- linux-morello - op-lists.linaro.org

[PATCH v3 0/7] Add explicit capability checking

by Luca Vizzarro

Hi again, v3 is here for the explicit capability checking series regarding the issue #7[1]. Patch series tested, with CI and locally, and passing with flying colours, this can also be found on my fork[2]. Kind regards, Luca [1] https://git.morello-project.org/morello/kernel/linux/-/issues/7 [2] https://git.morello-project.org/Sevenarth/linux/-/commits/morello/gup-check… v3: - rebased onto morello/next - amended commit description for "gup: Add explicit capability checks" - refactored mm/gup.c - refactored lib/iov_iter.c - removed bpf patch - moved USB Request Block explicit check to proc_do_submiturb - removed explicit check in get_futex_key - changed prototype of io_uring_cmd_import_fixed and io_import_fixed to use a pointer type and adjusted the relevant castings - fixed io_uring_cmd_import_fixed prototype for !defined(CONFIG_IO_URING) - refactored explicit check in io_uring/kbuf.c:io_register_pbuf_ring(..) - removed explicit check from io_uring/kbuf.c:io_add_buffers(..) - rephrased the no explicit check needed note in io_sqe_buffer_register - reverted "struct io_mapped_ubuf" to use u64 - removed explicit check from io_uring_cmd_prep - updated TODO for the NVMe driver Luca Vizzarro (7): gup: Add explicit capability checks iov_iter: Add explicit capability checks usb: core: Fix copy of URB from userspace usb: core: Add explicit capability checks futex: Add explicit capability checks io_uring: Add explicit capability checks nvme: Add TODO for PCuABI implementation drivers/nvme/host/ioctl.c | 1 + drivers/usb/core/devio.c | 7 +++++-- include/linux/io_uring.h | 6 +++--- include/linux/pagemap.h | 2 +- io_uring/kbuf.c | 26 ++++++++++++++------------ io_uring/net.c | 3 +-- io_uring/rsrc.c | 18 +++++++++++++++--- io_uring/rsrc.h | 2 +- io_uring/rw.c | 3 +-- io_uring/uring_cmd.c | 2 +- kernel/futex/core.c | 11 ++++++++--- lib/iov_iter.c | 26 ++++++++++++++++++++++---- mm/gup.c | 6 ++++-- 13 files changed, 77 insertions(+), 36 deletions(-) -- 2.34.1

2 years

3
13
0 0

[linux-morello][PATCH V2 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. V2 adds "Signed off" message 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

