From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 111B1CFA775 for ; Fri, 4 Oct 2024 13:52:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A36836B0408; Fri, 4 Oct 2024 09:52:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A0D876B0409; Fri, 4 Oct 2024 09:52:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8D6536B040A; Fri, 4 Oct 2024 09:52:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 729806B0408 for ; Fri, 4 Oct 2024 09:52:32 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2DE9716159C for ; Fri, 4 Oct 2024 13:52:32 +0000 (UTC) X-FDA: 82636059744.23.863C8EC Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf14.hostedemail.com (Postfix) with ESMTP id 76DAD100005 for ; Fri, 4 Oct 2024 13:52:30 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf14.hostedemail.com: domain of cmarinas@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=cmarinas@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728049806; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=frFTUw/ogGyHy2Vddb0cD9HdyLXp7q+FKktEECKfyD4=; b=F7YEfawi+mlmuXVsigEIjUYqpF8hGZCBhlfZGK3zeRGSL5A6OGkUbUAbGieIAQgFNTbAPf gXKjmzA0DoOAPktP/BZqUulGIMV2LTJ4S2HcawVznOejX37vuGUeoX2QamTd0v0QCkY/jB eW2K0HY8XqK9D//UwSRXWa9KFjRp4+0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728049806; a=rsa-sha256; cv=none; b=SCmwxRQsooC58V0pYnGmF4ep3cFM7x+U2x/avmEy59PgaKHNOANMD9OXRSnJj1MzoCb7tl nmWSy2HIJqlxSfLT01hq+xBhGgJJ7JWUl3ZK6ReWGPAevqOnqzCgQsljTtX+a67unR62Z+ L4acZTbjSjhkY56sG34LXwT4XhrOm/4= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf14.hostedemail.com: domain of cmarinas@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=cmarinas@kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id EF357A449FA; Fri, 4 Oct 2024 13:52:20 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 96531C4CEC6; Fri, 4 Oct 2024 13:52:22 +0000 (UTC) From: Catalin Marinas To: Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook , Mark Brown Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , David Spickett , Yury Khrustalev , Wilco Dijkstra , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, David Hildenbrand , "Mike Rapoport (IBM)" , Shuah Khan Subject: Re: (subset) [PATCH v13 00/40] arm64/gcs: Provide support for GCS in userspace Date: Fri, 4 Oct 2024 14:52:20 +0100 Message-Id: <172804948348.2705006.18010706949544079891.b4-ty@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> References: <20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 76DAD100005 X-Stat-Signature: zrja88bn46xn5ojaryssq86t1sji4ckd X-Rspam-User: X-HE-Tag: 1728049950-577126 X-HE-Meta: U2FsdGVkX1/ihqOyc+KdWCpWh038AhiQ7FiKYakMzheXUEAYpy6gjFhdEFV/n2LUcHnV5aOaZQjekSwF+MzNg349JqDdSvuvyVqGKXodpJXJbJrFrtcczLiLB1ff1xPQD8J7Ir97pYQ22UgS6IlpiTXKRdOiKax9oJEVV+r8U8nAk52JmlLGv5F+t/hSnATHQpVu2Uyeq5HKe5ZHXckNKEkLIDhTfgczN+TL/ffPureFaDTkffzaTe9tyc1oV+MQOBtxpNxAN3+VeTKJlhk5916f1ivNQrsNAQLfoM5821kcEmuxuewkI66kcnzlYOqEk9jKVMDzwudqsdQS4Whq6eFr+JTe8oh9UdaIHQ9fkNZ2dj8Pw3azKER5ECJT4BrFTdHuVrOF6W/GUxMVkk7GXXigjbKXhNI0xYLctc9cPakpKWo9fKzhx7Ze1+WVR2MQMkz/5k21B66uC1iWxcc59X0Z9eNSaqPHJFwzXeXE326NLCiYoSoElPYrplNPgr931Jdg2o5iNbkY2C0XT9+CB+Fgz50rnLrmW7cVrb9QVyxI8WgsLhK9Ur5VdNSeLSPszqldnf+ecGCdwjzgSHzaEWDavl6kWj5oAVKiXNZSY2PJtStB5Jp9HaSaIKeFkyYQ69I5gCWDqOBiRH6HATn2866HRfni53Y4Hmsp/wPvBnCwiLzPgfxb6jMEgu4K6eFVoCHrCW5EyAL2WxecZcwY0xriGUI++Lgm3Exo8l+Y0/Pq4W9oPOIeHS9a28Tw3gztiRrYN85o7kRDSQjLq/F6kUUTgpNA3spaW/cgts8LPTtTmh1m/PLYMnDykugTO+01bG2jP7LmW9pc1le3W8/abv6LkFtRyibMqQezZ0+y7SFXHpxZXBc/aazGubgZQosQ3w3HiJ9EjUX9ynDftQulRSLbO/9mzs9z9F1x7JJgkoMTvJ0p2FS5vur2+rMLgKVm8H0zNOmO1KnAS+pKiLl E77Pp149 U1K3Ph6HjiA1TrMIIvQLu8P/3pyhlf1T6vy9cm4KAT2XGqOfrITJEHsZsoOMReNe7XVOWxLfbNj6yIsy1jJeGqVcRE9IM9ei+YaNvLoQFS/3VPOaOz7Zvh8mWmDudIEpBtxmtPyzJo0MuHMBzcafSUIt2hd+ttklNz88nM1oG4X6RoVwc3BoYhKFkdfnJaORAwLGI+Hpae5CMVOIzy//Es+kgDEbJilae98wwOoRp0l8bfN5iHRfaJ/28To6XqbCzan5FIuLjde5ZIjQgrM0qfeWgk9BDpgAWus68D7OrdEu4heMh14lHSqznHVpJE7Mq6lS5vEpOoR45x56xAQxmsCBGTOBmbsl4dQ6w7fi2TD8IXKnAKilpyO5zGSBw6kywCyRVvGNk3mjspPi7ChDkxaJsng== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 01 Oct 2024 23:58:39 +0100, Mark Brown wrote: > The arm64 Guarded Control Stack (GCS) feature provides support for > hardware protected stacks of return addresses, intended to provide > hardening against return oriented programming (ROP) attacks and to make > it easier to gather call stacks for applications such as profiling. > > When GCS is active a secondary stack called the Guarded Control Stack is > maintained, protected with a memory attribute which means that it can > only be written with specific GCS operations. The current GCS pointer > can not be directly written to by userspace. When a BL is executed the > value stored in LR is also pushed onto the GCS, and when a RET is > executed the top of the GCS is popped and compared to LR with a fault > being raised if the values do not match. GCS operations may only be > performed on GCS pages, a data abort is generated if they are not. > > [...] I applied most of the series to arm64 (for-next/gcs), apart from two KVM patches - 16 and 40 (the latter is the kselftest). I usually start picking patches at -rc3 but the glibc folk are waiting for these patches to at least end up in a maintainer's branch. Of course, these patches are subject to change until the final 6.13 release. The KVM patches can go on top once agreed (or they can go in via the KVM tree, I don't mind either way). Thanks! [01/40] mm: Introduce ARCH_HAS_USER_SHADOW_STACK https://git.kernel.org/arm64/c/bcc9d04e749a [02/40] mm: Define VM_HIGH_ARCH_6 https://git.kernel.org/arm64/c/9ab515b18f84 [03/40] arm64/mm: Restructure arch_validate_flags() for extensibility https://git.kernel.org/arm64/c/f645e888b1a6 [04/40] prctl: arch-agnostic prctl for shadow stack https://git.kernel.org/arm64/c/91e102e79740 [05/40] mman: Add map_shadow_stack() flags https://git.kernel.org/arm64/c/3630e82ab6bd [06/40] arm64: Document boot requirements for Guarded Control Stacks https://git.kernel.org/arm64/c/830ae8a39685 [07/40] arm64/gcs: Document the ABI for Guarded Control Stacks https://git.kernel.org/arm64/c/7058bf87cd59 [08/40] arm64/sysreg: Add definitions for architected GCS caps https://git.kernel.org/arm64/c/ce0641d48ddd [09/40] arm64/gcs: Add manual encodings of GCS instructions https://git.kernel.org/arm64/c/dad947cc22cf [10/40] arm64/gcs: Provide put_user_gcs() https://git.kernel.org/arm64/c/d0aa2b435186 [11/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 https://git.kernel.org/arm64/c/ff5181d8a2a8 [12/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) https://git.kernel.org/arm64/c/6487c963083c [13/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack https://git.kernel.org/arm64/c/092055f1508c [14/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS https://git.kernel.org/arm64/c/ae80e1629aea [15/40] arm64/mm: Map pages for guarded control stack https://git.kernel.org/arm64/c/6497b66ba694 [17/40] arm64/idreg: Add overrride for GCS https://git.kernel.org/arm64/c/a94452112ce4 [18/40] arm64/hwcap: Add hwcap for GCS https://git.kernel.org/arm64/c/eefc98711f84 [19/40] arm64/traps: Handle GCS exceptions https://git.kernel.org/arm64/c/8ce71d270536 [20/40] arm64/mm: Handle GCS data aborts https://git.kernel.org/arm64/c/cfad706e8f6d [21/40] arm64/gcs: Context switch GCS state for EL0 https://git.kernel.org/arm64/c/fc84bc5378a8 [22/40] arm64/gcs: Ensure that new threads have a GCS https://git.kernel.org/arm64/c/506496bcbb42 [23/40] arm64/gcs: Implement shadow stack prctl() interface https://git.kernel.org/arm64/c/b57180c75c7e [24/40] arm64/mm: Implement map_shadow_stack() https://git.kernel.org/arm64/c/8f3e750673b2 [25/40] arm64/signal: Set up and restore the GCS context for signal handlers https://git.kernel.org/arm64/c/eaf62ce1563b [26/40] arm64/signal: Expose GCS state in signal frames https://git.kernel.org/arm64/c/16f47bb9ac8a [27/40] arm64/ptrace: Expose GCS via ptrace and core files https://git.kernel.org/arm64/c/7ec3b57cb29f [28/40] arm64: Add Kconfig for Guarded Control Stack (GCS) https://git.kernel.org/arm64/c/5d8b172e7005 [29/40] kselftest/arm64: Verify the GCS hwcap https://git.kernel.org/arm64/c/7a2f671db61f [30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests https://git.kernel.org/arm64/c/b2d2f11ff5d6 [31/40] kselftest/arm64: Add framework support for GCS to signal handling tests https://git.kernel.org/arm64/c/0d426f7dd9a0 [32/40] kselftest/arm64: Allow signals tests to specify an expected si_code https://git.kernel.org/arm64/c/956573ac1890 [33/40] kselftest/arm64: Always run signals tests with GCS enabled https://git.kernel.org/arm64/c/42155a8eb0f6 [34/40] kselftest/arm64: Add very basic GCS test program https://git.kernel.org/arm64/c/3d37d4307e0f [35/40] kselftest/arm64: Add a GCS test program built with the system libc https://git.kernel.org/arm64/c/a505a52b4e29 [36/40] kselftest/arm64: Add test coverage for GCS mode locking https://git.kernel.org/arm64/c/58d69a3e3582 [37/40] kselftest/arm64: Add GCS signal tests https://git.kernel.org/arm64/c/794b64ca5665 [38/40] kselftest/arm64: Add a GCS stress test https://git.kernel.org/arm64/c/05e6cfff58c4 [39/40] kselftest/arm64: Enable GCS for the FP stress tests https://git.kernel.org/arm64/c/bb9ae1a66c85 -- Catalin