- linux-morello - op-lists.linaro.org

[PATCH] drm/compat: Fix types for compat to allow for non-32bit

by carsten.haitzler＠foss.arm.com

From: Carsten Haitzler <carsten.haitzler(a)foss.arm.com> DRM compat code totally assumes 32bit is compat. This is not always the case. This allows for compat to be defined universally to typedefed types like compat_ulong_t and so on. This converts some of the drm compat handling for ioctl's to use these types. Signed-off-by: Carsten Haitzler <Carsten.Haitzler(a)arm.com> --- drivers/gpu/drm/drm_ioc32.c | 209 ++++++++++++++++++------------------ include/drm/drm_ioctl.h | 2 +- 2 files changed, 106 insertions(+), 105 deletions(-) diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c index 5d82891c3222..13e7d25dcbae 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c @@ -38,21 +38,21 @@ #include "drm_internal.h" #include "drm_legacy.h" -#define DRM_IOCTL_VERSION32 DRM_IOWR(0x00, drm_version32_t) -#define DRM_IOCTL_GET_UNIQUE32 DRM_IOWR(0x01, drm_unique32_t) +#define DRM_IOCTL_VERSION_COMPAT DRM_IOWR(0x00, drm_version_compat_t) +#define DRM_IOCTL_GET_UNIQUE_COMPAT DRM_IOWR(0x01, drm_unique_compat_t) #define DRM_IOCTL_GET_MAP32 DRM_IOWR(0x04, drm_map32_t) -#define DRM_IOCTL_GET_CLIENT32 DRM_IOWR(0x05, drm_client32_t) -#define DRM_IOCTL_GET_STATS32 DRM_IOR( 0x06, drm_stats32_t) +#define DRM_IOCTL_GET_CLIENT_COMPAT DRM_IOWR(0x05, drm_client_compat_t) +#define DRM_IOCTL_GET_STATS_COMPAT DRM_IOR( 0x06, drm_stats_compat_t) -#define DRM_IOCTL_SET_UNIQUE32 DRM_IOW( 0x10, drm_unique32_t) -#define DRM_IOCTL_ADD_MAP32 DRM_IOWR(0x15, drm_map32_t) +#define DRM_IOCTL_SET_UNIQUE_COMPAT DRM_IOW( 0x10, drm_unique_compat_t) +#define DRM_IOCTL_ADD_MAP_COMPAT DRM_IOWR(0x15, drm_map_compat_t) #define DRM_IOCTL_ADD_BUFS32 DRM_IOWR(0x16, drm_buf_desc32_t) #define DRM_IOCTL_MARK_BUFS32 DRM_IOW( 0x17, drm_buf_desc32_t) #define DRM_IOCTL_INFO_BUFS32 DRM_IOWR(0x18, drm_buf_info32_t) #define DRM_IOCTL_MAP_BUFS32 DRM_IOWR(0x19, drm_buf_map32_t) #define DRM_IOCTL_FREE_BUFS32 DRM_IOW( 0x1a, drm_buf_free32_t) -#define DRM_IOCTL_RM_MAP32 DRM_IOW( 0x1b, drm_map32_t) +#define DRM_IOCTL_RM_MAP_COMPAT DRM_IOW( 0x1b, drm_map_compat_t) #define DRM_IOCTL_SET_SAREA_CTX32 DRM_IOW( 0x1c, drm_ctx_priv_map32_t) #define DRM_IOCTL_GET_SAREA_CTX32 DRM_IOWR(0x1d, drm_ctx_priv_map32_t) @@ -72,92 +72,92 @@ #define DRM_IOCTL_UPDATE_DRAW32 DRM_IOW( 0x3f, drm_update_draw32_t) -#define DRM_IOCTL_WAIT_VBLANK32 DRM_IOWR(0x3a, drm_wait_vblank32_t) +#define DRM_IOCTL_WAIT_VBLANK_COMPAT DRM_IOWR(0x3a, drm_wait_vblank_compat_t) #define DRM_IOCTL_MODE_ADDFB232 DRM_IOWR(0xb8, drm_mode_fb_cmd232_t) -typedef struct drm_version_32 { +typedef struct drm_version_compat { int version_major; /* Major version */ int version_minor; /* Minor version */ int version_patchlevel; /* Patch level */ - u32 name_len; /* Length of name buffer */ - u32 name; /* Name of driver */ - u32 date_len; /* Length of date buffer */ - u32 date; /* User-space buffer to hold date */ - u32 desc_len; /* Length of desc buffer */ - u32 desc; /* User-space buffer to hold desc */ -} drm_version32_t; + compat_size_t name_len; /* Length of name buffer */ + compat_uptr_t name; /* Name of driver */ + compat_size_t date_len; /* Length of date buffer */ + compat_uptr_t date; /* User-space buffer to hold date */ + compat_size_t desc_len; /* Length of desc buffer */ + compat_uptr_t desc; /* User-space buffer to hold desc */ +} drm_version_compat_t; static int compat_drm_version(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_version32_t v32; + drm_version_compat_t v_compat; struct drm_version v; int err; - if (copy_from_user(&v32, (void __user *)arg, sizeof(v32))) + if (copy_from_user(&v_compat, (void __user *)arg, sizeof(v_compat))) return -EFAULT; memset(&v, 0, sizeof(v)); v = (struct drm_version) { - .name_len = v32.name_len, - .name = compat_ptr(v32.name), - .date_len = v32.date_len, - .date = compat_ptr(v32.date), - .desc_len = v32.desc_len, - .desc = compat_ptr(v32.desc), + .name_len = v_compat.name_len, + .name = compat_ptr(v_compat.name), + .date_len = v_compat.date_len, + .date = compat_ptr(v_compat.date), + .desc_len = v_compat.desc_len, + .desc = compat_ptr(v_compat.desc), }; err = drm_ioctl_kernel(file, drm_version, &v, DRM_RENDER_ALLOW); if (err) return err; - v32.version_major = v.version_major; - v32.version_minor = v.version_minor; - v32.version_patchlevel = v.version_patchlevel; - v32.name_len = v.name_len; - v32.date_len = v.date_len; - v32.desc_len = v.desc_len; - if (copy_to_user((void __user *)arg, &v32, sizeof(v32))) + v_compat.version_major = v.version_major; + v_compat.version_minor = v.version_minor; + v_compat.version_patchlevel = v.version_patchlevel; + v_compat.name_len = v.name_len; + v_compat.date_len = v.date_len; + v_compat.desc_len = v.desc_len; + if (copy_to_user((void __user *)arg, &v_compat, sizeof(v_compat))) return -EFAULT; return 0; } -typedef struct drm_unique32 { - u32 unique_len; /* Length of unique */ - u32 unique; /* Unique name for driver instantiation */ -} drm_unique32_t; +typedef struct drm_unique_compat { + compat_size_t unique_len; /* Length of unique */ + compat_uptr_t unique; /* Unique name for driver instantiation */ +} drm_unique_compat_t; static int compat_drm_getunique(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_unique32_t uq32; + drm_unique_compat_t uq_compat; struct drm_unique uq; int err; - if (copy_from_user(&uq32, (void __user *)arg, sizeof(uq32))) + if (copy_from_user(&uq_compat, (void __user *)arg, sizeof(uq_compat))) return -EFAULT; memset(&uq, 0, sizeof(uq)); uq = (struct drm_unique){ - .unique_len = uq32.unique_len, - .unique = compat_ptr(uq32.unique), + .unique_len = uq_compat.unique_len, + .unique = compat_ptr(uq_compat.unique), }; err = drm_ioctl_kernel(file, drm_getunique, &uq, 0); if (err) return err; - uq32.unique_len = uq.unique_len; - if (copy_to_user((void __user *)arg, &uq32, sizeof(uq32))) + uq_compat.unique_len = uq.unique_len; + if (copy_to_user((void __user *)arg, &uq_compat, sizeof(uq_compat))) return -EFAULT; return 0; } static int compat_drm_setunique(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { /* it's dead */ return -EINVAL; @@ -167,14 +167,14 @@ static int compat_drm_setunique(struct file *file, unsigned int cmd, typedef struct drm_map32 { u32 offset; /* Requested physical address (0 for SAREA) */ u32 size; /* Requested physical size (bytes) */ - enum drm_map_type type; /* Type of memory to map */ + enum drm_map_type type; /* Type of memory to map */ enum drm_map_flags flags; /* Flags */ u32 handle; /* User-space: "Handle" to pass to mmap() */ - int mtrr; /* MTRR slot used */ + int mtrr; /* MTRR slot used */ } drm_map32_t; static int compat_drm_getmap(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { drm_map32_t __user *argp = (void __user *)arg; drm_map32_t m32; @@ -193,7 +193,7 @@ static int compat_drm_getmap(struct file *file, unsigned int cmd, m32.size = map.size; m32.type = map.type; m32.flags = map.flags; - m32.handle = ptr_to_compat((void __user *)map.handle); + m32.handle = ptr_to32((void __user *)map.handle); m32.mtrr = map.mtrr; if (copy_to_user(argp, &m32, sizeof(m32))) return -EFAULT; @@ -202,7 +202,7 @@ static int compat_drm_getmap(struct file *file, unsigned int cmd, } static int compat_drm_addmap(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { drm_map32_t __user *argp = (void __user *)arg; drm_map32_t m32; @@ -224,7 +224,7 @@ static int compat_drm_addmap(struct file *file, unsigned int cmd, m32.offset = map.offset; m32.mtrr = map.mtrr; - m32.handle = ptr_to_compat((void __user *)map.handle); + m32.handle = ptr_to32((void __user *)map.handle); if (map.handle != compat_ptr(m32.handle)) pr_err_ratelimited("compat_drm_addmap truncated handle %p for type %d offset %x\n", map.handle, m32.type, m32.offset); @@ -236,11 +236,11 @@ static int compat_drm_addmap(struct file *file, unsigned int cmd, } static int compat_drm_rmmap(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { drm_map32_t __user *argp = (void __user *)arg; struct drm_map map; - u32 handle; + compat_uptr_t handle; if (get_user(handle, &argp->handle)) return -EFAULT; @@ -249,61 +249,61 @@ static int compat_drm_rmmap(struct file *file, unsigned int cmd, } #endif -typedef struct drm_client32 { - int idx; /* Which client desired? */ - int auth; /* Is client authenticated? */ - u32 pid; /* Process ID */ - u32 uid; /* User ID */ - u32 magic; /* Magic */ - u32 iocs; /* Ioctl count */ -} drm_client32_t; +typedef struct drm_client_compat { + int idx; /* Which client desired? */ + int auth; /* Is client authenticated? */ + compat_ulong_t pid; /* Process ID */ + compat_ulong_t uid; /* User ID */ + compat_ulong_t magic; /* Magic */ + compat_ulong_t iocs; /* Ioctl count */ +} drm_client_compat_t; static int compat_drm_getclient(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_client32_t c32; - drm_client32_t __user *argp = (void __user *)arg; + drm_client_compat_t c_compat; + drm_client_compat_t __user *argp = (void __user *)arg; struct drm_client client; int err; - if (copy_from_user(&c32, argp, sizeof(c32))) + if (copy_from_user(&c_compat, argp, sizeof(c_compat))) return -EFAULT; memset(&client, 0, sizeof(client)); - client.idx = c32.idx; + client.idx = c_compat.idx; err = drm_ioctl_kernel(file, drm_getclient, &client, 0); if (err) return err; - c32.idx = client.idx; - c32.auth = client.auth; - c32.pid = client.pid; - c32.uid = client.uid; - c32.magic = client.magic; - c32.iocs = client.iocs; + c_compat.idx = client.idx; + c_compat.auth = client.auth; + c_compat.pid = client.pid; + c_compat.uid = client.uid; + c_compat.magic = client.magic; + c_compat.iocs = client.iocs; - if (copy_to_user(argp, &c32, sizeof(c32))) + if (copy_to_user(argp, &c_compat, sizeof(c_compat))) return -EFAULT; return 0; } -typedef struct drm_stats32 { - u32 count; +typedef struct drm_stats_compat { + compat_ulong_t count; struct { - u32 value; + compat_ulong_t value; enum drm_stat_type type; } data[15]; -} drm_stats32_t; +} drm_stats_compat_t; static int compat_drm_getstats(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_stats32_t __user *argp = (void __user *)arg; + drm_stats_compat_t __user *argp = (void __user *)arg; /* getstats is defunct, just clear */ - if (clear_user(argp, sizeof(drm_stats32_t))) + if (clear_user(argp, sizeof(drm_stats_compat_t))) return -EFAULT; return 0; } @@ -820,47 +820,47 @@ static int compat_drm_update_draw(struct file *file, unsigned int cmd, } #endif -struct drm_wait_vblank_request32 { +struct drm_wait_vblank_request_compat { enum drm_vblank_seq_type type; unsigned int sequence; - u32 signal; + compat_ulong_t signal; }; -struct drm_wait_vblank_reply32 { +struct drm_wait_vblank_reply_compat { enum drm_vblank_seq_type type; unsigned int sequence; s32 tval_sec; s32 tval_usec; }; -typedef union drm_wait_vblank32 { - struct drm_wait_vblank_request32 request; - struct drm_wait_vblank_reply32 reply; -} drm_wait_vblank32_t; +typedef union drm_wait_vblank_compat { + struct drm_wait_vblank_request_compat request; + struct drm_wait_vblank_reply_compat reply; +} drm_wait_vblank_compat_t; static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_wait_vblank32_t __user *argp = (void __user *)arg; - drm_wait_vblank32_t req32; + drm_wait_vblank_compat_t __user *argp = (void __user *)arg; + drm_wait_vblank_compat_t req_compat; union drm_wait_vblank req; int err; - if (copy_from_user(&req32, argp, sizeof(req32))) + if (copy_from_user(&req_compat, argp, sizeof(req_compat))) return -EFAULT; memset(&req, 0, sizeof(req)); - req.request.type = req32.request.type; - req.request.sequence = req32.request.sequence; - req.request.signal = req32.request.signal; + req.request.type = req_compat.request.type; + req.request.sequence = req_compat.request.sequence; + req.request.signal = req_compat.request.signal; err = drm_ioctl_kernel(file, drm_wait_vblank_ioctl, &req, DRM_UNLOCKED); - req32.reply.type = req.reply.type; - req32.reply.sequence = req.reply.sequence; - req32.reply.tval_sec = req.reply.tval_sec; - req32.reply.tval_usec = req.reply.tval_usec; - if (copy_to_user(argp, &req32, sizeof(req32))) + req_compat.reply.type = req.reply.type; + req_compat.reply.sequence = req.reply.sequence; + req_compat.reply.tval_sec = req.reply.tval_sec; + req_compat.reply.tval_usec = req.reply.tval_usec; + if (copy_to_user(argp, &req_compat, sizeof(req_compat))) return -EFAULT; return err; @@ -911,15 +911,16 @@ static struct { drm_ioctl_compat_t *fn; char *name; } drm_compat_ioctls[] = { +#define DRM_IOCTL_COMPAT_DEF(n, f) [DRM_IOCTL_NR(n##_COMPAT)] = {.fn = f, .name = #n} #define DRM_IOCTL32_DEF(n, f) [DRM_IOCTL_NR(n##32)] = {.fn = f, .name = #n} - DRM_IOCTL32_DEF(DRM_IOCTL_VERSION, compat_drm_version), - DRM_IOCTL32_DEF(DRM_IOCTL_GET_UNIQUE, compat_drm_getunique), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_VERSION, compat_drm_version), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_UNIQUE, compat_drm_getunique), #if IS_ENABLED(CONFIG_DRM_LEGACY) DRM_IOCTL32_DEF(DRM_IOCTL_GET_MAP, compat_drm_getmap), #endif - DRM_IOCTL32_DEF(DRM_IOCTL_GET_CLIENT, compat_drm_getclient), - DRM_IOCTL32_DEF(DRM_IOCTL_GET_STATS, compat_drm_getstats), - DRM_IOCTL32_DEF(DRM_IOCTL_SET_UNIQUE, compat_drm_setunique), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_CLIENT, compat_drm_getclient), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_STATS, compat_drm_getstats), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_SET_UNIQUE, compat_drm_setunique), #if IS_ENABLED(CONFIG_DRM_LEGACY) DRM_IOCTL32_DEF(DRM_IOCTL_ADD_MAP, compat_drm_addmap), DRM_IOCTL32_DEF(DRM_IOCTL_ADD_BUFS, compat_drm_addbufs), @@ -948,7 +949,7 @@ static struct { #if defined(CONFIG_X86) || defined(CONFIG_IA64) DRM_IOCTL32_DEF(DRM_IOCTL_UPDATE_DRAW, compat_drm_update_draw), #endif - DRM_IOCTL32_DEF(DRM_IOCTL_WAIT_VBLANK, compat_drm_wait_vblank), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_WAIT_VBLANK, compat_drm_wait_vblank), #if defined(CONFIG_X86) || defined(CONFIG_IA64) DRM_IOCTL32_DEF(DRM_IOCTL_MODE_ADDFB2, compat_drm_mode_addfb2), #endif diff --git a/include/drm/drm_ioctl.h b/include/drm/drm_ioctl.h index 26d5c31aefa9..a7fd12d09268 100644 --- a/include/drm/drm_ioctl.h +++ b/include/drm/drm_ioctl.h @@ -65,7 +65,7 @@ typedef int drm_ioctl_t(struct drm_device *dev, void *data, * structures and hence never need this. */ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, - unsigned long arg); + user_uintptr_t arg); #define DRM_IOCTL_NR(n) _IOC_NR(n) #define DRM_IOCTL_TYPE(n) _IOC_TYPE(n) -- 2.25.1

2 years, 8 months

3
4
0 0

[PATCH v2 00/15] New CHERI API and separation of root capabilities

by Kevin Brodsky

Hi, This series is a follow-up to the RFC "New CHERI API and rehauled user_ptr.h", with a slightly different scope to make it more self-contained. There are two main focuses for this series: 1. Introducing linux/cheri.h. There is no fundamental change compared to v1 here. 2. Deriving all capabilities from an appropriate userspace root capability (cheri_user_root_*) instead of morello_root_cap. v1 started this by reimplementing uaddr_to_user_ptr*, this series finishes up the work. The focus of v1, adding generic functions to linux/user_ptr.h, has been dropped and will reappear in a separate series. Some more details on the choice of root capabilities (see the comment in patch 5 regarding cheri_user_root_*): * In purecap, the PCuABI spec gives us good guidance on which root capability we should use where. Namely: - cheri_user_root_cap for almost all capabilities. The permissions correspond to the maximum permissions obtainable via mmap(). As we progress through the second phase, the bounds/permissions of capabilities derived from this root will be restricted as specified, and DDC will be set to null. - cheri_user_root_{seal,cid}_cap for the AT_CHERI_{SEAL,CID}_CAP. These capabilities exist precisely because their permissions (Seal/Unseal/CompartmentID) are not provided in regular capabilities (derived from cheri_user_root_cap). - cheri_user_root_all_cap for capabilities created via (privileged) ptrace. See patch 13 for some details on this. * In hybrid, the de facto ABI is what Documentation/arm64/morello.rst says. As there is no mechanism to obtain special permissions, all capabilities are derived from cheri_user_root_all_cap. The documentation is updated accordingly. This series introduces functional changes by restricting the bounds/permissions of all userspace capabilities, but these restrictions should not affect any valid use-case. More specifically: * In purecap, the bounds of all capabilities are restricted to the user address space. See above for details on permissions. * In hybrid, the bounds of capabilities are also restricted to the user address space. All relevant permissions remain available. CSP is no longer initialised to a valid capability, as this is neither required nor documented. More detailed changelog below. v1..v2: * Addressing review comments: - Reformatted the function documentation to make kernel-doc -v (mostly) happy. - Added some comment clarifying what CHERI_PERM_SW_VMEM is about. - Renamed ARCH_HAS_CHERI_H to HAVE_ARCH_CHERI_H. - Renamed cheri_root*_cap_userspace to cheri_user_root_*cap and added some description of each. - Renamed cheri_check_cap_data_access() to cheri_check_cap(). * New patches: - Derive compat_ptr() from cheri_user_root_all_cap (deriving from DDC proved more complicated than expected, created a ticket for that [1]) - Derive AT_CHERI_{SEAL,CID}_CAP from cheri_user_root_{seal,cid}_cap - Initialisation of capability registers from cheri_user_root_* (with a clear separation between purecap and hybrid) - Capabilities created via (privileged) ptrace now derived from cheri_user_root_all_cap - Remove morello_root_cap (no longer used) - Update documentation to reflect cheri_user_root_all_cap being the new root capability in hybrid * Other changes: - As per a recent update to the PCuABI spec, the BranchSealedPair is no longer part of the rootcap permission set. It is still needed in certain user capabilities, so moved it from CHERI_PERMS_ROOTCAP to explicit addition to cheri_user_root_cap in morello.c. - Added cheri_user_root_all_cap, the "root of roots" with all permissions. cheri_user_root_cid_cap is now derived from it too, so its bounds are not the whole address space any more. - Patch 8/9 (new functions in user_ptr.h) dropped. - Rebased on next. Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/commits/cheri_ptr_api_… Thanks, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/issues/40 Kevin Brodsky (15): pps: Add missing #include linux/user_ptr.h: Remove kaddr_to_user_ptr() linux/user_ptr.h: Improve comment formatting arm64: uapi: Add asm/cheri.h linux/cheri.h: Introduce CHERI helpers arm64: morello: Implement cheri.h fs/binfmt_elf: Use appropriate caps for AT_CHERI_{SEAL,CID}_CAP arm64: compat: Use appropriate root cap in compat_ptr() in PCuABI linux/user_ptr.h: Generic PCuABI impl for uaddr_to_user_ptr* arm64: Remove asm/user_ptr.h arm64: morello: Initialise user capabilities from cheri_user_root_* arm64: morello: Initialise user DDC from cheri_user_root_* arm64: morello: Build arbitrary user caps using appropriate root arm64: morello: Remove morello_root_cap arm64: morello: Update root capability in documentation Documentation/arm64/morello.rst | 23 +++-- Documentation/core-api/user_ptr.rst | 8 -- arch/Kconfig | 2 +- arch/arm64/Kconfig | 2 +- arch/arm64/include/asm/cheri.h | 11 +++ arch/arm64/include/asm/compat.h | 9 +- arch/arm64/include/asm/morello.h | 12 ++- arch/arm64/include/asm/user_ptr.h | 43 --------- arch/arm64/include/uapi/asm/cheri.h | 11 +++ arch/arm64/kernel/morello.c | 143 +++++++++++++++++----------- arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/ptrace.c | 2 +- arch/arm64/lib/morello.S | 17 ++-- drivers/pps/pps.c | 1 + fs/binfmt_elf.c | 10 +- include/linux/cheri.h | 132 +++++++++++++++++++++++++ include/linux/user_ptr.h | 69 ++++++-------- lib/Makefile | 3 + lib/cheri.c | 72 ++++++++++++++ lib/user_ptr.c | 26 +++++ 20 files changed, 413 insertions(+), 185 deletions(-) create mode 100644 arch/arm64/include/asm/cheri.h delete mode 100644 arch/arm64/include/asm/user_ptr.h create mode 100644 arch/arm64/include/uapi/asm/cheri.h create mode 100644 include/linux/cheri.h create mode 100644 lib/cheri.c create mode 100644 lib/user_ptr.c -- 2.38.1

2 years, 8 months

3
39
0 0

[PATCH v2] drm/compat: Fix types for compat to allow for non-32bit

by carsten.haitzler＠foss.arm.com

From: Carsten Haitzler <carsten.haitzler(a)arm.com> DRM compat code totally assumes compat is 32bit. This is not always the case. This allows for compat to be defined universally to typedefed types like compat_ulong_t and so on. This converts some of the drm compat handling for ioctl's to use these types. Signed-off-by: Carsten Haitzler <Carsten.Haitzler(a)arm.com> --- drivers/gpu/drm/drm_ioc32.c | 194 ++++++++++++++++++------------------ include/drm/drm_ioctl.h | 2 +- 2 files changed, 99 insertions(+), 97 deletions(-) diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c index 5d82891c3222..4ec89b0985e8 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c @@ -38,21 +38,21 @@ #include "drm_internal.h" #include "drm_legacy.h" -#define DRM_IOCTL_VERSION32 DRM_IOWR(0x00, drm_version32_t) -#define DRM_IOCTL_GET_UNIQUE32 DRM_IOWR(0x01, drm_unique32_t) +#define DRM_IOCTL_VERSION_COMPAT DRM_IOWR(0x00, drm_version_compat_t) +#define DRM_IOCTL_GET_UNIQUE_COMPAT DRM_IOWR(0x01, drm_unique_compat_t) #define DRM_IOCTL_GET_MAP32 DRM_IOWR(0x04, drm_map32_t) -#define DRM_IOCTL_GET_CLIENT32 DRM_IOWR(0x05, drm_client32_t) -#define DRM_IOCTL_GET_STATS32 DRM_IOR( 0x06, drm_stats32_t) +#define DRM_IOCTL_GET_CLIENT_COMPAT DRM_IOWR(0x05, drm_client_compat_t) +#define DRM_IOCTL_GET_STATS_COMPAT DRM_IOR( 0x06, drm_stats_compat_t) -#define DRM_IOCTL_SET_UNIQUE32 DRM_IOW( 0x10, drm_unique32_t) -#define DRM_IOCTL_ADD_MAP32 DRM_IOWR(0x15, drm_map32_t) +#define DRM_IOCTL_SET_UNIQUE_COMPAT DRM_IOW( 0x10, drm_unique_compat_t) +#define DRM_IOCTL_ADD_MAP_COMPAT DRM_IOWR(0x15, drm_map_compat_t) #define DRM_IOCTL_ADD_BUFS32 DRM_IOWR(0x16, drm_buf_desc32_t) #define DRM_IOCTL_MARK_BUFS32 DRM_IOW( 0x17, drm_buf_desc32_t) #define DRM_IOCTL_INFO_BUFS32 DRM_IOWR(0x18, drm_buf_info32_t) #define DRM_IOCTL_MAP_BUFS32 DRM_IOWR(0x19, drm_buf_map32_t) #define DRM_IOCTL_FREE_BUFS32 DRM_IOW( 0x1a, drm_buf_free32_t) -#define DRM_IOCTL_RM_MAP32 DRM_IOW( 0x1b, drm_map32_t) +#define DRM_IOCTL_RM_MAP_COMPAT DRM_IOW( 0x1b, drm_map_compat_t) #define DRM_IOCTL_SET_SAREA_CTX32 DRM_IOW( 0x1c, drm_ctx_priv_map32_t) #define DRM_IOCTL_GET_SAREA_CTX32 DRM_IOWR(0x1d, drm_ctx_priv_map32_t) @@ -72,92 +72,93 @@ #define DRM_IOCTL_UPDATE_DRAW32 DRM_IOW( 0x3f, drm_update_draw32_t) -#define DRM_IOCTL_WAIT_VBLANK32 DRM_IOWR(0x3a, drm_wait_vblank32_t) +#define DRM_IOCTL_WAIT_VBLANK_COMPAT DRM_IOWR(0x3a, drm_wait_vblank_compat_t) #define DRM_IOCTL_MODE_ADDFB232 DRM_IOWR(0xb8, drm_mode_fb_cmd232_t) -typedef struct drm_version_32 { +typedef struct drm_version_compat { int version_major; /* Major version */ int version_minor; /* Minor version */ int version_patchlevel; /* Patch level */ - u32 name_len; /* Length of name buffer */ - u32 name; /* Name of driver */ - u32 date_len; /* Length of date buffer */ - u32 date; /* User-space buffer to hold date */ - u32 desc_len; /* Length of desc buffer */ - u32 desc; /* User-space buffer to hold desc */ -} drm_version32_t; + compat_size_t name_len; /* Length of name buffer */ + compat_uptr_t name; /* Name of driver */ + compat_size_t date_len; /* Length of date buffer */ + compat_uptr_t date; /* User-space buffer to hold date */ + compat_size_t desc_len; /* Length of desc buffer */ + compat_uptr_t desc; /* User-space buffer to hold desc */ +} drm_version_compat_t; static int compat_drm_version(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_version32_t v32; + drm_version_compat_t v_compat; struct drm_version v; int err; - if (copy_from_user(&v32, (void __user *)arg, sizeof(v32))) + if (copy_from_user(&v_compat, (void __user *)arg, sizeof(v_compat))) return -EFAULT; memset(&v, 0, sizeof(v)); v = (struct drm_version) { - .name_len = v32.name_len, - .name = compat_ptr(v32.name), - .date_len = v32.date_len, - .date = compat_ptr(v32.date), - .desc_len = v32.desc_len, - .desc = compat_ptr(v32.desc), + .name_len = v_compat.name_len, + .name = compat_ptr(v_compat.name), + .date_len = v_compat.date_len, + .date = compat_ptr(v_compat.date), + .desc_len = v_compat.desc_len, + .desc = compat_ptr(v_compat.desc), }; err = drm_ioctl_kernel(file, drm_version, &v, DRM_RENDER_ALLOW); if (err) return err; - v32.version_major = v.version_major; - v32.version_minor = v.version_minor; - v32.version_patchlevel = v.version_patchlevel; - v32.name_len = v.name_len; - v32.date_len = v.date_len; - v32.desc_len = v.desc_len; - if (copy_to_user((void __user *)arg, &v32, sizeof(v32))) + v_compat.version_major = v.version_major; + v_compat.version_minor = v.version_minor; + v_compat.version_patchlevel = v.version_patchlevel; + v_compat.name_len = v.name_len; + v_compat.date_len = v.date_len; + v_compat.desc_len = v.desc_len; + if (copy_to_user((void __user *)arg, &v_compat, sizeof(v_compat))) return -EFAULT; return 0; } -typedef struct drm_unique32 { - u32 unique_len; /* Length of unique */ - u32 unique; /* Unique name for driver instantiation */ -} drm_unique32_t; +typedef struct drm_unique_compat { + compat_size_t unique_len; /* Length of unique */ + compat_uptr_t unique; /* Unique name for driver instantiation */ +} drm_unique_compat_t; static int compat_drm_getunique(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_unique32_t uq32; + drm_unique_compat_t uq_compat; struct drm_unique uq; int err; + void __user *argp = compat_ptr(arg); - if (copy_from_user(&uq32, (void __user *)arg, sizeof(uq32))) + if (copy_from_user(&uq_compat, argp, sizeof(uq_compat))) return -EFAULT; memset(&uq, 0, sizeof(uq)); uq = (struct drm_unique){ - .unique_len = uq32.unique_len, - .unique = compat_ptr(uq32.unique), + .unique_len = uq_compat.unique_len, + .unique = compat_ptr(uq_compat.unique), }; err = drm_ioctl_kernel(file, drm_getunique, &uq, 0); if (err) return err; - uq32.unique_len = uq.unique_len; - if (copy_to_user((void __user *)arg, &uq32, sizeof(uq32))) + uq_compat.unique_len = uq.unique_len; + if (copy_to_user((void __user *)arg, &uq_compat, sizeof(uq_compat))) return -EFAULT; return 0; } static int compat_drm_setunique(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { /* it's dead */ return -EINVAL; @@ -249,61 +250,61 @@ static int compat_drm_rmmap(struct file *file, unsigned int cmd, } #endif -typedef struct drm_client32 { - int idx; /* Which client desired? */ - int auth; /* Is client authenticated? */ - u32 pid; /* Process ID */ - u32 uid; /* User ID */ - u32 magic; /* Magic */ - u32 iocs; /* Ioctl count */ -} drm_client32_t; +typedef struct drm_client_compat { + int idx; /* Which client desired? */ + int auth; /* Is client authenticated? */ + compat_ulong_t pid; /* Process ID */ + compat_ulong_t uid; /* User ID */ + compat_ulong_t magic; /* Magic */ + compat_ulong_t iocs; /* Ioctl count */ +} drm_client_compat_t; static int compat_drm_getclient(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_client32_t c32; - drm_client32_t __user *argp = (void __user *)arg; + drm_client_compat_t c_compat; + drm_client_compat_t __user *argp = compat_ptr(arg); struct drm_client client; int err; - if (copy_from_user(&c32, argp, sizeof(c32))) + if (copy_from_user(&c_compat, argp, sizeof(c_compat))) return -EFAULT; memset(&client, 0, sizeof(client)); - client.idx = c32.idx; + client.idx = c_compat.idx; err = drm_ioctl_kernel(file, drm_getclient, &client, 0); if (err) return err; - c32.idx = client.idx; - c32.auth = client.auth; - c32.pid = client.pid; - c32.uid = client.uid; - c32.magic = client.magic; - c32.iocs = client.iocs; + c_compat.idx = client.idx; + c_compat.auth = client.auth; + c_compat.pid = client.pid; + c_compat.uid = client.uid; + c_compat.magic = client.magic; + c_compat.iocs = client.iocs; - if (copy_to_user(argp, &c32, sizeof(c32))) + if (copy_to_user(argp, &c_compat, sizeof(c_compat))) return -EFAULT; return 0; } -typedef struct drm_stats32 { - u32 count; +typedef struct drm_stats_compat { + compat_ulong_t count; struct { - u32 value; + compat_ulong_t value; enum drm_stat_type type; } data[15]; -} drm_stats32_t; +} drm_stats_compat_t; static int compat_drm_getstats(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_stats32_t __user *argp = (void __user *)arg; + drm_stats_compat_t __user *argp = compat_ptr(arg); /* getstats is defunct, just clear */ - if (clear_user(argp, sizeof(drm_stats32_t))) + if (clear_user(argp, sizeof(drm_stats_compat_t))) return -EFAULT; return 0; } @@ -820,47 +821,47 @@ static int compat_drm_update_draw(struct file *file, unsigned int cmd, } #endif -struct drm_wait_vblank_request32 { +struct drm_wait_vblank_request_compat { enum drm_vblank_seq_type type; unsigned int sequence; - u32 signal; + compat_ulong_t signal; }; -struct drm_wait_vblank_reply32 { +struct drm_wait_vblank_reply_compat { enum drm_vblank_seq_type type; unsigned int sequence; s32 tval_sec; s32 tval_usec; }; -typedef union drm_wait_vblank32 { - struct drm_wait_vblank_request32 request; - struct drm_wait_vblank_reply32 reply; -} drm_wait_vblank32_t; +typedef union drm_wait_vblank_compat { + struct drm_wait_vblank_request_compat request; + struct drm_wait_vblank_reply_compat reply; +} drm_wait_vblank_compat_t; static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, - unsigned long arg) + user_uintptr_t arg) { - drm_wait_vblank32_t __user *argp = (void __user *)arg; - drm_wait_vblank32_t req32; + drm_wait_vblank_compat_t __user *argp = (void __user *)arg; + drm_wait_vblank_compat_t req_compat; union drm_wait_vblank req; int err; - if (copy_from_user(&req32, argp, sizeof(req32))) + if (copy_from_user(&req_compat, argp, sizeof(req_compat))) return -EFAULT; memset(&req, 0, sizeof(req)); - req.request.type = req32.request.type; - req.request.sequence = req32.request.sequence; - req.request.signal = req32.request.signal; + req.request.type = req_compat.request.type; + req.request.sequence = req_compat.request.sequence; + req.request.signal = req_compat.request.signal; err = drm_ioctl_kernel(file, drm_wait_vblank_ioctl, &req, DRM_UNLOCKED); - req32.reply.type = req.reply.type; - req32.reply.sequence = req.reply.sequence; - req32.reply.tval_sec = req.reply.tval_sec; - req32.reply.tval_usec = req.reply.tval_usec; - if (copy_to_user(argp, &req32, sizeof(req32))) + req_compat.reply.type = req.reply.type; + req_compat.reply.sequence = req.reply.sequence; + req_compat.reply.tval_sec = req.reply.tval_sec; + req_compat.reply.tval_usec = req.reply.tval_usec; + if (copy_to_user(argp, &req_compat, sizeof(req_compat))) return -EFAULT; return err; @@ -911,15 +912,16 @@ static struct { drm_ioctl_compat_t *fn; char *name; } drm_compat_ioctls[] = { +#define DRM_IOCTL_COMPAT_DEF(n, f) [DRM_IOCTL_NR(n##_COMPAT)] = {.fn = f, .name = #n} #define DRM_IOCTL32_DEF(n, f) [DRM_IOCTL_NR(n##32)] = {.fn = f, .name = #n} - DRM_IOCTL32_DEF(DRM_IOCTL_VERSION, compat_drm_version), - DRM_IOCTL32_DEF(DRM_IOCTL_GET_UNIQUE, compat_drm_getunique), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_VERSION, compat_drm_version), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_UNIQUE, compat_drm_getunique), #if IS_ENABLED(CONFIG_DRM_LEGACY) DRM_IOCTL32_DEF(DRM_IOCTL_GET_MAP, compat_drm_getmap), #endif - DRM_IOCTL32_DEF(DRM_IOCTL_GET_CLIENT, compat_drm_getclient), - DRM_IOCTL32_DEF(DRM_IOCTL_GET_STATS, compat_drm_getstats), - DRM_IOCTL32_DEF(DRM_IOCTL_SET_UNIQUE, compat_drm_setunique), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_CLIENT, compat_drm_getclient), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_GET_STATS, compat_drm_getstats), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_SET_UNIQUE, compat_drm_setunique), #if IS_ENABLED(CONFIG_DRM_LEGACY) DRM_IOCTL32_DEF(DRM_IOCTL_ADD_MAP, compat_drm_addmap), DRM_IOCTL32_DEF(DRM_IOCTL_ADD_BUFS, compat_drm_addbufs), @@ -948,7 +950,7 @@ static struct { #if defined(CONFIG_X86) || defined(CONFIG_IA64) DRM_IOCTL32_DEF(DRM_IOCTL_UPDATE_DRAW, compat_drm_update_draw), #endif - DRM_IOCTL32_DEF(DRM_IOCTL_WAIT_VBLANK, compat_drm_wait_vblank), + DRM_IOCTL_COMPAT_DEF(DRM_IOCTL_WAIT_VBLANK, compat_drm_wait_vblank), #if defined(CONFIG_X86) || defined(CONFIG_IA64) DRM_IOCTL32_DEF(DRM_IOCTL_MODE_ADDFB2, compat_drm_mode_addfb2), #endif diff --git a/include/drm/drm_ioctl.h b/include/drm/drm_ioctl.h index 26d5c31aefa9..a7fd12d09268 100644 --- a/include/drm/drm_ioctl.h +++ b/include/drm/drm_ioctl.h @@ -65,7 +65,7 @@ typedef int drm_ioctl_t(struct drm_device *dev, void *data, * structures and hence never need this. */ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, - unsigned long arg); + user_uintptr_t arg); #define DRM_IOCTL_NR(n) _IOC_NR(n) #define DRM_IOCTL_TYPE(n) _IOC_TYPE(n) -- 2.25.1

2 years, 8 months

1
0
0 0

[PATCH v2 0/7] Address ioctl-related GCC warnings

by Luca Vizzarro

Hi all, This patch series addresses the issue reported in the following issue: https://git.morello-project.org/morello/kernel/linux/-/issues/45 Changes available at: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/6.1-ioctl… v2: - discarded the posix_clock_compat_ioctl handler and replaced with the compat_ptr_ioctl helper function Luca Vizzarro (7): ptp: Modify ptp_ioctl to use user_uintptr_t tty: Modify ioctl to use user_uintptr_t fs: Fix user_uinptr_t behaviour with ioctl net: Modify ioctl to use user_uintptr_t net/br_ioctl: Modify br_dev_read_uargs to accept user_uintptr_t net/br_ioctl: Support 64-bit pointers in compat time/posix_clock: Use compat_ptr_ioctl helper drivers/ptp/ptp_chardev.c | 2 +- drivers/ptp/ptp_private.h | 2 +- drivers/tty/n_tty.c | 2 +- drivers/tty/pty.c | 4 ++-- drivers/tty/serial/serial_core.c | 2 +- drivers/tty/tty_ioctl.c | 2 +- drivers/tty/vt/keyboard.c | 2 +- drivers/tty/vt/vt.c | 2 +- drivers/tty/vt/vt_ioctl.c | 8 ++++---- fs/autofs/root.c | 2 +- fs/ext4/ioctl.c | 4 ++-- include/linux/net.h | 2 +- include/linux/posix-clock.h | 2 +- include/linux/tty.h | 4 ++-- include/linux/tty_driver.h | 2 +- include/linux/tty_ldisc.h | 2 +- include/linux/vt_kern.h | 4 ++-- include/net/inet_common.h | 2 +- include/net/ipv6.h | 2 +- include/net/sock.h | 2 +- include/net/tcp.h | 2 +- include/net/udp.h | 2 +- kernel/time/posix-clock.c | 21 +-------------------- net/bridge/br_ioctl.c | 12 ++++++------ net/ipv4/af_inet.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/af_inet6.c | 2 +- net/ipv6/raw.c | 2 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 2 +- net/socket.c | 2 +- net/unix/af_unix.c | 4 ++-- 34 files changed, 47 insertions(+), 66 deletions(-) -- 2.34.1

2 years, 8 months

2
12
0 0

[PATCH 0/6] Address ioctl-related GCC warnings

by Luca Vizzarro

Hi all, This patch series addresses all the warnings as reported in the following issue: https://git.morello-project.org/morello/kernel/linux/-/issues/45 Changes available at: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/6.1-ioctl… The commit at the end is an issue I have detected and fixed, although unrelated to the GitLab issue. Luca Vizzarro (6): ptp: Modify ptp_ioctl to use user_uintptr_t tty: Modify ioctl to use user_uintptr_t fs: Fix user_uinptr_t behaviour with ioctl net: Modify ioctl to use user_uintptr_t net/br_ioctl: Modify br_dev_read_uargs to accept user_uintptr_t net/br_ioctl: Support 64-bit pointers in compat drivers/ptp/ptp_chardev.c | 2 +- drivers/ptp/ptp_private.h | 2 +- drivers/tty/n_tty.c | 2 +- drivers/tty/pty.c | 4 ++-- drivers/tty/serial/serial_core.c | 2 +- drivers/tty/tty_ioctl.c | 2 +- drivers/tty/vt/keyboard.c | 2 +- drivers/tty/vt/vt.c | 2 +- drivers/tty/vt/vt_ioctl.c | 8 ++++---- fs/autofs/root.c | 2 +- fs/ext4/ioctl.c | 4 ++-- include/linux/net.h | 2 +- include/linux/posix-clock.h | 2 +- include/linux/tty.h | 4 ++-- include/linux/tty_driver.h | 2 +- include/linux/tty_ldisc.h | 2 +- include/linux/vt_kern.h | 4 ++-- include/net/inet_common.h | 2 +- include/net/ipv6.h | 2 +- include/net/sock.h | 2 +- include/net/tcp.h | 2 +- include/net/udp.h | 2 +- net/bridge/br_ioctl.c | 12 ++++++------ net/ipv4/af_inet.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/af_inet6.c | 2 +- net/ipv6/raw.c | 2 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 2 +- net/socket.c | 2 +- net/unix/af_unix.c | 4 ++-- 33 files changed, 46 insertions(+), 46 deletions(-) -- 2.34.1

2 years, 8 months

3
9
0 0

[PATCH 0/4] Handling of int arguments in fcntl()

by Luca Vizzarro

Hi all, This patch series addresses the issue reported in the following issue: https://git.morello-project.org/morello/kernel/linux/-/issues/42 Changes available at: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/6.1-fix-f… Luca Vizzarro (4): fs/fcntl: Fix F_SETLEASE argument type fs/fcntl: Fix F_SETSIG argument type fs/fcntl: Fix F_SETPIPE_SZ argument type fs/fcntl: Fix F_ADD_SEALS argument type fs/cifs/cifsfs.c | 2 +- fs/fcntl.c | 2 +- fs/libfs.c | 2 +- fs/locks.c | 22 +++++++++++----------- fs/nfs/nfs4file.c | 2 +- fs/nfs/nfs4proc.c | 4 ++-- fs/pipe.c | 6 +++--- include/linux/fs.h | 12 ++++++------ include/linux/memfd.h | 4 ++-- include/linux/pipe_fs_i.h | 4 ++-- mm/memfd.c | 6 +----- 11 files changed, 31 insertions(+), 35 deletions(-) -- 2.34.1

