From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-mm@kvack.org, linux-arch@vger.kernel.org,
Will Deacon <will@kernel.org>,
Dave P Martin <Dave.Martin@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Peter Collingbourne <pcc@google.com>,
Alan Hayward <Alan.Hayward@arm.com>,
Luis Machado <luis.machado@linaro.org>,
Omair Javaid <omair.javaid@linaro.org>
Subject: [PATCH v4 18/26] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support
Date: Fri, 15 May 2020 18:16:04 +0100 [thread overview]
Message-ID: <20200515171612.1020-19-catalin.marinas@arm.com> (raw)
In-Reply-To: <20200515171612.1020-1-catalin.marinas@arm.com>
Add support for bulk setting/getting of the MTE tags in a tracee's
address space at 'addr' in the ptrace() syscall prototype. 'data' points
to a struct iovec in the tracer's address space with iov_base
representing the address of a tracer's buffer of length iov_len. The
tags to be copied to/from the tracer's buffer are stored as one tag per
byte.
On successfully copying at least one tag, ptrace() returns 0 and updates
the tracer's iov_len with the number of tags copied. In case of error,
either -EIO or -EFAULT is returned, trying to follow the ptrace() man
page.
Note that the tag copying functions are not performance critical,
therefore they lack optimisations found in typical memory copy routines.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Alan Hayward <Alan.Hayward@arm.com>
Cc: Luis Machado <luis.machado@linaro.org>
Cc: Omair Javaid <omair.javaid@linaro.org>
---
Notes:
v4:
- Following the change to only clear the tags in a page if it is mapped
to user with PROT_MTE, ptrace() now will refuse to access tags in
pages not previously mapped with PROT_MTE (PG_mte_tagged set). This is
primarily to avoid leaking uninitialised tags to user via ptrace().
- Fix SYM_FUNC_END argument typo.
- Rename MTE_ALLOC_* to MTE_GRANULE_*.
- Use uao_user_alternative for the user access in case we ever want to
call mte_copy_tags_* with a kernel buffer. It also matches the other
uaccess routines in the kernel.
- Simplify arch_ptrace() slightly.
- Reorder down_write_killable() with access_ok() in
__access_remote_tags().
- Handle copy length 0 in mte_copy_tags_{to,from}_user().
- Use put_user() instead of __put_user().
New in v3.
arch/arm64/include/asm/mte.h | 17 ++++
arch/arm64/include/uapi/asm/ptrace.h | 3 +
arch/arm64/kernel/mte.c | 139 +++++++++++++++++++++++++++
arch/arm64/kernel/ptrace.c | 7 ++
arch/arm64/lib/mte.S | 53 ++++++++++
5 files changed, 219 insertions(+)
diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
index 7435f6619bf1..9d4b1390d07d 100644
--- a/arch/arm64/include/asm/mte.h
+++ b/arch/arm64/include/asm/mte.h
@@ -5,6 +5,11 @@
#ifndef __ASM_MTE_H
#define __ASM_MTE_H
+#define MTE_GRANULE_SIZE UL(16)
+#define MTE_GRANULE_MASK (~(MTE_GRANULE_SIZE - 1))
+#define MTE_TAG_SHIFT 56
+#define MTE_TAG_SIZE 4
+
#ifndef __ASSEMBLY__
#include <linux/page-flags.h>
@@ -12,6 +17,10 @@
#include <asm/pgtable-types.h>
void mte_clear_page_tags(void *addr, size_t size);
+unsigned long mte_copy_tags_from_user(void *to, const void __user *from,
+ unsigned long n);
+unsigned long mte_copy_tags_to_user(void __user *to, void *from,
+ unsigned long n);
#ifdef CONFIG_ARM64_MTE
@@ -25,6 +34,8 @@ void mte_thread_switch(struct task_struct *next);
void mte_suspend_exit(void);
long set_mte_ctrl(unsigned long arg);
long get_mte_ctrl(void);
+int mte_ptrace_copy_tags(struct task_struct *child, long request,
+ unsigned long addr, unsigned long data);
#else
@@ -54,6 +65,12 @@ static inline long get_mte_ctrl(void)
{
return 0;
}
+static inline int mte_ptrace_copy_tags(struct task_struct *child,
+ long request, unsigned long addr,
+ unsigned long data)
+{
+ return -EIO;
+}
#endif
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index 1daf6dda8af0..cd2a4a164de3 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -67,6 +67,9 @@
/* syscall emulation path in ptrace */
#define PTRACE_SYSEMU 31
#define PTRACE_SYSEMU_SINGLESTEP 32
+/* MTE allocation tag access */
+#define PTRACE_PEEKMTETAGS 33
+#define PTRACE_POKEMTETAGS 34
#ifndef __ASSEMBLY__
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index cda09bc8caf4..6abd6a16a145 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -4,14 +4,18 @@
*/
#include <linux/bitops.h>
+#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/prctl.h>
#include <linux/sched.h>
+#include <linux/sched/mm.h>
#include <linux/string.h>
#include <linux/thread_info.h>
+#include <linux/uio.h>
#include <asm/cpufeature.h>
#include <asm/mte.h>
+#include <asm/ptrace.h>
#include <asm/sysreg.h>
void mte_sync_tags(pte_t *ptep, pte_t pte)
@@ -173,3 +177,138 @@ long get_mte_ctrl(void)
return ret;
}
+
+/*
+ * Access MTE tags in another process' address space as given in mm. Update
+ * the number of tags copied. Return 0 if any tags copied, error otherwise.
+ * Inspired by __access_remote_vm().
+ */
+static int __access_remote_tags(struct task_struct *tsk, struct mm_struct *mm,
+ unsigned long addr, struct iovec *kiov,
+ unsigned int gup_flags)
+{
+ struct vm_area_struct *vma;
+ void __user *buf = kiov->iov_base;
+ size_t len = kiov->iov_len;
+ int ret;
+ int write = gup_flags & FOLL_WRITE;
+
+ if (!access_ok(buf, len))
+ return -EFAULT;
+
+ if (down_read_killable(&mm->mmap_sem))
+ return -EIO;
+
+ while (len) {
+ unsigned long tags, offset;
+ void *maddr;
+ struct page *page = NULL;
+
+ ret = get_user_pages_remote(tsk, mm, addr, 1, gup_flags,
+ &page, &vma, NULL);
+ if (ret <= 0)
+ break;
+
+ /*
+ * Only copy tags if the page has been mapped as PROT_MTE
+ * (PG_mte_tagged set). Otherwise the tags are not valid and
+ * not accessible to user. Moreover, an mprotect(PROT_MTE)
+ * would cause the existing tags to be cleared if the page
+ * was never mapped with PROT_MTE.
+ */
+ if (!test_bit(PG_mte_tagged, &page->flags)) {
+ ret = -EOPNOTSUPP;
+ put_page(page);
+ break;
+ }
+
+ /* limit access to the end of the page */
+ offset = offset_in_page(addr);
+ tags = min(len, (PAGE_SIZE - offset) / MTE_GRANULE_SIZE);
+
+ maddr = page_address(page);
+ if (write) {
+ tags = mte_copy_tags_from_user(maddr + offset, buf, tags);
+ set_page_dirty_lock(page);
+ } else {
+ tags = mte_copy_tags_to_user(buf, maddr + offset, tags);
+ }
+ put_page(page);
+
+ /* error accessing the tracer's buffer */
+ if (!tags)
+ break;
+
+ len -= tags;
+ buf += tags;
+ addr += tags * MTE_GRANULE_SIZE;
+ }
+ up_read(&mm->mmap_sem);
+
+ /* return an error if no tags copied */
+ kiov->iov_len = buf - kiov->iov_base;
+ if (!kiov->iov_len) {
+ /* check for error accessing the tracee's address space */
+ if (ret <= 0)
+ return -EIO;
+ else
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+/*
+ * Copy MTE tags in another process' address space at 'addr' to/from tracer's
+ * iovec buffer. Return 0 on success. Inspired by ptrace_access_vm().
+ */
+static int access_remote_tags(struct task_struct *tsk, unsigned long addr,
+ struct iovec *kiov, unsigned int gup_flags)
+{
+ struct mm_struct *mm;
+ int ret;
+
+ mm = get_task_mm(tsk);
+ if (!mm)
+ return -EPERM;
+
+ if (!tsk->ptrace || (current != tsk->parent) ||
+ ((get_dumpable(mm) != SUID_DUMP_USER) &&
+ !ptracer_capable(tsk, mm->user_ns))) {
+ mmput(mm);
+ return -EPERM;
+ }
+
+ ret = __access_remote_tags(tsk, mm, addr, kiov, gup_flags);
+ mmput(mm);
+
+ return ret;
+}
+
+int mte_ptrace_copy_tags(struct task_struct *child, long request,
+ unsigned long addr, unsigned long data)
+{
+ int ret;
+ struct iovec kiov;
+ struct iovec __user *uiov = (void __user *)data;
+ unsigned int gup_flags = FOLL_FORCE;
+
+ if (!system_supports_mte())
+ return -EIO;
+
+ if (get_user(kiov.iov_base, &uiov->iov_base) ||
+ get_user(kiov.iov_len, &uiov->iov_len))
+ return -EFAULT;
+
+ if (request == PTRACE_POKEMTETAGS)
+ gup_flags |= FOLL_WRITE;
+
+ /* align addr to the MTE tag granule */
+ addr &= MTE_GRANULE_MASK;
+
+ ret = access_remote_tags(child, addr, &kiov, gup_flags);
+ if (!ret)
+ ret = put_user(kiov.iov_len, &uiov->iov_len);
+
+ return ret;
+}
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 077e352495eb..c8bda5f5b321 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -34,6 +34,7 @@
#include <asm/cpufeature.h>
#include <asm/debug-monitors.h>
#include <asm/fpsimd.h>
+#include <asm/mte.h>
#include <asm/pgtable.h>
#include <asm/pointer_auth.h>
#include <asm/stacktrace.h>
@@ -1797,6 +1798,12 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
+ switch (request) {
+ case PTRACE_PEEKMTETAGS:
+ case PTRACE_POKEMTETAGS:
+ return mte_ptrace_copy_tags(child, request, addr, data);
+ }
+
return ptrace_request(child, request, addr, data);
}
diff --git a/arch/arm64/lib/mte.S b/arch/arm64/lib/mte.S
index a531b52fa5ba..862655a36013 100644
--- a/arch/arm64/lib/mte.S
+++ b/arch/arm64/lib/mte.S
@@ -4,7 +4,9 @@
*/
#include <linux/linkage.h>
+#include <asm/alternative.h>
#include <asm/assembler.h>
+#include <asm/mte.h>
#include <asm/page.h>
.arch armv8.5-a+memtag
@@ -40,3 +42,54 @@ SYM_FUNC_START(mte_copy_page_tags)
b.ne 1b
2:
SYM_FUNC_END(mte_copy_page_tags)
+
+/*
+ * Read tags from a user buffer (one tag per byte) and set the corresponding
+ * tags at the given kernel address. Used by PTRACE_POKEMTETAGS.
+ * x0 - kernel address (to)
+ * x1 - user buffer (from)
+ * x2 - number of tags/bytes (n)
+ * Returns:
+ * x0 - number of tags read/set
+ */
+SYM_FUNC_START(mte_copy_tags_from_user)
+ mov x3, x1
+ cbz x2, 2f
+1:
+ uao_user_alternative 2f, ldrb, ldtrb, w4, x1, 0
+ lsl x4, x4, #MTE_TAG_SHIFT
+ stg x4, [x0], #MTE_GRANULE_SIZE
+ add x1, x1, #1
+ subs x2, x2, #1
+ b.ne 1b
+
+ // exception handling and function return
+2: sub x0, x1, x3 // update the number of tags set
+ ret
+SYM_FUNC_END(mte_copy_tags_from_user)
+
+/*
+ * Get the tags from a kernel address range and write the tag values to the
+ * given user buffer (one tag per byte). Used by PTRACE_PEEKMTETAGS.
+ * x0 - user buffer (to)
+ * x1 - kernel address (from)
+ * x2 - number of tags/bytes (n)
+ * Returns:
+ * x0 - number of tags read/set
+ */
+SYM_FUNC_START(mte_copy_tags_to_user)
+ mov x3, x0
+ cbz x2, 2f
+1:
+ ldg x4, [x1]
+ ubfx x4, x4, #MTE_TAG_SHIFT, #MTE_TAG_SIZE
+ uao_user_alternative 2f, strb, sttrb, w4, x0, 0
+ add x0, x0, #1
+ add x1, x1, #MTE_GRANULE_SIZE
+ subs x2, x2, #1
+ b.ne 1b
+
+ // exception handling and function return
+2: sub x0, x0, x3 // update the number of tags copied
+ ret
+SYM_FUNC_END(mte_copy_tags_to_user)
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org,
Luis Machado <luis.machado@linaro.org>,
Omair Javaid <omair.javaid@linaro.org>,
Szabolcs Nagy <szabolcs.nagy@arm.com>,
Andrey Konovalov <andreyknvl@google.com>,
Kevin Brodsky <kevin.brodsky@arm.com>,
Peter Collingbourne <pcc@google.com>,
linux-mm@kvack.org, Alan Hayward <Alan.Hayward@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>,
Dave P Martin <Dave.Martin@arm.com>
Subject: [PATCH v4 18/26] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support
Date: Fri, 15 May 2020 18:16:04 +0100 [thread overview]
Message-ID: <20200515171612.1020-19-catalin.marinas@arm.com> (raw)
In-Reply-To: <20200515171612.1020-1-catalin.marinas@arm.com>
Add support for bulk setting/getting of the MTE tags in a tracee's
address space at 'addr' in the ptrace() syscall prototype. 'data' points
to a struct iovec in the tracer's address space with iov_base
representing the address of a tracer's buffer of length iov_len. The
tags to be copied to/from the tracer's buffer are stored as one tag per
byte.
On successfully copying at least one tag, ptrace() returns 0 and updates
the tracer's iov_len with the number of tags copied. In case of error,
either -EIO or -EFAULT is returned, trying to follow the ptrace() man
page.
Note that the tag copying functions are not performance critical,
therefore they lack optimisations found in typical memory copy routines.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Alan Hayward <Alan.Hayward@arm.com>
Cc: Luis Machado <luis.machado@linaro.org>
Cc: Omair Javaid <omair.javaid@linaro.org>
---
Notes:
v4:
- Following the change to only clear the tags in a page if it is mapped
to user with PROT_MTE, ptrace() now will refuse to access tags in
pages not previously mapped with PROT_MTE (PG_mte_tagged set). This is
primarily to avoid leaking uninitialised tags to user via ptrace().
- Fix SYM_FUNC_END argument typo.
- Rename MTE_ALLOC_* to MTE_GRANULE_*.
- Use uao_user_alternative for the user access in case we ever want to
call mte_copy_tags_* with a kernel buffer. It also matches the other
uaccess routines in the kernel.
- Simplify arch_ptrace() slightly.
- Reorder down_write_killable() with access_ok() in
__access_remote_tags().
- Handle copy length 0 in mte_copy_tags_{to,from}_user().
- Use put_user() instead of __put_user().
New in v3.
arch/arm64/include/asm/mte.h | 17 ++++
arch/arm64/include/uapi/asm/ptrace.h | 3 +
arch/arm64/kernel/mte.c | 139 +++++++++++++++++++++++++++
arch/arm64/kernel/ptrace.c | 7 ++
arch/arm64/lib/mte.S | 53 ++++++++++
5 files changed, 219 insertions(+)
diff --git a/arch/arm64/include/asm/mte.h b/arch/arm64/include/asm/mte.h
index 7435f6619bf1..9d4b1390d07d 100644
--- a/arch/arm64/include/asm/mte.h
+++ b/arch/arm64/include/asm/mte.h
@@ -5,6 +5,11 @@
#ifndef __ASM_MTE_H
#define __ASM_MTE_H
+#define MTE_GRANULE_SIZE UL(16)
+#define MTE_GRANULE_MASK (~(MTE_GRANULE_SIZE - 1))
+#define MTE_TAG_SHIFT 56
+#define MTE_TAG_SIZE 4
+
#ifndef __ASSEMBLY__
#include <linux/page-flags.h>
@@ -12,6 +17,10 @@
#include <asm/pgtable-types.h>
void mte_clear_page_tags(void *addr, size_t size);
+unsigned long mte_copy_tags_from_user(void *to, const void __user *from,
+ unsigned long n);
+unsigned long mte_copy_tags_to_user(void __user *to, void *from,
+ unsigned long n);
#ifdef CONFIG_ARM64_MTE
@@ -25,6 +34,8 @@ void mte_thread_switch(struct task_struct *next);
void mte_suspend_exit(void);
long set_mte_ctrl(unsigned long arg);
long get_mte_ctrl(void);
+int mte_ptrace_copy_tags(struct task_struct *child, long request,
+ unsigned long addr, unsigned long data);
#else
@@ -54,6 +65,12 @@ static inline long get_mte_ctrl(void)
{
return 0;
}
+static inline int mte_ptrace_copy_tags(struct task_struct *child,
+ long request, unsigned long addr,
+ unsigned long data)
+{
+ return -EIO;
+}
#endif
diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index 1daf6dda8af0..cd2a4a164de3 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -67,6 +67,9 @@
/* syscall emulation path in ptrace */
#define PTRACE_SYSEMU 31
#define PTRACE_SYSEMU_SINGLESTEP 32
+/* MTE allocation tag access */
+#define PTRACE_PEEKMTETAGS 33
+#define PTRACE_POKEMTETAGS 34
#ifndef __ASSEMBLY__
diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
index cda09bc8caf4..6abd6a16a145 100644
--- a/arch/arm64/kernel/mte.c
+++ b/arch/arm64/kernel/mte.c
@@ -4,14 +4,18 @@
*/
#include <linux/bitops.h>
+#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/prctl.h>
#include <linux/sched.h>
+#include <linux/sched/mm.h>
#include <linux/string.h>
#include <linux/thread_info.h>
+#include <linux/uio.h>
#include <asm/cpufeature.h>
#include <asm/mte.h>
+#include <asm/ptrace.h>
#include <asm/sysreg.h>
void mte_sync_tags(pte_t *ptep, pte_t pte)
@@ -173,3 +177,138 @@ long get_mte_ctrl(void)
return ret;
}
+
+/*
+ * Access MTE tags in another process' address space as given in mm. Update
+ * the number of tags copied. Return 0 if any tags copied, error otherwise.
+ * Inspired by __access_remote_vm().
+ */
+static int __access_remote_tags(struct task_struct *tsk, struct mm_struct *mm,
+ unsigned long addr, struct iovec *kiov,
+ unsigned int gup_flags)
+{
+ struct vm_area_struct *vma;
+ void __user *buf = kiov->iov_base;
+ size_t len = kiov->iov_len;
+ int ret;
+ int write = gup_flags & FOLL_WRITE;
+
+ if (!access_ok(buf, len))
+ return -EFAULT;
+
+ if (down_read_killable(&mm->mmap_sem))
+ return -EIO;
+
+ while (len) {
+ unsigned long tags, offset;
+ void *maddr;
+ struct page *page = NULL;
+
+ ret = get_user_pages_remote(tsk, mm, addr, 1, gup_flags,
+ &page, &vma, NULL);
+ if (ret <= 0)
+ break;
+
+ /*
+ * Only copy tags if the page has been mapped as PROT_MTE
+ * (PG_mte_tagged set). Otherwise the tags are not valid and
+ * not accessible to user. Moreover, an mprotect(PROT_MTE)
+ * would cause the existing tags to be cleared if the page
+ * was never mapped with PROT_MTE.
+ */
+ if (!test_bit(PG_mte_tagged, &page->flags)) {
+ ret = -EOPNOTSUPP;
+ put_page(page);
+ break;
+ }
+
+ /* limit access to the end of the page */
+ offset = offset_in_page(addr);
+ tags = min(len, (PAGE_SIZE - offset) / MTE_GRANULE_SIZE);
+
+ maddr = page_address(page);
+ if (write) {
+ tags = mte_copy_tags_from_user(maddr + offset, buf, tags);
+ set_page_dirty_lock(page);
+ } else {
+ tags = mte_copy_tags_to_user(buf, maddr + offset, tags);
+ }
+ put_page(page);
+
+ /* error accessing the tracer's buffer */
+ if (!tags)
+ break;
+
+ len -= tags;
+ buf += tags;
+ addr += tags * MTE_GRANULE_SIZE;
+ }
+ up_read(&mm->mmap_sem);
+
+ /* return an error if no tags copied */
+ kiov->iov_len = buf - kiov->iov_base;
+ if (!kiov->iov_len) {
+ /* check for error accessing the tracee's address space */
+ if (ret <= 0)
+ return -EIO;
+ else
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+/*
+ * Copy MTE tags in another process' address space at 'addr' to/from tracer's
+ * iovec buffer. Return 0 on success. Inspired by ptrace_access_vm().
+ */
+static int access_remote_tags(struct task_struct *tsk, unsigned long addr,
+ struct iovec *kiov, unsigned int gup_flags)
+{
+ struct mm_struct *mm;
+ int ret;
+
+ mm = get_task_mm(tsk);
+ if (!mm)
+ return -EPERM;
+
+ if (!tsk->ptrace || (current != tsk->parent) ||
+ ((get_dumpable(mm) != SUID_DUMP_USER) &&
+ !ptracer_capable(tsk, mm->user_ns))) {
+ mmput(mm);
+ return -EPERM;
+ }
+
+ ret = __access_remote_tags(tsk, mm, addr, kiov, gup_flags);
+ mmput(mm);
+
+ return ret;
+}
+
+int mte_ptrace_copy_tags(struct task_struct *child, long request,
+ unsigned long addr, unsigned long data)
+{
+ int ret;
+ struct iovec kiov;
+ struct iovec __user *uiov = (void __user *)data;
+ unsigned int gup_flags = FOLL_FORCE;
+
+ if (!system_supports_mte())
+ return -EIO;
+
+ if (get_user(kiov.iov_base, &uiov->iov_base) ||
+ get_user(kiov.iov_len, &uiov->iov_len))
+ return -EFAULT;
+
+ if (request == PTRACE_POKEMTETAGS)
+ gup_flags |= FOLL_WRITE;
+
+ /* align addr to the MTE tag granule */
+ addr &= MTE_GRANULE_MASK;
+
+ ret = access_remote_tags(child, addr, &kiov, gup_flags);
+ if (!ret)
+ ret = put_user(kiov.iov_len, &uiov->iov_len);
+
+ return ret;
+}
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 077e352495eb..c8bda5f5b321 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -34,6 +34,7 @@
#include <asm/cpufeature.h>
#include <asm/debug-monitors.h>
#include <asm/fpsimd.h>
+#include <asm/mte.h>
#include <asm/pgtable.h>
#include <asm/pointer_auth.h>
#include <asm/stacktrace.h>
@@ -1797,6 +1798,12 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
+ switch (request) {
+ case PTRACE_PEEKMTETAGS:
+ case PTRACE_POKEMTETAGS:
+ return mte_ptrace_copy_tags(child, request, addr, data);
+ }
+
return ptrace_request(child, request, addr, data);
}
diff --git a/arch/arm64/lib/mte.S b/arch/arm64/lib/mte.S
index a531b52fa5ba..862655a36013 100644
--- a/arch/arm64/lib/mte.S
+++ b/arch/arm64/lib/mte.S
@@ -4,7 +4,9 @@
*/
#include <linux/linkage.h>
+#include <asm/alternative.h>
#include <asm/assembler.h>
+#include <asm/mte.h>
#include <asm/page.h>
.arch armv8.5-a+memtag
@@ -40,3 +42,54 @@ SYM_FUNC_START(mte_copy_page_tags)
b.ne 1b
2:
SYM_FUNC_END(mte_copy_page_tags)
+
+/*
+ * Read tags from a user buffer (one tag per byte) and set the corresponding
+ * tags at the given kernel address. Used by PTRACE_POKEMTETAGS.
+ * x0 - kernel address (to)
+ * x1 - user buffer (from)
+ * x2 - number of tags/bytes (n)
+ * Returns:
+ * x0 - number of tags read/set
+ */
+SYM_FUNC_START(mte_copy_tags_from_user)
+ mov x3, x1
+ cbz x2, 2f
+1:
+ uao_user_alternative 2f, ldrb, ldtrb, w4, x1, 0
+ lsl x4, x4, #MTE_TAG_SHIFT
+ stg x4, [x0], #MTE_GRANULE_SIZE
+ add x1, x1, #1
+ subs x2, x2, #1
+ b.ne 1b
+
+ // exception handling and function return
+2: sub x0, x1, x3 // update the number of tags set
+ ret
+SYM_FUNC_END(mte_copy_tags_from_user)
+
+/*
+ * Get the tags from a kernel address range and write the tag values to the
+ * given user buffer (one tag per byte). Used by PTRACE_PEEKMTETAGS.
+ * x0 - user buffer (to)
+ * x1 - kernel address (from)
+ * x2 - number of tags/bytes (n)
+ * Returns:
+ * x0 - number of tags read/set
+ */
+SYM_FUNC_START(mte_copy_tags_to_user)
+ mov x3, x0
+ cbz x2, 2f
+1:
+ ldg x4, [x1]
+ ubfx x4, x4, #MTE_TAG_SHIFT, #MTE_TAG_SIZE
+ uao_user_alternative 2f, strb, sttrb, w4, x0, 0
+ add x0, x0, #1
+ add x1, x1, #MTE_GRANULE_SIZE
+ subs x2, x2, #1
+ b.ne 1b
+
+ // exception handling and function return
+2: sub x0, x0, x3 // update the number of tags copied
+ ret
+SYM_FUNC_END(mte_copy_tags_to_user)
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-15 17:16 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 17:15 [PATCH v4 00/26] arm64: Memory Tagging Extension user-space support Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 01/26] arm64: mte: system register definitions Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 02/26] arm64: mte: CPU feature detection and initial sysreg configuration Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 03/26] arm64: mte: Use Normal Tagged attributes for the linear map Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 04/26] arm64: mte: Add specific SIGSEGV codes Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 05/26] arm64: mte: Handle synchronous and asynchronous tag check faults Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 06/26] mm: Add PG_ARCH_2 page flag Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 07/26] arm64: mte: Clear the tags when a page is mapped in user-space with PROT_MTE Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 08/26] arm64: mte: Tags-aware copy_page() implementation Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 09/26] arm64: mte: Tags-aware aware memcmp_pages() implementation Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 10/26] mm: Introduce arch_calc_vm_flag_bits() Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 11/26] arm64: mte: Add PROT_MTE support to mmap() and mprotect() Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-27 18:57 ` Peter Collingbourne
2020-05-27 18:57 ` Peter Collingbourne
2020-05-27 18:57 ` Peter Collingbourne
2020-05-27 18:57 ` Peter Collingbourne
2020-05-28 9:14 ` Catalin Marinas
2020-05-28 9:14 ` Catalin Marinas
2020-05-28 11:05 ` Szabolcs Nagy
2020-05-28 11:05 ` Szabolcs Nagy
2020-05-28 11:05 ` Szabolcs Nagy
2020-05-28 16:34 ` Catalin Marinas
2020-05-28 16:34 ` Catalin Marinas
2020-05-28 18:35 ` Evgenii Stepanov
2020-05-28 18:35 ` Evgenii Stepanov
2020-05-29 11:19 ` Catalin Marinas
2020-05-29 11:19 ` Catalin Marinas
2020-06-01 8:55 ` Dave Martin
2020-06-01 8:55 ` Dave Martin
2020-06-01 14:45 ` Catalin Marinas
2020-06-01 14:45 ` Catalin Marinas
2020-06-01 15:04 ` Dave Martin
2020-06-01 15:04 ` Dave Martin
2020-05-15 17:15 ` [PATCH v4 12/26] mm: Introduce arch_validate_flags() Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:15 ` [PATCH v4 13/26] arm64: mte: Validate the PROT_MTE request via arch_validate_flags() Catalin Marinas
2020-05-15 17:15 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 14/26] mm: Allow arm64 mmap(PROT_MTE) on RAM-based files Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 15/26] arm64: mte: Allow user control of the tag check mode via prctl() Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-27 7:46 ` Will Deacon
2020-05-27 7:46 ` Will Deacon
2020-05-27 8:32 ` Dave Martin
2020-05-27 8:32 ` Dave Martin
2020-05-27 8:48 ` Will Deacon
2020-05-27 8:48 ` Will Deacon
2020-05-27 11:16 ` Catalin Marinas
2020-05-27 11:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 16/26] arm64: mte: Allow user control of the generated random tags " Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 17/26] arm64: mte: Restore the GCR_EL1 register after a suspend Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas [this message]
2020-05-15 17:16 ` [PATCH v4 18/26] arm64: mte: Add PTRACE_{PEEK,POKE}MTETAGS support Catalin Marinas
2020-05-29 21:25 ` Luis Machado
2020-05-29 21:25 ` Luis Machado
2020-06-01 12:07 ` Catalin Marinas
2020-06-01 12:07 ` Catalin Marinas
2020-06-01 15:17 ` Luis Machado
2020-06-01 15:17 ` Luis Machado
2020-06-01 16:33 ` Catalin Marinas
2020-06-01 16:33 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 19/26] fs: Handle intra-page faults in copy_mount_options() Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 20/26] mm: Add arch hooks for saving/restoring tags Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 21/26] arm64: mte: Enable swap of tagged pages Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 22/26] arm64: mte: Save tags when hibernating Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 23/26] arm64: mte: Check the DT memory nodes for MTE support Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 24/26] arm64: mte: Introduce early param to disable " Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-18 11:26 ` Vladimir Murzin
2020-05-18 11:26 ` Vladimir Murzin
2020-05-18 11:31 ` Will Deacon
2020-05-18 11:31 ` Will Deacon
2020-05-18 17:20 ` Catalin Marinas
2020-05-18 17:20 ` Catalin Marinas
2020-05-22 5:57 ` Patrick Daly
2020-05-22 5:57 ` Patrick Daly
2020-05-22 10:37 ` Catalin Marinas
2020-05-22 10:37 ` Catalin Marinas
2020-05-27 2:11 ` Patrick Daly
2020-05-27 2:11 ` Patrick Daly
2020-05-27 2:11 ` Patrick Daly
2020-05-27 9:55 ` Will Deacon
2020-05-27 9:55 ` Will Deacon
2020-05-27 10:37 ` Szabolcs Nagy
2020-05-27 10:37 ` Szabolcs Nagy
2020-05-27 11:12 ` Catalin Marinas
2020-05-27 11:12 ` Catalin Marinas
2020-05-19 16:14 ` Catalin Marinas
2020-05-19 16:14 ` Catalin Marinas
2021-01-21 19:37 ` Andrey Konovalov
2021-01-21 19:37 ` Andrey Konovalov
2021-01-21 19:37 ` Andrey Konovalov
2021-01-22 2:03 ` Andrey Konovalov
2021-01-22 2:03 ` Andrey Konovalov
2021-01-22 2:03 ` Andrey Konovalov
2021-01-22 14:41 ` Catalin Marinas
2021-01-22 14:41 ` Catalin Marinas
2021-01-22 17:28 ` Andrey Konovalov
2021-01-22 17:28 ` Andrey Konovalov
2021-01-22 17:28 ` Andrey Konovalov
2020-05-15 17:16 ` [PATCH v4 25/26] arm64: mte: Kconfig entry Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
2020-05-15 17:16 ` [PATCH v4 26/26] arm64: mte: Add Memory Tagging Extension documentation Catalin Marinas
2020-05-15 17:16 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200515171612.1020-19-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=Alan.Hayward@arm.com \
--cc=Dave.Martin@arm.com \
--cc=andreyknvl@google.com \
--cc=kevin.brodsky@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mm@kvack.org \
--cc=luis.machado@linaro.org \
--cc=omair.javaid@linaro.org \
--cc=pcc@google.com \
--cc=szabolcs.nagy@arm.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.