From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09C1BCA9EA0 for ; Tue, 22 Oct 2019 05:55:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C4BDE2089E for ; Tue, 22 Oct 2019 05:55:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="VeZ/77yC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387465AbfJVFyO (ORCPT ); Tue, 22 Oct 2019 01:54:14 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:40694 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725907AbfJVFyO (ORCPT ); Tue, 22 Oct 2019 01:54:14 -0400 Received: by mail-wr1-f67.google.com with SMTP id o28so16461398wro.7 for ; Mon, 21 Oct 2019 22:54:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=VeZ/77yCO2vkRreTdZF0BmlF3aBW7GYN63ztZ+W9IxGlyzot3aZzQG7XNVjBY7A7oD 5ErFNuJigjHDoajFcUUKer2ZNuRvqeRRkKDFwX0d2Zr1W2J0Sitj3DU47jafk1WpqrB9 RO+JgyMPsgCHPUuHfaLf9mhm0FhMWiroTQMq0AMJS2EyfB2q8y2Uj4BUJeCO2gXI9tCY 6QkWiBS+nVx6fiVGxPNCg3OkhqZK5Cxo3moubEo1LbU3pI9Z3P3SLfQSm8r4r1GEdvXM A3I5Jr0ovB215EmWyJbd+kRIvPhHLcOf8Yw0LDZ75fNBWsAH3Ssp+sYWHP4KD/+V8/GQ /NvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=ftdtM3efjZDG7mkFycUdEdO+nCBShvaB6ztNGjD7EDFWxWIGGm74ZS9SQ0KSmQxCoi xh+WvVrkf/PnRjaEQkC9Ix4vWI+HKkHEw0jZEZ50u8N4md9xeqrIHd8dWEcGtH+Dt7US Rzv412rvC0OI0NLn+9dDzbSmcU15CiFsEw1KtqB9WVsvsc+K55PKBZ0vBPoYum72waEh +QUtXy8lHbRX1QihB+2hchDl/dCFpDrkithS7yCTU+nAjuqKXlzf0e9V2UHHpfLuoTWV gs4SSI5wgnmw7slzSnyZcsHRxcvrhwhJ/F6Lc7Z1qcNvs9FfWGwTf/a7sl2KplfRcc1q 579w== X-Gm-Message-State: APjAAAUO+/8PSMwcgGteVjv1uZtilF9EAYSVr5wBBoCpzuFTJVdZO6Y8 oJ7iPgBG+amXvRDme1CQGZFHOI6cEpzZ8cWwjJj25g== X-Google-Smtp-Source: APXvYqwrYnGYkoL34VBIT6H+JNjJm/uZwOLCkW8JDJj+1Q/w7n/LWtklQn1YWpTuz0AHRX28UXgTzenaMPN3dF2ZvS4= X-Received: by 2002:adf:9f08:: with SMTP id l8mr1573796wrf.325.1571723652654; Mon, 21 Oct 2019 22:54:12 -0700 (PDT) MIME-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20191018161033.261971-15-samitolvanen@google.com> In-Reply-To: From: Ard Biesheuvel Date: Tue, 22 Oct 2019 07:54:07 +0200 Message-ID: Subject: Re: [PATCH 14/18] arm64: efi: restore x18 if it was corrupted To: Sami Tolvanen Cc: Will Deacon , Catalin Marinas , Steven Rostedt , Dave Martin , Kees Cook , Laura Abbott , Mark Rutland , Nick Desaulniers , clang-built-linux , Kernel Hardening , linux-arm-kernel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 22 Oct 2019 at 00:40, Sami Tolvanen wrote: > > On Sun, Oct 20, 2019 at 11:20 PM Ard Biesheuvel > wrote: > > You'll have to elaborate a bit here and explain that this is > > sufficient, given that we run EFI runtime services with interrupts > > enabled. > > I can add a note about this in v2. This is called with preemption > disabled and we have a separate interrupt shadow stack, so as far as I > can tell, this should be sufficient. Did you have concerns about this? > No concerns, but we should put the above clarification in the commit log. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FFDFCA9EA0 for ; Tue, 22 Oct 2019 05:54:19 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4B16B2089E for ; Tue, 22 Oct 2019 05:54:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pHflEsS6"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="VeZ/77yC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4B16B2089E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=yQeGi0x1Hb/VhMEIDFpv8KBkGrDgCivLWjG9ZeEpvlc=; b=pHflEsS6+OB3Yq y8FT4uM6mIVBOasJCpU9sg1Wb4yjqp0qWmSurQGFtRxJ2zB/fKLRN9TgeYkRUeuj7ZUHQT2m/Fc0t 7xgVfG2pQYW4AbvpDMhD+JK4D7Nj6H3+GSyl4zOF7kn0PSRJ6dqUf84DrD+MsAkvOKOltrq1Bu/uC /lbKdtT0zU3H3fO+IuRTmz/JBuKr54CWhA0+gOazD+FIbKgX/XYI0cTs050kCJ7HBxcTjAHR17EFd 84dZsfT4F5IDjO5I6Szfv624yL9ptRHEBj/Zbi744/2Z5kvjLa6vGsMNCqVS07dbT1CgA8FMo63rm /DVtSv8xrDjFC4tWvT7Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iMn7a-00017Q-17; Tue, 22 Oct 2019 05:54:18 +0000 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1iMn7W-000126-QT for linux-arm-kernel@lists.infradead.org; Tue, 22 Oct 2019 05:54:16 +0000 Received: by mail-wr1-x441.google.com with SMTP id q13so11485124wrs.12 for ; Mon, 21 Oct 2019 22:54:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=VeZ/77yCO2vkRreTdZF0BmlF3aBW7GYN63ztZ+W9IxGlyzot3aZzQG7XNVjBY7A7oD 5ErFNuJigjHDoajFcUUKer2ZNuRvqeRRkKDFwX0d2Zr1W2J0Sitj3DU47jafk1WpqrB9 RO+JgyMPsgCHPUuHfaLf9mhm0FhMWiroTQMq0AMJS2EyfB2q8y2Uj4BUJeCO2gXI9tCY 6QkWiBS+nVx6fiVGxPNCg3OkhqZK5Cxo3moubEo1LbU3pI9Z3P3SLfQSm8r4r1GEdvXM A3I5Jr0ovB215EmWyJbd+kRIvPhHLcOf8Yw0LDZ75fNBWsAH3Ssp+sYWHP4KD/+V8/GQ /NvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=axtccDvH+H4hRHCj8sAAcTv/lrpxGOlcWrSpERgVq5RLrwJlhvlWNP+sVQtq8fZ3qW 5yE3axxq6yq33xduxuK34FqtDYlW/kra881zP9mP1dEXzJcoqjl5v7fVo10GSzsyQsUZ OmokUIrtoM5KS+1uUuBZ1cVPzi6oIDNOo9nYDZ2ROmtAEq+MbJ8oSB/zSAcdhH2zmo4X vxm6RwgVf70/3GdzKoaP3Wxu1hbj0YBJXDN4rqvwpsUKy8RjDtfdyIFLUYJYoBSlLA3q 7vSIzsSG2R+6l+qUnccuqwX0Vl+dDGQLep3pLXoMcNzKfyTMxU5k20V+WMtlRND/LoPh b5VQ== X-Gm-Message-State: APjAAAVUmi+aab16JNDAx67XB8hrTXy+sKQ+RUa1R9BLCiUYVSJFNWnZ T7c1+FniqXeSQD7M2ymZj6kZ3rQ5JNQlNcs9z6rX2w== X-Google-Smtp-Source: APXvYqwrYnGYkoL34VBIT6H+JNjJm/uZwOLCkW8JDJj+1Q/w7n/LWtklQn1YWpTuz0AHRX28UXgTzenaMPN3dF2ZvS4= X-Received: by 2002:adf:9f08:: with SMTP id l8mr1573796wrf.325.1571723652654; Mon, 21 Oct 2019 22:54:12 -0700 (PDT) MIME-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20191018161033.261971-15-samitolvanen@google.com> In-Reply-To: From: Ard Biesheuvel Date: Tue, 22 Oct 2019 07:54:07 +0200 Message-ID: Subject: Re: [PATCH 14/18] arm64: efi: restore x18 if it was corrupted To: Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20191021_225414_868090_4EB55257 X-CRM114-Status: GOOD ( 12.29 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Kernel Hardening , Catalin Marinas , Nick Desaulniers , Linux Kernel Mailing List , Steven Rostedt , clang-built-linux , Laura Abbott , Will Deacon , Dave Martin , linux-arm-kernel Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, 22 Oct 2019 at 00:40, Sami Tolvanen wrote: > > On Sun, Oct 20, 2019 at 11:20 PM Ard Biesheuvel > wrote: > > You'll have to elaborate a bit here and explain that this is > > sufficient, given that we run EFI runtime services with interrupts > > enabled. > > I can add a note about this in v2. This is called with preemption > disabled and we have a separate interrupt shadow stack, so as far as I > can tell, this should be sufficient. Did you have concerns about this? > No concerns, but we should put the above clarification in the commit log. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7E7C5CA9EA0 for ; Tue, 22 Oct 2019 05:54:32 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id C7D9220B7C for ; Tue, 22 Oct 2019 05:54:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="VeZ/77yC" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C7D9220B7C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17084-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 17816 invoked by uid 550); 22 Oct 2019 05:54:24 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 17798 invoked from network); 22 Oct 2019 05:54:24 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=VeZ/77yCO2vkRreTdZF0BmlF3aBW7GYN63ztZ+W9IxGlyzot3aZzQG7XNVjBY7A7oD 5ErFNuJigjHDoajFcUUKer2ZNuRvqeRRkKDFwX0d2Zr1W2J0Sitj3DU47jafk1WpqrB9 RO+JgyMPsgCHPUuHfaLf9mhm0FhMWiroTQMq0AMJS2EyfB2q8y2Uj4BUJeCO2gXI9tCY 6QkWiBS+nVx6fiVGxPNCg3OkhqZK5Cxo3moubEo1LbU3pI9Z3P3SLfQSm8r4r1GEdvXM A3I5Jr0ovB215EmWyJbd+kRIvPhHLcOf8Yw0LDZ75fNBWsAH3Ssp+sYWHP4KD/+V8/GQ /NvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=70+N4pxkreRk5D8qTuATktL5M/ApNQm1mVe3QKo4Ow8=; b=EpdySz5Qu3YgUZnjUhgvxGApR9MwmXJcmJoTnQ5RAiqLna/jHpLNQ4ei2kvhIg+8KU SJ5s0n6aXA6+0eq/9DJxUYQE2E3O+vPq5pGB/V64oi6UQak81y4pXXLxSxzzTXHE+Jic od1Bkw9VE3/6OCWeyVQ+u7A96/lTVQVj2mYcGjg/HpLE+F12UbYjxZaAJnhN0+SNZAwS idqVKYr3N1AwZMIxAEYiWo9t/mu7JSd5cD7ex797XlkWZXWQH+UBmHAQV+Bl6k/WSaU2 PwM1DXJ0ZtF9tyL53+Rw56D9tdrob/dpE4Y7VnfhK4JoP/VFlke25VMZeMoZnVDkx5PV RtXg== X-Gm-Message-State: APjAAAVPf4T1Eo5SLtMpD345cFTmnkO6PMyawsy/+bnJbScZZ4+0Uo9s jJBdH++Y+BbWGYbS9jvvmHESAAzt69wGomBFWjAe3g== X-Google-Smtp-Source: APXvYqwrYnGYkoL34VBIT6H+JNjJm/uZwOLCkW8JDJj+1Q/w7n/LWtklQn1YWpTuz0AHRX28UXgTzenaMPN3dF2ZvS4= X-Received: by 2002:adf:9f08:: with SMTP id l8mr1573796wrf.325.1571723652654; Mon, 21 Oct 2019 22:54:12 -0700 (PDT) MIME-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20191018161033.261971-15-samitolvanen@google.com> In-Reply-To: From: Ard Biesheuvel Date: Tue, 22 Oct 2019 07:54:07 +0200 Message-ID: Subject: Re: [PATCH 14/18] arm64: efi: restore x18 if it was corrupted To: Sami Tolvanen Cc: Will Deacon , Catalin Marinas , Steven Rostedt , Dave Martin , Kees Cook , Laura Abbott , Mark Rutland , Nick Desaulniers , clang-built-linux , Kernel Hardening , linux-arm-kernel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" On Tue, 22 Oct 2019 at 00:40, Sami Tolvanen wrote: > > On Sun, Oct 20, 2019 at 11:20 PM Ard Biesheuvel > wrote: > > You'll have to elaborate a bit here and explain that this is > > sufficient, given that we run EFI runtime services with interrupts > > enabled. > > I can add a note about this in v2. This is called with preemption > disabled and we have a separate interrupt shadow stack, so as far as I > can tell, this should be sufficient. Did you have concerns about this? > No concerns, but we should put the above clarification in the commit log.