| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6904cf39-6c48-44cc-8884-f79d845508de@arm.com>
Date: Mon, 11 Aug 2025 09:40:10 -0500
From: Jeremy Linton <jeremy.linton@....com>
To: linux-trace-kernel@...r.kernel.org
Cc: linux-perf-users@...r.kernel.org, mhiramat@...nel.org, oleg@...hat.com,
peterz@...radead.org, mingo@...hat.com, acme@...nel.org,
namhyung@...nel.org, mark.rutland@....com,
alexander.shishkin@...ux.intel.com, jolsa@...nel.org, irogers@...gle.com,
adrian.hunter@...el.com, kan.liang@...ux.intel.com,
thiago.bauermann@...aro.org, broonie@...nel.org, yury.khrustalev@....com,
kristina.martsenko@....com, liaochang1@...wei.com, catalin.marinas@....com,
will@...nel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 3/7] arm64: uaccess: Add additional userspace GCS
accessors
On 8/11/25 9:10 AM, Jeremy Linton wrote:
> Uprobes need more advanced read, push, and pop userspace GCS
> functionality. Implement those features using the existing gcsstr()
> and copy_from_user().
>
> Its important to note that GCS pages can be read by normal
> instructions, but the hardware validates that pages used by GCS
> specific operations, have a GCS privilege set. We aren't validating this
> in load_user_gcs because it requires stabilizing the VMA over the read
> which may fault.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@....com>
> Reviewed-by: Catalin Marinas <catalin.marinas@....com>
> ---
> arch/arm64/include/asm/gcs.h | 54 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 54 insertions(+)
>
> diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h
> index e3b360c9dba4..bd9ff1dedcd9 100644
> --- a/arch/arm64/include/asm/gcs.h
> +++ b/arch/arm64/include/asm/gcs.h
> @@ -116,6 +116,47 @@ static inline void put_user_gcs(unsigned long val, unsigned long __user *addr,
> uaccess_ttbr0_disable();
> }
>
> +static inline void push_user_gcs(unsigned long val, int *err)
> +{
> + u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0);
> +
> + gcspr -= sizeof(u64);
> + put_user_gcs(val, (unsigned long __user *)gcspr, err);
> + if (!*err)
> + write_sysreg_s(gcspr, SYS_GCSPR_EL0);
> +}
> +
> +/*
> + * Unlike put/push_user_gcs() above, get/pop_user_gsc() doesn't
> + * validate the GCS permission is set on the page being read. This
> + * differs from how the hardware works when it consumes data stored at
> + * GCSPR. Callers should assure this is acceptable.
> + */
> +static inline u64 get_user_gcs(unsigned long __user *addr, int *err)
> +{
> + unsigned long ret;
> + u64 load = 0;
> +
> + /* Ensure previous GCS operation are visible before we read the page */
> + gcsb_dsync();
> + ret = copy_from_user(&load, addr, sizeof(load));
> + if (ret != 0)
> + *err = ret;
> + return load;
> +}
> +
> +static inline u64 pop_user_gcs(int *err)
> +{
> + u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0);
> + u64 read_val;
> +
> + read_val = get_user_gcs((unsigned long __user *)gcspr, err);
> + if (!*err)
> + write_sysreg_s(gcspr + sizeof(u64), SYS_GCSPR_EL0);
> +
> + return read_val;
> +}
> +
> #else
>
> static inline bool task_gcs_el0_enabled(struct task_struct *task)
> @@ -126,6 +167,10 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task)
> static inline void gcs_set_el0_mode(struct task_struct *task) { }
> static inline void gcs_free(struct task_struct *task) { }
> static inline void gcs_preserve_current_state(void) { }
> +static inline void put_user_gcs(unsigned long val, unsigned long __user *addr,
> + int *err) { }
> +static inline void push_user_gcs(unsigned long val, int *err) { }
> +
> static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk,
> const struct kernel_clone_args *args)
> {
> @@ -136,6 +181,15 @@ static inline int gcs_check_locked(struct task_struct *task,
> {
> return 0;
> }
> +static inline u64 load_user_gcs(unsigned long __user *addr, int *err)
> +{
> + *err = -EFAULT;
> + return 0;
> +}
I sent an old version sine this was sitting around during the merge
window. This should have been renamed along with the version above to
'get_user_gcs'.
> +static inline u64 pop_user_gcs(int *err)
> +{
> + return 0;
> +}
>
> #endif
>
Powered by blists - more mailing lists