- linux-morello - op-lists.linaro.org

[Announcement] Integration drop 1.6.1 - changelog

by Kevin Brodsky

Hi, The top of the master branch has been tagged [1] as part of the integration drop 1.6.1. Below is the changelog for kernel users, since the previous integration drop (1.6). PCuABI-related changes ---------------------- An important milestone has been reached regarding the support for the pure-capability kernel-user ABI (PCuABI). So far, our efforts have been focused on functional support for the ABI, and we have reached a satisfactory level of compliance. We are now progressively shifting towards the security aspects of the ABI, in other words checking capabilities provided by userspace and narrowing the bounds and permissions of those provided to userspace, as per the PCuABI specification [2]. A few aspects have now been implemented, see the last two items below. * The io_uring and AIO subsystems have been modified to operate on full capabilities in PCuABI. See the PCuABI specification [3] for further details concerning io_uring (update for AIO coming soon). * The futex_waitv syscall has been modified to read full capabilities in PCuABI. Updated struct definitions are available in the PCuABI specification [4] (in addition to the relevant uapi headers). * The bounds of all user capabilities have been narrowed to the user address space (48-bit by default), in both PCuABI and the standard AArch64 ABI. * Capabilities passed to the futex syscall are now checked for validity by directly using them to access memory. Other changes ------------- * All CHERI/Morelo-related documentation can now be found under Documentation/cheri [5] (or linked from there). * Support for kernel modules has been enabled. * The following drivers have been enabled in morello_transitional_pcuabi_defconfig: NFS (including NFS rootfs), TUN, TAP, CoreSight. * The Morello kselftests can now be built with GCC. * The branch has been rebased on the 6.4 upstream release. No Morello-related user-visible change is expected, see this email [6] for details. Bug fixes --------- * The fcntl syscall used to treat its optional third argument as a 64-bit integer, where the command expects an integer, instead of the documented 32-bit. In certain cases, it also assumed that the upper 32 bits are zeroes. This cannot be guaranteed in general, especially not in the Morello purecap variadic PCS. fnctl now always treats an integer argument as 32-bit. This issue has also been fixed upstream [7]. * In a standard AArch64 process (compat64), a stale SP value could be set when delivering two signal consecutively. Additionally, if the interrupted context was running in Restricted, the signal was incorrectly delivered on the Restricted stack (instead of Executive). Both of these issues have been fixed. Contributions ------------- Kudos to everyone who has contributed to Morello Linux! Here are the contributors and number of patches since the previous integration drop: 28 Kevin Brodsky <kevin.brodsky(a)arm.com> 20 Tudor Cretu <tudor.cretu(a)arm.com> 13 Amit Daniel Kachhap <amit.kachhap(a)arm.com> 11 Luca Vizzarro <Luca.Vizzarro(a)arm.com> 3 Pawel Zalewski <pzalewski(a)thegoodpenguin.co.uk> 2 Harrison Marcks <hmarcks(a)thegoodpenguin.co.uk> 2 Kristina Martsenko <kristina.martsenko(a)arm.com> 2 Vincenzo Frascino <vincenzo.frascino(a)arm.com> 1 Harry Ramsey <harry.ramsey(a)arm.com> Special thanks are also extended to everyone who has assisted in reviewing these patches. Cheers, Kevin [1] https://git.morello-project.org/morello/kernel/linux/-/commits/morello-rele… [2] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [3] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [4] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… [5] https://git.morello-project.org/morello/kernel/linux/-/tree/morello-release… [6] https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… [7] https://lore.kernel.org/linux-fsdevel/20230414152459.816046-1-Luca.Vizzarro…

2 years, 2 months

1
0
0 0

Run OP-TEE on Morello kernel issue

by Menna Mahmoud

Hi All, I have an issue with running OP-TEE on the Morello kernel, I posted it here: https://github.com/OP-TEE/optee_os/issues/6244 Can anyone help me? Thanks in advance, Menna

2 years, 2 months

1
0
0 0

Re: [PATCH] tee: change type 'unsigned long' to 'user_uintptr_t' in 'tee_ioctl' function

by Vincenzo Frascino

Hi Menna, Please always keep the list in copy for any communication. On 7/12/23 14:32, Menna Mahmoud wrote: > Hi Vincenzo, > > On Wed, 12 Jul 2023 at 16:24, Vincenzo Frascino <vincenzo.frascino(a)arm.com> > wrote: > >> Hi Menna, >> >> On 7/12/23 14:01, Menna Mahmoud wrote: >>> Where fvp.dtb exists? , I couldn't find it. >> >> Is the dtb file you are generating to with the kernel compilation. >> You need to copy it over and *rename* it as fvp.dtb. >> > > Sorry for disturbing, but which one: > > ``` > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts$ ls > actions amlogic broadcom intel microchip renesas tesla > allwinner apm cavium lg nuvoton rockchip ti > altera apple exynos Makefile nvidia socionext toshiba > amazon arm freescale marvell qcom sprd xilinx > amd bitmain hisilicon mediatek realtek synaptics > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts$ cd arm > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts/arm$ ls > corstone1000.dtsi foundation-v8-gicv3.dtb fvp-base-revc.dtb > juno-r1.dts juno-scmi.dtsi > corstone1000-fvp.dtb foundation-v8-gicv3.dts fvp-base-revc.dts > juno-r1-scmi.dtb Makefile > corstone1000-fvp.dts foundation-v8-gicv3.dtsi juno-base.dtsi > juno-r1-scmi.dts rtsm_ve-aemv8a.dtb > corstone1000-mps3.dtb foundation-v8-gicv3-psci.dtb juno-clocks.dtsi > juno-r2.dtb rtsm_ve-aemv8a.dts > corstone1000-mps3.dts foundation-v8-gicv3-psci.dts juno-cs-r1r2.dtsi > juno-r2.dts rtsm_ve-motherboard.dtsi > foundation-v8.dtb foundation-v8-psci.dtb juno.dtb > juno-r2-scmi.dtb rtsm_ve-motherboard-rs2.dtsi > foundation-v8.dts foundation-v8-psci.dts juno.dts > juno-r2-scmi.dts vexpress-v2f-1xv7-ca53x2.dtb > foundation-v8.dtsi foundation-v8-psci.dtsi > juno-motherboard.dtsi juno-scmi.dtb vexpress-v2f-1xv7-ca53x2.dts > foundation-v8-gicv2.dtsi foundation-v8-spin-table.dtsi juno-r1.dtb > juno-scmi.dts vexpress-v2m-rs1.dtsi > menna@menna:~/Desktop/optee-project/linux/arch/arm64/boot/dts/arm$ > > ``` > This is not the morello kernel you compiled with the OPTEE fixes. That kernel should have a "morello-fvp.dtb" which you need to rename into "fvp.dtb". Thanks. >> >> -- >> Regards, >> Vincenzo >> > -- Regards, Vincenzo

2 years, 2 months

2
14
0 0

[PATCH v3 0/7] Add explicit capability checking

by Luca Vizzarro

Hi again, v3 is here for the explicit capability checking series regarding the issue #7[1]. Patch series tested, with CI and locally, and passing with flying colours, this can also be found on my fork[2]. Kind regards, Luca [1] https://git.morello-project.org/morello/kernel/linux/-/issues/7 [2] https://git.morello-project.org/Sevenarth/linux/-/commits/morello/gup-check… v3: - rebased onto morello/next - amended commit description for "gup: Add explicit capability checks" - refactored mm/gup.c - refactored lib/iov_iter.c - removed bpf patch - moved USB Request Block explicit check to proc_do_submiturb - removed explicit check in get_futex_key - changed prototype of io_uring_cmd_import_fixed and io_import_fixed to use a pointer type and adjusted the relevant castings - fixed io_uring_cmd_import_fixed prototype for !defined(CONFIG_IO_URING) - refactored explicit check in io_uring/kbuf.c:io_register_pbuf_ring(..) - removed explicit check from io_uring/kbuf.c:io_add_buffers(..) - rephrased the no explicit check needed note in io_sqe_buffer_register - reverted "struct io_mapped_ubuf" to use u64 - removed explicit check from io_uring_cmd_prep - updated TODO for the NVMe driver Luca Vizzarro (7): gup: Add explicit capability checks iov_iter: Add explicit capability checks usb: core: Fix copy of URB from userspace usb: core: Add explicit capability checks futex: Add explicit capability checks io_uring: Add explicit capability checks nvme: Add TODO for PCuABI implementation drivers/nvme/host/ioctl.c | 1 + drivers/usb/core/devio.c | 7 +++++-- include/linux/io_uring.h | 6 +++--- include/linux/pagemap.h | 2 +- io_uring/kbuf.c | 26 ++++++++++++++------------ io_uring/net.c | 3 +-- io_uring/rsrc.c | 18 +++++++++++++++--- io_uring/rsrc.h | 2 +- io_uring/rw.c | 3 +-- io_uring/uring_cmd.c | 2 +- kernel/futex/core.c | 11 ++++++++--- lib/iov_iter.c | 26 ++++++++++++++++++++++---- mm/gup.c | 6 ++++-- 13 files changed, 77 insertions(+), 36 deletions(-) -- 2.34.1

2 years, 2 months

3
13
0 0

[linux-morello][PATCH V2 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. V2 adds "Signed off" message 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

2 years, 3 months

2
3
0 0

6.4 rebase

by Kevin Brodsky

Hi, The morello/next branch has been rebased from v6.1 to v6.4. Make sure to reset/rebase any local branch tracking next. The final 6.1-based commit has been tagged morello-last-6.1. There should be no user-visible change following this rebase, aside from upstream changes between 6.1 and 6.4. The rest of this email provides a detailed changelog for developers. Cheers, Kevin -------------- Noteworthy changes: - Reverted access_ok() to its original interface by dropping "uaccess: Allow any address/pointer type for access_ok()". This was motivated by the incompatibility that patch created with [1], and the weak justification behind it. We almost always have (or should have) a user pointer available when calling access_ok(), so changing its interface creates more problems than it solves. Related changes: * Added "uaccess: Fix user pointer downcast" and "arm64: uaccess: Extract user address before untagging" to replace that patch. * Dropped "kernel/fork: Remove unnecessary cast when using access_ok()" * Replaced "mm/(gup, mincore): Remove unnecessary cast when using access_ok()" with: - "mm/gup: Create user pointer when calling access_ok()" - "mm/mincore: Temporarily create a user pointer for access_ok()" * Updated "Documentation: core-api: Add a new document about user pointers" accordingly. - The upsizing in "io_uring: Enlarge struct io_cmd_data in PCuABI" had to be revised upwards due to [2] and [3] (each adding 16 bytes to struct io_sr_msg due to alignment requirements). struct io_cmd_data is now 2 cachelines instead of 1.5 (96 -> 128 bytes). - Tweaked "io_uring: Implement compat versions of uAPI structs and handle them" to align it with following upstream patch series: * "User mapped provided buffer rings" [4]: aligned with the renaming of struct io_uring_buf_reg::pad to ::flags; moved the ring size calculation from io_alloc_pbuf_ring() and io_pin_pbuf_ring() to io_register_pbuf_ring(), in order to calculate the size of the ring correctly in the compat case in both cases (without duplicating it). * "io_uring: Pass the whole sqe to commands" [5]: as a result of this series, io_uring commands get a pointer to a full (native) SQE, even in compat. To avoid giving them access to uninitialised memory, changed convert_compat64_io_uring_sqe() to zero out the end of the cmd array in the output SQE. - Used new vm_flags accessor in "io_uring: Allow capability tag access on the shared memory" and "aio: Allow capability tag access on the shared memory", following [6]. - Updated a few more prototypes to pass user_data as __kernel_uintptr_t in "io_uring: Use user pointer type in the uAPI structs", due to [7]. - [8] provides a similar functionality to "module: Allow arch overrides for ELF arch check". The latter was dropped and "module: Enable module loading for PCuABI kernels" was adapted to use the interface introduced by [8] (thanks Kristina). Minor changes: - Updated "arm64: morello: Disable trapping early and unconditionally" to stash LR into TPIDR_EL0 in init_kernel_el as [9] causes LR to be clobbered by a subsequent call (on the Morello board, not FVP). - Aligned "arm64: morello: Signal handling support" with recent changes to arch/arm64/kernel/signal.c - Updated NSIGSEGV in all assertions in "arm64: morello: Handle capability faults" - Updated "tracing/syscalls: Allow amending metadata macro arguments" to take care of new uses of SYSCALL_METADATA() in arch code (powerpc). - Added a #include <linux/user_ptr.h> in "arm64: memory: Always return a u64 in untagged_addr()", as it looks like asm/signal.h no longer (implicitly) includes it. - Extended "fs/ioctl: Modify 3rd argument of fops->unlocked_ioctl to user_uintptr_t" to handle the ioctl wrappers added by [10]. - Replaced "iov_iter: use copy_from_user_with_ptr for struct iovec" with a new patch "iov_iter: Use get_user_ptr for PCuABI support", as copy_iovec_from_user() now uses get_user() instead of copy_from_user() (see [11]). The new patch was moved earlier in the branch to preserve bisectability. - Moved "tcp: Explicitly create user pointers" earlier in the branch to preserve bisectability (without warning). - "arm64: configs: Add Morello transitional PCuABI defconfig" and "arm64: morello: Enable basic 9P FS support in transitional defconfig" updated as per make savedefconfig. Dropped: - "arm64: signal: Flatten restore_sigframe() error handling" (it doesn't make much sense any more, considering recent additions to that function). - "mm/hugetlb: Use appropriate user pointer conversions" and "mm/shmem: Use appropriate user pointer conversions" (reverted as part of the recently merged "New user_ptr helpers for uaccess" series). - "arm64: entry-ftrace.S: Fix build when CONFIG_ARM64_MORELLO=y" (no longer needed thanks to [12]). - Landed in mainline and already included in v6.4: * "uapi/linux/const.h: Prefer ISO-friendly __typeof__" * "arm64: compat: Remove defines now in asm-generic" * "net: Finish up ->msg_control{,_user} split" * "memfd: Pass argument of memfd_fcntl as int" - "io_uring/kbuf: Fix size for shared buffer ring" (fixed upstream by [13]). [1] https://lore.kernel.org/all/20230410174345.4376-2-dev@der-flo.net/ [2] https://lore.kernel.org/all/f1a1ba93-1adf-63fa-6f0f-f3182f165841@kernel.dk/ [3] https://lore.kernel.org/all/0b0d4411-c8fd-4272-770b-e030af6919a0@kernel.dk/ [4] https://lore.kernel.org/io-uring/20230314171641.10542-1-axboe@kernel.dk/ [5] https://lore.kernel.org/all/20230504121856.904491-1-leitao@debian.org/ [6] https://lore.kernel.org/all/20230126193752.297968-3-surenb@google.com/ [7] https://lore.kernel.org/all/20221124093559.3780686-6-dylany@meta.com/ [8] https://lore.kernel.org/all/20221128041539.1742489-2-npiggin@gmail.com/ [9] https://lore.kernel.org/all/20230111102236.1430401-6-ardb@kernel.org/ [10] https://lore.kernel.org/all/20221205123903.159838-3-brgl@bgdev.pl/ [11] https://lore.kernel.org/all/CAHk-=wiC5OBj36LFKYRONF_B19iyuEjK2WQFJpyZ+-w39m… [12] https://lore.kernel.org/all/20221103170520.931305-5-mark.rutland@arm.com/ [13] https://lore.kernel.org/all/20230218184141.70891-1-wlukowicz01@gmail.com/

2 years, 3 months

1
0
0 0

[linux-morello][PATCH 0/2] Capability enabled MACVLAN/VTAP

by Harrison Marcks

This patch series enables macvlan and macvtap support on the morello board. MACVLAN is an important part of containerised hosts. 0001 makes changes to tap.c such that CHERI capabilities can be used and "pointer or value" arguments are addressed in a compat function 0002 enables MACVLAN and MACVTAP support in the tree The change has been tested using Docker Harrison Marcks (2): net: tap: make PCuABI compliant arm64: morello: enable MACVLAN by default .../morello_transitional_pcuabi_defconfig | 2 ++ drivers/net/tap.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) -- 2.34.1

2 years, 3 months

2
3
0 0

[PATCH V2 0/8] Add testcases for address space management syscalls

by Chaitanya S Prakash

Syscalls operating on memory mappings manage their address space via owning capabilities. They must adhere to a certain set of rules[1] in order to ensure memory safety. Address space management syscalls are only allowed to manipulate mappings that are within the range of the owning capability and have the appropriate permissions. Tests to vailidate the parameters being passed to the syscall, check its bounds, range as well as permissions have been added. Additionally, a signal handler has been registered to handle invalid memory access. Finally, as certain flags and syscalls conflict with the reservation model or lack implementation, a check to verify appropriate handling of the same has also been added. Review branch: https://git.morello-project.org/chaitanya_prakash/linux/-/tree/review/mmap_… This patch series has been tested on: https://git.morello-project.org/amitdaniel/linux/-/tree/review/extern_reser… [1] https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-c… Changes in V2: - Added link to the review branch - Removed unnecessary whitespace Changes in V1: https://op-lists.linaro.org/archives/list/linux-morello@op-lists.linaro.org… Chaitanya S Prakash (8): kselftests/arm64/morello: Add necessary support for mmap testcases kselftests/arm64/morello: Add MAP_GROWSDOWN testcase kselftests/arm64/morello: Add parameter check testcases kselftests/arm64/morello: Add capability range testcases kselftests/arm64/morello: Add mmap() bounds check testcases kselftests/arm64/morello: Add mremap() bounds check testcases kselftests/arm64/morello: Add mremap() permission testcases kselftests/arm64/morello: Add brk() testcase .../testing/selftests/arm64/morello/Makefile | 1 + .../selftests/arm64/morello/freestanding.h | 62 ++- tools/testing/selftests/arm64/morello/mmap.c | 479 +++++++++++++++++- 3 files changed, 535 insertions(+), 7 deletions(-) -- 2.25.1

2 years, 3 months

3
35
0 0

[linux-morello][PATCH v3 0/3] enable nfs rootfs

by Pawel Zalewski

This series of patches enables nfs rootfs support on the Morello board. Patch 01 is fixing the inital kernel build error associated with a wrong function pointer type within the sunrpc modules due to the unlocked_ioctl fp, the error occurs upon enabling nfs within the defconfig. Patch 02 deals with the fallout caused by changes inferred by patches 01. See details in the description of the patch. Patch 03 is enabling nfs rootfs by default in the kernel. It was confirmed that the kernel can boot with a nfs rootfs. V3 changes: - fix commit title @ patch 2 - align the change in proc.c Pawel Zalewski (3): net: sunrpc: fix unlocked_ioctl handler signature proc: change proc_ops.proc_ioct handler signature arm64: morello: enable nfs rootfs by default arch/arm64/configs/morello_transitional_pcuabi_defconfig | 2 ++ drivers/pci/proc.c | 4 ++-- include/linux/proc_fs.h | 2 +- net/sunrpc/cache.c | 6 +++--- net/sunrpc/rpc_pipe.c | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) -- 2.34.1

2 years, 3 months

3
6
0 0

[PATCH v4 0/7] Support aio shared memory usage in the Purecap apps

by Tudor Cretu

This series makes it possible for purecap apps to use the aio_ring shared memory region to bypass the io_getevents syscall's overhead. This functionality is also used in libaio. With these patches, all io_* LTP tests pass in both Purecap and plain AArch64 modes. Note that the LTP tests only address the basic functionality of the aio system and a significant portion of the functionality is untested in LTP. For a more comprehensive testing, libaio has been updated with the new uAPI and ported. All the tests in libaio pass accordingly, in both Purecap and plain AArch64 modes. v4..v3: - Restore flush_dcache_page in all places with the exception of one where is replaced with flush_kernel_vmap_range - Use ifdef instead of IS_ENABLED in a few places - Improve formatting v3..v2: - Improve the commit messages - Revert a few unrelated changes - Change compat_aio_context_t to compat_uptr_t - Remove io_events_compat union member - Improve code formatting - Add copy_to_user_with_ptr in copy_io_events_to_user - Split copy_from_user_with_ptr for struct __aio_sigset into a different patch v2..v1: - Add Patch 1 that fixes a parameter type for the compat handler - Split the change the types to user pointers into two patches: one for aio_context_t, and the other for io_event struct fields. - vmap all the ring pages at the beginning and cache them in the ctx - Don't remap the pages while allowing tag access to the shared memory. Setting the VM flags is enough. - Change aio_context_t to a void __user *. - Improve commit messages. - Refactor some of the functions for compat handling. - Create valid user pointers ctx_id when received from a compat task Gitlab issue: https://git.morello-project.org/morello/kernel/linux/-/issues/49 Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/morello/aio_v4 Tudor Cretu (7): aio: Fix type of nr parameter in compat handler of io_submit aio: Use copy_from_user_with_ptr for struct __aio_sigset aio: vmap entire aio_ring instead of kmapping each page aio: Implement compat handling for the io_event struct aio: Allow capability tag access on the shared memory aio: Change aio_context_t to a user pointer aio: Use user pointer type in the io_event struct fs/aio.c | 283 ++++++++++++++++++++++------------- include/asm-generic/compat.h | 4 +- include/uapi/linux/aio_abi.h | 12 +- 3 files changed, 186 insertions(+), 113 deletions(-) -- 2.34.1

2 years, 3 months

2
9
0 0

2025

2024

2023

2022

linux-morello