From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A70EC52D7C for ; Wed, 21 Aug 2024 17:57:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A5626B00C6; Wed, 21 Aug 2024 13:57:27 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 455686B00EC; Wed, 21 Aug 2024 13:57:27 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 31D316B00DC; Wed, 21 Aug 2024 13:57:27 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 141526B016E for ; Wed, 21 Aug 2024 13:57:27 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id B7109C0C64 for ; Wed, 21 Aug 2024 17:57:26 +0000 (UTC) X-FDA: 82477009692.12.8A836E8 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id 16A8D18001D for ; Wed, 21 Aug 2024 17:57:24 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724263004; a=rsa-sha256; cv=none; b=7AIp2/q/nLR8SJstsalM9qZk9zCkfvcia6eB3ETSJcyhuBmLw3f9ZHAmwdEClX7FIdkmPX Q7Wpxle14oM4afwT/5zrSaO+u9/78CI0IeV+enGe46C5e3ZpPj2kAfrXy/224uygIx9odg 2f5Nx45uVuDfrn8Hef80PFif535Lcg0= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724263004; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gIxzgQRMjOVqcJgKKJmz/ZKb2iDY/yhn/C6TAkjUANo=; b=0ex6vJhnmetzEZ15VinOXl2b6GMgX40sYvqW64B+pTld6Pd5paryoSb+gl4BJNHOoqM32B ONWb9B5/7gxwZPoNXhJv8P/pMSJyBHcqXyfp+qee+q8ueGI9WJ5VRDp91XlluIYA8EV7nh iheyjcf3pL07edsQWfH5SLQ13CPyDyA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1188D610E7; Wed, 21 Aug 2024 17:57:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39F22C32781; Wed, 21 Aug 2024 17:57:18 +0000 (UTC) Date: Wed, 21 Aug 2024 18:57:16 +0100 From: Catalin Marinas To: Mark Brown Cc: Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy , Kees Cook , "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , Florian Weimer , Christian Brauner , Thiago Jung Bauermann , Ross Burton , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Subject: Re: [PATCH v10 25/40] arm64/ptrace: Expose GCS via ptrace and core files Message-ID: References: <20240801-arm64-gcs-v10-0-699e2bd2190b@kernel.org> <20240801-arm64-gcs-v10-25-699e2bd2190b@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240801-arm64-gcs-v10-25-699e2bd2190b@kernel.org> X-Stat-Signature: m6spjjar8gob4pqqfx4wst95rrzzxdyn X-Rspamd-Queue-Id: 16A8D18001D X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1724263044-74896 X-HE-Meta: U2FsdGVkX1/jvN75N2HHV169GnY+qQNo1lEBrPbcilo01NttUE6Rta1o5dI3JIUaOoeJRyx6+LC9BSvtyZ8tVyejz23m5lLg5oxkpZnGAMu+lhQIPhA/JbEkN1Q+PDj66ne/uAXmt7VlIbV94nnin0XHYA7JFnc9bNvQhzufehIjQUQGSnb1FGny2boiVUNGJLzh8UlY1PfvVw5lmNNb+8CCdnWRsbm4feyin1B+xCDj8OC3ulSLBFItpIAwfc6jxaaGzjPmscbc5/6BUVXxDMNWbUY9x5HJa0BUt84cjeamtcmi/bioklf2X66rzGkEAWvzgU2BveZTfz0pq6EPOgPapUZs9/vM+g/crvfsKD9EZw3zDS2ysLenlIZodRjf1egwzS8s+BBL3yxzK4qVqRvbzcdBu9gvkRP7ssEgzkwQqNrmLs0FbM8arOLmMekoYWMc6GUm0TJdQzA/ML5HhEuAU2XY9Ms0CDtawcGoXBHAK/VPexxiqYEUqhi1wefS9fSmbxjNYAJBDUsx1FnQdC8PPia86shMuluTN2+jjVduK9ooTKPXTA7dyY0u7X1Ky8GhexfA7gDMNwXXwwVql2eavlmRRfqOy4q5hn43byB+i3AQmaKvYCg8R9Q6RKCkECvVfhfkNMq4Zc1XTDAPLmRGaWaypNiuqUve9u6AtoCshA4Bl044w7n1DZ7DXIjbzoi0TZ/PGfCYuihH7bCx82viY4hbpOWQxbDjiFrCoS+XmeR01FTSYwq41mWuWn0aaybDN33vg9AMFobsd81Vp1PiFMNg+rthte111rtpAQBgcLERZnKhiH9IwKxkfDk2M3gbtlEsaX32ir2WSpd4bQBfynxwaUROfzaZby2twU8HM06XITScV9E3J1Bhysca/Vx8pfgH5q67yFZ7CxqQNIhcg7zSgMw5zRO5RpzgsniO0HpeNaW6mBnJdI1BTQ0zQ2DVX0wM/YjkAT+Lw+W