From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3CD0C4332F for ; Fri, 15 Dec 2023 02:50:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 21CB68D0101; Thu, 14 Dec 2023 21:50:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1A5988D00C7; Thu, 14 Dec 2023 21:50:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F37108D0101; Thu, 14 Dec 2023 21:50:17 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id D64B08D00C7 for ; Thu, 14 Dec 2023 21:50:17 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id AE8CA16044B for ; Fri, 15 Dec 2023 02:50:17 +0000 (UTC) X-FDA: 81567523674.29.4DB7C59 Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by imf27.hostedemail.com (Postfix) with ESMTP id CC4F34001F for ; Fri, 15 Dec 2023 02:50:15 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=r8evQVvU; dmarc=pass (policy=none) header.from=linaro.org; spf=pass (imf27.hostedemail.com: domain of thiago.bauermann@linaro.org designates 209.85.210.182 as permitted sender) smtp.mailfrom=thiago.bauermann@linaro.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702608615; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oDvaa/loPXs8QqeKn/dbAir7W2iAEYYDHF7svcomArc=; b=kfgR9iT9PHqIEF+gNQC2aU2Hht402FCvecefn64LcWNqyjSGsc3LiLZqdiJW0KRAOrR0GT KN9CogBXfoa21JDoIIYNQ0ZxCXjSkpR3My33Aj7Qej6mTG6mVpJCLqv0FhZiNvMUqTfuLG DH1miQRO22ryZufXJABNkvGqhjBXMoc= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=r8evQVvU; dmarc=pass (policy=none) header.from=linaro.org; spf=pass (imf27.hostedemail.com: domain of thiago.bauermann@linaro.org designates 209.85.210.182 as permitted sender) smtp.mailfrom=thiago.bauermann@linaro.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702608615; a=rsa-sha256; cv=none; b=cdk2OqAZ2BhMwRa3ocU+BSyIzNV+Y6hhKSNzrBxtvuEJ84j4Ghr3WNlDu3061/iQiNfB1G jaeWMFfzOdxCYubjVHRYQGAe3GXC0BvHtONqh+iQRr281Y2wPAf3g02t4fuu+9FS/jFzZg YrWC634cdvjDgh/PhkPrhP6zB8BIMFI= Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-6ce72faf1e8so77511b3a.0 for ; Thu, 14 Dec 2023 18:50:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1702608614; x=1703213414; darn=kvack.org; h=mime-version:message-id:date:in-reply-to:subject:cc:to:from :user-agent:references:from:to:cc:subject:date:message-id:reply-to; bh=oDvaa/loPXs8QqeKn/dbAir7W2iAEYYDHF7svcomArc=; b=r8evQVvUayitPgnkeH8NGJODHyg4h5JifhsBDkHaSiL+x7NFuwxJI7RbwRQyliUtMh zW8EiQgsFNqL3m/CzoMorrFMRhnjsh6VbAZvPWcFTIpm9mvHaRmaPnK08PYEi7JhpUFL 1uZtCpXAOu0sZ0Ogkj+5RQlkVdMKQAGv/4+1STOeI2SB1qnrUP85528WH3paQGZsKm09 f03TgWrqYABPZ7+GDPC9Mw2yGIW5Ou2yAK5+8Men2JGmlpB6tYzZWj4U3DzCNaOeDmBg UIXJ59W4TM9iOI2wGVW8SBormpMbW1pytLf6sXlNRKACVh7hpideAzAWXtdE+m8w8c1a 0J4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702608614; x=1703213414; h=mime-version:message-id:date:in-reply-to:subject:cc:to:from :user-agent:references:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=oDvaa/loPXs8QqeKn/dbAir7W2iAEYYDHF7svcomArc=; b=B30/nlNOF5fSNiyhkwDRAlKIgHfFkjXBM4dnGou96tuBR2poyyOJq8/efPrsnqBojZ R/3lAf7qTp86ZXtsLtcGpZ7QhaLbrQAnALAVfJaciQnjG5qhQA07QC7o/k1ukmvwlwzs wZMkDPh+n+OkSGi5I+Qtzsa0qrwl68JxJ9/HIjQFw8/0DwepauYYTVA6V6btFyaIopkD 4IGP/0e66U656Q6G7ScWKxR+l/vYz9UXB68EibWjfE0XUuQIalODQOOEVAVA0N0ulrkm jOnyBuQDAp1ByGoaqYvDFzhr1UWZUIaXzeZQ1h9ia/xPp8l4G4Y0/rkX99VNsm5zun7h bHcw== X-Gm-Message-State: AOJu0YxmxZuqKybkSCGcjR87rCqo+2UEm6MQkyPiIJ4xDNJsmBVSKgP6 CwzS8L7arlPsQrF3U5UslPMy8Q== X-Google-Smtp-Source: AGHT+IE99vQkPCzS0fUw2+RGCuARu2aeWphX23kJyqBn5JyJXY6hondFJhuQ9dhnml5rfwoe6hL5lw== X-Received: by 2002:a05:6a00:cd0:b0:6cd:e046:f3f0 with SMTP id b16-20020a056a000cd000b006cde046f3f0mr7542035pfv.13.1702608614486; Thu, 14 Dec 2023 18:50:14 -0800 (PST) Received: from localhost ([2804:14d:7e39:8470:c901:5e00:3dbe:d1bd]) by smtp.gmail.com with ESMTPSA id r25-20020aa78b99000000b006d2738a2510sm384321pfd.146.2023.12.14.18.50.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 18:50:14 -0800 (PST) References: <20231122-arm64-gcs-v7-0-201c483bd775@kernel.org> <20231122-arm64-gcs-v7-34-201c483bd775@kernel.org> User-agent: mu4e 1.10.8; emacs 29.1 From: Thiago Jung Bauermann To: Mark Brown Cc: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Subject: Re: [PATCH v7 34/39] kselftest/arm64: Add a GCS test program built with the system libc In-reply-to: <20231122-arm64-gcs-v7-34-201c483bd775@kernel.org> Date: Thu, 14 Dec 2023 23:50:11 -0300 Message-ID: <875y1089i4.fsf@linaro.org> MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: CC4F34001F X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: g3tawshgk6er4hotef4y8bq4bhthnnqs X-HE-Tag: 1702608615-89850 X-HE-Meta: U2FsdGVkX18oCM1w98HVcM9uT25aAkamhxjnAzFeppM1BJsrPvbETNJ83O/EiiPkSzUK9MZWSLC4q4ucXblP4BXqPhnWyI4L79n/org8JDEKugLFbZsIlsB/IrX88bMzQwZLGNDYJ4XsGZyz2pi9YcJzE2r2ma/Yoafs0DIxu5/A4ULCbqomVdZu7uePQFL4nwpDRq/lOyeEsEnP+M2lhinBw4iHxB0UjOAsVMSgTvAaVprwmfbj0STHYIj3XvnAAnkYg12zPm88d5Si7/v4+XP9bNgysmweKGxiKDgPqtPuL4XbRkr5Emdtdu3lzDUlhLMu3bXLjHIHemYd6bCR3Nk5CvympB6mI/Yzft2bH63e3i1EYdtodzd//evNvYyFCn3Wjpi3QVi+duuEeKhRYWDR5Nj7Nh54RqGfic9boDJue/dvDN+NyUFIgS4lKrbcJKe/oGVfRJFnOSmcMM9LH/z5GQ3tIR+RCnDxmja+HeS+w+5/IUsVDTSrf2F/JIIZOe9gyUASxKXzNBnaKIyHEY/KW60YQCRItRG9ydzlUBs3Ny3BwzmdAIaM0lbkHe3L/2WLDF9RK6mtXzYZW0owWXSj7ny2PrA3Ij1HFpsblGd85MrEZ7KH6UjDIbgZmOVIDIOBUx7XMObsy9InwGjNbeuDzjfyW0+W8cIKJmB41hjcGb5cErZ8l3IJCGhf/SeJsFPbN4S2hLxGzmQDNbESI4vSgH2kAn7un4JhK3uTvfjN+tXNqTrO58Ha6iY1Onm78OPiFaZHgHlLf9Ru1hnjFlBS0HKTtPjK6/EcsMsvf2hWp+3csH3hGKWDQsjrwm/L1v8tQ9912IiQMd38qbvS+dARgv5FnRmxjALCvNOatAoYRmG2DnnMXW6xGhdQhKBFwJg4fpf3fUFwCP972Uk1tcgS4vftcMolwzrcVY+aS5D2DEerm537cYyhmvWEIPtDFlbZm+uzcHL5A7eUdWX NS9dBwty vsMVpDhMksztW3dfC7GaTomJBLnjSV/Xu1jjGf8hQwg3YC6xFesFoV0A8AShclh4iMg1cm34vUI6Rnmrdi7XW0o3pEOV5l4RSM2vwm2yJOaWO+7fCJ1Fv2SlLz4+rylaD3jgFPMr66/qCuqRJ74sWv9qZ/cAdFRduX/UrQrz+E03nnsboIAfsoMHB2nGvM8Ii8g0CNxrnyD8N0HmY0SITdhNQUo39rypIHAUTicbMwCFT467JtMXSSygPla49/ooTBS6LhtR5S0rjtF+oLg9KOMdeHZhYXIDIG1V5I45LTIEVCtZXjEmGZ/eYmoQgbAQKb1eh9gNEDoL39FVkytPH+EDJedXoUgItsrTEWQdqxJVrSO7wjJRW4mRSkRQnh4ILSkC9KdIGI9uzB4JtyJwfRAqNEbm4xgobWrsjFBdML9U+OWjvi7yZWJ1eHuswh5Lcj9H1OBBhmLKBXDSx6x7ROH5XRJ1QwiT7eg2n X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Mark Brown writes: > + /* Same thing via process_vm_readv() */ > + local_iov.iov_base = &rval; > + local_iov.iov_len = sizeof(rval); > + remote_iov.iov_base = (void *)gcspr; > + remote_iov.iov_len = sizeof(rval); > + ret = process_vm_writev(child, &local_iov, 1, &remote_iov, 1, 0); > + if (ret == -1) > + ksft_print_msg("process_vm_readv() failed: %s (%d)\n", > + strerror(errno), errno); The comment and the error message say "process_vm_readv()", but the function actually called is process_vm_writev(). Is this intended? Also, process_vm_writev() is failing when I run on my Arm FVP: # # RUN global.ptrace_read_write ... # # Child: 1150 # # Child GCSPR 0xffffa210ffd8, flags 1, locked 0 # # process_vm_readv() failed: Bad address (14) # # libc-gcs.c:271:ptrace_read_write:Expected ret (-1) == sizeof(rval) (8) # # libc-gcs.c:272:ptrace_read_write:Expected val (281473401005692) == rval (281473402849248) # # libc-gcs.c:293:ptrace_read_write:Expected val (281473401005692) == ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL) (0) # # ptrace_read_write: Test failed at step #1 # # FAIL global.ptrace_read_write # not ok 4 global.ptrace_read_write If I swap process_vm_readv() and process_vm_writev(), then the read succeeds but the write fails: # RUN global.ptrace_read_write ... # Child: 1996 # Child GCSPR 0xffffa7fcffd8, flags 1, locked 0 # process_vm_writev() failed: Bad address (14) # libc-gcs.c:291:ptrace_read_write:Expected ret (-1) == sizeof(rval) (8) # libc-gcs.c:293:ptrace_read_write:Expected val (281473500358268) == ptrace(PTRACE_PEEKDATA, child, (void *)gcspr, NULL) (0) # ptrace_read_write: Test failed at step #1 # FAIL global.ptrace_read_write not ok 4 global.ptrace_read_write > +/* Put it all together, we can safely switch to and from the stack */ > +TEST_F(map_gcs, stack_switch) > +{ > + size_t cap_index; > + cap_index = (variant->stack_size / sizeof(unsigned long)); > + unsigned long *orig_gcspr_el0, *pivot_gcspr_el0; > + > + /* Skip over the stack terminator and point at the cap */ > + switch (variant->flags & (SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN)) { > + case SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN: > + cap_index -= 2; > + break; > + case SHADOW_STACK_SET_TOKEN: > + cap_index -= 1; > + break; > + case SHADOW_STACK_SET_MARKER: > + case 0: > + /* No cap, no test */ > + return; > + } > + pivot_gcspr_el0 = &self->stack[cap_index]; > + > + /* Pivot to the new GCS */ > + ksft_print_msg("Pivoting to %p from %p, target has value 0x%lx\n", > + pivot_gcspr_el0, get_gcspr(), > + *pivot_gcspr_el0); > + gcsss1(pivot_gcspr_el0); > + orig_gcspr_el0 = gcsss2(); > + ksft_print_msg("Pivoted to %p from %p, target has value 0x%lx\n", > + pivot_gcspr_el0, get_gcspr(), Not sure about the intent here, but perhaps "get_gcspr()" here should be "orig_gcspr_el0" instead? Ditto in the equivalent place at the map_gcs.stack_overflow test below. Also, it's strange that the tests defined after map_gcs.stack_overflow don't run when I execute this test program. I'm doing: $ ./run_kselftest.sh -t arm64:libc-gcs I.e., these tests aren't being run in my FVP: > +FIXTURE_VARIANT_ADD(map_invalid_gcs, too_small) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_1) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_2) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_3) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_4) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_5) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_6) > +FIXTURE_VARIANT_ADD(map_invalid_gcs, unligned_7) > +TEST_F(map_invalid_gcs, do_map) > +FIXTURE_VARIANT_ADD(invalid_mprotect, exec) > +FIXTURE_VARIANT_ADD(invalid_mprotect, bti) > +FIXTURE_VARIANT_ADD(invalid_mprotect, exec_bti) > +TEST_F(invalid_mprotect, do_map) > +TEST_F(invalid_mprotect, do_map_read) Finally, one last comment: > +int main(int argc, char **argv) > +{ > + unsigned long gcs_mode; > + int ret; > + > + if (!(getauxval(AT_HWCAP2) & HWCAP2_GCS)) > + ksft_exit_skip("SKIP GCS not supported\n"); > + > + /* > + * Force shadow stacks on, our tests *should* be fine with or > + * without libc support and with or without this having ended > + * up tagged for GCS and enabled by the dynamic linker. We > + * can't use the libc prctl() function since we can't return > + * from enabling the stack. Also lock GCS if not already > + * locked so we can test behaviour when it's locked. This is probably a leftover from a previous version: the test doesn't lock any GCS flag. > + */ > + ret = my_syscall2(__NR_prctl, PR_GET_SHADOW_STACK_STATUS, &gcs_mode); > + if (ret) { > + ksft_print_msg("Failed to read GCS state: %d\n", ret); > + return EXIT_FAILURE; > + } > + > + if (!(gcs_mode & PR_SHADOW_STACK_ENABLE)) { > + gcs_mode = PR_SHADOW_STACK_ENABLE; > + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, > + gcs_mode); > + if (ret) { > + ksft_print_msg("Failed to configure GCS: %d\n", ret); > + return EXIT_FAILURE; > + } > + } > + > + /* Avoid returning in case libc doesn't understand GCS */ > + exit(test_harness_run(argc, argv)); > +} -- Thiago