From: Catalin Marinas <catalin.marinas@arm.com>
To: Will Deacon <will@kernel.org>, Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
James Morse <james.morse@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Arnd Bergmann <arnd@arndb.de>, Oleg Nesterov <oleg@redhat.com>,
Eric Biederman <ebiederm@xmission.com>,
Shuah Khan <shuah@kernel.org>,
"Rick P. Edgecombe" <rick.p.edgecombe@intel.com>,
Deepak Gupta <debug@rivosinc.com>,
Ard Biesheuvel <ardb@kernel.org>,
Szabolcs Nagy <Szabolcs.Nagy@arm.com>,
Kees Cook <kees@kernel.org>, Mark Brown <broonie@kernel.org>
Cc: "H.J. Lu" <hjl.tools@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Florian Weimer <fweimer@redhat.com>,
Christian Brauner <brauner@kernel.org>,
Thiago Jung Bauermann <thiago.bauermann@linaro.org>,
Ross Burton <ross.burton@arm.com>,
David Spickett <david.spickett@arm.com>,
Yury Khrustalev <yury.khrustalev@arm.com>,
Wilco Dijkstra <wilco.dijkstra@arm.com>,
linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org,
kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-mm@kvack.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org,
David Hildenbrand <david@redhat.com>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>
Subject: Re: (subset) [PATCH v13 00/40] arm64/gcs: Provide support for GCS in userspace
Date: Fri, 4 Oct 2024 14:52:20 +0100 [thread overview]
Message-ID: <172804948348.2705006.18010706949544079891.b4-ty@arm.com> (raw)
In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org>
On Tue, 01 Oct 2024 23:58:39 +0100, Mark Brown wrote:
> The arm64 Guarded Control Stack (GCS) feature provides support for
> hardware protected stacks of return addresses, intended to provide
> hardening against return oriented programming (ROP) attacks and to make
> it easier to gather call stacks for applications such as profiling.
>
> When GCS is active a secondary stack called the Guarded Control Stack is
> maintained, protected with a memory attribute which means that it can
> only be written with specific GCS operations. The current GCS pointer
> can not be directly written to by userspace. When a BL is executed the
> value stored in LR is also pushed onto the GCS, and when a RET is
> executed the top of the GCS is popped and compared to LR with a fault
> being raised if the values do not match. GCS operations may only be
> performed on GCS pages, a data abort is generated if they are not.
>
> [...]
I applied most of the series to arm64 (for-next/gcs), apart from two KVM
patches - 16 and 40 (the latter is the kselftest). I usually start
picking patches at -rc3 but the glibc folk are waiting for these patches
to at least end up in a maintainer's branch. Of course, these patches
are subject to change until the final 6.13 release.
The KVM patches can go on top once agreed (or they can go in via the KVM
tree, I don't mind either way).
Thanks!
[01/40] mm: Introduce ARCH_HAS_USER_SHADOW_STACK
https://git.kernel.org/arm64/c/bcc9d04e749a
[02/40] mm: Define VM_HIGH_ARCH_6
https://git.kernel.org/arm64/c/9ab515b18f84
[03/40] arm64/mm: Restructure arch_validate_flags() for extensibility
https://git.kernel.org/arm64/c/f645e888b1a6
[04/40] prctl: arch-agnostic prctl for shadow stack
https://git.kernel.org/arm64/c/91e102e79740
[05/40] mman: Add map_shadow_stack() flags
https://git.kernel.org/arm64/c/3630e82ab6bd
[06/40] arm64: Document boot requirements for Guarded Control Stacks
https://git.kernel.org/arm64/c/830ae8a39685
[07/40] arm64/gcs: Document the ABI for Guarded Control Stacks
https://git.kernel.org/arm64/c/7058bf87cd59
[08/40] arm64/sysreg: Add definitions for architected GCS caps
https://git.kernel.org/arm64/c/ce0641d48ddd
[09/40] arm64/gcs: Add manual encodings of GCS instructions
https://git.kernel.org/arm64/c/dad947cc22cf
[10/40] arm64/gcs: Provide put_user_gcs()
https://git.kernel.org/arm64/c/d0aa2b435186
[11/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1
https://git.kernel.org/arm64/c/ff5181d8a2a8
[12/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS)
https://git.kernel.org/arm64/c/6487c963083c
