From: Catalin Marinas <catalin.marinas@arm.com>
To: Will Deacon <will@kernel.org>
Cc: Joey Gouly <joey.gouly@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
linux-arm-kernel@lists.infradead.org, nd@arm.com,
akpm@linux-foundation.org, aneesh.kumar@kernel.org,
aneesh.kumar@linux.ibm.com, anshuman.khandual@arm.com,
bp@alien8.de, broonie@kernel.org, christophe.leroy@csgroup.eu,
dave.hansen@linux.intel.com, hpa@zytor.com,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linuxppc-dev@lists.ozlabs.org, maz@kernel.org, mingo@redhat.com,
mpe@ellerman.id.au, naveen.n.rao@linux.ibm.com,
npiggin@gmail.com, oliver.upton@linux.dev, shuah@kernel.org,
skhan@linuxfoundation.org, szabolcs.nagy@arm.com,
tglx@linutronix.de, x86@kernel.org, kvmarm@lists.linux.dev,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v5 19/30] arm64: add POE signal support
Date: Tue, 15 Oct 2024 16:01:47 +0100 [thread overview]
Message-ID: <Zw6D2waVyIwYE7wd@arm.com> (raw)
In-Reply-To: <20241015114116.GA19334@willie-the-truck>
On Tue, Oct 15, 2024 at 12:41:16PM +0100, Will Deacon wrote:
> On Tue, Oct 15, 2024 at 10:59:11AM +0100, Joey Gouly wrote:
> > On Mon, Oct 14, 2024 at 06:10:23PM +0100, Will Deacon wrote:
> > > Looking a little more at this, I think we have quite a weird behaviour
> > > on arm64 as it stands. It looks like we rely on the signal frame to hold
> > > the original POR_EL0 so, if for some reason we fail to allocate space
> > > for the POR context, I think we'll return back from the signal with
> > > POR_EL0_INIT. That seems bad?
> >
> > If we don't allocate space for POR_EL0, I think the program recieves SIGSGEV?
> >
> > setup_sigframe_layout()
> > if (system_supports_poe()) {
> > err = sigframe_alloc(user, &user->poe_offset,
> > sizeof(struct poe_context));
> > if (err)
> > return err;
> > }
> >
> > Through get_sigframe() and setup_rt_frame(), that eventually hets here:
> >
> > handle_signal()
> > ret = setup_rt_frame(usig, ksig, oldset, regs);
> >
> > [..]
> >
> > signal_setup_done(ret, ksig, test_thread_flag(TIF_SINGLESTEP));
> >
> > void signal_setup_done(int failed, struct ksignal *ksig, int stepping)
> > {
> > if (failed)
> > force_sigsegv(ksig->sig);
> > else
> > signal_delivered(ksig, stepping);
> > }
> >
> > So I think it's "fine"?
>
> Ah, yes, sorry about that. I got confused by the conditional push in
> setup_sigframe():
>
> if (system_supports_poe() && err == 0 && user->poe_offset) {
> ...
>
> which gives the wrong impression that the POR is somehow optional, even
> if the CPU supports POE. So we should drop that check of
> 'user->poe_offset' as it cannot be NULL here.
I agree, we should remove this check as it's confusing.
> We also still need to resolve Kevin's concern, which probably means
> keeping the thread's original POR around someplace.
If we fail to allocate context for POR_EL0 (or anything else), we'll
deliver a SIGSEGV. I think it's quite likely that the SIGSEGV will also
fail to allocate context we end up with a fatal SIGSEGV. Not sure the
user can affect the allocation/layout, though it can change stack
attributes where the frame is written.
Assuming that the user tricks the kernel into failing to write the
context but allows it to succeed on the resulting SIGSEGV, POR_EL0
wouldn't have been reset and the SIGSEGV context will still have the
original value. I don't think we need to do anything here for 6.12.
However, in for-next/core, we have gcs_signal_entry() called after
resetting POR_EL0. If this fails, we can end up with a new POR_EL0 on
sigreturn (subject to the above user toggling permissions). I think this
needs to be fixed, POR_EL0 only reset when we know we are going to
deliver the signal.
--
Catalin
next prev parent reply other threads:[~2024-10-15 15:01 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-22 15:10 [PATCH v5 00/30] Permission Overlay Extension Joey Gouly
2024-08-22 15:10 ` [PATCH v5 01/30] powerpc/mm: add ARCH_PKEY_BITS to Kconfig Joey Gouly
2024-08-22 15:10 ` [PATCH v5 02/30] x86/mm: " Joey Gouly
2024-08-22 15:10 ` [PATCH v5 03/30] mm: use ARCH_PKEY_BITS to define VM_PKEY_BITN Joey Gouly
2024-08-22 15:10 ` [PATCH v5 04/30] arm64: disable trapping of POR_EL0 to EL2 Joey Gouly
2024-08-23 13:42 ` Will Deacon
2024-08-22 15:10 ` [PATCH v5 05/30] arm64: cpufeature: add Permission Overlay Extension cpucap Joey Gouly
2024-08-22 15:10 ` [PATCH v5 06/30] arm64: context switch POR_EL0 register Joey Gouly
2024-08-23 14:45 ` Will Deacon
2024-08-23 16:41 ` Catalin Marinas
2024-08-23 17:08 ` Will Deacon
2024-08-23 18:40 ` Catalin Marinas
2024-08-27 11:38 ` Will Deacon
2024-09-02 19:08 ` Catalin Marinas
2024-09-03 14:54 ` Joey Gouly
2024-09-04 10:22 ` Will Deacon
2024-09-04 11:32 ` Joey Gouly
2024-09-04 11:43 ` Will Deacon
2024-09-04 12:55 ` Joey Gouly
2024-09-04 16:17 ` Will Deacon
2024-09-04 17:05 ` Marc Zyngier
2024-09-05 10:36 ` Joey Gouly
2024-09-04 11:38 ` Catalin Marinas
2024-09-11 15:01 ` Kevin Brodsky
2024-09-11 15:33 ` Dave Hansen
2024-09-12 10:50 ` Will Deacon
2024-09-12 12:48 ` Joey Gouly
2024-09-13 15:14 ` Will Deacon
2024-09-22 5:49 ` Aneesh Kumar K.V
2024-08-22 15:10 ` [PATCH v5 07/30] KVM: arm64: Save/restore POE registers Joey Gouly
2024-08-22 15:10 ` [PATCH v5 08/30] KVM: arm64: make kvm_at() take an OP_AT_* Joey Gouly
2024-08-23 13:48 ` Will Deacon
2024-08-23 14:24 ` Marc Zyngier
2024-08-30 8:01 ` Marc Zyngier
2024-08-30 9:05 ` Will Deacon
2024-08-30 11:58 ` Marc Zyngier
2024-08-30 9:25 ` Will Deacon
2024-08-30 11:23 ` Marc Zyngier
2024-08-30 11:35 ` Joey Gouly
2024-08-22 15:10 ` [PATCH v5 09/30] KVM: arm64: use `at s1e1a` for POE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 10/30] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 11/30] arm64: enable the Permission Overlay Extension for EL0 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 12/30] arm64: re-order MTE VM_ flags Joey Gouly
2024-08-22 15:10 ` [PATCH v5 13/30] arm64: add POIndex defines Joey Gouly
2024-08-22 15:10 ` [PATCH v5 14/30] arm64: convert protection key into vm_flags and pgprot values Joey Gouly
2024-08-22 15:10 ` [PATCH v5 15/30] arm64: mask out POIndex when modifying a PTE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 16/30] arm64: handle PKEY/POE faults Joey Gouly
2024-08-29 17:55 ` Mark Brown
2024-09-03 14:50 ` Joey Gouly
2024-09-03 15:29 ` Joey Gouly
2024-08-22 15:11 ` [PATCH v5 17/30] arm64: add pte_access_permitted_no_overlay() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 18/30] arm64: implement PKEYS support Joey Gouly
2024-08-22 15:11 ` [PATCH v5 19/30] arm64: add POE signal support Joey Gouly
2024-09-24 11:27 ` Kevin Brodsky
2024-09-24 15:04 ` Dave Martin
2024-10-09 14:43 ` Will Deacon
2024-10-14 17:10 ` Will Deacon
2024-10-15 9:59 ` Joey Gouly
2024-10-15 11:37 ` Mark Brown
2024-10-15 11:41 ` Will Deacon
2024-10-15 12:25 ` Joey Gouly
2024-10-15 13:26 ` Mark Brown
2024-10-17 7:44 ` Kevin Brodsky
2024-10-15 13:39 ` Dave Martin
2024-10-15 15:01 ` Catalin Marinas [this message]
2024-10-17 14:00 ` Kevin Brodsky
2024-08-22 15:11 ` [PATCH v5 20/30] arm64/ptrace: add support for FEAT_POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 21/30] arm64: enable POE and PIE to coexist Joey Gouly
2024-08-22 15:11 ` [PATCH v5 22/30] arm64: enable PKEY support for CPUs with S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 23/30] arm64: add Permission Overlay Extension Kconfig Joey Gouly
2024-08-22 15:11 ` [PATCH v5 24/30] kselftest/arm64: move get_header() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 25/30] selftests: mm: move fpregs printing Joey Gouly
2024-08-22 15:11 ` [PATCH v5 26/30] selftests: mm: make protection_keys test work on arm64 Joey Gouly
2024-08-22 15:11 ` [PATCH v5 27/30] kselftest/arm64: add HWCAP test for FEAT_S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 28/30] kselftest/arm64: parse POE_MAGIC in a signal frame Joey Gouly
2024-08-22 15:11 ` [PATCH v5 29/30] kselftest/arm64: Add test case for POR_EL0 signal frame records Joey Gouly
2024-08-22 15:11 ` [PATCH v5 30/30] KVM: selftests: get-reg-list: add Permission Overlay registers Joey Gouly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zw6D2waVyIwYE7wd@arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@kernel.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=anshuman.khandual@arm.com \
--cc=bp@alien8.de \
--cc=broonie@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=joey.gouly@arm.com \
--cc=kevin.brodsky@arm.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.ibm.com \
--cc=nd@arm.com \
--cc=npiggin@gmail.com \
--cc=oliver.upton@linux.dev \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).