From patchwork Wed Dec 12 12:08:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 153575 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1744556ljp; Wed, 12 Dec 2018 04:08:53 -0800 (PST) X-Google-Smtp-Source: AFSGD/XuJ/UamItWd+elWAobfMi2sLYdEAID2z3L0D8gF5m5wdQAdFkQTyuxJVP1HQgR4ODRxt75 X-Received: by 2002:a63:d547:: with SMTP id v7mr17783258pgi.339.1544616533683; Wed, 12 Dec 2018 04:08:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544616533; cv=none; d=google.com; s=arc-20160816; b=FfvpbJNruI4n3CnZo4KrDdEWX7rAFC0ybJAO5SpvHBcYGFfAIQQrUEMn6wfsAQ3yBm YAeXQb4KDoVx+gF3XP7pT41ZVTAI0Yeqx8h5blIOSMw2EDdQAv/yUjfY7RAgRtwRkkq5 AVBtNTHjOwfvay9xlj2p+HelfQvXvv0/LWdU67x0/ycNS8oxANrXL6kZMNvp2qZpMcZP yDxoRhpSlsO37QZ1OwrXHEGMW+BNk06IuYZxjdU520QYYcN3tKVC8GLHahK2ZlGUB1rj YLnQNf6ExEogvsc2+0NtR7zd2GUhHM6lYZAXNaEgZ855s+6yVccIZm4gW408TTZwi6L+ Dp1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=XpF7vbnOFsXhLrb4aTwEuYmizpZRsEcIFhJoxX7Cs2o=; b=hz0iAMMiNMSrfI1NjOkR1hlYWInNqIVZuUZGUd8RxIdyjwBGcAtOnmmC49MeabkEBD lIFfavd7He37iXxIFeuJ+mfyBz6//tUjbnTUv/WYXRCylHubbyCABmLFwVoUHdALhxV7 U7SEy452Mg4XjUh7AMs0eAGZMMx1KRHgbXvxzi3MOWzs8cD9vWhx4tjN3LYsQ0JVp2kL jxciz/V9e68c3OGUtYj19d02wuESM06hBrwlGUgR0aWDR4yyxl6MgVtQJyKYSgRJfY/I 7sUuM8uRfi+7/z1b2d6oAwiN2oIoqtbbEccKvVg4bgQkpGY/hHtf8jTTERRJDpjcqUG7 Lp6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Z8biaPt4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u11si15824211plm.8.2018.12.12.04.08.53; Wed, 12 Dec 2018 04:08:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Z8biaPt4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727293AbeLLMIw (ORCPT + 31 others); Wed, 12 Dec 2018 07:08:52 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:36710 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727067AbeLLMIv (ORCPT ); Wed, 12 Dec 2018 07:08:51 -0500 Received: by mail-wr1-f68.google.com with SMTP id u3so17469220wrs.3 for ; Wed, 12 Dec 2018 04:08:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XpF7vbnOFsXhLrb4aTwEuYmizpZRsEcIFhJoxX7Cs2o=; b=Z8biaPt4td1tZc4rFJfg5u+kcQeHJxmOj+0bpU2FUhXcVrcwMwQ+Z/VWXUZpuG7Fz0 FyOgBxVPZ6UgFD0hwLl6aahH5yjG6/0bJEHloJgovFvE9Z9U82m9u6bwyWxXGKS71AZQ nfXDEyU15zJ7PocPMx5y7kri9hH5pRFzBzgaM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=XpF7vbnOFsXhLrb4aTwEuYmizpZRsEcIFhJoxX7Cs2o=; b=bqebiPucxGF5dxSd34D5RH6aI/J9EfdrE+b7Gw02xQbzpBo9jyIGuGGqu0hncMLnKN dZFjENx3JPrMiFjt9QzbLIpXSNHakzg6zFBF129wK9JHlLhpxNbXFIlaxyF5bZugnJ29 243DOfYymdxLpf1eiBgS0fOhhEKGJPdQzAoSB8r8M4znIEvT6xtJOITeKVfCi/ysqEZD ocH7bLhpnnh4sAEIgZWJeIJRU18aSBi5xnpV9YBiA7VdjaGkJBG0WPSv9dabsvSOoQOi 3JK55dwqqURb2gVHVMEEIRZbUzzZvTQxslNAdzAihwXgvnVNsUJMt99YEtwnmiiosfym s+7Q== X-Gm-Message-State: AA+aEWa7rjwb7WQK5OUukE1zCAMfafL1gTfNiiruL3KKUnRpvD55A2Nz F+TSREHC3vSJY8KcRLLY2SCinw== X-Received: by 2002:a5d:56d2:: with SMTP id m18mr18380673wrw.113.1544616528752; Wed, 12 Dec 2018 04:08:48 -0800 (PST) Received: from harold.home ([2a01:cb1d:112:6f00:1db:abd7:f798:3277]) by smtp.gmail.com with ESMTPSA id j8sm4748531wmd.0.2018.12.12.04.08.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Dec 2018 04:08:47 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: linux-kernel@vger.kernel.org, will.deacon@arm.com, mark.rutland@arm.com, catalin.marinas@arm.com, Ramana.Radhakrishnan@arm.com, linux-hardened@lists.openwall.com, keescook@chromium.org, labbott@fedoraproject.org, Ard Biesheuvel Subject: [PATCH v3] arm64: enable per-task stack canaries Date: Wed, 12 Dec 2018 13:08:44 +0100 Message-Id: <20181212120844.19268-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.19.2 MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This enables the use of per-task stack canary values if GCC has support for emitting the stack canary reference relative to the value of sp_el0, which holds the task struct pointer in the arm64 kernel. The $(eval) extends KBUILD_CFLAGS at the moment the make rule is applied, which means asm-offsets.o (which we rely on for the offset value) is built without the arguments, and everything built afterwards has the options set. Signed-off-by: Ard Biesheuvel --- v3: add all 3 options to the Kconfig cc-option check, to avoid relying on implementation defined logic in the compiler regarding which options need to appear together. arch/arm64/Kconfig | 7 +++++++ arch/arm64/Makefile | 10 ++++++++++ arch/arm64/include/asm/stackprotector.h | 3 ++- arch/arm64/kernel/asm-offsets.c | 3 +++ arch/arm64/kernel/process.c | 2 +- 5 files changed, 23 insertions(+), 2 deletions(-) -- 2.19.2 s Reviewed-by: Kees Cook diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index ea2ab0330e3a..e355946cde97 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1272,6 +1272,13 @@ config RANDOMIZE_MODULE_REGION_FULL a limited range that contains the [_stext, _etext] interval of the core kernel, so branch relocations are always in range. +config CC_HAVE_STACKPROTECTOR_SYSREG + def_bool $(cc-option,-mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=0) + +config STACKPROTECTOR_PER_TASK + def_bool y + depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_SYSREG + endmenu menu "Boot options" diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 6cb9fc7e9382..79d927542322 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -56,6 +56,16 @@ KBUILD_AFLAGS += $(lseinstr) $(brokengasinst) KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) +ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) +prepare: stack_protector_prepare +stack_protector_prepare: prepare0 + $(eval KBUILD_CFLAGS += -mstack-protector-guard=sysreg \ + -mstack-protector-guard-reg=sp_el0 \ + -mstack-protector-guard-offset=$(shell \ + awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' \ + include/generated/asm-offsets.h)) +endif + ifeq ($(CONFIG_CPU_BIG_ENDIAN), y) KBUILD_CPPFLAGS += -mbig-endian CHECKFLAGS += -D__AARCH64EB__ diff --git a/arch/arm64/include/asm/stackprotector.h b/arch/arm64/include/asm/stackprotector.h index 58d15be11c4d..5884a2b02827 100644 --- a/arch/arm64/include/asm/stackprotector.h +++ b/arch/arm64/include/asm/stackprotector.h @@ -34,7 +34,8 @@ static __always_inline void boot_init_stack_canary(void) canary &= CANARY_MASK; current->stack_canary = canary; - __stack_chk_guard = current->stack_canary; + if (!IS_ENABLED(CONFIG_STACKPROTECTOR_PER_TASK)) + __stack_chk_guard = current->stack_canary; } #endif /* _ASM_STACKPROTECTOR_H */ diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index 323aeb5f2fe6..65b8afc84466 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -46,6 +46,9 @@ int main(void) DEFINE(TSK_TI_TTBR0, offsetof(struct task_struct, thread_info.ttbr0)); #endif DEFINE(TSK_STACK, offsetof(struct task_struct, stack)); +#ifdef CONFIG_STACKPROTECTOR + DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct, stack_canary)); +#endif BLANK(); DEFINE(THREAD_CPU_CONTEXT, offsetof(struct task_struct, thread.cpu_context)); BLANK(); diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index d9a4c2d6dd8b..8a2d68f04e0d 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -59,7 +59,7 @@ #include #include -#ifdef CONFIG_STACKPROTECTOR +#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include unsigned long __stack_chk_guard __read_mostly; EXPORT_SYMBOL(__stack_chk_guard);