From patchwork Sun Feb 25 20:08:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13571023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6A708C54E41 for ; Sun, 25 Feb 2024 20:08:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:MIME-Version:Message-Id:Date: Subject:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=LHJLqJ4+dHweIEavyJsw7xC0MM3l2V4B6mL6SNdwnUU=; b=dSPVmIoI1xS5RG RTlt3w2ZokC/3YgMkHt0WTB37BLSVp/K4C3u3sIUBMcCCUslHrC93jqolcAAGQAm4rgVEwoTzTwBg Hb3CY7ja8erMzfAzSnw4+wlsBY9yKFKxhSnWAharLh5N7Jfx6vqR7PetJ5XS3GXO7mHQ4C8xXjY0L bkIytar594SdHPwd3I+q83VRZrA8PQ5cTCa1sS91+E0nOeo3c93NzBF8uyyjxuUP0TcdycPsgUJaG CX1TBCyUGUuDj4afSidBWIChCsDl0Fv/NZzeGv56jmj5ciNil4vdJvCqDxmiHE8jDTH6QK+Y08t73 N59H0KOCPzSJGPqE1ZCA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1reKnL-0000000Fcle-1VBv; Sun, 25 Feb 2024 20:08:19 +0000 Received: from mail-lf1-x131.google.com ([2a00:1450:4864:20::131]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1reKnH-0000000Fcj9-2LNt for linux-arm-kernel@lists.infradead.org; Sun, 25 Feb 2024 20:08:17 +0000 Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-512f89250d6so457575e87.2 for ; Sun, 25 Feb 2024 12:08:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1708891692; x=1709496492; darn=lists.infradead.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=kdgswNINe8D7UhAB4MlI11h/GUVjtAIO48m75I1MuQU=; b=D8nJBROD55+H4fZBznTI/+L91zRw4lbYopYqU0N4TqcJKn881EI/mzeLWEP8KhzTTd j3lIHvu6azb0Gb5T6vOO4g2/4d38EKL2fIlXaZK4ejDlIUH+uLB6t4f6MEFQGBXrDDPD tWRZCJUtkoUOMmdROqxB/hU8kKLChWUO68UyE6KlcTTx2tlIk7I9yEKGiWubFCyJvCcw 492XzFhyIXUv5w8d4EUvmXqZfZuz8/Sz2H3yOUw7vkfe4F/cNOUBgkpOAWXAER3/wgpR yNA/yTcgCv57afDmR5ecK40mw7B3zP95MzQWn3EiPz1QiPCk9EbzGCCn5SUHcXNt3GPO sq/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708891692; x=1709496492; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kdgswNINe8D7UhAB4MlI11h/GUVjtAIO48m75I1MuQU=; b=kaGAD3yPiev75/zix8r+EdQAO2t6ZwiibO2puGQ0Gkyy01Kpb0Ud+Phoc+0DNm2XhM otcF/+CxY0o93kIQXqIR2K4MM0ldX5O+EommtIDTV9I67cYSpjhr0QFPm8RWky1ekHPI n8dsqyxM46kzzVZNyD+H1qY3s5ioqJFJc9WRbMLD0neY3WMyeYaRDv+T2o98ozycmmHV IhJ+Xv7FKYvmhJM0WCJrwVROrq8JJmtRXGbdq14qtlm1pSOX5l1Mh1nkxJ1/vdDQym3+ fbEj1UndKLN0VytLb6z165MDkKlb28RHbndbVFIFhdorfxLmILLxO9PoO1b7CrcgKLsy HxAA== X-Gm-Message-State: AOJu0YxJ11mBne7pOs+P9wTQ6BUGcnoWD/bleQk7Csd2YArOTj2dRcRm lZXj4NXqc+4aNip5WhArIrhik6L9bXGdiGUkt8RBhwZliMPjjnxX0KjuQrZQKq0= X-Google-Smtp-Source: AGHT+IFI3WQVDHHOsdSKqLYvBkXxkauqFmQkLx+wLi8iF8mvFCixCLIou+n2msNKnvcPc0Rb1WlCCg== X-Received: by 2002:a05:6512:2314:b0:512:e394:bfb1 with SMTP id o20-20020a056512231400b00512e394bfb1mr3814866lfu.43.1708891691565; Sun, 25 Feb 2024 12:08:11 -0800 (PST) Received: from [127.0.1.1] ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id hu14-20020a170907a08e00b00a4340138ab5sm504621ejc.5.2024.02.25.12.08.