- linux-morello - op-lists.linaro.org

[PATCH v2] tee: change type 'unsigned long' to 'user_uintptr_t' in 'tee_ioctl' function

by Menna Mahmoud

When enabling 'CONFIG_TEE' and 'CONFIG_OPTEE', The function `tee_ioctl` requires the use of user_uintptr_t type as argument so change the argument type from unsigned long to user_uintptr_t. --- v2..v1: - Edit commit message. - Add Morello defconfig. Signed-off-by: Menna Mahmoud <eng.mennamahmoud.mm(a)gmail.com> --- arch/arm64/configs/morello_transitional_pcuabi_defconfig | 2 ++ drivers/tee/tee_core.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/arm64/configs/morello_transitional_pcuabi_defconfig b/arch/arm64/configs/morello_transitional_pcuabi_defconfig index 0f692600a181..0ca1bc412b1f 100644 --- a/arch/arm64/configs/morello_transitional_pcuabi_defconfig +++ b/arch/arm64/configs/morello_transitional_pcuabi_defconfig @@ -155,6 +155,8 @@ CONFIG_KEYS=y CONFIG_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_SELINUX=y +CONFIG_TEE=y +CONFIG_OPTEE=y CONFIG_PRINTK_TIME=y CONFIG_DEBUG_KERNEL=y CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c index 0eb342de0b00..2d0188c75549 100644 --- a/drivers/tee/tee_core.c +++ b/drivers/tee/tee_core.c @@ -815,7 +815,7 @@ static int tee_ioctl_supp_send(struct tee_context *ctx, return rc; } -static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) +static long tee_ioctl(struct file *filp, unsigned int cmd, user_uintptr_t arg) { struct tee_context *ctx = filp->private_data; void __user *uarg = (void __user *)arg; -- 2.25.1

1 year

2
2
0 0

[MORELLO-SDK] Morello Linux 1.6.1

by Vincenzo Frascino

Hi All, I am glad to inform you on the availability of a new version of our SDK and base rootfs images for Morello (1.6.1). After months of hard work we are happy to share with you what we put together. Honoring our motto "Let Linux developers focus on the porting of their own application", we feel that this is another steps in the right direction. [Morello SDK] In less than 10 minutes you should be able to setup a docker container with everything you need to build an application for Morello. - Documentation: https://sdk.morello-project.org/ - Code repository: https://git.morello-project.org/morello/morello-sdk New in 1.6.1: - Dynamic linking support for llvm/musl. - Experimental C++ support for llvm/musl. - Initial version of GCC/GLibC (with static linking). If you want to try a demo of the SDK that runs on a Morello FVP (for more information on what is an FVP: www.morello-project.org) please have a look below: [Morello Linux] In less than 10 minutes you should be able to setup a docker container with everything you need to build and boot into a Morello Debian environment. - Documentation: https://linux.morello-project.org/ - Code repository: https://git.morello-project.org/morello/morello-linux Note: The documentation covers the instructions for Linux but if you know what you are doing and are familiar with docker no one stops you from running our solution on Windows or Mac. New in 1.6.1: - New kernel based on Linux 6.4. - Graphic environment support with 3D acceleration (compat mode only). - Shared folders support on FVP to simplify development. Note: This release does not include a new version of the Android environment. Further Android releases are now deprecated. Ongoing releases will focus on the Morello Linux Environment. Are we done with it? No, by any mean. This is just the beginning and we need your help and collaboration to make sure that we improve our solution to meet developers needs: your needs! So why don't you try it and let us know your thoughts? Thanks and Regards, Vincenzo

