From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49A7FCA9EAF for ; Mon, 21 Oct 2019 16:49:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1C1102086D for ; Mon, 21 Oct 2019 16:49:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728129AbfJUQtc (ORCPT ); Mon, 21 Oct 2019 12:49:32 -0400 Received: from [217.140.110.172] ([217.140.110.172]:58292 "EHLO foss.arm.com" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1726672AbfJUQtb (ORCPT ); Mon, 21 Oct 2019 12:49:31 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AD150175A; Mon, 21 Oct 2019 09:49:08 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E008A3F71F; Mon, 21 Oct 2019 09:49:06 -0700 (PDT) Date: Mon, 21 Oct 2019 17:49:04 +0100 From: Mark Rutland To: Sami Tolvanen Cc: Jann Horn , Will Deacon , Catalin Marinas , Steven Rostedt , Ard Biesheuvel , Dave Martin , Kees Cook , Laura Abbott , Nick Desaulniers , clang-built-linux , Kernel Hardening , linux-arm-kernel , kernel list Subject: Re: [PATCH 18/18] arm64: implement Shadow Call Stack Message-ID: <20191021164904.GD56589@lakrids.cambridge.arm.com> References: <20191018161033.261971-1-samitolvanen@google.com> <20191018161033.261971-19-samitolvanen@google.com> <20191018172309.GB18838@lakrids.cambridge.arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.1+11 (2f07cb52) (2018-12-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 18, 2019 at 10:35:49AM -0700, Sami Tolvanen wrote: > On Fri, Oct 18, 2019 at 10:23 AM Mark Rutland wrote: > > I think scs_save() would better live in assembly in cpu_switch_to(), > > where we switch the stack and current. It shouldn't matter whether > > scs_load() is inlined or not, since the x18 value _should_ be invariant > > from the PoV of the task. > > Note that there's also a call to scs_save in cpu_die, because the > current task's shadow stack pointer is only stored in x18 and we don't > want to lose it. > > > We just need to add a TSK_TI_SCS to asm-offsets.c, and then insert a > > single LDR at the end: > > > > mov sp, x9 > > msr sp_el0, x1 > > #ifdef CONFIG_SHADOW_CALL_STACK > > ldr x18, [x1, TSK_TI_SCS] > > #endif > > ret > > TSK_TI_SCS is already defined, so yes, we could move this to > cpu_switch_to. I would still prefer to have the overflow check that's > in scs_thread_switch though. The only bit that I think needs to be in cpu_switch_to() is the install of the next task's shadow addr into x18. Having a separate scs_check_overflow() sounds fine to me, as that only has to read from the shadow stack. IIUC that's also for the prev task, not next, in the current patches. Thanks, Mark. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6B47CA9EAF for ; Mon, 21 Oct 2019 16:49:22 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6CE112086D for ; Mon, 21 Oct 2019 16:49:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ei0J4PjF" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6CE112086D Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=9jLl1g+lqh6BtbpZj5YNA002C1/5yZc/+yJOJxi3pt0=; b=ei0J4PjFu8meDR sdTFGra+nu/+655tJtgyiZfCX4vnJQCOwaTb4qPZ7CB/gn19dTKg5tDxni5jBegyJmdJp6Oc0dU7A co4626Tk50NQG1Mvt3PHLPFUIzb5dorYQYaw17P5+/QNhOTp1+5V8eupFK0I2Wy1Q94CmcvgT+O3i VsxmeYZpqPu+2lvNEBjswmC33iR0Ql0EOxTZhufkFoyIsniiXIT0a+jYBFOunhPlqUiXaJWbKqzuo pZuWqGcgD2bqq4ZM45luIzeLieoDEm3C7ta14YR2GJYIUrnRii3MNSqtdCNygu2f+viS3ajuLzlEb aKNrgSCHfhUUoMcvzNiQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iMarx-0004OJ-TT; Mon, 21 Oct 2019 16:49:21 +0000 Received: from [217.140.110.172] (helo=foss.arm.com) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iMarv-0004NY-7L for linux-arm-kernel@lists.infradead.org; Mon, 21 Oct 2019 16:49:20 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id AD150175A; Mon, 21 Oct 2019 09:49:08 -0700 (PDT) Received: from lakrids.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E008A3F71F; Mon, 21 Oct 2019 09:49:06 -0700 (PDT) Date: Mon, 21 Oct 2019 17:49:04 +0100 From: Mark Rutland To: Sami Tolvanen Subject: Re: [PATCH 18/18] arm64: implement Shadow Call Stack Message-ID: <20191021164904.GD56589@lakrids.cambridge.arm.com> References: <20191018161033.261971-1-samitolvanen@google.com> <20191018161033.261971-19-samitolvanen@google.com> <20191018172309.GB18838@lakrids.cambridge.arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.1+11 (2f07cb52) (2018-12-01) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191021_094919_308494_8D84F5BE X-CRM114-Status: GOOD ( 14.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Ard Biesheuvel , Catalin Marinas , Jann Horn , Nick Desaulniers , kernel list , Steven Rostedt , clang-built-linux , Kernel Hardening , Laura Abbott , Will Deacon , Dave Martin , linux-arm-kernel Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Fri, Oct 18, 2019 at 10:35:49AM -0700, Sami Tolvanen wrote: > On Fri, Oct 18, 2019 at 10:23 AM Mark Rutland wrote: > > I think scs_save() would better live in assembly in cpu_switch_to(), > > where we switch the stack and current. It shouldn't matter whether > > scs_load() is inlined or not, since the x18 value _should_ be invariant > > from the PoV of the task. > > Note that there's also a call to scs_save in cpu_die, because the > current task's shadow stack pointer is only stored in x18 and we don't > want to lose it. > > > We just need to add a TSK_TI_SCS to asm-offsets.c, and then insert a > > single LDR at the end: > > > > mov sp, x9 > > msr sp_el0, x1 > > #ifdef CONFIG_SHADOW_CALL_STACK > > ldr x18, [x1, TSK_TI_SCS] > > #endif > > ret > > TSK_TI_SCS is already defined, so yes, we could move this to > cpu_switch_to. I would still prefer to have the overflow check that's > in scs_thread_switch though. The only bit that I think needs to be in cpu_switch_to() is the install of the next task's shadow addr into x18. Having a separate scs_check_overflow() sounds fine to me, as that only has to read from the shadow stack. IIUC that's also for the prev task, not next, in the current patches. Thanks, Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel