Re: [PATCH v4 00/10] riscv: Userspace pointer masking and tagged address ABI
From: Charlie Jenkins
Date: Fri Sep 13 2024 - 14:09:14 EST
On Wed, Aug 28, 2024 at 06:01:22PM -0700, Samuel Holland wrote:
> RISC-V defines three extensions for pointer masking[1]:
> - Smmpm: configured in M-mode, affects M-mode
> - Smnpm: configured in M-mode, affects the next lower mode (S or U-mode)
> - Ssnpm: configured in S-mode, affects the next lower mode (VS, VU, or U-mode)
>
> This series adds support for configuring Smnpm or Ssnpm (depending on
> which privilege mode the kernel is running in) to allow pointer masking
> in userspace (VU or U-mode), extending the PR_SET_TAGGED_ADDR_CTRL API
> from arm64. Unlike arm64 TBI, userspace pointer masking is not enabled
> by default on RISC-V. Additionally, the tag width (referred to as PMLEN)
> is variable, so userspace needs to ask the kernel for a specific tag
> width, which is interpreted as a lower bound on the number of tag bits.
>
> This series also adds support for a tagged address ABI similar to arm64
> and x86. Since accesses from the kernel to user memory use the kernel's
> pointer masking configuration, not the user's, the kernel must untag
> user pointers in software before dereferencing them. And since the tag
> width is variable, as with LAM on x86, it must be kept the same across
> all threads in a process so untagged_addr_remote() can work.
>
> This series depends on my per-thread envcfg series[3].
>
> This series can be tested in QEMU by applying a patch set[2].
>
> KASAN support will be added in a separate patch series.
>
> [1]: https://github.com/riscv/riscv-j-extension/releases/download/pointer-masking-v1.0.0-rc2/pointer-masking-v1.0.0-rc2.pdf
> [2]: https://lore.kernel.org/qemu-devel/20240511101053.1875596-1-me@deliversmonkey.space/
> [3]: https://lore.kernel.org/linux-riscv/20240814081126.956287-1-samuel.holland@xxxxxxxxxx/
>
> Changes in v4:
> - Switch IS_ENABLED back to #ifdef to fix riscv32 build
> - Combine __untagged_addr() and __untagged_addr_remote()
>
> Changes in v3:
> - Note in the commit message that the ISA extension spec is frozen
> - Rebase on riscv/for-next (ISA extension list conflicts)
> - Remove RISCV_ISA_EXT_SxPM, which was not used anywhere
> - Use shifts instead of large numbers in ENVCFG_PMM* macro definitions
> - Rename CONFIG_RISCV_ISA_POINTER_MASKING to CONFIG_RISCV_ISA_SUPM,
> since it only controls the userspace part of pointer masking
> - Use IS_ENABLED instead of #ifdef when possible
> - Use an enum for the supported PMLEN values
> - Simplify the logic in set_tagged_addr_ctrl()
> - Use IS_ENABLED instead of #ifdef when possible
> - Implement mm_untag_mask()
> - Remove pmlen from struct thread_info (now only in mm_context_t)
>
> Changes in v2:
> - Drop patch 4 ("riscv: Define is_compat_thread()"), as an equivalent
> patch was already applied
> - Move patch 5 ("riscv: Split per-CPU and per-thread envcfg bits") to a
> different series[3]
> - Update pointer masking specification version reference
> - Provide macros for the extension affecting the kernel and userspace
> - Use the correct name for the hstatus.HUPMM field
> - Rebase on riscv/linux.git for-next
> - Add and use the envcfg_update_bits() helper function
> - Inline flush_tagged_addr_state()
> - Implement untagged_addr_remote()
> - Restrict PMLEN changes once a process is multithreaded
> - Rename "tags" directory to "pm" to avoid .gitignore rules
> - Add .gitignore file to ignore the compiled selftest binary
> - Write to a pipe to force dereferencing the user pointer
> - Handle SIGSEGV in the child process to reduce dmesg noise
> - Export Supm via hwprobe
> - Export Smnpm and Ssnpm to KVM guests
>
> Samuel Holland (10):
> dt-bindings: riscv: Add pointer masking ISA extensions
> riscv: Add ISA extension parsing for pointer masking
> riscv: Add CSR definitions for pointer masking
> riscv: Add support for userspace pointer masking
> riscv: Add support for the tagged address ABI
> riscv: Allow ptrace control of the tagged address ABI
> selftests: riscv: Add a pointer masking test
> riscv: hwprobe: Export the Supm ISA extension
> RISC-V: KVM: Allow Smnpm and Ssnpm extensions for guests
> KVM: riscv: selftests: Add Smnpm and Ssnpm to get-reg-list test
>
> Documentation/arch/riscv/hwprobe.rst | 3 +
Would you be open to writing documentation similar to what is available
for arm? https://www.kernel.org/doc/html/next/arm64/tagged-address-abi.html
- Charlie
> .../devicetree/bindings/riscv/extensions.yaml | 18 +
> arch/riscv/Kconfig | 11 +
> arch/riscv/include/asm/csr.h | 16 +
> arch/riscv/include/asm/hwcap.h | 5 +
> arch/riscv/include/asm/mmu.h | 7 +
> arch/riscv/include/asm/mmu_context.h | 13 +
> arch/riscv/include/asm/processor.h | 8 +
> arch/riscv/include/asm/switch_to.h | 11 +
> arch/riscv/include/asm/uaccess.h | 43 ++-
> arch/riscv/include/uapi/asm/hwprobe.h | 1 +
> arch/riscv/include/uapi/asm/kvm.h | 2 +
> arch/riscv/kernel/cpufeature.c | 3 +
> arch/riscv/kernel/process.c | 154 ++++++++
> arch/riscv/kernel/ptrace.c | 42 +++
> arch/riscv/kernel/sys_hwprobe.c | 3 +
> arch/riscv/kvm/vcpu_onereg.c | 3 +
> include/uapi/linux/elf.h | 1 +
> include/uapi/linux/prctl.h | 3 +
> .../selftests/kvm/riscv/get-reg-list.c | 8 +
> tools/testing/selftests/riscv/Makefile | 2 +-
> tools/testing/selftests/riscv/pm/.gitignore | 1 +
> tools/testing/selftests/riscv/pm/Makefile | 10 +
> .../selftests/riscv/pm/pointer_masking.c | 330 ++++++++++++++++++
> 24 files changed, 692 insertions(+), 6 deletions(-)
> create mode 100644 tools/testing/selftests/riscv/pm/.gitignore
> create mode 100644 tools/testing/selftests/riscv/pm/Makefile
> create mode 100644 tools/testing/selftests/riscv/pm/pointer_masking.c
>
> --
> 2.45.1
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-riscv