From patchwork Wed Jul 12 22:32:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Rutland X-Patchwork-Id: 107533 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp1411637qge; Wed, 12 Jul 2017 15:34:18 -0700 (PDT) X-Received: by 10.99.126.3 with SMTP id z3mr5949788pgc.149.1499898858249; Wed, 12 Jul 2017 15:34:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1499898858; cv=none; d=google.com; s=arc-20160816; b=LQV/8OGLp/fEU+hXnzjTYmwa0Zptw0cRohVq9/FFocCM5yEG7I+bXv2aPcXeUi9kn7 G+/5GLQ0p3/lMEqn/aA7qn/pF3kqM1GsZ4DzBGcI12A38UdN6BPz47O5PZgrgX05HKvL 395bpabagJQnlJmlAnsXUPd/JIZP+jsR3ItNLqwBBBGHf4CbUXC1lLQWLlU4Ck74AHL8 9LDLUALUQQwNzl+Q1epWfAXAt1qtOZLHMwl81eDFNPvOYD+CtZ7QGXj1P8aiwtYabmVa 0nMIZOPSHi9lHqnTeo4QoJcqgk6DzPMgL6GG2e4TCOnunzN8lXAteGIO8xtvFWCriTPt N+dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=GlGV4afMPP6ErfetrpeTXnJICpQq57bCtkil2jWjgjM=; b=Hj26dRVEloQ/pNTYbBZVSJ7T3c2S2WjvYOQ0Px33RsFgIiyRHB9nBujIzRhnSDKek1 ngIJT7q42DODvpBNx0RoiXvHgmt9oWM8/F5SYkZXYPhwrmR4xQGg+Qh7otQVRK3w/xWs lqATqzBuR5mWIpfQLSK9bG2IQ7TJWffRXDhyEexTkNcYa2+JiU3naUglacC0TGU85NRJ 4UEv7KaMa27nOIFAdY3ieu1cuF9gSp1Q4PDtfkssEW5DRcMJs/8xyybylzmkYPDwFajW qXQCQra6e2PH0YE0zV2c+BB+qUl98lMYJHjSKID3YLg5A1s/CmcluGwt0/HMopMEA1FC x/BQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y2si2966209pli.72.2017.07.12.15.34.17; Wed, 12 Jul 2017 15:34:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752337AbdGLWeF (ORCPT + 25 others); Wed, 12 Jul 2017 18:34:05 -0400 Received: from foss.arm.com ([217.140.101.70]:59046 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751069AbdGLWeE (ORCPT ); Wed, 12 Jul 2017 18:34:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 754B880D; Wed, 12 Jul 2017 15:34:03 -0700 (PDT) Received: from leverpostej.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 984463F3E1; Wed, 12 Jul 2017 15:34:01 -0700 (PDT) From: Mark Rutland To: ard.biesheuvel@linaro.org, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: akashi.takahiro@linaro.org, catalin.marinas@arm.com, dave.martin@arm.com, james.morse@arm.com, labbott@fedoraproject.org, will.deacon@arm.com, keescook@chromium.org, Mark Rutland Subject: [RFC PATCH 0/6] arm64: alternative VMAP_STACK implementation Date: Wed, 12 Jul 2017 23:32:57 +0100 Message-Id: <1499898783-25732-1-git-send-email-mark.rutland@arm.com> X-Mailer: git-send-email 1.9.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, While reviewing Ard's VMAP_STACK series [1], I tried to put together some notes based on my prior aborted attempts, and tricked myself into turning them into this series. I suspect we'll want bits of both. Like Ard's series, this doesn't use EL1t mode, and instead performs a check early in el1_sync. However, there are a few differences: * This series frees up SP_EL0, and inverts the current<->percpu relationship rather than using a GPR for current. * The out-of-bounds detection *only* considers the SP. Stray accesses below the SP will be handled as regular faults, unless handling these triggers a stack overflow. * There is a dedicated handler for the stack out-of-bounds case (as with x86), rather than piggy-backing on the usual fault handling code. * The overflow checks consider IRQ stacks, by keeping track of which stack a task is currently using. This assumes all stacks are the same size (which happens to be true today), but we should make that explicit by using common definitions. Thanks to James Morse for pointing out that we need to handle this. Currently the IRQ stacks don't have a guaranteed guard pages, as they're regular compile-time percpu reservations. We'll want to rework those so that they have guards. I haven't audited the backtracing code, but I suspect we'll need to fix up any stack walking code up so that it understands there are now three possible stacks that a task may be using, and so that we can walk emergency->irq->task stack traces. Otherwise, this series is rough around the seams, and has seen only the most trivial of testing on a Juno platform (booting 4K and 64K kernels with and without a deliberate overflow). I've pushed the series out to my git repo as arm64/vmap-stack [2]. Thanks, Mark. [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2017-July/518368.html [2] git://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git arm64/vmap-stack Mark Rutland (6): arm64: use tpidr_el1 for current, free sp_el0 arm64: avoid open-coding THREAD_SIZE{,_ORDER} arm64: pad stacks to PAGE_SIZE for VMAP_STACK arm64: pass stack base to secondary_start_kernel arm64: keep track of current stack arm64: add VMAP_STACK and detect out-of-bounds SP arch/arm64/Kconfig | 1 + arch/arm64/include/asm/assembler.h | 11 +++++-- arch/arm64/include/asm/current.h | 6 ++-- arch/arm64/include/asm/percpu.h | 15 +++------ arch/arm64/include/asm/thread_info.h | 22 ++++++++++--- arch/arm64/kernel/asm-offsets.c | 4 +++ arch/arm64/kernel/entry.S | 61 ++++++++++++++++++++++++++++++------ arch/arm64/kernel/head.S | 13 ++++++-- arch/arm64/kernel/process.c | 20 +++++------- arch/arm64/kernel/smp.c | 2 +- arch/arm64/kernel/traps.c | 21 +++++++++++++ 11 files changed, 130 insertions(+), 46 deletions(-) -- 1.9.1