[0/2] scs: switch to vmapped shadow stacks

Message ID	20201022202355.3529836-1-samitolvanen@google.com (mailing list archive)
Headers	show Return-Path: <SRS0=FtUi=D5=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1395E24679 Date: Thu, 22 Oct 2020 13:23:53 -0700 Message-Id: <20201022202355.3529836-1-samitolvanen@google.com> Mime-Version: 1.0 Subject: [PATCH 0/2] scs: switch to vmapped shadow stacks From: Sami Tolvanen <samitolvanen@google.com> To: Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com> Precedence: list Cc: Mark Rutland <mark.rutland@arm.com>, Kees Cook <keescook@chromium.org>, Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-kernel@vger.kernel.org, James Morse <james.morse@arm.com>, Sami Tolvanen <samitolvanen@google.com>, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	scs: switch to vmapped shadow stacks \| expand [0/2] scs: switch to vmapped shadow stacks [1/2] scs: switch to vmapped shadow stacks [2/2] arm64: scs: use vmapped IRQ and SDEI shadow stacks

Message ID

20201022202355.3529836-1-samitolvanen@google.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1395E24679
Date: Thu, 22 Oct 2020 13:23:53 -0700
Message-Id: <20201022202355.3529836-1-samitolvanen@google.com>
Mime-Version: 1.0
Subject: [PATCH 0/2] scs: switch to vmapped shadow stacks
From: Sami Tolvanen <samitolvanen@google.com>
To: Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>
Precedence: list
Cc: Mark Rutland <mark.rutland@arm.com>, Kees Cook <keescook@chromium.org>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, linux-kernel@vger.kernel.org,
 James Morse <james.morse@arm.com>, Sami Tolvanen <samitolvanen@google.com>,
 linux-arm-kernel@lists.infradead.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

scs: switch to vmapped shadow stacks | expand

Message

Sami Tolvanen Oct. 22, 2020, 8:23 p.m. UTC

As discussed a few months ago [1][2], virtually mapped shadow call stacks
are better for safety and robustness. This series dusts off the VMAP
option from the original SCS patch series and switches the kernel to use
virtually mapped shadow stacks unconditionally when SCS is enabled.

 [1] https://lore.kernel.org/lkml/20200515172355.GD23334@willie-the-truck/
 [2] https://lore.kernel.org/lkml/20200427220942.GB80713@google.com/


Sami Tolvanen (2):
  scs: switch to vmapped shadow stacks
  arm64: scs: use vmapped IRQ and SDEI shadow stacks

 arch/arm64/include/asm/scs.h | 21 ++++++++++-
 arch/arm64/kernel/entry.S    |  6 ++--
 arch/arm64/kernel/irq.c      |  2 ++
 arch/arm64/kernel/scs.c      | 67 +++++++++++++++++++++++++++++++++---
 arch/arm64/kernel/sdei.c     |  7 ++++
 include/linux/scs.h          | 15 +++-----
 kernel/scs.c                 | 67 ++++++++++++++++++++++++++++++------
 7 files changed, 156 insertions(+), 29 deletions(-)


base-commit: 96485e4462604744d66bf4301557d996d80b85eb

Comments

Catalin Marinas Nov. 17, 2020, 5:35 p.m. UTC | #1

On Thu, Oct 22, 2020 at 01:23:53PM -0700, Sami Tolvanen wrote:
> As discussed a few months ago [1][2], virtually mapped shadow call stacks
> are better for safety and robustness. This series dusts off the VMAP
> option from the original SCS patch series and switches the kernel to use
> virtually mapped shadow stacks unconditionally when SCS is enabled.
> 
>  [1] https://lore.kernel.org/lkml/20200515172355.GD23334@willie-the-truck/
>  [2] https://lore.kernel.org/lkml/20200427220942.GB80713@google.com/
> 
> 
> Sami Tolvanen (2):
>   scs: switch to vmapped shadow stacks
>   arm64: scs: use vmapped IRQ and SDEI shadow stacks

Will, Mark. Any objections to this series? If not, I can queue it for
5.11 via the arm64 tree.

Thanks.

Will Deacon Nov. 18, 2020, 9:27 a.m. UTC | #2

On Tue, Nov 17, 2020 at 05:35:24PM +0000, Catalin Marinas wrote:
> On Thu, Oct 22, 2020 at 01:23:53PM -0700, Sami Tolvanen wrote:
> > As discussed a few months ago [1][2], virtually mapped shadow call stacks
> > are better for safety and robustness. This series dusts off the VMAP
> > option from the original SCS patch series and switches the kernel to use
> > virtually mapped shadow stacks unconditionally when SCS is enabled.
> > 
> >  [1] https://lore.kernel.org/lkml/20200515172355.GD23334@willie-the-truck/
> >  [2] https://lore.kernel.org/lkml/20200427220942.GB80713@google.com/
> > 
> > 
> > Sami Tolvanen (2):
> >   scs: switch to vmapped shadow stacks
> >   arm64: scs: use vmapped IRQ and SDEI shadow stacks
> 
> Will, Mark. Any objections to this series? If not, I can queue it for
> 5.11 via the arm64 tree.

It's on my list to review, but I have a tonne of other things I have to get
to first.

Will