April 2023 - linux-morello - op-lists.linaro.org

[PATCH v2 0/5] Alter fcntl to handle int arguments correctly

by Luca Vizzarro

According to the documentation of fcntl, some commands take an int as argument. In practice not all of them enforce this behaviour, as they instead accept a more permissive long and in most cases not even a range check is performed. An issue could possibly arise from a combination of the handling of the varargs in user space and the ABI rules of the target, which may result in the top bits of an int argument being non-zero. This issue was originally raised and detailed in the following thread: https://lore.kernel.org/linux-api/Y1%2FDS6uoWP7OSkmd@arm.com/ And was discovered during the porting of Linux to Morello [1]. This series modifies the interested commands so that they explicitly take an int argument. It also propagates this change down to helper and related functions as necessary. This series is also available on my fork at: https://git.morello-project.org/Sevenarth/linux/-/commits/fcntl-int-handlin… Best regards, Luca Vizzarro [1] https://git.morello-project.org/morello/kernel/linux Luca Vizzarro (5): fcntl: Cast commands with int args explicitly fs: Pass argument to fcntl_setlease as int pipe: Pass argument of pipe_fcntl as int memfd: Pass argument of memfd_fcntl as int dnotify: Pass argument of fcntl_dirnotify as int fs/cifs/cifsfs.c | 2 +- fs/fcntl.c | 29 +++++++++++++++-------------- fs/libfs.c | 2 +- fs/locks.c | 20 ++++++++++---------- fs/nfs/nfs4_fs.h | 2 +- fs/nfs/nfs4file.c | 2 +- fs/nfs/nfs4proc.c | 4 ++-- fs/notify/dnotify/dnotify.c | 4 ++-- fs/pipe.c | 6 +++--- include/linux/dnotify.h | 4 ++-- include/linux/filelock.h | 12 ++++++------ include/linux/fs.h | 6 +++--- include/linux/memfd.h | 4 ++-- include/linux/pipe_fs_i.h | 4 ++-- mm/memfd.c | 6 +----- 15 files changed, 52 insertions(+), 55 deletions(-) -- 2.34.1

1 year, 4 months

4
9
0 0

[PATCH 0/4] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v1 Tudor Cretu (4): aio: Fix the relationship between ctx pages and io_events array aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Use user pointer type in the io_event struct and aio_context_t fs/aio.c | 197 ++++++++++++++++++++++++++--------- include/uapi/linux/aio_abi.h | 12 +-- 2 files changed, 153 insertions(+), 56 deletions(-) -- 2.34.1

