From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55121C43381 for ; Mon, 18 Mar 2019 16:35:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1AE92205C9 for ; Mon, 18 Mar 2019 16:35:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727707AbfCRQfz (ORCPT ); Mon, 18 Mar 2019 12:35:55 -0400 Received: from foss.arm.com ([217.140.101.70]:37222 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726808AbfCRQfx (ORCPT ); Mon, 18 Mar 2019 12:35:53 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AB48D1650; Mon, 18 Mar 2019 09:35:52 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 85D5F3F614; Mon, 18 Mar 2019 09:35:46 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart , Kees Cook , Kevin Brodsky , "Kirill A . Shutemov" , Kostya Serebryany , Lee Smith , Luc Van Oostenryck , Mark Rutland , Peter Zijlstra , Ramana Radhakrishnan , Robin Murphy , Ruben Ayrapetyan , Shuah Khan , Steven Rostedt , Szabolcs Nagy , Will Deacon Subject: [PATCH v2 0/4] arm64 relaxed ABI Date: Mon, 18 Mar 2019 16:35:29 +0000 Message-Id: <20190318163533.26838-1-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On arm64 the TCR_EL1.TBI0 bit has been always enabled in the Linux kernel hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patchset proposes a relaxation of the ABI and a mechanism to advertise it to the userspace via an AT_FLAGS. The rationale behind the choice of AT_FLAGS is that the Unix System V ABI defines AT_FLAGS as "flags", leaving some degree of freedom in interpretation. There are two previous attempts of using AT_FLAGS in the Linux Kernel for different reasons: the first was more generic and was used to expose the support for the GNU STACK NX feature [1] and the second was done for the MIPS architecture and was used to expose the support of "MIPS ABI Extension for IEEE Std 754 Non-Compliant Interlinking" [2]. Both the changes are currently _not_ merged in mainline. The only architecture that reserves some of the bits in AT_FLAGS is currently MIPS, which introduced the concept of platform specific ABI (psABI) reserving the top-byte [3]. When ARM64_AT_FLAGS_SYSCALL_TBI is set the kernel is advertising to the userspace that a relaxed ABI is supported hence this type of pointers are now allowed to be passed to the syscalls when they are in memory ranges obtained by anonymous mmap() or brk(). The userspace _must_ verify that the flag is set before passing tagged pointers to the syscalls allowed by this relaxation. More in general, exposing the ARM64_AT_FLAGS_SYSCALL_TBI flag and mandating to the software to check that the feature is present, before using the associated functionality, it provides a degree of control on the decision of disabling such a feature in future without consequently breaking the userspace. The change required a modification of the elf common code, because in Linux the AT_FLAGS are currently set to zero by default by the kernel. The newly added flag has been verified on arm64 using the code below. #include #include #include #define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) bool arm64_syscall_tbi_is_present(void) { unsigned long at_flags = getauxval(AT_FLAGS); if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) return true; return false; } void main() { if (arm64_syscall_tbi_is_present()) printf("ARM64_AT_FLAGS_SYSCALL_TBI is present\n"); } This patchset should be merged together with [4]. [1] https://patchwork.ozlabs.org/patch/579578/ [2] https://lore.kernel.org/patchwork/cover/618280/ [3] ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf [4] https://patchwork.kernel.org/cover/10674351/ ABI References: --------------- Sco SysV ABI: http://www.sco.com/developers/gabi/2003-12-17/contents.html PowerPC AUXV: http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/dbdoclet.50655242_98651.html AMD64 ABI: https://www.cs.tufts.edu/comp/40-2012f/readings/amd64-abi.pdf x86 ABI: https://www.uclibc.org/docs/psABI-i386.pdf MIPS ABI: ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf ARM ABI: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf SPARC ABI: http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf CC: Alexander Viro Cc: Alexei Starovoitov Cc: Andrew Morton Cc: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Cc: Branislav Rankov Cc: Catalin Marinas Cc: Chintan Pandya Cc: Daniel Borkmann Cc: Dave Martin Cc: "David S. Miller" Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Evgeniy Stepanov Cc: Graeme Barnes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jacob Bramley Cc: Kate Stewart Cc: Kees Cook Cc: Kevin Brodsky Cc: "Kirill A . Shutemov" Cc: Kostya Serebryany Cc: Lee Smith Cc: Luc Van Oostenryck Cc: Mark Rutland Cc: Peter Zijlstra Cc: Ramana Radhakrishnan Cc: Robin Murphy Cc: Ruben Ayrapetyan Cc: Shuah Khan Cc: Steven Rostedt Cc: Szabolcs Nagy Cc: Will Deacon Signed-off-by: Vincenzo Frascino Changes: -------- v2: - Rebased on 5.1-rc1 - Addressed review comments - Modified tagged-pointers.txt to be compliant with the new ABI relaxation Vincenzo Frascino (4): elf: Make AT_FLAGS arch configurable arm64: Define Documentation/arm64/elf_at_flags.txt arm64: Relax Documentation/arm64/tagged-pointers.txt arm64: elf: Advertise relaxed ABI Documentation/arm64/elf_at_flags.txt | 133 ++++++++++++++++++++++++ Documentation/arm64/tagged-pointers.txt | 23 ++-- arch/arm64/include/asm/atflags.h | 7 ++ arch/arm64/include/asm/elf.h | 5 + arch/arm64/include/uapi/asm/atflags.h | 8 ++ fs/binfmt_elf.c | 6 +- fs/binfmt_elf_fdpic.c | 6 +- fs/compat_binfmt_elf.c | 5 + 8 files changed, 184 insertions(+), 9 deletions(-) create mode 100644 Documentation/arm64/elf_at_flags.txt create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h -- 2.21.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: vincenzo.frascino at arm.com (Vincenzo Frascino) Date: Mon, 18 Mar 2019 16:35:29 +0000 Subject: [PATCH v2 0/4] arm64 relaxed ABI In-Reply-To: References: Message-ID: <20190318163533.26838-1-vincenzo.frascino@arm.com> On arm64 the TCR_EL1.TBI0 bit has been always enabled in the Linux kernel hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patchset proposes a relaxation of the ABI and a mechanism to advertise it to the userspace via an AT_FLAGS. The rationale behind the choice of AT_FLAGS is that the Unix System V ABI defines AT_FLAGS as "flags", leaving some degree of freedom in interpretation. There are two previous attempts of using AT_FLAGS in the Linux Kernel for different reasons: the first was more generic and was used to expose the support for the GNU STACK NX feature [1] and the second was done for the MIPS architecture and was used to expose the support of "MIPS ABI Extension for IEEE Std 754 Non-Compliant Interlinking" [2]. Both the changes are currently _not_ merged in mainline. The only architecture that reserves some of the bits in AT_FLAGS is currently MIPS, which introduced the concept of platform specific ABI (psABI) reserving the top-byte [3]. When ARM64_AT_FLAGS_SYSCALL_TBI is set the kernel is advertising to the userspace that a relaxed ABI is supported hence this type of pointers are now allowed to be passed to the syscalls when they are in memory ranges obtained by anonymous mmap() or brk(). The userspace _must_ verify that the flag is set before passing tagged pointers to the syscalls allowed by this relaxation. More in general, exposing the ARM64_AT_FLAGS_SYSCALL_TBI flag and mandating to the software to check that the feature is present, before using the associated functionality, it provides a degree of control on the decision of disabling such a feature in future without consequently breaking the userspace. The change required a modification of the elf common code, because in Linux the AT_FLAGS are currently set to zero by default by the kernel. The newly added flag has been verified on arm64 using the code below. #include #include #include #define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) bool arm64_syscall_tbi_is_present(void) { unsigned long at_flags = getauxval(AT_FLAGS); if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) return true; return false; } void main() { if (arm64_syscall_tbi_is_present()) printf("ARM64_AT_FLAGS_SYSCALL_TBI is present\n"); } This patchset should be merged together with [4]. [1] https://patchwork.ozlabs.org/patch/579578/ [2] https://lore.kernel.org/patchwork/cover/618280/ [3] ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf [4] https://patchwork.kernel.org/cover/10674351/ ABI References: --------------- Sco SysV ABI: http://www.sco.com/developers/gabi/2003-12-17/contents.html PowerPC AUXV: http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/dbdoclet.50655242_98651.html AMD64 ABI: https://www.cs.tufts.edu/comp/40-2012f/readings/amd64-abi.pdf x86 ABI: https://www.uclibc.org/docs/psABI-i386.pdf MIPS ABI: ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf ARM ABI: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf SPARC ABI: http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf CC: Alexander Viro Cc: Alexei Starovoitov Cc: Andrew Morton Cc: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Cc: Branislav Rankov Cc: Catalin Marinas Cc: Chintan Pandya Cc: Daniel Borkmann Cc: Dave Martin Cc: "David S. Miller" Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Evgeniy Stepanov Cc: Graeme Barnes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jacob Bramley Cc: Kate Stewart Cc: Kees Cook Cc: Kevin Brodsky Cc: "Kirill A . Shutemov" Cc: Kostya Serebryany Cc: Lee Smith Cc: Luc Van Oostenryck Cc: Mark Rutland Cc: Peter Zijlstra Cc: Ramana Radhakrishnan Cc: Robin Murphy Cc: Ruben Ayrapetyan Cc: Shuah Khan Cc: Steven Rostedt Cc: Szabolcs Nagy Cc: Will Deacon Signed-off-by: Vincenzo Frascino Changes: -------- v2: - Rebased on 5.1-rc1 - Addressed review comments - Modified tagged-pointers.txt to be compliant with the new ABI relaxation Vincenzo Frascino (4): elf: Make AT_FLAGS arch configurable arm64: Define Documentation/arm64/elf_at_flags.txt arm64: Relax Documentation/arm64/tagged-pointers.txt arm64: elf: Advertise relaxed ABI Documentation/arm64/elf_at_flags.txt | 133 ++++++++++++++++++++++++ Documentation/arm64/tagged-pointers.txt | 23 ++-- arch/arm64/include/asm/atflags.h | 7 ++ arch/arm64/include/asm/elf.h | 5 + arch/arm64/include/uapi/asm/atflags.h | 8 ++ fs/binfmt_elf.c | 6 +- fs/binfmt_elf_fdpic.c | 6 +- fs/compat_binfmt_elf.c | 5 + 8 files changed, 184 insertions(+), 9 deletions(-) create mode 100644 Documentation/arm64/elf_at_flags.txt create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h -- 2.21.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: vincenzo.frascino@arm.com (Vincenzo Frascino) Date: Mon, 18 Mar 2019 16:35:29 +0000 Subject: [PATCH v2 0/4] arm64 relaxed ABI In-Reply-To: References: Message-ID: <20190318163533.26838-1-vincenzo.frascino@arm.com> Content-Type: text/plain; charset="UTF-8" Message-ID: <20190318163529.BRMm0cVxy2xCk3kfiTk7gOcl338GIFwgTGaoCJaT36w@z> On arm64 the TCR_EL1.TBI0 bit has been always enabled in the Linux kernel hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patchset proposes a relaxation of the ABI and a mechanism to advertise it to the userspace via an AT_FLAGS. The rationale behind the choice of AT_FLAGS is that the Unix System V ABI defines AT_FLAGS as "flags", leaving some degree of freedom in interpretation. There are two previous attempts of using AT_FLAGS in the Linux Kernel for different reasons: the first was more generic and was used to expose the support for the GNU STACK NX feature [1] and the second was done for the MIPS architecture and was used to expose the support of "MIPS ABI Extension for IEEE Std 754 Non-Compliant Interlinking" [2]. Both the changes are currently _not_ merged in mainline. The only architecture that reserves some of the bits in AT_FLAGS is currently MIPS, which introduced the concept of platform specific ABI (psABI) reserving the top-byte [3]. When ARM64_AT_FLAGS_SYSCALL_TBI is set the kernel is advertising to the userspace that a relaxed ABI is supported hence this type of pointers are now allowed to be passed to the syscalls when they are in memory ranges obtained by anonymous mmap() or brk(). The userspace _must_ verify that the flag is set before passing tagged pointers to the syscalls allowed by this relaxation. More in general, exposing the ARM64_AT_FLAGS_SYSCALL_TBI flag and mandating to the software to check that the feature is present, before using the associated functionality, it provides a degree of control on the decision of disabling such a feature in future without consequently breaking the userspace. The change required a modification of the elf common code, because in Linux the AT_FLAGS are currently set to zero by default by the kernel. The newly added flag has been verified on arm64 using the code below. #include #include #include #define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) bool arm64_syscall_tbi_is_present(void) { unsigned long at_flags = getauxval(AT_FLAGS); if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) return true; return false; } void main() { if (arm64_syscall_tbi_is_present()) printf("ARM64_AT_FLAGS_SYSCALL_TBI is present\n"); } This patchset should be merged together with [4]. [1] https://patchwork.ozlabs.org/patch/579578/ [2] https://lore.kernel.org/patchwork/cover/618280/ [3] ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf [4] https://patchwork.kernel.org/cover/10674351/ ABI References: --------------- Sco SysV ABI: http://www.sco.com/developers/gabi/2003-12-17/contents.html PowerPC AUXV: http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/dbdoclet.50655242_98651.html AMD64 ABI: https://www.cs.tufts.edu/comp/40-2012f/readings/amd64-abi.pdf x86 ABI: https://www.uclibc.org/docs/psABI-i386.pdf MIPS ABI: ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf ARM ABI: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf SPARC ABI: http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf CC: Alexander Viro Cc: Alexei Starovoitov Cc: Andrew Morton Cc: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Cc: Branislav Rankov Cc: Catalin Marinas Cc: Chintan Pandya Cc: Daniel Borkmann Cc: Dave Martin Cc: "David S. Miller" Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Evgeniy Stepanov Cc: Graeme Barnes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jacob Bramley Cc: Kate Stewart Cc: Kees Cook Cc: Kevin Brodsky Cc: "Kirill A . Shutemov" Cc: Kostya Serebryany Cc: Lee Smith Cc: Luc Van Oostenryck Cc: Mark Rutland Cc: Peter Zijlstra Cc: Ramana Radhakrishnan Cc: Robin Murphy Cc: Ruben Ayrapetyan Cc: Shuah Khan Cc: Steven Rostedt Cc: Szabolcs Nagy Cc: Will Deacon Signed-off-by: Vincenzo Frascino Changes: -------- v2: - Rebased on 5.1-rc1 - Addressed review comments - Modified tagged-pointers.txt to be compliant with the new ABI relaxation Vincenzo Frascino (4): elf: Make AT_FLAGS arch configurable arm64: Define Documentation/arm64/elf_at_flags.txt arm64: Relax Documentation/arm64/tagged-pointers.txt arm64: elf: Advertise relaxed ABI Documentation/arm64/elf_at_flags.txt | 133 ++++++++++++++++++++++++ Documentation/arm64/tagged-pointers.txt | 23 ++-- arch/arm64/include/asm/atflags.h | 7 ++ arch/arm64/include/asm/elf.h | 5 + arch/arm64/include/uapi/asm/atflags.h | 8 ++ fs/binfmt_elf.c | 6 +- fs/binfmt_elf_fdpic.c | 6 +- fs/compat_binfmt_elf.c | 5 + 8 files changed, 184 insertions(+), 9 deletions(-) create mode 100644 Documentation/arm64/elf_at_flags.txt create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h -- 2.21.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vincenzo Frascino Subject: [PATCH v2 0/4] arm64 relaxed ABI Date: Mon, 18 Mar 2019 16:35:29 +0000 Message-ID: <20190318163533.26838-1-vincenzo.frascino@arm.com> References: Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Alexander Viro , Alexei Starovoitov , Andrew Morton , Andrey Konovalov , Arnaldo Carvalho de Melo , Branislav Rankov , Catalin Marinas , Chintan Pandya , Daniel Borkmann , Dave Martin , "David S. Miller" , Dmitry Vyukov , Eric Dumazet , Evgeniy Stepanov , Graeme Barnes , Greg Kroah-Hartman , Ingo Molnar , Jacob Bramley , Kate Stewart List-Id: linux-arch.vger.kernel.org On arm64 the TCR_EL1.TBI0 bit has been always enabled in the Linux kernel hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patchset proposes a relaxation of the ABI and a mechanism to advertise it to the userspace via an AT_FLAGS. The rationale behind the choice of AT_FLAGS is that the Unix System V ABI defines AT_FLAGS as "flags", leaving some degree of freedom in interpretation. There are two previous attempts of using AT_FLAGS in the Linux Kernel for different reasons: the first was more generic and was used to expose the support for the GNU STACK NX feature [1] and the second was done for the MIPS architecture and was used to expose the support of "MIPS ABI Extension for IEEE Std 754 Non-Compliant Interlinking" [2]. Both the changes are currently _not_ merged in mainline. The only architecture that reserves some of the bits in AT_FLAGS is currently MIPS, which introduced the concept of platform specific ABI (psABI) reserving the top-byte [3]. When ARM64_AT_FLAGS_SYSCALL_TBI is set the kernel is advertising to the userspace that a relaxed ABI is supported hence this type of pointers are now allowed to be passed to the syscalls when they are in memory ranges obtained by anonymous mmap() or brk(). The userspace _must_ verify that the flag is set before passing tagged pointers to the syscalls allowed by this relaxation. More in general, exposing the ARM64_AT_FLAGS_SYSCALL_TBI flag and mandating to the software to check that the feature is present, before using the associated functionality, it provides a degree of control on the decision of disabling such a feature in future without consequently breaking the userspace. The change required a modification of the elf common code, because in Linux the AT_FLAGS are currently set to zero by default by the kernel. The newly added flag has been verified on arm64 using the code below. #include #include #include #define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) bool arm64_syscall_tbi_is_present(void) { unsigned long at_flags = getauxval(AT_FLAGS); if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) return true; return false; } void main() { if (arm64_syscall_tbi_is_present()) printf("ARM64_AT_FLAGS_SYSCALL_TBI is present\n"); } This patchset should be merged together with [4]. [1] https://patchwork.ozlabs.org/patch/579578/ [2] https://lore.kernel.org/patchwork/cover/618280/ [3] ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf [4] https://patchwork.kernel.org/cover/10674351/ ABI References: --------------- Sco SysV ABI: http://www.sco.com/developers/gabi/2003-12-17/contents.html PowerPC AUXV: http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/dbdoclet.50655242_98651.html AMD64 ABI: https://www.cs.tufts.edu/comp/40-2012f/readings/amd64-abi.pdf x86 ABI: https://www.uclibc.org/docs/psABI-i386.pdf MIPS ABI: ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf ARM ABI: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf SPARC ABI: http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf CC: Alexander Viro Cc: Alexei Starovoitov Cc: Andrew Morton Cc: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Cc: Branislav Rankov Cc: Catalin Marinas Cc: Chintan Pandya Cc: Daniel Borkmann Cc: Dave Martin Cc: "David S. Miller" Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Evgeniy Stepanov Cc: Graeme Barnes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jacob Bramley Cc: Kate Stewart Cc: Kees Cook Cc: Kevin Brodsky Cc: "Kirill A . Shutemov" Cc: Kostya Serebryany Cc: Lee Smith Cc: Luc Van Oostenryck Cc: Mark Rutland Cc: Peter Zijlstra Cc: Ramana Radhakrishnan Cc: Robin Murphy Cc: Ruben Ayrapetyan Cc: Shuah Khan Cc: Steven Rostedt Cc: Szabolcs Nagy Cc: Will Deacon Signed-off-by: Vincenzo Frascino Changes: -------- v2: - Rebased on 5.1-rc1 - Addressed review comments - Modified tagged-pointers.txt to be compliant with the new ABI relaxation Vincenzo Frascino (4): elf: Make AT_FLAGS arch configurable arm64: Define Documentation/arm64/elf_at_flags.txt arm64: Relax Documentation/arm64/tagged-pointers.txt arm64: elf: Advertise relaxed ABI Documentation/arm64/elf_at_flags.txt | 133 ++++++++++++++++++++++++ Documentation/arm64/tagged-pointers.txt | 23 ++-- arch/arm64/include/asm/atflags.h | 7 ++ arch/arm64/include/asm/elf.h | 5 + arch/arm64/include/uapi/asm/atflags.h | 8 ++ fs/binfmt_elf.c | 6 +- fs/binfmt_elf_fdpic.c | 6 +- fs/compat_binfmt_elf.c | 5 + 8 files changed, 184 insertions(+), 9 deletions(-) create mode 100644 Documentation/arm64/elf_at_flags.txt create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h -- 2.21.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3730C43381 for ; Mon, 18 Mar 2019 16:36:08 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A3C422133D for ; Mon, 18 Mar 2019 16:36:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="SQyTHwHe" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A3C422133D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=y2Q8LvRcV1pQf86krGQ7DAUCvJmGNMwUxUTT+jDqjyY=; b=SQyTHwHeqp9FGJ Ko+7DdRNCKLL75JYbm84JZlCbzG3tGE9mCBxmV9L9u0064RG7BaGg8pFCMKQWSy7bKYZe46e1fhDF ZH9RIl2rCkNGpZs5Z6CmWk04dH5O+QYNwpPGTbqlsTHdjuLjJ2DDTaiuf7SHXVzM28qXf8kMXNq7m 0u82+8e7/ldSJZzsM2wSZLi7JB31LxQgccJm9wItRrCyKWD0KTS1rG4wXCs8ezWhP7gco+dy2M6rt okGAO1rp0+cAzvNJyXbOMHUS2V3NyXVlMl/8lJ2PK2Q2a6x2YeQahz/AdvKDpnEiqX48ylLaYDPR3 FOP8yZIZnLuzrHHnmghw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1h5vF2-0000WL-Fe; Mon, 18 Mar 2019 16:36:00 +0000 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70] helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1h5vEy-0000VE-R1 for linux-arm-kernel@lists.infradead.org; Mon, 18 Mar 2019 16:35:58 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AB48D1650; Mon, 18 Mar 2019 09:35:52 -0700 (PDT) Received: from e119884-lin.cambridge.arm.com (e119884-lin.cambridge.arm.com [10.1.196.72]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 85D5F3F614; Mon, 18 Mar 2019 09:35:46 -0700 (PDT) From: Vincenzo Frascino To: linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 0/4] arm64 relaxed ABI Date: Mon, 18 Mar 2019 16:35:29 +0000 Message-Id: <20190318163533.26838-1-vincenzo.frascino@arm.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190318_093556_895475_7754A099 X-CRM114-Status: GOOD ( 21.73 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kate Stewart , Mark Rutland , Peter Zijlstra , Catalin Marinas , Will Deacon , Alexei Starovoitov , Kostya Serebryany , Eric Dumazet , Chintan Pandya , Shuah Khan , Ingo Molnar , Jacob Bramley , Daniel Borkmann , Szabolcs Nagy , Steven Rostedt , Dave Martin , Evgeniy Stepanov , Kees Cook , Ruben Ayrapetyan , Andrey Konovalov , Kevin Brodsky , Arnaldo Carvalho de Melo , Graeme Barnes , Alexander Viro , Dmitry Vyukov , Branislav Rankov , Ramana Radhakrishnan , Greg Kroah-Hartman , Luc Van Oostenryck , Lee Smith , Andrew Morton , Robin Murphy , "David S. Miller" , "Kirill A . Shutemov" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On arm64 the TCR_EL1.TBI0 bit has been always enabled in the Linux kernel hence the userspace (EL0) is allowed to set a non-zero value in the top byte but the resulting pointers are not allowed at the user-kernel syscall ABI boundary. This patchset proposes a relaxation of the ABI and a mechanism to advertise it to the userspace via an AT_FLAGS. The rationale behind the choice of AT_FLAGS is that the Unix System V ABI defines AT_FLAGS as "flags", leaving some degree of freedom in interpretation. There are two previous attempts of using AT_FLAGS in the Linux Kernel for different reasons: the first was more generic and was used to expose the support for the GNU STACK NX feature [1] and the second was done for the MIPS architecture and was used to expose the support of "MIPS ABI Extension for IEEE Std 754 Non-Compliant Interlinking" [2]. Both the changes are currently _not_ merged in mainline. The only architecture that reserves some of the bits in AT_FLAGS is currently MIPS, which introduced the concept of platform specific ABI (psABI) reserving the top-byte [3]. When ARM64_AT_FLAGS_SYSCALL_TBI is set the kernel is advertising to the userspace that a relaxed ABI is supported hence this type of pointers are now allowed to be passed to the syscalls when they are in memory ranges obtained by anonymous mmap() or brk(). The userspace _must_ verify that the flag is set before passing tagged pointers to the syscalls allowed by this relaxation. More in general, exposing the ARM64_AT_FLAGS_SYSCALL_TBI flag and mandating to the software to check that the feature is present, before using the associated functionality, it provides a degree of control on the decision of disabling such a feature in future without consequently breaking the userspace. The change required a modification of the elf common code, because in Linux the AT_FLAGS are currently set to zero by default by the kernel. The newly added flag has been verified on arm64 using the code below. #include #include #include #define ARM64_AT_FLAGS_SYSCALL_TBI (1 << 0) bool arm64_syscall_tbi_is_present(void) { unsigned long at_flags = getauxval(AT_FLAGS); if (at_flags & ARM64_AT_FLAGS_SYSCALL_TBI) return true; return false; } void main() { if (arm64_syscall_tbi_is_present()) printf("ARM64_AT_FLAGS_SYSCALL_TBI is present\n"); } This patchset should be merged together with [4]. [1] https://patchwork.ozlabs.org/patch/579578/ [2] https://lore.kernel.org/patchwork/cover/618280/ [3] ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf [4] https://patchwork.kernel.org/cover/10674351/ ABI References: --------------- Sco SysV ABI: http://www.sco.com/developers/gabi/2003-12-17/contents.html PowerPC AUXV: http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/dbdoclet.50655242_98651.html AMD64 ABI: https://www.cs.tufts.edu/comp/40-2012f/readings/amd64-abi.pdf x86 ABI: https://www.uclibc.org/docs/psABI-i386.pdf MIPS ABI: ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/psABI_mips3.0.pdf ARM ABI: http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf SPARC ABI: http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf CC: Alexander Viro Cc: Alexei Starovoitov Cc: Andrew Morton Cc: Andrey Konovalov Cc: Arnaldo Carvalho de Melo Cc: Branislav Rankov Cc: Catalin Marinas Cc: Chintan Pandya Cc: Daniel Borkmann Cc: Dave Martin Cc: "David S. Miller" Cc: Dmitry Vyukov Cc: Eric Dumazet Cc: Evgeniy Stepanov Cc: Graeme Barnes Cc: Greg Kroah-Hartman Cc: Ingo Molnar Cc: Jacob Bramley Cc: Kate Stewart Cc: Kees Cook Cc: Kevin Brodsky Cc: "Kirill A . Shutemov" Cc: Kostya Serebryany Cc: Lee Smith Cc: Luc Van Oostenryck Cc: Mark Rutland Cc: Peter Zijlstra Cc: Ramana Radhakrishnan Cc: Robin Murphy Cc: Ruben Ayrapetyan Cc: Shuah Khan Cc: Steven Rostedt Cc: Szabolcs Nagy Cc: Will Deacon Signed-off-by: Vincenzo Frascino Changes: -------- v2: - Rebased on 5.1-rc1 - Addressed review comments - Modified tagged-pointers.txt to be compliant with the new ABI relaxation Vincenzo Frascino (4): elf: Make AT_FLAGS arch configurable arm64: Define Documentation/arm64/elf_at_flags.txt arm64: Relax Documentation/arm64/tagged-pointers.txt arm64: elf: Advertise relaxed ABI Documentation/arm64/elf_at_flags.txt | 133 ++++++++++++++++++++++++ Documentation/arm64/tagged-pointers.txt | 23 ++-- arch/arm64/include/asm/atflags.h | 7 ++ arch/arm64/include/asm/elf.h | 5 + arch/arm64/include/uapi/asm/atflags.h | 8 ++ fs/binfmt_elf.c | 6 +- fs/binfmt_elf_fdpic.c | 6 +- fs/compat_binfmt_elf.c | 5 + 8 files changed, 184 insertions(+), 9 deletions(-) create mode 100644 Documentation/arm64/elf_at_flags.txt create mode 100644 arch/arm64/include/asm/atflags.h create mode 100644 arch/arm64/include/uapi/asm/atflags.h -- 2.21.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel