- linux-morello - op-lists.linaro.org

[PATCH V8 00/11] Add testcases for address space management syscalls

by Chaitanya S Prakash

Syscalls operating on memory mappings manage their address space via owning capabilities. They must adhere to a certain set of rules[1] in order to ensure memory safety. Address space management syscalls are only allowed to manipulate mappings that are within the range of the owning capability and have appropriate permissions. Tests to validate the capability's tag, bounds, range as well as permissions have been added. As certain flags and syscalls conflict with the reservation model or lack implementation, a check to verify appropriate handling of the same has also been added. Lastly, testcases to verify mmap/unmap of CHERI unreprentable address/length have been added. Review branch: https://git.morello-project.org/chaitanya_prakash/linux/-/tree/review/morel… This patch series has been tested on: https://git.morello-project.org/amitdaniel/linux/-/tree/review/purecap_mm_r… [1]https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure… Changes in V8: - Added co-developed by for patch 11. Changes in V7: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… - Modified the do-while loop used to generate unrepresentable address/length - Added tag validity check for test_cheri_representability() - Corrected representable_base such that the value is computed using address rather than the base - Updated commit messages Changes in V6: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… - Updated commit messages and in code comments as required. - Moved struct initial_data back to bootstrap.c - Defined __maybe_unused in freestanding.h - Defined a fixed address to be shared among the tests. - Modified negative madvise() test to make use of the common private mapping. - Renamed test_mmap_bounds_check and test_mremap_bounds_check testcases to test_check_mmap_reservation and test_check_mremap_reservation respectively. - Modified the do-while loop used to generate unrepresentable length/address. - Added checks to validate that the bounds and length of ptr1 and ptr2 are of cheri representable length and their base is aligned according to the alignment mask. - Added a test to ensure mmap(owning_cap,..., MAP_FIXED fails if the underlying reservation has been destroyed. Changes in V5: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… - Added representability testcase. - Removed global struct reg_data and called get_pagesize() with auxv passed in main(). - Removed VERIFY_ERRNO macro and made use of extended EXPECT_EQ - As helper functions have been removed, the inline attribute line is of no use and has been deleted. - Used a common mapping to avoid creating and destroying mappings repeatedly. - Removed positive testcases as they are not unique to PCuABI - Corrected the error code to reflect -ENOMEM instead of -ERESERVATION when mremap() tries to move a mapping without MREMAP_MAYMOVE flag - Reworded commit messages and restructured code. Changes in V4: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… -Corrected subject of cover letter Changes in V3: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… - Added get_pagesize() function and VERRIFY_ERRNO() macro - Added LoadCap and StoreCap permissions testcase - Added validity_tag_check testcases - Added reservation tests - Renamed variable "addr" to "ptr" to avoid confusion when manipulating both addresses and capabilities - Cleaned up syscall_mmap and syscall_mmap2 testcases - Restructured code into testcases that check tags, range, bounds and permissions - Improved range_check testcases - Improved commit messages - Removed helper functions, tests directly written in testcase functions - Removed signal handling and ddc register testcases Changes in V2: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… - Added link to the review branch - Removed unnecessary whitespace Changes in V1: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Amit Daniel Kachhap (1): kselftests/arm64: morello: mmap: Test unrepresentable addresses Chaitanya S Prakash (10): kselftests/arm64: morello: Create wrapper functions for frequently invoked syscalls kselftests/arm64: morello: Add get_pagesize() function kselftests/arm64: morello: mmap: Clean up existing testcases kselftests/arm64: morello: mmap: Add MAP_GROWSDOWN testcase kselftests/arm64: morello: mmap: Add validity tag check testcases kselftests/arm64: morello: mmap: Add capability range testcases kselftests/arm64: morello: mmap: Add mmap() reservation testcases kselftests/arm64: morello: mmap: Add mremap() reservation check testcases kselftests/arm64: morello: mmap: Add permission check testcases kselftests/arm64: morello: mmap: Add brk() testcase .../selftests/arm64/morello/bootstrap.c | 6 - .../selftests/arm64/morello/freestanding.c | 15 + .../selftests/arm64/morello/freestanding.h | 68 ++- tools/testing/selftests/arm64/morello/mmap.c | 552 +++++++++++++++++- 4 files changed, 603 insertions(+), 38 deletions(-) -- 2.34.1

4 months, 3 weeks

2
12
0 0

[PATCH v4 00/36] Reservations and PCuABI address space management

by Kevin Brodsky

Hi, This series adds reservation management and modifies the behaviour of address space management syscalls as per the PCuABI specification [1]. It also restricts the bounds and permissions of those initial capabilities that my previous series [2] couldn't take care of. The series is largely based on Amit's v3 series [3] plus this follow-up [4] (squashed in the corresponding patch), with various additions and tweaks. The most important (user-facing) changes are the following: * Owning capabilities are now always created based on the corresponding reservation's bounds and permissions, ensuring there is no mismatch (and simplifying mmap/mremap a little). * Capability/reservation permissions are now calculated based on VM_{READ,WRITE}_CAPS instead of PROT_SHARED/VM_SHARED. This fixes the io_uring case, where we do allow capabilities to be stored in a shared mapping. * A stack reservation is created, its size is controlled by a new cheri.max_stack_size sysctl as per the spec. The initial stack capabilities (CSP and AT_CHERI_STACK_CAP) are narrowed accordingly. * PCuABI restrictions are added to shmdt() too. * PROT_CAP_INVOKE is handled (adding BranchSealedPair). * mmap/mremap/shmat now ensure that no existing reservation is overwritten if a null-derived pointer is passed with MAP_FIXED (if the new reservation would overlap with any existing one, -ERESERVATION is returned). * The reservation lookup helper has been fixed to ensure that a reservation is found even if it starts before the targeted range. Here is a rough breakdown of the patches: * Patch 1: fixup for kselfests. * Patch 2-8: infrastructure, uapi additions * Patch 9-14: reservation management * Patch 15-22: capability handling in address space management syscalls * Patch 23-33: capability permissions handling * Patch 34: extra restriction for mmap() * Patch 35-36: restriction of initial capabilities Having made the appropriate fixes to LTP and Musl, the usual LTP and Musl tests are passing, as well as the Morello kselftests with Chaitanya's extra tests [5]. Special thanks to Amit for his original work as well as his detailed review of this updated series, and to Chaitanya for writing those extra kselftests, which proved very useful to catch mistakes early. Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/tree/morello/reservati… Thanks, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [2] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [3] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [4] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [5] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Amit Daniel Kachhap (25): uapi: errno.h: Introduce PCuABI memory reservation error linux/sched/coredump.h: Add MMF_PCUABI_RESERV mm flag linux/user_ptr.h: Add a typedef user_ptr_perms_t linux/user_ptr.h: Add user_ptr_is_valid, user_ptr_set_addr linux/user_ptr.h: Add helpers to manage owning pointers mm/reserv: Add address space reservation API mm/mmap: Handle reservations in get_unmapped_area mm/(mmap,mremap): Handle PCuABI reservations during VMA operations fs/binfmt_elf: Create appropriate reservations in PCuABI mm/mmap: Add PCuABI capability handling in mmap/munmap mm/mremap: Add PCuABI capability handling in mremap mm/mprotect: Add PCuABI capability handling in mprotect mm/madvise: Add PCuABI capability handling in madvise mm/mlock: Add PCuABI capability handling in mlock{,2} and munlock mm/msync: Add PCuABI capability handling in msync mm/mincore: Add PCuABI capability constraints ipc/shm: Add PCuABI capability handling in shmat/shmdt uapi: mman-common.h: Macros for maximum capability permissions arm64: user_ptr: Implement Morello capability permission helper linux/user_ptr.h: Infer capability permissions from prot/vm_flags in PCuABI mm/mmap: Add capability permission constraints for PCuABI mm/mremap: Add capability permission constraints for PCuABI mm/mprotect: Add capability permissions constraints for PCuABI mm/mmap: Disable MAP_GROWSDOWN mapping flag for PCuABI arm64: vdso: Create appropriate capability Kevin Brodsky (11): kselftests/arm64: morello: Fix expected permissions with MAP_SHARED linux/mm_types.h: Introduce reserv_struct fs/exec: Create a stack reservation in PCuABI arm64: vdso: Create appropriate reservation fs/binfmt_elf: Enable reservations fs/binfmt_elf: Set appropriate permissions for initial reservations arm64: morello: Ensure appropriate permissions for initial reservations uapi: mm: Introduce PROT_CAP_INVOKE arm64: user_ptr: Handle PROT_CAP_INVOKE fs/binfmt_elf: Create mappings with PROT_CAP_INVOKE fs/binfmt_elf: Restrict stack capability bounds Documentation/core-api/user_ptr.rst | 28 ++ arch/Kconfig | 3 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/elf.h | 9 +- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/include/asm/user_ptr.h | 37 +++ arch/arm64/kernel/morello.c | 16 + arch/arm64/kernel/vdso.c | 37 ++- fs/binfmt_elf.c | 63 ++-- fs/exec.c | 59 ++++ include/linux/mm.h | 15 +- include/linux/mm_reserv.h | 302 +++++++++++++++++++ include/linux/mm_types.h | 9 + include/linux/sched/coredump.h | 2 + include/linux/shm.h | 4 +- include/linux/user_ptr.h | 114 ++++++- include/uapi/asm-generic/errno.h | 2 + include/uapi/asm-generic/mman-common.h | 8 + io_uring/advise.c | 3 +- ipc/shm.c | 44 ++- kernel/fork.c | 3 + lib/user_ptr.c | 73 +++++ mm/Makefile | 1 + mm/damon/vaddr.c | 2 +- mm/internal.h | 2 +- mm/madvise.c | 26 +- mm/mincore.c | 54 +++- mm/mlock.c | 36 ++- mm/mmap.c | 182 +++++++++-- mm/mprotect.c | 25 +- mm/mremap.c | 96 ++++-- mm/msync.c | 12 +- mm/reserv.c | 181 +++++++++++ mm/util.c | 9 +- tools/testing/selftests/arm64/morello/mmap.c | 2 +- 35 files changed, 1312 insertions(+), 150 deletions(-) create mode 100644 arch/arm64/include/asm/user_ptr.h create mode 100644 include/linux/mm_reserv.h create mode 100644 mm/reserv.c -- 2.43.0

4 months, 3 weeks

1
37
0 0

[PATCH 00/15] Restriction of capabilities in initial environment

by Kevin Brodsky

Hi, This series implements the restriction of bounds and permissions of all capabilities provided to a new process. This includes registers (PCC, CSP, C1-C3), capabilities in the auxiliary vector and capabilities to strings in argv/envp (issue #19 [1]). To complete the alignment with the PCuABI specification, AT_BASE is restored as a simple address, DDC is nullified and CCTLR_EL0.SBL is set (issue #20 [2]). This series is composed of the following patches: * Patch 1-4 fix issues revealed by the restrictions made in the following patches, notably DDC being set to null. * Patch 5 adds a generic helper. * Patch 6-8 refactor the start_thread() machinery so that binfmt_elf provides all the capabilities to set the initial capability registers to. This allows to centralise all calculations in binfmt_elf, and guarantees that capabilities in registers and in the auxiliary vector are consistent. No functional change at this point (the capabilities remain unrestricted). * Patch 9-11 perform the actual restriction of capabilities, simultaneously in initial registers and the auxiliary vector. Patch 11 is a simplified version of Téo's patch [3], without ensuring bounds representability (see below). * Patch 12-15 take care of the remaining alignment with the spec (AT_BASE, DDC, CCTLR_EL0.SBL). With respect to the tightening of capability bounds, two important caveats should be noted: * In the absence of stack reservation (issue #21 [4]), the stack remains notionally unbounded, and so are the capabilities covering the entire stack (CSP, AT_CHERI_STACK_CAP). * No particular effort is made with respect to bounds representability. This means notably that capabilities to argv/envp strings may overlap, as well as capabilities to the argv/envp arrays. This is however very unlikely in practice (it would require very large strings or a very large number of arguments). Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/commits/morello/initia… Thanks, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/issues/19 [2] https://git.morello-project.org/morello/kernel/linux/-/issues/20 [3] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [4] https://git.morello-project.org/morello/kernel/linux/-/issues/21 Kevin Brodsky (15): arm64: barrier: Make arch_counter_enforce_ordering() purecap-friendly kselftests/arm64: morello: Process caprelocs using appropriate root caps kselftests/arm64: morello: Remove invalid assumptions about initial data kselftests/arm64: morello: Seal reconstructed function pointer linux/user_ptr.h: Introduce user_ptr_set_bounds fs/binfmt_elf: Add entry member to elf_load_info binfmt: Store initial user pointers in bprm in PCuABI arm64: Use bprm->pcuabi to set initial pointers in PCuABI fs/binfmt_elf: Restrict executable/interpreter capabilities fs/binfmt_elf: Restrict stack capabilities fs/binfmt_elf: Restrict string capabilities fs/binfmt_elf: Make AT_BASE an address again elf: Remove elf_uaddr_to_user_ptr() arm64: morello: Nullify DDC in PCuABI arm64: morello: Set CCTLR_EL0.SBL in PCuABI arch/arm64/include/asm/barrier.h | 13 + arch/arm64/include/asm/elf.h | 2 +- arch/arm64/include/asm/morello.h | 4 +- arch/arm64/include/asm/processor.h | 47 +-- arch/arm64/include/asm/sysreg.h | 2 + arch/arm64/kernel/morello.c | 44 ++- arch/arm64/kernel/process.c | 17 + fs/binfmt_elf.c | 306 ++++++++++++++---- fs/compat_binfmt_elf.c | 3 - include/linux/binfmts.h | 13 + include/linux/elf.h | 1 - include/linux/user_ptr.h | 22 ++ .../selftests/arm64/morello/bootstrap.c | 64 ++-- .../arm64/morello/freestanding_init_globals.c | 54 ++-- .../arm64/morello/freestanding_start.S | 4 +- 15 files changed, 417 insertions(+), 179 deletions(-) -- 2.43.0

5 months

2
17
0 0

[PATCH] arm64: morello: Zero out C reg in pt_regs_write_reg()

by Kevin Brodsky

As per the register merging principle set out in the Morello documentation [1], the kernel does not normally zero out the C register when writing to the corresponding X register. However, pt_regs_write_ptr_reg() is used in contexts such as instruction emulation, where the kernel emulates the effect of an instruction writing to an X register. Instructions writing to X registers are architecturally guaranteed to clear the C register (that is the upper 64 bits and tag); it is therefore preferable for pt_regs_write_reg() to behave in the same way. [1] Documentation/arch/arm64/morello.rst Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- arch/arm64/include/asm/ptrace.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/ptrace.h b/arch/arm64/include/asm/ptrace.h index 5d682f0ccd3f..c7fa869f9191 100644 --- a/arch/arm64/include/asm/ptrace.h +++ b/arch/arm64/include/asm/ptrace.h @@ -316,8 +316,12 @@ static inline unsigned long pt_regs_read_reg(const struct pt_regs *regs, int r) static inline void pt_regs_write_reg(struct pt_regs *regs, int r, unsigned long val) { - if (r != 31) + if (r != 31) { regs->regs[r] = val; +#ifdef CONFIG_ARM64_MORELLO + regs->cregs[r] = 0; +#endif + } } /* Valid only for Kernel mode traps. */ -- 2.43.0

5 months

1
1
0 0

[PATCH] arm64: ptrace: Preserve capability in tls_set()

by Kevin Brodsky

In PCuABI, ptrace(PTRACE_SETREGSET, REGSET_TLS) currently sets the capability thread pointer (CTPIDR) to a 64-bit value, zeroing any existing capability. This is unlikely to be the desired behaviour, and is inconsistent with the register merging principle, which the other ptrace operations obey. For instance, setting a new value for SP using ptrace(PTRACE_SETREGSET, REGSET_GPR) does not zero CSP, but instead sets its address to the provided value. Unlike other capability registers like CSP, CTPIDR is stored only as a capability (in tp_value). We therefore need to perform the X/C register merging manually. The corresponding function from morello.c is exposed in asm/morello.h for that purpose. Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- arch/arm64/include/asm/morello.h | 6 ++++++ arch/arm64/kernel/morello.c | 20 ++++++++++---------- arch/arm64/kernel/ptrace.c | 6 +++++- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/arch/arm64/include/asm/morello.h b/arch/arm64/include/asm/morello.h index da198622b35e..8281e1aaf37f 100644 --- a/arch/arm64/include/asm/morello.h +++ b/arch/arm64/include/asm/morello.h @@ -25,6 +25,12 @@ struct morello_state { void morello_cap_get_val_tag(uintcap_t cap, __uint128_t *val, u8 *tag); +/* + * Merge a 64-bit value into a capability (typically an X register into a C + * register). + */ +void morello_merge_cap_xval(uintcap_t *creg, u64 xreg); + /* * Builds a user capability from a 128-bit pattern + tag. The capability will * be derived from cheri_user_root_allperms_cap and the object type will be diff --git a/arch/arm64/kernel/morello.c b/arch/arm64/kernel/morello.c index 7e14ff42db68..6e18fdb22646 100644 --- a/arch/arm64/kernel/morello.c +++ b/arch/arm64/kernel/morello.c @@ -36,12 +36,6 @@ static void cap_lo_hi_tag(uintcap_t cap, u64 *lo_val, u64 *hi_val, *tag = cheri_tag_get(cap); } -static void merge_c_x(uintcap_t *creg, u64 xreg) -{ - if (cheri_address_get(*creg) != xreg) - *creg = cheri_address_set(*creg, xreg); -} - static bool cap_has_executive(uintcap_t cap) { return cheri_perms_get(cap) & ARM_CAP_PERMISSION_EXECUTIVE; @@ -71,6 +65,12 @@ void morello_cap_get_val_tag(uintcap_t cap, __uint128_t *val, u8 *tag) *tag = cheri_tag_get(cap); } +void morello_merge_cap_xval(uintcap_t *creg, u64 xreg) +{ + if (cheri_address_get(*creg) != xreg) + *creg = cheri_address_set(*creg, xreg); +} + uintcap_t morello_build_any_user_cap(const __uint128_t *val, u8 tag) { uintcap_t cap = *((uintcap_t *)val); @@ -194,7 +194,7 @@ void morello_task_restore_user_tls(struct task_struct *tsk, #ifdef CONFIG_CHERI_PURECAP_UABI *active_ctpidr = *tp_ptr; #else - merge_c_x(active_ctpidr, *tp_ptr); + morello_merge_cap_xval(active_ctpidr, *tp_ptr); #endif write_cap_sysreg(morello_state->ctpidr, ctpidr_el0); @@ -370,10 +370,10 @@ void morello_merge_cap_regs(struct pt_regs *regs) active_csp = &regs->rcsp; for (i = 0; i < ARRAY_SIZE(regs->cregs); i++) - merge_c_x(&regs->cregs[i], regs->regs[i]); + morello_merge_cap_xval(&regs->cregs[i], regs->regs[i]); - merge_c_x(active_csp, regs->sp); - merge_c_x(&regs->pcc, regs->pc); + morello_merge_cap_xval(active_csp, regs->sp); + morello_merge_cap_xval(&regs->pcc, regs->pc); } void morello_flush_cap_regs_to_64_regs(struct task_struct *tsk) diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c index c7c8e43eacbe..be1faed4908e 100644 --- a/arch/arm64/kernel/ptrace.c +++ b/arch/arm64/kernel/ptrace.c @@ -691,7 +691,11 @@ static int tls_set(struct task_struct *target, const struct user_regset *regset, if (ret) return ret; - target->thread.uw.tp_value = (user_uintptr_t)tls[0]; +#ifdef CONFIG_CHERI_PURECAP_UABI + morello_merge_cap_xval(&target->thread.uw.tp_value, tls[0]); +#else + target->thread.uw.tp_value = tls[0]; +#endif if (system_supports_tpidr2()) target->thread.tpidr2_el0 = tls[1]; -- 2.43.0

