From patchwork Thu Feb 6 11:38:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 862762 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAEB8228CA2; Thu, 6 Feb 2025 11:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842018; cv=none; b=MXVLdaEazqeDxSihJ3bvc6XWWD/VQnh61YmB1p1Xp47CW5UirktG0UG6s7k1tiX5xa4XnhNTJl8o8V7GZDdkNH2WOs77JXDHP4/+oMqGfXmypuTaPQbpIBfpqZG61npcw2gb4g194nb/a3nW5gSHG9bHrNoMhYyLSVXQC2Cz/gM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842018; c=relaxed/simple; bh=DlNOYnxspap0qJgmVc/Gm5yAn5fxbHqq9onb8IXtjac=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=YtVUtHaV7xbsbM9VlH93wCv8AM30+ZRHHqXaFDFhTAFb8tnw+6hcLg7+9nFArujT/voisSCUp8sPljr01890/WYMZcLavVY3lDbFDxqIgu+S2jzk97buuMzfe9rnwZh9sPuPFdwjO5kYIcd3czUKOQNjbe/fkS1i0Qaox7AzbUc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Dgxi0nIw; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Dgxi0nIw" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8143EC4CEE6; Thu, 6 Feb 2025 11:40:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738842017; bh=DlNOYnxspap0qJgmVc/Gm5yAn5fxbHqq9onb8IXtjac=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=Dgxi0nIwDdKrVkQofEEMxMlscerl5Nw6DPXyOwRRJuBy/nDPNnqqQxM0sLclTC9+r gCEEQHDHDwMB6TLNTVFfOySFgDlff1Uwjc4GvW10oEc/ErirLOs9yqBXmBks0WMRVf qbAcPotNiic38h4a/buIfXd3vWXt05qfhRZbm+DmUX0zurLRrhHzp+2D645xdwdmvt iI9N2wAuo+vsMpjaR08Sid90pybFh5AbnmhZa8xR6jsa31dquNZGTTZZOYg2E9Cldq mdoWkje2mn1yKEbpkHQahWX+Xmre+Oe30qC7lO9oHn+PzSS+P+CNz3/X/+XFda0Mcx uLMsvOigN/Lzw== From: Mark Brown Date: Thu, 06 Feb 2025 11:38:03 +0000 Subject: [PATCH RFT v14 1/8] arm64/gcs: Return a success value from gcs_alloc_thread_stack() Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250206-clone3-shadow-stack-v14-1-805b53af73b9@kernel.org> References: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> In-Reply-To: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> To: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Christian Brauner , Shuah Khan Cc: linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , jannh@google.com, bsegall@google.com, Yury Khrustalev , Wilco Dijkstra , linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org, Mark Brown , Kees Cook X-Mailer: b4 0.15-dev-1b0d6 X-Developer-Signature: v=1; a=openpgp-sha256; l=3931; i=broonie@kernel.org; h=from:subject:message-id; bh=DlNOYnxspap0qJgmVc/Gm5yAn5fxbHqq9onb8IXtjac=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnpJ+OQvnyT0+rhQer5acV2/sCH1Pqlw7zB3Ip1695 PKG7w+iJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ6SfjgAKCRAk1otyXVSH0KSKB/ 9sobupBvBfI999rxOHq6tTLahomeXanOvhTzdw4gSh/sB6fuvkKpJMWd+jUR3C6GAiOUjpkKOoLbjE Unywjx8DzIxE/UGAzt1muyCgt2SeMLtQq5PK3QMxGWjxpcC0/jeePol5GGMrnrJVfR9tgJH5SF2g9M 5+GORuAedV51e40Wi0l3Hv+irACfpR+CLYRmS6g8bGBT079TuXunFUjDKjozJNr75JFNXSmkearAgi VmOw9VCDWV2fUtespMpnhfHBGa8xJt2BTxjyEYfAlh+IS6K7zn/eUMws8Tw26mUg/oxM7/56+AThUF yGcTqpY4DvMWMkYctHTNTX0ix7zGlf X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB Currently as a result of templating from x86 code gcs_alloc_thread_stack() returns a pointer as an unsigned int however on arm64 we don't actually use this pointer value as anything other than a pass/fail flag. Simplify the interface to just return an int with 0 on success and a negative error code on failure. Acked-by: Deepak Gupta Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- arch/arm64/include/asm/gcs.h | 8 ++++---- arch/arm64/kernel/process.c | 8 ++++---- arch/arm64/mm/gcs.c | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/arch/arm64/include/asm/gcs.h b/arch/arm64/include/asm/gcs.h