| Age | Commit message (Collapse) | Author |
|---|
|
This allows the package to serve as a general purpose ring0 support package, as
opposed to being bound to specific sentry platforms.
Updates #5039
PiperOrigin-RevId: 355220044
|
|
* Make split safe.
* Enable looking up next valid address.
* Support mappings with !accessType.Any(), distinct from unmap.
These changes allow for the use of pagetables in low-level OS packages, such
as ring0, and allow for the use of pagetables for more generic address space
reservation (by writing entries with no access specified).
Updates #5039
PiperOrigin-RevId: 355109016
|
|
These are primarily simplification and lint mistakes. However, minor
fixes are also included and tests added where appropriate.
PiperOrigin-RevId: 351425971
|
|
This requires several changes:
* Templates must preserve relevant tags.
* Pagetables templates are split into two targets, each preserving tags.
* The binary VDSO is similarly split into two targets, with some juggling.
* The top level tools/go_branch.sh now does a crossbuild of ARM64 as well,
and checks and merges the results of the two branches together.
Fixes #5178
PiperOrigin-RevId: 351304330
|
|
PiperOrigin-RevId: 350862699
|
|
global
In order to improve the performance, some kpti related codes(TCR.A1) have
been reverted, and set kernel pagetable as global.
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
PiperOrigin-RevId: 347890782
|
|
PiperOrigin-RevId: 347660920
|
|
PiperOrigin-RevId: 346496532
|
|
PiperOrigin-RevId: 346134026
|
|
Add more comments and more handling for exceptions.
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
This patch adds support for tlbi-vale1ls/tlbi-aside1ls.
And make the code consistent with the flush strategy of the x86 platform.
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
As PCALIGN is available on golang asm for arm64.
https://golang.org/pkg/cmd/internal/obj/arm64/
No need to use rewriteVectors() to ensure
alignment of exception vector.
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
PiperOrigin-RevId: 343130667
|
|
PiperOrigin-RevId: 343000335
|
|
Optimize and bug fix all fpsimd related code.
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
I added 2 unified processing functions for all exceptions of el/el0
Signed-off-by: Robin Luk <lubin.lu@antgroup.com>
|
|
feature
Signed-off-by: Robin Luk <lubin.lu@alibaba-inc.com>
|
|
PiperOrigin-RevId: 341445910
|
|
PiperOrigin-RevId: 340484823
|
|
Use an sErr injection to trigger sigbus when we receive EFAULT from the
run ioctl.
After applying this patch, mmap_test_runsc_kvm will be passed on
Arm64.
Signed-off-by: Bin Lu <bin.lu@arm.com>
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/4542 from lubinszARM:pr_kvm_mmap_1 f81bd42466d1d60a581e5fb34de18b78878c68c1
PiperOrigin-RevId: 340461239
|
|
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
Fixes: #509
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com>
Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
|
|
current when save fpsmid register is using following
instruction:
# FMOVD Fx, 16*1(R0)
this instruction will compiled to:
# str Dx, [x0, #16]
Dx is 64bit fp register not 128bit, then upper 64bit data
will be lossed, this will cause application meet many random
crash issue. need use 128bit register Vx or Q0 to save and
restore the fpsmid context.
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
PiperOrigin-RevId: 338321125
|
|
PiperOrigin-RevId: 338126491
|
|
Consistent with the linux approach, we will produce a sigill to handle
el0_undef.
After applying this patch, exec_binary_test_runsc_kvm will be passed on
Arm64.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 337544656
|
|
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
PiperOrigin-RevId: 336976081
|
|
PiperOrigin-RevId: 336962937
|
|
The tls of guest-el1-sentry and host-el0-sentry may be different on Arm64.
I added a solution for it.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
PiperOrigin-RevId: 336366624
|
|
PiperOrigin-RevId: 336362818
|
|
the correct value needed is 0xbbff440c0400 but the const
defined is 0x000000000000ffc0 due to the operator error
in _MT_EL1_INIT, both kernel and user space memory
attribute should be Normal memory not DEVICE_nGnRE
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
PiperOrigin-RevId: 335930035
|
|
PiperOrigin-RevId: 335532690
|
|
Before we thought that interrupts are always disabled in the kernel
space, but here is a case when goruntime switches on a goroutine which
has been saved in the host mode. On restore, the popf instruction is
used to restore flags and this means that all flags what the goroutine
has in the host mode will be restored in the kernel mode. And in the
host mode, interrupts are always enabled.
The long story short, we can't use the IF flag for determine whether a
tasks is running in user or kernel mode.
This patch reworks the code so that in userspace, the first bit of the
IOPL flag will be always set. This doesn't give any new privilidges for
a task because CPL in userspace is always 3. But then we can use this
flag to distinguish user and kernel modes. The IOPL flag is never set in
the kernel and host modes.
Reported-by: syzbot+5036b325a8eb15c030cf@syzkaller.appspotmail.com
Reported-by: syzbot+034d580e89ad67b8dc75@syzkaller.appspotmail.com
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
PiperOrigin-RevId: 334674481
|
|
Currently there is a problem with the preservation of usr-tls, which leads
to the contamination of sentry tls.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
after the SWITCH_TO_APP_PAGETABLE, the ASID is changed
to the application ASID, but there are still some
instruction before ERET, since these instruction is
not use the kernel address space, it may use the application's
TLB, which will cause fault, this patch can make sure that
after SWITCH_TO_APP_PAGETABLE sentry is still use kernel
address space which is mapped as Global.
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
some application such as openjdk will excute
DC CVAU at el0, if SCTLR_UCI is not set, it
will trap to EL1 which will cause panic.
Signed-off-by: Min Le <lemin.lm@antgroup.com>
|
|
PiperOrigin-RevId: 332069743
|
|
Some optimizations in this pr:
1, Move ASID from TTBR0 to TTBR1
2, tlb_flush_all
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Some CPUs(eg: ampere-emag) can speculate past an ERET instruction and potentially perform
speculative accesses to memory before processing the exception return.
Since the register state is often controlled by a lower privilege level
at the point of an ERET, this could potentially be used as part of a
side-channel attack.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 325546308
|
