From: madvenka@linux.microsoft.com
To: kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, oleg@redhat.com,
x86@kernel.org, luto@kernel.org, David.Laight@ACULAB.COM,
fweimer@redhat.com, mark.rutland@arm.com, mic@digikod.net,
pavel@ucw.cz, madvenka@linux.microsoft.com
Subject: [PATCH v2 4/4] [RFC] arm/trampfd: Provide support for the trampoline file descriptor
Date: Tue, 22 Sep 2020 16:53:26 -0500 [thread overview]
Message-ID: <20200922215326.4603-5-madvenka@linux.microsoft.com> (raw)
In-Reply-To: <20200922215326.4603-1-madvenka@linux.microsoft.com>
From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
- Define architecture specific register names
- Architecture specific functions for:
- system call init
- code descriptor check
- data descriptor check
- Fill a page with a trampoline table,
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
---
arch/arm/include/uapi/asm/ptrace.h | 21 +++++
arch/arm/kernel/Makefile | 1 +
arch/arm/kernel/trampfd.c | 124 +++++++++++++++++++++++++++++
arch/arm/tools/syscall.tbl | 1 +
4 files changed, 147 insertions(+)
create mode 100644 arch/arm/kernel/trampfd.c
diff --git a/arch/arm/include/uapi/asm/ptrace.h b/arch/arm/include/uapi/asm/ptrace.h
index e61c65b4018d..598047768f9b 100644
--- a/arch/arm/include/uapi/asm/ptrace.h
+++ b/arch/arm/include/uapi/asm/ptrace.h
@@ -151,6 +151,27 @@ struct pt_regs {
#define ARM_r0 uregs[0]
#define ARM_ORIG_r0 uregs[17]
+/*
+ * These register names are to be used by 32-bit applications.
+ */
+enum reg_32_name {
+ arm_min,
+ arm_r0 = arm_min,
+ arm_r1,
+ arm_r2,
+ arm_r3,
+ arm_r4,
+ arm_r5,
+ arm_r6,
+ arm_r7,
+ arm_r8,
+ arm_r9,
+ arm_r10,
+ arm_r11,
+ arm_r12,
+ arm_max,
+};
+
/*
* The size of the user-visible VFP state as seen by PTRACE_GET/SETVFPREGS
* and core dumps.
diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
index 89e5d864e923..652c54c2f19a 100644
--- a/arch/arm/kernel/Makefile
+++ b/arch/arm/kernel/Makefile
@@ -105,5 +105,6 @@ obj-$(CONFIG_SMP) += psci_smp.o
endif
obj-$(CONFIG_HAVE_ARM_SMCCC) += smccc-call.o
+obj-$(CONFIG_TRAMPFD) += trampfd.o
extra-y := $(head-y) vmlinux.lds
diff --git a/arch/arm/kernel/trampfd.c b/arch/arm/kernel/trampfd.c
new file mode 100644
index 000000000000..45146ed489e8
--- /dev/null
+++ b/arch/arm/kernel/trampfd.c
@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Trampoline FD - ARM support.
+ *
+ * Author: Madhavan T. Venkataraman (madvenka@linux.microsoft.com)
+ *
+ * Copyright (c) 2020, Microsoft Corporation.
+ */
+
+#include <linux/thread_info.h>
+#include <linux/trampfd.h>
+
+#define TRAMPFD_CODE_SIZE 28
+
+/*
+ * trampfd syscall.
+ */
+void trampfd_arch(struct trampfd_info *info)
+{
+ info->code_size = TRAMPFD_CODE_SIZE;
+ info->ntrampolines = PAGE_SIZE / info->code_size;
+ info->code_offset = TRAMPFD_CODE_PGOFF << PAGE_SHIFT;
+ info->reserved = 0;
+}
+
+/*
+ * trampfd code descriptor check.
+ */
+int trampfd_code_arch(struct trampfd_code *code)
+{
+ int ntrampolines;
+ int min, max;
+
+ min = arm_min;
+ max = arm_max;
+ ntrampolines = PAGE_SIZE / TRAMPFD_CODE_SIZE;
+
+ if (code->reg < min || code->reg >= max)
+ return -EINVAL;
+
+ if (!code->ntrampolines || code->ntrampolines > ntrampolines)
+ return -EINVAL;
+ return 0;
+}
+
+/*
+ * trampfd data descriptor check.
