On Thu, Aug 29, 2024 at 6:31 AM Samuel Holland <samuel.holland@xxxxxxxxxx> wrote: > > RISC-V defines three extensions for pointer masking[1]: > - Smmpm: configured in M-mode, affects M-mode > - Smnpm: configured in M-mode, affects the next lower mode (S or U-mode) > - Ssnpm: configured in S-mode, affects the next lower mode (VS, VU, or U-mode) > > This series adds support for configuring Smnpm or Ssnpm (depending on > which privilege mode the kernel is running in) to allow pointer masking > in userspace (VU or U-mode), extending the PR_SET_TAGGED_ADDR_CTRL API > from arm64. Unlike arm64 TBI, userspace pointer masking is not enabled > by default on RISC-V. Additionally, the tag width (referred to as PMLEN) > is variable, so userspace needs to ask the kernel for a specific tag > width, which is interpreted as a lower bound on the number of tag bits. > > This series also adds support for a tagged address ABI similar to arm64 > and x86. Since accesses from the kernel to user memory use the kernel's > pointer masking configuration, not the user's, the kernel must untag > user pointers in software before dereferencing them. And since the tag > width is variable, as with LAM on x86, it must be kept the same across > all threads in a process so untagged_addr_remote() can work. > > This series depends on my per-thread envcfg series[3]. > > This series can be tested in QEMU by applying a patch set[2]. > > KASAN support will be added in a separate patch series. > > [1]: https://github.com/riscv/riscv-j-extension/releases/download/pointer-masking-v1.0.0-rc2/pointer-masking-v1.0.0-rc2.pdf > [2]: https://lore.kernel.org/qemu-devel/20240511101053.1875596-1-me@deliversmonkey.space/ > [3]: https://lore.kernel.org/linux-riscv/20240814081126.956287-1-samuel.holland@xxxxxxxxxx/ > > Changes in v4: > - Switch IS_ENABLED back to #ifdef to fix riscv32 build > - Combine __untagged_addr() and __untagged_addr_remote() > > Changes in v3: > - Note in the commit message that the ISA extension spec is frozen > - Rebase on riscv/for-next (ISA extension list conflicts) > - Remove RISCV_ISA_EXT_SxPM, which was not used anywhere > - Use shifts instead of large numbers in ENVCFG_PMM* macro definitions > - Rename CONFIG_RISCV_ISA_POINTER_MASKING to CONFIG_RISCV_ISA_SUPM, > since it only controls the userspace part of pointer masking > - Use IS_ENABLED instead of #ifdef when possible > - Use an enum for the supported PMLEN values > - Simplify the logic in set_tagged_addr_ctrl() > - Use IS_ENABLED instead of #ifdef when possible > - Implement mm_untag_mask() > - Remove pmlen from struct thread_info (now only in mm_context_t) > > Changes in v2: > - Drop patch 4 ("riscv: Define is_compat_thread()"), as an equivalent > patch was already applied > - Move patch 5 ("riscv: Split per-CPU and per-thread envcfg bits") to a > different series[3] > - Update pointer masking specification version reference > - Provide macros for the extension affecting the kernel and userspace > - Use the correct name for the hstatus.HUPMM field > - Rebase on riscv/linux.git for-next > - Add and use the envcfg_update_bits() helper function > - Inline flush_tagged_addr_state() > - Implement untagged_addr_remote() > - Restrict PMLEN changes once a process is multithreaded > - Rename "tags" directory to "pm" to avoid .gitignore rules > - Add .gitignore file to ignore the compiled selftest binary > - Write to a pipe to force dereferencing the user pointer > - Handle SIGSEGV in the child process to reduce dmesg noise > - Export Supm via hwprobe > - Export Smnpm and Ssnpm to KVM guests > > Samuel Holland (10): > dt-bindings: riscv: Add pointer masking ISA extensions > riscv: Add ISA extension parsing for pointer masking > riscv: Add CSR definitions for pointer masking > riscv: Add support for userspace pointer masking > riscv: Add support for the tagged address ABI > riscv: Allow ptrace control of the tagged address ABI > selftests: riscv: Add a pointer masking test > riscv: hwprobe: Export the Supm ISA extension > RISC-V: KVM: Allow Smnpm and Ssnpm extensions for guests > KVM: riscv: selftests: Add Smnpm and Ssnpm to get-reg-list test Please CC kvm-riscv mailing list for KVM changes otherwise the KVM RISC-V patchwork can't track patches. > > Documentation/arch/riscv/hwprobe.rst | 3 + > .../devicetree/bindings/riscv/extensions.yaml | 18 + > arch/riscv/Kconfig | 11 + > arch/riscv/include/asm/csr.h | 16 + > arch/riscv/include/asm/hwcap.h | 5 + > arch/riscv/include/asm/mmu.h | 7 + > arch/riscv/include/asm/mmu_context.h | 13 + > arch/riscv/include/asm/processor.h | 8 + > arch/riscv/include/asm/switch_to.h | 11 + > arch/riscv/include/asm/uaccess.h | 43 ++- > arch/riscv/include/uapi/asm/hwprobe.h | 1 + > arch/riscv/include/uapi/asm/kvm.h | 2 + > arch/riscv/kernel/cpufeature.c | 3 + > arch/riscv/kernel/process.c | 154 ++++++++ > arch/riscv/kernel/ptrace.c | 42 +++ > arch/riscv/kernel/sys_hwprobe.c | 3 + > arch/riscv/kvm/vcpu_onereg.c | 3 + > include/uapi/linux/elf.h | 1 + > include/uapi/linux/prctl.h | 3 + > .../selftests/kvm/riscv/get-reg-list.c | 8 + > tools/testing/selftests/riscv/Makefile | 2 +- > tools/testing/selftests/riscv/pm/.gitignore | 1 + > tools/testing/selftests/riscv/pm/Makefile | 10 + > .../selftests/riscv/pm/pointer_masking.c | 330 ++++++++++++++++++ > 24 files changed, 692 insertions(+), 6 deletions(-) > create mode 100644 tools/testing/selftests/riscv/pm/.gitignore > create mode 100644 tools/testing/selftests/riscv/pm/Makefile > create mode 100644 tools/testing/selftests/riscv/pm/pointer_masking.c > > -- > 2.45.1 > Regards, Anup
