From patchwork Tue Nov 24 19:59:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11929799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B679DC56202 for ; Tue, 24 Nov 2020 20:01:19 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 30CD420708 for ; Tue, 24 Nov 2020 20:01:19 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="1MKzes5i"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="v3ZxLsvQ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 30CD420708 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:From:Subject:Mime-Version:Message-Id:Date: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=G3L92HKvBO9cMDO9cSIS6XpRXBOFdl88q7ysun9q+WU=; b=1MKzes5iCzydqCiKh7t/L3q4zM AAjTo5VA+3th1FWvsJuXuR6ohZSlDCIc//Qd4SbAnNPNtV5KuhYUKgbc+elKlP891fBveXTj+nBtX myrG/6LZGovlhTaUNIT76yZ2JPLzNsczmlslj3Wibltst4fuAcXsdg2VXviBlLY1GRrM+/P2PFQRL /IHnV1es6d0xUzn3+Mz5fztsZq+VixGq7wvVyjZHVmJiIEwa4th+BuNeafA1hO2nzlqX31Tb8IpmP UeS4bwQ390Qa4oyP2Gld08SqsJusIO0cfjpNzLJBoKzNKknzyBc3aM4uN7xRagyqDHYfptGzUP89+ Nfl9Z+JQ==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kheTk-00021X-97; Tue, 24 Nov 2020 19:59:56 +0000 Received: from mail-qv1-xf49.google.com ([2607:f8b0:4864:20::f49]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kheTh-00020A-8A for linux-arm-kernel@lists.infradead.org; Tue, 24 Nov 2020 19:59:54 +0000 Received: by mail-qv1-xf49.google.com with SMTP id bn4so17038qvb.9 for ; Tue, 24 Nov 2020 11:59:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:message-id:mime-version:subject:from:to:cc; bh=rWgaVCW+QceCYmZ+e8PPcTXSX7aed0mfmYVc7ooA0KU=; b=v3ZxLsvQ9xr4M8QHnQqG0QWYZCUqCJqOdA+Cf+CqWHZqPXEvpsSuwMRsOxCarRAh4X LiKfMXGsyi3GYu1vqWadscL76UG0ErAYr+hVn80tOX9nnCsdG2omk3YljX0cvKH0kYfC aJsD1ntuBJIEQHOV1xvRN6afe66OZI0BiJVeT2mTpoF70kPjvdusx5EKyWfeyDLfGvBs cf6OWdJHqfA1u1usZzN0KTU1IR5puJMxPhHWeSCoyo+MDv/9dC5ePcBAZRWn8+mjsgHZ s5ZUAryVwDDM5ASX19Q3Hwn7e1/7EnAFAUCwLdAoGc9ZxEOH1G1KeVcwdTr80vRjdiGk Mgrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:mime-version:subject:from :to:cc; bh=rWgaVCW+QceCYmZ+e8PPcTXSX7aed0mfmYVc7ooA0KU=; b=l0vRJDUEP67Q4exUDnBZNpLUR37oMKc76ETHxFbOdOFK8t0HAhOh8Kt2I8d5lllKFQ XX/2bDLqsnS+a2ez9y7D9WDzTCALargbnjMfhYqg7asfvZdbrxXjGGzbWjeaJw8xXwIw Awr2VKN6xZJ21v4F2/FEy0mq/7auUeR/G99NXVEhehVd+9MCNN3zEiMYJ6HLCxnhYXEy ESvAzy0H4Y+hywpKPQxRVFSCRi0Yc7VNbogxyTEIcMMD3cNXw9Oh9S12jQt4HEqFNhoJ EGxtRcDC1eXiIgEWwa0bhUKI8YErTYSicHJMkuNIz3TCGxEEc9jl+Pf+ACPbTXPD/Mbt WITA== X-Gm-Message-State: AOAM533Yy+e1hxrz0zcZkcPO1Pzuhw0DjdT58YvaV0bfGUud/wQyLVGi EPCxB7rH9aegbBVHwEzfadi4eyIToM0MlaqWwUI= X-Google-Smtp-Source: ABdhPJwKSq/Y/s8hSuqpDDA2NvpgjaDe14765SIGecYkH9SScEVCVzmrsSw64L3IWSbCGHlpcNbkzcDsvUdPjJE0hQQ= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:ad4:484c:: with SMTP id t12mr246309qvy.15.1606247988958; Tue, 24 Nov 2020 11:59:48 -0800 (PST) Date: Tue, 24 Nov 2020 11:59:38 -0800 Message-Id: <20201124195940.27061-1-samitolvanen@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.29.2.454.gaff20da3a2-goog Subject: [PATCH v2 0/2] scs: switch to vmapped shadow stacks From: Sami Tolvanen To: Will Deacon , Catalin Marinas X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201124_145953_333646_EF8CD589 X-CRM114-Status: GOOD ( 12.41 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Ard Biesheuvel , linux-kernel@vger.kernel.org, James Morse , Sami Tolvanen , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org As discussed a few months ago [1][2], virtually mapped shadow call stacks are better for safety and robustness. This series dusts off the VMAP option from the original SCS patch series and switches the kernel to use virtually mapped shadow stacks unconditionally when SCS is enabled. [1] https://lore.kernel.org/lkml/20200515172355.GD23334@willie-the-truck/ [2] https://lore.kernel.org/lkml/20200427220942.GB80713@google.com/ Changes in v2: - Added SCS_ORDER and used it to define SCS_SIZE, switched vmalloc() to use SCS_SIZE and removed the alignment. - Moved the kasan_unpoison_vmalloc() to scs_alloc() when using a cached shadow stack instead of calling it in scs_free(). - Added a comment to scs_free(). - Moved arm64 IRQ and SDEI shadow stack initialization to irq/sdei.c, and removed the now unneeded scs.c. Sami Tolvanen (2): scs: switch to vmapped shadow stacks arm64: scs: use vmapped IRQ and SDEI shadow stacks arch/arm64/kernel/Makefile | 1 - arch/arm64/kernel/entry.S | 6 ++-- arch/arm64/kernel/irq.c | 19 ++++++++++ arch/arm64/kernel/scs.c | 16 --------- arch/arm64/kernel/sdei.c | 71 +++++++++++++++++++++++++++++++------- include/linux/scs.h | 16 ++++----- kernel/scs.c | 66 +++++++++++++++++++++++++++++------ 7 files changed, 142 insertions(+), 53 deletions(-) delete mode 100644 arch/arm64/kernel/scs.c base-commit: d5beb3140f91b1c8a3d41b14d729aefa4dcc58bc