1 year

1
0
0 0

[Announcement] Integration drop 1.6.1 - changelog

by Kevin Brodsky

Hi, The top of the master branch has been tagged [1] as part of the integration drop 1.6.1. Below is the changelog for kernel users, since the previous integration drop (1.6). PCuABI-related changes ---------------------- An important milestone has been reached regarding the support for the pure-capability kernel-user ABI (PCuABI). So far, our efforts have been focused on functional support for the ABI, and we have reached a satisfactory level of compliance. We are now progressively shifting towards the security aspects of the ABI, in other words checking capabilities provided by userspace and narrowing the bounds and permissions of those provided to userspace, as per the PCuABI specification [2]. A few aspects have now been implemented, see the last two items below. * The io_uring and AIO subsystems have been modified to operate on full capabilities in PCuABI. See the PCuABI specification [3] for further details concerning io_uring (update for AIO coming soon). * The futex_waitv syscall has been modified to read full capabilities in PCuABI. Updated struct definitions are available in the PCuABI specification [4] (in addition to the relevant uapi headers). * The bounds of all user capabilities have been narrowed to the user address space (48-bit by default), in both PCuABI and the standard AArch64 ABI. * Capabilities passed to the futex syscall are now checked for validity by directly using them to access memory. Other changes ------------- * All CHERI/Morelo-related documentation can now be found under Documentation/cheri [5] (or linked from there). * Support for kernel modules has been enabled. * The following drivers have been enabled in morello_transitional_pcuabi_defconfig: NFS (including NFS rootfs), TUN, TAP, CoreSight. * The Morello kselftests can now be built with GCC. * The branch has been rebased on the 6.4 upstream release. No Morello-related user-visible change is expected, see this email [6] for details. Bug fixes --------- * The fcntl syscall used to treat its optional third argument as a 64-bit integer, where the command expects an integer, instead of the documented 32-bit. In certain cases, it also assumed that the upper 32 bits are zeroes. This cannot be guaranteed in general, especially not in the Morello purecap variadic PCS. fnctl now always treats an integer argument as 32-bit. This issue has also been fixed upstream [7]. * In a standard AArch64 process (compat64), a stale SP value could be set when delivering two signal consecutively. Additionally, if the interrupted context was running in Restricted, the signal was incorrectly delivered on the Restricted stack (instead of Executive). Both of these issues have been fixed. Contributions ------------- Kudos to everyone who has contributed to Morello Linux! Here are the contributors and number of patches since the previous integration drop: 28 Kevin Brodsky <kevin.brodsky(a)arm.com> 20 Tudor Cretu <tudor.cretu(a)arm.com> 13 Amit Daniel Kachhap <amit.kachhap(a)arm.com> 11 Luca Vizzarro <Luca.Vizzarro(a)arm.com> 3 Pawel Zalewski <pzalewski(a)thegoodpenguin.co.uk> 2 Harrison Marcks <hmarcks(a)thegoodpenguin.co.uk> 2 Kristina Martsenko <kristina.martsenko(a)arm.com> 2 Vincenzo Frascino <vincenzo.frascino(a)arm.com> 1 Harry Ramsey <harry.ramsey(a)arm.com> Special thanks are also extended to everyone who has assisted in reviewing these patches. Cheers, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/commits/morello-rele… [2] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [3] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [4] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [5] https://git.morello-project.org/morello/kernel/linux/-/tree/morello-release… [6] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [7] https://lore.kernel.org/linux-fsdevel/20230414152459.816046-1-Luca.Vizzarro…

1 year

1
0
0 0

Run OP-TEE on Morello kernel issue

by Menna Mahmoud

Hi All, I have an issue with running OP-TEE on the Morello kernel, I posted it here: https://github.com/OP-TEE/optee_os/issues/6244 Can anyone help me? Thanks in advance, Menna

1 year, 1 month

1
0
0 0

Re: [PATCH] tee: change type 'unsigned long' to 'user_uintptr_t' in 'tee_ioctl' function

by Vincenzo Frascino

Hi Menna, Please always keep the list in copy for any communication. On 7/12/23 14:32, Menna Mahmoud wrote: > Hi Vincenzo, > > On Wed, 12 Jul 2023 at 16:24, Vincenzo Frascino <vincenzo.frascino(a)arm.com> > wrote: > >> Hi Menna, >> >> On 7/12/23 14:01, Menna Mahmoud wrote: >>> Where fvp.dtb exists? , I couldn't find it. >> >> Is the dtb file you are generating to with the kernel compilation. >> You need to copy it over and *rename* it as fvp.dtb. >> > > Sorry for disturbing, but which one: > > ``` > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts$ ls > actions amlogic broadcom intel microchip renesas tesla > allwinner apm cavium lg nuvoton rockchip ti > altera apple exynos Makefile nvidia socionext toshiba > amazon arm freescale marvell qcom sprd xilinx > amd bitmain hisilicon mediatek realtek synaptics > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts$ cd arm > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts/arm$ ls > corstone1000.dtsi foundation-v8-gicv3.dtb fvp-base-revc.dtb > juno-r1.dts juno-scmi.dtsi > corstone1000-fvp.dtb foundation-v8-gicv3.dts fvp-base-revc.dts > juno-r1-scmi.dtb Makefile > corstone1000-fvp.dts foundation-v8-gicv3.dtsi juno-base.dtsi > juno-r1-scmi.dts rtsm_ve-aemv8a.dtb > corstone1000-mps3.dtb foundation-v8-gicv3-psci.dtb juno-clocks.dtsi > juno-r2.dtb rtsm_ve-aemv8a.dts > corstone1000-mps3.dts foundation-v8-gicv3-psci.dts juno-cs-r1r2.dtsi > juno-r2.dts rtsm_ve-motherboard.dtsi > foundation-v8.dtb foundation-v8-psci.dtb juno.dtb > juno-r2-scmi.dtb rtsm_ve-motherboard-rs2.dtsi > foundation-v8.dts foundation-v8-psci.dts juno.dts > juno-r2-scmi.dts vexpress-v2f-1xv7-ca53x2.dtb > foundation-v8.dtsi foundation-v8-psci.dtsi > juno-motherboard.dtsi juno-scmi.dtb vexpress-v2f-1xv7-ca53x2.dts > foundation-v8-gicv2.dtsi foundation-v8-spin-table.dtsi juno-r1.dtb > juno-scmi.dts vexpress-v2m-rs1.dtsi > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts/arm$ > > ``` > This is not the morello kernel you compiled with the OPTEE fixes. That kernel should have a "morello-fvp.dtb" which you need to rename into "fvp.dtb". Thanks. >> >> -- >> Regards, >> Vincenzo >> > -- Regards, Vincenzo

1 year, 1 month

2
14
0 0

[PATCH v3 0/7] Add explicit capability checking

by Luca Vizzarro

Hi again, v3 is here for the explicit capability checking series regarding the issue #7[1]. Patch series tested, with CI and locally, and passing with flying colours, this can also be found on my fork[2]. Kind regards, Luca [1] https://git.morello-project.org/morello/kernel/linux/-/issues/7 [2] https://git.morello-project.org/Sevenarth/linux/-/commits/morello/gup-check… v3: - rebased onto morello/next - amended commit description for "gup: Add explicit capability checks" - refactored mm/gup.c - refactored lib/iov_iter.c - removed bpf patch - moved USB Request Block explicit check to proc_do_submiturb - removed explicit check in get_futex_key - changed prototype of io_uring_cmd_import_fixed and io_import_fixed to use a pointer type and adjusted the relevant castings - fixed io_uring_cmd_import_fixed prototype for !defined(CONFIG_IO_URING) - refactored explicit check in io_uring/kbuf.c:io_register_pbuf_ring(..) - removed explicit check from io_uring/kbuf.c:io_add_buffers(..) - rephrased the no explicit check needed note in io_sqe_buffer_register - reverted "struct io_mapped_ubuf" to use u64 - removed explicit check from io_uring_cmd_prep - updated TODO for the NVMe driver Luca Vizzarro (7): gup: Add explicit capability checks iov_iter: Add explicit capability checks usb: core: Fix copy of URB from userspace usb: core: Add explicit capability checks futex: Add explicit capability checks io_uring: Add explicit capability checks nvme: Add TODO for PCuABI implementation drivers/nvme/host/ioctl.c | 1 + drivers/usb/core/devio.c | 7 +++++-- include/linux/io_uring.h | 6 +++--- include/linux/pagemap.h | 2 +- io_uring/kbuf.c | 26 ++++++++++++++------------ io_uring/net.c | 3 +-- io_uring/rsrc.c | 18 +++++++++++++++--- io_uring/rsrc.h | 2 +- io_uring/rw.c | 3 +-- io_uring/uring_cmd.c | 2 +- kernel/futex/core.c | 11 ++++++++--- lib/iov_iter.c | 26 ++++++++++++++++++++++---- mm/gup.c | 6 ++++-- 13 files changed, 77 insertions(+), 36 deletions(-) -- 2.34.1

