- linux-morello - op-lists.linaro.org

[PATCH v3] arm64: compat: update compat defines to 64-bits

by Teo Couprie Diaz

Some compat defines are still using 32-bits values, update them to a 64-bits one (COMPAT_OFF_T_MAX) or use the native value in COMPAT64 (COMPAT_RLIM_INFINITY, COMPAT_MINSIGSTKSZ). Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com> --- arch/arm64/include/asm/compat.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h index 9c6112ae942b..9bf4cfb6ad60 100644 --- a/arch/arm64/include/asm/compat.h +++ b/arch/arm64/include/asm/compat.h @@ -15,6 +15,8 @@ typedef u16 compat_mode_t; /* * Architecture specific compatibility types */ +#include <asm/compat.h> +#include <linux/resource.h> #include <linux/types.h> #include <linux/sched.h> #include <linux/sched/task_stack.h> @@ -100,9 +102,15 @@ struct compat_statfs { compat_long_t f_spare[4]; }; +#ifdef CONFIG_COMPAT64 +#define COMPAT_RLIM_INFINITY RLIM_INFINITY + +#define COMPAT_OFF_T_MAX LONG_MAX +#else #define COMPAT_RLIM_INFINITY 0xffffffff #define COMPAT_OFF_T_MAX 0x7fffffff +#endif static inline void __user *compat_ptr(compat_uptr_t uptr) { @@ -115,7 +123,12 @@ static inline void __user *compat_ptr(compat_uptr_t uptr) #define compat_ptr(uptr) compat_ptr(uptr) #define compat_user_stack_pointer() (user_stack_pointer(task_pt_regs(current))) + +#ifdef CONFIG_COMPAT64 +#define COMPAT_MINSIGSTKSZ MINSIGSTKSZ +#else #define COMPAT_MINSIGSTKSZ 2048 +#endif #ifdef CONFIG_COMPAT64 #define COMPAT_USE_64BIT_TIME 1 -- 2.25.1

2 years, 3 months

2
2
0 0

[PATCH v2] arm64/asm: update some compat defines to 64-bits

by Teo Couprie Diaz

Some compat defines are still using 32-bits values, update them to a 64-bits one (COMPAT_OFF_T_MAX) or use the native value in COMPAT64 (COMPAT_RLIM_INFINITY, COMPAT_MINSIGSTKSZ). Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com> --- arch/arm64/include/asm/compat.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h index 9c6112ae942b..85b6972745de 100644 --- a/arch/arm64/include/asm/compat.h +++ b/arch/arm64/include/asm/compat.h @@ -15,6 +15,7 @@ typedef u16 compat_mode_t; /* * Architecture specific compatibility types */ +#include <linux/resource.h> #include <linux/types.h> #include <linux/sched.h> #include <linux/sched/task_stack.h> @@ -100,9 +101,15 @@ struct compat_statfs { compat_long_t f_spare[4]; }; +#ifdef CONFIG_COMPAT64 +#define COMPAT_RLIM_INFINITY RLIM_INFINITY + +#define COMPAT_OFF_T_MAX 0x7fffffffffffffff +#else #define COMPAT_RLIM_INFINITY 0xffffffff #define COMPAT_OFF_T_MAX 0x7fffffff +#endif static inline void __user *compat_ptr(compat_uptr_t uptr) { @@ -115,7 +122,12 @@ static inline void __user *compat_ptr(compat_uptr_t uptr) #define compat_ptr(uptr) compat_ptr(uptr) #define compat_user_stack_pointer() (user_stack_pointer(task_pt_regs(current))) + +#ifdef CONFIG_COMPAT64 +#define COMPAT_MINSIGSTKSZ MINSIGSTKSZ +#else #define COMPAT_MINSIGSTKSZ 2048 +#endif #ifdef CONFIG_COMPAT64 #define COMPAT_USE_64BIT_TIME 1 -- 2.25.1

2 years, 3 months

2
2
0 0

[PATCH] linux/user_ptr.h: clear up as_user_ptr() usage

by Zachary Leaf

as_user_ptr() is intended to be used where an arbitrary integer e.g. an error code is stored in a __user ptr. The current implementation can be somewhat confusing in that it looks like it can be used as direct replacement for u64_to_user_ptr e.g. in PCuABI, where u64 addresses in the kernel-user interface are being replaced with capability containing types such as __kernel_uintptr_t. Currently, passing a valid capability represented as an integer e.g. any __kernel_uintptr_t, __uintcap_t or user_uintptr_t to as_user_ptr() will result in a cast to (void __user *) and a valid capability/pointer that can be dereferenced. This is contrary to the code comment and intended usage for as_user_ptr(). Add a cast to (u64) before the cast to (void __user *)(user_uintptr_t) to make clearer the intended usage. This also always results in a null capability that cannot be dereferenced. Signed-off-by: Zachary Leaf <zachary.leaf(a)arm.com> --- Documentation/core-api/user_ptr.rst | 6 +++--- include/linux/user_ptr.h | 5 +++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Documentation/core-api/user_ptr.rst b/Documentation/core-api/user_ptr.rst index 21e02d4bd11b..e4cc0676a92b 100644 --- a/Documentation/core-api/user_ptr.rst +++ b/Documentation/core-api/user_ptr.rst @@ -103,7 +103,7 @@ Each function covers a particular category of input integer: * **Arbitrary integer**: - - Integer of any type: ``as_user_ptr()`` + - 64-bit or less integer, of any type: ``as_user_ptr()`` - ``u64`` (deprecated): ``u64_to_user_ptr()`` These functions are available in ``<linux/user_ptr.h>``, except @@ -141,8 +141,8 @@ derived from in the PCuABI case. | | | user-provided | | pointer to a native user pointer. | | | | ``compat_*`` struct | | | +------------------------------+--------------------+------------------------+-----------------------------------+------------------------------------------------------+ -| ``as_user_ptr()`` | Arbitrary integer | Error code | Null capability | This is a pure representation change, as suggested | -| | | | | by the ``as_`` prefix. The resulting pointer cannot | +| ``as_user_ptr()`` | Arbitrary 64-bit | Error code | Null capability | This is a pure representation change, as suggested | +| | or less integer | | | by the ``as_`` prefix. The resulting pointer cannot | | | | | | be dereferenced. | +------------------------------+--------------------+------------------------+-----------------------------------+------------------------------------------------------+ | ``u64_to_user_ptr()`` | ``u64`` integer | [Deprecated] | Null capability | Legacy function, new callers should not be added. | diff --git a/include/linux/user_ptr.h b/include/linux/user_ptr.h index 0942b58cfb6a..183e40ccc51f 100644 --- a/include/linux/user_ptr.h +++ b/include/linux/user_ptr.h @@ -9,13 +9,14 @@ #endif /** - * as_user_ptr - convert an arbitrary integer value to a user pointer + * as_user_ptr - convert an arbitrary 64-bit or less integer value to a user + * pointer * @x: the integer value to convert * * Returns @x represented as a user pointer. The result is not a valid pointer * and shall not be dereferenced. */ -#define as_user_ptr(x) ((void __user *)(user_uintptr_t)(x)) +#define as_user_ptr(x) ((void __user *)(user_uintptr_t)(u64)(x)) /* Same semantics as as_user_ptr(), but also requires x to be of a given type */ #define as_user_ptr_strict(type, x) ( \ -- 2.34.1

2 years, 3 months

2
2
0 0

[PATCH] arm64/asm: use a 64bits rlim infinity in COMPAT64

by Teo Couprie Diaz

For arm64, COMPAT_RLIM_INFINITY was explicitly defined as a 0xffffffff, which is 32-bits. This was fine when COMPAT was only 32-bits, but is too restrictive for COMPAT64. Add a new define in COMPAT64 which uses the same define as the regular RLIM_INFINITY in asm-generic/resrouce.h, based on an unsigned long. Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com> --- arch/arm64/include/asm/compat.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/include/asm/compat.h b/arch/arm64/include/asm/compat.h index 9c6112ae942b..f5ebdd9600a5 100644 --- a/arch/arm64/include/asm/compat.h +++ b/arch/arm64/include/asm/compat.h @@ -100,7 +100,11 @@ struct compat_statfs { compat_long_t f_spare[4]; }; +#ifdef CONFIG_COMPAT64 +#define COMPAT_RLIM_INFINITY (~0UL) +#else #define COMPAT_RLIM_INFINITY 0xffffffff +#endif #define COMPAT_OFF_T_MAX 0x7fffffff -- 2.25.1

2 years, 3 months

2
2
0 0

[PATCH v5 0/3] fork: clone3: Capabilities support

by Beata Michalska

Hi All, This series adds capabilities support for clone3 syscall along with set of testcases in morello clone kselftests. Changes available at: https://git.morello-project.org/Bea/linux/-/tree/morello/clone3_v5 LTP changes: https://git.morello-project.org/Bea/morello-linux-ltp/-/tree/morello/clone3 To run clone3 tests: ./runltp -f syscalls -s clone3 v5: [PATCH 3/3] - improved handling of default size for clone3 args - fixed alignment in code layout - dropped redundant cast v4: [PATCH 1/3] - fixed commit message referring to the wrong copy routine [PATCH 3/3] - dropped setting default size for clone3 args - dropped stale comment regarding re-using bits from clone_args flags - switched ASSERT_FALSE to ASSERT_EQ when comparing pids in child process - added caching tls value to safely unmap memory - added validation for both clone stack and tls - switch from clone_args-> tls to actual thread data when checking for tag in cloned process v3: [PATCH 1/3]: - updated commit message to reflect actual changes [PATCH 2/3]: - fixed type casting and sizes for copy routines - swapped order of args for clone_args_size_ver [PATCH 3/3]: - added dedicated field for test custom flags instead of 'borrowing' one from clone_args struct - added test for stack before calling munmap in failing test cases - switched to WSTOPPED for waitid call v2: - add copy_struct_from_user_with_ptr variant - drop explicit padding from clone_args struct - switch __alignof__ to sizeof for struct sizing conditions - use __clone_args_size_ver macro when validating struct layout - cache the current compat mode instead of relying on compiler optimizations - drop use of as_user_ptr in favour of explicit casting - use clone_args struct directly for kselftest test fixture - add signalling to better handle dependencies between test threads Beata Michalska (3): uaccess: Preserve capability tags with copy_struct_from_user_with_ptr fork: clone3: Add support for architectural capabilities kselftests/arm64: morello: Add clone3 test-cases include/linux/uaccess.h | 60 ++++- include/uapi/linux/sched.h | 30 ++- kernel/fork.c | 139 ++++++++--- .../testing/selftests/arm64/morello/Makefile | 1 + tools/testing/selftests/arm64/morello/clone.c | 223 +++++++++++++++++- 5 files changed, 401 insertions(+), 52 deletions(-) -- 2.25.1

2 years, 4 months

2
5
0 0

[PATCH v3] uapi/socket: align with long rather than void*

by Teo Couprie Diaz

void* is used to align to 32-bits or 64-bits on 32 and 64 bits archs. The pure-capability ABI breaks this assumption as the pointer size is different than the word size, which is where the alignment requirement comes from. Indeed, the pointer size, and so void *, is now 16 bytes whereas the expected alignment is still 8 bytes, as it is a different ABI but for a 64-bit arch. Change it to an unsigned long. Musl uses the same type for its definition of struct sockaddr_storage. Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com> --- include/uapi/linux/socket.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/socket.h b/include/uapi/linux/socket.h index 51d6bb2f6765..28ff6a4aebca 100644 --- a/include/uapi/linux/socket.h +++ b/include/uapi/linux/socket.h @@ -22,7 +22,7 @@ struct __kernel_sockaddr_storage { /* space to achieve desired size, */ /* _SS_MAXSIZE value minus size of ss_family */ }; - void *__align; /* implementation specific desired alignment */ + unsigned long __align; /* implementation specific desired alignment */ }; }; -- 2.25.1

2 years, 4 months

2
1
0 0

[PATCH v3 0/3] Introduce VM_READ_CAPS and VM_WRITE_CAPS flags

by Tudor Cretu

This patch series addresses the VM_READ_CAPS/VM_WRITE_CAPS flags issue: https://git.morello-project.org/morello/kernel/linux/-/issues/36 io_uring system uses buffers shared with userspace to read the io events and report their results. The structs that populate the submission and completion queues can contain capabilities. Shared mappings don't have the Load/Store capabilities permission to avoid leaking capabilities outside their original address space, so add two new VM flags that would allow the kernel to set up such mappings. While at it, also fix pte_modify to allow setting PTE_*_CAPS flags, add new the new rc/wc smaps flags, and remove the automatic addition of PTE_*_CAPS to user mappings. To note: this wouldn't allow userspace to make arbitrary shared mappings with tag access, the new VM flags would be for internal use only for the time being. v3: - Improved documentation, comments, and commit message - Fixed condition in Patch 3, now tested properly with Morello GDB v2: - Removed Patch 1 from the series as it wasn't essential - Added docs to Documentation/filesystems/proc.rst - Removed VM_RW_CAPS - Moved definition of VM_*_CAPS just after the definition of VM_MTE - Added details for a TODO related to file-backed mappings - Introduced Patch 3 that removes an assumption about shared mappings Review branch: https://git.morello-project.org/tudcre01/linux/-/commits/vm_rw_caps_v3/ Thanks, Tudor Tudor Cretu (3): arm64: morello: Add VM_READ_CAPS and VM_WRITE_CAPS flags arm64: morello: Explicitly add VM_*_CAPS to private user mappings arm64: morello: Check against VM_WRITE_CAPS in access_remote_cap Documentation/filesystems/proc.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/mman.h | 26 ++++++++++++++++++++++++-- arch/arm64/include/asm/page.h | 3 ++- arch/arm64/include/asm/pgtable-prot.h | 12 +++++------- arch/arm64/kernel/morello.c | 7 +++---- fs/proc/task_mmu.c | 4 ++++ include/linux/mm.h | 8 ++++++++ 8 files changed, 49 insertions(+), 14 deletions(-) -- 2.25.1

2 years, 4 months

2
5
0 0

[PATCH v2] uapi/socket: align with long rather than void*

by Teo Couprie Diaz

void* is used to align to 32-bits or 64-bits on 32 and 64 bits archs. Purecap breaks this assumption. As struct __kernel_sockaddr_storage is used for both Aarch64 and purecap user structs, we cannot reliably use void* for alignment. Change it to an unsigned long. Musl uses the same type for its definition of struct sockaddr_storage. Signed-off-by: Teo Couprie Diaz <teo.coupriediaz(a)arm.com> --- include/uapi/linux/socket.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/socket.h b/include/uapi/linux/socket.h index 51d6bb2f6765..28ff6a4aebca 100644 --- a/include/uapi/linux/socket.h +++ b/include/uapi/linux/socket.h @@ -22,7 +22,7 @@ struct __kernel_sockaddr_storage { /* space to achieve desired size, */ /* _SS_MAXSIZE value minus size of ss_family */ }; - void *__align; /* implementation specific desired alignment */ + unsigned long __align; /* implementation specific desired alignment */ }; }; -- 2.25.1

2 years, 4 months

2
6
0 0

[PATCH v4 0/3] fork: clone3: Capabilities support

by Beata Michalska

Hi All, This series adds capabilities support for clone3 syscall along with set of testcases in morello clone kselftests. Changes available at: https://git.morello-project.org/Bea/linux/-/tree/morello/clone3_v4 LTP changes: https://git.morello-project.org/Bea/morello-linux-ltp/-/tree/morello/clone3 To run clone3 tests: ./runltp -f syscalls -s clone3 v4: [PATCH 1/3] - fixed commit message referring to the wrong copy routine [PATCH 3/3] - dropped setting default size for clone3 args - dropped stale comment regarding re-using bits from clone_args flags - switched ASSERT_FALSE to ASSERT_EQ when comparing pids in child process - added caching tls value to safely unmap memory - added validation for both clone stack and tls - switch from clone_args-> tls to actual thread data when checking for tag in cloned process v3: [PATCH 1/3]: - updated commit message to reflect actual changes [PATCH 2/3]: - fixed type casting and sizes for copy routines - swapped order of args for clone_args_size_ver [PATCH 3/3]: - added dedicated field for test custom flags instead of 'borrowing' one from clone_args struct - added test for stack before calling munmap in failing test cases - switched to WSTOPPED for waitid call v2: - add copy_struct_from_user_with_ptr variant - drop explicit padding from clone_args struct - switch __alignof__ to sizeof for struct sizing conditions - use __clone_args_size_ver macro when validating struct layout - cache the current compat mode instead of relying on compiler optimizations - drop use of as_user_ptr in favour of explicit casting - use clone_args struct directly for kselftest test fixture - add signalling to better handle dependencies between test threads Beata Michalska (3): uaccess: Preserve capability tags with copy_struct_from_user_with_ptr fork: clone3: Add support for architectural capabilities kselftests/arm64: morello: Add clone3 test-cases include/linux/uaccess.h | 60 ++++- include/uapi/linux/sched.h | 30 ++- kernel/fork.c | 139 ++++++++--- .../testing/selftests/arm64/morello/Makefile | 1 + tools/testing/selftests/arm64/morello/clone.c | 222 +++++++++++++++++- 5 files changed, 400 insertions(+), 52 deletions(-) -- 2.25.1

2 years, 4 months

2
4
0 0

[PATCH v3 0/3] fork: clone3: Capabilities support

by Beata Michalska

Hi All, This series adds capabilities support for clone3 syscall along with set of testcases in morello clone kselftests. Changes available at: https://git.morello-project.org/Bea/linux/-/tree/morello/clone3_v3 LTP changes: https://git.morello-project.org/Bea/morello-linux-ltp/-/tree/morello/clone3 To run clone3 tests: ./runltp -f syscalls -s clone3 v3: [PATCH 1/3]: - updated commit message to reflect actual changes [PATCH 2/3]: - fixed type casting and sizes for copy routines - swapped order of args for clone_args_size_ver [PATCH 3/3]: - added dedicated field for test custom flags instead of 'borrowing' one from clone_args struct - added test for stack before calling munmap in failing test cases - switched to WSTOPPED for waitid call v2: - add copy_struct_from_user_with_ptr variant - drop explicit padding from clone_args struct - switch __alignof__ to sizeof for struct sizing conditions - use __clone_args_size_ver macro when validating struct layout - cache the current compat mode instead of relying on compiler optimizations - drop use of as_user_ptr in favour of explicit casting - use clone_args struct directly for kselftest test fixture - add signalling to better handle dependencies between test threads Beata Michalska (3): uaccess: Preserve capability tags with copy_struct_from_user_with_ptr fork: clone3: Add support for architectural capabilities kselftests/arm64: morello: Add clone3 test-cases include/linux/uaccess.h | 60 ++++- include/uapi/linux/sched.h | 30 ++- kernel/fork.c | 139 ++++++++--- .../testing/selftests/arm64/morello/Makefile | 1 + tools/testing/selftests/arm64/morello/clone.c | 228 +++++++++++++++++- 5 files changed, 406 insertions(+), 52 deletions(-) -- 2.25.1

2 years, 4 months

2
7
0 0

2025

2024

2023

2022

linux-morello