On 1/15/24 14:06, Kevin Brodsky wrote:
On 08/01/2024 11:23, Amit Daniel Kachhap wrote:
Helper functions such as capability_owns_range(), build_owning_capability() and mapping_to_capability_perm() are added to manage capability constraints as per PCuABI specifications.
Note: These helper functions do not check for capability permission constraints and full support will be added in subsequent commits.
Signed-off-by: Amit Daniel Kachhap amitdaniel.kachhap@arm.com
include/linux/cap_addr_mgmt.h | 52 +++++++++++++++++++++++++++++++++++ mm/cap_addr_mgmt.c | 36 +++++++++++++++++++++++- 2 files changed, 87 insertions(+), 1 deletion(-)
diff --git a/include/linux/cap_addr_mgmt.h b/include/linux/cap_addr_mgmt.h index 2f296f02c3ff..6a42e714ecd5 100644 --- a/include/linux/cap_addr_mgmt.h +++ b/include/linux/cap_addr_mgmt.h @@ -143,6 +143,38 @@ static inline void reserv_fork(struct mm_struct *mm, struct mm_struct *oldmm) set_bit(MMF_PCUABI_RESERVE, &mm->flags); } +/**
- capability_owns_range() - Check if the address range is within the valid
- capability bound.
- @cap: A Capability value.
- @addr: Address start value.
- @len: Address length.
- Return: True if address within the capability bound or false otherwise.
- */
+bool capability_owns_range(user_uintptr_t cap, ptraddr_t addr, size_t len);
+/**
- build_owning_capability() - Creates a userspace capability from the
- requested base address, length and memory permission flags.
- @addr: Requested capability address.
- @len: Requested capability length.
- @perm: Requested capability permission flags.
- Return: A new capability derived from cheri_user_root_cap.
- */
+user_uintptr_t build_owning_capability(ptraddr_t addr, size_t len, cheri_perms_t perm);
Since these functions will be used directly in generic code and operate on user_uintptr_t, we shouldn't use "capability" in their name. We could actually have them in linux/user_ptr.h and follow a similar naming, for instance check_user_ptr_owning() and make_use_ptr_owning().
ok above names looks more appropriate.
+/**
- mapping_to_capability_perm() - Converts memory mapping protection flags to
- capability permission flags.
- @prot: Memory protection flags.
- @has_tag_access: Capability permissions to have tag check flags.
- Return: Capability permission flags
- */
+cheri_perms_t mapping_to_capability_perm(int prot, bool has_tag_access);
I hadn't realised this in patch 3, but we can't use cheri_perms_t unconditionally - this shouldn't build in !MORELLO. We could introduce user_ptr_perms_t in user_ptr.h, typedef to cheri_perms_t in PCuABI and maybe int otherwise. Maybe that function could live in user_ptr.h as well, called something like user_ptr_perms_from_prot().
ok.
Thanks, Amit
Kevin
[...]