1 year, 1 month

3
13
0 0

[linux-morello][PATCH V2 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. V2 adds "Signed off" message 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

1 year, 1 month

2
3
0 0

6.4 rebase

by Kevin Brodsky

Hi, The morello/next branch has been rebased from v6.1 to v6.4. Make sure to reset/rebase any local branch tracking next. The final 6.1-based commit has been tagged morello-last-6.1. There should be no user-visible change following this rebase, aside from upstream changes between 6.1 and 6.4. The rest of this email provides a detailed changelog for developers. Cheers, Kevin -------------- Noteworthy changes: - Reverted access_ok() to its original interface by dropping "uaccess: Allow any address/pointer type for access_ok()". This was motivated by the incompatibility that patch created with [1], and the weak justification behind it. We almost always have (or should have) a user pointer available when calling access_ok(), so changing its interface creates more problems than it solves. Related changes: * Added "uaccess: Fix user pointer downcast" and "arm64: uaccess: Extract user address before untagging" to replace that patch. * Dropped "kernel/fork: Remove unnecessary cast when using access_ok()" * Replaced "mm/(gup, mincore): Remove unnecessary cast when using access_ok()" with: - "mm/gup: Create user pointer when calling access_ok()" - "mm/mincore: Temporarily create a user pointer for access_ok()" * Updated "Documentation: core-api: Add a new document about user pointers" accordingly. - The upsizing in "io_uring: Enlarge struct io_cmd_data in PCuABI" had to be revised upwards due to [2] and [3] (each adding 16 bytes to struct io_sr_msg due to alignment requirements). struct io_cmd_data is now 2 cachelines instead of 1.5 (96 -> 128 bytes). - Tweaked "io_uring: Implement compat versions of uAPI structs and handle them" to align it with following upstream patch series: * "User mapped provided buffer rings" [4]: aligned with the renaming of struct io_uring_buf_reg::pad to ::flags; moved the ring size calculation from io_alloc_pbuf_ring() and io_pin_pbuf_ring() to io_register_pbuf_ring(), in order to calculate the size of the ring correctly in the compat case in both cases (without duplicating it). * "io_uring: Pass the whole sqe to commands" [5]: as a result of this series, io_uring commands get a pointer to a full (native) SQE, even in compat. To avoid giving them access to uninitialised memory, changed convert_compat64_io_uring_sqe() to zero out the end of the cmd array in the output SQE. - Used new vm_flags accessor in "io_uring: Allow capability tag access on the shared memory" and "aio: Allow capability tag access on the shared memory", following [6]. - Updated a few more prototypes to pass user_data as __kernel_uintptr_t in "io_uring: Use user pointer type in the uAPI structs", due to [7]. - [8] provides a similar functionality to "module: Allow arch overrides for ELF arch check". The latter was dropped and "module: Enable module loading for PCuABI kernels" was adapted to use the interface introduced by [8] (thanks Kristina). Minor changes: - Updated "arm64: morello: Disable trapping early and unconditionally" to stash LR into TPIDR_EL0 in init_kernel_el as [9] causes LR to be clobbered by a subsequent call (on the Morello board, not FVP). - Aligned "arm64: morello: Signal handling support" with recent changes to arch/arm64/kernel/signal.c - Updated NSIGSEGV in all assertions in "arm64: morello: Handle capability faults" - Updated "tracing/syscalls: Allow amending metadata macro arguments" to take care of new uses of SYSCALL_METADATA() in arch code (powerpc). - Added a #include <linux/user_ptr.h> in "arm64: memory: Always return a u64 in untagged_addr()", as it looks like asm/signal.h no longer (implicitly) includes it. - Extended "fs/ioctl: Modify 3rd argument of fops->unlocked_ioctl to user_uintptr_t" to handle the ioctl wrappers added by [10]. - Replaced "iov_iter: use copy_from_user_with_ptr for struct iovec" with a new patch "iov_iter: Use get_user_ptr for PCuABI support", as copy_iovec_from_user() now uses get_user() instead of copy_from_user() (see [11]). The new patch was moved earlier in the branch to preserve bisectability. - Moved "tcp: Explicitly create user pointers" earlier in the branch to preserve bisectability (without warning). - "arm64: configs: Add Morello transitional PCuABI defconfig" and "arm64: morello: Enable basic 9P FS support in transitional defconfig" updated as per make savedefconfig. Dropped: - "arm64: signal: Flatten restore_sigframe() error handling" (it doesn't make much sense any more, considering recent additions to that function). - "mm/hugetlb: Use appropriate user pointer conversions" and "mm/shmem: Use appropriate user pointer conversions" (reverted as part of the recently merged "New user_ptr helpers for uaccess" series). - "arm64: entry-ftrace.S: Fix build when CONFIG_ARM64_MORELLO=y" (no longer needed thanks to [12]). - Landed in mainline and already included in v6.4: * "uapi/linux/const.h: Prefer ISO-friendly __typeof__" * "arm64: compat: Remove defines now in asm-generic" * "net: Finish up ->msg_control{,_user} split" * "memfd: Pass argument of memfd_fcntl as int" - "io_uring/kbuf: Fix size for shared buffer ring" (fixed upstream by [13]). [1] https://lore.kernel.org/all/20230410174345.4376-2-dev@der-flo.net/ [2] https://lore.kernel.org/all/f1a1ba93-1adf-63fa-6f0f-f3182f165841@kernel.dk/ [3] https://lore.kernel.org/all/0b0d4411-c8fd-4272-770b-e030af6919a0@kernel.dk/ [4] https://lore.kernel.org/io-uring/20230314171641.10542-1-axboe@kernel.dk/ [5] https://lore.kernel.org/all/20230504121856.904491-1-leitao@debian.org/ [6] https://lore.kernel.org/all/20230126193752.297968-3-surenb@google.com/ [7] https://lore.kernel.org/all/20221124093559.3780686-6-dylany@meta.com/ [8] https://lore.kernel.org/all/20221128041539.1742489-2-npiggin@gmail.com/ [9] https://lore.kernel.org/all/20230111102236.1430401-6-ardb@kernel.org/ [10] https://lore.kernel.org/all/20221205123903.159838-3-brgl@bgdev.pl/ [11] https://lore.kernel.org/all/CAHk-=wiC5OBj36LFKYRONF_B19iyuEjK2WQFJpyZ+-w39m… [12] https://lore.kernel.org/all/20221103170520.931305-5-mark.rutland@arm.com/ [13] https://lore.kernel.org/all/20230218184141.70891-1-wlukowicz01@gmail.com/

