From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 80AD1C4332F for ; Fri, 15 Dec 2023 02:50:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date: In-reply-to:Subject:Cc:To:From:References:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=TAIx/XVcxTxfcl3+dR93i5D5EhMtioGUTYiMzPkTztU=; b=h3Fk+8KewWHE0XCr6dMVi/5fXd HEAokgUuI09fpUW+ITwomwg8ThVf9sOtVoYrky1mp/H66XkF5lLFWErFrE7G7xsw4v1wl5wM8O11R Ab7uJgjJiDXuL2IwprjeKG/AYyPrZXc7RFASCV1hZPJUm5P/J6qZgMy3jmN30X4XxnQUzfL1cN3iU Ar0RxLi5hXS3kidsSTVtQtTPUc1N5QrDvrFYpmhrpGZXu5unjefWoajesB5rYfBhtzhmQ6qTpo7RU qiGHrMQaHOe57vUdOP2pbSrJhAfWj808O2J4oj/yt127CwthIsQf/d/wecaxtQOyibzDEYK8Meh3E +SYFHY+w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDyHN-001qet-2f; Fri, 15 Dec 2023 02:50:21 +0000 Received: from mail-pf1-x434.google.com ([2607:f8b0:4864:20::434]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDyHL-001qdU-0P for linux-arm-kernel@lists.infradead.org; Fri, 15 Dec 2023 02:50:20 +0000 Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6d089e8b1b2so64812b3a.3 for ; Thu, 14 Dec 2023 18:50:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1702608614; x=1703213414; darn=lists.infradead.org; h=mime-version:message-id:date:in-reply-to:subject:cc:to:from :user-agent:references:from:to:cc:subject:date:message-id:reply-to; bh=oDvaa/loPXs8QqeKn/dbAir7W2iAEYYDHF7svcomArc=; b=Hvk17zzZ6LWMfD7MtYP0vLTo1Bpv9SKZCoZNUhl/aDdJJ01eU50J55MmJ8X+jBh5Ay +qhakg3D89zZNINftyKd6L6EtNR2nKcjLBdzMJIrryFsyuKl4BW3zmhtdMoofUUiDVfA mUrTdn+AUhcKb8Zccd2pWkUqM76RcASg0NaUZg1TQo/bRqDxXbFATkIyy0w1ejmHHit9 6ynWha1EZoPMS1fvrYiKE0LjwOzUYdb0wEwwt+R/ep89mpUJiATnW5bMQwvvxQNMyRHR l/1SdIBcO/GdPBo+jdR2osDeoigXALoBLTdg3wm+5ktwhKQvrDn5hq3Rgr9+r5Pk9BZh HjSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702608614; x=1703213414; h=mime-version:message-id:date:in-reply-to:subject:cc:to:from :user-agent:references:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=oDvaa/loPXs8QqeKn/dbAir7W2iAEYYDHF7svcomArc=; b=pURJ/6cMkM3D0AuFhhEqBEr6iFbwStOmp5QqHn95D2E9YhPO2yRFzaN3cUjD3vk3vi /0k3xIdXbhXAf/WZ+MMttmi9hCx3/p7uNJw0C1OnIAnKTtflPoQamFYl00FpiZo6LzCi dfJa6L9Kh2YVUQAjpTpsIuQzIUGg6oN2p2baYN2S9BVqHBbh5fTYG8D08EUkMPIRMk9K vcCFMVL5CqrYsDhTOuXlY6xqYDyT7NQYz09J7wtbNYZRYtvBR0i2PRJdBXIO7WACYp70 D1lb0dDlQut7n1GnGJSnPCNOdZT6vw+LDpx1OO6MoXrCG2lWzrtimgKEF+VPrtE4k5qQ XhLA== X-Gm-Message-State: AOJu0YyWPQrKsxrgjEasAb5i3n/1XQA/xDw/REKIh5DCJGbraVasYpEK 9LeZu0ETC9NVimsCnsz5gwg0Tw== X-Google-Smtp-Source: AGHT+IE99vQkPCzS0fUw2+RGCuARu2aeWphX23kJyqBn5JyJXY6hondFJhuQ9dhnml5rfwoe6hL5lw== X-Received: by 2002:a05:6a00:cd0:b0:6cd:e046:f3f0 with SMTP id b16-20020a056a000cd000b006cde046f3f0mr7542035pfv.13.1702608614486; Thu, 14 Dec 2023 18:50:14 -0800 (PST) Received: from localhost ([2804:14d:7e39:8470:c901:5e00:3dbe:d1bd]) by smtp.gmail.com with ESMTPSA id r25-20020aa78b99000000b006d2738a2510sm384321pfd.146.2023.12.14.18.50.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 18:50:14 -0800 (PST) References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> <20231122-arm64-gcs-v7-34-201c483bd775@kernel.org> User-agent: mu4e 1.10.8; emacs 29.1 From: Thiago Jung Bauermann To: Mark Brown Cc: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Subject: Re: [PATCH v7 34/39] kselftest/arm64: Add a GCS test program built with the system libc In-reply-to: <20231122-arm64-gcs-v7-34-201c483bd775@kernel.org> Date: Thu, 14 Dec 2023 23:50:11 -0300 Message-ID: <875y1089i4.fsf@linaro.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231214_185019_184784_C05D0C73 X-CRM114-Status: GOOD ( 21.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Mark Brown writes: > + /* Same thing via process_vm_readv() */ > + local_iov.iov_base = &rval; > + local_iov.iov_len = sizeof(rval); > + remote_iov.iov_base = (void *)gcspr; > + remote_iov.iov_len = sizeof(rval); > + ret = process_vm_writev(child, &local_iov, 1, &remote_iov, 1, 0); > + if (ret == -1) > + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", > + strerror(errno), errno); The comment and the error message say "process_vm_readv()", but the function actually called is process_vm_writev(). Is this intended? Also, process_vm_writev() is failing when I run on my Arm FVP: # # RUN global.ptrace_read_write ... # # Child: 1150 # # Child GCSPR 0xffffa210ffd8, flags 1, locked 0 # # process_vm_readv() failed: Bad address (14) # # libc-gcs.c:271:ptrace_read_write:Expected ret (-1) == sizeof(rval) (8) # # libc-gcs.c:272:ptrace_read_write:Expected val (281473401005692) == rval (281473402849248) # # libc-gcs.c:293:ptrace_read_write:Expected val (281473401005692) == ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL) (0) # # ptrace_read_write: Test failed at step #1 # # FAIL global.ptrace_read_write # not ok 4 global.ptrace_read_write If I swap process_vm_readv() and process_vm_writev(), then the read succeeds but the write fails: # RUN global.ptrace_read_write ... # Child: 1996 # Child GCSPR 0xffffa7fcffd8, flags 1, locked 0 # process_vm_writev() failed: Bad address (14) # libc-gcs.c:291:ptrace_read_write:Expected ret (-1) == sizeof(rval) (8) # libc-gcs.c:293:ptrace_read_write:Expected val (281473500358268) == ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL) (0) # ptrace_read_write: Test failed at step #1 # FAIL global.ptrace_read_write not ok 4 global.ptrace_read_write > +/* Put it all together, we can safely switch to and from the stack */ > +TEST_F(map_gcs, stack_switch) > +{ > + size_t cap_index; > + cap_index = (variant->stack_size / sizeof(unsigned long)); > + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; > + > + /* Skip over the stack terminator and point at the cap */ > + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { > + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: > + cap_index -= 2; > + break; > + case SHADOW_STACK_SET_TOKEN: > + cap_index -= 1; > + break; > + case SHADOW_STACK_SET_MARKER: > + case 0: > + /* No cap, no test */ > + return; > + } > + pivot_gcspr_el0 = &self->stack[cap_index]; > + > + /* Pivot to the new GCS */ > + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", > + pivot_gcspr_el0, get_gcspr(), > + *pivot_gcspr_el0); > + gcsss1(pivot_gcspr_el0); > + orig_gcspr_el0 = gcsss2(); > + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", > + pivot_gcspr_el0, get_gcspr(), Not sure about the intent here, but perhaps "get_gcspr()" here should be "orig_gcspr_el0" instead? Ditto in the equivalent place at the map_gcs.stack_overflow test below. Also, it's strange that the tests defined after map_gcs.stack_overflow don't run when I execute this test program. I'm doing: $ ./run_kselftest.sh -t arm64:libc-gcs I.e., these tests aren't being run in my FVP: > +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) > +TEST_F(map_invalid_gcs, do_map) > +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) > +FIXTURE_VARIANT_ADD(invalid_mprotect, bti) > +FIXTURE_VARIANT_ADD(invalid_mprotect, exec_bti) > +TEST_F(invalid_mprotect, do_map) > +TEST_F(invalid_mprotect, do_map_read) Finally, one last comment: > +int main(int argc, char **argv) > +{ > + unsigned long gcs_mode; > + int ret; > + > + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) > + ksft_exit_skip("SKIP GCS not supported\n"); > + > + /* > + * Force shadow stacks on, our tests *should* be fine with or > + * without libc support and with or without this having ended > + * up tagged for GCS and enabled by the dynamic linker. We > + * can't use the libc prctl() function since we can't return > + * from enabling the stack. Also lock GCS if not already > + * locked so we can test behaviour when it's locked. This is probably a leftover from a previous version: the test doesn't lock any GCS flag. > + */ > + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); > + if (ret) { > + ksft_print_msg("Failed to read GCS state: %d\n", ret); > + return EXIT_FAILURE; > + } > + > + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { > + gcs_mode = PR_SHADOW_STACK_ENABLE; > + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, > + gcs_mode); > + if (ret) { > + ksft_print_msg("Failed to configure GCS: %d\n", ret); > + return EXIT_FAILURE; > + } > + } > + > + /* Avoid returning in case libc doesn't understand GCS */ > + exit(test_harness_run(argc, argv)); > +} -- Thiago _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel