From: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
To: Mark Brown <broonie@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Arnd Bergmann <arnd@arndb.de>, Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>, Shuah Khan <shuah@kernel.org>,
"Rick P. Edgecombe" <rick.p.edgecombe@intel.com>,
Deepak Gupta <debug@rivosinc.com>,
Ard Biesheuvel <ardb@kernel.org>,
Szabolcs Nagy <Szabolcs.Nagy@arm.com>,
"H.J. Lu" <hjl.tools@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Florian Weimer <fweimer@redhat.com>,
Christian Brauner <brauner@kernel.org>,
linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org,
kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org
Subject: Re: [PATCH v7 26/39] arm64/ptrace: Expose GCS via ptrace and core files
Date: Sat, 09 Dec 2023 20:49:02 -0300 [thread overview]
Message-ID: <877clney35.fsf@linaro.org> (raw)
In-Reply-To: <20231122-arm64-gcs-v7-26-201c483bd775@kernel.org>
Mark Brown <broonie@kernel.org> writes:
> Provide a new register type NT_ARM_GCS reporting the current GCS mode
> and pointer for EL0. Due to the interactions with allocation and
> deallocation of Guarded Control Stacks we do not permit any changes to
> the GCS mode via ptrace, only GCSPR_EL0 may be changed.
The code allows disabling GCS. Is that unintended?
> Signed-off-by: Mark Brown <broonie@kernel.org>
> ---
> arch/arm64/include/uapi/asm/ptrace.h | 8 +++++
> arch/arm64/kernel/ptrace.c | 59 ++++++++++++++++++++++++++++++++++++
> include/uapi/linux/elf.h | 1 +
> 3 files changed, 68 insertions(+)
>
> diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
> index 7fa2f7036aa7..0f39ba4f3efd 100644
> --- a/arch/arm64/include/uapi/asm/ptrace.h
> +++ b/arch/arm64/include/uapi/asm/ptrace.h
> @@ -324,6 +324,14 @@ struct user_za_header {
> #define ZA_PT_SIZE(vq) \
> (ZA_PT_ZA_OFFSET + ZA_PT_ZA_SIZE(vq))
>
> +/* GCS state (NT_ARM_GCS) */
> +
> +struct user_gcs {
> + __u64 features_enabled;
> + __u64 features_locked;
> + __u64 gcspr_el0;
> +};
If there's a reserved field in sigframe's gcs_context, isn't it worth it
to have a reserved field here as well?
> +
> #endif /* __ASSEMBLY__ */
>
> #endif /* _UAPI__ASM_PTRACE_H */
> diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
> index 20d7ef82de90..f15b8e33561e 100644
> --- a/arch/arm64/kernel/ptrace.c
> +++ b/arch/arm64/kernel/ptrace.c
> @@ -33,6 +33,7 @@
> #include <asm/cpufeature.h>
> #include <asm/debug-monitors.h>
> #include <asm/fpsimd.h>
> +#include <asm/gcs.h>
> #include <asm/mte.h>
> #include <asm/pointer_auth.h>
> #include <asm/stacktrace.h>
> @@ -1409,6 +1410,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct
> }
> #endif
>
> +#ifdef CONFIG_ARM64_GCS
> +static int gcs_get(struct task_struct *target,
> + const struct user_regset *regset,
> + struct membuf to)
> +{
> + struct user_gcs user_gcs;
> +
> + if (target == current)
> + gcs_preserve_current_state();
> +
> + user_gcs.features_enabled = target->thread.gcs_el0_mode;
> + user_gcs.features_locked = target->thread.gcs_el0_locked;
> + user_gcs.gcspr_el0 = target->thread.gcspr_el0;
> +
> + return membuf_write(&to, &user_gcs, sizeof(user_gcs));
> +}
> +
> +static int gcs_set(struct task_struct *target, const struct
> + user_regset *regset, unsigned int pos,
> + unsigned int count, const void *kbuf, const
> + void __user *ubuf)
> +{
> + int ret;
> + struct user_gcs user_gcs;
> +
> + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1);
> + if (ret)
> + return ret;
> +
> + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK)
> + return -EINVAL;
> +
> + /* Do not allow enable via ptrace */
> + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) &&
> + !!(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE))
There should be only one '!' above.
Though contrary to the patch description, this code allows disabling
GCS. Shouldn't we require that
(user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) ==
(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)
? That would ensure that the GCS mode can't be changed.
> + return -EBUSY;
> +
> + target->thread.gcs_el0_mode = user_gcs.features_enabled;
> + target->thread.gcs_el0_locked = user_gcs.features_locked;
> + target->thread.gcspr_el0 = user_gcs.gcspr_el0;
> +
> + return 0;
> +}
> +#endif
--
Thiago
next prev parent reply other threads:[~2023-12-09 23:49 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 9:42 [PATCH v7 00/39] arm64/gcs: Provide support for GCS in userspace Mark Brown
2023-11-22 9:42 ` [PATCH v7 01/39] arm64/mm: Restructure arch_validate_flags() for extensibility Mark Brown
2023-11-22 9:42 ` [PATCH v7 02/39] prctl: arch-agnostic prctl for shadow stack Mark Brown
2023-12-12 19:17 ` Deepak Gupta
2023-12-12 19:22 ` Mark Brown
2023-12-13 0:50 ` Deepak Gupta
2023-12-13 13:37 ` Mark Brown
2023-12-13 19:43 ` Deepak Gupta
2023-12-13 19:48 ` Mark Brown
2023-12-12 20:17 ` Edgecombe, Rick P
2023-12-12 20:26 ` Mark Brown
2023-12-12 21:22 ` Edgecombe, Rick P
2023-12-13 13:49 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 03/39] mman: Add map_shadow_stack() flags Mark Brown
2023-11-22 9:42 ` [PATCH v7 04/39] arm64: Document boot requirements for Guarded Control Stacks Mark Brown
2023-11-22 9:42 ` [PATCH v7 05/39] arm64/gcs: Document the ABI " Mark Brown
2023-11-22 9:42 ` [PATCH v7 06/39] arm64/sysreg: Add new system registers for GCS Mark Brown
2023-11-22 9:42 ` [PATCH v7 07/39] arm64/sysreg: Add definitions for architected GCS caps Mark Brown
2023-11-22 9:42 ` [PATCH v7 08/39] arm64/gcs: Add manual encodings of GCS instructions Mark Brown
2023-11-22 9:42 ` [PATCH v7 09/39] arm64/gcs: Provide put_user_gcs() Mark Brown
2023-11-22 9:42 ` [PATCH v7 10/39] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) Mark Brown
2023-11-22 9:42 ` [PATCH v7 11/39] arm64/mm: Allocate PIE slots for EL0 guarded control stack Mark Brown
2023-11-22 9:42 ` [PATCH v7 12/39] mm: Define VM_SHADOW_STACK for arm64 when we support GCS Mark Brown
2023-11-22 9:42 ` [PATCH v7 13/39] arm64/mm: Map pages for guarded control stack Mark Brown
2023-12-04 3:01 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 14/39] KVM: arm64: Manage GCS registers for guests Mark Brown
2023-11-22 9:42 ` [PATCH v7 15/39] arm64/gcs: Allow GCS usage at EL0 and EL1 Mark Brown
2023-11-22 9:42 ` [PATCH v7 16/39] arm64/idreg: Add overrride for GCS Mark Brown
2023-11-22 9:42 ` [PATCH v7 17/39] arm64/hwcap: Add hwcap " Mark Brown
2023-11-22 9:42 ` [PATCH v7 18/39] arm64/traps: Handle GCS exceptions Mark Brown
2023-11-22 9:42 ` [PATCH v7 19/39] arm64/mm: Handle GCS data aborts Mark Brown
2023-11-22 9:42 ` [PATCH v7 20/39] arm64/gcs: Context switch GCS state for EL0 Mark Brown
2023-12-13 19:59 ` Deepak Gupta
2023-12-13 20:02 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 21/39] arm64/gcs: Allocate a new GCS for threads with GCS enabled Mark Brown
2023-12-06 20:22 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 22/39] arm64/gcs: Implement shadow stack prctl() interface Mark Brown
2023-12-06 21:27 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 23/39] arm64/mm: Implement map_shadow_stack() Mark Brown
2023-12-06 21:44 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 24/39] arm64/signal: Set up and restore the GCS context for signal handlers Mark Brown
2023-12-09 3:15 ` Thiago Jung Bauermann
2023-12-09 13:09 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 25/39] arm64/signal: Expose GCS state in signal frames Mark Brown
2023-12-09 22:28 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 26/39] arm64/ptrace: Expose GCS via ptrace and core files Mark Brown
2023-12-09 23:49 ` Thiago Jung Bauermann [this message]
2023-12-10 14:22 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 27/39] arm64: Add Kconfig for Guarded Control Stack (GCS) Mark Brown
2023-11-22 9:42 ` [PATCH v7 28/39] kselftest/arm64: Verify the GCS hwcap Mark Brown
2023-11-22 9:42 ` [PATCH v7 29/39] kselftest/arm64: Add GCS as a detected feature in the signal tests Mark Brown
2023-11-22 9:42 ` [PATCH v7 30/39] kselftest/arm64: Add framework support for GCS to signal handling tests Mark Brown
2023-11-22 9:42 ` [PATCH v7 31/39] kselftest/arm64: Allow signals tests to specify an expected si_code Mark Brown
2023-11-22 9:42 ` [PATCH v7 32/39] kselftest/arm64: Always run signals tests with GCS enabled Mark Brown
2023-11-22 9:42 ` [PATCH v7 33/39] kselftest/arm64: Add very basic GCS test program Mark Brown
2023-11-22 9:42 ` [PATCH v7 34/39] kselftest/arm64: Add a GCS test program built with the system libc Mark Brown
2023-12-15 2:50 ` Thiago Jung Bauermann
2023-12-15 14:59 ` Mark Brown
2023-12-17 2:18 ` Thiago Jung Bauermann
2024-01-18 19:58 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 35/39] kselftest/arm64: Add test coverage for GCS mode locking Mark Brown
2023-11-22 9:42 ` [PATCH v7 36/39] selftests/arm64: Add GCS signal tests Mark Brown
2023-12-17 2:12 ` Thiago Jung Bauermann
2024-01-18 21:10 ` Mark Brown
2023-11-22 9:42 ` [PATCH v7 37/39] kselftest/arm64: Add a GCS stress test Mark Brown
2023-12-13 2:45 ` Thiago Jung Bauermann
2023-11-22 9:42 ` [PATCH v7 38/39] kselftest/arm64: Enable GCS for the FP stress tests Mark Brown
2023-11-22 9:42 ` [PATCH v7 39/39] kselftest/clone3: Enable GCS in the clone3 selftests Mark Brown
2023-12-20 4:13 ` [PATCH v7 00/39] arm64/gcs: Provide support for GCS in userspace Thiago Jung Bauermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877clney35.fsf@linaro.org \
--to=thiago.bauermann@linaro.org \
--cc=Szabolcs.Nagy@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=debug@rivosinc.com \
--cc=ebiederm@xmission.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=james.morse@arm.com \
--cc=keescook@chromium.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oleg@redhat.com \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rick.p.edgecombe@intel.com \
--cc=shuah@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).