index f50660603ecf5dc09a92740062df3a089b02b219..d8923b5f03b776252aca76ce316ef57399d71fa9 100644 --- a/arch/arm64/include/asm/gcs.h +++ b/arch/arm64/include/asm/gcs.h @@ -64,8 +64,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) void gcs_set_el0_mode(struct task_struct *task); void gcs_free(struct task_struct *task); void gcs_preserve_current_state(void); -unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, - const struct kernel_clone_args *args); +int gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args); static inline int gcs_check_locked(struct task_struct *task, unsigned long new_val) @@ -91,8 +91,8 @@ static inline bool task_gcs_el0_enabled(struct task_struct *task) static inline void gcs_set_el0_mode(struct task_struct *task) { } static inline void gcs_free(struct task_struct *task) { } static inline void gcs_preserve_current_state(void) { } -static inline unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, - const struct kernel_clone_args *args) +static inline int gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) { return -ENOTSUPP; } diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index 42faebb7b712328a8bebd25c47b01f09daae3861..45130ea7ea6e8090f09297a32fa71fe86e6532b9 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -297,7 +297,7 @@ static void flush_gcs(void) static int copy_thread_gcs(struct task_struct *p, const struct kernel_clone_args *args) { - unsigned long gcs; + int ret; if (!system_supports_gcs()) return 0; @@ -305,9 +305,9 @@ static int copy_thread_gcs(struct task_struct *p, p->thread.gcs_base = 0; p->thread.gcs_size = 0; - gcs = gcs_alloc_thread_stack(p, args); - if (IS_ERR_VALUE(gcs)) - return PTR_ERR((void *)gcs); + ret = gcs_alloc_thread_stack(p, args); + if (ret != 0) + return ret; p->thread.gcs_el0_mode = current->thread.gcs_el0_mode; p->thread.gcs_el0_locked = current->thread.gcs_el0_locked; diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c index 5c46ec527b1cdaa8f52cff445d70ba0f8509d086..1f633a482558b59aac5427963d42b37fce08c8a6 100644 --- a/arch/arm64/mm/gcs.c +++ b/arch/arm64/mm/gcs.c @@ -38,8 +38,8 @@ static unsigned long gcs_size(unsigned long size) return max(PAGE_SIZE, size); } -unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, - const struct kernel_clone_args *args) +int gcs_alloc_thread_stack(struct task_struct *tsk, + const struct kernel_clone_args *args) { unsigned long addr, size; @@ -59,13 +59,13 @@ unsigned long gcs_alloc_thread_stack(struct task_struct *tsk, size = gcs_size(size); addr = alloc_gcs(0, size); if (IS_ERR_VALUE(addr)) - return addr; + return PTR_ERR((void *)addr); tsk->thread.gcs_base = addr; tsk->thread.gcs_size = size; tsk->thread.gcspr_el0 = addr + size - sizeof(u64); - return addr; + return 0; } SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags) From patchwork Thu Feb 6 11:38:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 862761 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1A9E22B8AA; Thu, 6 Feb 2025 11:40:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842030; cv=none; b=FQCFKyG+lTnjA9qjFvciv1LLzuu5+fQjy4B2s3BMdaFE8d4pGWc/NuIHBzkUhiEy6jnw75Mkh7Bt2+dGOovtKS95btLkQcxedf0VYRDV/lbR+0JtdecV6CuEWhRpBM40pi2eEdHJv7AclFssJCQcxnfpynLdAK+LPQMwoulvFEQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842030; c=relaxed/simple; bh=fQK5XH8C8GoDpDyxe5Zvny2D7xuRYfaorJvH/8wiZ5g=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=r260TdGMu9Q84EgUszc64IOkwutznf3V9DZroO6geRC2zKGWUiP42oRLTgReHGLLLpEWF6Lynjt/s44c8r2cLifCIAQZ/p6H010P3AooAKxmi8xFobNKPl7BiAFwG604OUK4ZlQGNO7Pf0r75OpWx/E4842YojEjXDTY+uCezvY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fGTIayha; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fGTIayha" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D2C65C4CEE4; Thu, 