Signal handlers that intend to set PCC to a new value need to be careful not to use a sealed function pointer (sentry) directly. In purecap, function pointers are typically sentries and therefore need to be explicitly unsealed and their LSB cleared (as per the bullet point above).
Reported-by: Yury Khrustalev yury.khrustalev@arm.com Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- Documentation/arm64/morello.rst | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/Documentation/arm64/morello.rst b/Documentation/arm64/morello.rst index 3452f4fe4fa9..0a76bbf06290 100644 --- a/Documentation/arm64/morello.rst +++ b/Documentation/arm64/morello.rst @@ -552,6 +552,11 @@ Note: modifying the saved Morello context to modify the ISA of the interrupted context by writing to the C64 bit of the saved PSTATE in ``sigcontext``.
+ * RB-sealed capabilities. The saved PCC should not be RB-sealed; unlike + capability-based branch instructions, exception return uses the target + capability as-is, without automatic unsealing. Explicit unsealing is + therefore required to avoid a capability sealed fault. + C64 ISA support ---------------
On 14-08-2023 12:09, Kevin Brodsky wrote:
Signal handlers that intend to set PCC to a new value need to be careful not to use a sealed function pointer (sentry) directly. In purecap, function pointers are typically sentries and therefore need to be explicitly unsealed and their LSB cleared (as per the bullet point above).
Reported-by: Yury Khrustalev yury.khrustalev@arm.com Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com
Looks good to me.
Tudor
Documentation/arm64/morello.rst | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/Documentation/arm64/morello.rst b/Documentation/arm64/morello.rst index 3452f4fe4fa9..0a76bbf06290 100644 --- a/Documentation/arm64/morello.rst +++ b/Documentation/arm64/morello.rst @@ -552,6 +552,11 @@ Note: modifying the saved Morello context to modify the ISA of the interrupted context by writing to the C64 bit of the saved PSTATE in ``sigcontext``.
- RB-sealed capabilities. The saved PCC should not be RB-sealed; unlike
- capability-based branch instructions, exception return uses the target
- capability as-is, without automatic unsealing. Explicit unsealing is
- therefore required to avoid a capability sealed fault.
C64 ISA support
On 15/08/2023 15:13, Tudor Cretu wrote:
On 14-08-2023 12:09, Kevin Brodsky wrote:
Signal handlers that intend to set PCC to a new value need to be careful not to use a sealed function pointer (sentry) directly. In purecap, function pointers are typically sentries and therefore need to be explicitly unsealed and their LSB cleared (as per the bullet point above).
Reported-by: Yury Khrustalev yury.khrustalev@arm.com Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com
Looks good to me.
Thanks for the review! Now in next.
Kevin
linux-morello@op-lists.linaro.org