Hi,
I think this is a good mailing list to share Cheri linux for risc-v project.
-Dmitry
----------------------------------------------------------------------------------------------------------------------------------------
From: Dmitry Kasatkin
Sent: Wednesday, September 28, 2022 4:23 PM
To: cl-cheribsd-discuss(a)lists.cam.ac.uk; cl-cheri-discuss(a)lists.cam.ac.uk; linux-riscv(a)lists.infradead.org
Cc: Wang Kui; Jan Erik Ekberg; Horsch, Julian; Ahlrichs, Vincent; Auer, Lukas
Subject: Linux support for RISC-V CHERI
Hi,
I would like to inform that our work on Linux support for RISC-V CHERI has been open sourced on GitHub:
https://github.com/cheri-linux
CHERI is an experimental ISA exention providing architectural capabilities for different ISAs including RISC-V and ARM.
CHERI is not available in mainstream CPUs and available on certain experimental cores for FPGAs.
Information about CHERI can be found here:
https://www.cl.cam.ac.uk/research/security/ctsrd/cheri
This work dedicated to RISC-V and has been done by Huawei and Fraunhofer with the great support from Cambridge University.
BR,
Dmitry
Hi,
I think this is a good mailing list to share Cheri linux for risc-v project.
-Dmitry
________________________________
From: Dmitry Kasatkin
Sent: Wednesday, September 28, 2022 4:23 PM
To: cl-cheribsd-discuss(a)lists.cam.ac.uk; cl-cheri-discuss(a)lists.cam.ac.uk; linux-riscv(a)lists.infradead.org
Cc: Wang Kui; Jan Erik Ekberg; Horsch, Julian; Ahlrichs, Vincent; Auer, Lukas
Subject: Linux support for RISC-V CHERI
Hi,
I would like to inform that our work on Linux support for RISC-V CHERI has been open sourced on GitHub:
https://github.com/cheri-linux
CHERI is an experimental ISA exention providing architectural capabilities for different ISAs including RISC-V and ARM.
CHERI is not available in mainstream CPUs and available on certain experimental cores for FPGAs.
Information about CHERI can be found here:
https://www.cl.cam.ac.uk/research/security/ctsrd/cheri
This work dedicated to RISC-V and has been done by Huawei and Fraunhofer with the great support from Cambridge University.
BR,
Dmitry
Currently, the PCuABI kernel from the "morello/next" branch doesn't set bounds for the elements of argv and envp.
I suppose the bounds should be equal to `round_representable(strlen+1)` and currently they appear as 2^64 - 1.
Could this be fixed? Thank you!
Kind regards,
Yury
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
currently a capability store to shared memory (MAP_SHARED)
segfaults, but process shared robust mutex requires this to
work.
the linux design for robust mutex is that each thread has
a list of shared robust mutex objects (see set_robust_list
system call) that the kernel can walk on thread exit and
wake all other waiters of that mutex (with FUTEX_OWNER_DIED).
the list pointer is stored in the mutex object itself which
is in shared memory in case of a process shared robust mutex.
not sure if we can make this to work on morello.
example posix code:
#include <pthread.h>
#include <sys/mman.h>
int main()
{
pthread_mutex_t *m = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_SHARED, -1, 0);
pthread_mutexattr_t a;
pthread_mutexattr_init(&a);
pthread_mutexattr_setrobust(&a, PTHREAD_MUTEX_ROBUST);
pthread_mutex_init(m, &a);
pthread_mutexattr_destroy(&a);
pthread_mutex_lock(m); // segfaults in libc
return 0;
}
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Playing around with syscall framework macros broke the syscall tracing
badly, see:
commit ("arm64/syscalls: Allow syscalls to return
capabilities")
and:
https://git.morello-project.org/morello/kernel/linux/-/issues/35
for the corresponding bug report.
This series in an attempt to remedy that.
The first patch does some rather controversial thing, but there is already a
precedent for that (as of ARCH_HAS_SYSCALL_MATCH_SYM_NAME), so one could say
it can be somehow exonerated.
The second one tries to get the SYSCALL_METADATA macro aligned with the
changes that caused the issue in the first place and, sadly, it is touching
other archs code, though the changes are minimal and safe.
Note: checkpatch will complain about few things but those are to be ignored.
Tracing selftests seem to be happy with the changes.
Also verified with some random syscall events.
v3:
- further splitting of patches ([PATCH 3/4] from v2)
- aligning the order of #ifdef defines
v2:
- split [PATCH 2/3] into generic and Morello specific changes
- added dependency on CONFIG_FTRACE_SYSCALLS for ARCH_HAS_SYSCALL_ADDR
- improved (hopefully) commit message for previous PATCH 2-3
- small formatting clean-up
Review branch:
https://git.morello-project.org/Bea/linux/-/commits/morello/ftrace_syscalls…
Beata Michalska (5):
tracing/syscalls: Reshape arch_syscall_addr
tracing/syscalls: Allow amending metadata macro arguments
arm64/syscalls: Fix syscalls tracing
arm64: morello: ftrace: Use dedicated arch_syscall_addr
tracing/signal: Use explicit conversion instead of vague downcast
Documentation/trace/ftrace-design.rst | 5 +++--
arch/arm64/include/asm/ftrace.h | 4 ++++
arch/arm64/include/asm/syscall_wrapper.h | 8 ++++++--
arch/arm64/kernel/syscall.c | 12 ++++++++++++
arch/mips/include/asm/ftrace.h | 4 ++++
arch/s390/include/asm/syscall_wrapper.h | 6 +++---
arch/x86/include/asm/syscall_wrapper.h | 2 +-
include/linux/syscalls.h | 13 +++++++++----
include/trace/events/signal.h | 4 ++--
kernel/trace/trace_syscalls.c | 4 +++-
10 files changed, 47 insertions(+), 15 deletions(-)
--
2.25.1
When Morello support is enabled, the size of struct pt_regs
increases drastically (to make space for capability registers).
As a result, PT_REGS_SIZE can unfortunately no longer be used as an
immediate for LDP/STP. Use an explicit ADD instead.
This fixes the build when CONFIG_ARM64_MORELLO and
CONFIG_FUNCTION_TRACER are both selected.
Reported-by: Ruben Ayrapetyan <ruben.ayrapetyan(a)arm.com>
Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com>
---
arch/arm64/kernel/entry-ftrace.S | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
index e535480a4069..66f75e2b2637 100644
--- a/arch/arm64/kernel/entry-ftrace.S
+++ b/arch/arm64/kernel/entry-ftrace.S
@@ -68,8 +68,9 @@
str x30, [sp, #S_PC]
/* Create a frame record for the callsite above pt_regs */
- stp x29, x9, [sp, #PT_REGS_SIZE]
- add x29, sp, #PT_REGS_SIZE
+ add x10, sp, #PT_REGS_SIZE
+ stp x29, x9, [x10]
+ mov x29, x10
/* Create our frame record within pt_regs. */
stp x29, x30, [sp, #S_STACKFRAME]
--
2.34.1
brk should not be implemented in purecap, return -ENOSYS when not in compat.
Co-authored-by: Tudor Cretu <tudor.cretu(a)arm.com>
Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com>
---
Thanks Tudor for providing the code snippet, making it much more clear than
my original ideas.
mm/mmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mm/mmap.c b/mm/mmap.c
index ce282f9d9f8e..1048c358b872 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -194,6 +194,11 @@ static int do_brk_flags(unsigned long addr, unsigned long request, unsigned long
struct list_head *uf);
SYSCALL_DEFINE1(brk, unsigned long, brk)
{
+#ifdef CONFIG_CHERI_PURECAP_UABI
+ if (!in_compat_syscall()) {
+ return -ENOSYS;
+ }
+#endif
unsigned long newbrk, oldbrk, origbrk;
struct mm_struct *mm = current->mm;
struct vm_area_struct *next;
--
2.25.1
This series updates the brk LTP tests to use direct syscalls which makes
the compat tests pass on our musl-based distribution.
Add a simple sanity check for purecap that will fail if brk is not disabled.
Depends on merging the corresponding Linux patch disabling brk :
https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org…
Teo Couprie Diaz (2):
syscalls/brk: use direct syscall
syscalls/brk: add a sanity check for purecap
testcases/kernel/syscalls/brk/brk01.c | 35 ++++++++++++++++++++++++---
testcases/kernel/syscalls/brk/brk02.c | 17 +++++++------
2 files changed, 41 insertions(+), 11 deletions(-)
--
2.25.1
If a signal handler is installed using the sigaction(2) SA_SIGINFO flag,
then the signal-related context is accessible to the userspace via the
ucontext_t object.
This object contains:
+ the program counter register (i.e., the address of the next
instruction in the main program that should be executed when the
signal handler returns);
+ architecture-specific register state required for resuming the
interrupted program;
+ the thread's current signal mask;
+ the thread's alternate signal stack settings.
Therefore, the signal handler can alter the PC and PSTATE. If Morello is
supported, ensure that PC's LSB is cleared and PSTATE.C64 is set if the
PC was set using C64 ISA.
Cc: Harry Ramsey <harry.ramsey(a)arm.com>
Signed-off-by: Tudor Cretu <tudor.cretu(a)arm.com>
---
Many thanks to Harry (CC'ed) for finding an use case where sigreturn didn't
behave as expected. Tested with Musl signal tests. Unfortunetaly, these is no
LTP test that touches this functionality.
Review branch:
https://git.morello-project.org/tudcre01/linux/-/commits/sigreturn_fix_v1
---
arch/arm64/kernel/signal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c
index 1dd040c72630..e2527df334a9 100644
--- a/arch/arm64/kernel/signal.c
+++ b/arch/arm64/kernel/signal.c
@@ -669,6 +669,9 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
if (restore_altstack(&frame->uc.uc_stack))
goto badframe;
+ if (system_supports_morello())
+ morello_setup_signal_return(regs);
+
#if defined(CONFIG_CHERI_PURECAP_UABI) && !defined(SIGNAL_COMPAT64)
return regs->cregs[0];
#else
--
2.25.1
Playing around with syscall framework macros broke the syscall tracing
badly, see:
commit bb3fbc44e783 ("arm64/syscalls: Allow syscalls to return
capabilities")
and:
https://git.morello-project.org/morello/kernel/linux/-/issues/35
for the corresponding bug report.
This series in an attempt to remedy that.
The first patch does some rather controversial thing, but there is already a
precedent for that (as of ARCH_HAS_SYSCALL_MATCH_SYM_NAME), so one could say
it can be somehow exonerated.
The second one tries to get the SYSCALL_METADATA macro aligned with the
changes that caused the issue in the first place and, sadly, it is touching
other archs code, though the changes are minimal and safe.
Note: checkpatch will complain about few things but those are to be ignored.
Tracing selftests seem to be happy with the changes.
Also verified with some random syscall events.
v2:
- split [PATCH 2/3] into generic and Morello specific changes
- added dependency on CONFIG_FTRACE_SYSCALLS for ARCH_HAS_SYSCALL_ADDR
- improved (hopefully) commit message for previous PATCH 2-3
- small formatting clean-up
Review branch:
https://git.morello-project.org/Bea/linux/-/commits/morello/ftrace_syscalls/
Beata Michalska (4):
tracing/syscalls: Reshape arch_syscall_addr
tracing/syscalls: Allow amending metadata macro arguments
arm64:morello: Get a grip on syscall tracing
tracing/signal: Use explicit conversion instead of vague downcast
Documentation/trace/ftrace-design.rst | 5 +++--
arch/arm64/include/asm/ftrace.h | 4 ++++
arch/arm64/include/asm/syscall_wrapper.h | 9 ++++++---
arch/arm64/kernel/syscall.c | 12 ++++++++++++
arch/mips/include/asm/ftrace.h | 4 ++++
arch/s390/include/asm/syscall_wrapper.h | 6 +++---
arch/x86/include/asm/syscall_wrapper.h | 2 +-
include/linux/syscalls.h | 13 +++++++++----
include/trace/events/signal.h | 4 ++--
kernel/trace/trace_syscalls.c | 4 +++-
10 files changed, 47 insertions(+), 16 deletions(-)
--
2.25.1