[13/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack
https://git.kernel.org/arm64/c/092055f1508c
[14/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS
https://git.kernel.org/arm64/c/ae80e1629aea
[15/40] arm64/mm: Map pages for guarded control stack
https://git.kernel.org/arm64/c/6497b66ba694
[17/40] arm64/idreg: Add overrride for GCS
https://git.kernel.org/arm64/c/a94452112ce4
[18/40] arm64/hwcap: Add hwcap for GCS
https://git.kernel.org/arm64/c/eefc98711f84
[19/40] arm64/traps: Handle GCS exceptions
https://git.kernel.org/arm64/c/8ce71d270536
[20/40] arm64/mm: Handle GCS data aborts
https://git.kernel.org/arm64/c/cfad706e8f6d
[21/40] arm64/gcs: Context switch GCS state for EL0
https://git.kernel.org/arm64/c/fc84bc5378a8
[22/40] arm64/gcs: Ensure that new threads have a GCS
https://git.kernel.org/arm64/c/506496bcbb42
[23/40] arm64/gcs: Implement shadow stack prctl() interface
https://git.kernel.org/arm64/c/b57180c75c7e
[24/40] arm64/mm: Implement map_shadow_stack()
https://git.kernel.org/arm64/c/8f3e750673b2
[25/40] arm64/signal: Set up and restore the GCS context for signal handlers
https://git.kernel.org/arm64/c/eaf62ce1563b
[26/40] arm64/signal: Expose GCS state in signal frames
https://git.kernel.org/arm64/c/16f47bb9ac8a
[27/40] arm64/ptrace: Expose GCS via ptrace and core files
https://git.kernel.org/arm64/c/7ec3b57cb29f
[28/40] arm64: Add Kconfig for Guarded Control Stack (GCS)
https://git.kernel.org/arm64/c/5d8b172e7005
[29/40] kselftest/arm64: Verify the GCS hwcap
https://git.kernel.org/arm64/c/7a2f671db61f
[30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests
https://git.kernel.org/arm64/c/b2d2f11ff5d6
[31/40] kselftest/arm64: Add framework support for GCS to signal handling tests
https://git.kernel.org/arm64/c/0d426f7dd9a0
[32/40] kselftest/arm64: Allow signals tests to specify an expected si_code
https://git.kernel.org/arm64/c/956573ac1890
[33/40] kselftest/arm64: Always run signals tests with GCS enabled
https://git.kernel.org/arm64/c/42155a8eb0f6
[34/40] kselftest/arm64: Add very basic GCS test program
https://git.kernel.org/arm64/c/3d37d4307e0f
[35/40] kselftest/arm64: Add a GCS test program built with the system libc
https://git.kernel.org/arm64/c/a505a52b4e29
[36/40] kselftest/arm64: Add test coverage for GCS mode locking
https://git.kernel.org/arm64/c/58d69a3e3582
[37/40] kselftest/arm64: Add GCS signal tests
https://git.kernel.org/arm64/c/794b64ca5665
[38/40] kselftest/arm64: Add a GCS stress test
https://git.kernel.org/arm64/c/05e6cfff58c4
[39/40] kselftest/arm64: Enable GCS for the FP stress tests
https://git.kernel.org/arm64/c/bb9ae1a66c85
--
Catalin
prev parent reply other threads:[~2024-10-04 13:52 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-01 22:58 Mark Brown
2024-10-01 22:58 ` [PATCH v13 01/40] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Mark Brown
2024-10-01 22:58 ` [PATCH v13 02/40] mm: Define VM_HIGH_ARCH_6 Mark Brown
2024-10-01 22:58 ` [PATCH v13 03/40] arm64/mm: Restructure arch_validate_flags() for extensibility Mark Brown
2024-10-01 22:58 ` [PATCH v13 04/40] prctl: arch-agnostic prctl for shadow stack Mark Brown
2024-10-01 23:13 ` Deepak Gupta
2024-10-01 22:58 ` [PATCH v13 05/40] mman: Add map_shadow_stack() flags Mark Brown
2024-10-01 22:58 ` [PATCH v13 06/40] arm64: Document boot requirements for Guarded Control Stacks Mark Brown
2024-10-01 22:58 ` [PATCH v13 07/40] arm64/gcs: Document the ABI " Mark Brown
2024-10-01 22:58 ` [PATCH v13 08/40] arm64/sysreg: Add definitions for architected GCS caps Mark Brown
2024-10-01 22:58 ` [PATCH v13 09/40] arm64/gcs: Add manual encodings of GCS instructions Mark Brown
2024-10-01 22:58 ` [PATCH v13 10/40] arm64/gcs: Provide put_user_gcs() Mark Brown
2024-10-01 22:58 ` [PATCH v13 11/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 Mark Brown
2024-10-09 20:49 ` Nathan Chancellor
2024-10-10 15:18 ` Marc Zyngier
2024-10-10 17:16 ` Catalin Marinas
2024-10-11 12:55 ` Marc Zyngier
2024-10-14 16:31 ` Catalin Marinas