2 years, 8 months

2
6
0 0

[Announcement] 6.1 rebase

by Kevin Brodsky

Hi, This is to announce that the morello/next branch has been rebased from 5.18 to 6.1. Make sure to reset/rebase any local branch tracking next. morello/master will also move to 6.1 (aligning with next) within the next few weeks. The final 5.18-based commit has been tagged morello-last-5.18. Some important notes for all users and developers: - HWCAP2_MORELLO is now `1ul << 63` instead of `1ul << 31` (the lower 32 bits of HWCAP2 are now fully allocated, and new hwcaps are being allocated in the upper 32 bits). - When running on the Morello board, make sure to use the latest firmware, for instance from [0.1], as an issue present in older firmware versions may prevent the kernel from booting. - When running on FVP, make sure to use the latest FVP build [0.2]. Older builds may cause random failures while running the kernel or userspace. [0.1] https://git.morello-project.org/morello/board-firmware [0.2] https://developer.arm.com/downloads/-/arm-ecosystem-fvps The rest of this email is a changelog for the rebased patches. ----------------- Noteworthy changes: - "arm64: morello: Disable trapping early and unconditionally" fixed not to skip the initialisation of SCTLR_EL1 in init_kernel_el(). The original patch (on 5.10) was correct, but I didn't notice that the automatic merge went wrong when rebasing on 5.18, and somehow that only started causing trouble when rebasing the patch again on 6.1. - "arm64: uaccess: Support capabilities in __uaccess_mask_ptr()" needed to be rewritten due to [1]. The new implementation is similar to the original, but now diverges from the !PCuABI case. See commit message for details. - New patch addressing a Clang issue that the rebase on 6.1 revealed: "vmlinux.lds.h: Work around Clang issue when targeting PCuABI" (see commit message for details and link to CHERI-LLVM issue). - Removed setting of KSFT_KHDR_INSTALL in "kselftests/arm64: Add build support for the C testing environment", as this functionality was removed by [2]. make headers_install now needs to be run manually before building the kselftests. - A lot of io_uring development has happened since 5.18, the most obvious change being that fs/io_uring.c has been split into dozens of files under io_uring/*. Due to this and other changes/additions: * The following patches have been updated in consequence: - "io_uring: Fix __capability annotations in PCuABI", - "io_uring: Fix user pointer downcast" * New patches: - "io_uring/net: Make io_recvmsg_prep_multishot() PCuABI-friendly" (addresses build issues with a new functionality) - "io_uring: Enlarge struct io_cmd_data in PCuABI" (addresses an issue revealed by a new assertion, approach agreed with Tudor) * Patch dropped as it is no longer needed thanks to some refactoring upstream: - "fs/io_uring: Fix usage of err.h macros with user pointers" - Due to the cross-arch <asm/compat.h> refactoring from [3.1], where many definitions moved to the asm-generic header: * "arm64: compat: Fix structs for compat64" is narrowed down to "asm-generic: Fix struct compat_shmid64_ds for compat64", and a new patch "arm64: compat: Only define compat_mode_t as u16 in compat32" is added to take care of struct compat_ipc64_perm in a less invasive way. * "arm64: compat: Fix structs compat_semid64_ds/compat_msqid64_ds" becomes "asm-generic: Fix structs compat_{semid64,msqid64}_ds for compat64" (same diff but in asm-generic instead). * "arm64: compat: update compat defines to 64-bits" was split in a few separate patches. See Téo's new version on the list ("[PATCH v5 0/2] arm64: compat: update compat defines to 64-bits" and follow-ups). Other changes: - "arm64: morello: System register definitions" aligned with the new sysreg macro generation scheme (arch/arm64/tools/sysreg). Some macro names changed as a result, the following commits were adjusted accordingly. - "lib: Fix user pointer downcasts", "iov_iter: Handle struct iovec and struct kvec separately" updated in line with changes to lib/iov_iter.c, notably the introduction of ITER_UBUF in [4.1]. [5] also added iov_iter_aligned_iovec(), so the second patch was extended to add its counterpart iov_iter_aligned_kvec() (added my Co-developed-by to that patch). - "arm64: morello: Add support for TLS as capabilities" updated in line with [6] (the prototype of copy_thread() no longer needs changing as it gets passed a pointer to the whole struct kernel_clone_args). Added my Co-developed-by to that patch too. - "uaccess: Add tag-preserving routines" updated in line with [7]. - New patch "tracing: Fix signature of unlocked_ioctl callback" to fix a new ioctl handler (posted by Zachary on the list). - "arm64: configs: Add Morello transitional PCuABI defconfig" updated as per make savedefconfig. - Fixed whitespace errors in a few patches. Dropped patches: - "drm/komeda - Fix handling of pending crtc state commit to avoid lock-up" (alternative fix made it upstream, the rest of the patches in that series are also upstream) - "fs/proc/vmcore: Segregate the user and kernel buffers" (superseded by [8]) - "arm64/efi: morello: Provide EFI stub version for memcpy/memmove" (no longer needed thanks to [9]) - "uapi/asm-generic/unistd.h: Use compat_sys_ptrace()" (fixed upstream by [3.2]) - 6 various cherry-picks from mainline that are present in 6.1, including Vincenzo's "security/keys: Remove inconsistent __user annotation". Relevant patch series that landed upstream between 5.18 and 6.1: [3], [4] [1] https://lore.kernel.org/all/20220922151053.3520750-1-mark.rutland@arm.com/ [2] https://lore.kernel.org/all/cover.1657296695.git.guillaume.tucker@collabora… [3] https://lore.kernel.org/all/20220405071314.3225832-1-guoren@kernel.org/ [3.1] https://lore.kernel.org/all/20220405071314.3225832-7-guoren@kernel.org/ [3.2] https://lore.kernel.org/all/20220405071314.3225832-8-guoren@kernel.org/ [4] https://lore.kernel.org/all/YrKWRCOOWXPHRCKg@ZenIV/ [4.1] https://lore.kernel.org/all/20220622041552.737754-9-viro@zeniv.linux.org.uk/ [5] https://lore.kernel.org/all/20220610195830.3574005-9-kbusch@fb.com/ [6] https://lore.kernel.org/all/20220506141512.516114-2-ebiederm@xmission.com/ [7] https://lore.kernel.org/all/20220915150417.722975-4-glider@google.com/ [8] https://lore.kernel.org/all/20211213000636.2932569-4-willy@infradead.org/ [9] https://lore.kernel.org/all/20220910081152.2238369-4-ardb@kernel.org/ Cheers, Kevin

2 years, 9 months

1
1
0 0

[PATCH] arm64: compat64: Use native handlers for preadv/pwritev

by Kevin Brodsky

preadv, pwritev and their variants (preadv2/pwritev2) do have compat handlers defined in generic code. However, these handlers are completely specific to 32-bit, as they expect the offset to be passed in two consecutive 32-bit integers. Since the compat handlers do not perform any other conversion, we can simply use the native handlers instead in compat64. Note that using the 64-suffixed compat handlers (e.g. compat_sys_preadv64) would not be any better, and in fact would not work in the case of preadv2/pwritev2. Indeed, these syscalls accept another argument after the offset, but compat_sys_{preadv64v2,pwrite64v2} take just one 64-bit integer as offset. This is incompatible with the prototype of native handlers, as they take two 64-bit integers for the offset and ignore the second one. Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- arch/arm64/kernel/sys_compat64.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/arm64/kernel/sys_compat64.c b/arch/arm64/kernel/sys_compat64.c index b3c4cf9f3af8..41d72554907a 100644 --- a/arch/arm64/kernel/sys_compat64.c +++ b/arch/arm64/kernel/sys_compat64.c @@ -29,6 +29,16 @@ #define __arm64_compatentry_compat_sys_readahead __arm64_compatentry_sys_readahead #define __arm64_compatentry_compat_sys_fadvise64_64 __arm64_compatentry_sys_fadvise64_64 +/* + * The compat_sys_{preadv,pwritev}{,2} handlers are not appropriate for 64-bit + * tasks, as they expect the offset to be split in two 32-bit integers. The + * native handlers work fine in 64-bit compat too so just use those instead. + */ +#define __arm64_compatentry_compat_sys_preadv __arm64_compatentry_sys_preadv +#define __arm64_compatentry_compat_sys_preadv2 __arm64_compatentry_sys_preadv2 +#define __arm64_compatentry_compat_sys_pwritev __arm64_compatentry_sys_pwritev +#define __arm64_compatentry_compat_sys_pwritev2 __arm64_compatentry_sys_pwritev2 + /* * 64-bit tasks use mmap (not mmap2). */ -- 2.38.1

2 years, 9 months

4
4
0 0

[PATCH v2] fork: clone: Pass through newsp/tls clone args unmodified in compat

by Kevin Brodsky

A subtle ABI change was introduced in compat64 by "clone: Alter clone to accept capabilities". Indeed, since there is no compat handler for clone, the native one is also used for compat, including 64-bit compat (compat64). This is where the way we convert compat64 syscall arguments to native (PCuABI) is showing its limits: if a syscall wrapper expects a capability-sized argument, compat_ptr() is used to convert the user-provided 64-bit value to a capability. In general, this is what we want, and in fact it is the case for the parent_tidptr and child_tidptr arguments of clone, which are ordinary pointers to user data. However, the newsp and tls arguments are special: they specify the value to set registers to. We should not alter these values in any way: in arm64/PCuABI, they are capabilities and we set CSP/CTPIDR accordingly, but in hybrid, they are still 64-bit values and we should only set the lower 64 bits of CSP/CTPIDR. This is not the case in compat64 as compat_ptr() is called to turn these 64-bit values into capabilities. The most correct solution would be to introduce a compat clone wrapper, but this is rather painful as clone has 4 possible prototypes depending on the architecture. The approach taken here is a middle ground, narrowing down the stack / TLS pointer arguments in the native handler if we got called from compat. This effectively cancels out the automatic creation of capabilities in the compat syscall wrapper, which is not ideal but considered acceptable in this very particular situation. Fixes: ("clone: Alter clone to accept capabilities") Co-developed-by: Beata Michalska <beata.michalska(a)arm.com> Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- kernel/fork.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 94777ac4d455..73fe97ad471e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2743,14 +2743,19 @@ SYSCALL_DEFINE5(clone, unsigned long, clone_flags, user_uintptr_t, newsp, user_uintptr_t, tls) #endif { + bool compat_mode = in_compat_syscall(); struct kernel_clone_args args = { .flags = (lower_32_bits(clone_flags) & ~CSIGNAL), .pidfd = parent_tidptr, .child_tid = child_tidptr, .parent_tid = parent_tidptr, .exit_signal = (lower_32_bits(clone_flags) & CSIGNAL), - .stack = newsp, - .tls = tls, + .stack = (compat_mode ? + (user_uintptr_t)(compat_ulong_t)newsp : + newsp), + .tls = (compat_mode ? + (user_uintptr_t)(compat_ulong_t)tls : + tls), }; return kernel_clone(&args); -- 2.38.1

2 years, 9 months

2
2
0 0

[PATCH] arm64: compat64: Restore size of newsp/tls clone arguments

by Kevin Brodsky

A subtle ABI change was introduced in compat64 by "clone: Alter clone to accept capabilities". Indeed, since there is no compat handler for clone, the native one is also used for compat64. This is where the way we convert compat64 syscall arguments to native is showing its limits: if a syscall wrapper expects a capability-sized argument, compat_ptr() is used to convert the user-provided 64-bit value to a capability. In general, this is what we want, and in fact it is the case for the parent_tidptr and child_tidptr arguments of clone, which are ordinary pointers to user data. However, the newsp and tls arguments are special: they specify the value to set registers to. We should not alter these values in any way: in PCuABI, they are capabilities and we set CSP/CTPIDR accordingly, but in hybrid, they are still 64-bit values and we should only set the lower 64 bits of CSP/CTPIDR. This is not the case in compat64 as compat_ptr() is called to turn these 64-bit values into capabilities. The most correct solution would be to introduce a generic compat clone wrapper, but this is rather painful as clone has 4 possible prototypes depending on the architecture. Given that the issue is completely specific to the hybrid ABI, overriding the compat64 syscall wrapper in sys_compat64.c feels like a reasonable compromise. Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- I've realised this inconsistency while thinking about the initialisation of capability registers ("New CHERI API and separation root capabilities" series), as well as reviewing the clone3 series. We are already doing the right thing for clone3, time to align clone. arch/arm64/kernel/sys_compat64.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/arm64/kernel/sys_compat64.c b/arch/arm64/kernel/sys_compat64.c index 819b895ec21d..b3c4cf9f3af8 100644 --- a/arch/arm64/kernel/sys_compat64.c +++ b/arch/arm64/kernel/sys_compat64.c @@ -9,6 +9,7 @@ #include <linux/compat.h> #include <linux/compiler.h> +#include <linux/sched/task.h> #include <linux/syscalls.h> #include <asm/syscall.h> @@ -83,6 +84,33 @@ #define __arm64_compatentry_compat_sys_setitimer __arm64_compatentry_sys_setitimer #define __arm64_compatentry_compat_sys_getrusage __arm64_compatentry_sys_getrusage +/* + * This is exactly the same definition as the native clone, except that newsp + * and tls are defined as unsigned long, not user_uintptr_t. When the native ABI + * is PCuABI, this prevents capabilities from being implicitly created for the + * stack/TLS in compat64 by the syscall wrapper. This ensures alignment with the + * hybrid ABI (i.e. CSP/CTPIDR are set to the 64-bit values passed to clone()). + */ +COMPAT_SYSCALL_DEFINE5(arm64_clone, unsigned long, clone_flags, unsigned long, newsp, + int __user *, parent_tidptr, + unsigned long, tls, + int __user *, child_tidptr) +{ + struct kernel_clone_args args = { + .flags = (lower_32_bits(clone_flags) & ~CSIGNAL), + .pidfd = parent_tidptr, + .child_tid = child_tidptr, + .parent_tid = parent_tidptr, + .exit_signal = (lower_32_bits(clone_flags) & CSIGNAL), + .stack = newsp, + .tls = tls, + }; + + return kernel_clone(&args); +} + +#define __arm64_compatentry_sys_clone __arm64_compatentry_compat_sys_arm64_clone + asmlinkage long sys_ni_syscall(void); asmlinkage long __arm64_compatentry_sys_ni_syscall(const struct pt_regs *__unused) -- 2.38.1

2 years, 9 months

3
6
0 0

2025

2024

2023

2022

linux-morello