+ */
+int trampfd_data_arch(struct trampfd_data *data)
+{
+ int min, max;
+
+ min = arm_min;
+ max = arm_max;
+
+ if (data->reg < min || data->reg >= max)
+ return -EINVAL;
+ return 0;
+}
+
+#define MOVW(ins, reg, imm32) \
+{ \
+ u16 *_imm16 = (u16 *) &(imm32); /* little endian */ \
+ int _hw, _opcode; \
+ \
+ for (_hw = 0; _hw < 2; _hw++) { \
+ /* movw or movt */ \
+ _opcode = _hw ? 0xe3400000 : 0xe3000000; \
+ *ins++ = _opcode | (_imm16[_hw] >> 12) << 16 | \
+ (reg) << 12 | (_imm16[_hw] & 0xFFF); \
+ } \
+}
+
+#define LDR(ins, reg) \
+{ \
+ *ins++ = 0xe5900000 | (reg) << 16 | (reg) << 12; \
+}
+
+#define BX(ins, reg) \
+{ \
+ *ins++ = 0xe12fff10 | (reg); \
+}
+
+void trampfd_code_fill(struct trampfd *trampfd, char *addr)
+{
+ char *eaddr = addr + PAGE_SIZE;
+ int creg = trampfd->code_reg - arm_min;
+ int dreg = trampfd->data_reg - arm_min;
+ u32 *code = trampfd->code;
+ u32 *data = trampfd->data;
+ u32 *instruction = (u32 *) addr;
+ int i;
+
+ for (i = 0; i < trampfd->ntrampolines; i++, code++, data++) {
+ /*
+ * movw creg, code & 0xFFFF
+ * movt creg, code >> 16
+ */
+ MOVW(instruction, creg, code);
+
+ /*
+ * ldr creg, [creg]
+ */
+ LDR(instruction, creg);
+
+ /*
+ * movw dreg, data & 0xFFFF
+ * movt dreg, data >> 16
+ */
+ MOVW(instruction, dreg, data);
+
+ /*
+ * ldr dreg, [dreg]
+ */
+ LDR(instruction, dreg);
+
+ /*
+ * bx creg
+ */
+ BX(instruction, creg);
+ }
+ addr = (char *) instruction;
+ memset(addr, 0, eaddr - addr);
+}
diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
index d5cae5ffede0..85dcbc9e08ee 100644
--- a/arch/arm/tools/syscall.tbl
+++ b/arch/arm/tools/syscall.tbl
@@ -452,3 +452,4 @@
437 common openat2 sys_openat2
438 common pidfd_getfd sys_pidfd_getfd
439 common faccessat2 sys_faccessat2
+440 common trampfd sys_trampfd
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: madvenka@linux.microsoft.com
To: kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, oleg@redhat.com,
x86@kernel.org, luto@kernel.org, David.Laight@ACULAB.COM,
fweimer@redhat.com, mark.rutland@arm.com, mic@digikod.net,
pavel@ucw.cz, madvenka@linux.microsoft.com
Subject: [PATCH v2 4/4] [RFC] arm/trampfd: Provide support for the trampoline file descriptor
Date: Tue, 22 Sep 2020 16:53:26 -0500 [thread overview]
Message-ID: <20200922215326.4603-5-madvenka@linux.microsoft.com> (raw)
In-Reply-To: <20200922215326.4603-1-madvenka@linux.microsoft.com>
From: "Madhavan T. Venkataraman" <madvenka@linux.microsoft.com>
- Define architecture specific register names
- Architecture specific functions for:
- system call init
- code descriptor check
- data descriptor check
- Fill a page with a trampoline table,
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
---
arch/arm/include/uapi/asm/ptrace.h | 21 +++++
arch/arm/kernel/Makefile | 1 +
arch/arm/kernel/trampfd.c | 124 +++++++++++++++++++++++++++++
arch/arm/tools/syscall.tbl | 1 +
4 files changed, 147 insertions(+)
create mode 100644 arch/arm/kernel/trampfd.c
diff --git a/arch/arm/include/uapi/asm/ptrace.h b/arch/arm/include/uapi/asm/ptrace.h
index e61c65b4018d..598047768f9b 100644
--- a/arch/arm/include/uapi/asm/ptrace.h
+++ b/arch/arm/include/uapi/asm/ptrace.h
@@ -151,6 +151,27 @@ struct pt_regs {
#define ARM_r0 uregs[0]
#define ARM_ORIG_r0 uregs[17]
+/*
+ * These register names are to be used by 32-bit applications.
+ */
+enum reg_32_name {
+ arm_min,
+ arm_r0 = arm_min,
+ arm_r1,
+ arm_r2,
+ arm_r3,
+ arm_r4,
+ arm_r5,
+ arm_r6,
+ arm_r7,
+ arm_r8,
+ arm_r9,
+ arm_r10,
+ arm_r11,
+ arm_r12,
+ arm_max,
+};
+
/*
* The size of the user-visible VFP state as seen by PTRACE_GET/SETVFPREGS
* and core dumps.
diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
index 89e5d864e923..652c54c2f19a 100644
--- a/arch/arm/kernel/Makefile
+++ b/arch/arm/kernel/Makefile
@@ -105,5 +105,6 @@ obj-$(CONFIG_SMP) += psci_smp.o
endif
obj-$(CONFIG_HAVE_ARM_SMCCC) += smccc-call.o
+obj-$(CONFIG_TRAMPFD) += trampfd.o
extra-y := $(head-y) vmlinux.lds
diff --git a/arch/arm/kernel/trampfd.c b/arch/arm/kernel/trampfd.c
new file mode 100644
index 000000000000..45146ed489e8
--- /dev/null
+++ b/arch/arm/kernel/trampfd.c
@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Trampoline FD - ARM support.
+ *
+ * Author: Madhavan T. Venkataraman (madvenka@linux.microsoft.com)
+ *
+ * Copyright (c) 2020, Microsoft Corporation.
+ */
+
+#include <linux/thread_info.h>
+#include <linux/trampfd.h>
+
+#define TRAMPFD_CODE_SIZE 28
+
+/*
+ * trampfd syscall.
+ */
+void trampfd_arch(struct trampfd_info *info)
+{
+ info->code_size = TRAMPFD_CODE_SIZE;
+ info->ntrampolines = PAGE_SIZE / info->code_size;
+ info->code_offset = TRAMPFD_CODE_PGOFF << PAGE_SHIFT;
+ info->reserved = 0;
+}
+
+/*
+ * trampfd code descriptor check.
+ */
+int trampfd_code_arch(struct trampfd_code *code)
+{
+ int ntrampolines;
+ int min, max;
+
+ min = arm_min;
+ max = arm_max;
+ ntrampolines = PAGE_SIZE / TRAMPFD_CODE_SIZE;
+
+ if (code->reg < min || code->reg >= max)
+ return -EINVAL;
+
+ if (!code->ntrampolines || code->ntrampolines > ntrampolines)
+ return -EINVAL;
+ return 0;
+}
+
+/*
+ * trampfd data descriptor check.
+ */
+int trampfd_data_arch(struct trampfd_data *data)
+{
+ int min, max;
+
+ min = arm_min;
+ max = arm_max;
+
+ if (data->reg < min || data->reg >= max)
+ return -EINVAL;
+ return 0;
+}
+
+#define MOVW(ins, reg, imm32) \
+{ \
+ u16 *_imm16 = (u16 *) &(imm32); /* little endian */ \
+ int _hw, _opcode; \
+ \
+ for (_hw = 0; _hw < 2; _hw++) { \
+ /* movw or movt */ \
+ _opcode = _hw ? 0xe3400000 : 0xe3000000; \
+ *ins++ = _opcode | (_imm16[_hw] >> 12) << 16 | \
+ (reg) << 12 | (_imm16[_hw] & 0xFFF); \
+ } \
+}
+
+#define LDR(ins, reg) \
+{ \
+ *ins++ = 0xe5900000 | (reg) << 16 | (reg) << 12; \
+}
+
+#define BX(ins, reg) \
+{ \
+ *ins++ = 0xe12fff10 | (reg); \
+}
+
+void trampfd_code_fill(struct trampfd *trampfd, char *addr)
+{
+ char *eaddr = addr + PAGE_SIZE;
+ int creg = trampfd->code_reg - arm_min;
+ int dreg = trampfd->data_reg - arm_min;
+ u32 *code = trampfd->code;
+ u32 *data = trampfd->data;
+ u32 *instruction = (u32 *) addr;
+ int i;
+
+ for (i = 0; i < trampfd->ntrampolines; i++, code++, data++) {
+ /*
+ * movw creg, code & 0xFFFF
+ * movt creg, code >> 16
+ */
+ MOVW(instruction, creg, code);
+
+ /*
+ * ldr creg, [creg]
+ */
+ LDR(instruction, creg);
+
+ /*
+ * movw dreg, data & 0xFFFF
+ * movt dreg, data >> 16
+ */
+ MOVW(instruction, dreg, data);
+
+ /*
+ * ldr dreg, [dreg]
+ */
+ LDR(instruction, dreg);
+
+ /*
+ * bx creg
+ */
+ BX(instruction, creg);
+ }
+ addr = (char *) instruction;
+ memset(addr, 0, eaddr - addr);
+}
diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl
index d5cae5ffede0..85dcbc9e08ee 100644
--- a/arch/arm/tools/syscall.tbl
+++ b/arch/arm/tools/syscall.tbl
@@ -452,3 +452,4 @@
437 common openat2 sys_openat2
438 common pidfd_getfd sys_pidfd_getfd
439 common faccessat2 sys_faccessat2
+440 common trampfd sys_trampfd
--
2.17.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-09-22 21:54 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <210d7cd762d5307c2aa1676705b392bd445f1baa>
2020-09-16 15:08 ` [PATCH v2 0/4] [RFC] Implement Trampoline File Descriptor madvenka
2020-09-16 15:08 ` madvenka
2020-09-16 15:08 ` [PATCH v2 1/4] [RFC] fs/trampfd: Implement the trampoline file descriptor API madvenka
2020-09-16 15:08 ` madvenka
2020-09-16 15:08 ` [PATCH v2 2/4] [RFC] x86/trampfd: Provide support for the trampoline file descriptor madvenka
2020-09-16 15:08 ` madvenka
2020-09-17 1:10 ` kernel test robot
2020-09-17 3:04 ` kernel test robot
2020-09-16 15:08 ` [PATCH v2 3/4] [RFC] arm64/trampfd: " madvenka
2020-09-16 15:08 ` madvenka
2020-09-16 15:08 ` [PATCH v2 4/4] [RFC] arm/trampfd: " madvenka
2020-09-16 15:08 ` madvenka
2020-09-17 1:04 ` [PATCH v2 0/4] [RFC] Implement Trampoline File Descriptor Florian Weimer
2020-09-17 1:04 ` Florian Weimer
2020-09-17 15:36 ` Madhavan T. Venkataraman
2020-09-17 15:36 ` Madhavan T. Venkataraman
2020-09-17 15:57 ` Madhavan T. Venkataraman
2020-09-17 15:57 ` Madhavan T. Venkataraman
2020-09-17 16:01 ` Florian Weimer
2020-09-17 16:01 ` Florian Weimer
2020-09-23 1:46 ` Arvind Sankar
2020-09-23 1:46 ` Arvind Sankar
2020-09-23 9:11 ` Arvind Sankar
2020-09-23 9:11 ` Arvind Sankar
2020-09-23 19:17 ` Madhavan T. Venkataraman
2020-09-23 19:17 ` Madhavan T. Venkataraman
2020-09-23 19:51 ` Arvind Sankar
2020-09-23 19:51 ` Arvind Sankar
2020-09-23 23:51 ` Madhavan T. Venkataraman
2020-09-23 23:51 ` Madhavan T. Venkataraman
2020-09-24 20:23 ` Madhavan T. Venkataraman
2020-09-24 20:23 ` Madhavan T. Venkataraman
2020-09-24 20:52 ` Florian Weimer
2020-09-24 20:52 ` Florian Weimer
2020-09-25 22:22 ` Madhavan T. Venkataraman
2020-09-25 22:22 ` Madhavan T. Venkataraman
2020-09-27 18:25 ` Madhavan T. Venkataraman
2020-09-27 18:25 ` Madhavan T. Venkataraman
2020-10-03 9:43 ` Jay K
2020-10-03 9:43 ` Jay K
2020-09-24 22:13 ` Pavel Machek
2020-09-24 22:13 ` Pavel Machek
2020-09-24 23:43 ` Arvind Sankar
2020-09-24 23:43 ` Arvind Sankar
2020-09-25 22:44 ` Madhavan T. Venkataraman
2020-09-25 22:44 ` Madhavan T. Venkataraman
2020-09-26 15:55 ` Arvind Sankar
2020-09-26 15:55 ` Arvind Sankar
2020-09-27 17:59 ` Madhavan T. Venkataraman
2020-09-27 17:59 ` Madhavan T. Venkataraman
2020-09-23 2:50 ` Jay K
2020-09-23 2:50 ` Jay K
2020-09-22 21:53 ` madvenka
2020-09-22 21:53 ` madvenka
2020-09-22 21:53 ` [PATCH v2 1/4] [RFC] fs/trampfd: Implement the trampoline file descriptor API madvenka
2020-09-22 21:53 ` madvenka
2020-09-22 21:53 ` [PATCH v2 2/4] [RFC] x86/trampfd: Provide support for the trampoline file descriptor madvenka
2020-09-22 21:53 ` madvenka
2020-09-23 13:40 ` kernel test robot
2020-09-22 21:53 ` [PATCH v2 3/4] [RFC] arm64/trampfd: " madvenka
2020-09-22 21:53 ` madvenka
2020-09-22 21:53 ` madvenka [this message]
2020-09-22 21:53 ` [PATCH v2 4/4] [RFC] arm/trampfd: " madvenka
2020-09-22 21:54 ` [PATCH v2 0/4] [RFC] Implement Trampoline File Descriptor Madhavan T. Venkataraman
2020-09-22 21:54 ` Madhavan T. Venkataraman
2020-09-23 8:14 ` Pavel Machek
2020-09-23 8:14 ` Pavel Machek
2020-09-23 9:14 ` Solar Designer
2020-09-23 9:14 ` Solar Designer
2020-09-23 14:11 ` Solar Designer
2020-09-23 14:11 ` Solar Designer
2020-09-23 15:18 ` Pavel Machek
2020-09-23 15:18 ` Pavel Machek
2020-09-23 18:00 ` Solar Designer
2020-09-23 18:00 ` Solar Designer
2020-09-23 18:21 ` Solar Designer
2020-09-23 18:21 ` Solar Designer
2020-09-23 14:39 ` Florian Weimer
2020-09-23 14:39 ` Florian Weimer
2020-09-23 18:09 ` Andy Lutomirski
2020-09-23 18:09 ` Andy Lutomirski
2020-09-23 18:11 ` Solar Designer
2020-09-23 18:11 ` Solar Designer
2020-09-23 18:49 ` Arvind Sankar
2020-09-23 18:49 ` Arvind Sankar
2020-09-23 23:53 ` Madhavan T. Venkataraman
2020-09-23 23:53 ` Madhavan T. Venkataraman
2020-09-23 19:41 ` Madhavan T. Venkataraman
2020-09-23 19:41 ` Madhavan T. Venkataraman
2020-09-23 18:10 ` James Morris
2020-09-23 18:10 ` James Morris
2020-09-23 18:32 ` Madhavan T. Venkataraman
2020-09-23 18:32 ` Madhavan T. Venkataraman
2020-09-23 8:42 ` Pavel Machek
2020-09-23 8:42 ` Pavel Machek
2020-09-23 18:56 ` Madhavan T. Venkataraman
2020-09-23 18:56 ` Madhavan T. Venkataraman
2020-09-23 20:51 ` Pavel Machek
2020-09-23 20:51 ` Pavel Machek
2020-09-23 23:04 ` Madhavan T. Venkataraman
2020-09-23 23:04 ` Madhavan T. Venkataraman
2020-09-24 16:44 ` Mickaël Salaün
2020-09-24 16:44 ` Mickaël Salaün
2020-09-24 22:05 ` Pavel Machek
2020-09-24 22:05 ` Pavel Machek
2020-09-25 10:12 ` Mickaël Salaün
2020-09-25 10:12 ` Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200922215326.4603-5-madvenka@linux.microsoft.com \
--to=madvenka@linux.microsoft.com \
--cc=David.Laight@ACULAB.COM \
--cc=fweimer@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mic@digikod.net \
--cc=oleg@redhat.com \
--cc=pavel@ucw.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.