6 Feb 2025 11:40:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738842029; bh=fQK5XH8C8GoDpDyxe5Zvny2D7xuRYfaorJvH/8wiZ5g=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=fGTIayhao0+pUbBJdwS0p7TJ6r8RHZzKLUUynu9KhQ4DuuXgR14mpBIvA4rF0aQ3+ /7X8J9Ga/BCsAIJ6ZnBte4uvu4Tc1MivvlZkqwDQGMYL3QDgoQY4uyg1Bh3rE+i968 bMR1fQ+oj08xY6zzJJPEnAXbyQQqIgZqv7Ec0YL7b9CIId41tDAokuKdb/RI7+BVoX Xqd7th5vJiJJxFffwYIeymMa/46ekb0aSHt15gRbL481R9Gd+/K+SyJdPEVgnJKAXW AGfCDiSq940HPXmeGsQYlZlFMJc7RL02KlElWJHRU4mvyvQY+L2pJ+s7rKUkjFjYf7 afopt4ODP5YWQ== From: Mark Brown Date: Thu, 06 Feb 2025 11:38:05 +0000 Subject: [PATCH RFT v14 3/8] selftests: Provide helper header for shadow stack testing Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250206-clone3-shadow-stack-v14-3-805b53af73b9@kernel.org> References: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> In-Reply-To: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> To: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Christian Brauner , Shuah Khan Cc: linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , jannh@google.com, bsegall@google.com, Yury Khrustalev , Wilco Dijkstra , linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org, Mark Brown , Kees Cook , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-1b0d6 X-Developer-Signature: v=1; a=openpgp-sha256; l=4385; i=broonie@kernel.org; h=from:subject:message-id; bh=fQK5XH8C8GoDpDyxe5Zvny2D7xuRYfaorJvH/8wiZ5g=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnpJ+QqLzkhMk9wJVDSdypTpZJiYNDyxZAPD2Vu5qu AwrqWl6JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ6SfkAAKCRAk1otyXVSH0Hr0B/ sFYerhT/fkohPBpkFRsLBB6nxSmT55jUny8/5FrB1EobVG42lsu/+69aDl9feDQ24pEiorfMvdT5tD NGnc2iFYCmLyiE/pSQ9kshZCmePKi7s1dYxA1JghItymqNfIhmMrFLhVp2CGj12aXqH14Fipmh8tKS 4dgrdK/u9Axa3WpecRbXWDW1oTg7ZWK6fQJIYL7ycrwy9B6akgLUS8rzbZsRv1WkouGD5hhApBdViQ zogQDGC9RrNydH2WOVjBxi6Otl/pAl4fXfxpk5AlVpfbMydUCE3W1vJt8mJMNqcpuTe+60S7AEMjH4 2tTIssmDuyzKMKmsayTmvbp1MvKMdO X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB While almost all users of shadow stacks should be relying on the dynamic linker and libc to enable the feature there are several low level test programs where it is useful to enable without any libc support, allowing testing without full system enablement. This low level testing is helpful during bringup of the support itself, and also in enabling coverage by automated testing without needing all system components in the target root filesystems to have enablement. Provide a header with helpers for this purpose, intended for use only by test programs directly exercising shadow stack interfaces. Reviewed-by: Rick Edgecombe Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Signed-off-by: Mark Brown --- tools/testing/selftests/ksft_shstk.h | 98 ++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/tools/testing/selftests/ksft_shstk.h b/tools/testing/selftests/ksft_shstk.h new file mode 100644 index 0000000000000000000000000000000000000000..fecf91218ea51edd30c220d4d94e5814e2d69c9e --- /dev/null +++ b/tools/testing/selftests/ksft_shstk.h @@ -0,0 +1,98 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Helpers for shadow stack enablement, this is intended to only be + * used by low level test programs directly exercising interfaces for + * working with shadow stacks. + * + * Copyright (C) 2024 ARM Ltd. + */ + +#ifndef __KSFT_SHSTK_H +#define __KSFT_SHSTK_H + +#include + +/* This is currently only defined for x86 */ +#ifndef SHADOW_STACK_SET_TOKEN +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) +#endif + +static bool shadow_stack_enabled; + +#ifdef __x86_64__ +#define ARCH_SHSTK_ENABLE 0x5001 +#define ARCH_SHSTK_SHSTK (1ULL << 0) + +#define ARCH_PRCTL(arg1, arg2) \ +({ \ + long _ret; \ + register long _num asm("eax") = __NR_arch_prctl; \ + register long _arg1 asm("rdi") = (long)(arg1); \ + register long _arg2 asm("rsi") = (long)(arg2); \ + \ + asm volatile ( \ + "syscall\n" \ + : "=a"(_ret) \ + : "r"(_arg1), "r"(_arg2), \ + "0"(_num) \ + : "rcx", "r11", "memory", "cc" \ + ); \ + _ret; \ +}) + +#define ENABLE_SHADOW_STACK +static __always_inline void enable_shadow_stack(void) +{ + int ret = ARCH_PRCTL(ARCH_SHSTK_ENABLE, ARCH_SHSTK_SHSTK); + if (ret == 0) + shadow_stack_enabled = true; +} + +#endif + +#ifdef __aarch64__ +#define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) + +#define my_syscall2(num, arg1, arg2) \ +({ \ + register long _num __asm__ ("x8") = (num); \ + register long _arg1 __asm__ ("x0") = (long)(arg1); \ + register long _arg2 __asm__ ("x1") = (long)(arg2); \ + register long _arg3 __asm__ ("x2") = 0; \ + register long _arg4 __asm__ ("x3") = 0; \ + register long _arg5 __asm__ ("x4") = 0; \ + \ + __asm__ volatile ( \ + "svc #0\n" \ + : "=r"(_arg1) \ + : "r"(_arg1), "r"(_arg2), \ + "r"(_arg3), "r"(_arg4), \ + "r"(_arg5), "r"(_num) \ + : "memory", "cc" \ + ); \ + _arg1; \ +}) + +#define ENABLE_SHADOW_STACK +static __always_inline void enable_shadow_stack(void) +{ + int ret; + + ret = my_syscall2(__NR_prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ENABLE); + if (ret == 0) + shadow_stack_enabled = true; +} + +#endif + +#ifndef __NR_map_shadow_stack +#define __NR_map_shadow_stack 453 +#endif + +#ifndef ENABLE_SHADOW_STACK +static inline void enable_shadow_stack(void) { } +#endif + +#endif From patchwork Thu Feb 6 11:38:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 862760 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0259922E401; Thu, 6 Feb 2025 11:40:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842042; cv=none; b=AKGnmSy5ord2uStptln8cCOdESXzAKrTj60e4FMEqi+he/ja1kn2aPoLAf9Dk08y54xrAW+6DQ6a1HAnU7gIM87AdRiiwS+CnX3R6CQRzVIV1U8tJoapi9q3L3+2ZNcOymtMHvdpqNxKegDP9Kj7F+aMNfHb5pXD2mSHporfQDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842042; c=relaxed/simple; bh=PnhVCE63r5J0w6Q+lF8rA/22EDQWPUEiFQtbWxOidH8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O5m+6mw6jTdFXLfTABAt+IeyS5Hc1uuE4oI3caHonho2KsSZyWwjqPFIj+scdvgBiNdT8SrRR22Ws0P0oG7iSdeSG2NKBSvc9AHPYGrouqYAOQxYjwWmSv8q5rAVuX0rtbkdbRYL/FowuxE+k/JXd+a70bW7IrwVEvj9LbqViVs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bU/VAl5Z; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bU/VAl5Z" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3D77C4CEE4; Thu, 6 Feb 2025 11:40:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738842041; bh=PnhVCE63r5J0w6Q+lF8rA/22EDQWPUEiFQtbWxOidH8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=bU/VAl5Zwm7krQlPIdYlYd3cmkHLOUDNTdJRp8x4RdkxzInIxsKafCazvacl5gFgc vWJZxlOnYd2KTeVh27Z6Zwuwk+1RYc6Bpshl76FM5HUrBsllmxI76ejxBPqjr+Lpee TplJ7K4jvX58fQIL+dBsND9tVyxT1e2xdjtBhxAKhXDmmUsgbx4RIGndn8uuC3I3uo MuD7JGv2GBy3oLRzHCpyJLNbApK8n15O0oF0767yvN2bNgQ/TirSDjt805WVuSVqoz N294Ltl9d+ObtjzFlsPzN4zpl9Xff90gcDBjgdQwBHA/4wMxpWr46BuevYphpJ31L1 jrzBvwGzgaqJg== From: Mark Brown Date: Thu, 06 Feb 2025 11:38:07 +0000 Subject: [PATCH RFT v14 5/8] selftests/clone3: Remove redundant flushes of output streams Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250206-clone3-shadow-stack-v14-5-805b53af73b9@kernel.org> References: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> In-Reply-To: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> To: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Christian Brauner , Shuah Khan Cc: linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , jannh@google.com, bsegall@google.com, Yury Khrustalev , Wilco Dijkstra , linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org, Mark Brown , Kees Cook , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-1b0d6 X-Developer-Signature: v=1; a=openpgp-sha256; l=1170; i=broonie@kernel.org; h=from:subject:message-id; bh=PnhVCE63r5J0w6Q+lF8rA/22EDQWPUEiFQtbWxOidH8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnpJ+SDt5MY/PeYn2i3MjDTGqPfut3rGjAzO4UGMQ5 rwFJFNiJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ6SfkgAKCRAk1otyXVSH0JeLB/ 0aRBuFzEuX+vu9XGmqCIolu3o5bGLCbpfX0Q8Gh1mdNKDlIX7gBe84m2oewjRlRdUbE+/m9tlb2VrV sQS0xE1j30SQeJ3Aom8EYam9Io0JfMuy0jPLkeJ5O+ctqdcGs8wzdtX7cLr+rRuE9+ouQHcG8nONKZ 1LueuNhIgNPjJWuxJ1jzYppaZHPLN2l1Sm6bpodDDpfA+XhggTDoIL4s78lW7u0cmsripxWPsRsjyj 68/lqwnzN+le1OnGM3HOKtAwvknsPrKJCspZdIpV90g4dqWDOLZd5ojphKrlVu2afzeCDLYimuyAn1 aZPZiSRfXq6XGOqC5PIGYX8VmIp2qh X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB Since there were widespread issues with output not being flushed the kselftest framework was modified to explicitly set the output streams unbuffered in commit 58e2847ad2e6 ("selftests: line buffer test program's stdout") so there is no need to explicitly flush in the clone3 tests. Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- tools/testing/selftests/clone3/clone3_selftests.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/testing/selftests/clone3/clone3_selftests.h b/tools/testing/selftests/clone3/clone3_selftests.h index 3d2663fe50ba56f011629e4f2eb68a72bcceb087..39b5dcba663c30b9fc2542d9a0d2686105ce5761 100644 --- a/tools/testing/selftests/clone3/clone3_selftests.h +++ b/tools/testing/selftests/clone3/clone3_selftests.h @@ -35,8 +35,6 @@ struct __clone_args { static pid_t sys_clone3(struct __clone_args *args, size_t size) { - fflush(stdout); - fflush(stderr); return syscall(__NR_clone3, args, size); } From patchwork Thu Feb 6 11:38:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 862759 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7D0D22ACEE; Thu, 6 Feb 2025 11:40:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842053; cv=none; b=STxhtypndhkJmdFEKEHaO4nY7HGhv5Pg0+JNGqEaPjYuRbG9Pu+q6R67BurSnbjvo3v9gRcHmq4Jx6hetWldKZJpJ71p8TBos1tk1Us/W9mSXbmBAg1Ljhl5icYtMJFaURtpyOaY/RA19hKh2juCg8FpFthm2JETbPF8UiysGzA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738842053; c=relaxed/simple; bh=3K2UKwx+vuFRYwPgSWWdw27/XxZ/PQnIsnZQ3nrGTtc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=MmFCJAu/dizcBPo3Q9lTHu+9CTWhr+DxNrfh8t3S1a6YRPXD/wabInFd0knOQKtsKzri6guZg+H9Jl5qnKq3DqNWN7J3FyjJs0HQf/Fg9Imn+33ASjcfEBcW5ISNeE14knJ3gOdM5qIkjUiC784vlooJwAPpijAAcm7HL7teONk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ThLpEZG+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ThLpEZG+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E2DB9C4CEE4; Thu, 6 Feb 2025 11:40:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1738842053; bh=3K2UKwx+vuFRYwPgSWWdw27/XxZ/PQnIsnZQ3nrGTtc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=ThLpEZG+BiXZ+UYNrvfnTie86Bm9X3kyh0RY2KT9vRgcyKhi5L2CYTZwiaCz89eRv +gF3IbAol5MDkyCUpv5/x7sLwLqQWEGQSRzT4yH9BDHGbe82rXkReMFRza0KXsUFiJ xKWwoHib+NXWGPlb62KpDU9xWrT+QOcncFj1hxED8kAixbTdhUG0+3GcwRxcNNrnFA b7EUb+DxNdYdcwvepT22mjILOT57Ls7VwSc5ljROFB+WpTsvQw2RakLMjWY2g2NiyA SSyNkRh1gZCWjiURUVNio8tqaPSqVune9Q/bk0By7ax7MMLfKuK+IFfwNevxFcjYHd IxaTzrQqL1O0Q== From: Mark Brown Date: Thu, 06 Feb 2025 11:38:09 +0000 Subject: [PATCH RFT v14 7/8] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20250206-clone3-shadow-stack-v14-7-805b53af73b9@kernel.org> References: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> In-Reply-To: <20250206-clone3-shadow-stack-v14-0-805b53af73b9@kernel.org> To: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Christian Brauner , Shuah Khan Cc: linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , jannh@google.com, bsegall@google.com, Yury Khrustalev , Wilco Dijkstra , linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org, Mark Brown , Kees Cook , Kees Cook , Shuah Khan X-Mailer: b4 0.15-dev-1b0d6 X-Developer-Signature: v=1; a=openpgp-sha256; l=2131; i=broonie@kernel.org; h=from:subject:message-id; bh=3K2UKwx+vuFRYwPgSWWdw27/XxZ/PQnIsnZQ3nrGTtc=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBnpJ+TMvo6K8pgPknB+3dXsat7K6AeWSkktTYZLcag mBySj6OJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZ6SfkwAKCRAk1otyXVSH0DGvB/ 9i4Nj7i8bjak6cLr2dDaXeGea3z5aLG6DU6i8NU5EZilFLX5/SFTVG9ssfMJc5epdZ0UuH9AFl9HO+ eWAtdS3vhz+ZAFof/F4bPialAXi+jMLDCejknkQROFidKwIF+htla3ZFiCdB3ckqDhxGVbxCzawjXR Oo3NWmVV/2CSHEmXmaqfoPXt0zDynYZ6w9DaIo2CEVJzq9/DfkcRhvdp+FllECsrpNGPTEp0ZGG8Sq 3RxnI7sAVxfP4K2FsMO39LzhBBed2EGjVsQ8xL1UEW7E4URnEH1nAi7Yd77GYD/+cDlrIYDTWeZU6N Xcn7qAoTo3sIZKqK3YeuG7DQiVM1lb X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB The clone_args structure is extensible, with the syscall passing in the length of the structure. Inside the kernel we use copy_struct_from_user() to read the struct but this has the unfortunate side effect of silently accepting some overrun in the structure size providing the extra data is all zeros. This means that we can't discover the clone3() features that the running kernel supports by simply probing with various struct sizes. We need to check this for the benefit of test systems which run newer kselftests on old kernels. Add a flag which can be set on a test to indicate that clone3() may return -E2BIG due to the use of newer struct versions. Currently no tests need this but it will become an issue for testing clone3() support for shadow stacks, the support for shadow stacks is already present on x86. Reviewed-by: Kees Cook Tested-by: Kees Cook Acked-by: Shuah Khan Reviewed-by: Catalin Marinas Signed-off-by: Mark Brown --- tools/testing/selftests/clone3/clone3.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/clone3/clone3.c b/tools/testing/selftests/clone3/clone3.c index e066b201fa64eb17c55939b7cec18ac5d109613b..5b8b7d640e70132242fc6939450669acd0c534f9 100644 --- a/tools/testing/selftests/clone3/clone3.c +++ b/tools/testing/selftests/clone3/clone3.c @@ -39,6 +39,7 @@ struct test { size_t size; size_function size_function; int expected; + bool e2big_valid; enum test_mode test_mode; filter_function filter; }; @@ -146,6 +147,11 @@ static void test_clone3(const struct test *test) ksft_print_msg("[%d] clone3() with flags says: %d expected %d\n", getpid(), ret, test->expected); if (ret != test->expected) { + if (test->e2big_valid && ret == -E2BIG) { + ksft_print_msg("Test reported -E2BIG\n"); + ksft_test_result_skip("%s\n", test->name); + return; + } ksft_print_msg( "[%d] Result (%d) is different than expected (%d)\n", getpid(), ret, test->expected);