VD3zU3Pv ghDcbM/YBN9YHW058OKWqciIBdDaNUfDEI5kc8G785Q+U9skG5LYh4dzMsZdJxCy26YgxHu8ZADT1+q9io23YfJrr/JPXYPDfnz6GpJEBpp7iAsuWym7QlV//yW6ZMW/eRhGBCGFMj460iofrYnJ4H33++NSJc++C8q6TLgSa5BuD6EPqyChSuW6Xkz8zlgO+FhSUHW1dDmNvrpotxThr1d87UTsfeIw/0amDMkhQJ9C0d1HOKDN914yqtEm4SmNDtxFo6nJSjh30OOU2bWeCiGy/8X15gHCHORCITWpMtccC8mSZVfBhETmxSxYrQDumoIeUhxGWBb+KjOb9qXQHiqYnwrVD/Q1GjDHiLcX2VhKvssFcso3HpXYpS65WEBT2i+nXAwmeD+60SyMapR9EDepYVzNEMbjHPcZ2YB2BaIMK5zU= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Aug 01, 2024 at 01:06:52PM +0100, Mark Brown wrote: > @@ -1440,6 +1441,51 @@ static int tagged_addr_ctrl_set(struct task_struct *target, const struct > } > #endif > > +#ifdef CONFIG_ARM64_GCS > +static int gcs_get(struct task_struct *target, > + const struct user_regset *regset, > + struct membuf to) > +{ > + struct user_gcs user_gcs; > + > + if (target == current) > + gcs_preserve_current_state(); > + > + user_gcs.features_enabled = target->thread.gcs_el0_mode; > + user_gcs.features_locked = target->thread.gcs_el0_locked; > + user_gcs.gcspr_el0 = target->thread.gcspr_el0; If it's not the current thread, I guess the task was interrupted, scheduled out (potentially on another CPU) and its GCSPR_EL0 saved. > + > + return membuf_write(&to, &user_gcs, sizeof(user_gcs)); > +} > + > +static int gcs_set(struct task_struct *target, const struct > + user_regset *regset, unsigned int pos, > + unsigned int count, const void *kbuf, const > + void __user *ubuf) > +{ > + int ret; > + struct user_gcs user_gcs; > + > + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &user_gcs, 0, -1); > + if (ret) > + return ret; > + > + if (user_gcs.features_enabled & ~PR_SHADOW_STACK_SUPPORTED_STATUS_MASK) > + return -EINVAL; > + > + /* Do not allow enable via ptrace */ > + if ((user_gcs.features_enabled & PR_SHADOW_STACK_ENABLE) && > + !(target->thread.gcs_el0_mode & PR_SHADOW_STACK_ENABLE)) > + return -EBUSY; > + > + target->thread.gcs_el0_mode = user_gcs.features_enabled; > + target->thread.gcs_el0_locked = user_gcs.features_locked; > + target->thread.gcspr_el0 = user_gcs.gcspr_el0; As in the previous thread, I thought we need to restore GCSPR_EL0 unconditionally. I don't particularly like that this register becomes some scrap one that threads can use regardless of GCS. Not sure we have a simple solution. We could track three states: GCS never enabled, GCS enabled and GCS disabled after being enabled. It's probably not worth it. On ptrace() access to the shadow stack, we rely on the barrier in the context switch code if stopping a thread. If other threads are running on other CPUs, it's racy anyway even for normal accesses, so I don't think we need to do anything more for ptrace. -- Catalin