From: Will Deacon <will@kernel.org>
Date: Tue, 5 May 2020 14:15:58 +0000 (+0100)
Subject: Merge branch 'for-next/bti-user' into for-next/bti
X-Git-Tag: v5.8-rc1~213^2~2^2~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80e4e561321595d2e5f4a173e8cf8d8432078995;p=thirdparty%2Fkernel%2Flinux.git

Merge branch 'for-next/bti-user' into for-next/bti

Merge in user support for Branch Target Identification, which narrowly
missed the cut for 5.7 after a late ABI concern.

* for-next/bti-user:
  arm64: bti: Document behaviour for dynamically linked binaries
  arm64: elf: Fix allnoconfig kernel build with !ARCH_USE_GNU_PROPERTY
  arm64: BTI: Add Kconfig entry for userspace BTI
  mm: smaps: Report arm64 guarded pages in smaps
  arm64: mm: Display guarded pages in ptdump
  KVM: arm64: BTI: Reset BTYPE when skipping emulated instructions
  arm64: BTI: Reset BTYPE when skipping emulated instructions
  arm64: traps: Shuffle code to eliminate forward declarations
  arm64: unify native/compat instruction skipping
  arm64: BTI: Decode BYTPE bits when printing PSTATE
  arm64: elf: Enable BTI at exec based on ELF program properties
  elf: Allow arch to tweak initial mmap prot flags
  arm64: Basic Branch Target Identification support
  ELF: Add ELF program property parsing support
  ELF: UAPI and Kconfig additions for ELF program properties
---

80e4e561321595d2e5f4a173e8cf8d8432078995
diff --cc Documentation/filesystems/proc.rst
index 38b606991065b,ed5465d0f4350..9969bf4c0c44f
--- a/Documentation/filesystems/proc.rst
+++ b/Documentation/filesystems/proc.rst
@@@ -511,39 -489,37 +511,40 @@@ does not take into account swapped out 
  "THPeligible" indicates whether the mapping is eligible for allocating THP
  pages - 1 if true, 0 otherwise. It just shows the current status.
  
 -"VmFlags" field deserves a separate description. This member represents the kernel
 -flags associated with the particular virtual memory area in two letter encoded
 -manner. The codes are the following:
 -    rd  - readable
 -    wr  - writeable
 -    ex  - executable
 -    sh  - shared
 -    mr  - may read
 -    mw  - may write
 -    me  - may execute
 -    ms  - may share
 -    gd  - stack segment growns down
 -    pf  - pure PFN range
 -    dw  - disabled write to the mapped file
 -    lo  - pages are locked in memory
 -    io  - memory mapped I/O area
 -    sr  - sequential read advise provided
 -    rr  - random read advise provided
 -    dc  - do not copy area on fork
 -    de  - do not expand area on remapping
 -    ac  - area is accountable
 -    nr  - swap space is not reserved for the area
 -    ht  - area uses huge tlb pages
 -    ar  - architecture specific flag
 -    dd  - do not include area into core dump
 -    sd  - soft-dirty flag
 -    mm  - mixed map area
 -    hg  - huge page advise flag
 -    nh  - no-huge page advise flag
 -    mg  - mergable advise flag
 +"VmFlags" field deserves a separate description. This member represents the
 +kernel flags associated with the particular virtual memory area in two letter
 +encoded manner. The codes are the following:
 +
 +    ==    =======================================
 +    rd    readable
 +    wr    writeable
 +    ex    executable
 +    sh    shared
 +    mr    may read
 +    mw    may write
 +    me    may execute
 +    ms    may share
 +    gd    stack segment growns down
 +    pf    pure PFN range
 +    dw    disabled write to the mapped file
 +    lo    pages are locked in memory
 +    io    memory mapped I/O area
 +    sr    sequential read advise provided
 +    rr    random read advise provided
 +    dc    do not copy area on fork
 +    de    do not expand area on remapping
 +    ac    area is accountable
 +    nr    swap space is not reserved for the area
 +    ht    area uses huge tlb pages
 +    ar    architecture specific flag
 +    dd    do not include area into core dump
 +    sd    soft dirty flag
 +    mm    mixed map area
 +    hg    huge page advise flag
 +    nh    no huge page advise flag
 +    mg    mergable advise flag
+     bt  - arm64 BTI guarded page
 +    ==    =======================================
  
  Note that there is no guarantee that every flag and associated mnemonic will
  be present in all further kernel releases. Things get changed, the flags may
diff --cc arch/arm64/Kconfig
index 40fb05d96c607,53c77711f7522..43be825d0730a
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@@ -9,6 -9,8 +9,7 @@@ config ARM6
  	select ACPI_MCFG if (ACPI && PCI)
  	select ACPI_SPCR_TABLE if ACPI
  	select ACPI_PPTT if ACPI
+ 	select ARCH_BINFMT_ELF_STATE
 -	select ARCH_CLOCKSOURCE_DATA
  	select ARCH_HAS_DEBUG_VIRTUAL
  	select ARCH_HAS_DEVMEM_IS_ALLOWED
  	select ARCH_HAS_DMA_PREP_COHERENT
diff --cc arch/arm64/include/asm/cpucaps.h
index 8eb5a088ae658,58e776c22aab8..7b6051494f717
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@@ -58,10 -58,8 +58,11 @@@
  #define ARM64_WORKAROUND_SPECULATIVE_AT_NVHE	48
  #define ARM64_HAS_E0PD				49
  #define ARM64_HAS_RNG				50
 -#define ARM64_BTI				51
 +#define ARM64_HAS_AMU_EXTN			51
 +#define ARM64_HAS_ADDRESS_AUTH			52
 +#define ARM64_HAS_GENERIC_AUTH			53
++#define ARM64_BTI				54
  
- #define ARM64_NCAPS				54
 -#define ARM64_NCAPS				52
++#define ARM64_NCAPS				55
  
  #endif /* __ASM_CPUCAPS_H */
diff --cc arch/arm64/include/asm/cpufeature.h
index afe08251ff956,e3ebcc59e83b5..99ab13a07a1d7
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@@ -680,6 -613,17 +680,11 @@@ static inline bool system_has_prio_mask
  	       system_uses_irq_prio_masking();
  }
  
+ static inline bool system_supports_bti(void)
+ {
 -	return IS_ENABLED(CONFIG_ARM64_BTI) &&
 -		cpus_have_const_cap(ARM64_BTI);
 -}
 -
 -static inline bool system_capabilities_finalized(void)
 -{
 -	return static_branch_likely(&arm64_const_caps_ready);
++	return IS_ENABLED(CONFIG_ARM64_BTI) && cpus_have_const_cap(ARM64_BTI);
+ }
+ 
  #define ARM64_BP_HARDEN_UNKNOWN		-1
  #define ARM64_BP_HARDEN_WA_NEEDED	0
  #define ARM64_BP_HARDEN_NOT_REQUIRED	1
diff --cc arch/arm64/include/asm/kvm_emulate.h
index a30b4eec7cb40,dee51c1dcb93a..6ea53e6e8b262
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@@ -505,12 -504,14 +505,14 @@@ static inline unsigned long vcpu_data_h
  	return data;		/* Leave LE untouched */
  }
  
 -static inline void kvm_skip_instr(struct kvm_vcpu *vcpu, bool is_wide_instr)
 +static __always_inline void kvm_skip_instr(struct kvm_vcpu *vcpu, bool is_wide_instr)
  {
- 	if (vcpu_mode_is_32bit(vcpu))
+ 	if (vcpu_mode_is_32bit(vcpu)) {
  		kvm_skip_instr32(vcpu, is_wide_instr);
- 	else
+ 	} else {
  		*vcpu_pc(vcpu) += 4;
+ 		*vcpu_cpsr(vcpu) &= ~PSR_BTYPE_MASK;
+ 	}
  
  	/* advance the singlestep state machine */
  	*vcpu_cpsr(vcpu) &= ~DBG_SPSR_SS;
diff --cc arch/arm64/kernel/cpufeature.c
index 9fac745aa7bb2,e6d31776e49bd..b234d6f71cba6
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@@ -1409,25 -1349,21 +1411,40 @@@ static bool can_use_gic_priorities(cons
  }
  #endif
  
+ #ifdef CONFIG_ARM64_BTI
+ static void bti_enable(const struct arm64_cpu_capabilities *__unused)
+ {
+ 	/*
+ 	 * Use of X16/X17 for tail-calls and trampolines that jump to
+ 	 * function entry points using BR is a requirement for
+ 	 * marking binaries with GNU_PROPERTY_AARCH64_FEATURE_1_BTI.
+ 	 * So, be strict and forbid other BRs using other registers to
+ 	 * jump onto a PACIxSP instruction:
+ 	 */
+ 	sysreg_clear_set(sctlr_el1, 0, SCTLR_EL1_BT0 | SCTLR_EL1_BT1);
+ 	isb();
+ }
+ #endif /* CONFIG_ARM64_BTI */
+ 
 +/* Internal helper functions to match cpu capability type */
 +static bool
 +cpucap_late_cpu_optional(const struct arm64_cpu_capabilities *cap)
 +{
 +	return !!(cap->type & ARM64_CPUCAP_OPTIONAL_FOR_LATE_CPU);
 +}
 +
 +static bool
 +cpucap_late_cpu_permitted(const struct arm64_cpu_capabilities *cap)
 +{
 +	return !!(cap->type & ARM64_CPUCAP_PERMITTED_FOR_LATE_CPU);
 +}
 +
 +static bool
 +cpucap_panic_on_conflict(const struct arm64_cpu_capabilities *cap)
 +{
 +	return !!(cap->type & ARM64_CPUCAP_PANIC_ON_CONFLICT);
 +}
 +
  static const struct arm64_cpu_capabilities arm64_features[] = {
  	{
  		.desc = "GIC system register CPU interface",
diff --cc fs/binfmt_elf.c
index 13f25e241ac46,cceb29d6ef1d9..4adb963cdb830
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@@ -819,11 -941,16 +940,16 @@@ out_free_interp
  			goto out_free_dentry;
  
  		/* Pass PT_LOPROC..PT_HIPROC headers to arch code */
+ 		elf_property_phdata = NULL;
  		elf_ppnt = interp_elf_phdata;
 -		for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
 +		for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
  			switch (elf_ppnt->p_type) {
+ 			case PT_GNU_PROPERTY:
+ 				elf_property_phdata = elf_ppnt;
+ 				break;
+ 
  			case PT_LOPROC ... PT_HIPROC:
 -				retval = arch_elf_pt_proc(&loc->interp_elf_ex,
 +				retval = arch_elf_pt_proc(interp_elf_ex,
  							  elf_ppnt, interpreter,
  							  true, &arch_state);
  				if (retval)
@@@ -1054,9 -1187,10 +1186,10 @@@
  	}
  
  	if (interpreter) {
 -		elf_entry = load_elf_interp(&loc->interp_elf_ex,
 +		elf_entry = load_elf_interp(interp_elf_ex,
  					    interpreter,
- 					    load_bias, interp_elf_phdata);
+ 					    load_bias, interp_elf_phdata,
+ 					    &arch_state);
  		if (!IS_ERR((void *)elf_entry)) {
  			/*
  			 * load_elf_interp() returns relocation