Re: [PATCH v10 18/40] arm64/mm: Handle GCS data aborts

[PATCH v10 00/40] arm64/gcs: Provide support for GCS in userspace · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 01/40] arm64/mm: Restructure arch_validate_flags() for extensibility · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 01/40] arm64/mm: Restructure arch_validate_flags() for extensibility · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-15
[PATCH v10 02/40] prctl: arch-agnostic prctl for shadow stack · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 02/40] prctl: arch-agnostic prctl for shadow stack · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-15
[PATCH v10 03/40] mman: Add map_shadow_stack() flags · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 03/40] mman: Add map_shadow_stack() flags · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-15
[PATCH v10 04/40] arm64: Document boot requirements for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 04/40] arm64: Document boot requirements for Guarded Control Stacks · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-15
Re: [PATCH v10 04/40] arm64: Document boot requirements for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2024-08-15
[PATCH v10 05/40] arm64/gcs: Document the ABI for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 05/40] arm64/gcs: Document the ABI for Guarded Control Stacks · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
Re: [PATCH v10 05/40] arm64/gcs: Document the ABI for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2024-08-16
[PATCH v10 06/40] arm64/sysreg: Add definitions for architected GCS caps · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 06/40] arm64/sysreg: Add definitions for architected GCS caps · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 07/40] arm64/gcs: Add manual encodings of GCS instructions · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 07/40] arm64/gcs: Add manual encodings of GCS instructions · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 08/40] arm64/gcs: Provide put_user_gcs() · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 08/40] arm64/gcs: Provide put_user_gcs() · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 09/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 09/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 10/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 10/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 11/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 11/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-16
[PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2024-08-15
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2024-08-15
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2024-08-16
Re: [PATCH v10 12/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
[PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Mark Brown <broonie@kernel.org> · 2024-08-19
Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-20
Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Mark Brown <broonie@kernel.org> · 2024-08-20
Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-20
[PATCH v10 14/40] KVM: arm64: Manage GCS access and registers for guests · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 14/40] KVM: arm64: Manage GCS access and registers for guests · Marc Zyngier <maz@kernel.org> · 2024-08-16
Re: [PATCH v10 14/40] KVM: arm64: Manage GCS access and registers for guests · Mark Brown <broonie@kernel.org> · 2024-08-16
Re: [PATCH v10 14/40] KVM: arm64: Manage GCS access and registers for guests · Marc Zyngier <maz@kernel.org> · 2024-08-16
[PATCH v10 15/40] arm64/idreg: Add overrride for GCS · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 15/40] arm64/idreg: Add overrride for GCS · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
[PATCH v10 16/40] arm64/hwcap: Add hwcap for GCS · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 16/40] arm64/hwcap: Add hwcap for GCS · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
[PATCH v10 17/40] arm64/traps: Handle GCS exceptions · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 17/40] arm64/traps: Handle GCS exceptions · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
[PATCH v10 18/40] arm64/mm: Handle GCS data aborts · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 18/40] arm64/mm: Handle GCS data aborts · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
Re: [PATCH v10 18/40] arm64/mm: Handle GCS data aborts · Mark Brown <broonie@kernel.org> · 2024-08-19
[PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Mark Brown <broonie@kernel.org> · 2024-08-19
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-20
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Mark Brown <broonie@kernel.org> · 2024-08-20
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
Re: [PATCH v10 19/40] arm64/gcs: Context switch GCS state for EL0 · Mark Brown <broonie@kernel.org> · 2024-08-21
[PATCH v10 20/40] arm64/gcs: Ensure that new threads have a GCS · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 20/40] arm64/gcs: Ensure that new threads have a GCS · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-19
Re: [PATCH v10 20/40] arm64/gcs: Ensure that new threads have a GCS · Mark Brown <broonie@kernel.org> · 2024-08-19
Re: [PATCH v10 20/40] arm64/gcs: Ensure that new threads have a GCS · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-20
[PATCH v10 21/40] arm64/gcs: Implement shadow stack prctl() interface · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 21/40] arm64/gcs: Implement shadow stack prctl() interface · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
Re: [PATCH v10 21/40] arm64/gcs: Implement shadow stack prctl() interface · Mark Brown <broonie@kernel.org> · 2024-08-21
[PATCH v10 22/40] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 22/40] arm64/mm: Implement map_shadow_stack() · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
[PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Dave Martin <Dave.Martin@arm.com> · 2024-08-14
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2024-08-14
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2024-08-21
Re: [PATCH v10 23/40] arm64/signal: Set up and restore the GCS context for signal handlers · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
[PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Dave Martin <Dave.Martin@arm.com> · 2024-08-14
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Mark Brown <broonie@kernel.org> · 2024-08-14
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Mark Brown <broonie@kernel.org> · 2024-08-15
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Dave Martin <Dave.Martin@arm.com> · 2024-08-15
Re: [PATCH v10 24/40] arm64/signal: Expose GCS state in signal frames · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
[PATCH v10 25/40] arm64/ptrace: Expose GCS via ptrace and core files · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 25/40] arm64/ptrace: Expose GCS via ptrace and core files · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
Re: [PATCH v10 25/40] arm64/ptrace: Expose GCS via ptrace and core files · Mark Brown <broonie@kernel.org> · 2024-08-21
Re: [PATCH v10 25/40] arm64/ptrace: Expose GCS via ptrace and core files · Mark Brown <broonie@kernel.org> · 2024-08-21
[PATCH v10 26/40] arm64: Add Kconfig for Guarded Control Stack (GCS) · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 26/40] arm64: Add Kconfig for Guarded Control Stack (GCS) · Catalin Marinas <catalin.marinas@arm.com> · 2024-08-21
[PATCH v10 27/40] kselftest/arm64: Verify the GCS hwcap · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 28/40] kselftest: Provide shadow stack enable helpers for arm64 · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 29/40] selftests/clone3: Enable arm64 shadow stack testing · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 31/40] kselftest/arm64: Add framework support for GCS to signal handling tests · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 32/40] kselftest/arm64: Allow signals tests to specify an expected si_code · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 33/40] kselftest/arm64: Always run signals tests with GCS enabled · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 34/40] kselftest/arm64: Add very basic GCS test program · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 35/40] kselftest/arm64: Add a GCS test program built with the system libc · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 36/40] kselftest/arm64: Add test coverage for GCS mode locking · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 37/40] kselftest/arm64: Add GCS signal tests · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 38/40] kselftest/arm64: Add a GCS stress test · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 39/40] kselftest/arm64: Enable GCS for the FP stress tests · Mark Brown <broonie@kernel.org> · 2024-08-01
[PATCH v10 40/40] KVM: selftests: arm64: Add GCS registers to get-reg-list · Mark Brown <broonie@kernel.org> · 2024-08-01
Re: [PATCH v10 00/40] arm64/gcs: Provide support for GCS in userspace · Anders Roxell <hidden> · 2024-08-02
Re: [PATCH v10 00/40] arm64/gcs: Provide support for GCS in userspace · Marc Zyngier <maz@kernel.org> · 2024-08-16

From: Catalin Marinas <catalin.marinas@arm.com>
Date: 2024-08-19 09:18:00
Also in: kvmarm, linux-arch, linux-arm-kernel, linux-fsdevel, linux-kselftest, linux-mm, linux-riscv, lkml

On Thu, Aug 01, 2024 at 01:06:45PM +0100, Mark Brown wrote:

quoted hunk ↗ jump to hunk

diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 451ba7cbd5ad..0973dd09f11a 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c

@@ -486,6 +486,14 @@ static void do_bad_area(unsigned long far, unsigned long esr,
 	}
 }
 
+static bool is_gcs_fault(unsigned long esr)
+{
+	if (!esr_is_data_abort(esr))
+		return false;
+
+	return ESR_ELx_ISS2(esr) & ESR_ELx_GCS;
+}
+
 static bool is_el0_instruction_abort(unsigned long esr)
 {
 	return ESR_ELx_EC(esr) == ESR_ELx_EC_IABT_LOW;

@@ -500,6 +508,25 @@ static bool is_write_abort(unsigned long esr)
 	return (esr & ESR_ELx_WNR) && !(esr & ESR_ELx_CM);
 }
 
+static bool is_invalid_gcs_access(struct vm_area_struct *vma, u64 esr)
+{
+	if (!system_supports_gcs())
+		return false;
+
+	if (unlikely(is_gcs_fault(esr))) {
+		/* GCS accesses must be performed on a GCS page */
+		if (!(vma->vm_flags & VM_SHADOW_STACK))
+			return true;
+		if (!(vma->vm_flags & VM_WRITE))
+			return true;

Do we need the VM_WRITE check here? Further down in do_page_fault(), we
already do the check as we set vm_flags = VM_WRITE.

quoted hunk ↗ jump to hunk

+	} else if (unlikely(vma->vm_flags & VM_SHADOW_STACK)) {
+		/* Only GCS operations can write to a GCS page */
+		return is_write_abort(esr);
+	}
+
+	return false;
+}
+
 static int __kprobes do_page_fault(unsigned long far, unsigned long esr,
 				   struct pt_regs *regs)
 {

@@ -535,6 +562,14 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr,
 		/* It was exec fault */
 		vm_flags = VM_EXEC;
 		mm_flags |= FAULT_FLAG_INSTRUCTION;
+	} else if (is_gcs_fault(esr)) {
+		/*
+		 * The GCS permission on a page implies both read and
+		 * write so always handle any GCS fault as a write fault,
+		 * we need to trigger CoW even for GCS reads.
+		 */
+		vm_flags = VM_WRITE;
+		mm_flags |= FAULT_FLAG_WRITE;
 	} else if (is_write_abort(esr)) {
 		/* It was write fault */
 		vm_flags = VM_WRITE;
@@ -568,6 +603,13 @@ static int __kprobes do_page_fault(unsigned long far, unsigned long esr,
 	if (!vma)
 		goto lock_mmap;
 
+	if (is_invalid_gcs_access(vma, esr)) {
+		vma_end_read(vma);
+		fault = 0;
+		si_code = SEGV_ACCERR;
+		goto bad_area;
+	}
+
 	if (!(vma->vm_flags & vm_flags)) {
 		vma_end_read(vma);
 		fault = 0;

This check I mentioned above.

I was wondering whether we should prevent mprotect(PROT_READ) on the GCS
page. But I guess that's fine, we'll SIGSEGV later if we get an invalid
GCS access.

-- 
Catalin

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help