From: Catalin Marinas <catalin.marinas@arm.com>
To: Mark Brown <broonie@kernel.org>
Cc: Will Deacon <will@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
Shuah Khan <shuah@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Deepak Gupta <debug@rivosinc.com>,
Wilco Dijkstra <wilco.dijkstra@arm.com>,
Carlos O'Donell <codonell@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
Szabolcs Nagy <nsz@port70.net>, Rich Felker <dalias@libc.org>,
libc-alpha@sourceware.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH RFC 1/3] arm64/gcs: Support reuse of GCS for exited threads
Date: Thu, 25 Sep 2025 17:46:46 +0100 [thread overview]
Message-ID: <aNVx9vlgi8t81V6Y@arm.com> (raw)
In-Reply-To: <20250921-arm64-gcs-exit-token-v1-1-45cf64e648d5@kernel.org>
On Sun, Sep 21, 2025 at 02:21:35PM +0100, Mark Brown wrote:
> diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> index fd1d5a6655de..4649c2b107a7 100644
> --- a/arch/arm64/mm/gcs.c
> +++ b/arch/arm64/mm/gcs.c
> @@ -199,14 +199,37 @@ void gcs_set_el0_mode(struct task_struct *task)
>
> void gcs_free(struct task_struct *task)
> {
> + unsigned long __user *cap_ptr;
> + unsigned long cap_val;
> + int ret;
> +
> if (!system_supports_gcs())
> return;
>
> if (!task->mm || task->mm != current->mm)
> return;
> - if (task->thread.gcs_base)
> + if (task->thread.gcs_base) {
> vm_munmap(task->thread.gcs_base, task->thread.gcs_size);
> + } else if (task == current &&
> + task->thread.gcs_el0_mode & PR_SHADOW_STACK_EXIT_TOKEN) {
I checked the code paths leading here and task is always current. But
better to keep the test in case the core code ever changes.
> + cap_ptr = (unsigned long __user *)read_sysreg_s(SYS_GCSPR_EL0);
> + cap_ptr--;
> + cap_val = GCS_CAP(cap_ptr);
> +
> + /*
> + * We can't do anything constructive if this fails,
> + * and the thread might be exiting due to being in a
> + * bad state anyway.
> + */
> + put_user_gcs(cap_val, cap_ptr, &ret);
> +
> + /*
> + * Ensure the new cap is ordered before standard
> + * memory accesses to the same location.
> + */
> + gcsb_dsync();
> + }
The only downside is that, if the thread did not unwind properly, we
don't write the token where it was initially. We could save the token
address from clone3() and restore it there instead.
--
Catalin
next prev parent reply other threads:[~2025-09-25 16:47 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-21 13:21 [PATCH RFC 0/3] arm64/gcs: Allow reuse of user managed shadow stacks Mark Brown
2025-09-21 13:21 ` [PATCH RFC 1/3] arm64/gcs: Support reuse of GCS for exited threads Mark Brown
2025-09-25 16:46 ` Catalin Marinas [this message]
2025-09-25 17:01 ` Mark Brown
2025-09-25 18:36 ` Catalin Marinas
2025-09-25 19:00 ` Mark Brown
2025-09-26 11:14 ` Catalin Marinas
2025-09-26 11:37 ` Mark Brown
2025-09-21 13:21 ` [PATCH RFC 2/3] kselftest/arm64: Validate PR_SHADOW_STACK_EXIT_TOKEN in basic-gcs Mark Brown
2025-09-21 13:21 ` [PATCH RFC 3/3] kselftest/arm64: Add PR_SHADOW_STACK_EXIT_TOKEN to gcs-locking Mark Brown
2025-09-25 20:40 ` [PATCH RFC 0/3] arm64/gcs: Allow reuse of user managed shadow stacks Edgecombe, Rick P
2025-09-25 23:22 ` Mark Brown
2025-09-25 23:58 ` Edgecombe, Rick P
2025-09-26 0:44 ` Mark Brown
2025-09-26 15:46 ` Edgecombe, Rick P
2025-09-26 16:09 ` Mark Brown
2025-09-29 18:37 ` Deepak Gupta
2025-09-26 15:07 ` Yury Khrustalev
2025-09-26 15:39 ` Edgecombe, Rick P
2025-09-26 16:03 ` Mark Brown
2025-09-26 19:17 ` Edgecombe, Rick P
2025-09-29 15:47 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNVx9vlgi8t81V6Y@arm.com \
--to=catalin.marinas@arm.com \
--cc=adhemerval.zanella@linaro.org \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=codonell@redhat.com \
--cc=dalias@libc.org \
--cc=debug@rivosinc.com \
--cc=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=nsz@port70.net \
--cc=rick.p.edgecombe@intel.com \
--cc=shuah@kernel.org \
--cc=wilco.dijkstra@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).