqxZnrPR4F0G0kAqp8PeWC+xX/45SdWr6gShtgw0oZM0EsZTq7vVctZ8lkjxwoMhHx3cOoUJ X-Received: by 2002:a05:6402:1b92:: with SMTP id cc18mr9781633edb.129.1570733151661; Thu, 10 Oct 2019 11:45:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733151; cv=none; d=google.com; s=arc-20160816; b=JKVR9fVaB5AKb6vfmAj0WmGTznNjl1BzCl4tGQdooubVEn2HBQOum7LPThogKu+TvK +ZIz4RdbNkHeAIyeOHKszSxeRNjmtqqwZqCblrDy6znfWPeq2PryFH0OVdO+V9j5AMhq nsXm/1xleACX16yomtTOc36Awba80RfbKrqMiI9BtjEPzrRfanUovUp/QeRuCvw6XjUN hS6h7rx4q1y7ycZaogiv68CV9SCVLxrfKvd9O/obl3OjFiwaKYrIvCvahw1QEsLerR4J 3XrU2RWbX7WTvyZ0IH/aAb3C3xbrLw2PkCIRt0vjLSgLiB6UGAzZ3Q2RKWVlB2xSOpA+ t98Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=Edd1ZGDk5v8u72Eeu+hFLEY+6W8whqinZhoKyu+gNdk=; b=Ywt3YcQnB7W65qhzeWCv+hgmrxRAWbK3dBWJiOXI0baOMMNIGySPTwmOtYnBCA2dfU NID6Wmtgwa/msY8xQkF5aFTOWZxO7nzFcZ8bxZNo9kwtMNsiRNHeC41Bl8DKMjw3eJw0 gpZTrJgtCEJrKmR/6l/eAnW6Hn+L2/5KOobIkDFazTinWLF0nneDsn5G0e6kxSk6d10Y JiTlEiY9Bx/PUCE3xnoVeGxf3wINxXNp8bsptBOMnTVUCjOGPZ0h8WXc0Qq9dAwrzJ/S 1avLL64VxQOluPslKpvv40VDfXgnyJmxLd7iSHRDC4Dq0q+g2GL05p+VYBzbvxDQFpXW 4/Lg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d25si3473579edv.319.2019.10.10.11.45.51; Thu, 10 Oct 2019 11:45:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727234AbfJJSpu (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:50 -0400 Received: from foss.arm.com ([217.140.110.172]:38432 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfJJSps (ORCPT ); Thu, 10 Oct 2019 14:45:48 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5D1AC1570; Thu, 10 Oct 2019 11:45:47 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id AD7263F703; Thu, 10 Oct 2019 11:45:44 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 06/12] elf: Allow arch to tweak initial mmap prot flags Date: Thu, 10 Oct 2019 19:44:34 +0100 Message-Id: <1570733080-21015-7-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org An arch may want to tweak the mmap prot flags for an ELFexecutable's initial mappings. For example, arm64 is going to need to add PROT_BTI for executable pages in an ELF process whose executable is marked as using Branch Target Identification (an ARMv8.5-A control flow integrity feature). So that this can be done in a generic way, add a hook arch_elf_adjust_prot() to modify the prot flags as desired: arches can select CONFIG_HAVE_ELF_PROT and implement their own backend where necessary. By default, leave the prot flags unchanged. Signed-off-by: Dave Martin --- fs/Kconfig.binfmt | 3 +++ fs/binfmt_elf.c | 18 ++++++++++++------ include/linux/elf.h | 12 ++++++++++++ 3 files changed, 27 insertions(+), 6 deletions(-) -- 2.1.4 diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt index d2cfe07..2358368 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -36,6 +36,9 @@ config COMPAT_BINFMT_ELF config ARCH_BINFMT_ELF_STATE bool +config ARCH_HAVE_ELF_PROT + bool + config ARCH_USE_GNU_PROPERTY bool diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index ae345f6..dbfab2e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -531,7 +531,8 @@ static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ -static inline int make_prot(u32 p_flags) +static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state, + bool has_interp, bool is_interp) { int prot = 0; @@ -541,7 +542,8 @@ static inline int make_prot(u32 p_flags) prot |= PROT_WRITE; if (p_flags & PF_X) prot |= PROT_EXEC; - return prot; + + return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp); } /* This is much more generalized than the library routine read function, @@ -551,7 +553,8 @@ static inline int make_prot(u32 p_flags) static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, struct file *interpreter, unsigned long *interp_map_addr, - unsigned long no_base, struct elf_phdr *interp_elf_phdata) + unsigned long no_base, struct elf_phdr *interp_elf_phdata, + struct arch_elf_state *arch_state) { struct elf_phdr *eppnt; unsigned long load_addr = 0; @@ -583,7 +586,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { int elf_type = MAP_PRIVATE | MAP_DENYWRITE; - int elf_prot = make_prot(eppnt->p_flags); + int elf_prot = make_prot(eppnt->p_flags, arch_state, + true, true); unsigned long vaddr = 0; unsigned long k, map_addr; @@ -1040,7 +1044,8 @@ static int load_elf_binary(struct linux_binprm *bprm) } } - elf_prot = make_prot(elf_ppnt->p_flags); + elf_prot = make_prot(elf_ppnt->p_flags, &arch_state, + !!interpreter, false); elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE; @@ -1186,7 +1191,8 @@ static int load_elf_binary(struct linux_binprm *bprm) elf_entry = load_elf_interp(&loc->interp_elf_ex, interpreter, &interp_map_addr, - load_bias, interp_elf_phdata); + load_bias, interp_elf_phdata, + &arch_state); if (!IS_ERR((void *)elf_entry)) { /* * load_elf_interp() returns relocation diff --git a/include/linux/elf.h b/include/linux/elf.h index 7bdc6da..1b6e895 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -83,4 +83,16 @@ extern int arch_parse_elf_property(u32 type, const void *data, size_t datasz, bool compat, struct arch_elf_state *arch); #endif +#ifdef CONFIG_ARCH_HAVE_ELF_PROT +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, + bool has_interp, bool is_interp); +#else +static inline int arch_elf_adjust_prot(int prot, + const struct arch_elf_state *state, + bool has_interp, bool is_interp) +{ + return prot; +} +#endif + #endif /* _LINUX_ELF_H */ From patchwork Thu Oct 10 18:44:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175820 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683395ill; Thu, 10 Oct 2019 11:45:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqyd14JMXFfhoU/6VDaqiYXg3eet2p3BSXqDi2RHiytShvIgkEeZ4X1rWQTU+oGwvAOLOFrj X-Received: by 2002:a05:6402:327:: with SMTP id q7mr3306501edw.30.1570733154499; Thu, 10 Oct 2019 11:45:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733154; cv=none; d=google.com; s=arc-20160816; b=fHKRhitA94E+SN38L6X5KNek2YktOW4KOkjyPDeE16xuX/KXpbl5ufcA6UjA/D6YVf rx0l2b/6r6Xjxi/xe/4G3AcNKirlaw4/wdH9JCjyfPUOfKtKX0mkKsc4ecTCV5JmhiRP CFIEgw///cGj+v/bk/MByeMLv3VkR8V3A1cnldA6o1EeFVn3wiPxK8QKFJlaBa3man16 FjX3cb+Hk/pP/ffBNKxZ8T1gIu2bIx3P3LYStUDgvsPTJZOIMKXLp2ChzMSLMcq/9+3t PGPzMXGXq41lNCHzuLsaGFVAilvx+7j26JIQhvolS/lGKamTep1v35/Pt40d9BVDEB3d Hi2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=s8AuyCThNgU/fwVmxl8A7X+qFZKUkKGKA30Y2MmaYWI=; b=yTpV+aiUNpLBIGmaXz4HyxnykQfqBXyQIM/XEZLXIWwvcBjNNLifi+2BjW/9UiISKo lDg4pxTlvYBMshacy6wUpjl6lej3X9CkD7v4w8e1FEkpppf4wD68TuTTKwlVYB0nwUVe 8rAnHQSID1J2vCKlOwTtdyEBjF7cDd+eSyXs1YqdEAokHNXmFTuwfLv7OF6Q6VXNcUd9 7+LSozkNJHQxgqr/bHlW5YUAB7FUJpZYdKa9HDLgQRcV7lDvW0/4CK6Su1l4UGQb6X4b COyyCjgYRFj8HOJzhuRVe2FnpogtWwpkAdyRCSfoh7EJmKnNsNmAmv8d80p519zNhsB+ tVBg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d25si3473579edv.319.2019.10.10.11.45.54; Thu, 10 Oct 2019 11:45:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727250AbfJJSpx (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:53 -0400 Received: from foss.arm.com ([217.140.110.172]:38460 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727231AbfJJSpv (ORCPT ); Thu, 10 Oct 2019 14:45:51 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 44F9C28; Thu, 10 Oct 2019 11:45:50 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 95A9D3F703; Thu, 10 Oct 2019 11:45:47 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 07/12] arm64: elf: Enable BTI at exec based on ELF program properties Date: Thu, 10 Oct 2019 19:44:35 +0100 Message-Id: <1570733080-21015-8-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For BTI protection to be as comprehensive as possible, it is desirable to have BTI enabled from process startup. If this is not done, the process must use mprotect() to enable BTI for each of its executable mappings, but this is painful to do in the libc startup code. It's simpler and more sound to have the kernel do it instead. To this end, detect BTI support in the executable (or ELF interpreter, as appropriate), via the NT_GNU_PROGRAM_PROPERTY_TYPE_0 note, and tweak the initial prot flags for the process' executable pages to include PROT_BTI as appropriate. Signed-off-by: Dave Martin --- Changes since v1: * Migrate to new ELF program property parser (implemented by "ELF: Add ELF program property parsing support"). * Rename PROT_BTI_GUARDED to PROT_BTI. --- arch/arm64/Kconfig | 3 +++ arch/arm64/include/asm/elf.h | 50 ++++++++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/process.c | 19 +++++++++++++++++ include/linux/elf.h | 6 +++++- include/uapi/linux/elf.h | 6 ++++++ 5 files changed, 83 insertions(+), 1 deletion(-) -- 2.1.4 diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 159ee69..563dec5 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -9,6 +9,7 @@ config ARM64 select ACPI_MCFG if (ACPI && PCI) select ACPI_SPCR_TABLE if ACPI select ACPI_PPTT if ACPI + select ARCH_BINFMT_ELF_STATE select ARCH_CLOCKSOURCE_DATA select ARCH_HAS_DEBUG_VIRTUAL select ARCH_HAS_DEVMEM_IS_ALLOWED @@ -34,6 +35,7 @@ config ARM64 select ARCH_HAS_SYSCALL_WRAPPER select ARCH_HAS_TEARDOWN_DMA_OPS if IOMMU_SUPPORT select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST + select ARCH_HAVE_ELF_PROT select ARCH_HAVE_NMI_SAFE_CMPXCHG select ARCH_INLINE_READ_LOCK if !PREEMPT select ARCH_INLINE_READ_LOCK_BH if !PREEMPT @@ -63,6 +65,7 @@ config ARM64 select ARCH_INLINE_SPIN_UNLOCK_IRQRESTORE if !PREEMPT select ARCH_KEEP_MEMBLOCK select ARCH_USE_CMPXCHG_LOCKREF + select ARCH_USE_GNU_PROPERTY if BINFMT_ELF select ARCH_USE_QUEUED_RWLOCKS select ARCH_USE_QUEUED_SPINLOCKS select ARCH_SUPPORTS_MEMORY_FAILURE diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index b618017..8bc154c 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -114,7 +114,11 @@ #ifndef __ASSEMBLY__ +#include #include +#include +#include +#include #include /* for signal_minsigstksz, used by ARCH_DLINFO */ typedef unsigned long elf_greg_t; @@ -224,6 +228,52 @@ extern int aarch32_setup_additional_pages(struct linux_binprm *bprm, #endif /* CONFIG_COMPAT */ +struct arch_elf_state { + int flags; +}; + +#define ARM64_ELF_BTI (1 << 0) + +#define INIT_ARCH_ELF_STATE { \ + .flags = 0, \ +} + +static inline int arch_parse_elf_property(u32 type, const void *data, + size_t datasz, bool compat, + struct arch_elf_state *arch) +{ + /* No known properties for AArch32 yet */ + if (IS_ENABLED(CONFIG_COMPAT) && compat) + return 0; + + if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { + const u32 *p = data; + + if (datasz != sizeof(*p)) + return -EIO; + + if (IS_ENABLED(CONFIG_ARM64_BTI) && + (*p & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)) + arch->flags |= ARM64_ELF_BTI; + } + + return 0; +} + +static inline int arch_elf_pt_proc(void *ehdr, void *phdr, + struct file *f, bool is_interp, + struct arch_elf_state *state) +{ + return 0; +} + +static inline int arch_check_elf(void *ehdr, bool has_interp, + void *interp_ehdr, + struct arch_elf_state *state) +{ + return 0; +} + #endif /* !__ASSEMBLY__ */ #endif diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index a47462d..4c78937 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -11,12 +11,14 @@ #include #include +#include #include #include #include #include #include #include +#include #include #include #include @@ -633,3 +635,20 @@ static int __init tagged_addr_init(void) core_initcall(tagged_addr_init); #endif /* CONFIG_ARM64_TAGGED_ADDR_ABI */ + +#ifdef CONFIG_BINFMT_ELF +int arch_elf_adjust_prot(int prot, const struct arch_elf_state *state, + bool has_interp, bool is_interp) +{ + if (is_interp != has_interp) + return prot; + + if (!(state->flags & ARM64_ELF_BTI)) + return prot; + + if (prot & PROT_EXEC) + prot |= PROT_BTI; + + return prot; +} +#endif diff --git a/include/linux/elf.h b/include/linux/elf.h index 1b6e895..5d5b032 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -63,7 +63,11 @@ extern int elf_coredump_extra_notes_size(void); extern int elf_coredump_extra_notes_write(struct coredump_params *cprm); #endif -/* NT_GNU_PROPERTY_TYPE_0 header */ +/* + * NT_GNU_PROPERTY_TYPE_0 header: + * Keep this internal until/unless there is an agreed UAPI definition. + * pr_type values (GNU_PROPERTY_*) are public and defined in the UAPI header. + */ struct gnu_property { u32 pr_type; u32 pr_datasz; diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 20900f4..c6dd021 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -448,4 +448,10 @@ typedef struct elf64_note { Elf64_Word n_type; /* Content type */ } Elf64_Nhdr; +/* .note.gnu.property types for EM_AARCH64: */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_AND 0xc0000000 + +/* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */ +#define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) + #endif /* _UAPI_LINUX_ELF_H */ From patchwork Thu Oct 10 18:44:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175821 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683449ill; Thu, 10 Oct 2019 11:45:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqzHCBIB/LhZILOKHoUPJqlC4mnU84gjL8/ZNMJDa/Hb9LTWwG+VCm+ONIhuAgy1LuJcojKM X-Received: by 2002:aa7:c616:: with SMTP id h22mr9515427edq.296.1570733157674; Thu, 10 Oct 2019 11:45:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733157; cv=none; d=google.com; s=arc-20160816; b=pOhxjHVsLIZS194XKGXEc/YU7VM7X+J9uXpBNL6SxQirmJFtU0FTzZNfIpGGhkxT7n Nsvt3zkhYF+ZHeu8EGlCLvurl+XMf3YSyNPl1KzKRA9gNhjXJHdTryKz835uSaFRQ6WT T4CX4cSb9TD4zEXhfIw+lM2GNp3Tu0o12YHvb30e4ZBMIvUX39hl/pIyJiAQhVFb6xzI qv467zOSkIKCbZDLRMOCsGA9QYJkrFlt4kIyyqUCQ1VJqnuwzG9HDahVQMepCb33I8HQ 1IF2tvjnMYVhZuNf+9ZrWi/ift7zonsX7z5uRHd1hb6jvYYaGYlwYgOF/WeQQv2lEvGp /Aqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=dX0FhfY2Bn/munj/bY+NzRBCF89t1hAIfUJp783Ipzo=; b=vy6FFDYskjoxxV0fNJ0+URg2/i5bVo7OCefyLHKv5ATilGKLvhq2tqB8cyViYx/0Ay y/Tz+GBjNjA5h9Q9Vp7KRaP5U4zoEUNxSw8ijT+JLJmt2ATOqlf1fMhW7AKB32FhRv+w /7ZNEVXj+mKO0If4iKQsNtWOESjast4TmdGSPAd31eZxU3irr5M62Hzfg59TnukYS8/5 BozUtQCPKspSmYTtntYfvYVnoXXhEfOSywBTpu73bXNNH02YKbtg7vJ9jXYrFMg3Xjqa xv4ajbVleNfpFmVoESborWaWQH2zbBdCn3gOD1vBMy7aZ5XmPXB4CjBLBiQtxfIpYavk 4lxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d25si3473579edv.319.2019.10.10.11.45.57; Thu, 10 Oct 2019 11:45:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727264AbfJJSp4 (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:56 -0400 Received: from foss.arm.com ([217.140.110.172]:38488 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727247AbfJJSpy (ORCPT ); Thu, 10 Oct 2019 14:45:54 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2CDD71000; Thu, 10 Oct 2019 11:45:53 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7D5CB3F703; Thu, 10 Oct 2019 11:45:50 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 08/12] arm64: BTI: Decode BYTPE bits when printing PSTATE Date: Thu, 10 Oct 2019 19:44:36 +0100 Message-Id: <1570733080-21015-9-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The current code to print PSTATE symbolically when generating backtraces etc., does not include the BYTPE field used by Branch Target Identification. So, decode BYTPE and print it too. In the interests of human-readability, print the classes of BTI matched. The symbolic notation, BYTPE (PSTATE[11:10]) and permitted classes of subsequent instruction are: -- (BTYPE=0b00): any insn jc (BTYPE=0b01): BTI jc, BTI j, BTI c, PACIxSP -c (BYTPE=0b10): BTI jc, BTI c, PACIxSP j- (BTYPE=0b11): BTI jc, BTI j Signed-off-by: Dave Martin --- Changes since v1: * Add convenience definitions for all the BTYPE codes, even if we don't directly use them all yet. * For consistency, align PSR_BTYPE_foo names with the above print format: PSR_BTYPE_NONE -> -- (BTYPE=0b00) PSR_BTYPE_JC -> jc (BTYPE=0b01) etc. --- arch/arm64/include/asm/ptrace.h | 7 ++++++- arch/arm64/kernel/process.c | 17 +++++++++++++++-- arch/arm64/kernel/signal.c | 2 +- 3 files changed, 22 insertions(+), 4 deletions(-) -- 2.1.4 diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index 7d4cd59..212bba1 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -38,7 +38,12 @@ #define PSR_BTYPE_SHIFT 10 #define PSR_IL_BIT (1 << 20) -#define PSR_BTYPE_CALL (2 << PSR_BTYPE_SHIFT) + +/* Convenience names for the values of PSTATE.BTYPE */ +#define PSR_BTYPE_NONE (0b00 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_JC (0b01 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_C (0b10 << PSR_BTYPE_SHIFT) +#define PSR_BTYPE_J (0b11 << PSR_BTYPE_SHIFT) /* AArch32-specific ptrace requests */ #define COMPAT_PTRACE_GETREGS 12 diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 4c78937..a2b555a 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -209,6 +209,15 @@ void machine_restart(char *cmd) while (1); } +#define bstr(suffix, str) [PSR_BTYPE_ ## suffix >> PSR_BTYPE_SHIFT] = str +static const char *const btypes[] = { + bstr(NONE, "--"), + bstr( JC, "jc"), + bstr( C, "-c"), + bstr( J , "j-") +}; +#undef bstr + static void print_pstate(struct pt_regs *regs) { u64 pstate = regs->pstate; @@ -227,7 +236,10 @@ static void print_pstate(struct pt_regs *regs) pstate & PSR_AA32_I_BIT ? 'I' : 'i', pstate & PSR_AA32_F_BIT ? 'F' : 'f'); } else { - printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO)\n", + const char *btype_str = btypes[(pstate & PSR_BTYPE_MASK) >> + PSR_BTYPE_SHIFT]; + + printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO BTYPE=%s)\n", pstate, pstate & PSR_N_BIT ? 'N' : 'n', pstate & PSR_Z_BIT ? 'Z' : 'z', @@ -238,7 +250,8 @@ static void print_pstate(struct pt_regs *regs) pstate & PSR_I_BIT ? 'I' : 'i', pstate & PSR_F_BIT ? 'F' : 'f', pstate & PSR_PAN_BIT ? '+' : '-', - pstate & PSR_UAO_BIT ? '+' : '-'); + pstate & PSR_UAO_BIT ? '+' : '-', + btype_str); } } diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 4a3bd32..452ac5b 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -732,7 +732,7 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, if (system_supports_bti()) { regs->pstate &= ~PSR_BTYPE_MASK; - regs->pstate |= PSR_BTYPE_CALL; + regs->pstate |= PSR_BTYPE_C; } if (ka->sa.sa_flags & SA_RESTORER) From patchwork Thu Oct 10 18:44:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175822 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683502ill; Thu, 10 Oct 2019 11:46:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZvjjCXRzD57OwM8AL6radGjEbZ6GMUCv2fa82zaIoNaMb++AREhkX44dAHXL8vGTU4Y4j X-Received: by 2002:aa7:c595:: with SMTP id g21mr9608089edq.79.1570733160308; Thu, 10 Oct 2019 11:46:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733160; cv=none; d=google.com; s=arc-20160816; b=Nhw3tJjoVOXdEM5J9d26a79QVcrn9i0vOo/i+n5uU+1/jH2zccJbwTzrmYOKT07Yjn NqOKbPV3U0JeE98b0ERaWOSyGhipe49ohl26efe2xHTDoqrdQUuF9DCffxEYY79Mbe61 yMVuX5gd1ke/apT1pUbLR3iM6cSB5HJlPtt3vkgAPABcDAV/oD8hHPWH1IUDsVHGAP7m 6aOt9lJZ/Rb4MAv2jQTtrHMu/oZ/KTRdze+opj5y8TERRxsRIbCtDhXEW3RBoq7qP2ln GhVt1fHB5aILUPcpRAtzCeePHntNjXg3o5BPJUFNdiG4j7acMINFmWg6oRmAh9KN71dv pViQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=p502GKCfS7X7orgzhKITwI3bv9L7QdGCKFHxmbISN4U=; b=Mqobm/AvKoXu8UHyqiD+Xijy6XVDHfcVlVDD6/NLmXeV60r3JoYriTMgRfvuZf0J0k WcMK/k5ermfnRqcTGP3vMXA6IPzQbkRx1DuSRiOgkqBapAsHA0BlrYreZJpSM4GfIFaW WCAwbOmzw0dJsh6zsaBLDzCF6OkYCGQ2ITVX40iw1Bn8LAVBFJH4Wf/GNz6LUj2VQXPw WuvRdxXgFTO1ySNJM8ZpfuhNy1bMkQheZpShOFt7y20UXybzrSu1qjxex+DArY/3rBO7 stlT1PW/+DUbM355iu8OVKULHvkrEp0+cZrlvM0e26Kso0Uq53vk9WY0JCLyBUUFRms6 4gHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u2si3728637ejr.332.2019.10.10.11.46.00; Thu, 10 Oct 2019 11:46:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727278AbfJJSp7 (ORCPT + 22 others); Thu, 10 Oct 2019 14:45:59 -0400 Received: from foss.arm.com ([217.140.110.172]:38512 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727261AbfJJSp4 (ORCPT ); Thu, 10 Oct 2019 14:45:56 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 14B051570; Thu, 10 Oct 2019 11:45:56 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 654383F703; Thu, 10 Oct 2019 11:45:53 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 09/12] arm64: traps: Fix inconsistent faulting instruction skipping Date: Thu, 10 Oct 2019 19:44:37 +0100 Message-Id: <1570733080-21015-10-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Correct skipping of an instruction on AArch32 works a bit differently from AArch64, mainly due to the different CPSR/PSTATE semantics. There have been various attempts to get this right. Currenty arm64_skip_faulting_instruction() mostly does the right thing, but does not advance the IT state machine for the AArch32 case. arm64_compat_skip_faulting_instruction() handles the IT state machine but is local to traps.c, and porting other code to use it will make a mess since there are some call sites that apply for both the compat and native cases. Since manual instruction skipping implies a trap, it's a relatively slow path. So, make arm64_skip_faulting_instruction() handle both compat and native, and get rid of the arm64_compat_skip_faulting_instruction() special case. Fixes: 32a3e635fb0e ("arm64: compat: Add CNTFRQ trap handler") Fixes: 1f1c014035a8 ("arm64: compat: Add condition code checks and IT advance") Fixes: 6436beeee572 ("arm64: Fix single stepping in kernel traps") Fixes: bd35a4adc413 ("arm64: Port SWP/SWPB emulation support from arm") Signed-off-by: Dave Martin --- arch/arm64/kernel/traps.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) -- 2.1.4 Reviewed-by: Mark Rutland diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 15e3c4f..44c91d4 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -268,6 +268,8 @@ void arm64_notify_die(const char *str, struct pt_regs *regs, } } +static void advance_itstate(struct pt_regs *regs); + void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) { regs->pc += size; @@ -278,6 +280,9 @@ void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) */ if (user_mode(regs)) user_fastforward_single_step(current); + + if (regs->pstate & PSR_MODE32_BIT) + advance_itstate(regs); } static LIST_HEAD(undef_hook); @@ -629,19 +634,12 @@ static void advance_itstate(struct pt_regs *regs) compat_set_it_state(regs, it); } -static void arm64_compat_skip_faulting_instruction(struct pt_regs *regs, - unsigned int sz) -{ - advance_itstate(regs); - arm64_skip_faulting_instruction(regs, sz); -} - static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) { int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; pt_regs_write_reg(regs, reg, arch_timer_get_rate()); - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); } static const struct sys64_hook cp15_32_hooks[] = { @@ -661,7 +659,7 @@ static void compat_cntvct_read_handler(unsigned int esr, struct pt_regs *regs) pt_regs_write_reg(regs, rt, lower_32_bits(val)); pt_regs_write_reg(regs, rt2, upper_32_bits(val)); - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); } static const struct sys64_hook cp15_64_hooks[] = { @@ -682,7 +680,7 @@ asmlinkage void __exception do_cp15instr(unsigned int esr, struct pt_regs *regs) * There is no T16 variant of a CP access, so we * always advance PC by 4 bytes. */ - arm64_compat_skip_faulting_instruction(regs, 4); + arm64_skip_faulting_instruction(regs, 4); return; } From patchwork Thu Oct 10 18:44:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175823 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683573ill; Thu, 10 Oct 2019 11:46:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqzorwssOVvtpMUlJgMkk+yVQVMDyLypF1X88M5Kc5ZBsqeFeb5Z/TBvlwICC1Fs6BN07H8G X-Received: by 2002:a17:906:3016:: with SMTP id 22mr9268590ejz.227.1570733163305; Thu, 10 Oct 2019 11:46:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733163; cv=none; d=google.com; s=arc-20160816; b=t62k3KchQo3mIoeVcWG/F9ahWKdrHgJnIZwHS2STc4/sl+2nUqOXEVrORLfm1fi69W 48LL39Ot4j7zQwg2al5/xkgLpYMShZtiAgCVZBWOEukMH5G+HdBWZe1C3C3u2yU8gBfY kbPdTyyztgBr6si5RrM9q3qb62yljB80sWXoZZN/QzaqQXiiTiMvApEOhxOhNsn1l3a5 0qQJx0firR/laqfzOOUm7VK7MGbWGnEaPcXku5/mTioHCxCjHlukyOlg/N6VpgPGqzpw +1A9hZ548PhWmT5AIFGUCZAfwsvJHYTnigvdWNLwseNKFRLDzifpcWfVwyDpnehWSbaz 6Riw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=z5UT3VuTPqrxSIlSI0no+fajSk4FNdIyVhEXEtpd6Pw=; b=Bm42Dl0UNryLAtlj7Mgd1PTPMEb1CrqmYGFQrisdRGQmuo6d6F0m1dtOvk6vjoRbmE V1k3m232JiMcKWI69OlP0uTg7BKwWQuOn5JaOr8MwcdK7VRD6GVzhwUti1rlTjy8ZBRd 97otRIvFV6yfNv+lYPwpNfX6nDBLRn+NRJVTFahHLKyKiaRqwka9XttfhqPGjdeQz7Tm G4NV1/DNap8LEqYpb37yq7jr0x3oVPEe5VaEH0OB6/VOrO3istzvKzGYJgugEO6HZypm GACvgriRtO1syDFFVxZmVzRrxexaQT0oHgA3IJxRRQG9IKq8RF1henf7xGnBbx7dHVzD DQ7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u2si3728637ejr.332.2019.10.10.11.46.03; Thu, 10 Oct 2019 11:46:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727295AbfJJSqC (ORCPT + 22 others); Thu, 10 Oct 2019 14:46:02 -0400 Received: from foss.arm.com ([217.140.110.172]:38538 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727277AbfJJSp7 (ORCPT ); Thu, 10 Oct 2019 14:45:59 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id F0A691000; Thu, 10 Oct 2019 11:45:58 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4D40A3F703; Thu, 10 Oct 2019 11:45:56 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 10/12] arm64: traps: Shuffle code to eliminate forward declarations Date: Thu, 10 Oct 2019 19:44:38 +0100 Message-Id: <1570733080-21015-11-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hoist the IT state handling code earlier in traps.c, to avoid accumulating forward declarations. No functional change. Signed-off-by: Dave Martin --- arch/arm64/kernel/traps.c | 101 ++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 52 deletions(-) -- 2.1.4 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 44c91d4..3af2768 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -268,7 +268,55 @@ void arm64_notify_die(const char *str, struct pt_regs *regs, } } -static void advance_itstate(struct pt_regs *regs); +#ifdef CONFIG_COMPAT +#define PSTATE_IT_1_0_SHIFT 25 +#define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) +#define PSTATE_IT_7_2_SHIFT 10 +#define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) + +static u32 compat_get_it_state(struct pt_regs *regs) +{ + u32 it, pstate = regs->pstate; + + it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; + it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; + + return it; +} + +static void compat_set_it_state(struct pt_regs *regs, u32 it) +{ + u32 pstate_it; + + pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; + pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; + + regs->pstate &= ~PSR_AA32_IT_MASK; + regs->pstate |= pstate_it; +} + +static void advance_itstate(struct pt_regs *regs) +{ + u32 it; + + /* ARM mode */ + if (!(regs->pstate & PSR_AA32_T_BIT) || + !(regs->pstate & PSR_AA32_IT_MASK)) + return; + + it = compat_get_it_state(regs); + + /* + * If this is the last instruction of the block, wipe the IT + * state. Otherwise advance it. + */ + if (!(it & 7)) + it = 0; + else + it = (it & 0xe0) | ((it << 1) & 0x1f); + + compat_set_it_state(regs, it); +} void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) { @@ -563,34 +611,6 @@ static const struct sys64_hook sys64_hooks[] = { {}, }; - -#ifdef CONFIG_COMPAT -#define PSTATE_IT_1_0_SHIFT 25 -#define PSTATE_IT_1_0_MASK (0x3 << PSTATE_IT_1_0_SHIFT) -#define PSTATE_IT_7_2_SHIFT 10 -#define PSTATE_IT_7_2_MASK (0x3f << PSTATE_IT_7_2_SHIFT) - -static u32 compat_get_it_state(struct pt_regs *regs) -{ - u32 it, pstate = regs->pstate; - - it = (pstate & PSTATE_IT_1_0_MASK) >> PSTATE_IT_1_0_SHIFT; - it |= ((pstate & PSTATE_IT_7_2_MASK) >> PSTATE_IT_7_2_SHIFT) << 2; - - return it; -} - -static void compat_set_it_state(struct pt_regs *regs, u32 it) -{ - u32 pstate_it; - - pstate_it = (it << PSTATE_IT_1_0_SHIFT) & PSTATE_IT_1_0_MASK; - pstate_it |= ((it >> 2) << PSTATE_IT_7_2_SHIFT) & PSTATE_IT_7_2_MASK; - - regs->pstate &= ~PSR_AA32_IT_MASK; - regs->pstate |= pstate_it; -} - static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) { int cond; @@ -611,29 +631,6 @@ static bool cp15_cond_valid(unsigned int esr, struct pt_regs *regs) return aarch32_opcode_cond_checks[cond](regs->pstate); } -static void advance_itstate(struct pt_regs *regs) -{ - u32 it; - - /* ARM mode */ - if (!(regs->pstate & PSR_AA32_T_BIT) || - !(regs->pstate & PSR_AA32_IT_MASK)) - return; - - it = compat_get_it_state(regs); - - /* - * If this is the last instruction of the block, wipe the IT - * state. Otherwise advance it. - */ - if (!(it & 7)) - it = 0; - else - it = (it & 0xe0) | ((it << 1) & 0x1f); - - compat_set_it_state(regs, it); -} - static void compat_cntfrq_read_handler(unsigned int esr, struct pt_regs *regs) { int reg = (esr & ESR_ELx_CP15_32_ISS_RT_MASK) >> ESR_ELx_CP15_32_ISS_RT_SHIFT; From patchwork Thu Oct 10 18:44:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175824 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683640ill; Thu, 10 Oct 2019 11:46:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqx+9CGuzPSKSW0XVtgjprQYmnnqt2tEzWKWhqxb0NZuSWzTsNchtweYPNL9z2PmZyHHXqaP X-Received: by 2002:aa7:dc47:: with SMTP id g7mr9584570edu.153.1570733166200; Thu, 10 Oct 2019 11:46:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733166; cv=none; d=google.com; s=arc-20160816; b=oZfHSbwONZXRb6WGDod0Mjk61cT6iVs24gA1t5raqLTdocdhCCRu/r5aTuiumIHhvg l7x8QS67PTIOYm2meMmmgxjo4webYXzZVGwyMHuONcgI00NldzvifYqfKcb8/u4Lm4g7 EEEj84cWApSFuHwnJSffdAVPBuXL/B5FE1Yb86SqSP7xtvqDDUMIQwrBcB6PReL/TsxU nMRMggTJ7PXARKj6vGOod+gSF5ZMg79Wjay6+N/Wceh3hYodIxfbzjhvgbxom02rs7Ub xDP2KYwpRWa1b/OCgU0NXab52Us6gAHAEPYxtyEVf/7G8Aq9/tvQFRAMJ1/kjGuNwCOb +zjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=gyB1ngDXDV8HcKWFdfqcNoWon5lfakaOtf8iIIVbDj8=; b=lGmmZmySCItMcw4s50xq3EaOJWZo+GGljY7uO9x584FknUqxHLxrfNo6Yrc+/JnxEH P8DiQc8S2P1/fqMLtQau9NMWPlQPNlopF4MhSd8hel5bErDOhkui0mflkKj4FiHjA6FB 44bXyJJetfjsXvbZ4ppSU6Rdi6F+bo/hMM1sj8S25O5X+GmUigykU/1rxljR/x3O43zK vu2NqNp7r4JWoN0/lP9BufczhAxiFgruG3iTL8xg0Ifr7WSP44b/bttgfrzUsnKuSTC9 Ftk3hTIff4pjJIP+6cEdr7S48MYvbpWXcHgmbCwvt8umCaI7I4gzzlQ0QXdoh1DVV3qF dLCg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x14si3770209edq.49.2019.10.10.11.46.05; Thu, 10 Oct 2019 11:46:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727308AbfJJSqF (ORCPT + 22 others); Thu, 10 Oct 2019 14:46:05 -0400 Received: from foss.arm.com ([217.140.110.172]:38566 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727294AbfJJSqC (ORCPT ); Thu, 10 Oct 2019 14:46:02 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 090F728; Thu, 10 Oct 2019 11:46:02 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 352063F703; Thu, 10 Oct 2019 11:45:59 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 11/12] arm64: BTI: Reset BTYPE when skipping emulated instructions Date: Thu, 10 Oct 2019 19:44:39 +0100 Message-Id: <1570733080-21015-12-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since normal execution of any non-branch instruction resets the PSTATE BTYPE field to 0, so do the same thing when emulating a trapped instruction. Branches don't trap directly, so we should never need to assign a non-zero value to BTYPE here. Signed-off-by: Dave Martin --- arch/arm64/kernel/traps.