2 years, 1 month

2
3
0 0

6.4 rebase

by Kevin Brodsky

Hi, The morello/next branch has been rebased from v6.1 to v6.4. Make sure to reset/rebase any local branch tracking next. The final 6.1-based commit has been tagged morello-last-6.1. There should be no user-visible change following this rebase, aside from upstream changes between 6.1 and 6.4. The rest of this email provides a detailed changelog for developers. Cheers, Kevin -------------- Noteworthy changes: - Reverted access_ok() to its original interface by dropping "uaccess: Allow any address/pointer type for access_ok()". This was motivated by the incompatibility that patch created with [1], and the weak justification behind it. We almost always have (or should have) a user pointer available when calling access_ok(), so changing its interface creates more problems than it solves. Related changes: * Added "uaccess: Fix user pointer downcast" and "arm64: uaccess: Extract user address before untagging" to replace that patch. * Dropped "kernel/fork: Remove unnecessary cast when using access_ok()" * Replaced "mm/(gup, mincore): Remove unnecessary cast when using access_ok()" with: - "mm/gup: Create user pointer when calling access_ok()" - "mm/mincore: Temporarily create a user pointer for access_ok()" * Updated "Documentation: core-api: Add a new document about user pointers" accordingly. - The upsizing in "io_uring: Enlarge struct io_cmd_data in PCuABI" had to be revised upwards due to [2] and [3] (each adding 16 bytes to struct io_sr_msg due to alignment requirements). struct io_cmd_data is now 2 cachelines instead of 1.5 (96 -> 128 bytes). - Tweaked "io_uring: Implement compat versions of uAPI structs and handle them" to align it with following upstream patch series: * "User mapped provided buffer rings" [4]: aligned with the renaming of struct io_uring_buf_reg::pad to ::flags; moved the ring size calculation from io_alloc_pbuf_ring() and io_pin_pbuf_ring() to io_register_pbuf_ring(), in order to calculate the size of the ring correctly in the compat case in both cases (without duplicating it). * "io_uring: Pass the whole sqe to commands" [5]: as a result of this series, io_uring commands get a pointer to a full (native) SQE, even in compat. To avoid giving them access to uninitialised memory, changed convert_compat64_io_uring_sqe() to zero out the end of the cmd array in the output SQE. - Used new vm_flags accessor in "io_uring: Allow capability tag access on the shared memory" and "aio: Allow capability tag access on the shared memory", following [6]. - Updated a few more prototypes to pass user_data as __kernel_uintptr_t in "io_uring: Use user pointer type in the uAPI structs", due to [7]. - [8] provides a similar functionality to "module: Allow arch overrides for ELF arch check". The latter was dropped and "module: Enable module loading for PCuABI kernels" was adapted to use the interface introduced by [8] (thanks Kristina). Minor changes: - Updated "arm64: morello: Disable trapping early and unconditionally" to stash LR into TPIDR_EL0 in init_kernel_el as [9] causes LR to be clobbered by a subsequent call (on the Morello board, not FVP). - Aligned "arm64: morello: Signal handling support" with recent changes to arch/arm64/kernel/signal.c - Updated NSIGSEGV in all assertions in "arm64: morello: Handle capability faults" - Updated "tracing/syscalls: Allow amending metadata macro arguments" to take care of new uses of SYSCALL_METADATA() in arch code (powerpc). - Added a #include <linux/user_ptr.h> in "arm64: memory: Always return a u64 in untagged_addr()", as it looks like asm/signal.h no longer (implicitly) includes it. - Extended "fs/ioctl: Modify 3rd argument of fops->unlocked_ioctl to user_uintptr_t" to handle the ioctl wrappers added by [10]. - Replaced "iov_iter: use copy_from_user_with_ptr for struct iovec" with a new patch "iov_iter: Use get_user_ptr for PCuABI support", as copy_iovec_from_user() now uses get_user() instead of copy_from_user() (see [11]). The new patch was moved earlier in the branch to preserve bisectability. - Moved "tcp: Explicitly create user pointers" earlier in the branch to preserve bisectability (without warning). - "arm64: configs: Add Morello transitional PCuABI defconfig" and "arm64: morello: Enable basic 9P FS support in transitional defconfig" updated as per make savedefconfig. Dropped: - "arm64: signal: Flatten restore_sigframe() error handling" (it doesn't make much sense any more, considering recent additions to that function). - "mm/hugetlb: Use appropriate user pointer conversions" and "mm/shmem: Use appropriate user pointer conversions" (reverted as part of the recently merged "New user_ptr helpers for uaccess" series). - "arm64: entry-ftrace.S: Fix build when CONFIG_ARM64_MORELLO=y" (no longer needed thanks to [12]). - Landed in mainline and already included in v6.4: * "uapi/linux/const.h: Prefer ISO-friendly __typeof__" * "arm64: compat: Remove defines now in asm-generic" * "net: Finish up ->msg_control{,_user} split" * "memfd: Pass argument of memfd_fcntl as int" - "io_uring/kbuf: Fix size for shared buffer ring" (fixed upstream by [13]). [1] https://lore.kernel.org/all/20230410174345.4376-2-dev@der-flo.net/ [2] https://lore.kernel.org/all/f1a1ba93-1adf-63fa-6f0f-f3182f165841@kernel.dk/ [3] https://lore.kernel.org/all/0b0d4411-c8fd-4272-770b-e030af6919a0@kernel.dk/ [4] https://lore.kernel.org/io-uring/20230314171641.10542-1-axboe@kernel.dk/ [5] https://lore.kernel.org/all/20230504121856.904491-1-leitao@debian.org/ [6] https://lore.kernel.org/all/20230126193752.297968-3-surenb@google.com/ [7] https://lore.kernel.org/all/20221124093559.3780686-6-dylany@meta.com/ [8] https://lore.kernel.org/all/20221128041539.1742489-2-npiggin@gmail.com/ [9] https://lore.kernel.org/all/20230111102236.1430401-6-ardb@kernel.org/ [10] https://lore.kernel.org/all/20221205123903.159838-3-brgl@bgdev.pl/ [11] https://lore.kernel.org/all/CAHk-=wiC5OBj36LFKYRONF_B19iyuEjK2WQFJpyZ+-w39m… [12] https://lore.kernel.org/all/20221103170520.931305-5-mark.rutland@arm.com/ [13] https://lore.kernel.org/all/20230218184141.70891-1-wlukowicz01@gmail.com/

2 years, 1 month

1
0
0 0

[linux-morello][PATCH 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

2 years, 1 month

2
3
0 0

[PATCH V2 0/8] Add testcases for address space management syscalls

by Chaitanya S Prakash

Syscalls operating on memory mappings manage their address space via owning capabilities. They must adhere to a certain set of rules[1] in order to ensure memory safety. Address space management syscalls are only allowed to manipulate mappings that are within the range of the owning capability and have the appropriate permissions. Tests to vailidate the parameters being passed to the syscall, check its bounds, range as well as permissions have been added. Additionally, a signal handler has been registered to handle invalid memory access. Finally, as certain flags and syscalls conflict with the reservation model or lack implementation, a check to verify appropriate handling of the same has also been added. Review branch: https://git.morello-project.org/chaitanya_prakash/linux/-/tree/review/mmap_… This patch series has been tested on: https://git.morello-project.org/amitdaniel/linux/-/tree/review/extern_reser… [1] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… Changes in V2: - Added link to the review branch - Removed unnecessary whitespace Changes in V1: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Chaitanya S Prakash (8): kselftests/arm64/morello: Add necessary support for mmap testcases kselftests/arm64/morello: Add MAP_GROWSDOWN testcase kselftests/arm64/morello: Add parameter check testcases kselftests/arm64/morello: Add capability range testcases kselftests/arm64/morello: Add mmap() bounds check testcases kselftests/arm64/morello: Add mremap() bounds check testcases kselftests/arm64/morello: Add mremap() permission testcases kselftests/arm64/morello: Add brk() testcase .../testing/selftests/arm64/morello/Makefile | 1 + .../selftests/arm64/morello/freestanding.h | 62 ++- tools/testing/selftests/arm64/morello/mmap.c | 479 +++++++++++++++++- 3 files changed, 535 insertions(+), 7 deletions(-) -- 2.25.1

2 years, 1 month

3
35
0 0

[linux-morello][PATCH v3 0/3] enable nfs rootfs

by Pawel Zalewski

This series of patches enables nfs rootfs support on the Morello board. Patch 01 is fixing the inital kernel build error associated with a wrong function pointer type within the sunrpc modules due to the unlocked_ioctl fp, the error occurs upon enabling nfs within the defconfig. Patch 02 deals with the fallout caused by changes inferred by patches 01. See details in the description of the patch. Patch 03 is enabling nfs rootfs by default in the kernel. It was confirmed that the kernel can boot with a nfs rootfs. V3 changes: - fix commit title @ patch 2 - align the change in proc.c Pawel Zalewski (3): net: sunrpc: fix unlocked_ioctl handler signature proc: change proc_ops.proc_ioct handler signature arm64: morello: enable nfs rootfs by default arch/arm64/configs/morello_transitional_pcuabi_defconfig | 2 ++ drivers/pci/proc.c | 4 ++-- include/linux/proc_fs.h | 2 +- net/sunrpc/cache.c | 6 +++--- net/sunrpc/rpc_pipe.c | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) -- 2.34.1