5 months

1
1
0 0

[PATCH] arm64: morello: Enable BINFMT_MISC in defconfig

by Kevin Brodsky

binfmt_misc is notably useful for qemu-user. To enable systemd to automatically mount the binfmt_misc filesystem using autofs, also select AUTOFS_FS (like the standard arm64 defconfig). Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- arch/arm64/configs/morello_transitional_pcuabi_defconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/configs/morello_transitional_pcuabi_defconfig b/arch/arm64/configs/morello_transitional_pcuabi_defconfig index 651371adb755..eb778c38abbe 100644 --- a/arch/arm64/configs/morello_transitional_pcuabi_defconfig +++ b/arch/arm64/configs/morello_transitional_pcuabi_defconfig @@ -55,6 +55,7 @@ CONFIG_CHERI_PURECAP_UABI=y CONFIG_MODULES=y CONFIG_MODULE_UNLOAD=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_BINFMT_MISC=y # CONFIG_COMPAT_BRK is not set CONFIG_MEMORY_FAILURE=y CONFIG_TRANSPARENT_HUGEPAGE=y @@ -144,6 +145,7 @@ CONFIG_EXT4_FS_SECURITY=y CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y CONFIG_QUOTA=y +CONFIG_AUTOFS_FS=y CONFIG_VFAT_FS=y CONFIG_PROC_KCORE=y CONFIG_TMPFS=y -- 2.43.0

5 months

1
1
0 0

[PATCH] mm/(cap_addr_mgmt,mmap) : Fix for mas_empty_area()

by Amit Daniel Kachhap

mas_empty_area() maple tree interface does not work properly and returns -EBUSY if there is no gap in the range. This commit explicitly scans the VMAs for the input range and checks if they are continuous or not. Note: reserv_vmi_range_mapped() can switch to the old method of using mas_empty_area() if this issue is resolved in core maple tree library. Fixes: ("mm/cap_addr_mgmt: Add capability reservation interfaces in VMA") Fixes: ("mm/mmap: Add reservation constraints in mmap/munmap parameters") Signed-off-by: Amit Daniel Kachhap <amitdaniel.kachhap(a)arm.com> --- mm/cap_addr_mgmt.c | 25 ++++++++++++++++--------- mm/mmap.c | 2 +- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/mm/cap_addr_mgmt.c b/mm/cap_addr_mgmt.c index 845e4a99556e..d58caed45edd 100644 --- a/mm/cap_addr_mgmt.c +++ b/mm/cap_addr_mgmt.c @@ -64,9 +64,10 @@ user_uintptr_t reserv_range_set_reserv(ptraddr_t start, size_t len, user_ptr_per int reserv_vmi_range_mapped(struct vma_iterator *vmi, ptraddr_t start, size_t len, bool locked) { - struct vm_area_struct *vma; + struct vm_area_struct *vma, *last_vma = NULL; struct mm_struct *mm = current->mm; int ret = -ENOMEM; + ptraddr_t end = start + len - 1; if (!reserv_is_supported(mm)) return 0; @@ -78,14 +79,20 @@ int reserv_vmi_range_mapped(struct vma_iterator *vmi, ptraddr_t start, len = round_up(len, PAGE_SIZE); vma_iter_set(vmi, start); /* Try walking the given range */ - vma = mas_find(&vmi->mas, start + len - 1); - if (!vma) - goto out; - - /* If the range is fully mapped then no gap exists */ - if (mas_empty_area(&vmi->mas, start, start + len - 1, 1)) - goto out; - ret = 0; + do { + vma = mas_find(&vmi->mas, end); + if (vma) { + /* The new and old vma should be continuous */ + if (last_vma && last_vma->vm_end != vma->vm_start) + goto out; + /* End range is within the vma so return success */ + if (end < vma->vm_end) { + ret = 0; + goto out; + } + last_vma = vma; + } + } while (vma); out: if (!locked) mmap_read_unlock(mm); diff --git a/mm/mmap.c b/mm/mmap.c index aef8a08d9a0d..776fc37e07ed 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1411,7 +1411,7 @@ int check_pcuabi_params(user_uintptr_t user_ptr, unsigned long len, return -ERESERVATION; if (!map_fixed) return ret; - if (!reserv_vmi_range_mapped(&vmi, addr, len, reserv_lock)) + if (reserv_vmi_range_mapped(&vmi, addr, len, reserv_lock)) return -ENOMEM; return 0; -- 2.25.1

5 months

1
0
0 0

[Announcement] Integration drop 1.8.0 - changelog

by Kevin Brodsky

Hi, The top of the master branch has been tagged [1] as part of the integration drop 1.8.0. Below is the changelog for kernel users, since the previous integration drop (1.7.0). --------- * [Issue #4] The BPF syscall interface has been adapted to operate on full capabilities, while retaining backwards-compatibility with existing arm64 binaries (via 64-bit compat). Please refer to include/uapi/linux/bpf.h [2] for a full list of modified uapi structs. * [Issue #5, #58] User-provided capabilities are now always checked when user memory is accessed (standard uaccess routines such as copy_from_user() now use capability-based loads and stores to perform the access). As a result, passing invalid capabilities to syscalls will typically lead to the syscall failing with -EFAULT. New Morello kselftests have been added to ensure that this capability checking occurs as expected. * The branch has been rebased on the 6.7 upstream release. The morello.rst document has moved under Documentation/arch/arm64 as a result, and a few uapi adaptations have been added for io_uring features that appeared upstream since 6.4. For more details, please refer to this email [3]. * Minor internal refactoring and cleanups related to 64-bit compat support. Contributions ------------- Kudos to everyone who has contributed to Morello Linux! Here are the contributors and number of patches since the previous integration drop: 21 Kevin Brodsky <kevin.brodsky(a)arm.com> 13 Zachary Leaf <zachary.leaf(a)arm.com> 1 Aditya Deshpande <aditya.deshpande(a)arm.com> 1 Akram Ahmad <Akram.Ahmad(a)arm.com> Special thanks are also extended to everyone who has assisted in reviewing these patches. Cheers, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/commits/morello-rele… [2] https://git.morello-project.org/morello/kernel/linux/-/blob/morello/master/… [3] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org…

5 months

1
0
0 0

[PATCH] drm: fix bug introduced in purecap handling of mode props

by carsten.haitzler＠foss.arm.com

From: Carsten Haitzler <carsten.haitzler(a)arm.com> In re-jigging the code I didn't return the new prop count but ketp the input prop count number. This fixes that. This make Xiorg start again. Signed-off-by: Carsten Haitzler <Carsten.Haitzler(a)arm.com> --- drivers/gpu/drm/drm_property.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c index 18435fc9df97..292ea8a4fa5f 100644 --- a/drivers/gpu/drm/drm_property.c +++ b/drivers/gpu/drm/drm_property.c @@ -513,6 +513,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, } } + count_values = value_count; copied = 0; if (drm_property_type_is(property, DRM_MODE_PROP_ENUM) || -- 2.25.1