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 25 Feb 2024 12:08:11 -0800 (PST) From: Linus Walleij Subject: [PATCH 0/7] CFI for ARM32 using LLVM Date: Sun, 25 Feb 2024 21:08:09 +0100 Message-Id: <20240225-arm32-cfi-v1-0-6943306f065b@linaro.org> MIME-Version: 1.0 X-B4-Tracking: v=1; b=H4sIACme22UC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE vPSU3UzU4B8JSMDIxMDQ0NT3cSiXGMj3eS0TF0z0xQzgzQjoKiBhRJQfUFRalpmBdis6NjaWgC sQ/S3WwAAAA== To: Russell King , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , Ard Biesheuvel , Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Linus Walleij X-Mailer: b4 0.12.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240225_120815_708807_1E0FFCCD X-CRM114-Status: GOOD ( 16.44 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a first patch set to support CLANG CFI (Control Flow Integrity) on ARM32. For information about what CFI is, see: https://clang.llvm.org/docs/ControlFlowIntegrity.html For the kernel KCFI flavor, see: https://lwn.net/Articles/898040/ The base changes required to bring up KCFI on ARM32 was mostly related to the use of custom vtables in the kernel, combined with defines to call into these vtable members directly from sites where they are used. The approach to all of these vtable+define issues has been the same: instead of a define, wrap the call in a static inline function that explicitly calls the vtable member. To runtime-test the patches: - Enable CONFIG_LKDTM - echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT The patch set has been booted to userspace on the following test platforms: - Arm Versatile (QEMU) - Arm Versatile Express (QEMU) - multi_v7 booted on Versatile Express (QEMU) - Footbridge Netwinder (SA110 ARMv4) - Ux500 (ARMv7 SMP) I am not saying there will not be corner cases that we need to fix in addition to this, but it is enough to get started. Looking at what was fixed for arm64 I am a bit weary that e.g. BPF might need something to trampoline properly. But hopefullt people can get to testing it and help me fix remaining issues before the final version, or we can fix it in-tree. Signed-off-by: Linus Walleij Tested-by: Kees Cook --- Linus Walleij (7): ARM: Support CLANG CFI ARM: tlbflush: Make TLB flushes into static inlines ARM: bugs: Check in the vtable instead of defined aliases ARM: proc: Use inlines instead of defines ARM: delay: Turn delay functions into static inlines ARM: turn CPU cache flush functions into static inlines ARM: page: Turn highpage accesses into static inlines arch/arm/Kconfig | 1 + arch/arm/common/mcpm_entry.c | 10 ++----- arch/arm/include/asm/cacheflush.h | 45 ++++++++++++++++++++++++------- arch/arm/include/asm/delay.h | 16 ++++++++--- arch/arm/include/asm/page.h | 36 ++++++++++++++++++++----- arch/arm/include/asm/proc-fns.h | 57 ++++++++++++++++++++++++++++++++------- arch/arm/include/asm/tlbflush.h | 18 ++++++++----- arch/arm/kernel/bugs.c | 2 +- arch/arm/mach-sunxi/mc_smp.c | 7 +---- arch/arm/mm/dma.h | 28 ++++++++++++++----- arch/arm/mm/proc-syms.c | 7 +---- arch/arm/mm/proc-v7-bugs.c | 4 +-- 12 files changed, 167 insertions(+), 64 deletions(-) --- base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d change-id: 20240115-arm32-cfi-65d60f201108 Best regards,