2 years, 1 month

3
6
0 0

[PATCH v4 0/7] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. v4..v3: - Restore flush_dcache_page in all places with the exception of one where is replaced with flush_kernel_vmap_range - Use ifdef instead of IS_ENABLED in a few places - Improve formatting v3..v2: - Improve the commit messages - Revert a few unrelated changes - Change compat_aio_context_t to compat_uptr_t - Remove io_events_compat union member - Improve code formatting - Add copy_to_user_with_ptr in copy_io_events_to_user - Split copy_from_user_with_ptr for struct __aio_sigset into a different patch v2..v1: - Add Patch 1 that fixes a parameter type for the compat handler - Split the change the types to user pointers into two patches: one for aio_context_t, and the other for io_event struct fields. - vmap all the ring pages at the beginning and cache them in the ctx - Don't remap the pages while allowing tag access to the shared memory. Setting the VM flags is enough. - Change aio_context_t to a void __user *. - Improve commit messages. - Refactor some of the functions for compat handling. - Create valid user pointers ctx_id when received from a compat task Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v4 Tudor Cretu (7): aio: Fix type of nr parameter in compat handler of io_submit aio: Use copy_from_user_with_ptr for struct __aio_sigset aio: vmap entire aio_ring instead of kmapping each page aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Change aio_context_t to a user pointer aio: Use user pointer type in the io_event struct fs/aio.c | 283 ++++++++++++++++++++++------------- include/asm-generic/compat.h | 4 +- include/uapi/linux/aio_abi.h | 12 +- 3 files changed, 186 insertions(+), 113 deletions(-) -- 2.34.1