1 year, 1 month

1
0
0 0

[linux-morello][PATCH 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

1 year, 1 month

2
3
0 0

[PATCH V2 0/8] Add testcases for address space management syscalls

by Chaitanya S Prakash

Syscalls operating on memory mappings manage their address space via owning capabilities. They must adhere to a certain set of rules[1] in order to ensure memory safety. Address space management syscalls are only allowed to manipulate mappings that are within the range of the owning capability and have the appropriate permissions. Tests to vailidate the parameters being passed to the syscall, check its bounds, range as well as permissions have been added. Additionally, a signal handler has been registered to handle invalid memory access. Finally, as certain flags and syscalls conflict with the reservation model or lack implementation, a check to verify appropriate handling of the same has also been added. Review branch: https://git.morello-project.org/chaitanya_prakash/linux/-/tree/review/mmap_… This patch series has been tested on: https://git.morello-project.org/amitdaniel/linux/-/tree/review/extern_reser… [1] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… Changes in V2: - Added link to the review branch - Removed unnecessary whitespace Changes in V1: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Chaitanya S Prakash (8): kselftests/arm64/morello: Add necessary support for mmap testcases kselftests/arm64/morello: Add MAP_GROWSDOWN testcase kselftests/arm64/morello: Add parameter check testcases kselftests/arm64/morello: Add capability range testcases kselftests/arm64/morello: Add mmap() bounds check testcases kselftests/arm64/morello: Add mremap() bounds check testcases kselftests/arm64/morello: Add mremap() permission testcases kselftests/arm64/morello: Add brk() testcase .../testing/selftests/arm64/morello/Makefile | 1 + .../selftests/arm64/morello/freestanding.h | 62 ++- tools/testing/selftests/arm64/morello/mmap.c | 479 +++++++++++++++++- 3 files changed, 535 insertions(+), 7 deletions(-) -- 2.25.1

1 year, 1 month

3
35
0 0

2024

2023

2022