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.1.4 diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 3af2768..4d8ce50 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -331,6 +331,8 @@ void arm64_skip_faulting_instruction(struct pt_regs *regs, unsigned long size) if (regs->pstate & PSR_MODE32_BIT) advance_itstate(regs); + else + regs->pstate &= ~(u64)PSR_BTYPE_MASK; } static LIST_HEAD(undef_hook); From patchwork Thu Oct 10 18:44:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Martin X-Patchwork-Id: 175825 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp2683728ill; Thu, 10 Oct 2019 11:46:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqwrdSOd7PeIUhX87dCoCl8q6I29cCl1cWf7pamA3FlsAjS3na8bZ2jMRfAj1rZItNIElQNd X-Received: by 2002:a17:906:f15:: with SMTP id z21mr9721078eji.119.1570733169817; Thu, 10 Oct 2019 11:46:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570733169; cv=none; d=google.com; s=arc-20160816; b=fSIhr2pohaDlttJ5XwoTunZ8R6WMAMC8y3oPNyeL2L36RnVcW73Iybx9mRiRuXI+7Z F20DOiUycgMKzvJySbdfX1PsNz6ToaCf6sV2KElaVJsWqTdTVTrU61mOHbPbpOtvnPzD ttSfA5Y4uKxKTYtOP1ut5nZTWusupGW7S5Lei0KAEnt//qMTZhBT/Xjj1dkK1ghnxz1I cVazV7M+W1pXz5NY+QtFRSY8uLNhVq4dtsOnUTliYymhsiC0yuL+oDqjvzQoxJI2W2Oz Z8hyiZ9qbGz5L9Jr/sJx1+riWTOjtmWapLnqfVRGcYK3v/pLSZOR0NuN4ds7wkqZnucy QsAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=4usNhHJ/m7K6k262ByI2Uu+K1GDKdnOUpYdfRp1F45U=; b=cJK5rr2XFLU9QPw+YrcbqUre3GOpPvOnO7ADxxh6gHMYntzxDWJ2vwsotnFPpbBwX5 WaDYWmln7TZv6u5vbE3pT4qsgPcnSrNfS2waHpVWznCUHobk/BLvBK2MYljXOBA02gd1 w2AcjsWHOa3vNdUKF+RAqoZsTEGAp5EiasjjoHM1pFSKhzKcDoaBiKQvtuXKzaISqzl7 UupmfzNWqHvKtf/nV70EqJL4Yw0yVBp+BQ/m89KpiEmUZTYUhZ5byYMCo5PBIiP8lR6n B/O27Tputg9N/68e+sXQOPln3Slx7DuqPwoyJsRmy1q2cvZKSE60sxEMAiTvWuKimN0W whqg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c21si3610043ejs.390.2019.10.10.11.46.09; Thu, 10 Oct 2019 11:46:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727321AbfJJSqJ (ORCPT + 22 others); Thu, 10 Oct 2019 14:46:09 -0400 Received: from foss.arm.com ([217.140.110.172]:38594 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727307AbfJJSqF (ORCPT ); Thu, 10 Oct 2019 14:46:05 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0D0C61570; Thu, 10 Oct 2019 11:46:05 -0700 (PDT) Received: from e103592.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 41B7D3F703; Thu, 10 Oct 2019 11:46:02 -0700 (PDT) From: Dave Martin To: linux-kernel@vger.kernel.org Cc: Andrew Jones , Arnd Bergmann , Catalin Marinas , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Kees Cook , =?utf-8?q?Kristina_Mart=C5=A1enko?= , Mark Brown , Paul Elliott , Peter Zijlstra , Richard Henderson , Sudakshina Das , Szabolcs Nagy , Thomas Gleixner , Will Deacon , Yu-cheng Yu , Amit Kachhap , Vincenzo Frascino , linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org Subject: [PATCH v2 12/12] KVM: arm64: BTI: Reset BTYPE when skipping emulated instructions Date: Thu, 10 Oct 2019 19:44:40 +0100 Message-Id: <1570733080-21015-13-git-send-email-Dave.Martin@arm.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> References: <1570733080-21015-1-git-send-email-Dave.Martin@arm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since normal execution of any non-branch instruction resets the PSTATE BTYPE field to 0, so do the same thing when emulating a trapped instruction. Branches don't trap directly, so we should never need to assign a non-zero value to BTYPE here. Signed-off-by: Dave Martin --- arch/arm64/include/asm/kvm_emulate.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.1.4 diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index d69c1ef..33957a12 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -452,8 +452,10 @@ static inline void kvm_skip_instr(struct kvm_vcpu *vcpu, bool is_wide_instr) { if (vcpu_mode_is_32bit(vcpu)) kvm_skip_instr32(vcpu, is_wide_instr); - else + else { *vcpu_pc(vcpu) += 4; + *vcpu_cpsr(vcpu) &= ~(u64)PSR_BTYPE_MASK; + } /* advance the singlestep state machine */ *vcpu_cpsr(vcpu) &= ~DBG_SPSR_SS;