2 years, 1 month

2
9
0 0

[PATCH v3] futex: Implement PCuABI for futex_waitv syscall

by Luca Vizzarro

PCuABI enablement entails providing support for userspace capability pointers which are 128-bit long instead of 64-bit. This commit implements the support for the futex_waitv syscall while maintaining the 64-bit compatibility. Signed-off-by: Luca Vizzarro <Luca.Vizzarro(a)arm.com> --- Hello! Sending in patch v3 for issue #48: https://git.morello-project.org/morello/kernel/linux/-/issues/48 Here you can find a branch with this patch: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/futex_wai… LTP fully passes. For the CI this fails only on the purecap tests since there has been a change in the linux headers. Therefore LTP would need to be recompiled against this for it to work. v3: - updated the copy_from_user function to copy_from_user_with_ptr for purecap v2 changes: - fixes bug where the offset of the futex_waitv list was always dependent on the size of the purecap struct instead of adapting to the compat one accordingly. - fixes the pointer cast in compat appropriately. It was mistakenly using __kernel_uintcap_t instead of __kernel_uintptr_t. Best, Luca --- include/uapi/linux/futex.h | 2 +- kernel/futex/syscalls.c | 32 +++++++++++++++++++++++++++++++- kernel/futex/waitwake.c | 4 ++-- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/futex.h b/include/uapi/linux/futex.h index 71a5df8d2689..93f701d89401 100644 --- a/include/uapi/linux/futex.h +++ b/include/uapi/linux/futex.h @@ -63,7 +63,7 @@ */ struct futex_waitv { __u64 val; - __u64 uaddr; + __kernel_uintptr_t uaddr; __u32 flags; __u32 __reserved; }; diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c index ad4ae797bb84..771cfb51a38d 100644 --- a/kernel/futex/syscalls.c +++ b/kernel/futex/syscalls.c @@ -190,6 +190,36 @@ SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val, /* Mask of available flags for each futex in futex_waitv list */ #define FUTEXV_WAITER_MASK (FUTEX_32 | FUTEX_PRIVATE_FLAG) +struct compat_futex_waitv { + __u64 val; + __u64 uaddr; + __u32 flags; + __u32 __reserved; +}; + +static int copy_futex_waitv_from_user(struct futex_waitv *aux, + const struct futex_waitv __user *uwaitv, + unsigned int i) +{ + if (IS_ENABLED(CONFIG_COMPAT64) && in_compat_syscall()) { + const struct compat_futex_waitv __user *compat_uwaitv = + (const struct compat_futex_waitv __user *)uwaitv; + struct compat_futex_waitv compat_aux; + + if (copy_from_user(&compat_aux, &compat_uwaitv[i], sizeof(compat_aux))) + return -EFAULT; + + aux->val = compat_aux.val; + aux->uaddr = (__kernel_uintptr_t)compat_ptr(compat_aux.uaddr); + aux->flags = compat_aux.flags; + aux->__reserved = compat_aux.__reserved; + + return 0; + } + + return copy_from_user_with_ptr(aux, &uwaitv[i], sizeof(*aux)); +} + /** * futex_parse_waitv - Parse a waitv array from userspace * @futexv: Kernel side list of waiters to be filled @@ -206,7 +236,7 @@ static int futex_parse_waitv(struct futex_vector *futexv, unsigned int i; for (i = 0; i < nr_futexes; i++) { - if (copy_from_user(&aux, &uwaitv[i], sizeof(aux))) + if (copy_futex_waitv_from_user(&aux, uwaitv, i)) return -EFAULT; if ((aux.flags & ~FUTEXV_WAITER_MASK) || aux.__reserved) diff --git a/kernel/futex/waitwake.c b/kernel/futex/waitwake.c index 1ab5640e7f84..d6b050356f81 100644 --- a/kernel/futex/waitwake.c +++ b/kernel/futex/waitwake.c @@ -422,7 +422,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo if ((vs[i].w.flags & FUTEX_PRIVATE_FLAG) && retry) continue; - ret = get_futex_key(u64_to_user_ptr(vs[i].w.uaddr), + ret = get_futex_key((u32 __user *)vs[i].w.uaddr, !(vs[i].w.flags & FUTEX_PRIVATE_FLAG), &vs[i].q.key, FUTEX_READ); @@ -433,7 +433,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE); for (i = 0; i < count; i++) { - u32 __user *uaddr = uaddr_to_user_ptr(vs[i].w.uaddr); + u32 __user *uaddr = (u32 __user *)vs[i].w.uaddr; struct futex_q *q = &vs[i].q; u32 val = (u32)vs[i].w.val; -- 2.34.1

2 years, 1 month

2
1
0 0

[PATCH v2] futex: Implement PCuABI for futex_waitv syscall

by Luca Vizzarro

PCuABI enablement entails providing support for userspace capability pointers which are 128-bit long instead of 64-bit. This commit implements the support for the futex_waitv syscall while maintaining the 64-bit compatibility. Signed-off-by: Luca Vizzarro <Luca.Vizzarro(a)arm.com> --- Hello! Sending in patch v2 for issue #48: https://git.morello-project.org/morello/kernel/linux/-/issues/48 Here you can find a branch with this patch: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/futex_wai… LTP fully passes. For the CI this fails only on the purecap tests since there has been a change in the linux headers. Therefore LTP would need to be recompiled against this for it to work. v2 changes: - fixes bug where the offset of the futex_waitv list was always dependent on the size of the purecap struct instead of adapting to the compat one accordingly. - fixes the pointer cast in compat appropriately. It was mistakenly using __kernel_uintcap_t instead of __kernel_uintptr_t. Best, Luca --- include/uapi/linux/futex.h | 2 +- kernel/futex/syscalls.c | 32 +++++++++++++++++++++++++++++++- kernel/futex/waitwake.c | 4 ++-- 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/futex.h b/include/uapi/linux/futex.h index 71a5df8d2689..93f701d89401 100644 --- a/include/uapi/linux/futex.h +++ b/include/uapi/linux/futex.h @@ -63,7 +63,7 @@ */ struct futex_waitv { __u64 val; - __u64 uaddr; + __kernel_uintptr_t uaddr; __u32 flags; __u32 __reserved; }; diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c index ad4ae797bb84..c2e4529083a3 100644 --- a/kernel/futex/syscalls.c +++ b/kernel/futex/syscalls.c @@ -190,6 +190,36 @@ SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val, /* Mask of available flags for each futex in futex_waitv list */ #define FUTEXV_WAITER_MASK (FUTEX_32 | FUTEX_PRIVATE_FLAG) +struct compat_futex_waitv { + __u64 val; + __u64 uaddr; + __u32 flags; + __u32 __reserved; +}; + +static int copy_futex_waitv_from_user(struct futex_waitv *aux, + const struct futex_waitv __user *uwaitv, + unsigned int i) +{ + if (IS_ENABLED(CONFIG_COMPAT64) && in_compat_syscall()) { + const struct compat_futex_waitv __user *compat_uwaitv = + (const struct compat_futex_waitv __user *)uwaitv; + struct compat_futex_waitv compat_aux; + + if (copy_from_user(&compat_aux, &compat_uwaitv[i], sizeof(compat_aux))) + return -EFAULT; + + aux->val = compat_aux.val; + aux->uaddr = (__kernel_uintptr_t)compat_ptr(compat_aux.uaddr); + aux->flags = compat_aux.flags; + aux->__reserved = compat_aux.__reserved; + + return 0; + } + + return copy_from_user(aux, &uwaitv[i], sizeof(*aux)); +} + /** * futex_parse_waitv - Parse a waitv array from userspace * @futexv: Kernel side list of waiters to be filled @@ -206,7 +236,7 @@ static int futex_parse_waitv(struct futex_vector *futexv, unsigned int i; for (i = 0; i < nr_futexes; i++) { - if (copy_from_user(&aux, &uwaitv[i], sizeof(aux))) + if (copy_futex_waitv_from_user(&aux, uwaitv, i)) return -EFAULT; if ((aux.flags & ~FUTEXV_WAITER_MASK) || aux.__reserved) diff --git a/kernel/futex/waitwake.c b/kernel/futex/waitwake.c index 1ab5640e7f84..d6b050356f81 100644 --- a/kernel/futex/waitwake.c +++ b/kernel/futex/waitwake.c @@ -422,7 +422,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo if ((vs[i].w.flags & FUTEX_PRIVATE_FLAG) && retry) continue; - ret = get_futex_key(u64_to_user_ptr(vs[i].w.uaddr), + ret = get_futex_key((u32 __user *)vs[i].w.uaddr, !(vs[i].w.flags & FUTEX_PRIVATE_FLAG), &vs[i].q.key, FUTEX_READ); @@ -433,7 +433,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE); for (i = 0; i < count; i++) { - u32 __user *uaddr = uaddr_to_user_ptr(vs[i].w.uaddr); + u32 __user *uaddr = (u32 __user *)vs[i].w.uaddr; struct futex_q *q = &vs[i].q; u32 val = (u32)vs[i].w.val; -- 2.34.1