5 months

3
2
0 0

[PATCH v3 00/25] Introduce mm reservation interface for PCuABI

by Amit Daniel Kachhap

Hi All, This patch series introduces the mm reservation interface to manage the owning capability of the allocated addresses. This series adds reservation details in the VMA structure and different capability/reservation constraint checks. Looking for feedback regarding API names, directory structure etc. Details about several rules implemented can be found in PCuABI spec here [1]. This series is based on tree [2]. Changes in this v3 as compared with v2(Based on suggestions from Kevin): 1) Implemented all suggestion from Kevin on V2 version. However, suggestion to use (unsigned long __user *) instead of user_uintptr_t was not done due to not much benefits and lack of time. 2) vm_mmap() now takes address as unsigned long instead of user_uintptr_t. 3) get_unmapped_area() now checks if address range falling within reservation in case of MAP_FIXED address. 4) New function check_pcuabi_params() added to check parameters sanity in mmap and mremap syscalls. 5) Several fixes and cleanups. 6) Patch 3, 24 and 25 are new patches. Testing: 1) All tests by Chaitanya in v8 selftests [3] passes. 2) Purecap/Compat Busybox boot passes after adding [WIP] patches present in [4]. The whole series can be found here [4]. [1]: https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [2]: https://git.morello-project.org/morello/kernel/linux morello/next [3]: https://git.morello-project.org/chaitanya_prakash/linux.git review/purecap_mmap_testcases_v8 [4]: https://git.morello-project.org/amitdaniel/linux.git review/purecap_mm_reservation_v3 Thanks, Amit Daniel Amit Daniel Kachhap (25): uapi: errno.h: Introduce PCuABI memory reservation error linux/sched/coredump.h: Add MMF_PCUABI_RESERV mm flag linux/user_ptr.h: Add a typedef user_ptr_perms_t mm/cap_addr_mgmt: Add capability reservation interfaces in VMA linux/user_ptr.h: Add two helpers to operate on user pointers lib/user_ptr: Add helpers to be used by mm syscalls mm/mmap: Modify get free unmapped address space management code mm/(mmap,mremap): Add PCuABI reservation during VMA operation mm/mmap: Add reservation constraints in mmap/munmap parameters mm/mremap: Add reservation constraints in mremap parameters mm/mprotect: Add the PCuABI reservation constraints mm/madvise: Add the PCuABI reservation constraints mm/mlock: Add the PCuABI reservation constraints mm/msync: Add the PCuABI reservation constraints mm/mmap: Disable MAP_GROWSDOWN mapping flag for PCuABI uapi: mman-common.h: Macros for maximum capability permissions lib/user_ptr: Add user pointer permission helpers for PCuABI arm64: user_ptr: Implement morello capability permission helpers mm/mmap: Add capability permission constraints for PCuABI mm/mremap: Add capability permission constraints for PCuABI mm/mprotect: Add capability permission constraints for PCuABI mm/mincore: Add PCuABI reservation/capability constraints fs/binfmt_elf: Add PCuABI reservation constraints ipc/shm: Add the PCuABI reservation constraints arm64: vDSO: Add appropriate capability bounds Documentation/core-api/user_ptr.rst | 28 +++ arch/Kconfig | 3 + arch/arm64/Kconfig | 1 + arch/arm64/include/asm/elf.h | 5 +- arch/arm64/include/asm/mmu.h | 2 +- arch/arm64/include/asm/user_ptr.h | 34 ++++ arch/arm64/kernel/signal.c | 2 +- arch/arm64/kernel/vdso.c | 29 +++- fs/binfmt_elf.c | 78 ++++++--- include/linux/cap_addr_mgmt.h | 227 +++++++++++++++++++++++++ include/linux/mm.h | 16 +- include/linux/mm_types.h | 9 + include/linux/sched/coredump.h | 2 + include/linux/shm.h | 4 +- include/linux/user_ptr.h | 101 +++++++++++ include/uapi/asm-generic/errno.h | 2 + include/uapi/asm-generic/mman-common.h | 6 + io_uring/advise.c | 2 +- ipc/shm.c | 27 +-- kernel/fork.c | 3 + lib/user_ptr.c | 74 ++++++++ mm/Makefile | 1 + mm/cap_addr_mgmt.c | 150 ++++++++++++++++ mm/damon/vaddr.c | 2 +- mm/internal.h | 2 +- mm/madvise.c | 27 ++- mm/mincore.c | 46 ++++- mm/mlock.c | 36 +++- mm/mmap.c | 188 +++++++++++++++++--- mm/mprotect.c | 26 ++- mm/mremap.c | 98 ++++++++--- mm/msync.c | 13 +- mm/util.c | 9 +- 33 files changed, 1119 insertions(+), 134 deletions(-) create mode 100644 arch/arm64/include/asm/user_ptr.h create mode 100644 include/linux/cap_addr_mgmt.h create mode 100644 mm/cap_addr_mgmt.c -- 2.25.1

5 months

2
33
0 0

2024

2023

2022

linux-morello