From patchwork Mon Nov 30 23:34:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 11941539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18774C64E90 for ; Mon, 30 Nov 2020 23:36:29 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 56E0520715 for ; Mon, 30 Nov 2020 23:36:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mQmdYkL9"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="WEB3DIYA" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 56E0520715 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:From:Subject:Mime-Version:Message-Id:Date: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=B2ocT+CeVtU1JsWc/dC0b5eXI8UH8VJfOLUiZOT09pk=; b=mQmdYkL9PcXXSkgpOXr5qu0k4d HorCf4FYKIHA0fJWUY5XY+VTj/HXNf8VMBzlVcgJ/H9qHmAXBEcLtJGMzKlS3PN4IMfQ4b3Yzpp1U y5xAoFvYlrj0JSM7LzNqEEEnZFhnVk/IcqUyhzKLjaF9O8v1dy+91LPM9Sgy1nvqcm7PdCaQsgb5z fhNJLRKSNMqTjW0Fxk0dTWOc9A+TUrrJft+WmejIuPpNoDxSiQDHPzQcLmsAfEFjKVeCmmrHlzcC/ q4W1fzyzdejdMNFrMm+6HSczjbsK/qAMlhrlcg0VaIUxxute8S9PWcVKCMoD3G6gUG4/ElbvAeAre /8DOhtkw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kjsh2-0001lW-BN; Mon, 30 Nov 2020 23:34:52 +0000 Received: from mail-pj1-x104a.google.com ([2607:f8b0:4864:20::104a]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kjsgz-0001kZ-Mv for linux-arm-kernel@lists.infradead.org; Mon, 30 Nov 2020 23:34:50 +0000 Received: by mail-pj1-x104a.google.com with SMTP id s14so85290pjk.4 for ; Mon, 30 Nov 2020 15:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:message-id:mime-version:subject:from:to:cc; bh=RJPEIfxPO98jtMQ2iTruMKJbRWxcjWOx8NddA41MlBc=; b=WEB3DIYA6nkMmNQjC6vU28U3uSAX/cYqowTJDhDkwU86T/5UnUgTUwtYT+B2iSQRn8 C0+UUZjl/96BWKByUmc4NS25UD0St+8iV5+dy5zjAJvV6qTOdTggRHwIuTDgX6Be39WJ 9zVpbjZol9Z/+/7eemmhyMalaTnNjdhj0dkl2LcRhKoL8y8aj2Nn2+BxHHUiCGuRBbvZ vx3waah7EsbtgB6zOt8r3ukahzNgYyNE31LSSuaTbUEzynVZTvCymSiVqJCiDYhDBips FCoS4Rb6denzLu/TsC7jgEykIcdBhaJdv3wdqZO4I2CvYxKz9Svx/OZfMVFEUOweJW19 y7Ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:message-id:mime-version:subject:from :to:cc; bh=RJPEIfxPO98jtMQ2iTruMKJbRWxcjWOx8NddA41MlBc=; b=gvjcye8QgZYlfHqGz04Ae4KWE1kBSyTkzyn28v2+fFSlIHUP+FcQlChqzcDTqqjXad huWk5pbSc/0crR7lMALOBZ1aHicyYAZYq6SJ2Whss+sQ9qWA5HhWg29BqHVnQJGj45X7 nGeOTpo66KC1vmD6MGaVH7O/5bDEfTpYYD5XeYArlx0qBw5gZx2Mb8qoSNjM+gS5dDq9 IxGmAjrSCimh+MJ7KXOYZlsp8cxfaL+euMW+EtH694LOwZNcgyvrowUl8i1sLwFCqQtz J5EfAqtbFWFFK8QvSdflPXZEQiqPIouUc3ZqATmyAUeiVDCw/hTVLpGWuyMUvBFdGCV2 8kBw== X-Gm-Message-State: AOAM531i1p7KXlGwC5J/ZFyUKTPDRmb8TNrg5jfKuOiEenSt6tNYgTEm rKI5N/U5AvynLQotvSCWGr+gbue1jh0WAwlGqOg= X-Google-Smtp-Source: ABdhPJx064nCnIzD6kUlHafx+ACN0Dt6yWCyE3LQ/YNi37Ctc+LLjg17YIGs5RzUaAu8Yb6+xHdWdxQcJVTqvlcefOY= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) (user=samitolvanen job=sendgmr) by 2002:a05:6a00:16c4:b029:198:a95:a2ef with SMTP id l4-20020a056a0016c4b02901980a95a2efmr17889pfc.43.1606779285726; Mon, 30 Nov 2020 15:34:45 -0800 (PST) Date: Mon, 30 Nov 2020 15:34:40 -0800 Message-Id: <20201130233442.2562064-1-samitolvanen@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.29.2.454.gaff20da3a2-goog Subject: [PATCH v3 0/2] scs: switch to vmapped shadow stacks From: Sami Tolvanen To: Will Deacon , Catalin Marinas X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201130_183449_790995_E4990A69 X-CRM114-Status: GOOD ( 13.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Kees Cook , Ard Biesheuvel , linux-kernel@vger.kernel.org, James Morse , Sami Tolvanen , linux-arm-kernel@lists.infradead.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org As discussed a few months ago [1][2], virtually mapped shadow call stacks are better for safety and robustness. This series dusts off the VMAP option from the original SCS patch series and switches the kernel to use virtually mapped shadow stacks unconditionally when SCS is enabled. [1] https://lore.kernel.org/lkml/20200515172355.GD23334@willie-the-truck/ [2] https://lore.kernel.org/lkml/20200427220942.GB80713@google.com/ Changes in v3: - Split the actual allocation to __scs_alloc(). - Moved SDEI SCS initialization to init_sdei_scs(). Changes in v2: - Added SCS_ORDER and used it to define SCS_SIZE, switched vmalloc() to use SCS_SIZE and removed the alignment. - Moved the kasan_unpoison_vmalloc() to scs_alloc() when using a cached shadow stack instead of calling it in scs_free(). - Added a comment to scs_free(). - Moved arm64 IRQ and SDEI shadow stack initialization to irq/sdei.c, and removed the now unneeded scs.c. Sami Tolvanen (2): scs: switch to vmapped shadow stacks arm64: scs: use vmapped IRQ and SDEI shadow stacks arch/arm64/kernel/Makefile | 1 - arch/arm64/kernel/entry.S | 6 ++-- arch/arm64/kernel/irq.c | 19 ++++++++++ arch/arm64/kernel/scs.c | 16 --------- arch/arm64/kernel/sdei.c | 70 +++++++++++++++++++++++++++++++++++++ include/linux/scs.h | 16 ++++----- kernel/scs.c | 71 ++++++++++++++++++++++++++++++++------ 7 files changed, 158 insertions(+), 41 deletions(-) delete mode 100644 arch/arm64/kernel/scs.c base-commit: b65054597872ce3aefbc6a666385eabdf9e288da