June 2023 - linux-morello - op-lists.linaro.org

[PATCH 00/10] update bpf syscall for PCuABI/compat64

by Zachary Leaf

Hi, After getting side tracked by eBPF libraries/tools (libbpf/bpftool) and kselftest cross-compilation, here's the core kernel changes following on from the RFC[1] posted late last year. The bpf syscall is updated to propagate user pointers as capabilities in the pure-capability kernel-user ABI (PCuABI). It also includes an approach to support the existing aarch64 ABI as a compatibility layer (compat64). One complication here is from the fact this syscall supports many multiplexed sub-commands, some of which are themselves multiplexed with a number of nested multiplexed options. A further complication is that the existing syscall uses a trick of storing user pointers as u64 to avoid needing a compat handler for 32-bit systems (see patch 3). To retain compatibility with the aarch64 ABI and add Morello support, a compat layer is added here only for the compat64 case, guarded by #ifdef CONFIG_COMPAT64. Normal compat32 operation is therefore unchanged. Compared to the original RFC, inbound (userspace->kernel) conversion between compat64/native struct layouts is now handled upfront. This minimises changes to subcommand handlers. Some subcommands require conversion back out to userspace and that is by necessity handled where it occurs. Patch 1 is not essential to this series but it's a nice debug feature to have and works[2]. It enables BPF_PROG_TYPE_TRACEPOINT which many eBPF kselftests use. Patch 2 is required setup for the rest of the patches. Patches 3-8 implement the core compat64 handling. Each commit compiles cleanly but relevant parts will be broken inbetween. They're split mainly to make review here easier. Patch 9 fixes a check to also check configs passed in via compat64. Patch 10 finally enables capabilities in the kernel. Testing wise, see associated LTP changes below which will be posted to linux-morello-ltp mailing list. The eBPF LTP tests are fairly minimal and test only a small part of the changes here. There's a new test to test patch 9. The kernel kselftests contain much more extensive eBPF tests. The kselftests have been used to test many parts of the compat64 handling but overall more work needs to be done here: a) enable cross-compilation for purecap as well as x86->aarch64 b) replace ptr_to_u64() with casts to uintptr_t in tests b) general libbpf/bpftool enablement and fixes since many tests rely on this c) CONFIG_DEBUG_INFO_BTF required for many tests but this requires the build system to have a recent version of pahole tool Next steps once we have the core kernel support is porting libbpf and bpftool for purecap plus work on enabling kselftests as above. Kernel branch available at: https://git.morello-project.org/zdleaf/linux/-/tree/morello/bpf Associated LTP test/changes at: https://git.morello-project.org/zdleaf/morello-linux-test-project/-/tree/mo… Thanks, Zach [1] [RFC PATCH 0/9] update bpf syscall for PCuABI/compat64 https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [2] [PATCH v3 0/5] Restore syscall tracing on Morello https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Zachary Leaf (10): arm64: morello: enable syscall tracing bpf/net: copy ptrs from user with bpf/sockptr_t bpf: compat64: add handler and convert bpf_attr in bpf: compat64: bpf_attr convert out bpf: compat64: handle bpf_btf_info bpf: compat64: handle bpf_prog_info bpf: compat64: handle bpf_map_info bpf: compat64: handle bpf_link_info bpf: compat64: support CHECK_ATTR macro bpf: use user pointer types in uAPI structs .../morello_transitional_pcuabi_defconfig | 2 +- arch/arm64/kernel/sys_compat64.c | 4 + drivers/media/rc/bpf-lirc.c | 7 +- include/linux/bpf_compat.h | 413 ++++++ include/linux/bpfptr.h | 18 +- include/linux/sockptr.h | 9 + include/uapi/linux/bpf.h | 94 +- kernel/bpf/bpf_iter.c | 2 +- kernel/bpf/btf.c | 97 +- kernel/bpf/cgroup.c | 10 +- kernel/bpf/hashtab.c | 13 +- kernel/bpf/net_namespace.c | 7 +- kernel/bpf/offload.c | 2 +- kernel/bpf/syscall.c | 1136 +++++++++++++---- kernel/bpf/verifier.c | 2 +- kernel/trace/bpf_trace.c | 6 +- net/bpf/bpf_dummy_struct_ops.c | 3 +- net/bpf/test_run.c | 32 +- net/core/sock_map.c | 7 +- 19 files changed, 1534 insertions(+), 330 deletions(-) create mode 100644 include/linux/bpf_compat.h -- 2.34.1

1 year, 2 months

2
31
0 0

[linux-morello][PATCH v3 0/3] enable nfs rootfs

by Pawel Zalewski

This series of patches enables nfs rootfs support on the Morello board. Patch 01 is fixing the inital kernel build error associated with a wrong function pointer type within the sunrpc modules due to the unlocked_ioctl fp, the error occurs upon enabling nfs within the defconfig. Patch 02 deals with the fallout caused by changes inferred by patches 01. See details in the description of the patch. Patch 03 is enabling nfs rootfs by default in the kernel. It was confirmed that the kernel can boot with a nfs rootfs. V3 changes: - fix commit title @ patch 2 - align the change in proc.c Pawel Zalewski (3): net: sunrpc: fix unlocked_ioctl handler signature proc: change proc_ops.proc_ioct handler signature arm64: morello: enable nfs rootfs by default arch/arm64/configs/morello_transitional_pcuabi_defconfig | 2 ++ drivers/pci/proc.c | 4 ++-- include/linux/proc_fs.h | 2 +- net/sunrpc/cache.c | 6 +++--- net/sunrpc/rpc_pipe.c | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) -- 2.34.1

1 year, 4 months

3
6
0 0

[PATCH v2] module: Enable module loading for PCuABI kernels

by Kristina Martsenko

On some architectures, modules (and the kernel itself) may have different ELF properties than native userspace executables. On arm64 hybrid PCuABI kernels, userspace executables have the purecap EF_AARCH64_CHERI_PURECAP ELF flag, while modules do not. This means that elf_check_arch() cannot be used for modules. For the time being, work around this by skipping elf_check_arch() for modules when CONFIG_CHERI_PURECAP_UABI=y, and do the entire ELF check in module_elf_check_arch(). This enables modules to be loaded on a PCuABI kernel. Signed-off-by: Kristina Martsenko <kristina.martsenko(a)arm.com> --- Changes in v2: - Use ARCH_MODULE_SKIP_ELF_CHECK to work around changes in the 6.4 kernel - v1: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… arch/arm64/include/asm/elf.h | 9 +-------- arch/arm64/kernel/module.c | 8 ++++++++ kernel/module/main.c | 2 ++ 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h index 6189c8614dd6..f01f1f99cf03 100644 --- a/arch/arm64/include/asm/elf.h +++ b/arch/arm64/include/asm/elf.h @@ -95,16 +95,9 @@ * This is used to ensure we don't load something for the wrong architecture. */ #ifdef CONFIG_CHERI_PURECAP_UABI -/* - * TODO [PCuABI] - elf_check_arch() is also used by the kernel module loader to - * verify the ELF headers. However, kernel modules, just like the kernel, are - * currently hybrid binaries and therefore do not have the - * EF_AARCH64_CHERI_PURECAP flag. As a result elf_check_arch() currently fails - * for kernel modules. This could be solved by introducing a new macro to check - * kernel modules. - */ #define elf_check_arch(x) ((x)->e_machine == EM_AARCH64 && \ (x)->e_flags & EF_AARCH64_CHERI_PURECAP) +#define ARCH_MODULE_SKIP_ELF_CHECK #else #define elf_check_arch(x) ((x)->e_machine == EM_AARCH64) #endif diff --git a/arch/arm64/kernel/module.c b/arch/arm64/kernel/module.c index 5af4975caeb5..46f5f161fc0a 100644 --- a/arch/arm64/kernel/module.c +++ b/arch/arm64/kernel/module.c @@ -22,6 +22,14 @@ #include <asm/scs.h> #include <asm/sections.h> +#ifdef CONFIG_CHERI_PURECAP_UABI +bool module_elf_check_arch(Elf_Ehdr *hdr) +{ + return hdr->e_machine == EM_AARCH64 && + !(hdr->e_flags & EF_AARCH64_CHERI_PURECAP); +} +#endif + void *module_alloc(unsigned long size) { u64 module_alloc_end = module_alloc_base + MODULES_VSIZE; diff --git a/kernel/module/main.c b/kernel/module/main.c index 4e2cf784cf8c..076ba5f21ac9 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -1688,11 +1688,13 @@ static int elf_validity_cache_copy(struct load_info *info, int flags) info->hdr->e_type, ET_REL); goto no_exec; } +#ifndef ARCH_MODULE_SKIP_ELF_CHECK if (!elf_check_arch(info->hdr)) { pr_err("Invalid architecture in ELF header: %u\n", info->hdr->e_machine); goto no_exec; } +#endif if (!module_elf_check_arch(info->hdr)) { pr_err("Invalid module architecture in ELF header: %u\n", info->hdr->e_machine); -- 2.30.2

1 year, 4 months

2
1
0 0

[PATCH v2 0/5] Alter fcntl to handle int arguments correctly

by Luca Vizzarro

According to the documentation of fcntl, some commands take an int as argument. In practice not all of them enforce this behaviour, as they instead accept a more permissive long and in most cases not even a range check is performed. An issue could possibly arise from a combination of the handling of the varargs in user space and the ABI rules of the target, which may result in the top bits of an int argument being non-zero. This issue was originally raised and detailed in the following thread: https://lore.kernel.org/linux-api/Y1%2FDS6uoWP7OSkmd@arm.com/ And was discovered during the porting of Linux to Morello [1]. This series modifies the interested commands so that they explicitly take an int argument. It also propagates this change down to helper and related functions as necessary. This series is also available on my fork at: https://git.morello-project.org/Sevenarth/linux/-/commits/fcntl-int-handlin… Best regards, Luca Vizzarro [1] https://git.morello-project.org/morello/kernel/linux Luca Vizzarro (5): fcntl: Cast commands with int args explicitly fs: Pass argument to fcntl_setlease as int pipe: Pass argument of pipe_fcntl as int memfd: Pass argument of memfd_fcntl as int dnotify: Pass argument of fcntl_dirnotify as int fs/cifs/cifsfs.c | 2 +- fs/fcntl.c | 29 +++++++++++++++-------------- fs/libfs.c | 2 +- fs/locks.c | 20 ++++++++++---------- fs/nfs/nfs4_fs.h | 2 +- fs/nfs/nfs4file.c | 2 +- fs/nfs/nfs4proc.c | 4 ++-- fs/notify/dnotify/dnotify.c | 4 ++-- fs/pipe.c | 6 +++--- include/linux/dnotify.h | 4 ++-- include/linux/filelock.h | 12 ++++++------ include/linux/fs.h | 6 +++--- include/linux/memfd.h | 4 ++-- include/linux/pipe_fs_i.h | 4 ++-- mm/memfd.c | 6 +----- 15 files changed, 52 insertions(+), 55 deletions(-) -- 2.34.1

1 year, 4 months

4
9
0 0

Morello kernel development - Ask for help

by Menna Mahmoud

Hi All, I am Menna, a Linux kernel intern- Outreahy internship. I worked on a project related to the Morello kernel. I checked the user guides and followed this: https://git.morello-project.org/morello/morello-linux, but I have a problem I couldn't create my own FVP kernel image and run it, I want to develop the kernel and update the FVP image and run it but I don't know how to do that. Could you please help me? Thanks in advance, Menna

1 year, 4 months

2
4
0 0

[PATCH] arch: Do not enable COMPAT_32BIT_TIME in compat64

by Kevin Brodsky

Syscalls provided by CONFIG_COMPAT_32BIT_TIME are not required in 64-bit compat. Only enable this option by default if CONFIG_COMPAT32 is selected. Note that this is a non-functional change on arm64 as since commit "arm64: compat: handle time in compat64 syscalls", syscall handlers provided by CONFIG_COMPAT_32BIT_TIME are unused in compat64. Signed-off-by: Kevin Brodsky <kevin.brodsky(a)arm.com> --- I discovered this by chance when looking at Tudor's AIO patches, as some AIO syscalls have such 32-bit time variants. This patch makes things slightly more consistent and avoids including syscall handlers that end up completely unused in compat64. Kevin arch/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/Kconfig b/arch/Kconfig index 143825c4d3af..e0b819abd16c 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -1137,7 +1137,7 @@ config COMPAT_OLD_SIGACTION config COMPAT_32BIT_TIME bool "Provide system calls for 32-bit time_t" - default !64BIT || COMPAT + default !64BIT || COMPAT32 help This enables 32 bit time_t support in addition to 64 bit time_t support. This is relevant on all 32-bit architectures, and 64-bit architectures -- 2.38.1

1 year, 4 months

2
2
0 0

[PATCH v2 0/9] New user_ptr helpers for uaccess

by Kevin Brodsky

Hi, This is a small update to the series, for more info see the original cover letter [1]. Following various discussions, the interface remains broadly unchanged, with a separate function for each permission set (read/write/RW). Luca's work on explicit checking however exposed that check_user_ptr_read() should clearly take a pointer to const. The write/RW variants still take a non-const pointer; accordingly fault_in_safe_writeable() will be changed to take a non-const pointer too [2], which feels more logical. For symmetry, make_user_ptr_for_read_uaccess() now returns a pointer to const. A few patches are modified accordingly; the additional changes are minimal. A nice side-effect is that this reduces the risks of misuse at compile time, since copy_to_user(uptr, ...) will trigger a warning if uptr is a pointer to const. v1..v2: - Patch 1: made check_user_ptr_read() and make_user_ptr_for_read_uaccess() take/return a pointer to const. - Patch 3, 4, 9: made variables pointers to const when using make_user_ptr_for_read_uaccess(). Review branch: https://git.morello-project.org/kbrodsky-arm/linux/-/commits/morello/user_p… Thanks, Kevin [1] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [2] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Kevin Brodsky (9): linux/user_ptr.h: Introduce uaccess-related helpers fs/binfmt_elf: Create appropriate user pointer for uaccess coredump: Create appropriate user pointer for uaccess mm/memory: Create appropriate user pointer for uaccess Revert "mm/hugetlb: Use appropriate user pointer conversions" Revert "mm/shmem: Use appropriate user pointer conversions" audit: Create appropriate user pointer for uaccess perf: Avoid uaddr_to_user_ptr_safe() for arbitrary user address arm64: Create appropriate user pointer for uaccess Documentation/core-api/user_ptr.rst | 100 ++++++++++++++++++---------- arch/arm64/kernel/debug-monitors.c | 3 +- arch/arm64/kernel/traps.c | 3 +- fs/binfmt_elf.c | 14 ++-- fs/coredump.c | 4 +- include/linux/user_ptr.h | 86 ++++++++++++++++++++++-- kernel/auditsc.c | 3 +- kernel/events/internal.h | 2 +- lib/user_ptr.c | 46 +++++++++++++ mm/hugetlb.c | 2 +- mm/memory.c | 4 +- mm/shmem.c | 2 +- 12 files changed, 218 insertions(+), 51 deletions(-) -- 2.38.1

1 year, 4 months

2
11
0 0

[PATCH v3 0/7] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. v3..v2: - Improve the commit messages - Revert a few unrelated changes - Change compat_aio_context_t to compat_uptr_t - Remove io_events_compat union member - Improve code formatting - Add copy_to_user_with_ptr in copy_io_events_to_user - Split copy_from_user_with_ptr for struct __aio_sigset into a different patch v2..v1: - Add Patch 1 that fixes a parameter type for the compat handler - Split the change the types to user pointers into two patches: one for aio_context_t, and the other for io_event struct fields. - vmap all the ring pages at the beginning and cache them in the ctx - Don't remap the pages while allowing tag access to the shared memory. Setting the VM flags is enough. - Change aio_context_t to a void __user *. - Improve commit messages. - Refactor some of the functions for compat handling. - Create valid user pointers ctx_id when received from a compat task Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v3 Tudor Cretu (7): aio: Fix type of nr parameter in compat handler of io_submit aio: Use copy_from_user_with_ptr for struct __aio_sigset aio: vmap entire aio_ring instead of kmapping each page aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Change aio_context_t to a user pointer aio: Use user pointer type in the io_event struct fs/aio.c | 284 +++++++++++++++++++++-------------- include/asm-generic/compat.h | 3 +- include/uapi/linux/aio_abi.h | 12 +- 3 files changed, 180 insertions(+), 119 deletions(-) -- 2.34.1

1 year, 5 months

2
17
0 0

[PATCH v2 0/6] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. v2..v1: - Add Patch 1 that fixes a parameter type for the compat handler - Split the change the types to user pointers into two patches: one for aio_context_t, and the other for io_event struct fields. - vmap all the ring pages at the beginning and cache them in the ctx - Don't remap the pages while allowing tag access to the shared memory. Setting the VM flags is enough. - Change aio_context_t to a void __user *. - Improve commit messages. - Refactor some of the functions for compat handling. - Create valid user pointers ctx_id when received from a compat task Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v2 Tudor Cretu (6): aio: Fix type of nr parameter in compat handler of io_submit aio: vmap entire aio_ring instead of kmapping each page aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Change aio_context_t to a user pointer aio: Use user pointer type in the io_event struct fs/aio.c | 306 ++++++++++++++++++++++------------- include/uapi/linux/aio_abi.h | 12 +- 2 files changed, 198 insertions(+), 120 deletions(-) -- 2.34.1

1 year, 5 months

2
16
0 0

[PATCH 0/4] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v1 Tudor Cretu (4): aio: Fix the relationship between ctx pages and io_events array aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Use user pointer type in the io_event struct and aio_context_t fs/aio.c | 197 ++++++++++++++++++++++++++--------- include/uapi/linux/aio_abi.h | 12 +-- 2 files changed, 153 insertions(+), 56 deletions(-) -- 2.34.1

1 year, 5 months

2
15
0 0

2024

2023

2022

linux-morello June 2023