From: Christoph Hellwig <hch@lst.de>
To: Mark Rutland <mark.rutland@arm.com>
Cc: catalin.marinas@arm.com, robin.murphy@arm.com,
james.morse@arm.com, will@kernel.org, hch@lst.de,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 00/13] arm64: remove set_fs() and friends
Date: Mon, 28 Sep 2020 09:23:15 +0200 [thread overview]
Message-ID: <20200928072315.GA16416@lst.de> (raw)
In-Reply-To: <20200928071601.GA16212@lst.de>
On Mon, Sep 28, 2020 at 09:16:01AM +0200, Christoph Hellwig wrote:
> On Fri, Sep 25, 2020 at 05:07:09PM +0100, Mark Rutland wrote:
> > This series removes set_fs() from arm64, building atop the core rework
> > done by Christophe. The series can be found in my arm64/set_fs-removal
> > branch [2].
> >
> > The bulk of the rework is to address the way we manipulate PAN and UAO,
> > which is largely rendered redundant.
> >
> > The kernel maccess routines (__{get,put}_kernel_nofault) are trivial
> > wrappers which share code with the uaccess routines, so I expect these
> > should just work, but they'll need testing in-context, especially where
> > they're wrapped by the gerneric copy routines.
> >
> > So far this has seen some very basic boot testing. I intend to throw
> > Syzkaller and LTP at this soon.
>
> I'm not a an arm64 experts, but this looks reasonable to me.
>
> Also can't we remove all the remaining UAO handling as in the patch
> below or did I totally misunderstood how uaccess works for arm64?
Actually the patch was incomplete, here is the full one:
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 6d232837cbeee8..dd3c8f8a34dae2 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1434,27 +1434,6 @@ endmenu
menu "ARMv8.2 architectural features"
-config ARM64_UAO
- bool "Enable support for User Access Override (UAO)"
- default y
- help
- User Access Override (UAO; part of the ARMv8.2 Extensions)
- causes the 'unprivileged' variant of the load/store instructions to
- be overridden to be privileged.
-
- This option changes get_user() and friends to use the 'unprivileged'
- variant of the load/store instructions. This ensures that user-space
- really did have access to the supplied memory. When addr_limit is
- set to kernel memory the UAO bit will be set, allowing privileged
- access to kernel memory.
-
- Choosing this option will cause copy_to_user() et al to use user-space
- memory permissions.
-
- The feature is detected at runtime, the kernel will use the
- regular load/store instructions if the cpu does not implement the
- feature.
-
config ARM64_PMEM
bool "Enable support for persistent memory"
select ARCH_HAS_PMEM_API
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index ef2d5a90e1815f..1c16e43f035a7a 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -29,7 +29,6 @@
static inline void init_hw_uaccess_state(void)
{
asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), ARM64_HAS_PAN));
- asm(ALTERNATIVE("nop", SET_PSTATE_UAO(0), ARM64_HAS_UAO));
}
/*
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 9ca8144f1e6a45..c460cd15dc49b3 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -153,9 +153,6 @@ EXPORT_SYMBOL(cpu_hwcap_keys);
}
/* meta feature for alternatives */
-static bool __maybe_unused
-cpufeature_pan_not_uao(const struct arm64_cpu_capabilities *entry, int __unused);
-
static void cpu_enable_cnp(struct arm64_cpu_capabilities const *cap);
static bool __system_matches_cap(unsigned int n);
@@ -1763,17 +1760,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.type = ARM64_CPUCAP_WEAK_LOCAL_CPU_FEATURE,
.matches = has_no_hw_prefetch,
},
-#ifdef CONFIG_ARM64_UAO
- {
- .desc = "User Access Override",
- .capability = ARM64_HAS_UAO,
- .type = ARM64_CPUCAP_SYSTEM_FEATURE,
- .matches = has_cpuid_feature,
- .sys_reg = SYS_ID_AA64MMFR2_EL1,
- .field_pos = ID_AA64MMFR2_UAO_SHIFT,
- .min_field_value = 1,
- },
-#endif /* CONFIG_ARM64_UAO */
#ifdef CONFIG_ARM64_VHE
{
.desc = "Virtualization Host Extensions",
@@ -2701,12 +2687,6 @@ void __init setup_cpu_features(void)
ARCH_DMA_MINALIGN);
}
-static bool __maybe_unused
-cpufeature_pan_not_uao(const struct arm64_cpu_capabilities *entry, int __unused)
-{
- return (__system_matches_cap(ARM64_HAS_PAN) && !__system_matches_cap(ARM64_HAS_UAO));
-}
-
static void __maybe_unused cpu_enable_cnp(struct arm64_cpu_capabilities const *cap)
{
cpu_replace_ttbr1(lm_alias(swapper_pg_dir));
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 6ec12f4cb546f4..f223d27d991b3c 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -239,7 +239,7 @@ static void print_pstate(struct pt_regs *regs)
const char *btype_str = btypes[(pstate & PSR_BTYPE_MASK) >>
PSR_BTYPE_SHIFT];
- printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN %cUAO BTYPE=%s)\n",
+ printk("pstate: %08llx (%c%c%c%c %c%c%c%c %cPAN BTYPE=%s)\n",
pstate,
pstate & PSR_N_BIT ? 'N' : 'n',
pstate & PSR_Z_BIT ? 'Z' : 'z',
@@ -250,7 +250,6 @@ static void print_pstate(struct pt_regs *regs)
pstate & PSR_I_BIT ? 'I' : 'i',
pstate & PSR_F_BIT ? 'F' : 'f',
pstate & PSR_PAN_BIT ? '+' : '-',
- pstate & PSR_UAO_BIT ? '+' : '-',
btype_str);
}
}
@@ -417,10 +416,6 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start,
} else {
memset(childregs, 0, sizeof(struct pt_regs));
childregs->pstate = PSR_MODE_EL1h;
- if (IS_ENABLED(CONFIG_ARM64_UAO) &&
- cpus_have_const_cap(ARM64_HAS_UAO))
- childregs->pstate |= PSR_UAO_BIT;
-
if (arm64_get_ssbd_state() == ARM64_SSBD_FORCE_DISABLE)
set_ssbs_bit(childregs);
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-09-28 7:24 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-25 16:07 [PATCH 00/13] arm64: remove set_fs() and friends Mark Rutland
2020-09-25 16:07 ` [PATCH 01/13] arm64: head.S: rename el2_setup -> init_kernel_el Mark Rutland
2020-09-25 16:07 ` [PATCH 02/13] arm64: head.S: cleanup SCTLR_ELx initialization Mark Rutland
2020-09-25 16:07 ` [PATCH 03/13] arm64: head.S: always initialize PSTATE Mark Rutland
2020-09-30 16:09 ` James Morse
2020-10-01 11:01 ` Mark Rutland
2020-09-25 16:07 ` [PATCH 04/13] arm64: sdei: move uaccess logic to arch/arm64/ Mark Rutland
2020-09-25 16:07 ` [PATCH 05/13] arm64: uaccess: move uao_* alternatives to asm-uaccess.h Mark Rutland
2020-09-25 16:07 ` [PATCH 06/13] arm64: uaccess: rename privileged uaccess routines Mark Rutland
2020-09-25 16:07 ` [PATCH 07/13] arm64: uaccess: simplify __copy_user_flushcache() Mark Rutland
2020-09-25 16:07 ` [PATCH 08/13] arm64: uaccess: refactor __{get,put}_user Mark Rutland
2020-09-25 16:07 ` [PATCH 09/13] arm64: uaccess: split user/kernel routines Mark Rutland
2020-09-25 16:07 ` [PATCH 10/13] arm64: uaccess cleanup macro naming Mark Rutland
2020-09-25 16:07 ` [PATCH 11/13] arm64: uaccess: remove set_fs() Mark Rutland
2020-09-28 7:04 ` Christoph Hellwig
2020-09-28 9:02 ` Mark Rutland
2020-09-28 15:29 ` Mark Rutland
2020-09-25 16:07 ` [PATCH 12/13] arm64: uaccess: remove addr_limit_user_check() Mark Rutland
2020-09-28 7:05 ` Christoph Hellwig
2020-09-28 9:06 ` Mark Rutland
2020-09-25 16:07 ` [PATCH 13/13] arm64: uaccess: remove redundant PAN toggling Mark Rutland
2020-09-28 7:16 ` [PATCH 00/13] arm64: remove set_fs() and friends Christoph Hellwig
2020-09-28 7:23 ` Christoph Hellwig [this message]
2020-09-28 9:18 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200928072315.GA16416@lst.de \
--to=hch@lst.de \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).