From: Laura Abbott <labbott@redhat.com>
To: Mark Rutland <mark.rutland@arm.com>,
linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com,
will@kernel.org, james.morse@arm.com
Cc: keescook@chromium.org, maz@kernel.org, broonie@kernel.org,
robin.murphy@arm.com, julien.thierry.kdev@gmail.com,
alex.popov@linux.com
Subject: Re: [PATCH 05/17] arm64: entry: add a call_on_stack helper
Date: Thu, 9 Jan 2020 09:30:13 -0500 [thread overview]
Message-ID: <5fdf8bfe-a0a9-350c-e3f5-6621ce4fc564@redhat.com> (raw)
In-Reply-To: <20200108185634.1163-6-mark.rutland@arm.com>
On 1/8/20 1:56 PM, Mark Rutland wrote:
> In some cases, we want to call a function from C code, using an
> alternative stack. Add a helper that we can use in such cases.
>
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: James Morse <james.morse@arm.com>
> Cc: Will Deacon <will@kernel.org>
> ---
> arch/arm64/include/asm/exception.h | 2 ++
> arch/arm64/kernel/entry.S | 21 +++++++++++++++++++++
> 2 files changed, 23 insertions(+)
>
> diff --git a/arch/arm64/include/asm/exception.h b/arch/arm64/include/asm/exception.h
> index b87c6e276ab1..a49038fa4faf 100644
> --- a/arch/arm64/include/asm/exception.h
> +++ b/arch/arm64/include/asm/exception.h
> @@ -31,6 +31,8 @@ static inline u32 disr_to_esr(u64 disr)
> return esr;
> }
>
> +asmlinkage void call_on_stack(struct pt_regs *, void (*)(struct pt_regs *),
> + unsigned long);
> asmlinkage void enter_from_user_mode(void);
> void do_mem_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs);
> void do_sp_pc_abort(unsigned long addr, unsigned int esr, struct pt_regs *regs);
> diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
> index 53ce1877a4aa..184313c773ea 100644
> --- a/arch/arm64/kernel/entry.S
> +++ b/arch/arm64/kernel/entry.S
> @@ -901,6 +901,27 @@ ENTRY(ret_from_fork)
> ENDPROC(ret_from_fork)
> NOKPROBE(ret_from_fork)
>
> +/*
> + * x0 = argument to function
> + * x1 = function to call
> + * x2 = new stack pointer
> + */
> +ENTRY(call_on_stack)
> + /* Create a frame record to save our LR and SP (implicit in FP) */
> + stp x29, x30, [sp, #-16]!
> + mov x29, sp
> +
> + /* Move to the new stack and call the function there */
> + mov sp, x2
> + blr x1
> +
> + /* Restore SP from the FP, FP and LR from the record, and return */
> + mov sp, x29
> + ldp x29, x30, [sp], #16
> + ret
> +ENDPROC(call_on_stack)
> +NOKPROBE(call_on_stack)
> +
> #ifdef CONFIG_ARM_SDE_INTERFACE
>
> #include <asm/sdei.h>
>
I'm a little worried this makes a very tempting gadget for
attackers to use. Maybe future security features will
make this less vulnerable?
Thanks,
Laura
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-01-09 14:31 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-08 18:56 [PATCH 00/17] arm64: entry deasmification and cleanup Mark Rutland
2020-01-08 18:56 ` [PATCH 01/17] arm64: entry: mark all entry code as notrace Mark Rutland
2020-01-09 5:21 ` Anshuman Khandual
2020-01-13 15:44 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 02/17] arm64: entry: cleanup el0 svc handler naming Mark Rutland
2020-01-09 5:33 ` Anshuman Khandual
2020-01-08 18:56 ` [PATCH 03/17] arm64: entry: move arm64_preempt_schedule_irq to entry-common.c Mark Rutland
2020-01-09 5:36 ` Anshuman Khandual
2020-01-08 18:56 ` [PATCH 04/17] arm64: entry: move preempt logic to C Mark Rutland
2020-01-09 6:43 ` Anshuman Khandual
2020-01-09 12:22 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 05/17] arm64: entry: add a call_on_stack helper Mark Rutland
2020-01-09 8:00 ` Anshuman Khandual
2020-01-14 18:24 ` Mark Rutland
2020-01-09 14:30 ` Laura Abbott [this message]
2020-01-09 14:46 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 06/17] arm64: entry: convert irq entry to C Mark Rutland
2020-01-08 18:56 ` [PATCH 07/17] arm64: entry: convert error " Mark Rutland
2020-01-09 9:12 ` Anshuman Khandual
2020-01-09 12:49 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 08/17] arm64: entry: Split el0_sync_compat from el0_sync Mark Rutland
2020-01-09 9:50 ` Anshuman Khandual
2020-01-08 18:56 ` [PATCH 09/17] arm64: entry: organise handler stubs consistently Mark Rutland
2020-01-09 10:01 ` Anshuman Khandual
2020-01-08 18:56 ` [PATCH 10/17] arm64: entry: consolidate EL1 return paths Mark Rutland
2020-01-10 3:39 ` Anshuman Khandual
2020-01-10 16:02 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 11/17] stackleak: allow C to call stackleak_erase() Mark Rutland
2020-01-10 3:45 ` Anshuman Khandual
2020-01-10 16:07 ` Mark Rutland
2020-01-27 23:00 ` Kees Cook
2020-01-08 18:56 ` [PATCH 12/17] arm64: debug-monitors: refactor MDSCR manipulation Mark Rutland
2020-01-10 4:35 ` Anshuman Khandual
2020-01-10 16:09 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 13/17] arm64: entry: move common el0 entry/return work to C Mark Rutland
2020-01-09 15:19 ` Mark Rutland
2020-01-08 18:56 ` [PATCH 14/17] arm64: entry: move NO_SYSCALL setup " Mark Rutland
2020-01-10 5:37 ` Anshuman Khandual
2020-01-08 18:56 ` [PATCH 15/17] arm64: entry: move ARM64_ERRATUM_845719 workaround " Mark Rutland
2020-01-08 18:56 ` [PATCH 16/17] arm64: entry: move ARM64_ERRATUM_1418040 " Mark Rutland
2020-01-08 18:56 ` [PATCH 17/17] arm64: entry: cleanup sp_el0 manipulation Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5fdf8bfe-a0a9-350c-e3f5-6621ce4fc564@redhat.com \
--to=labbott@redhat.com \
--cc=alex.popov@linux.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=robin.murphy@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.