On Fri, May 03, 2024 at 02:01:24PM +0100, Joey Gouly wrote:
> POR_EL0 is a register that can be modified by userspace directly,
> so it must be context switched.
>
> Signed-off-by: Joey Gouly <joey.gouly@xxxxxxx>
> Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
> Cc: Will Deacon <will@xxxxxxxxxx>
> ---
> arch/arm64/include/asm/cpufeature.h | 6 ++++++
> arch/arm64/include/asm/processor.h | 1 +
> arch/arm64/include/asm/sysreg.h | 3 +++
> arch/arm64/kernel/process.c | 28 ++++++++++++++++++++++++++++
> 4 files changed, 38 insertions(+)
[...]
> diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> index 4ae31b7af6c3..0ffaca98bed6 100644
> --- a/arch/arm64/kernel/process.c
> +++ b/arch/arm64/kernel/process.c
> @@ -271,12 +271,23 @@ static void flush_tagged_addr_state(void)
> clear_thread_flag(TIF_TAGGED_ADDR);
> }
>
> +static void flush_poe(void)
> +{
> + if (!system_supports_poe())
> + return;
> +
> + write_sysreg_s(POR_EL0_INIT, SYS_POR_EL0);
> + /* ISB required for kernel uaccess routines when chaning POR_EL0 */
> + isb();
See my comment on permission_overlay_switch(), below. However, exec is
slower path code, so including the ISB may be better here than leaving
it for the caller to worry about.
> +}
> +
> void flush_thread(void)
> {
> fpsimd_flush_thread();
> tls_thread_flush();
> flush_ptrace_hw_breakpoint(current);
> flush_tagged_addr_state();
> + flush_poe();
> }
>
> void arch_release_task_struct(struct task_struct *tsk)
> @@ -371,6 +382,9 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args)
> if (system_supports_tpidr2())
> p->thread.tpidr2_el0 = read_sysreg_s(SYS_TPIDR2_EL0);
>
> + if (system_supports_poe())
> + p->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
> +
Was POR_EL0 ever reset to something sensible at all? Does it matter?
(I couldn't find this, but may have missed it.)
> if (stack_start) {
> if (is_compat_thread(task_thread_info(p)))
> childregs->compat_sp = stack_start;
> @@ -495,6 +509,19 @@ static void erratum_1418040_new_exec(void)
> preempt_enable();
> }
>
> +static void permission_overlay_switch(struct task_struct *next)
> +{
> + if (!system_supports_poe())
> + return;
> +
> + current->thread.por_el0 = read_sysreg_s(SYS_POR_EL0);
> + if (current->thread.por_el0 != next->thread.por_el0) {
> + write_sysreg_s(next->thread.por_el0, SYS_POR_EL0);
> + /* ISB required for kernel uaccess routines when chaning POR_EL0 */
> + isb();
Do we really need an extra ISB slap in the middle of context switch?
(i.e., should any uaccess ever happen until context switch is completed,
and so can we coalesce this ISB with a later one?)
> + }
> +}
> +
> /*
> * __switch_to() checks current->thread.sctlr_user as an optimisation. Therefore
> * this function must be called with preemption disabled and the update to
> @@ -530,6 +557,7 @@ struct task_struct *__switch_to(struct task_struct *prev,
> ssbs_thread_switch(next);
> erratum_1418040_thread_switch(next);
> ptrauth_thread_switch_user(next);
> + permission_overlay_switch(next);
>
> /*
> * Complete any pending TLB or cache maintenance on this CPU in case
[...]
Cheers
---Dave
