From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7CCDC433B4 for ; Tue, 4 May 2021 16:08:00 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 436EA61176 for ; Tue, 4 May 2021 16:08:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 436EA61176 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: In-Reply-To:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Reply-To:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=JHbCcpa+Y/sIk1G5D1W7uE4y9dUUskEIwL1xrAVmy7Y=; b=c+0h5GC4XBzb+5mcfSwWpUHBy EcJvpWFXIV+josxKcYtfHT4ZGrFh/FeOkIJdVJayo9yxLr/ESFn22FRDtqagv5lukqQ7JocJOpCpx nDfQiEUpkKo6WJECGbSaipYrR7/6xtiAcBKMrGZtIPb2ZsEK0/9kARQkj3CFcFrwl5aEL1n+SRwco 34J7Pc8edoF2pCWho17+iKeVICLMjzMhYKyh+/D1tnBkSynnQv81Gm7Q5HYFZF4n+27xWWM6aZeJF TIfM7pbqLLL57OGPT0nvIB8/DJawy31VzcsQYnTYtOsFLzjD7pOrRL+vyv8eInWLYqC1sIz9HuHr7 dFQiWM2yw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1ldxYU-00GVBW-8F; Tue, 04 May 2021 16:05:50 +0000 Received: from bombadil.infradead.org ([2607:7c80:54:e::133]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ldxYR-00GVBD-By for linux-arm-kernel@desiato.infradead.org; Tue, 04 May 2021 16:05:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=In-Reply-To:Content-Type:MIME-Version :References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=JRjUmigEm74KUJ481NHEU8NmOrKTiUQOL2LPPJIAJSg=; b=1B+eeBViex7zTfHu/zP6/KmBy0 PGZ36mbh5TKfqLUPv9SJqdj06f8+/H5HYiGO+VOna7uzQbvCUXbtqIrn6fmVR0lxR2aneMnh/O62a HUtOvVFxVHO9lnDgDANifk+qY0IGerJGJROTR4HsOE6hSGyHNn9+333k3bzKGLhFPKOcAqkJNes2z WNYMV7P9o72UNdEt1o0RYGjqXD8Br0RfUekq2EDskB+Np3kRri/U2MyBlqetdiPffS9AQY6N7aIUV QSbo29v6lqGeF9zUi6xEpfx1JqtO7OJIJbPcoKPxcypuXIu47Gg0wPOnGM68x7DRDs6N7UWfVa8Sh 3Ou26oyA==; Received: from mail.kernel.org ([198.145.29.99]) by bombadil.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1ldxYO-0045aw-Nj for linux-arm-kernel@lists.infradead.org; Tue, 04 May 2021 16:05:46 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id AE419611AC; Tue, 4 May 2021 16:05:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1620144344; bh=LQnqHtgDaRPNkjrKh1YzLKOz7oKbXuyUuFN79710JX0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RU7giC9qxC4+vQOZ+3/CorOhHdo9aKMH3Oi/5MmN6nao4PCFW6aP3xNS2LgW2yiwO VYH9AsOgV9lCu7jp2JgDAb5O6uq6lRgtsc/Dh9plbwHQ8tdXfNZ26ZdICT/Yg/yUpr CT0HKeZ1Lyi8u1cVswKkSy8S8Y2Ca2v4B9gzk/D48kjsFkEXZ9rjZlBXioZ1kHdo6p UoVK9DyyYhYtskyIYXDseuj+cBdevRdSSV0A5DOvttZcQ6eaEU1uY1Tior3fyZcEDC xHDkGl2rr2fg3xFK9CVDEU0zWzLfSAldBfuYS7wTHCYej+7mYdM9jTJjHgGzYSNOhz am1Uf60sNmyHg== Date: Tue, 4 May 2021 17:05:08 +0100 From: Mark Brown To: madvenka@linux.microsoft.com Cc: jpoimboe@redhat.com, mark.rutland@arm.com, jthierry@redhat.com, catalin.marinas@arm.com, will@kernel.org, jmorris@namei.org, pasha.tatashin@soleen.com, linux-arm-kernel@lists.infradead.org, live-patching@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH v3 2/4] arm64: Check the return PC against unreliable code sections Message-ID: <20210504160508.GC7094@sirena.org.uk> References: <65cf4dfbc439b010b50a0c46ec500432acde86d6> <20210503173615.21576-1-madvenka@linux.microsoft.com> <20210503173615.21576-3-madvenka@linux.microsoft.com> MIME-Version: 1.0 In-Reply-To: <20210503173615.21576-3-madvenka@linux.microsoft.com> X-Cookie: MY income is ALL disposable! User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210504_090544_852567_08506D35 X-CRM114-Status: GOOD ( 17.69 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3451647040753961675==" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org --===============3451647040753961675== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LwW0XdcUbUexiWVK" Content-Disposition: inline --LwW0XdcUbUexiWVK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 03, 2021 at 12:36:13PM -0500, madvenka@linux.microsoft.com wrot= e: > From: "Madhavan T. Venkataraman" >=20 > Create a sym_code_ranges[] array to cover the following text sections that > contain functions defined as SYM_CODE_*(). These functions are low-level This makes sense to me - a few of bikesheddy comments below but nothing really substantive. > +static struct code_range *lookup_range(unsigned long pc) This feels like it should have a prefix on the name (eg, unwinder_) since it looks collision prone. Or lookup_code_range() rather than just plain lookup_range(). > +{ + struct code_range *range; + =20 + for (range =3D sym_code_ranges; range->start; range++) { It seems more idiomatic to use ARRAY_SIZE() rather than a sentinel here, the array can't be empty. > + range =3D lookup_range(frame->pc); > + > #ifdef CONFIG_FUNCTION_GRAPH_TRACER > if (tsk->ret_stack && > frame->pc =3D=3D (unsigned long)return_to_handler) { > @@ -118,9 +160,21 @@ int notrace unwind_frame(struct task_struct *tsk, st= ruct stackframe *frame) > return -EINVAL; > frame->pc =3D ret_stack->ret; > frame->pc =3D ptrauth_strip_insn_pac(frame->pc); > + return 0; > } Do we not need to look up the range of the restored pc and validate what's being pointed to here? It's not immediately obvious why we do the lookup before handling the function graph tracer, especially given that we never look at the result and there's now a return added skipping further reliability checks. At the very least I think this needs some additional comments so the code is more obvious. --LwW0XdcUbUexiWVK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmCRcLMACgkQJNaLcl1U h9Dlkwf/RkumClFzg2EgVwyfn1QnbdeIeQFq8pxNlNucXsw5TpKKKpftgrfRVQpb utXdhG5e6UiZTj6cr9IOQ0um/2NFhgIiAEuPqn8A5JMR0f6NL/GqIZp5IdkeHr3K URnnqzC4Z88+EEFJ9uzPEsyhJa805RCsBFCWc5Z373b8g59J4lau2u/z1JebgmC7 Su91Z8iIG/exZVGoeUBPo8HUgpcHoXh5YAqBFXbuabAAeJ7Z368wpLxTUu5M6hLM MR9DObikmqXLRpax7l5uVTRYHKgE6LbfGBns99ASI0PrcP7N0sPBwBxiI0ALaBgz Jx6slQ6vOHRl9MBVmPI8peoeaC+kPw== =d+Gv -----END PGP SIGNATURE----- --LwW0XdcUbUexiWVK-- --===============3451647040753961675== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel --===============3451647040753961675==--