From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-11.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,
	SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 018ACC87FD9
	for <linux-kernel@archiver.kernel.org>; Thu,  2 Sep 2021 16:25:58 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 3522F617E6
	for <linux-kernel@archiver.kernel.org>; Thu,  2 Sep 2021 16:18:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346315AbhIBQTm (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Thu, 2 Sep 2021 12:19:42 -0400
Received: from mail.kernel.org ([198.145.29.99]:54174 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1346300AbhIBQTk (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 2 Sep 2021 12:19:40 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 778E46187D;
        Thu,  2 Sep 2021 16:18:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1630599521;
        bh=JcYHOKNx0hNjqmpLEEHso3KVVidsGV0+VqdBVx4KJ+E=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=a6+vJTGRHe9Xk+46Babj4Gu37PjdCTzZYp0DfDtkOJqquwkr/5mOPt4qdYrECoU8t
         49oSyyN+AzKd/DqIfJ7DlWYaJJrRlGox7+furvQdwPKa66x9Te8SlUFYGKH+SCgb7o
         uNTQcaDM5ZWsyxuoR8pdw1g2F7At4e3p1XAQO145v1W5/+g6LTxWNEONuFXdbEpbkv
         jv6ZNJrcDavta44h8cPv1I6sjItQ1f/mzsAKR/dnB/AJgvgq/lkReFAhaLWvTmiOsF
         xdYsndBmLwUTtVzBXMQnoVNjY1SqfANX4zVIHMaeL8xtf97NFimFW2Tt36qW3MtCzT
         j1JEI1UPDLqPQ==
Received: by mail-ot1-f54.google.com with SMTP id i3-20020a056830210300b0051af5666070so3200908otc.4;
        Thu, 02 Sep 2021 09:18:41 -0700 (PDT)
X-Gm-Message-State: AOAM530NEJklET1K1auVD1gnvWx6mwsyR0aN/tJdaWxGQPNbQcIqf0ly
        C9e5xQi85MTlqOc2lwuQ/Ve7b5hIZpexuWtOUKI=
X-Google-Smtp-Source: ABdhPJxfaiUX2hrLyMECVCPFUe0KB68VWCzNVh8WiWCsq55R8cwzjxP/YB85hPhk+fGyzUWOXODcvPEpwiPMUcAX4EE=
X-Received: by 2002:a05:6830:444:: with SMTP id d4mr3261443otc.108.1630599520694;
 Thu, 02 Sep 2021 09:18:40 -0700 (PDT)
MIME-Version: 1.0
References: <20210902155429.3987201-1-keithp@keithp.com> <202109020904.976207C@keescook>
In-Reply-To: <202109020904.976207C@keescook>
From:   Ard Biesheuvel <ardb@kernel.org>
Date:   Thu, 2 Sep 2021 18:18:29 +0200
X-Gmail-Original-Message-ID: <CAMj1kXGfQuEFOh79TZ089+9eP4S5svWgTMbZLugmD8Hq9b=fMQ@mail.gmail.com>
Message-ID: <CAMj1kXGfQuEFOh79TZ089+9eP4S5svWgTMbZLugmD8Hq9b=fMQ@mail.gmail.com>
Subject: Re: [PATCH 0/2]: ARM: Enable THREAD_INFO_IN_TASK
To:     Kees Cook <keescook@chromium.org>
Cc:     Keith Packard <keithp@keithp.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Abbott Liu <liuwenliang@huawei.com>,
        Alexander Sverdlin <alexander.sverdlin@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Andrew Morton <akpm@linux-foundation.org>,
        Anshuman Khandual <anshuman.khandual@arm.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Bjorn Andersson <bjorn.andersson@linaro.org>,
        Florian Fainelli <f.fainelli@gmail.com>,
        Geert Uytterhoeven <geert+renesas@glider.be>,
        Hartley Sweeten <hsweeten@visionengravers.com>,
        Jens Axboe <axboe@kernel.dk>, Jian Cai <jiancai@google.com>,
        Joe Perches <joe@perches.com>,
        Linus Walleij <linus.walleij@linaro.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        Maninder Singh <maninder1.s@samsung.com>,
        Manivannan Sadhasivam <mani@kernel.org>,
        Marc Zyngier <maz@kernel.org>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Mike Rapoport <rppt@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Nick Desaulniers <ndesaulniers@gooogle.com>,
        Nicolas Pitre <nico@fluxnic.net>,
        Peter Zijlstra <peterz@infradead.org>,
        Russell King <linux@armlinux.org.uk>,
        Thomas Gleixner <tglx@linutronix.de>,
        =?UTF-8?Q?Uwe_Kleine=2DK=C3=B6nig?= 
        <u.kleine-koenig@pengutronix.de>,
        Valentin Schneider <valentin.schneider@arm.com>,
        Vaneet Narang <v.narang@samsung.com>,
        "Wolfram Sang (Renesas)" <wsa+renesas@sang-engineering.com>,
        YiFei Zhu <yifeifz2@illinois.edu>,
        Keith Packard <keithpac@amazon.com>,
        linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 2 Sept 2021 at 18:07, Kees Cook <keescook@chromium.org> wrote:
>
> On Thu, Sep 02, 2021 at 08:54:26AM -0700, Keith Packard wrote:
> > Placing thread_info in the kernel stack leaves it vulnerable to stack
> > overflow attacks. This short series addresses that by using the
> > existing THREAD_INFO_IN_TASK infrastructure.
>
> Very cool! Thanks for working on this. If you want, you can refer to the
> KSPP bug for this too:
> https://github.com/KSPP/linux/issues/1
>
> (Anyone want to do MIPS?)
>

I take it this breaks the GCC plugin based per-task stack protector,
given that it emits code to mask the stack pointer and apply an offset
to the resulting value.

It would be nice if we could replace this with something suitable for
THREAD_INFO_IN_TASK, and if it is suitable enough, try and get the
GCC/Clang folks to adopt it as well (which was never going to happen
for the stack pointer mask/offset approach)

Where can I find these patches? I don't see them on linux-arm-kernel@

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=4Iqm=NY=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_HELO_NONE,
	SPF_PASS autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EC234C87FD5
	for <linux-arm-kernel@archiver.kernel.org>; Thu,  2 Sep 2021 16:25:57 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 6D2C1619E0
	for <linux-arm-kernel@archiver.kernel.org>; Thu,  2 Sep 2021 16:20:39 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 6D2C1619E0
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:
	In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=tskSx7OhpZawl1X42xhQtWG8lu6qgbZQdKe5Kyb/zj4=; b=DuSfsROGW8saSB
	ey4cCbsfzWx6dntLo9grIRAnmKpEvpasVr1eBRkpegRNlVGMnFGfowKqMH0hH526hFRodO96tN0N1
	9jd8vVGTyX3aDwVEPLrLkzXpDEFVuhgxXUymunra1h1dhXOEV4MnaTTT/YGlIWa5QYph+0NDGb9yT
	1h19CRmtTOX2hhUcgZUnQEH1jSK4yBkcWeNlD0ppaFurwZOmhfmtK0/ZRExWelkNnlO4HtRV6/I9m
	2/DuPaC/mp1wMPvibWzTv5lfhSoN2i3oJYf4vLwTnYKvH5IsxIHKmuazks39gt8grB7FToWVcXp0z
	vc5p8XSx6KEWQuyOB0tA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mLpQM-009yYJ-Al; Thu, 02 Sep 2021 16:18:46 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mLpQI-009yY0-DZ
 for linux-arm-kernel@lists.infradead.org; Thu, 02 Sep 2021 16:18:43 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id 9D35161880
 for <linux-arm-kernel@lists.infradead.org>;
 Thu,  2 Sep 2021 16:18:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1630599521;
 bh=JcYHOKNx0hNjqmpLEEHso3KVVidsGV0+VqdBVx4KJ+E=;
 h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
 b=a6+vJTGRHe9Xk+46Babj4Gu37PjdCTzZYp0DfDtkOJqquwkr/5mOPt4qdYrECoU8t
 49oSyyN+AzKd/DqIfJ7DlWYaJJrRlGox7+furvQdwPKa66x9Te8SlUFYGKH+SCgb7o
 uNTQcaDM5ZWsyxuoR8pdw1g2F7At4e3p1XAQO145v1W5/+g6LTxWNEONuFXdbEpbkv
 jv6ZNJrcDavta44h8cPv1I6sjItQ1f/mzsAKR/dnB/AJgvgq/lkReFAhaLWvTmiOsF
 xdYsndBmLwUTtVzBXMQnoVNjY1SqfANX4zVIHMaeL8xtf97NFimFW2Tt36qW3MtCzT
 j1JEI1UPDLqPQ==
Received: by mail-ot1-f48.google.com with SMTP id
 m7-20020a9d4c87000000b0051875f56b95so3184183otf.6
 for <linux-arm-kernel@lists.infradead.org>;
 Thu, 02 Sep 2021 09:18:41 -0700 (PDT)
X-Gm-Message-State: AOAM5330zecY660MWOyYXt4ivlGzdvEs6chGeId6Bu7za5e+ed6kRqRl
 tROB+t76QBJ0FBV18WWir7c1EjY9O55FpjPuXF4=
X-Google-Smtp-Source: ABdhPJxfaiUX2hrLyMECVCPFUe0KB68VWCzNVh8WiWCsq55R8cwzjxP/YB85hPhk+fGyzUWOXODcvPEpwiPMUcAX4EE=
X-Received: by 2002:a05:6830:444:: with SMTP id
 d4mr3261443otc.108.1630599520694; 
 Thu, 02 Sep 2021 09:18:40 -0700 (PDT)
MIME-Version: 1.0
References: <20210902155429.3987201-1-keithp@keithp.com>
 <202109020904.976207C@keescook>
In-Reply-To: <202109020904.976207C@keescook>
From: Ard Biesheuvel <ardb@kernel.org>
Date: Thu, 2 Sep 2021 18:18:29 +0200
X-Gmail-Original-Message-ID: <CAMj1kXGfQuEFOh79TZ089+9eP4S5svWgTMbZLugmD8Hq9b=fMQ@mail.gmail.com>
Message-ID: <CAMj1kXGfQuEFOh79TZ089+9eP4S5svWgTMbZLugmD8Hq9b=fMQ@mail.gmail.com>
Subject: Re: [PATCH 0/2]: ARM: Enable THREAD_INFO_IN_TASK
To: Kees Cook <keescook@chromium.org>
Cc: Keith Packard <keithp@keithp.com>, 
 Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 Abbott Liu <liuwenliang@huawei.com>, 
 Alexander Sverdlin <alexander.sverdlin@gmail.com>,
 Al Viro <viro@zeniv.linux.org.uk>, 
 Andrew Morton <akpm@linux-foundation.org>,
 Anshuman Khandual <anshuman.khandual@arm.com>, 
 Arnd Bergmann <arnd@arndb.de>, Bjorn Andersson <bjorn.andersson@linaro.org>, 
 Florian Fainelli <f.fainelli@gmail.com>,
 Geert Uytterhoeven <geert+renesas@glider.be>, 
 Hartley Sweeten <hsweeten@visionengravers.com>, Jens Axboe <axboe@kernel.dk>, 
 Jian Cai <jiancai@google.com>, Joe Perches <joe@perches.com>, 
 Linus Walleij <linus.walleij@linaro.org>,
 Linux ARM <linux-arm-kernel@lists.infradead.org>, 
 Maninder Singh <maninder1.s@samsung.com>,
 Manivannan Sadhasivam <mani@kernel.org>, Marc Zyngier <maz@kernel.org>, 
 Masahiro Yamada <masahiroy@kernel.org>, Mike Rapoport <rppt@kernel.org>, 
 Nick Desaulniers <ndesaulniers@google.com>,
 Nick Desaulniers <ndesaulniers@gooogle.com>, 
 Nicolas Pitre <nico@fluxnic.net>, Peter Zijlstra <peterz@infradead.org>, 
 Russell King <linux@armlinux.org.uk>, Thomas Gleixner <tglx@linutronix.de>, 
 =?UTF-8?Q?Uwe_Kleine=2DK=C3=B6nig?= <u.kleine-koenig@pengutronix.de>, 
 Valentin Schneider <valentin.schneider@arm.com>,
 Vaneet Narang <v.narang@samsung.com>, 
 "Wolfram Sang (Renesas)" <wsa+renesas@sang-engineering.com>,
 YiFei Zhu <yifeifz2@illinois.edu>, 
 Keith Packard <keithpac@amazon.com>, linux-hardening@vger.kernel.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210902_091842_531423_80FD0838 
X-CRM114-Status: GOOD (  22.43  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Thu, 2 Sept 2021 at 18:07, Kees Cook <keescook@chromium.org> wrote:
>
> On Thu, Sep 02, 2021 at 08:54:26AM -0700, Keith Packard wrote:
> > Placing thread_info in the kernel stack leaves it vulnerable to stack
> > overflow attacks. This short series addresses that by using the
> > existing THREAD_INFO_IN_TASK infrastructure.
>
> Very cool! Thanks for working on this. If you want, you can refer to the
> KSPP bug for this too:
> https://github.com/KSPP/linux/issues/1
>
> (Anyone want to do MIPS?)
>

I take it this breaks the GCC plugin based per-task stack protector,
given that it emits code to mask the stack pointer and apply an offset
to the resulting value.

It would be nice if we could replace this with something suitable for
THREAD_INFO_IN_TASK, and if it is suitable enough, try and get the
GCC/Clang folks to adopt it as well (which was never going to happen
for the stack pointer mask/offset approach)

Where can I find these patches? I don't see them on linux-arm-kernel@

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel