[PATCHv4 07/17] arm64: sdei: explicitly simulate PAN/UAO entry

Mark Rutland mark.rutland at arm.com
Tue Dec 1 07:14:47 EST 2020 

On Thu, Nov 26, 2020 at 06:42:46PM +0000, James Morse wrote:
> Hi Mark,
> 
> On 13/11/2020 12:49, Mark Rutland wrote:
> > SDEI enters the kernel with a non-architectural exception which does not
> > manipulate PSTATE bits (e.g. PAN, UAO) in the same way as architectural
> > exceptions. We currently fix this up with a combination of
> > __uaccess_enable_hw_pan() and force_uaccess_access_begin(), but this has
> > a few problems:
> > 
> > * When set_fs() is removed, force_uaccess_begin() will have no HW
> >   side-effects, and UAO will need to be reset elsewhere.
> > 
> > * Kernels built without support for PAN or UAO will not reset these bits
> >   upon SDEI entry, and may inherit the values used by a VM, leading to
> >   unexpected behaviour.
> > 
> > * Kernels built *with* support for PAN or UAO, when run on systems with
> >   mismatched support across CPUs, will not reset these bits upon SDEI
> >   entry, and may inherit the values used by a VM, leading to unexpected
> >   behaviour.
> 
> > To deal with all of these, let's always explicitly reset the PAN and UAO
> > bits when an SDEI event is delivered to the kernel. As above, we must do
> > so even when the kernel has chosen to not use PAN/UAO, or was not built
> > with support for PAN/UAO generally.
> > 
> > The existing system_uses_ttbr0_pan() is redefined in terms of
> > system_uses_hw_pan() both for clarity and as a minor optimization when
> > HW PAN is not selected.
> 
> Reviewed-by: James Morse <james.morse at arm.com>

Thanks! Per the comments on patch 14, I've reworked this to remove the
UAO bits (and correspondingly, have rewritten the commit message), so
I'll post v5 without your R-b just in case there's anything
objectionable in that rework.

> > diff --git a/arch/arm64/kernel/sdei.c b/arch/arm64/kernel/sdei.c
> > index 4a5f24602aa0..908d7be70eac 100644
> > --- a/arch/arm64/kernel/sdei.c
> > +++ b/arch/arm64/kernel/sdei.c
> > @@ -224,12 +234,11 @@ __sdei_handler(struct pt_regs *regs, struct sdei_registered_event *arg)
> >  	mm_segment_t orig_addr_limit;
> >  
> >  	/*
> > -	 * We didn't take an exception to get here, so the HW hasn't set PAN or
> > -	 * cleared UAO, and the exception entry code hasn't reset addr_limit.
> > -	 * Set PAN, then use force_uaccess_begin() to clear UAO and reset
> > -	 * addr_limit.
> > +	 * We didn't take an exception to get here, so the HW hasn't
> > +	 * set/cleared bits in PSTATE that we may rely on. Intialize PAN/UAO,
> 
> (Initialize)

Whoops, fixed.

Thanks,
Mark.

More information about the linux-arm-kernel mailing list