2 years, 1 month

3
3
0 0

[PATCH] futex: Implement PCuABI for futex_waitv syscall

by Luca Vizzarro

PCuABI enablement entails providing support for userspace capability pointers which are 128-bit long instead of 64-bit. This commit implements the support for the futex_waitv syscall while maintaining the 64-bit compatibility. Signed-off-by: Luca Vizzarro <Luca.Vizzarro(a)arm.com> --- Hello! Submitting a patch resolving the following issue: https://git.morello-project.org/morello/kernel/linux/-/issues/48 You can find the commit on the following branch: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/futex_wai… Best, --- include/uapi/linux/futex.h | 2 +- kernel/futex/syscalls.c | 38 ++++++++++++++++++++++++++++++++++++-- kernel/futex/waitwake.c | 4 ++-- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/include/uapi/linux/futex.h b/include/uapi/linux/futex.h index 71a5df8d2689..93f701d89401 100644 --- a/include/uapi/linux/futex.h +++ b/include/uapi/linux/futex.h @@ -63,7 +63,7 @@ */ struct futex_waitv { __u64 val; - __u64 uaddr; + __kernel_uintptr_t uaddr; __u32 flags; __u32 __reserved; }; diff --git a/kernel/futex/syscalls.c b/kernel/futex/syscalls.c index ad4ae797bb84..6b389b16df16 100644 --- a/kernel/futex/syscalls.c +++ b/kernel/futex/syscalls.c @@ -190,6 +190,34 @@ SYSCALL_DEFINE6(futex, u32 __user *, uaddr, int, op, u32, val, /* Mask of available flags for each futex in futex_waitv list */ #define FUTEXV_WAITER_MASK (FUTEX_32 | FUTEX_PRIVATE_FLAG) +struct compat_futex_waitv { + __u64 val; + __u64 uaddr; + __u32 flags; + __u32 __reserved; +}; + +static int get_compat_futex_waitv(struct futex_waitv *waitv, + const struct futex_waitv __user *uwaitv) +{ + struct compat_futex_waitv compat_waitv; + + if (unlikely(copy_from_user(&compat_waitv, uwaitv, sizeof(compat_waitv)))) + return -EFAULT; + + waitv->val = compat_waitv.val; + waitv->uaddr = (__kernel_uintcap_t)compat_ptr(compat_waitv.uaddr); + waitv->flags = compat_waitv.flags; + waitv->__reserved = compat_waitv.__reserved; + + return 0; +} + +static inline bool in_compat64(void) +{ + return IS_ENABLED(CONFIG_COMPAT64) && in_compat_syscall(); +} + /** * futex_parse_waitv - Parse a waitv array from userspace * @futexv: Kernel side list of waiters to be filled @@ -204,10 +232,16 @@ static int futex_parse_waitv(struct futex_vector *futexv, { struct futex_waitv aux; unsigned int i; + bool compat = in_compat64(); for (i = 0; i < nr_futexes; i++) { - if (copy_from_user(&aux, &uwaitv[i], sizeof(aux))) - return -EFAULT; + if (compat) { + if (get_compat_futex_waitv(&aux, &uwaitv[i])) + return -EFAULT; + } else { + if (copy_from_user(&aux, &uwaitv[i], sizeof(aux))) + return -EFAULT; + } if ((aux.flags & ~FUTEXV_WAITER_MASK) || aux.__reserved) return -EINVAL; diff --git a/kernel/futex/waitwake.c b/kernel/futex/waitwake.c index 1ab5640e7f84..d6b050356f81 100644 --- a/kernel/futex/waitwake.c +++ b/kernel/futex/waitwake.c @@ -422,7 +422,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo if ((vs[i].w.flags & FUTEX_PRIVATE_FLAG) && retry) continue; - ret = get_futex_key(u64_to_user_ptr(vs[i].w.uaddr), + ret = get_futex_key((u32 __user *)vs[i].w.uaddr, !(vs[i].w.flags & FUTEX_PRIVATE_FLAG), &vs[i].q.key, FUTEX_READ); @@ -433,7 +433,7 @@ static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *wo set_current_state(TASK_INTERRUPTIBLE|TASK_FREEZABLE); for (i = 0; i < count; i++) { - u32 __user *uaddr = uaddr_to_user_ptr(vs[i].w.uaddr); + u32 __user *uaddr = (u32 __user *)vs[i].w.uaddr; struct futex_q *q = &vs[i].q; u32 val = (u32)vs[i].w.val; -- 2.34.1

2 years, 1 month

1
0
0 0

2025

2024

2023

2022

linux-morello