[PATCH v3 3/7] arm64: uaccess: Add additional userspace GCS accessors

Sun, 04 May 2025 16:33:43 -0700 

Uprobes need more advanced read, push, and pop userspace GCS
functionality. Implement those features using the existing gcsstr()
and copy_from_user().

Its important to note that GCS pages can be read by normal
instructions, but the hardware validates that pages used by GCS
specific operations, have a GCS privilege set. We aren't validating this
in load_user_gcs because it requires stabilizing the VMA over the read
which may fault.

Signed-off-by: Jeremy Linton <jeremy.lin...@arm.com>
---
 arch/arm64/include/asm/uaccess.h | 42 ++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index 5b91803201ef..34a8b2cc8935 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -20,6 +20,7 @@
 
 #include <asm/asm-extable.h>
 #include <asm/cpufeature.h>
+#include <asm/gcs.h>
 #include <asm/mmu.h>
 #include <asm/mte.h>
 #include <asm/ptrace.h>
@@ -539,6 +540,47 @@ static inline void put_user_gcs(unsigned long val, 
unsigned long __user *addr,
        uaccess_ttbr0_disable();
 }
 
+static __always_inline unsigned long __must_check
+copy_from_user(void *to, const void __user *from, unsigned long n);
+
+/*
+ * Unlike put_user_gcs() above, the use of copy_from_user() may provide
+ * an opening for non GCS pages to be used to source data. Therefore this
+ * should only be used in contexts where that is acceptable.
+ */
+static inline u64 load_user_gcs(unsigned long __user *addr, int *err)
+{
+       unsigned long ret;
+       u64 load = 0;
+
+       gcsb_dsync();
+       ret = copy_from_user(&load, addr, sizeof(load));
+       if (ret != 0)
+               *err = ret;
+       return load;
+}
+
+static inline void push_user_gcs(unsigned long val, int *err)
+{
+       u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0);
+
+       gcspr -= sizeof(u64);
+       put_user_gcs(val, (unsigned long __user *)gcspr, err);
+       if (!*err)
+               write_sysreg_s(gcspr, SYS_GCSPR_EL0);
+}
+
+static inline u64 pop_user_gcs(int *err)
+{
+       u64 gcspr = read_sysreg_s(SYS_GCSPR_EL0);
+       u64 read_val;
+
+       read_val = load_user_gcs((unsigned long __user *)gcspr, err);
+       if (!*err)
+               write_sysreg_s(gcspr + sizeof(u64), SYS_GCSPR_EL0);
+
+       return read_val;
+}
 
 #endif /* CONFIG_ARM64_GCS */
 
-- 
2.49.0

Reply via email to