1 year, 5 months

2
15
0 0

[PATCH 0/9] New user_ptr helpers for uaccess

by Kevin Brodsky

Hi, This series introduces new user_ptr helpers to help in certain uaccess-related situations. This is a follow-up to my previous series "New CHERI API and separation of root capabilities"; the CHERI helpers it introduced are used to implement the new generic user_ptr helpers in PCuABI. The new helpers are (see patch 1 for details): * make_user_ptr_for_<perms>_uaccess(), to create user pointers in order to perform uaccess, with appropriate bounds and permissions. * check_user_ptr_<perms>(), to perform explicit checking of user pointers. This series does not actually make use of check_user_ptr_<perms>(), rather it prepares the ground for implementing explicit checking when user memory is accessed via kernel mappings [1]. The rest of the series (patch 2-9) is about converting existing uses of uaddr_to_user_ptr_safe(), as it should now only be used for *providing* user pointers to userspace, and not for uaccess. After this series, the only remaining users of uaddr_to_user_ptr_safe() are: - fs/binfmt_elf.c to provide all the initial capabilities (stack, AT_CHERI_*_CAP, etc.). uaddr_to_user_ptr_safe() is still used to write the initial data on the stack too; it didn't seem worthwhile to refactor this code as it is going to change anyway as part of [2] and [3]. - mmap / mremap / shmat to return a valid capability. To clarify which helper should be used in which situation, here are two tables specifying the helper to use depending on whether the address is specified by userspace or the kernel itself, and whether the pointer is provided to userspace or used by the kernel itself. *Before* this series: +-----------------------------------+---------------------+--------------------------+ | Pointer for \ Address provided by | User | Kernel | +===================================+=====================+==========================+ | User | - | uaddr_to_user_ptr_safe() | +-----------------------------------+---------------------+--------------------------+ | Kernel (uaccess) | uaddr_to_user_ptr() | uaddr_to_user_ptr_safe() | +-----------------------------------+---------------------+--------------------------+ *After* this series: +-----------------------------------+---------------------+-------------------------------+ | Pointer for \ Address provided by | User | Kernel | +===================================+=====================+===============================+ | User | - | uaddr_to_user_ptr_safe() | +-----------------------------------+---------------------+-------------------------------+ | Kernel (uaccess) | uaddr_to_user_ptr() | make_user_ptr_*_for_uaccess() | +-----------------------------------+---------------------+-------------------------------+ Eventually both uaddr_to_user_ptr() and uaddr_to_user_ptr_safe() should disappear, the first thanks to userspace always providing full pointers and the second being replaced by handcrafted code creating capabilities in line with the PCuABI spec (whose bounds give access to only the intended object and potentially padding). Note that patch 1 and 4 were included in the first RFC of the CHERI API series [4]. They remain broadly the same, but: - make_privileged_user_ptr and check_user_ptr() have been renamed, and the permissions are now specified by calling the right variant of the function instead of passing a bitfield. They are now called respectively make_user_ptr_for_<perms>_uaccess() and check_user_ptr_<perms>(). - The user_ptr documentation has been updated accordingly. - The commit messages have been improved to reflect the overall intention better. Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/commits/morello/user_p… Rendered doc: https://git.morello-project.org/kbrodsky-arm/linux/-/blob/morello/user_ptr_… Thanks, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/issues/7 [2] https://git.morello-project.org/morello/kernel/linux/-/issues/19 [3] https://git.morello-project.org/morello/kernel/linux/-/issues/22 [4] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Kevin Brodsky (9): linux/user_ptr.h: Introduce uaccess-related helpers fs/binfmt_elf: Create appropriate user pointer for uaccess coredump: Create appropriate user pointer for uaccess mm/memory: Create appropriate user pointer for uaccess Revert "mm/hugetlb: Use appropriate user pointer conversions" Revert "mm/shmem: Use appropriate user pointer conversions" audit: Create appropriate user pointer for uaccess perf: Avoid uaddr_to_user_ptr_safe() for arbitrary user address arm64: Create appropriate user pointer for uaccess Documentation/core-api/user_ptr.rst | 100 ++++++++++++++++++---------- arch/arm64/kernel/debug-monitors.c | 3 +- arch/arm64/kernel/traps.c | 2 +- fs/binfmt_elf.c | 14 ++-- fs/coredump.c | 4 +- include/linux/user_ptr.h | 86 ++++++++++++++++++++++-- kernel/auditsc.c | 3 +- kernel/events/internal.h | 2 +- lib/user_ptr.c | 46 +++++++++++++ mm/hugetlb.c | 2 +- mm/memory.c | 2 +- mm/shmem.c | 2 +- 12 files changed, 216 insertions(+), 50 deletions(-) -- 2.38.1

1 year, 5 months

4
19
0 0

[PATCH v3 0/3] futex: Enable PCuABI memory accesses

by Luca Vizzarro

This commit tackles the issue reported at: https://git.morello-project.org/morello/kernel/linux/-/issues/6 Commit also available at: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/futex-v3 v3: - reworded commit bodies - removed a redundant include - fixed whitespace alignment v2: - split code in 3 commits as suggested - added more details in the commit bodies - updated the TODO notation for futex.h - updated the prefix for A64/C64 definitions in futex.h - updated the asm constraint's name to follow naming conventions - updated the robust list entry fetch code to use the pre-existing helper USER_PTR_ALIGN_DOWN - reverted pointer comparisons Luca Vizzarro (3): arm64: futex: Enable capability-based uaccess futex: Handle capability-based robust list entries futex: Add explicit capability checking TODOs arch/arm64/include/asm/futex.h | 47 ++++++++++++++++++++++++---------- kernel/futex/core.c | 19 ++++++-------- 2 files changed, 41 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 7 months

3
7
0 0

[PATCH] morello: Fix build of kernel due to merge conflicts

by carsten.haitzler＠foss.arm.com

From: Carsten Haitzler <carsten.haitzler(a)arm.com> New conflicts have appeared now in the kernel git. Use checkout not merge to solve this so we can build morello images again. Signed-off-by: Carsten Haitzler <carsten.haitzler(a)arm.com> --- morello/scripts/configure-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/morello/scripts/configure-linux.sh b/morello/scripts/configure-linux.sh index 54933fc..b7dd2b4 100755 --- a/morello/scripts/configure-linux.sh +++ b/morello/scripts/configure-linux.sh @@ -10,7 +10,7 @@ submodule_update() { echo "$1 updating progress..." # Populate repositories git submodule update --init --recursive --progress $1 - git submodule update --remote --merge $1 + git submodule update --remote --checkout $1 } submodule_update_projects() { -- 2.25.1

1 year, 7 months

4
4
0 0

[PATCH v6 0/10] Support io_uring for Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the io_uring system. With these patches, all io_uring LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the io_uring system and a significant portion of the multiplexed functionality is untested in LTP. I have finished investigating Purecap and plain AArch64 liburing tests and examples and the series is updated accordingly. v6: - Only Patches 8 and 10 are slighlty modified - Fix format issues - Add license header to io_uring_compat.h - Move __io_get_ith_cqe after __io_get_cqe - Remove the const from io_user_data_is_same parameters v5: - Revert changes in trace/events/io_uring.h - Add new header trace/events/io_uring.h for compat structs - Change cqe_cached/ccqe_sentinel to indices - Move print_sqe and print_cqe macros outside of the function - Rename is_compat64_io_ring_ctx to io_in_compat64 - Add helper for user_data values comparison - Add condition to not change addr fielt to a compat_ptr for opcodes where it's a user_data value stored - Other small fixes suggested by Kevin v4: - Rebase on top of morello/next - Remove the union for flags in struct compat_io_uring_sqe and only kept a single member - Improve format and move functions as per feedback on v3 - Add a new helper for checking if context is compat - Remove struct conversion in fdinfo and just use macros - Remove the union from struct io_overflow_cqe and just leave the native struct - Fix the cqe_cached/cqe_sentinel mechanism - Separate the fix for the shared ring size's off-by-one error into a new PATCH 6 - Remove the compat_ptr for addr fields that represent user_data values - Extend the trace events accordingly to propagate capabilities - Use copy*_with_ptr routine for copy_msghdr_from_user in a new PATCH 1 - Fix the misuse of addr2 and off in IORING_OP_CONNECT and IORING_OP_POLL_REMOVE v3: - Introduce Patch 5 which exposes the compat handling logic for epoll_event. This is used then in io_uring/epoll.c. - Introduce Patch 6 which makes sure that when struct iovec is copied from userspace, the capability tags are preserved. - Fix a few sizeof(var) to sizeof(*var). - Use iovec_from_user so that compat handling logic is applied instead of copying directly from user - Add a few missing copy_from_user_with_ptr where suitable. v2: - Rebase on top of release 6.1 - Remove VM_READ_CAPS/VM_LOAD_CAPS patches as they are already merged - Update commit message in PATCH 1 - Add the generic changes PATCH 2 and PATCH 3 to avoid copying user pointers from/to userspace unnecesarily. These could be upstreamable. - Split "pulling the cqes memeber out" change into PATCH 4 - The changes for PATCH 5 and 6 are now split into their respective files after the rebase. - Format and change organization based on the feedback on the previous version, including creating helpers copy_*_from_* for various uAPI structs - Add comments related to handling of setup flags IORING_SETUP_SQE128 and IORING_SETUP_CQE32 - Add handling for new uAPI structs: io_uring_buf, io_uring_buf_ring, io_uring_buf_reg, io_uring_sync_cancel_reg. Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/2 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/io_uring_v6 Tudor Cretu (10): net: socket: use copy_from_user_with_ptr for struct user_msghdr io_uring/rw: Restrict copy to only uiov->len from userspace io_uring/tctx: Copy only the offset field back to user io_uring: Pull cqes member out from rings struct epoll: Expose compat handling logic of epoll_event io_uring/kbuf: Fix size for shared buffer ring io_uring: Make cqe_cached and cqe_sentinel indices instead of pointers io_uring: Implement compat versions of uAPI structs and handle them io_uring: Allow capability tag access on the shared memory io_uring: Use user pointer type in the uAPI structs fs/eventpoll.c | 38 ++-- include/linux/eventpoll.h | 4 + include/linux/io_uring_compat.h | 130 +++++++++++++ include/linux/io_uring_types.h | 35 ++-- include/uapi/linux/io_uring.h | 76 ++++---- io_uring/advise.c | 7 +- io_uring/cancel.c | 32 +++- io_uring/cancel.h | 2 +- io_uring/epoll.c | 4 +- io_uring/fdinfo.c | 79 +++++--- io_uring/fs.c | 16 +- io_uring/io_uring.c | 323 ++++++++++++++++++++++++-------- io_uring/io_uring.h | 147 +++++++++++++-- io_uring/kbuf.c | 111 +++++++++-- io_uring/kbuf.h | 8 +- io_uring/msg_ring.c | 4 +- io_uring/net.c | 25 +-- io_uring/openclose.c | 4 +- io_uring/poll.c | 8 +- io_uring/rsrc.c | 138 +++++++++++--- io_uring/rw.c | 22 +-- io_uring/statx.c | 4 +- io_uring/tctx.c | 56 +++++- io_uring/timeout.c | 14 +- io_uring/uring_cmd.c | 5 + io_uring/uring_cmd.h | 4 + io_uring/xattr.c | 12 +- net/socket.c | 2 +- 28 files changed, 1000 insertions(+), 310 deletions(-) create mode 100644 include/linux/io_uring_compat.h -- 2.34.1

1 year, 7 months

2
12
0 0

[PATCH v2 0/3] futex: Enable PCuABI memory accesses

by Luca Vizzarro

This commit tackles the issue reported at: https://git.morello-project.org/morello/kernel/linux/-/issues/6 Commit also available at: https://git.morello-project.org/Sevenarth/linux/-/commits/morello/futex-v2 v2: - split code in 3 commits as suggested - added more details in the commit bodies - updated the TODO notation for futex.h - updated the prefix for A64/C64 definitions in futex.h - updated the asm constraint's name to follow naming conventions - updated the robust list entry fetch code to use the pre-existing helper USER_PTR_ALIGN_DOWN - reverted pointer comparisons Luca Vizzarro (3): arm64: futex: Enable capability-based uaccess futex: Handle capability-based robust list entries futex: Add explicit capability checking TODOs arch/arm64/include/asm/futex.h | 47 ++++++++++++++++++++++++---------- kernel/futex/core.c | 20 +++++++-------- 2 files changed, 42 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 7 months

2
6
0 0

[PATCH v5 0/10] Support io_uring for Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the io_uring system. With these patches, all io_uring LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the io_uring system and a significant portion of the multiplexed functionality is untested in LTP. I have finished investigating Purecap and plain AArch64 liburing tests and examples and the series is updated accordingly. v5: - Revert changes in trace/events/io_uring.h - Add new header trace/events/io_uring.h for compat structs - Change cqe_cached/ccqe_sentinel to indices - Move print_sqe and print_cqe macros outside of the function - Rename is_compat64_io_ring_ctx to io_in_compat64 - Add helper for user_data values comparison - Add condition to not change addr fielt to a compat_ptr for opcodes where it's a user_data value stored - Other small fixes suggested by Kevin v4: - Rebase on top of morello/next - Remove the union for flags in struct compat_io_uring_sqe and only kept a single member - Improve format and move functions as per feedback on v3 - Add a new helper for checking if context is compat - Remove struct conversion in fdinfo and just use macros - Remove the union from struct io_overflow_cqe and just leave the native struct - Fix the cqe_cached/cqe_sentinel mechanism - Separate the fix for the shared ring size's off-by-one error into a new PATCH 6 - Remove the compat_ptr for addr fields that represent user_data values - Extend the trace events accordingly to propagate capabilities - Use copy*_with_ptr routine for copy_msghdr_from_user in a new PATCH 1 - Fix the misuse of addr2 and off in IORING_OP_CONNECT and IORING_OP_POLL_REMOVE v3: - Introduce Patch 5 which exposes the compat handling logic for epoll_event. This is used then in io_uring/epoll.c. - Introduce Patch 6 which makes sure that when struct iovec is copied from userspace, the capability tags are preserved. - Fix a few sizeof(var) to sizeof(*var). - Use iovec_from_user so that compat handling logic is applied instead of copying directly from user - Add a few missing copy_from_user_with_ptr where suitable. v2: - Rebase on top of release 6.1 - Remove VM_READ_CAPS/VM_LOAD_CAPS patches as they are already merged - Update commit message in PATCH 1 - Add the generic changes PATCH 2 and PATCH 3 to avoid copying user pointers from/to userspace unnecesarily. These could be upstreamable. - Split "pulling the cqes memeber out" change into PATCH 4 - The changes for PATCH 5 and 6 are now split into their respective files after the rebase. - Format and change organization based on the feedback on the previous version, including creating helpers copy_*_from_* for various uAPI structs - Add comments related to handling of setup flags IORING_SETUP_SQE128 and IORING_SETUP_CQE32 - Add handling for new uAPI structs: io_uring_buf, io_uring_buf_ring, io_uring_buf_reg, io_uring_sync_cancel_reg. Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/2 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/io_uring_v5 Tudor Cretu (10): net: socket: use copy_from_user_with_ptr for struct user_msghdr io_uring/rw: Restrict copy to only uiov->len from userspace io_uring/tctx: Copy only the offset field back to user io_uring: Pull cqes member out from rings struct epoll: Expose compat handling logic of epoll_event io_uring/kbuf: Fix size for shared buffer ring io_uring: Make cqe_cached and cqe_sentinel indices instead of pointers io_uring: Implement compat versions of uAPI structs and handle them io_uring: Allow capability tag access on the shared memory io_uring: Use user pointer type in the uAPI structs fs/eventpoll.c | 38 ++-- include/linux/eventpoll.h | 4 + include/linux/io_uring_compat.h | 129 +++++++++++++ include/linux/io_uring_types.h | 35 ++-- include/uapi/linux/io_uring.h | 76 ++++---- io_uring/advise.c | 7 +- io_uring/cancel.c | 32 +++- io_uring/cancel.h | 2 +- io_uring/epoll.c | 4 +- io_uring/fdinfo.c | 82 +++++--- io_uring/fs.c | 16 +- io_uring/io_uring.c | 321 +++++++++++++++++++++++--------- io_uring/io_uring.h | 147 +++++++++++++-- io_uring/kbuf.c | 111 +++++++++-- io_uring/kbuf.h | 8 +- io_uring/msg_ring.c | 4 +- io_uring/net.c | 25 +-- io_uring/openclose.c | 4 +- io_uring/poll.c | 8 +- io_uring/rsrc.c | 138 +++++++++++--- io_uring/rw.c | 22 +-- io_uring/statx.c | 4 +- io_uring/tctx.c | 56 +++++- io_uring/timeout.c | 14 +- io_uring/uring_cmd.c | 5 + io_uring/uring_cmd.h | 4 + io_uring/xattr.c | 12 +- net/socket.c | 2 +- 28 files changed, 1000 insertions(+), 310 deletions(-) create mode 100644 include/linux/io_uring_compat.h -- 2.34.1

1 year, 7 months

2
14
0 0

[PATCH v2 0/2] morello: Enable TUN by default

by Kevin Brodsky

Hi, This is a small update to Vincenzo's series enabling TUN/TAP support. v1..v2: - Brought back tun_chr_compat_ioctl(), as we need to keep the handling of struct compat_ifreq being of a different size. The behaviour is otherwise unchanged from v1 (arg is always converted to a user pointer via compat_ptr(), just like when using compat_ptr_ioctl). - Adjusted the commit message in patch 1 accordingly, changed commit title as I suggested in v1. Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/commits/morello/tun_v2 Thanks, Kevin Vincenzo Frascino (2): net: tun: Fix ioctl handler argument type arm64: morello: Enable TUN in defconfig .../morello_transitional_pcuabi_defconfig | 1 + drivers/net/tun.c | 22 ++++--------------- 2 files changed, 5 insertions(+), 18 deletions(-) -- 2.38.1

1 year, 7 months

2
4
0 0

[PATCH] arm64: signal: Fix stale CSP read

by Kevin Brodsky

When Morello support is enabled, there is no guarantee that the view of a task's X and C registers (e.g. regs->regs and regs->cregs) is coherent (see also the note on "write coalescing" in Documentation/arm64/morello.rst). X/C merging always happens when returning to userspace, but the value of a task's X registers may be updated without the task being scheduled. This may happen due to ptrace(PTRACE_SETREGSET), but also, crucially, when multiple pending signals are delivered at the same time (typically when the task unblocks them). All capability registers are read in preserve_morello_context(), in order to store them in the signal frame, and morello_merge_cap_regs() is called beforehand to update the view of capability registers. However, there was an oversight in one of the initial Morello support commits ("arm64: morello: Context-switch Restricted registers"): regs->csp is also read in signal_sp(), which is called before preserve_morello_context(). signal_sp() may therefore read a stale SP value. signal_sp() has changed several times since that commit, especially to add PCuABI support. The last commit ("arm64: signal: Fix signal_sp() in compat64") made the issue resurface, as regs->csp is now used in compat64 too. The error condition is indeed difficult to hit in PCuABI, as it requires using ptrace with a very precise timing. On the other hand, it can be reliably triggered in compat64 by delivering two signals at the same time: regs->sp is set in setup_return() when the first signal frame is set up, leaving regs->csp unchanged, and signal_sp() will then read a stale SP value through regs->csp to set up the second signal frame. This situation is precisely what the sigpending02 LTP test creates, allowing the bug to be finally caught. To avoid any further issue, the call to morello_merge_cap_regs() is therefore moved to the very beginning of setup_rt_frame(), before any register is read. Note that signal_sp() is also called from the rt_sigreturn handler, but this is not a concern as the register view is up-to-date at the point where a syscall handler is called. Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- arch/arm64/kernel/signal.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kernel/signal.c b/arch/arm64/kernel/signal.c index 183293d77f80..81130cc42696 100644 --- a/arch/arm64/kernel/signal.c +++ b/arch/arm64/kernel/signal.c @@ -275,14 +275,6 @@ static int preserve_morello_context(struct morello_context __user *ctx, __put_user_error(sizeof(struct morello_context), &ctx->head.size, err); __put_user_error(0, &ctx->__pad, err); - /* - * current's 64-bit registers may have been modified (e.g. through - * ptrace) since the last time it was scheduled. - * Perform the standard 64-bit / capability register merging, to ensure - * that both views in the signal frame are consistent. - */ - morello_merge_cap_regs(regs); - for (i = 0; i < ARRAY_SIZE(regs->cregs); i++) __morello_put_user_cap_error(regs->cregs[i], &ctx->cregs[i], err); __morello_put_user_cap_error(regs->csp, &ctx->csp, err); @@ -1108,6 +1100,18 @@ static int setup_rt_frame(int usig, struct ksignal *ksig, sigset_t *set, int err = 0; fpsimd_signal_preserve_current_state(); +#ifdef CONFIG_ARM64_MORELLO + /* + * current's 64-bit registers may have been modified since the last + * time it was scheduled. This may have happened through ptrace, but + * also if another signal frame just got set up without returning to + * userspace. + * Perform the standard 64-bit / capability register merging to ensure + * that both views are consistent, as we will need to read the current + * value of all (C/X) registers. + */ + morello_merge_cap_regs(regs); +#endif if (get_sigframe(&user, ksig, regs)) return 1; -- 2.38.1

1 year, 7 months

3
3
0 0

2024

2023

2022

linux-morello April 2023