[PATCHv5 00/12] arm64: remove set_fs() and friends

Wed Dec 2 17:31:22 EST 2020

On Wed, 2 Dec 2020 13:15:46 +0000, Mark Rutland wrote:
> Building atop Christoph's core rework now in v5.10-rc1, this series removes
> set_fs() from arm64. The series can be found in arm64/set_fs-removal branch
> [1].
> 
> Since v1 [2]:
> * Remove redundant kthread init code
> * Remove vestigal bit left by v1
> * Rework SDEI entry
> * Comment head.S better
> * Fix commit message typos
> 
> [...]

Applied to arm64 (for-next/uaccess), thanks! I skipped patch 3 as it was
already applied to the arm64 for-next/lto branch, so I rebased the
arm64/uaccess branch on top.

[01/12] arm64: sdei: move uaccess logic to arch/arm64/
        https://git.kernel.org/arm64/c/a0ccf2ba689f
[02/12] arm64: sdei: explicitly simulate PAN/UAO entry
        https://git.kernel.org/arm64/c/2376e75cc77e
[04/12] arm64: uaccess: rename privileged uaccess routines
        https://git.kernel.org/arm64/c/923e1e7d8223
[05/12] arm64: uaccess: simplify __copy_user_flushcache()
        https://git.kernel.org/arm64/c/9e94fdade4d8
[06/12] arm64: uaccess: refactor __{get,put}_user
        https://git.kernel.org/arm64/c/f253d827f33c
[07/12] arm64: uaccess: split user/kernel routines
        https://git.kernel.org/arm64/c/fc703d80130b
[08/12] arm64: uaccess cleanup macro naming
        https://git.kernel.org/arm64/c/7b90dc40e36e
[09/12] arm64: uaccess: remove set_fs()
        https://git.kernel.org/arm64/c/3d2403fd10a1
[10/12] arm64: uaccess: remove addr_limit_user_check()
        https://git.kernel.org/arm64/c/b5a5a01d8e9a
[11/12] arm64: uaccess: remove redundant PAN toggling
        https://git.kernel.org/arm64/c/7cf283c7bd62
[12/12] arm64: uaccess: remove vestigal UAO support
        https://git.kernel.org/arm64/c/1517c4facf2e


Andrew, Stephen, a heads-up as the new arm64 for-next/core with the
above patches is going to conflict with the MTE patches in -next and the
conflict is not exactly trivial (well, mostly context changes and some
functions renamed but there is some additional TIF_* values compacting
in thread_info.h, otherwise the _TIF_WORK_MASK doesn't fit into an asm
instruction). See below for my conflict resolution (next/master is
first):

diff --cc arch/arm64/include/asm/thread_info.h
index cdcf307764aa,015beafe58f5..000000000000

--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@@ -66,9 -63,7 +63,8 @@@ void arch_release_task_struct(struct ta
  #define TIF_NOTIFY_RESUME	2	/* callback before returning to user */
  #define TIF_FOREIGN_FPSTATE	3	/* CPU's FP state is not current's */
  #define TIF_UPROBE		4	/* uprobe breakpoint or singlestep */
- #define TIF_FSCHECK		5	/* Check FS is USER_DS on return */
 -#define TIF_MTE_ASYNC_FAULT	5	/* MTE Asynchronous Tag Check Fault */
++#define TIF_NOTIFY_SIGNAL	5	/* signal notifications exist */
 +#define TIF_MTE_ASYNC_FAULT	6	/* MTE Asynchronous Tag Check Fault */
- #define TIF_NOTIFY_SIGNAL	7	/* signal notifications exist */
  #define TIF_SYSCALL_TRACE	8	/* syscall trace active */
  #define TIF_SYSCALL_AUDIT	9	/* syscall auditing */
  #define TIF_SYSCALL_TRACEPOINT	10	/* syscall tracepoint for ftrace */
@@@ -103,8 -96,7 +98,8 @@@
  
  #define _TIF_WORK_MASK		(_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
  				 _TIF_NOTIFY_RESUME | _TIF_FOREIGN_FPSTATE | \
- 				 _TIF_UPROBE | _TIF_FSCHECK | _TIF_MTE_ASYNC_FAULT | \
 -				 _TIF_UPROBE | _TIF_MTE_ASYNC_FAULT)
++				 _TIF_UPROBE | _TIF_MTE_ASYNC_FAULT | \
 +				 _TIF_NOTIFY_SIGNAL)
  
  #define _TIF_SYSCALL_WORK	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
  				 _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \
diff --cc arch/arm64/include/asm/uaccess.h
index d841a560fae7,abb31aa1f8ca..000000000000
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@@ -186,64 -159,20 +159,43 @@@ static inline void __uaccess_enable_hw_
  			CONFIG_ARM64_PAN));
  }
  
- #define __uaccess_disable(alt)						\
- do {									\
- 	if (!uaccess_ttbr0_disable())					\
- 		asm(ALTERNATIVE("nop", SET_PSTATE_PAN(1), alt,		\
- 				CONFIG_ARM64_PAN));			\
- } while (0)
- 
- #define __uaccess_enable(alt)						\
- do {									\
- 	if (!uaccess_ttbr0_enable())					\
- 		asm(ALTERNATIVE("nop", SET_PSTATE_PAN(0), alt,		\
- 				CONFIG_ARM64_PAN));			\
- } while (0)
- 
 +/*
 + * The Tag Check Flag (TCF) mode for MTE is per EL, hence TCF0
 + * affects EL0 and TCF affects EL1 irrespective of which TTBR is
 + * used.
 + * The kernel accesses TTBR0 usually with LDTR/STTR instructions
 + * when UAO is available, so these would act as EL0 accesses using
 + * TCF0.
 + * However futex.h code uses exclusives which would be executed as
 + * EL1, this can potentially cause a tag check fault even if the
 + * user disables TCF0.
 + *
 + * To address the problem we set the PSTATE.TCO bit in uaccess_enable()
 + * and reset it in uaccess_disable().
 + *
 + * The Tag check override (TCO) bit disables temporarily the tag checking
 + * preventing the issue.
 + */
- static inline void uaccess_disable(void)
+ static inline void uaccess_disable_privileged(void)
  {
 +	asm volatile(ALTERNATIVE("nop", SET_PSTATE_TCO(0),
 +				 ARM64_MTE, CONFIG_KASAN_HW_TAGS));
 +
- 	__uaccess_disable(ARM64_HAS_PAN);
+ 	if (uaccess_ttbr0_disable())
+ 		return;
+ 
+ 	__uaccess_enable_hw_pan();
  }
  
- static inline void uaccess_enable(void)
+ static inline void uaccess_enable_privileged(void)
  {
 +	asm volatile(ALTERNATIVE("nop", SET_PSTATE_TCO(1),
 +				 ARM64_MTE, CONFIG_KASAN_HW_TAGS));
 +
- 	__uaccess_enable(ARM64_HAS_PAN);
- }
- 
- /*
-  * These functions are no-ops when UAO is present.
-  */
- static inline void uaccess_disable_not_uao(void)
- {
- 	__uaccess_disable(ARM64_ALT_PAN_NOT_UAO);
- }
+ 	if (uaccess_ttbr0_enable())
+ 		return;
  
- static inline void uaccess_enable_not_uao(void)
- {
- 	__uaccess_enable(ARM64_ALT_PAN_NOT_UAO);
+ 	__uaccess_disable_hw_pan();
  }
  
  /*

-- 
Catalin


