From: Nick Desaulniers <ndesaulniers@google.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Will Deacon <will@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Dave Martin <Dave.Martin@arm.com>,
Kees Cook <keescook@chromium.org>,
Laura Abbott <labbott@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Jann Horn <jannh@google.com>,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
clang-built-linux <clang-built-linux@googlegroups.com>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 05/17] add support for Clang's Shadow Call Stack (SCS)
Date: Fri, 25 Oct 2019 09:22:30 -0700
Message-ID: <CAKwvOdmfXbnWf0dPN4EGCBVvppVRhuc=eq-pbfmotCCBaRN-Cw@mail.gmail.com> (raw)
In-Reply-To: <20191024225132.13410-6-samitolvanen@google.com>
On Thu, Oct 24, 2019 at 3:51 PM <samitolvanen@google.com> wrote:
>
> This change adds generic support for Clang's Shadow Call Stack,
> which uses a shadow stack to protect return addresses from being
> overwritten by an attacker. Details are available here:
>
> https://clang.llvm.org/docs/ShadowCallStack.html
>
> Note that security guarantees in the kernel differ from the
> ones documented for user space. The kernel must store addresses
> of shadow stacks used by other tasks and interrupt handlers in
> memory, which means an attacker capable reading and writing
> arbitrary memory may be able to locate them and hijack control
> flow by modifying shadow stacks that are not currently in use.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> ---
> Makefile | 6 ++
> arch/Kconfig | 33 +++++++
> include/linux/compiler-clang.h | 6 ++
> include/linux/compiler_types.h | 4 +
> include/linux/scs.h | 78 +++++++++++++++++
> init/init_task.c | 8 ++
> kernel/Makefile | 1 +
> kernel/fork.c | 9 ++
> kernel/sched/core.c | 2 +
> kernel/sched/sched.h | 1 +
> kernel/scs.c | 155 +++++++++++++++++++++++++++++++++
> 11 files changed, 303 insertions(+)
> create mode 100644 include/linux/scs.h
> create mode 100644 kernel/scs.c
>
> diff --git a/Makefile b/Makefile
> index 5475cdb6d57d..2b5c59fb18f2 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -846,6 +846,12 @@ ifdef CONFIG_LIVEPATCH
> KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone)
> endif
>
> +ifdef CONFIG_SHADOW_CALL_STACK
> +CC_FLAGS_SCS := -fsanitize=shadow-call-stack
> +KBUILD_CFLAGS += $(CC_FLAGS_SCS)
> +export CC_FLAGS_SCS
> +endif
> +
> # arch Makefile may override CC so keep this after arch Makefile is included
> NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
>
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 5f8a5d84dbbe..5e34cbcd8d6a 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -521,6 +521,39 @@ config STACKPROTECTOR_STRONG
> about 20% of all kernel functions, which increases the kernel code
> size by about 2%.
>
> +config ARCH_SUPPORTS_SHADOW_CALL_STACK
> + bool
> + help
> + An architecture should select this if it supports Clang's Shadow
> + Call Stack, has asm/scs.h, and implements runtime support for shadow
> + stack switching.
> +
> +config SHADOW_CALL_STACK_VMAP
> + bool
> + depends on SHADOW_CALL_STACK
> + help
> + Use virtually mapped shadow call stacks. Selecting this option
> + provides better stack exhaustion protection, but increases per-thread
> + memory consumption as a full page is allocated for each shadow stack.
> +
> +config SHADOW_CALL_STACK
> + bool "Clang Shadow Call Stack"
> + depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
> + help
> + This option enables Clang's Shadow Call Stack, which uses a
> + shadow stack to protect function return addresses from being
> + overwritten by an attacker. More information can be found from
> + Clang's documentation:
> +
> + https://clang.llvm.org/docs/ShadowCallStack.html
> +
> + Note that security guarantees in the kernel differ from the ones
> + documented for user space. The kernel must store addresses of shadow
> + stacks used by other tasks and interrupt handlers in memory, which
> + means an attacker capable reading and writing arbitrary memory may
> + be able to locate them and hijack control flow by modifying shadow
> + stacks that are not currently in use.
> +
> config HAVE_ARCH_WITHIN_STACK_FRAMES
> bool
> help
> diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h
> index 333a6695a918..afe5e24088b2 100644
> --- a/include/linux/compiler-clang.h
> +++ b/include/linux/compiler-clang.h
> @@ -42,3 +42,9 @@
> * compilers, like ICC.
> */
> #define barrier() __asm__ __volatile__("" : : : "memory")
> +
> +#if __has_feature(shadow_call_stack)
> +# define __noscs __attribute__((no_sanitize("shadow-call-stack")))
> +#else
> +# define __noscs
> +#endif
> diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
> index 72393a8c1a6c..be5d5be4b1ae 100644
> --- a/include/linux/compiler_types.h
> +++ b/include/linux/compiler_types.h
> @@ -202,6 +202,10 @@ struct ftrace_likely_data {
> # define randomized_struct_fields_end
> #endif
>
> +#ifndef __noscs
> +# define __noscs
> +#endif
> +
> #ifndef asm_volatile_goto
> #define asm_volatile_goto(x...) asm goto(x)
> #endif
> diff --git a/include/linux/scs.h b/include/linux/scs.h
> new file mode 100644
> index 000000000000..c8b0ccfdd803
> --- /dev/null
> +++ b/include/linux/scs.h
> @@ -0,0 +1,78 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Shadow Call Stack support.
> + *
> + * Copyright (C) 2018 Google LLC
> + */
> +
> +#ifndef _LINUX_SCS_H
> +#define _LINUX_SCS_H
> +
> +#include <linux/gfp.h>
> +#include <linux/sched.h>
> +#include <asm/page.h>
> +
> +#ifdef CONFIG_SHADOW_CALL_STACK
> +
> +#define SCS_SIZE 1024
> +#define SCS_END_MAGIC 0xaf0194819b1635f6UL
> +
> +#define GFP_SCS (GFP_KERNEL | __GFP_ZERO)
> +
> +static inline void *task_scs(struct task_struct *tsk)
> +{
> + return task_thread_info(tsk)->shadow_call_stack;
> +}
> +
> +static inline void task_set_scs(struct task_struct *tsk, void *s)
> +{
> + task_thread_info(tsk)->shadow_call_stack = s;
> +}
> +
> +extern void scs_init(void);
> +extern void scs_task_init(struct task_struct *tsk);
> +extern void scs_task_reset(struct task_struct *tsk);
> +extern int scs_prepare(struct task_struct *tsk, int node);
> +extern bool scs_corrupted(struct task_struct *tsk);
> +extern void scs_release(struct task_struct *tsk);
> +
> +#else /* CONFIG_SHADOW_CALL_STACK */
> +
> +static inline void *task_scs(struct task_struct *tsk)
> +{
> + return 0;
> +}
> +
> +static inline void task_set_scs(struct task_struct *tsk, void *s)
> +{
> +}
> +
> +static inline void scs_init(void)
> +{
> +}
> +
> +static inline void scs_task_init(struct task_struct *tsk)
> +{
> +}
> +
> +static inline void scs_task_reset(struct task_struct *tsk)
> +{
> +}
> +
> +static inline int scs_prepare(struct task_struct *tsk, int node)
> +{
> + return 0;
> +}
> +
> +static inline bool scs_corrupted(struct task_struct *tsk)
> +{
> + return false;
> +}
> +
> +static inline void scs_release(struct task_struct *tsk)
> +{
> +}
> +
> +#endif /* CONFIG_SHADOW_CALL_STACK */
> +
> +#endif /* _LINUX_SCS_H */
> diff --git a/init/init_task.c b/init/init_task.c
> index 9e5cbe5eab7b..cbd40460e903 100644
> --- a/init/init_task.c
> +++ b/init/init_task.c
> @@ -11,6 +11,7 @@
> #include <linux/mm.h>
> #include <linux/audit.h>
> #include <linux/numa.h>
> +#include <linux/scs.h>
>
> #include <asm/pgtable.h>
> #include <linux/uaccess.h>
> @@ -184,6 +185,13 @@ struct task_struct init_task
> };
> EXPORT_SYMBOL(init_task);
>
> +#ifdef CONFIG_SHADOW_CALL_STACK
> +unsigned long init_shadow_call_stack[SCS_SIZE / sizeof(long)] __init_task_data
> + __aligned(SCS_SIZE) = {
> + [(SCS_SIZE / sizeof(long)) - 1] = SCS_END_MAGIC
> +};
> +#endif
> +
> /*
> * Initial thread structure. Alignment of this is handled by a special
> * linker map entry.
> diff --git a/kernel/Makefile b/kernel/Makefile
> index daad787fb795..313dbd44d576 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -102,6 +102,7 @@ obj-$(CONFIG_TRACEPOINTS) += trace/
> obj-$(CONFIG_IRQ_WORK) += irq_work.o
> obj-$(CONFIG_CPU_PM) += cpu_pm.o
> obj-$(CONFIG_BPF) += bpf/
> +obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o
>
> obj-$(CONFIG_PERF_EVENTS) += events/
>
> diff --git a/kernel/fork.c b/kernel/fork.c
> index bcdf53125210..ae7ebe9f0586 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -94,6 +94,7 @@
> #include <linux/livepatch.h>
> #include <linux/thread_info.h>
> #include <linux/stackleak.h>
> +#include <linux/scs.h>
>
> #include <asm/pgtable.h>
> #include <asm/pgalloc.h>
> @@ -451,6 +452,8 @@ void put_task_stack(struct task_struct *tsk)
>
> void free_task(struct task_struct *tsk)
> {
> + scs_release(tsk);
> +
> #ifndef CONFIG_THREAD_INFO_IN_TASK
> /*
> * The task is finally done with both the stack and thread_info,
> @@ -834,6 +837,8 @@ void __init fork_init(void)
> NULL, free_vm_stack_cache);
> #endif
>
> + scs_init();
> +
> lockdep_init_task(&init_task);
> uprobes_init();
> }
> @@ -907,6 +912,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig, int node)
> clear_user_return_notifier(tsk);
> clear_tsk_need_resched(tsk);
> set_task_stack_end_magic(tsk);
> + scs_task_init(tsk);
>
> #ifdef CONFIG_STACKPROTECTOR
> tsk->stack_canary = get_random_canary();
> @@ -2022,6 +2028,9 @@ static __latent_entropy struct task_struct *copy_process(
> args->tls);
> if (retval)
> goto bad_fork_cleanup_io;
> + retval = scs_prepare(p, node);
> + if (retval)
> + goto bad_fork_cleanup_thread;
>
> stackleak_task_init(p);
>
> diff --git a/kernel/sched/core.c b/kernel/sched/core.c
> index dd05a378631a..e7faeb383008 100644
> --- a/kernel/sched/core.c
> +++ b/kernel/sched/core.c
> @@ -6013,6 +6013,8 @@ void init_idle(struct task_struct *idle, int cpu)
> raw_spin_lock_irqsave(&idle->pi_lock, flags);
> raw_spin_lock(&rq->lock);
>
> + scs_task_reset(idle);
> +
> __sched_fork(0, idle);
> idle->state = TASK_RUNNING;
> idle->se.exec_start = sched_clock();
> diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
> index 0db2c1b3361e..c153003a011c 100644
> --- a/kernel/sched/sched.h
> +++ b/kernel/sched/sched.h
> @@ -58,6 +58,7 @@
> #include <linux/profile.h>
> #include <linux/psi.h>
> #include <linux/rcupdate_wait.h>
> +#include <linux/scs.h>
> #include <linux/security.h>
> #include <linux/stop_machine.h>
> #include <linux/suspend.h>
> diff --git a/kernel/scs.c b/kernel/scs.c
> new file mode 100644
> index 000000000000..383d29e8c199
> --- /dev/null
> +++ b/kernel/scs.c
> @@ -0,0 +1,155 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Shadow Call Stack support.
> + *
> + * Copyright (C) 2019 Google LLC
> + */
> +
> +#include <linux/cpuhotplug.h>
> +#include <linux/mm.h>
> +#include <linux/slab.h>
> +#include <linux/scs.h>
> +#include <linux/vmalloc.h>
> +#include <asm/scs.h>
> +
> +static inline void *__scs_base(struct task_struct *tsk)
> +{
> + return (void *)((uintptr_t)task_scs(tsk) & ~(SCS_SIZE - 1));
> +}
> +
> +#ifdef CONFIG_SHADOW_CALL_STACK_VMAP
> +
> +/* Keep a cache of shadow stacks */
> +#define SCS_CACHE_SIZE 2
> +static DEFINE_PER_CPU(void *, scs_cache[SCS_CACHE_SIZE]);
> +
> +static void *scs_alloc(int node)
> +{
> + int i;
> +
> + for (i = 0; i < SCS_CACHE_SIZE; i++) {
> + void *s;
> +
> + s = this_cpu_xchg(scs_cache[i], NULL);
> + if (s) {
> + memset(s, 0, SCS_SIZE);
> + return s;
> + }
> + }
> +
> + BUILD_BUG_ON(SCS_SIZE > PAGE_SIZE);
> +
> + return __vmalloc_node_range(PAGE_SIZE, SCS_SIZE,
> + VMALLOC_START, VMALLOC_END,
> + GFP_SCS, PAGE_KERNEL, 0,
> + node, __builtin_return_address(0));
> +}
> +
> +static void scs_free(void *s)
> +{
> + int i;
> +
> + for (i = 0; i < SCS_CACHE_SIZE; i++) {
> + if (this_cpu_cmpxchg(scs_cache[i], 0, s) != 0)
> + continue;
> +
> + return;
> + }
prefer:
for ...:
if foo() == 0:
return
to:
for ...:
if foo() != 0:
continue
return
> +
> + vfree_atomic(s);
> +}
> +
> +static int scs_cleanup(unsigned int cpu)
> +{
> + int i;
> + void **cache = per_cpu_ptr(scs_cache, cpu);
> +
> + for (i = 0; i < SCS_CACHE_SIZE; i++) {
> + vfree(cache[i]);
> + cache[i] = NULL;
> + }
> +
> + return 0;
> +}
> +
> +void __init scs_init(void)
> +{
> + cpuhp_setup_state(CPUHP_BP_PREPARE_DYN, "scs:scs_cache", NULL,
> + scs_cleanup);
> +}
> +
> +#else /* !CONFIG_SHADOW_CALL_STACK_VMAP */
> +
> +static struct kmem_cache *scs_cache;
> +
> +static inline void *scs_alloc(int node)
> +{
> + return kmem_cache_alloc_node(scs_cache, GFP_SCS, node);
> +}
> +
> +static inline void scs_free(void *s)
> +{
> + kmem_cache_free(scs_cache, s);
> +}
> +
> +void __init scs_init(void)
> +{
> + scs_cache = kmem_cache_create("scs_cache", SCS_SIZE, SCS_SIZE,
> + 0, NULL);
> + WARN_ON(!scs_cache);
> +}
> +
> +#endif /* CONFIG_SHADOW_CALL_STACK_VMAP */
> +
> +static inline unsigned long *scs_magic(struct task_struct *tsk)
> +{
> + return (unsigned long *)(__scs_base(tsk) + SCS_SIZE - sizeof(long));
> +}
> +
> +static inline void scs_set_magic(struct task_struct *tsk)
> +{
> + *scs_magic(tsk) = SCS_END_MAGIC;
> +}
> +
> +void scs_task_init(struct task_struct *tsk)
> +{
> + task_set_scs(tsk, NULL);
> +}
> +
> +void scs_task_reset(struct task_struct *tsk)
> +{
> + task_set_scs(tsk, __scs_base(tsk));
> +}
> +
> +int scs_prepare(struct task_struct *tsk, int node)
> +{
> + void *s;
> +
> + s = scs_alloc(node);
> + if (!s)
> + return -ENOMEM;
> +
> + task_set_scs(tsk, s);
> + scs_set_magic(tsk);
> +
> + return 0;
> +}
> +
> +bool scs_corrupted(struct task_struct *tsk)
> +{
> + return *scs_magic(tsk) != SCS_END_MAGIC;
> +}
> +
> +void scs_release(struct task_struct *tsk)
> +{
> + void *s;
> +
> + s = __scs_base(tsk);
> + if (!s)
> + return;
> +
> + WARN_ON(scs_corrupted(tsk));
> +
> + scs_task_init(tsk);
> + scs_free(s);
> +}
> --
> 2.24.0.rc0.303.g954a862665-goog
>
--
Thanks,
~Nick Desaulniers
next prev parent reply index
Thread overview: 252+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-18 16:10 [PATCH 00/18] add support for Clang's Shadow Call Stack Sami Tolvanen
2019-10-18 16:10 ` [PATCH 01/18] arm64: mm: don't use x18 in idmap_kpti_install_ng_mappings Sami Tolvanen
2019-10-18 16:43 ` Nick Desaulniers
2019-10-18 16:10 ` [PATCH 02/18] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen
2019-10-18 16:10 ` [PATCH 03/18] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen
2019-10-21 6:19 ` Ard Biesheuvel
2019-10-22 17:22 ` Marc Zyngier
2019-10-22 21:45 ` Sami Tolvanen
2019-10-18 16:10 ` [PATCH 04/18] arm64: kernel: avoid x18 as an arbitrary temp register Sami Tolvanen
2019-10-18 16:10 ` [PATCH 05/18] arm64: kbuild: reserve reg x18 from general allocation by the compiler Sami Tolvanen
2019-10-18 17:32 ` Nick Desaulniers
2019-10-18 19:00 ` Sami Tolvanen
2019-10-21 6:12 ` Ard Biesheuvel
2019-10-21 20:43 ` Sami Tolvanen
2019-10-18 16:10 ` [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen
2019-10-18 16:58 ` Joe Perches
2019-10-18 17:08 ` Nick Desaulniers
2019-10-18 17:11 ` Sami Tolvanen
2019-10-18 18:32 ` Miguel Ojeda
2019-10-18 20:33 ` Nick Desaulniers
2019-10-19 0:21 ` Miguel Ojeda
2019-10-18 17:42 ` Jann Horn
2019-10-18 17:56 ` Sami Tolvanen
2019-10-22 16:28 ` Mark Rutland
2019-10-22 16:30 ` Kees Cook
2019-10-22 16:49 ` Mark Rutland
2019-10-22 19:26 ` Sami Tolvanen
2019-10-24 13:28 ` Mark Rutland
2019-10-24 14:38 ` Masahiro Yamada
2019-10-23 16:59 ` Sami Tolvanen
2019-10-24 1:47 ` Masahiro Yamada
2019-10-24 12:04 ` Steven Rostedt
2019-10-24 22:17 ` Sami Tolvanen
2019-10-18 16:10 ` [PATCH 07/18] scs: add accounting Sami Tolvanen
2019-10-18 16:10 ` [PATCH 08/18] scs: add support for stack usage debugging Sami Tolvanen
2019-10-18 16:10 ` [PATCH 09/18] trace: disable function graph tracing with SCS Sami Tolvanen
2019-10-18 17:01 ` Steven Rostedt
2019-10-18 17:08 ` Sami Tolvanen
2019-10-21 6:15 ` Ard Biesheuvel
2019-10-18 16:10 ` [PATCH 10/18] kprobes: fix compilation without CONFIG_KRETPROBES Sami Tolvanen
2019-10-18 17:02 ` Steven Rostedt
2019-10-21 9:13 ` Masami Hiramatsu
2019-10-18 16:10 ` [PATCH 11/18] kprobes: disable kretprobes with SCS Sami Tolvanen
2019-10-18 17:04 ` Steven Rostedt
2019-10-21 9:15 ` Masami Hiramatsu
2019-10-18 16:10 ` [PATCH 12/18] arm64: reserve x18 only with Shadow Call Stack Sami Tolvanen
2019-10-18 21:23 ` Nick Desaulniers
2019-10-22 16:00 ` Mark Rutland
2019-10-22 16:27 ` Kees Cook
2019-10-18 16:10 ` [PATCH 13/18] arm64: preserve x18 when CPU is suspended Sami Tolvanen
2019-10-18 16:49 ` Nick Desaulniers
2019-10-18 17:05 ` Sami Tolvanen
2019-10-21 16:56 ` Mark Rutland
2019-10-21 22:43 ` Sami Tolvanen
2019-10-22 15:47 ` Mark Rutland
2019-10-18 16:10 ` [PATCH 14/18] arm64: efi: restore x18 if it was corrupted Sami Tolvanen
2019-10-21 6:20 ` Ard Biesheuvel
2019-10-21 22:39 ` Sami Tolvanen
2019-10-22 5:54 ` Ard Biesheuvel
2019-10-18 16:10 ` [PATCH 15/18] arm64: vdso: disable Shadow Call Stack Sami Tolvanen
2019-10-18 16:10 ` [PATCH 16/18] arm64: kprobes: fix kprobes without CONFIG_KRETPROBES Sami Tolvanen
2019-10-21 6:21 ` Ard Biesheuvel
2019-10-21 16:06 ` Kees Cook
2019-10-18 16:10 ` [PATCH 17/18] arm64: disable SCS for hypervisor code Sami Tolvanen
2019-10-18 16:10 ` [PATCH 18/18] arm64: implement Shadow Call Stack Sami Tolvanen
2019-10-18 17:12 ` Jann Horn
2019-10-18 17:18 ` Sami Tolvanen
2019-10-18 17:23 ` Mark Rutland
2019-10-18 17:35 ` Sami Tolvanen
2019-10-21 16:49 ` Mark Rutland
2019-10-21 9:28 ` [PATCH 00/18] add support for Clang's " Masami Hiramatsu
2019-10-24 22:51 ` [PATCH v2 00/17] " samitolvanen
2019-10-24 22:51 ` [PATCH v2 01/17] arm64: mm: don't use x18 in idmap_kpti_install_ng_mappings samitolvanen
2019-10-25 9:24 ` Mark Rutland
2019-10-24 22:51 ` [PATCH v2 02/17] arm64/lib: copy_page: avoid x18 register in assembler code samitolvanen
2019-10-25 9:41 ` Mark Rutland
2019-10-25 21:40 ` Sami Tolvanen
2019-10-24 22:51 ` [PATCH v2 03/17] arm64: kvm: stop treating register x18 as caller save samitolvanen
2019-10-24 22:51 ` [PATCH v2 04/17] arm64: kernel: avoid x18 as an arbitrary temp register samitolvanen
2019-10-25 10:02 ` Mark Rutland
2019-10-24 22:51 ` [PATCH v2 05/17] add support for Clang's Shadow Call Stack (SCS) samitolvanen
2019-10-25 10:56 ` Mark Rutland
2019-10-25 20:49 ` Sami Tolvanen
2019-10-28 16:35 ` Mark Rutland
2019-10-28 19:57 ` Kees Cook
2019-10-29 18:06 ` Sami Tolvanen
2019-10-25 16:22 ` Nick Desaulniers [this message]
2019-10-25 20:51 ` Sami Tolvanen
2019-10-26 15:57 ` Joe Perches
2019-10-28 15:19 ` Sami Tolvanen
2019-10-28 15:31 ` Miguel Ojeda
2019-10-28 16:15 ` Sami Tolvanen
2019-10-24 22:51 ` [PATCH v2 06/17] scs: add accounting samitolvanen
2019-10-24 22:51 ` [PATCH v2 07/17] scs: add support for stack usage debugging samitolvanen
2019-10-24 22:51 ` [PATCH v2 08/17] kprobes: fix compilation without CONFIG_KRETPROBES samitolvanen
2019-10-24 22:51 ` [PATCH v2 09/17] arm64: disable function graph tracing with SCS samitolvanen
2019-10-25 11:03 ` Mark Rutland
2019-10-29 17:45 ` Sami Tolvanen
2019-10-29 20:35 ` Nick Desaulniers
2019-10-24 22:51 ` [PATCH v2 10/17] arm64: disable kretprobes " samitolvanen
2019-10-24 22:51 ` [PATCH v2 11/17] arm64: reserve x18 from general allocation " samitolvanen
2019-10-24 22:51 ` [PATCH v2 12/17] arm64: preserve x18 when CPU is suspended samitolvanen
2019-10-24 22:51 ` [PATCH v2 13/17] arm64: efi: restore x18 if it was corrupted samitolvanen
2019-10-24 22:51 ` [PATCH v2 14/17] arm64: vdso: disable Shadow Call Stack samitolvanen
2019-10-24 22:51 ` [PATCH v2 15/17] arm64: kprobes: fix kprobes without CONFIG_KRETPROBES samitolvanen
2019-10-24 22:51 ` [PATCH v2 16/17] arm64: disable SCS for hypervisor code samitolvanen
2019-10-25 1:20 ` Steven Rostedt
2019-10-25 1:29 ` Masahiro Yamada
2019-10-25 1:42 ` Steven Rostedt
2019-10-25 19:24 ` Sami Tolvanen
2019-10-24 22:51 ` [PATCH v2 17/17] arm64: implement Shadow Call Stack samitolvanen
2019-10-31 16:46 ` [PATCH v3 00/17] add support for Clang's " samitolvanen
2019-10-31 16:46 ` [PATCH v3 01/17] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings samitolvanen
2019-10-31 16:46 ` [PATCH v3 02/17] arm64/lib: copy_page: avoid x18 register in assembler code samitolvanen
2019-10-31 16:46 ` [PATCH v3 03/17] arm64: kvm: stop treating register x18 as caller save samitolvanen
2019-11-01 3:48 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 04/17] arm64: kernel: avoid x18 __cpu_soft_restart samitolvanen
2019-11-01 3:47 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 05/17] add support for Clang's Shadow Call Stack (SCS) samitolvanen
2019-11-01 3:51 ` Kees Cook
2019-11-01 16:28 ` Sami Tolvanen
2019-10-31 16:46 ` [PATCH v3 06/17] scs: add accounting samitolvanen
2019-11-01 3:52 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 07/17] scs: add support for stack usage debugging samitolvanen
2019-11-01 3:55 ` Kees Cook
2019-11-01 16:32 ` Sami Tolvanen
2019-11-01 19:02 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 08/17] kprobes: fix compilation without CONFIG_KRETPROBES samitolvanen
2019-11-01 3:55 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 09/17] arm64: kprobes: fix kprobes " samitolvanen
2019-11-01 3:56 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 10/17] arm64: disable kretprobes with SCS samitolvanen
2019-11-01 3:56 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 11/17] arm64: disable function graph tracing " samitolvanen
2019-11-01 3:58 ` Kees Cook
2019-11-01 20:32 ` Sami Tolvanen
2019-10-31 16:46 ` [PATCH v3 12/17] arm64: reserve x18 from general allocation " samitolvanen
2019-10-31 17:11 ` Nick Desaulniers
2019-11-01 3:59 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 13/17] arm64: preserve x18 when CPU is suspended samitolvanen
2019-10-31 17:18 ` Nick Desaulniers
2019-10-31 17:27 ` Sami Tolvanen
2019-10-31 17:34 ` Nick Desaulniers
2019-10-31 17:42 ` Sami Tolvanen
2019-11-01 3:59 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 14/17] arm64: efi: restore x18 if it was corrupted samitolvanen
2019-11-01 4:00 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 15/17] arm64: vdso: disable Shadow Call Stack samitolvanen
2019-10-31 17:28 ` Nick Desaulniers
2019-11-01 4:01 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 16/17] arm64: disable SCS for hypervisor code samitolvanen
2019-11-01 3:46 ` Kees Cook
2019-11-01 4:02 ` Kees Cook
2019-10-31 16:46 ` [PATCH v3 17/17] arm64: implement Shadow Call Stack samitolvanen
2019-11-01 3:45 ` Kees Cook
2019-11-01 15:44 ` Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 00/17] add support for Clang's " Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 01/17] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 02/17] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 03/17] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen
2019-11-04 11:04 ` Marc Zyngier
2019-11-04 13:30 ` Marc Zyngier
2019-11-04 11:51 ` Mark Rutland
2019-11-04 21:44 ` Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 04/17] arm64: kernel: avoid x18 __cpu_soft_restart Sami Tolvanen
2019-11-04 11:39 ` Mark Rutland
2019-11-04 16:44 ` Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 05/17] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen
2019-11-01 22:36 ` Miguel Ojeda
2019-11-04 12:31 ` Mark Rutland
2019-11-04 18:25 ` Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 06/17] scs: add accounting Sami Tolvanen
2019-11-04 13:13 ` Marc Zyngier
2019-11-04 16:42 ` Sami Tolvanen
2019-11-04 16:59 ` Marc Zyngier
2019-11-01 22:11 ` [PATCH v4 07/17] scs: add support for stack usage debugging Sami Tolvanen
2019-11-02 17:31 ` Kees Cook
2019-11-04 12:40 ` Mark Rutland
2019-11-04 21:35 ` Sami Tolvanen
2019-11-05 9:17 ` Mark Rutland
2019-11-01 22:11 ` [PATCH v4 08/17] kprobes: fix compilation without CONFIG_KRETPROBES Sami Tolvanen
2019-11-13 20:27 ` Steven Rostedt
2019-11-01 22:11 ` [PATCH v4 09/17] arm64: kprobes: fix kprobes " Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 10/17] arm64: disable kretprobes with SCS Sami Tolvanen
2019-11-04 17:04 ` Mark Rutland
2019-11-04 23:42 ` Sami Tolvanen
2019-11-05 9:04 ` Mark Rutland
2019-11-01 22:11 ` [PATCH v4 11/17] arm64: disable function graph tracing " Sami Tolvanen
2019-11-04 17:11 ` Mark Rutland
2019-11-04 23:44 ` Sami Tolvanen
2019-11-05 9:15 ` Mark Rutland
2019-11-05 20:00 ` Nick Desaulniers
2019-11-05 22:05 ` Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 12/17] arm64: reserve x18 from general allocation " Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 13/17] arm64: preserve x18 when CPU is suspended Sami Tolvanen
2019-11-04 13:20 ` Marc Zyngier
2019-11-04 21:38 ` Sami Tolvanen
2019-11-04 21:59 ` Nick Desaulniers
2019-11-05 0:02 ` Sami Tolvanen
2019-11-05 14:55 ` Marc Zyngier
2019-11-01 22:11 ` [PATCH v4 14/17] arm64: efi: restore x18 if it was corrupted Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 15/17] arm64: vdso: disable Shadow Call Stack Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 16/17] arm64: disable SCS for hypervisor code Sami Tolvanen
2019-11-01 22:11 ` [PATCH v4 17/17] arm64: implement Shadow Call Stack Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 00/14] add support for Clang's " Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 01/14] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 02/14] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 03/14] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 04/14] arm64: kernel: avoid x18 in __cpu_soft_restart Sami Tolvanen
2019-11-05 23:55 ` [PATCH v5 05/14] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen
2019-11-15 15:37 ` Mark Rutland
2019-11-15 18:34 ` Sami Tolvanen
2019-11-05 23:56 ` [PATCH v5 06/14] scs: add accounting Sami Tolvanen
2019-11-05 23:56 ` [PATCH v5 07/14] scs: add support for stack usage debugging Sami Tolvanen
2019-11-05 23:56 ` [PATCH v5 08/14] arm64: disable function graph tracing with SCS Sami Tolvanen
2019-11-15 14:18 ` Mark Rutland
2019-11-05 23:56 ` [PATCH v5 09/14] arm64: reserve x18 from general allocation " Sami Tolvanen
2019-11-05 23:56 ` [PATCH v5 10/14] arm64: preserve x18 when CPU is suspended Sami Tolvanen
2019-11-06 20:39 ` Nick Desaulniers
2019-11-15 14:27 ` Mark Rutland
2019-11-05 23:56 ` [PATCH v5 11/14] arm64: efi: restore x18 if it was corrupted Sami Tolvanen
2019-11-06 4:45 ` Miguel Ojeda
2019-11-07 10:51 ` Ard Biesheuvel
2019-11-07 16:26 ` Sami Tolvanen
2019-11-05 23:56 ` [PATCH v5 12/14] arm64: vdso: disable Shadow Call Stack Sami Tolvanen
2019-11-15 14:43 ` Mark Rutland
2019-11-05 23:56 ` [PATCH v5 13/14] arm64: disable SCS for hypervisor code Sami Tolvanen
2019-11-15 14:46 ` Mark Rutland
2019-11-05 23:56 ` [PATCH v5 14/14] arm64: implement Shadow Call Stack Sami Tolvanen
2019-11-15 15:20 ` Mark Rutland
2019-11-15 20:19 ` Sami Tolvanen
2019-11-18 23:13 ` Sami Tolvanen
2019-11-12 23:44 ` [PATCH v5 00/14] add support for Clang's " Kees Cook
2019-11-13 12:03 ` Will Deacon
2019-11-13 18:33 ` Kees Cook
2019-11-15 14:16 ` Mark Rutland
2019-12-06 22:13 ` [PATCH v6 00/15] " Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 01/15] arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 02/15] arm64/lib: copy_page: avoid x18 register in assembler code Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 03/15] arm64: kvm: stop treating register x18 as caller save Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 04/15] arm64: kernel: avoid x18 in __cpu_soft_restart Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 05/15] add support for Clang's Shadow Call Stack (SCS) Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 06/15] scs: add accounting Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 07/15] scs: add support for stack usage debugging Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 08/15] arm64: disable function graph tracing with SCS Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 09/15] arm64: reserve x18 from general allocation " Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 10/15] arm64: preserve x18 when CPU is suspended Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 11/15] arm64: efi: restore x18 if it was corrupted Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 12/15] arm64: vdso: disable Shadow Call Stack Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 13/15] arm64: disable SCS for hypervisor code Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 14/15] arm64: implement Shadow Call Stack Sami Tolvanen
2019-12-06 22:13 ` [PATCH v6 15/15] arm64: scs: add shadow stacks for SDEI Sami Tolvanen
Reply instructions:
You may reply publically to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKwvOdmfXbnWf0dPN4EGCBVvppVRhuc=eq-pbfmotCCBaRN-Cw@mail.gmail.com' \
--to=ndesaulniers@google.com \
--cc=Dave.Martin@arm.com \
--cc=ard.biesheuvel@linaro.org \
--cc=catalin.marinas@arm.com \
--cc=clang-built-linux@googlegroups.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mhiramat@kernel.org \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=rostedt@goodmis.org \
--cc=samitolvanen@google.com \
--cc=will@kernel.org \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Kernel-hardening archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
kernel-hardening@lists.openwall.com
public-inbox-index kernel-hardening
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git