2024-10-15 13:05 ` Catalin Marinas
2024-10-01 22:58 ` [PATCH v13 12/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) Mark Brown
2024-10-01 22:58 ` [PATCH v13 13/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack Mark Brown
2024-10-01 22:58 ` [PATCH v13 14/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS Mark Brown
2024-10-01 22:58 ` [PATCH v13 15/40] arm64/mm: Map pages for guarded control stack Mark Brown
2024-10-01 22:58 ` [PATCH v13 16/40] KVM: arm64: Manage GCS access and registers for guests Mark Brown
2024-10-02 0:24 ` Marc Zyngier
2024-10-02 15:55 ` Marc Zyngier
2024-10-02 18:24 ` Mark Brown
2024-10-02 19:29 ` Marc Zyngier
2024-10-03 14:50 ` Mark Brown
2024-10-01 22:58 ` [PATCH v13 17/40] arm64/idreg: Add overrride for GCS Mark Brown
2024-10-01 22:58 ` [PATCH v13 18/40] arm64/hwcap: Add hwcap " Mark Brown
2024-10-03 16:25 ` Yury Khrustalev
2024-10-01 22:58 ` [PATCH v13 19/40] arm64/traps: Handle GCS exceptions Mark Brown
2024-10-01 22:58 ` [PATCH v13 20/40] arm64/mm: Handle GCS data aborts Mark Brown
2024-10-01 22:59 ` [PATCH v13 21/40] arm64/gcs: Context switch GCS state for EL0 Mark Brown
2024-10-01 22:59 ` [PATCH v13 22/40] arm64/gcs: Ensure that new threads have a GCS Mark Brown
2024-10-04 11:18 ` Catalin Marinas
2024-10-04 11:50 ` Mark Brown
2024-10-01 22:59 ` [PATCH v13 23/40] arm64/gcs: Implement shadow stack prctl() interface Mark Brown
2024-10-01 22:59 ` [PATCH v13 24/40] arm64/mm: Implement map_shadow_stack() Mark Brown
2024-10-01 22:59 ` [PATCH v13 25/40] arm64/signal: Set up and restore the GCS context for signal handlers Mark Brown
2024-10-01 22:59 ` [PATCH v13 26/40] arm64/signal: Expose GCS state in signal frames Mark Brown
2024-10-01 22:59 ` [PATCH v13 27/40] arm64/ptrace: Expose GCS via ptrace and core files Mark Brown
2024-10-01 22:59 ` [PATCH v13 28/40] arm64: Add Kconfig for Guarded Control Stack (GCS) Mark Brown
2024-10-01 22:59 ` [PATCH v13 29/40] kselftest/arm64: Verify the GCS hwcap Mark Brown
2024-10-01 22:59 ` [PATCH v13 30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests Mark Brown
2024-10-01 22:59 ` [PATCH v13 31/40] kselftest/arm64: Add framework support for GCS to signal handling tests Mark Brown
2024-10-01 22:59 ` [PATCH v13 32/40] kselftest/arm64: Allow signals tests to specify an expected si_code Mark Brown
2024-10-01 22:59 ` [PATCH v13 33/40] kselftest/arm64: Always run signals tests with GCS enabled Mark Brown
2024-10-01 22:59 ` [PATCH v13 34/40] kselftest/arm64: Add very basic GCS test program Mark Brown
2024-10-01 22:59 ` [PATCH v13 35/40] kselftest/arm64: Add a GCS test program built with the system libc Mark Brown
2024-10-01 22:59 ` [PATCH v13 36/40] kselftest/arm64: Add test coverage for GCS mode locking Mark Brown
2024-10-01 22:59 ` [PATCH v13 37/40] kselftest/arm64: Add GCS signal tests Mark Brown
2024-10-01 22:59 ` [PATCH v13 38/40] kselftest/arm64: Add a GCS stress test Mark Brown
2024-10-01 22:59 ` [PATCH v13 39/40] kselftest/arm64: Enable GCS for the FP stress tests Mark Brown
2024-10-01 22:59 ` [PATCH v13 40/40] KVM: selftests: arm64: Add GCS registers to get-reg-list Mark Brown
2024-10-04 13:52 ` Catalin Marinas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=172804948348.2705006.18010706949544079891.b4-ty@arm.com \
--to=catalin.marinas@arm.com \
--cc=Szabolcs.Nagy@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=corbet@lwn.net \
--cc=david.spickett@arm.com \
--cc=david@redhat.com \
--cc=debug@rivosinc.com \
--cc=ebiederm@xmission.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=james.morse@arm.com \
--cc=kees@kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=maz@kernel.org \
--cc=oleg@redhat.com \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=rick.p.edgecombe@intel.com \
--cc=ross.burton@arm.com \
--cc=rppt@kernel.org \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=suzuki.poulose@arm.com \
--cc=thiago.bauermann@linaro.org \
--cc=wilco.dijkstra@arm.com \
--cc=will@kernel.org \
--cc=yury.khrustalev@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox