From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 743C9C433EF
	for <linux-arm-kernel@archiver.kernel.org>; Mon, 22 Nov 2021 09:47:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=dXK0gzAaD5FUJJplxGk918AHLAmWotRQPycuqCT/H0U=; b=CSpHtskIvY3W0l
	VghRIQHrZppXedydfcnNGI4FXfyNclCbMIW8x4Tr4QWlAqAVHBd6jbFpY4RIvVPPYPCKF7Pm5HerO
	Y6PCnzO+SYaNLNsqIzCacwFtV9tSP3rmIy8SSHxWeco+1BVBzmOMYzybk4jsly3bp5EGGQKrIZWgU
	6o6efhe2DwwH/AthnC9GKzDv/n2oEXOBp6oI/N6DxL4GF5WQdxFRTjDIC3l7WPskGerqlARJqsRyF
	H8XZRtkEVNSLeQ2uRZiNuA8WFHdOrrdzmE8nmSa9Diuy4xDf/AuQDpkdgOjUz1kSWfFIP0M0YreEV
	e+iZ75j7KrDg6Eui6V0w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mp5tK-00FfOZ-NQ; Mon, 22 Nov 2021 09:45:40 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mp5cg-00FaMb-8L
 for linux-arm-kernel@lists.infradead.org; Mon, 22 Nov 2021 09:28:32 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id 085C5604DA;
 Mon, 22 Nov 2021 09:28:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1637573305;
 bh=GM2OJ+j8N8jvzJu4ylNbVH02IV7lfaJsnCzNNYqOuKQ=;
 h=From:To:Cc:Subject:Date:From;
 b=jUrdlpiGVw83zhZ2g52zgvVfCviWmNVvF4k4zQek6+w8QfO4A9Q8e5PRQkq/Ymj/0
 30mxbajTdqDNPcp1dpEJI0GOjVywxVxwFDRke4/ZNx0JyjcYMJZBD/IFSqFuLjE64k
 7dqtqZlCLsz07s1yBe7Zg34fx8nPkelb6W0602dBH2obHjYwDKajZh0BUg+rKvhOvC
 wYtlGT/p5ZC+oYLPGWgbqvwimujOjNv3NSM2ZQCtfMcOvp9+WbHpXstgVQKCGbV5rj
 higL/YOdFe4ZRKmKumQGp9s9t89h4DP6C2xWPppEqYsgjMshM8aNc+0DCpyaIndjfo
 rFJbKFnr18olw==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Russell King <linux@armlinux.org.uk>,
 Nicolas Pitre <nico@fluxnic.net>, Arnd Bergmann <arnd@arndb.de>,
 Kees Cook <keescook@chromium.org>, Keith Packard <keithpac@amazon.com>,
 Linus Walleij <linus.walleij@linaro.org>,
 Nick Desaulniers <ndesaulniers@google.com>,
 Tony Lindgren <tony@atomide.com>
Subject: [PATCH v4 0/7] ARM: add vmap'ed stack support
Date: Mon, 22 Nov 2021 10:28:09 +0100
Message-Id: <20211122092816.2865873-1-ardb@kernel.org>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=4671; h=from:subject;
 bh=GM2OJ+j8N8jvzJu4ylNbVH02IV7lfaJsnCzNNYqOuKQ=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBhm2KjGxui0b4ReM+qeW37UI3jaMFgHJ+G717oAvCi
 dA2mc12JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYZtiowAKCRDDTyI5ktmPJDI7C/
 4q1n/BOmb57W3WXVaHx18+2i5TsFJEt18+Pf+4e/rGCMdae8UOOyA30pJQeoQPus25Pf+Cp/7QbioG
 2JvQ08NFUX7Af2G13IhaLfM/+pswbvPWbWcGr5e02bJ7q8jEymCWh074zO5pq+Li3B41lprPyCC32M
 32/RVTge0z8rtOkagK4BAHJiVSHc0nuYFw2kyrBpV7pJuBVKo9ESPxMwivdmCA1NN6hgNGHw+ndr69
 yQNl1NIB+bEnTTcJimn56RvOJH9Nio8LyU9Kx1thft/11eqbcb+vLv0pr2wmc5eMxc7HrS4Lpdn642
 IyUFgcmMfEm2krydw2/CR7PQ1V+e3nLhlG9U5jGBlo0ovk+4Kls+mHbdHW/Nft9J88xNrIxJHhMsKT
 di9qSC0waI3ljP9Q3mjJvGoE5StQRx8W6MZ98A+7kPSNgoUbAeIC17dGXY0zHzfnCTjgtLK+OpH1xp
 81uh7CzohD+H1FAflXWShd8AOfij1koe2zNTxb+Vwg/m4=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20211122_012826_404390_AB79F819 
X-CRM114-Status: GOOD (  20.89  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

This series enables support on ARM for vmap'ed task and IRQ stacks in
the kernel. This is an important hardening feature that terminates tasks
on inadvertent or deliberate accesses past the stack pointer, which
might otherwise go completely unnoticed.

Since having an accurate backtrace is especially important in such
cases, this series includes some enhancements to the unwinder and to
some hand rolled unwind info to increase the likelihood that a backtrace
can be generated when relying on the ARM unwinder. The frame pointer
unwinder turns out to be rather bullet proof in this context, and does
not need any such enhancements.

According to a quick survey I did, compiler generated code puts a single
stack push as the first instruction in about 2/3 of the cases, which the
unwinder can deal with after applying patch #4, even if this push
faulted because of a stack overflow. In the remaining cases, the
compiler tends to fall back to R11 or R7 as the frame pointer (on ARM
or Thumb-2, respectively), or emit partial unwind frames for the part of
the function that runs before the stack frame is set up, and the part
that runs inside the stack frame. In either case, the unwinder can deal
with such occurrences as they don't rely on the stack pointer directly.

Changes since v3:
- avoid using the wrong virtual to physical translation on the stack
  pointer in the suspend/cpuidle code path, 
- check whether SP points into the linear map rather than whether it
  points into the overflow stack specifically, so that other stacks
  are disregarded as well,
- use a per-CPU pointer rather than a per-CPU allocation for the
  overflow stack, so the stack itself can be allocated via the page
  allocator,
- avoid deliberately corrupting any task userland state, by repurposing
  the padding in the per-mode stacks as scratch space to hold a single
  GPR value, and rejigging the __bad_stack handler to only require a
  single GPR to load the overflow stack address into SP.

Changes since v2:
- rebase onto v5.16-rc1
- incorporate Nico's review feedback

Changes since v1:
- handle a missed corner case in svc_entry code, and while at it,
  streamline it a bit, especially for Thumb-2, which no longer
  needs to move SP into R0 twice to do the overflow check and the
  alignment check,
- improve the memcpy patch so that we no longer need to push the frame
  pointer separately,
- add Keith's tested-by

Patches #1, #2 and #3 update the ARM asm string routines to align more
closely with the compiler's approach in terms of unwind tables,
increasing the likelihood that we can unwind them in case of a stack
overflow.

Patches #5 and #6 do some preparatory refactoring for the entry and
switch_to code, to reduce clutter in patch #7.

Patch #7 wires up the generic support, and adds the entry code to detect
and deal with stack overflows.

This series applies onto my IRQ stacks series sent out earlier:
https://lore.kernel.org/linux-arm-kernel/20211115084732.3704393-1-ardb@kernel.org/

Cc: Russell King <linux@armlinux.org.uk>
Cc: Nicolas Pitre <nico@fluxnic.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Keith Packard <keithpac@amazon.com>
Cc: Linus Walleij <linus.walleij@linaro.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Tony Lindgren <tony@atomide.com>

Ard Biesheuvel (7):
  ARM: memcpy: use frame pointer as unwind anchor
  ARM: memmove: use frame pointer as unwind anchor
  ARM: memset: clean up unwind annotations
  ARM: unwind: disregard unwind info before stack frame is set up
  ARM: switch_to: clean up Thumb2 code path
  ARM: entry: rework stack realignment code in svc_entry
  ARM: implement support for vmap'ed stacks

 arch/arm/Kconfig                   |   1 +
 arch/arm/include/asm/page.h        |   4 +
 arch/arm/include/asm/thread_info.h |   8 ++
 arch/arm/kernel/entry-armv.S       | 139 +++++++++++++++++---
 arch/arm/kernel/entry-header.S     |  37 ++++++
 arch/arm/kernel/irq.c              |   9 +-
 arch/arm/kernel/setup.c            |   8 +-
 arch/arm/kernel/sleep.S            |   8 ++
 arch/arm/kernel/traps.c            |  80 ++++++++++-
 arch/arm/kernel/unwind.c           |  19 ++-
 arch/arm/kernel/vmlinux.lds.S      |   4 +-
 arch/arm/lib/copy_from_user.S      |  13 +-
 arch/arm/lib/copy_template.S       |  67 ++++------
 arch/arm/lib/copy_to_user.S        |  13 +-
 arch/arm/lib/memcpy.S              |  13 +-
 arch/arm/lib/memmove.S             |  60 +++------
 arch/arm/lib/memset.S              |   7 +-
 17 files changed, 349 insertions(+), 141 deletions(-)

-- 
2.30.2

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel