From: Nick Desaulniers <ndesaulniers@google.com> To: Sami Tolvanen <samitolvanen@google.com> Cc: Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>, Steven Rostedt <rostedt@goodmis.org>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, Dave Martin <Dave.Martin@arm.com>, Kees Cook <keescook@chromium.org>, Laura Abbott <labbott@redhat.com>, Mark Rutland <mark.rutland@arm.com>, clang-built-linux <clang-built-linux@googlegroups.com>, kernel-hardening@lists.openwall.com, Linux ARM <linux-arm-kernel@lists.infradead.org>, LKML <linux-kernel@vger.kernel.org>, Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> Subject: Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS) Date: Fri, 18 Oct 2019 10:08:37 -0700 Message-ID: <CAKwvOd=z3RxvJeNV1sBE=Y1b6HgXdnT4M9bwMrUNZcvcSOqwTw@mail.gmail.com> (raw) In-Reply-To: <20191018161033.261971-7-samitolvanen@google.com> On Fri, Oct 18, 2019 at 9:11 AM Sami Tolvanen <samitolvanen@google.com> wrote: > > This change adds generic support for Clang's Shadow Call Stack, which > uses a shadow stack to protect return addresses from being overwritten > by an attacker. Details are available here: > > https://clang.llvm.org/docs/ShadowCallStack.html > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com> > --- > Makefile | 6 ++ > arch/Kconfig | 39 ++++++++ > include/linux/compiler-clang.h | 2 + > include/linux/compiler_types.h | 4 + > include/linux/scs.h | 88 ++++++++++++++++++ > init/init_task.c | 6 ++ > init/main.c | 3 + > kernel/Makefile | 1 + > kernel/fork.c | 9 ++ > kernel/sched/core.c | 2 + > kernel/sched/sched.h | 1 + > kernel/scs.c | 162 +++++++++++++++++++++++++++++++++ > 12 files changed, 323 insertions(+) > create mode 100644 include/linux/scs.h > create mode 100644 kernel/scs.c > > diff --git a/Makefile b/Makefile > index ffd7a912fc46..e401fa500f62 100644 > --- a/Makefile > +++ b/Makefile > @@ -846,6 +846,12 @@ ifdef CONFIG_LIVEPATCH > KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone) > endif > > +ifdef CONFIG_SHADOW_CALL_STACK > +KBUILD_CFLAGS += -fsanitize=shadow-call-stack > +DISABLE_SCS := -fno-sanitize=shadow-call-stack > +export DISABLE_SCS > +endif > + > # arch Makefile may override CC so keep this after arch Makefile is included > NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include) > > diff --git a/arch/Kconfig b/arch/Kconfig > index 5f8a5d84dbbe..a222adda8130 100644 > --- a/arch/Kconfig > +++ b/arch/Kconfig > @@ -521,6 +521,45 @@ config STACKPROTECTOR_STRONG > about 20% of all kernel functions, which increases the kernel code > size by about 2%. > > +config ARCH_SUPPORTS_SHADOW_CALL_STACK > + bool > + help > + An architecture should select this if it supports Clang's Shadow > + Call Stack, has asm/scs.h, and implements runtime support for shadow > + stack switching. > + > +config SHADOW_CALL_STACK_VMAP > + def_bool n > + depends on SHADOW_CALL_STACK > + help > + Use virtually mapped shadow call stacks. Selecting this option > + provides better stack exhaustion protection, but increases per-thread > + memory consumption as a full page is allocated for each shadow stack. > + > +choice > + prompt "Return-oriented programming (ROP) protection" > + default ROP_PROTECTION_NONE > + help > + This option controls kernel protections against return-oriented > + programming (ROP) attacks. > + > +config ROP_PROTECTION_NONE > + bool "None" > + > +config SHADOW_CALL_STACK > + bool "Clang Shadow Call Stack" > + depends on ARCH_SUPPORTS_SHADOW_CALL_STACK > + depends on CC_IS_CLANG && CLANG_VERSION >= 70000 Version check LGTM. > + help > + This option enables Clang's Shadow Call Stack, which uses a shadow > + stack to protect function return addresses from being overwritten by > + an attacker. More