From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28F79C433F5 for ; Wed, 8 Sep 2021 07:01:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 112AC6113D for ; Wed, 8 Sep 2021 07:01:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348017AbhIHHCx (ORCPT ); Wed, 8 Sep 2021 03:02:53 -0400 Received: from smtp-relay-internal-1.canonical.com ([185.125.188.123]:35840 "EHLO smtp-relay-internal-1.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346092AbhIHHCq (ORCPT ); Wed, 8 Sep 2021 03:02:46 -0400 Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 8D94B3F335 for ; Wed, 8 Sep 2021 07:01:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1631084497; bh=7OsT0XPB+KLnwypcRQ26qkCgD4akJ8q/u9rPuGRcl6M=; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type; b=Qw+NdwZRVNVRT5UI/DEvYtfCw2eqwT8ZkDg+2IWACaCthxWKo5tiupE9FHxyagDeL N4hKCXp4mfgcKYSqL/FEY/w1IvDVWa7HPcVzgfZslomB3Zv/BGIFuMjYmDSppYStWY QE9ztbs7eKY+8PXbK2XgfYMS/J4H/lZbNl0qk/NMY0OiLw/jQWkKUmQdKC4UZyxqxc CCVr3fVlAzu2jc2oNY/7uJbmYYqm/qLra+XRASMLMF3ZAgy3xCGTRKJJk+dt5iiHkp urtCo/U2yVtZLSfH8Fz2WRWry+VhszcxCaxyYC+TRtOGACdmmyl3lu7GObl7dherTJ HNSYPOl/KOn7w== Received: by mail-wr1-f69.google.com with SMTP id p10-20020adfce0a000000b001572d05c970so201482wrn.21 for ; Wed, 08 Sep 2021 00:01:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7OsT0XPB+KLnwypcRQ26qkCgD4akJ8q/u9rPuGRcl6M=; b=mVlFju2JSBIzWbJKhgUGBa5mwD3/4tRIbUY/vRdU/YCtKB/1nSaN5GnV28Hz+yIB25 nXoLl2XdwYl4oFTtSBEgo0kyaG7Uze1baaMK4OcZ73cKABN/8RjqmJZ0J3/CXwufESz5 BCJ1gRBZWva4Ty6VxMprJnPrBeOplNydKWkdxZCbMMuJjB51WIT8zPVtzmVBgYq6n2rU OtPV31ZuSxA506/PGbPv/NjAsXYA/AxGTrmWGAKulPGKpHgA5fohNZpNXptQBruMzIRJ ujLX7VaX+cjnaBXAivE3bjI/JXz1w4Ax8TR8VXS8SjGs9hFgA8rz51yZNNUduKnDGbWR x5Kw== X-Gm-Message-State: AOAM533AzFOK56/pYEjBFk4VRElZPJvmSh9NbY4F+ceBBegchWd0zUMq ceTo+UrpbUQbZpntlDlrszqUE+mXZMlhBfolxkYEdUQOJBP1isXHyudD5C2DvwQIbc8Muiv9OMM 74OJNv8ERWw11MfeQsiyYRNu+mWf2TUJLhFgSp9wqqw== X-Received: by 2002:a05:6000:1010:: with SMTP id a16mr2165630wrx.70.1631084486184; Wed, 08 Sep 2021 00:01:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwAmJ4+SOX1o+v7aucWstLZvxDjC7dz0hHMt68cmrHjjVhjdJdEeWBblBfkce0XG8SHHwAphg== X-Received: by 2002:a05:6000:1010:: with SMTP id a16mr2165600wrx.70.1631084485973; Wed, 08 Sep 2021 00:01:25 -0700 (PDT) Received: from [192.168.3.211] ([79.98.113.74]) by smtp.gmail.com with ESMTPSA id o14sm1164596wrg.91.2021.09.08.00.01.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Sep 2021 00:01:25 -0700 (PDT) Subject: Re: [PATCH 0/7] ARM: support THREAD_INFO_IN_TASK (v3) To: Keith Packard , linux-kernel@vger.kernel.org Cc: Abbott Liu , Andrew Morton , Andrey Ryabinin , Anshuman Khandual , Ard Biesheuvel , Arnd Bergmann , Bjorn Andersson , Christoph Lameter , Dennis Zhou , Geert Uytterhoeven , Jens Axboe , Joe Perches , Kees Cook , Linus Walleij , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, Manivannan Sadhasivam , Marc Zyngier , Masahiro Yamada , Mike Rapoport , Nathan Chancellor , Nick Desaulniers , Nick Desaulniers , Nicolas Pitre , Russell King , Tejun Heo , Thomas Gleixner , =?UTF-8?Q?Uwe_Kleine-K=c3=b6nig?= , Valentin Schneider , Viresh Kumar , "Wolfram Sang (Renesas)" , YiFei Zhu References: <20210904060908.1310204-1-keithp@keithp.com> <20210907220038.91021-1-keithpac@amazon.com> From: Krzysztof Kozlowski Message-ID: <2d5e3f95-77ce-cd26-9020-3c1a8a65e799@canonical.com> Date: Wed, 8 Sep 2021 09:01:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210907220038.91021-1-keithpac@amazon.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/09/2021 00:00, Keith Packard wrote: > Placing thread_info in the kernel stack leaves it vulnerable to stack > overflow attacks. This short series addresses that by using the > existing THREAD_INFO_IN_TASK infrastructure. > > This is the third version of this series, in this version the changes > are restricted to hardware which provides the TPIDRPRW register. This > register is repurposed from holding the per_cpu_offset value to > holding the 'current' value as that allows fetching this value > atomically so that it can be used in a preemptable context. > > The series is broken into seven pieces: > > 1) Change the secondary_start_kernel API to receive the cpu > number. This avoids needing to be able to find this value independently in > future patches. > > 2) Change the secondary_start_kernel API to also receive the 'task' > value. Passing the value to this function also avoids needing to > be able to discover it independently. > > 3) A cleanup which avoids assuming that THREAD_INFO_IN_TASK is not set. > > 4) A hack, borrowed from the powerpc arch, which allows locating the 'cpu' > field in either thread_info or task_struct, without requiring linux/sched.h > to be included in asm/smp.h > > 5) Disable the optimization storing per_cpu_offset in TPIDRPRW. This leaves > the register free to hold 'current' instead. > > 6) Use TPIDRPRW for 'current'. This is enabled for either CPU_V6K or CPU_V7, > but not if CPU_V6 is also enabled. > > 7) Enable THREAD_INFO_IN_TASK whenever TPIDRPRW is used to hold 'current'. Hi, Thanks for your patches. This seems to be a v3 but the patches are not marked with it. Use "-v3" in format-patch to get it right. The email here also lacks diffstat which is useful, for example to check whether any maintainer's relevant files are touched here. You can get it with "--cover-letter". In total the command should look like: git format-patch --cover-letter -v3 -7 HEAD Of course you can use any other tools to achieve the same result but as of now - result is not the same. Best regards, Krzysztof From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.6 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63F3AC433F5 for ; Wed, 8 Sep 2021 07:04:51 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3169160F13 for ; Wed, 8 Sep 2021 07:04:51 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3169160F13 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=canonical.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date: Message-ID:From:References:Cc:To:Subject:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=3cxUeEHez1ZRRLG6u1fEDRxaYihZ9qG4s3UO5CZlJXw=; b=YURxJ49bLa7mnUwx42MA/k1msB Oj0QNSwKCCUYETKB0wYuIA6fbE3g4zrQky3kiJkmrMT8SwVThp1JV6rsFPI//uzNcDgXSb/2Ecdff LXEkmwkUxLGFCp10vbB6an36wPhjFmhFETRQY6yNlSwxEn2Ix18udtRh14y+gb0NzutehX16zjk+N AIetYr/NvE8B4sV8aNYpX/H9wHxLUfokLi6EDfM1AULxjw9+/IT5Zlf9Q9Ilgg1A5xcSw06cNxAoK zVS2qdfaeTkRcbjx+6qEv+XUFemYdiOApOEkQVQbv2FjBFpLPPZ3RScTusnprQbeIkC80FQByApV+ gGrRdqAg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mNrak-005i4S-Jc; Wed, 08 Sep 2021 07:01:55 +0000 Received: from smtp-relay-internal-1.canonical.com ([185.125.188.123]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mNrab-005i2t-W2 for linux-arm-kernel@lists.infradead.org; Wed, 08 Sep 2021 07:01:47 +0000 Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 381C13F31F for ; Wed, 8 Sep 2021 07:01:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1631084497; bh=7OsT0XPB+KLnwypcRQ26qkCgD4akJ8q/u9rPuGRcl6M=; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type; b=Qw+NdwZRVNVRT5UI/DEvYtfCw2eqwT8ZkDg+2IWACaCthxWKo5tiupE9FHxyagDeL N4hKCXp4mfgcKYSqL/FEY/w1IvDVWa7HPcVzgfZslomB3Zv/BGIFuMjYmDSppYStWY QE9ztbs7eKY+8PXbK2XgfYMS/J4H/lZbNl0qk/NMY0OiLw/jQWkKUmQdKC4UZyxqxc CCVr3fVlAzu2jc2oNY/7uJbmYYqm/qLra+XRASMLMF3ZAgy3xCGTRKJJk+dt5iiHkp urtCo/U2yVtZLSfH8Fz2WRWry+VhszcxCaxyYC+TRtOGACdmmyl3lu7GObl7dherTJ HNSYPOl/KOn7w== Received: by mail-wr1-f69.google.com with SMTP id 102-20020adf82ef000000b001576e345169so213055wrc.7 for ; Wed, 08 Sep 2021 00:01:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7OsT0XPB+KLnwypcRQ26qkCgD4akJ8q/u9rPuGRcl6M=; b=Hfj0onlO2IiElSVEztNrH0cTUAif8Wy1Cfe46g1fzBmmwxWbhDjbhASSH8eTsj8Z0y v7Ola68PGN9xVQI775JYPBuFVuNLSX+kKIXCULyQFp6AO+UVvFVpSR2KPc4UZtopk4YK 43gbdNXi0nD2WQYHNN1c3oKuQp2WgLfxU3sy0lb0ZEqm5n6pjohvwNFTa1Sy+EohYRMp XiyI4r8ue0xO7z7f2AV+lT1Nwl4kF1T12l2EDUrlo7bes9cj6tx4SZ+giuHPYkIctsq9 tsnoAiT1NF14rqBRzs5C1bx4+fOYQd1KjFAmxg1BlDHpAHa8k1Ro4rOiEFizpC/BsrQ1 SIpg== X-Gm-Message-State: AOAM530kJfRRgxWhEIBpjx1KZ0ItNyCHW1Tmnus7QvF9h4TuyccbNQTH wYsfEw2wk9LUuL4OnI84QEl14LnH2zCR2YyKNPN2PuZS7nBQVXsoiC+cyG0ybjORw35x6ZlFlxG SQgOTxL0nmDuMEritVniETgq8d79RJWyxM/rlUnxdCD5KfTjadF5X X-Received: by 2002:a05:6000:1010:: with SMTP id a16mr2165629wrx.70.1631084486184; Wed, 08 Sep 2021 00:01:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwAmJ4+SOX1o+v7aucWstLZvxDjC7dz0hHMt68cmrHjjVhjdJdEeWBblBfkce0XG8SHHwAphg== X-Received: by 2002:a05:6000:1010:: with SMTP id a16mr2165600wrx.70.1631084485973; Wed, 08 Sep 2021 00:01:25 -0700 (PDT) Received: from [192.168.3.211] ([79.98.113.74]) by smtp.gmail.com with ESMTPSA id o14sm1164596wrg.91.2021.09.08.00.01.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Sep 2021 00:01:25 -0700 (PDT) Subject: Re: [PATCH 0/7] ARM: support THREAD_INFO_IN_TASK (v3) To: Keith Packard , linux-kernel@vger.kernel.org Cc: Abbott Liu , Andrew Morton , Andrey Ryabinin , Anshuman Khandual , Ard Biesheuvel , Arnd Bergmann , Bjorn Andersson , Christoph Lameter , Dennis Zhou , Geert Uytterhoeven , Jens Axboe , Joe Perches , Kees Cook , Linus Walleij , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, Manivannan Sadhasivam , Marc Zyngier , Masahiro Yamada , Mike Rapoport , Nathan Chancellor , Nick Desaulniers , Nick Desaulniers , Nicolas Pitre , Russell King , Tejun Heo , Thomas Gleixner , =?UTF-8?Q?Uwe_Kleine-K=c3=b6nig?= , Valentin Schneider , Viresh Kumar , "Wolfram Sang (Renesas)" , YiFei Zhu References: <20210904060908.1310204-1-keithp@keithp.com> <20210907220038.91021-1-keithpac@amazon.com> From: Krzysztof Kozlowski Message-ID: <2d5e3f95-77ce-cd26-9020-3c1a8a65e799@canonical.com> Date: Wed, 8 Sep 2021 09:01:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20210907220038.91021-1-keithpac@amazon.com> Content-Language: en-US X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210908_000146_234269_D2A51AA0 X-CRM114-Status: GOOD ( 27.89 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 08/09/2021 00:00, Keith Packard wrote: > Placing thread_info in the kernel stack leaves it vulnerable to stack > overflow attacks. This short series addresses that by using the > existing THREAD_INFO_IN_TASK infrastructure. > > This is the third version of this series, in this version the changes > are restricted to hardware which provides the TPIDRPRW register. This > register is repurposed from holding the per_cpu_offset value to > holding the 'current' value as that allows fetching this value > atomically so that it can be used in a preemptable context. > > The series is broken into seven pieces: > > 1) Change the secondary_start_kernel API to receive the cpu > number. This avoids needing to be able to find this value independently in > future patches. > > 2) Change the secondary_start_kernel API to also receive the 'task' > value. Passing the value to this function also avoids needing to > be able to discover it independently. > > 3) A cleanup which avoids assuming that THREAD_INFO_IN_TASK is not set. > > 4) A hack, borrowed from the powerpc arch, which allows locating the 'cpu' > field in either thread_info or task_struct, without requiring linux/sched.h > to be included in asm/smp.h > > 5) Disable the optimization storing per_cpu_offset in TPIDRPRW. This leaves > the register free to hold 'current' instead. > > 6) Use TPIDRPRW for 'current'. This is enabled for either CPU_V6K or CPU_V7, > but not if CPU_V6 is also enabled. > > 7) Enable THREAD_INFO_IN_TASK whenever TPIDRPRW is used to hold 'current'. Hi, Thanks for your patches. This seems to be a v3 but the patches are not marked with it. Use "-v3" in format-patch to get it right. The email here also lacks diffstat which is useful, for example to check whether any maintainer's relevant files are touched here. You can get it with "--cover-letter". In total the command should look like: git format-patch --cover-letter -v3 -7 HEAD Of course you can use any other tools to achieve the same result but as of now - result is not the same. Best regards, Krzysztof _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel