From patchwork Wed Jun 12 13:22:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 1946922 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=arm.com header.i=@arm.com header.a=rsa-sha256 header.s=selector1 header.b=hfvhK9m5; dkim=pass (1024-bit key) header.d=arm.com header.i=@arm.com header.a=rsa-sha256 header.s=selector1 header.b=hfvhK9m5; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VzmWq0bbxz20Pb for ; Wed, 12 Jun 2024 23:25:59 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 729FC388210C for ; Wed, 12 Jun 2024 13:25:55 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20603.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e1a::603]) by sourceware.org (Postfix) with ESMTPS id 93C66388204B for ; Wed, 12 Jun 2024 13:23:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 93C66388204B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 93C66388204B Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=2a01:111:f400:7e1a::603 ARC-Seal: i=3; a=rsa-sha256; d=sourceware.org; s=key; t=1718198588; cv=pass; b=u2gnr/wFf5dTE//rMiLb9BVa1NPq7nfsPuDaszvytwri31HFJYd06F7HToyeYrG0hs9XgO6KUSStneFDcUEwmBm5yILYdPyZiZE9ypWT9NDZ9gGT55OdYDV+3UcsP0mIVIdaBwncze7UVimJDTuCrSfQWTHH1F2tm7KIoed/pTY= ARC-Message-Signature: i=3; a=rsa-sha256; d=sourceware.org; s=key; t=1718198588; c=relaxed/simple; bh=DHDmTRUFL64J8UqD2/y+/z+UDiCtn1JfShWjgupgKNE=; h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-ID: MIME-Version; b=xtQOiWVIpEI34gjmN53k/Ip2rGGVGa0m8yHvpNmEPR92dgGkbBslzvQh8z/8FolapkAU6iddh9cZ3F4UwkCHjy2+PlW8UO1m9n6EhNvDF33aZqhiUFWHJyUjDtxQRhqCI5uR6givrM1LsFuT1qwDJISITu7oCSxZLQUlg8VV7Qw= ARC-Authentication-Results: i=3; server2.sourceware.org ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=AhWAxBJWxNzvtRzTUsLIQcBnwaKbAaI/GaFC+XZiwX+V1GEJM6luXNqy0m3bd0187RXorUI66E9P8kWQpBfgX8qXfqNGBR69PSQUPWyQpwQt/ieki4HPRwb+m3zdgXAeg4RqDsFZlyneeihl0PMS+4l80hG4nfXPvA0MhE3lUPgimzuafOIf6ICedlNO77DFiHkky09JvryzTsmjXv9k0UzkougnAqBtPjVW+BYXtzKWISLCjTvdvkzqBR9fBDH8/jaXtC8n7crt0nHsXCAoVBazpMz1u52ZDDARAW6HWyf2FVz8D9SUqXfG1yBCopjnRc7xHqsMudaQ9Nq++5bzrQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8RJaGwbYdBTR72rof6YR7YjPsDikqChzBNnhmTmQRvQ=; b=Sj/sBH8F/w2SIYv8z7VNx5Y0fFy3Kaz97uisvh+RM+cqizk29c+zqvCNz9TDJStQ/mIDNxC39D94RP0QMWnMNsb7RbSgbDwRPvbrTZoIXD3s3TvkbfDfUQDZbpQPgvePBP3pQdRxkvKFgjyWaFHa4jLFklzRbnXY88rMlNRmbsKnj12SQHHHiv8wavJq30iQOLaCm2jCjGyZwZvolvWPTrmtHUpXqrtA5oHXUI2LPXPqP0800UrdJDeEjFsNhCBRhjCrqTyIdX7Mov3L2/BjLxnrtWZi6sFRhpvM+4x1QBXrsXxJ92G/i7KPT4PDqcfmKzO3FfquYVyN5BYPYG4hPw== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dmarc=[1,1,header.from=arm.com]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arm.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8RJaGwbYdBTR72rof6YR7YjPsDikqChzBNnhmTmQRvQ=; b=hfvhK9m5BIj4Gz6esSFc4IN7U1h/I37ki0bqnpAfqiKn10XkrE9K2DnCams7WEmFMHNmUypMhhZw6sLfWSNPSDTGpZpQdU+irYnnSiLruQNEm9rYsJM//tzKVWdvK2+Hgsf5mRICBieZMnRC81vOkEQLRhv9Jbqtu0nQxk05mVw= Received: from AS9PR06CA0752.eurprd06.prod.outlook.com (2603:10a6:20b:484::7) by AS4PR08MB7710.eurprd08.prod.outlook.com (2603:10a6:20b:511::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.37; Wed, 12 Jun 2024 13:22:56 +0000 Received: from AMS0EPF000001A4.eurprd05.prod.outlook.com (2603:10a6:20b:484:cafe::6e) by AS9PR06CA0752.outlook.office365.com (2603:10a6:20b:484::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.20 via Frontend Transport; Wed, 12 Jun 2024 13:22:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=arm.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AMS0EPF000001A4.mail.protection.outlook.com (10.167.16.229) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7677.15 via Frontend Transport; Wed, 12 Jun 2024 13:22:55 +0000 Received: ("Tessian outbound c027d482f440:v332"); Wed, 12 Jun 2024 13:22:55 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 7bf437582a2ed29b X-CR-MTA-TID: 64aa7808 Received: from c66eea779fac.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 391B451B-0C1F-4E5C-8983-7AB87E6F2CBC.1; Wed, 12 Jun 2024 13:22:49 +0000 Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c66eea779fac.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 12 Jun 2024 13:22:48 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jirvqjjri9qcZEC8CznEK6U7cuDEG7FX+vi2QKGL4VC5he/zUgJr2u8W63Fmt3ymWLZUPvuSZ8uldreBvdFLOLEbIFUuD+0wz01XPdkK0FQpZoK2T8V6GP3xXYaYdQ4anH9thvsuPKlHLJjdW9VPKNVAMmUZYP1BxmxgEEYfZrBwGuvpChB10ZD1kNgja9j9gb1TfQ9oNaoJ8Rr+OEpunaFg4MYP4U4cRyIf+nGCN0ryIA4RJ2O2gjYMO6pcTvv+cSh6/obFIkG93tEobF1CRTh+uGWmXzEN0vKMc/QlE4+sxB8T2gxanrvVeSFjBZg5rdTpPpChlIpLSz50o/YVCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8RJaGwbYdBTR72rof6YR7YjPsDikqChzBNnhmTmQRvQ=; b=Q7NRD3VQpRtIJx8OU67z/5c6GyyADb9WVHgwj+xG1rHqxHlDsXdHF/H15KNcgIrzGcHAaYrqXppU1CabQm2nkNLF+swEwRZhIXolE20F8iNb6wfe7FvGo/TD6vx4sOKGL7oyzHqsymcrdspPNBrrZYFKnBJeB/pO8iZpKWutEhG2H6u0zTEuQ3EpFlnh3jkHiuPTyDj04ljQAbd5OmLW7P3WQzKr4rzQw/ikn6aT4K5JJqxr5bMmNQofiEPfe9GVL876jaifIoKizqzRfVWAb63kbwIfRzkMal64yfHWswEtsF1XFJva0y2p/zObyL06OIDw34qS9ewJ2MsR/C+FmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=sourceware.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arm.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8RJaGwbYdBTR72rof6YR7YjPsDikqChzBNnhmTmQRvQ=; b=hfvhK9m5BIj4Gz6esSFc4IN7U1h/I37ki0bqnpAfqiKn10XkrE9K2DnCams7WEmFMHNmUypMhhZw6sLfWSNPSDTGpZpQdU+irYnnSiLruQNEm9rYsJM//tzKVWdvK2+Hgsf5mRICBieZMnRC81vOkEQLRhv9Jbqtu0nQxk05mVw= Received: from DU2PR04CA0060.eurprd04.prod.outlook.com (2603:10a6:10:234::35) by PAXPR08MB7490.eurprd08.prod.outlook.com (2603:10a6:102:2b7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.36; Wed, 12 Jun 2024 13:22:46 +0000 Received: from DB5PEPF00014B90.eurprd02.prod.outlook.com (2603:10a6:10:234:cafe::52) by DU2PR04CA0060.outlook.office365.com (2603:10a6:10:234::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.20 via Frontend Transport; Wed, 12 Jun 2024 13:22:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DB5PEPF00014B90.mail.protection.outlook.com (10.167.8.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Wed, 12 Jun 2024 13:22:46 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 12 Jun 2024 13:22:45 +0000 Received: from udebian.localdomain (10.57.6.9) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.35 via Frontend Transport; Wed, 12 Jun 2024 13:22:45 +0000 From: To: CC: , Subject: [RFC] aarch64: Add support for memory protection keys Date: Wed, 12 Jun 2024 14:22:42 +0100 Message-ID: <20240612132242.848429-1-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DB5PEPF00014B90:EE_|PAXPR08MB7490:EE_|AMS0EPF000001A4:EE_|AS4PR08MB7710:EE_ X-MS-Office365-Filtering-Correlation-Id: 91b5d199-bc87-4f70-5873-08dc8ae2c572 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; ARA:13230032|1800799016|82310400018|376006|36860700005; X-Microsoft-Antispam-Message-Info-Original: HBw2NwW0VGe3gfMiR18ur8JjwbjxcC1OqSqAybq/qCNFgOnnVW8/DGGN+o/4hdXR/8Khr6PBBRd3zzHZPRrE1Eu+b+UG3O2RG57iHqCKIuce5GbTmW0Ev2W8kmPGMRwP417Ntg6/45idTkwVgABZ2bntF+lHW90Y3P6RZ/kVxhyJZE7Eq6taJR1sB8CkcUKb4vVm1455gHdj7nQlpnT+jQJk/hSgJKtumwcAhTUNic+LgIJKWaNYkDDxviJN8iVN2eq5nOkzv2v3VWKz6qx36+vCbNe+kZl/kdLlVEOwTva3VEEhT+0sJs0WqN2L24+vwdqzXqg8CUHoUXc2USZojIkoIhJHfwQAMLFYUKnlwX0AK5CewuulmHPad+CdO62B07GtfWz/Y+ATOizMy4cOSMpT7fhnjGCkxgxgKu9L7Lt7dbow28uZiXdD51NuwgEviMerZ5lzG4CC2zt2VvG6wEE/BHqsvH/bijZC0pyEOsvv+11LHesHk7G81oD2k2U6kDJfWVtnwGtiQhXROHLVebtDM96xMnD6fC5NjWeKUMk2R8SPdY9Lh5VEKm/GMlmNahY7l062rtFtoCfD2IPbrghZ6qcyhqFKdgMENVGJpi6h1shheNLeQcYlhb0+hIoZ8R2qYaR1ME+IhsRGPXBd3tGlujWxfGMVrYX73zYsictR+elWukJ7iU5U8moSB71I/ZnBibdSV4ovmcyS2Mua1yfPDErxZ9YDOT4oC5fllb/TK0gjS57RMqgjjdJNOcnreB3m6WEB/E4UAil6ew9Oimith+h/UNB+YpfwEEluhPQLeJCvA4N43tqB/T0BAY+yCapwpgswZruVB0CjIypbg629JPINx/RYMVGsk63y/PubG5aoxbcYwmTRF/7ptVsp4ON/s8NNLHPVfgJEM+64v7U/me+mEwVm/ONWK4BnylVa98qzJF+pzoDM0X/eeeTbdlAMbCSImCda4g+6vlTcPX3C7dRTa4ERqPp+1grZ+akQ81Ep1QNXp+xlTR+R8gZTtgsDN7pQxwtII0tUsq7GrqIwPaOiCaKjUDbs/V+tFwrOgMwhLWLzSfZGjXGt2hOXXsYtIt3iwV89plYlBGgJlg6abHfhoTg6o9kMJS7xKea01IdGXFojzkx5fFGtP8BsHGJiFg2fugwGDYvNaKCINV+4a7lxTKxBDnWL9K09ZWuaBLO+AC5UCdxnQmDq6fG9WDXII2gfAM32JtePcDSHidY6B2b//gmx6jqfsyx8ho0GtlXPD/T503y05VJMPcOFYL+cA1miw/Pb5+n/1Mvhdb7GFIEXMtRG9PoXVp0g8SP3uLNUhUnA0N0/ArsnH50oVFQwRnbMPA3UqB8FNb4No6kD3DMUKl2VsrJ6pkxJjMVeQsm8jdtQsh0vrTeSME0oB9IbwYO9V1TRIyga0NnYZ+3YZ92ZJ2yiJdpUqBxzURo= X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230032)(1800799016)(82310400018)(376006)(36860700005); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB7490 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AMS0EPF000001A4.eurprd05.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 75a856e9-c8ac-4f2a-1f31-08dc8ae2bfd2 X-Microsoft-Antispam: BCL:0; ARA:13230032|1800799016|376006|36860700005|82310400018|35042699014; X-Microsoft-Antispam-Message-Info: Db+SKCQSFwCWxne9wxgYRwyoxfrIP38Vd7CTu7N5fWHR77zSg9Zd9GheOAHI8ku0+HSJITAYSxGgxn+u+LBhefUoWuSyqH90LLwjM8XHGsReygRgHk8CTEozGVBHS+9p6FUNA+DiJ3WJTNC9uNX7gWpmpj1Ly5L+yUpcjNh4jW6k1GoaG92e5cgJ0rFn+vDYAab0u7HC7SvqGLSBxFHh3vRfJmj/8ru1FXiJXLvgYWN3DUr3Zu2SK5NZR21ipQaAfByLQBi7/eHcCMfQUrSuQIx0YrdZ1R6HTQP5QSDb+prWHDuNJ8Zha8cmfc+i+w27iIB+VJ5cGJchT0rY7UhdtL/xvjWSB/cZkYGqsEmJucF/+nWEeGqjdV4wLITED8x9jHHwGvdX4NqXrt/E5njEmTQzRIvvIAgnoVq+MM14Bu6OuAG8eLpoL3HRh0NQFeWG4K+7QWzkVzFe0U38VNF/x1glLmVlMIdIT3KbgLtamzzL5HLDEIp6m9OPv8pqD2lPSyABDDg9rNBIzCZKw+4lv5Ek6FnWsfc8hQvQd9qezw3nDa2b6uXU9YQZcV6JL2bJlIRN81juv42I5jHjxZ5O9y4R0WBEFqx44t39nsKFd0MU0sd+DNz2zBVAWJZKK35LgnuwoF7xvOIS1RykcC/N+gcFVl/cPzkRSawKv8SAYX1JmIqpEeLBAhVr0V4Yr5uC06TjarWSvs0t2WplRhIb66ptKMjYsSEj0VkliW/ygti3kA3fXHqvzXLW1+fIa+3Y6T3kxMzorWnFk6/dkKmYDqzdKKth9+7qvoZ0DvF2i5UWpjNsoxEewQiU2wJ/oAh1J6N3mDGY54s8lmE4ZTBa8oIWCE/Y/axgtAkcboJWOt2PJl7WAF+xxGUni+rBGMwtPQhDIscrCAHDO/mkLh4hc7GwJJNWQvClMq2rl2Ta7fOv8HjEdlJd3V4GXB27/SJWZ+XXb2DUWzlzECXNDgfb26+UaKCd50wt8b7BBksmKSUgYrI8vFHIvqrzWi9q6zH0ONES5+dk9NNys621mqo3fwQVGTRPvrV+JeKd6CF87Ofm+h2cItg83ziUnWwvmuBgXFMZqn5yTfVg+3ovabGTqD+9sbYUAEkZiuj6YWeccX4ZC0ZL1AQKBAeLykOyzsujUDHqQ5xm1YOSL7kPcvcQ7mNQUOazTnhNou1qnazqHquT2dAnhyl6RERsr7UA5CDMw27AN9BZVCasTc+2USxwZFUBTy7y1zhdaYRs+MqLgJ2LDXUq0wgcEZiameZHQNuaM3mKXlBXGj4VQszKouTog4o5PTCERw+1RBUgGCA0aE3GOkV4IenLfdw3m59l4y1+O0+qOWOSo0At6mkFLGC7BopQh4BdL0JJBTQDnYWFuvKjQkGZagxtvky2nPTADTuUTw65Hbg2u5XAcRsV4kLOKFHNU628gudJppqGNHEyyus= X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230032)(1800799016)(376006)(36860700005)(82310400018)(35042699014); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jun 2024 13:22:55.8833 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 91b5d199-bc87-4f70-5873-08dc8ae2c572 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AMS0EPF000001A4.eurprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB7710 X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FORGED_SPF_HELO, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org From: Yury Khrustalev This patch adds support for memory protection keys on AArch64 targets where it can be implemented by hardware with enabled Permission Overlay Extension introduced in Armv8.9 / Armv9.4 [1]. 1. Internal functions "pkey_read" and "pkey_write" to access data associated with memory protection keys. 2. Implementation of API functions "pkey_get" and "pkey_set" for the AArch64 target. 3. New target-specific test that checks behaviour of pkeys on AArch64 targets. 4. This patch also extends existing generic test for pkeys. 5. HWCAP constant for Permission Overlay Extension feature. Co-authored-by: Szabolcs Nagy [1] DDI 0487K.a Arm Architecture Reference Manual for A-profile architecture --- This patch is intended to work with and has been tested on a model using the corresponding patch for Linux kernel [2] (latest version so far). Since the Linux counterpart is still in progress, I'm posting this as an RFC to start discussion of the changes on the side of Glibc. Since I've added changes to the generic test "misc/tst-pkey" that runs on several targets, I've tested this change on aarch64-linux-gnu and x86_64-linux-gnu using native build and on the following targets using cross-build (build-many-glibcs.py): - aarch64_be-linux-gnu - arm-linux-gnueabi - armeb-linux-gnueabi - arm-linux-gnueabihf - armeb-linux-gnueabihf - powerpc-linux-gnu - powerpc64-linux-gnu - x86_64-linux-gnu and no regressions have been found. Any feedback welcome! Note, this would only be committed after the kernel API has been fully agreed. [2] https://lore.kernel.org/linux-arm-kernel/20240503130147.1154804-1-joey.gouly@arm.com/ --- sysdeps/unix/sysv/linux/aarch64/Makefile | 3 + sysdeps/unix/sysv/linux/aarch64/arch-pkey.h | 51 +++++++++++ sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 + sysdeps/unix/sysv/linux/aarch64/pkey_get.c | 53 +++++++++++ sysdeps/unix/sysv/linux/aarch64/pkey_set.c | 50 +++++++++++ .../sysv/linux/aarch64/tst-aarch64-pkey.c | 89 +++++++++++++++++++ sysdeps/unix/sysv/linux/tst-pkey.c | 31 ++++++- 7 files changed, 277 insertions(+), 1 deletion(-) create mode 100644 sysdeps/unix/sysv/linux/aarch64/arch-pkey.h create mode 100644 sysdeps/unix/sysv/linux/aarch64/pkey_get.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/pkey_set.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/tst-aarch64-pkey.c diff --git a/sysdeps/unix/sysv/linux/aarch64/Makefile b/sysdeps/unix/sysv/linux/aarch64/Makefile index 40b9a2e5de..1fdad67fae 100644 --- a/sysdeps/unix/sysv/linux/aarch64/Makefile +++ b/sysdeps/unix/sysv/linux/aarch64/Makefile @@ -1,5 +1,8 @@ ifeq ($(subdir),misc) sysdep_headers += sys/elf.h +tests += \ + tst-aarch64-pkey \ + # tests endif ifeq ($(subdir),stdlib) diff --git a/sysdeps/unix/sysv/linux/aarch64/arch-pkey.h b/sysdeps/unix/sysv/linux/aarch64/arch-pkey.h new file mode 100644 index 0000000000..a507bf3608 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/arch-pkey.h @@ -0,0 +1,51 @@ +/* Helper functions for manipulating memory protection keys. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _ARCH_PKEY_H +#define _ARCH_PKEY_H + +#define S1POE_PERM_NO_ACCESS 0b0000UL +#define S1POE_PERM_R 0b0001UL +#define S1POE_PERM_X 0b0010UL +#define S1POE_PERM_RX 0b0011UL +#define S1POE_PERM_W 0b0100UL +#define S1POE_PERM_RW 0b0101UL +#define S1POE_PERM_WX 0b0110UL +#define S1POE_PERM_RWX 0b0111UL + +#define S1POE_PERM_MASK 0b1111UL + +#define S1POE_BITS_PER_POI 4UL + +/* Return the value of the POR_EL0 register. */ +static inline unsigned long +pkey_read (void) +{ + unsigned long r; + __asm__ volatile ("mrs %0, s3_3_c10_c2_4" : "=r" (r)); + return r; +} + +/* Overwrite the POR_EL0 register with VALUE. */ +static inline void +pkey_write (unsigned long value) +{ + __asm__ volatile ("msr s3_3_c10_c2_4, %0" : : "r" (value)); +} + +#endif /* _ARCH_PKEY_H */ diff --git a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h index 8dceaa1a52..2fa158fcc0 100644 --- a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h +++ b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h @@ -118,3 +118,4 @@ #define HWCAP2_SME_SF8FMA (1UL << 60) #define HWCAP2_SME_SF8DP4 (1UL << 61) #define HWCAP2_SME_SF8DP2 (1UL << 62) +#define HWCAP2_POE (1UL << 63) diff --git a/sysdeps/unix/sysv/linux/aarch64/pkey_get.c b/sysdeps/unix/sysv/linux/aarch64/pkey_get.c new file mode 100644 index 0000000000..444cd001dc --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/pkey_get.c @@ -0,0 +1,53 @@ +/* Reading the per-thread memory protection key, AArch64 version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +int +pkey_get (int key) +{ + if (key < 0 || key > 15) + { + __set_errno (EINVAL); + return -1; + } + unsigned long por_el0 = pkey_read (); + unsigned long perm = (por_el0 >> (S1POE_BITS_PER_POI * key)) & S1POE_PERM_MASK; + + /* Only the following mapping between POR permission bits (4 bits) + and PKEY flags is guaranteed: + + -WXR + 0010 => PKEY_DISABLE_ACCESS (execute only) + 0011 => PKEY_DISABLE_WRITE (read-execute) + 0111 => 0 (no restrictions, read-write-execute) + otherwise => undefined behavior + + Note that pkey_set and pkey_alloc would only set these specific + values. */ + + if (perm == S1POE_PERM_X) + return PKEY_DISABLE_ACCESS; + if (perm == S1POE_PERM_RX) + return PKEY_DISABLE_WRITE; + if (perm == S1POE_PERM_RWX) + return 0; // no restrictions + return PKEY_DISABLE_ACCESS; // undefined behavior +} diff --git a/sysdeps/unix/sysv/linux/aarch64/pkey_set.c b/sysdeps/unix/sysv/linux/aarch64/pkey_set.c new file mode 100644 index 0000000000..30b79fcdb2 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/pkey_set.c @@ -0,0 +1,50 @@ +/* Changing the per-thread memory protection key, AArch64 version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +int +pkey_set (int key, unsigned int rights) +{ + if (key < 0 || key > 15 || rights > 3) + { + __set_errno (EINVAL); + return -1; + } + unsigned long mask = S1POE_PERM_MASK << (S1POE_BITS_PER_POI * key); + unsigned long por_el0 = pkey_read (); + unsigned long perm; + + /* POR ot PKEY mapping: -WXR + PKEY_DISABLE_ACCESS => 0010 (execute only) + PKEY_DISABLE_WRITE => 0011 (read-execute) + 0, no restrictions => 0111 (read-write-execute) */ + + if (rights & PKEY_DISABLE_ACCESS) + perm = S1POE_PERM_X; + else if (rights & PKEY_DISABLE_WRITE) + perm = S1POE_PERM_RX; + else + perm = S1POE_PERM_RWX; + + por_el0 = (por_el0 & ~mask) | (perm << (S1POE_BITS_PER_POI * key)); + pkey_write (por_el0); + return 0; +} diff --git a/sysdeps/unix/sysv/linux/aarch64/tst-aarch64-pkey.c b/sysdeps/unix/sysv/linux/aarch64/tst-aarch64-pkey.c new file mode 100644 index 0000000000..9fa13f7df5 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/tst-aarch64-pkey.c @@ -0,0 +1,89 @@ +/* AArch64 tests for memory protection keys. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static volatile sig_atomic_t sigusr1_handler_ran; +static volatile int pkey; + +/* On AArch64 access is revoked during signal handling. */ +static void +sigusr1_handler (int signum) +{ + TEST_COMPARE (signum, SIGUSR1); + TEST_COMPARE (pkey_get (pkey), PKEY_DISABLE_ACCESS); + sigusr1_handler_ran += 1; +} + +static int +do_test (void) +{ + + pkey = pkey_alloc (0, 0); + if (pkey < 0) + { + if (errno == ENOSYS || errno == EINVAL) + FAIL_UNSUPPORTED + ("kernel or CPU does not support memory protection keys"); + FAIL_EXIT1 ("pkey_alloc: %m"); + } + + long pagesize = xsysconf (_SC_PAGESIZE); + + int *page = xmmap (NULL, pagesize, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1); + pkey = pkey_alloc (0, 0); + + /* On AArch64 pkey == 0 is reserved and should never be accocated. */ + TEST_VERIFY (pkey > 0); + TEST_COMPARE (pkey_get(pkey), 0); + + /* Check that access is revoked during signal handling + with initial rights being set to no restrictions. */ + TEST_COMPARE (pkey_mprotect ((void *) page, pagesize, PROT_READ | PROT_WRITE, pkey), 0); + xsignal (SIGUSR1, &sigusr1_handler); + xraise (SIGUSR1); + xsignal (SIGUSR1, SIG_DFL); + TEST_COMPARE (sigusr1_handler_ran, 1); + + /* Check that access is revoked during signal handling + with initial rights being set to PKEY_DISABLE_WRITE. */ + TEST_COMPARE (pkey_set (pkey, PKEY_DISABLE_WRITE), 0); + xsignal (SIGUSR1, &sigusr1_handler); + xraise (SIGUSR1); + xsignal (SIGUSR1, SIG_DFL); + TEST_COMPARE (sigusr1_handler_ran, 2); + + TEST_COMPARE (pkey_free(pkey), 0); + + xmunmap ((void *) page, pagesize); + + return 0; +} + +#include diff --git a/sysdeps/unix/sysv/linux/tst-pkey.c b/sysdeps/unix/sysv/linux/tst-pkey.c index d9083daab9..5106f2050e 100644 --- a/sysdeps/unix/sysv/linux/tst-pkey.c +++ b/sysdeps/unix/sysv/linux/tst-pkey.c @@ -185,6 +185,7 @@ do_test (void) xmunmap (page, pagesize); } + /* Create thread before setting up key in the current thread. */ xpthread_barrier_init (&barrier, NULL, 2); bool delayed_thread_check_access = true; pthread_t delayed_thread = xpthread_create @@ -206,8 +207,36 @@ do_test (void) FAIL_EXIT1 ("pkey_alloc: %m"); } TEST_COMPARE (pkey_get (keys[0]), 0); + + /* Check that initial rights that are set via pkey_alloc + can be accessed via pkey_get. */ + { + int pkey = -1; + pkey = pkey_alloc (0, PKEY_DISABLE_ACCESS); + TEST_COMPARE (pkey_get (pkey), PKEY_DISABLE_ACCESS); + pkey_free(pkey); + pkey = pkey_alloc (0, PKEY_DISABLE_WRITE); + TEST_COMPARE (pkey_get (pkey), PKEY_DISABLE_WRITE); + pkey_free(pkey); + } + + /* Check that unallocated pkey is not accepted by the + pkey_mprotect function. */ + { + int pkey = -1; + pkey = pkey_alloc (0, PKEY_DISABLE_WRITE); + pkey_free (pkey); + int *page = xmmap (NULL, pagesize, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1); + TEST_COMPARE (pkey_mprotect (page, pagesize, PROT_READ, pkey), -1); + TEST_COMPARE (errno, EINVAL); + xmunmap (page, pagesize); + } + for (int i = 1; i < key_count; ++i) { + /* i == 1 corresponds to PKEY_DISABLE_ACCESS + i == 2 corresponds to PKEY_DISABLE_WRITE */ keys[i] = pkey_alloc (0, i); if (keys[i] < 0) FAIL_EXIT1 ("pkey_alloc (0, %d): %m", i); @@ -349,7 +378,7 @@ do_test (void) not what happens in practice. */ { /* The limit is in place to avoid running indefinitely in case - there many keys available. */ + there are many keys available. */ int *keys_array = xcalloc (100000, sizeof (*keys_array)); int keys_allocated = 0; while (keys_allocated < 100000)