information can be found from Clang's > + documentation: > + > + https://clang.llvm.org/docs/ShadowCallStack.html > + > +endchoice > + > config HAVE_ARCH_WITHIN_STACK_FRAMES > bool > help > diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h > index 333a6695a918..9af08391f205 100644 > --- a/include/linux/compiler-clang.h > +++ b/include/linux/compiler-clang.h > @@ -42,3 +42,5 @@ > * compilers, like ICC. > */ > #define barrier() __asm__ __volatile__("" : : : "memory") > + > +#define __noscs __attribute__((no_sanitize("shadow-call-stack"))) It looks like this attribute, (and thus a requirement to use this feature), didn't exist until Clang 7.0: https://godbolt.org/z/p9u1we (as noted above) I think it's better to put __noscs behind a __has_attribute guard in include/linux/compiler_attributes.h. Otherwise, what will happen when Clang 6.0 sees __noscs, for example? (-Wunknown-sanitizers will happen). > diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h > index 72393a8c1a6c..be5d5be4b1ae 100644 > --- a/include/linux/compiler_types.h > +++ b/include/linux/compiler_types.h > @@ -202,6 +202,10 @@ struct ftrace_likely_data { > # define randomized_struct_fields_end > #endif > > +#ifndef __noscs > +# define __noscs > +#endif > + and then this can be removed. > #ifndef asm_volatile_goto > #define asm_volatile_goto(x...) asm goto(x) > #endif > diff --git a/include/linux/scs.h b/include/linux/scs.h > new file mode 100644 > index 000000000000..dfbd80faa528 > --- /dev/null > +++ b/include/linux/scs.h > @@ -0,0 +1,88 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +/* > + * Shadow Call Stack support. > + * > + * Copyright (C) 2018 Google LLC > + */ > + > +#ifndef _LINUX_SCS_H > +#define _LINUX_SCS_H > + > +#include <linux/gfp.h> > +#include <linux/sched.h> > +#include <asm/page.h> > + > +#ifdef CONFIG_SHADOW_CALL_STACK > + > +#ifdef CONFIG_SHADOW_CALL_STACK_VMAP > +# define SCS_SIZE PAGE_SIZE > +#else > +# define SCS_SIZE 1024 > +#endif > + > +#define SCS_GFP (GFP_KERNEL | __GFP_ZERO) > + > +extern unsigned long init_shadow_call_stack[]; > + > +static inline void *task_scs(struct task_struct *tsk) > +{ > + return task_thread_info(tsk)->shadow_call_stack; > +} > + > +static inline void task_set_scs(struct task_struct *tsk, void *s) > +{ > + task_thread_info(tsk)->shadow_call_stack = s; > +} > + > +extern void scs_init(void); > +extern void scs_set_init_magic(struct task_struct *tsk); > +extern void scs_task_init(struct task_struct *tsk); > +extern void scs_task_reset(struct task_struct *tsk); > +extern int scs_prepare(struct task_struct *tsk, int node); > +extern bool scs_corrupted(struct task_struct *tsk); > +extern void scs_release(struct task_struct *tsk); > + > +#else /* CONFIG_SHADOW_CALL_STACK */ > + > +static inline void *task_scs(struct task_struct *tsk) > +{ > + return 0; > +} > + > +static inline void task_set_scs(struct task_struct *tsk, void *s) > +{ > +} > + > +static inline void scs_init(void) > +{ > +} > + > +static inline void scs_set_init_magic(struct task_struct *tsk) > +{ > +} > + > +static inline void scs_task_init(struct task_struct *tsk) > +{ > +} > + > +static inline void scs_task_reset(struct task_struct *tsk) > +{ > +} > + > +static inline int scs_prepare(struct task_struct *tsk, int node) > +{ > + return 0; > +} > + > +static inline bool scs_corrupted(struct task_struct *tsk) > +{ > + return false; > +} > + > +static inline void scs_release(struct task_struct *tsk) > +{ > +} > + > +#endif /* CONFIG_SHADOW_CALL_STACK */ > + > +#endif /* _LINUX_SCS_H */ > diff --git a/init/init_task.c b/init/init_task.c > index 9e5cbe5eab7b..5e55ff45bbbf 100644 > --- a/init/init_task.c > +++ b/init/init_task.c > @@ -11,6 +11,7 @@ > #include <linux/mm.h> > #include <linux/audit.h> > #include <linux/numa.h> > +#include <linux/scs.h> > > #include <asm/pgtable.h> > #include <linux/uaccess.h> > @@ -184,6 +185,11 @@ struct task_struct init_task > }; > EXPORT_SYMBOL(init_task); > > +#ifdef CONFIG_SHADOW_CALL_STACK > +unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] > + __init_task_data __aligned(SCS_SIZE); > +#endif > + > /* > * Initial thread structure. Alignment of this is handled by a special > * linker map entry. > diff --git a/init/main.c b/init/main.c > index 91f6ebb30ef0..fb8bcdd729b9 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -93,6 +93,7 @@ > #include <linux/rodata_test.h> > #include <linux/jump_label.h> > #include <linux/mem_encrypt.h> > +#include <linux/scs.h> > > #include <asm/io.h> > #include <asm/bugs.h> > @@ -578,6 +579,8 @@ asmlinkage __visible void __init start_kernel(void) > char *after_dashes; > > set_task_stack_end_magic(&init_task); > + scs_set_init_magic(&init_task); > + > smp_setup_processor_id(); > debug_objects_early_init(); > > diff --git a/kernel/Makefile b/kernel/Makefile > index daad787fb795..313dbd44d576 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -102,6 +102,7 @@ obj-$(CONFIG_TRACEPOINTS) += trace/ > obj-$(CONFIG_IRQ_WORK) += irq_work.o > obj-$(CONFIG_CPU_PM) += cpu_pm.o > obj-$(CONFIG_BPF) += bpf/ > +obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o > > obj-$(CONFIG_PERF_EVENTS) += events/ > > diff --git a/kernel/fork.c b/kernel/fork.c > index bcdf53125210..ae7ebe9f0586 100644 > --- a/kernel/fork.c > +++ b/kernel/fork.c > @@ -94,6 +94,7 @@ > #include <linux/livepatch.h> > #include <linux/thread_info.h> > #include <linux/stackleak.h> > +#include <linux/scs.h> > > #include <asm/pgtable.h> > #include <asm/pgalloc.h> > @@ -451,6 +452,8 @@ void put_task_stack(struct task_struct *tsk) > > void free_task(struct task_struct *tsk) > { > + scs_release(tsk); > + > #ifndef CONFIG_THREAD_INFO_IN_TASK > /* > * The task is finally done with both the stack and thread_info, > @@ -834,6 +837,8 @@ void __init fork_init(void) > NULL, free_vm_stack_cache); > #endif > > + scs_init(); > + > lockdep_init_task(&init_task); > uprobes_init(); > } > @@ -907,6 +912,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node) > clear_user_return_notifier(tsk); > clear_tsk_need_resched(tsk); > set_task_stack_end_magic(tsk); > + scs_task_init(tsk); > > #ifdef CONFIG_STACKPROTECTOR > tsk->stack_canary = get_random_canary(); > @@ -2022,6 +2028,9 @@ static __latent_entropy struct task_struct *copy_process( > args->tls); > if (retval) > goto bad_fork_cleanup_io; > + retval = scs_prepare(p, node); > + if (retval) > + goto bad_fork_cleanup_thread; > > stackleak_task_init(p); > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > index dd05a378631a..e7faeb383008 100644 > --- a/kernel/sched/core.c > +++ b/kernel/sched/core.c > @@ -6013,6 +6013,8 @@ void init_idle(struct task_struct *idle, int cpu) > raw_spin_lock_irqsave(&idle->pi_lock, flags); > raw_spin_lock(&rq->lock); > > + scs_task_reset(idle); > + > __sched_fork(0, idle); > idle->state = TASK_RUNNING; > idle->se.exec_start = sched_clock(); > diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h > index 0db2c1b3361e..c153003a011c 100644 > --- a/kernel/sched/sched.h > +++ b/kernel/sched/sched.h > @@ -58,6 +58,7 @@ > #include <linux/profile.h> > #include <linux/psi.h> > #include <linux/rcupdate_wait.h> > +#include <linux/scs.h> > #include <linux/security.h> > #include <linux/stop_machine.h> > #include <linux/suspend.h> > diff --git a/kernel/scs.c b/kernel/scs.c > new file mode 100644 > index 000000000000..47324e8d313b > --- /dev/null > +++ b/kernel/scs.c > @@ -0,0 +1,162 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Shadow Call Stack support. > + * > + * Copyright (C) 2019 Google LLC > + */ > + > +#include <linux/cpuhotplug.h> > +#include <linux/mm.h> > +#include <linux/slab.h> > +#include <linux/scs.h> > +#include <linux/vmalloc.h> > +#include <asm/scs.h> > + > +#define SCS_END_MAGIC 0xaf0194819b1635f6UL > + > +static inline void *__scs_base(struct task_struct *tsk) > +{ > + return (void *)((uintptr_t)task_scs(tsk) & ~(SCS_SIZE - 1)); > +} > + > +#ifdef CONFIG_SHADOW_CALL_STACK_VMAP > + > +/* Keep a cache of shadow stacks */ > +#define SCS_CACHE_SIZE 2 > +static DEFINE_PER_CPU(void *, scs_cache[SCS_CACHE_SIZE]); > + > +static void *scs_alloc(int node) > +{ > + int i; > + > + for (i = 0; i < SCS_CACHE_SIZE; i++) { > + void *s; > + > + s = this_cpu_xchg(scs_cache[i], NULL); > + if (s) { > + memset(s, 0, SCS_SIZE); > + return s; > + } > + } > + > + return __vmalloc_node_range(SCS_SIZE, SCS_SIZE, > + VMALLOC_START, VMALLOC_END, > + SCS_GFP, PAGE_KERNEL, 0, > + node, __builtin_return_address(0)); > +} > + > +static void scs_free(void *s) > +{ > + int i; > + > + for (i = 0; i < SCS_CACHE_SIZE; i++) { > + if (this_cpu_cmpxchg(scs_cache[i], 0, s) != 0) > + continue; > + > + return; > + } > + > + vfree_atomic(s); > +} > + > +static int scs_cleanup(unsigned int cpu) > +{ > + int i; > + void **cache = per_cpu_ptr(scs_cache, cpu); > + > + for (i = 0; i < SCS_CACHE_SIZE; i++) { > + vfree(cache[i]); > + cache[i] = NULL; > + } > + > + return 0; > +} > + > +void __init scs_init(void) > +{ > + cpuhp_setup_state(CPUHP_BP_PREPARE_DYN, "scs:scs_cache", NULL, > + scs_cleanup); > +} > + > +#else /* !CONFIG_SHADOW_CALL_STACK_VMAP */ > + > +static struct kmem_cache *scs_cache; > + > +static inline void *scs_alloc(int node) > +{ > + return kmem_cache_alloc_node(scs_cache, SCS_GFP, node); > +} > + > +static inline void scs_free(void *s) > +{ > + kmem_cache_free(scs_cache, s); > +} > + > +void __init scs_init(void) > +{ > + scs_cache = kmem_cache_create("scs_cache", SCS_SIZE, SCS_SIZE, > + 0, NULL); > + WARN_ON(!scs_cache); > +} > + > +#endif /* CONFIG_SHADOW_CALL_STACK_VMAP */ > + > +static inline unsigned long *scs_magic(struct task_struct *tsk) > +{ > + return (unsigned long *)(__scs_base(tsk) + SCS_SIZE - sizeof(long)); > +} > + > +static inline void scs_set_magic(struct task_struct *tsk) > +{ > + *scs_magic(tsk) = SCS_END_MAGIC; > +} > + > +void scs_task_init(struct task_struct *tsk) > +{ > + task_set_scs(tsk, NULL); > +} > + > +void scs_task_reset(struct task_struct *tsk) > +{ > + task_set_scs(tsk, __scs_base(tsk)); > +} > + > +void scs_set_init_magic(struct task_struct *tsk) > +{ > + scs_save(tsk); > + scs_set_magic(tsk); > + scs_load(tsk); > +} > + > +int scs_prepare(struct task_struct *tsk, int node) > +{ > + void *s; > + > + s = scs_alloc(node); > + if (!s) > + return -ENOMEM; > + > + task_set_scs(tsk, s); > + scs_set_magic(tsk); > + > + return 0; > +} > + > +bool scs_corrupted(struct task_struct *tsk) > +{ > + return *scs_magic(tsk) != SCS_END_MAGIC; > +} > + > +void scs_release(struct task_struct *tsk) > +{ > + void *s; > + > + s = __scs_base(tsk); > + if (!s) > + return; > + > + WARN_ON(scs_corrupted(tsk)); > + > + scs_task_init(tsk); > + scs_free(s); > +} > -- > 2.23.0.866.gb869b98d4c-goog > -- Thanks, ~Nick Desaulniers
next prev parent reply index Thread overview: 252+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-18 16:10 [PATCH 00/18] add support for Clang's Shadow Call Stack Sami Tolvanen 2019-10-18 16:10 ` [PATCH 01/18] arm64: mm: don't use x18 in idmap_kpti_install_ng_mappings Sami Tolvanen 2019-10-18 16:43 ` Nick Desaulniers 2019-10-18 16:10 ` [PATCH 02/18] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen 2019-10-18 16:10 ` [PATCH 03/18] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen 2019-10-21 6:19 ` Ard Biesheuvel 2019-10-22 17:22 ` Marc Zyngier 2019-10-22 21:45 ` Sami Tolvanen 2019-10-18 16:10 ` [PATCH 04/18] arm64: kernel: avoid x18 as an arbitrary temp register Sami Tolvanen 2019-10-18 16:10 ` [PATCH 05/18] arm64: kbuild: reserve reg x18 from general allocation by the compiler Sami Tolvanen 2019-10-18 17:32 ` Nick Desaulniers 2019-10-18 19:00 ` Sami Tolvanen 2019-10-21 6:12 ` Ard Biesheuvel 2019-10-21 20:43 ` Sami Tolvanen 2019-10-18 16:10 ` [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen 2019-10-18 16:58 ` Joe Perches 2019-10-18 17:08 ` Nick Desaulniers [this message] 2019-10-18 17:11 ` Sami Tolvanen 2019-10-18 18:32 ` Miguel Ojeda 2019-10-18 20:33 ` Nick Desaulniers 2019-10-19 0:21 ` Miguel Ojeda 2019-10-18 17:42 ` Jann Horn 2019-10-18 17:56 ` Sami Tolvanen 2019-10-22 16:28 ` Mark Rutland 2019-10-22 16:30 ` Kees Cook 2019-10-22 16:49 ` Mark Rutland 2019-10-22 19:26 ` Sami Tolvanen 2019-10-24 13:28 ` Mark Rutland 2019-10-24 14:38 ` Masahiro Yamada 2019-10-23 16:59 ` Sami Tolvanen 2019-10-24 1:47 ` Masahiro Yamada 2019-10-24 12:04 ` Steven Rostedt 2019-10-24 22:17 ` Sami Tolvanen 2019-10-18 16:10 ` [PATCH 07/18] scs: add accounting Sami Tolvanen 2019-10-18 16:10 ` [PATCH 08/18] scs: add support for stack usage debugging Sami Tolvanen 2019-10-18 16:10 ` [PATCH 09/18] trace: disable function graph tracing with SCS Sami Tolvanen 2019-10-18 17:01 ` Steven Rostedt 2019-10-18 17:08 ` Sami Tolvanen 2019-10-21 6:15 ` Ard Biesheuvel 2019-10-18 16:10 ` [PATCH 10/18] kprobes: fix compilation without CONFIG_KRETPROBES Sami Tolvanen 2019-10-18 17:02 ` Steven Rostedt 2019-10-21 9:13 ` Masami Hiramatsu 2019-10-18 16:10 ` [PATCH 11/18] kprobes: disable kretprobes with SCS Sami Tolvanen 2019-10-18 17:04 ` Steven Rostedt 2019-10-21 9:15 ` Masami Hiramatsu 2019-10-18 16:10 ` [PATCH 12/18] arm64: reserve x18 only with Shadow Call Stack Sami Tolvanen 2019-10-18 21:23 ` Nick Desaulniers 2019-10-22 16:00 ` Mark Rutland 2019-10-22 16:27 ` Kees Cook 2019-10-18 16:10 ` [PATCH 13/18] arm64: preserve x18 when CPU is suspended Sami Tolvanen 2019-10-18 16:49 ` Nick Desaulniers 2019-10-18 17:05 ` Sami Tolvanen 2019-10-21 16:56 ` Mark Rutland 2019-10-21 22:43 ` Sami Tolvanen 2019-10-22 15:47 ` Mark Rutland 2019-10-18 16:10 ` [PATCH 14/18] arm64: efi: restore x18 if it was corrupted Sami Tolvanen 2019-10-21 6:20 ` Ard Biesheuvel 2019-10-21 22:39 ` Sami Tolvanen 2019-10-22 5:54 ` Ard Biesheuvel 2019-10-18 16:10 ` [PATCH 15/18] arm64: vdso: disable Shadow Call Stack Sami Tolvanen 2019-10-18 16:10 ` [PATCH 16/18] arm64: kprobes: fix kprobes without CONFIG_KRETPROBES Sami Tolvanen 2019-10-21 6:21 ` Ard Biesheuvel 2019-10-21 16:06 ` Kees Cook 2019-10-18 16:10 ` [PATCH 17/18] arm64: disable SCS for hypervisor code Sami Tolvanen 2019-10-18 16:10 ` [PATCH 18/18] arm64: implement Shadow Call Stack Sami Tolvanen 2019-10-18 17:12 ` Jann Horn 2019-10-18 17:18 ` Sami Tolvanen 2019-10-18 17:23 ` Mark Rutland 2019-10-18 17:35 ` Sami Tolvanen 2019-10-21 16:49 ` Mark Rutland 2019-10-21 9:28 ` [PATCH 00/18] add support for Clang's " Masami Hiramatsu 2019-10-24 22:51 ` [PATCH v2 00/17] " samitolvanen 2019-10-24 22:51 ` [PATCH v2 01/17] arm64: mm: don't use x18 in idmap_kpti_install_ng_mappings samitolvanen 2019-10-25 9:24 ` Mark Rutland 2019-10-24 22:51 ` [PATCH v2 02/17] arm64/lib: copy_page: avoid x18 register in assembler code samitolvanen 2019-10-25 9:41 ` Mark Rutland 2019-10-25 21:40 ` Sami Tolvanen 2019-10-24 22:51 ` [PATCH v2 03/17] arm64: kvm: stop treating register x18 as caller save samitolvanen 2019-10-24 22:51 ` [PATCH v2 04/17] arm64: kernel: avoid x18 as an arbitrary temp register samitolvanen 2019-10-25 10:02 ` Mark Rutland 2019-10-24 22:51 ` [PATCH v2 05/17] add support for Clang's Shadow Call Stack (SCS) samitolvanen 2019-10-25 10:56 ` Mark Rutland 2019-10-25 20:49 ` Sami Tolvanen 2019-10-28 16:35 ` Mark Rutland 2019-10-28 19:57 ` Kees Cook 2019-10-29 18:06 ` Sami Tolvanen 2019-10-25 16:22 ` Nick Desaulniers 2019-10-25 20:51 ` Sami Tolvanen 2019-10-26 15:57 ` Joe Perches 2019-10-28 15:19 ` Sami Tolvanen 2019-10-28 15:31 ` Miguel Ojeda 2019-10-28 16:15 ` Sami Tolvanen 2019-10-24 22:51 ` [PATCH v2 06/17] scs: add accounting samitolvanen 2019-10-24 22:51 ` [PATCH v2 07/17] scs: add support for stack usage debugging samitolvanen 2019-10-24 22:51 ` [PATCH v2 08/17] kprobes: fix compilation without CONFIG_KRETPROBES samitolvanen 2019-10-24 22:51 ` [PATCH v2 09/17] arm64: disable function graph tracing with SCS samitolvanen 2019-10-25 11:03 ` Mark Rutland 2019-10-29 17:45 ` Sami Tolvanen 2019-10-29 20:35 ` Nick Desaulniers 2019-10-24 22:51 ` [PATCH v2 10/17] arm64: disable kretprobes " samitolvanen 2019-10-24 22:51 ` [PATCH v2 11/17] arm64: reserve x18 from general allocation " samitolvanen 2019-10-24 22:51 ` [PATCH v2 12/17] arm64: preserve x18 when CPU is suspended samitolvanen 2019-10-24 22:51 ` [PATCH v2 13/17] arm64: efi: restore x18 if it was corrupted samitolvanen 2019-10-24 22:51 ` [PATCH v2 14/17] arm64: vdso: disable Shadow Call Stack samitolvanen 2019-10-24 22:51 ` [PATCH v2 15/17] arm64: kprobes: fix kprobes without CONFIG_KRETPROBES samitolvanen 2019-10-24 22:51 ` [PATCH v2 16/17] arm64: disable SCS for hypervisor code samitolvanen 2019-10-25 1:20 ` Steven Rostedt 2019-10-25 1:29 ` Masahiro Yamada 2019-10-25 1:42 ` Steven Rostedt 2019-10-25 19:24 ` Sami Tolvanen 2019-10-24 22:51 ` [PATCH v2 17/17] arm64: implement Shadow Call Stack samitolvanen 2019-10-31 16:46 ` [PATCH v3 00/17] add support for Clang's " samitolvanen 2019-10-31 16:46 ` [PATCH v3 01/17] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings samitolvanen 2019-10-31 16:46 ` [PATCH v3 02/17] arm64/lib: copy_page: avoid x18 register in assembler code samitolvanen 2019-10-31 16:46 ` [PATCH v3 03/17] arm64: kvm: stop treating register x18 as caller save samitolvanen 2019-11-01 3:48 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 04/17] arm64: kernel: avoid x18 __cpu_soft_restart samitolvanen 2019-11-01 3:47 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 05/17] add support for Clang's Shadow Call Stack (SCS) samitolvanen 2019-11-01 3:51 ` Kees Cook 2019-11-01 16:28 ` Sami Tolvanen 2019-10-31 16:46 ` [PATCH v3 06/17] scs: add accounting samitolvanen 2019-11-01 3:52 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 07/17] scs: add support for stack usage debugging samitolvanen 2019-11-01 3:55 ` Kees Cook 2019-11-01 16:32 ` Sami Tolvanen 2019-11-01 19:02 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 08/17] kprobes: fix compilation without CONFIG_KRETPROBES samitolvanen 2019-11-01 3:55 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 09/17] arm64: kprobes: fix kprobes " samitolvanen 2019-11-01 3:56 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 10/17] arm64: disable kretprobes with SCS samitolvanen 2019-11-01 3:56 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 11/17] arm64: disable function graph tracing " samitolvanen 2019-11-01 3:58 ` Kees Cook 2019-11-01 20:32 ` Sami Tolvanen 2019-10-31 16:46 ` [PATCH v3 12/17] arm64: reserve x18 from general allocation " samitolvanen 2019-10-31 17:11 ` Nick Desaulniers 2019-11-01 3:59 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 13/17] arm64: preserve x18 when CPU is suspended samitolvanen 2019-10-31 17:18 ` Nick Desaulniers 2019-10-31 17:27 ` Sami Tolvanen 2019-10-31 17:34 ` Nick Desaulniers 2019-10-31 17:42 ` Sami Tolvanen 2019-11-01 3:59 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 14/17] arm64: efi: restore x18 if it was corrupted samitolvanen 2019-11-01 4:00 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 15/17] arm64: vdso: disable Shadow Call Stack samitolvanen 2019-10-31 17:28 ` Nick Desaulniers 2019-11-01 4:01 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 16/17] arm64: disable SCS for hypervisor code samitolvanen 2019-11-01 3:46 ` Kees Cook 2019-11-01 4:02 ` Kees Cook 2019-10-31 16:46 ` [PATCH v3 17/17] arm64: implement Shadow Call Stack samitolvanen 2019-11-01 3:45 ` Kees Cook 2019-11-01 15:44 ` Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 00/17] add support for Clang's " Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 01/17] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 02/17] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 03/17] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen 2019-11-04 11:04 ` Marc Zyngier 2019-11-04 13:30 ` Marc Zyngier 2019-11-04 11:51 ` Mark Rutland 2019-11-04 21:44 ` Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 04/17] arm64: kernel: avoid x18 __cpu_soft_restart Sami Tolvanen 2019-11-04 11:39 ` Mark Rutland 2019-11-04 16:44 ` Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 05/17] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen 2019-11-01 22:36 ` Miguel Ojeda 2019-11-04 12:31 ` Mark Rutland 2019-11-04 18:25 ` Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 06/17] scs: add accounting Sami Tolvanen 2019-11-04 13:13 ` Marc Zyngier 2019-11-04 16:42 ` Sami Tolvanen 2019-11-04 16:59 ` Marc Zyngier 2019-11-01 22:11 ` [PATCH v4 07/17] scs: add support for stack usage debugging Sami Tolvanen 2019-11-02 17:31 ` Kees Cook 2019-11-04 12:40 ` Mark Rutland 2019-11-04 21:35 ` Sami Tolvanen 2019-11-05 9:17 ` Mark Rutland 2019-11-01 22:11 ` [PATCH v4 08/17] kprobes: fix compilation without CONFIG_KRETPROBES Sami Tolvanen 2019-11-13 20:27 ` Steven Rostedt 2019-11-01 22:11 ` [PATCH v4 09/17] arm64: kprobes: fix kprobes " Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 10/17] arm64: disable kretprobes with SCS Sami Tolvanen 2019-11-04 17:04 ` Mark Rutland 2019-11-04 23:42 ` Sami Tolvanen 2019-11-05 9:04 ` Mark Rutland 2019-11-01 22:11 ` [PATCH v4 11/17] arm64: disable function graph tracing " Sami Tolvanen 2019-11-04 17:11 ` Mark Rutland 2019-11-04 23:44 ` Sami Tolvanen 2019-11-05 9:15 ` Mark Rutland 2019-11-05 20:00 ` Nick Desaulniers 2019-11-05 22:05 ` Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 12/17] arm64: reserve x18 from general allocation " Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 13/17] arm64: preserve x18 when CPU is suspended Sami Tolvanen 2019-11-04 13:20 ` Marc Zyngier 2019-11-04 21:38 ` Sami Tolvanen 2019-11-04 21:59 ` Nick Desaulniers 2019-11-05 0:02 ` Sami Tolvanen 2019-11-05 14:55 ` Marc Zyngier 2019-11-01 22:11 ` [PATCH v4 14/17] arm64: efi: restore x18 if it was corrupted Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 15/17] arm64: vdso: disable Shadow Call Stack Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 16/17] arm64: disable SCS for hypervisor code Sami Tolvanen 2019-11-01 22:11 ` [PATCH v4 17/17] arm64: implement Shadow Call Stack Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 00/14] add support for Clang's " Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 01/14] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 02/14] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 03/14] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 04/14] arm64: kernel: avoid x18 in __cpu_soft_restart Sami Tolvanen 2019-11-05 23:55 ` [PATCH v5 05/14] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen 2019-11-15 15:37 ` Mark Rutland 2019-11-15 18:34 ` Sami Tolvanen 2019-11-05 23:56 ` [PATCH v5 06/14] scs: add accounting Sami Tolvanen 2019-11-05 23:56 ` [PATCH v5 07/14] scs: add support for stack usage debugging Sami Tolvanen 2019-11-05 23:56 ` [PATCH v5 08/14] arm64: disable function graph tracing with SCS Sami Tolvanen 2019-11-15 14:18 ` Mark Rutland 2019-11-05 23:56 ` [PATCH v5 09/14] arm64: reserve x18 from general allocation " Sami Tolvanen 2019-11-05 23:56 ` [PATCH v5 10/14] arm64: preserve x18 when CPU is suspended Sami Tolvanen 2019-11-06 20:39 ` Nick Desaulniers 2019-11-15 14:27 ` Mark Rutland 2019-11-05 23:56 ` [PATCH v5 11/14] arm64: efi: restore x18 if it was corrupted Sami Tolvanen 2019-11-06 4:45 ` Miguel Ojeda 2019-11-07 10:51 ` Ard Biesheuvel 2019-11-07 16:26 ` Sami Tolvanen 2019-11-05 23:56 ` [PATCH v5 12/14] arm64: vdso: disable Shadow Call Stack Sami Tolvanen 2019-11-15 14:43 ` Mark Rutland 2019-11-05 23:56 ` [PATCH v5 13/14] arm64: disable SCS for hypervisor code Sami Tolvanen 2019-11-15 14:46 ` Mark Rutland 2019-11-05 23:56 ` [PATCH v5 14/14] arm64: implement Shadow Call Stack Sami Tolvanen 2019-11-15 15:20 ` Mark Rutland 2019-11-15 20:19 ` Sami Tolvanen 2019-11-18 23:13 ` Sami Tolvanen 2019-11-12 23:44 ` [PATCH v5 00/14] add support for Clang's " Kees Cook 2019-11-13 12:03 ` Will Deacon 2019-11-13 18:33 ` Kees Cook 2019-11-15 14:16 ` Mark Rutland 2019-12-06 22:13 ` [PATCH v6 00/15] " Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 01/15] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 02/15] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 03/15] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 04/15] arm64: kernel: avoid x18 in __cpu_soft_restart Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 05/15] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 06/15] scs: add accounting Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 07/15] scs: add support for stack usage debugging Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 08/15] arm64: disable function graph tracing with SCS Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 09/15] arm64: reserve x18 from general allocation " Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 10/15] arm64: preserve x18 when CPU is suspended Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 11/15] arm64: efi: restore x18 if it was corrupted Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 12/15] arm64: vdso: disable Shadow Call Stack Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 13/15] arm64: disable SCS for hypervisor code Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 14/15] arm64: implement Shadow Call Stack Sami Tolvanen 2019-12-06 22:13 ` [PATCH v6 15/15] arm64: scs: add shadow stacks for SDEI Sami Tolvanen
Reply instructions: You may reply publically to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAKwvOd=z3RxvJeNV1sBE=Y1b6HgXdnT4M9bwMrUNZcvcSOqwTw@mail.gmail.com' \ --to=ndesaulniers@google.com \ --cc=Dave.Martin@arm.com \ --cc=ard.biesheuvel@linaro.org \ --cc=catalin.marinas@arm.com \ --cc=clang-built-linux@googlegroups.com \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=labbott@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=mark.rutland@arm.com \ --cc=miguel.ojeda.sandonis@gmail.com \ --cc=rostedt@goodmis.org \ --cc=samitolvanen@google.com \ --cc=will@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Kernel-hardening archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \ kernel-hardening@lists.openwall.com public-inbox-index kernel-hardening Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening AGPL code for this site: git clone https://public-inbox.org/public-inbox.git