From patchwork Thu Mar 7 14:21:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13585770 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CCDA7C48BF6 for ; Thu, 7 Mar 2024 14:22:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:MIME-Version:Message-Id:Date: Subject:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=gYWEDKkDfDk+EEXE2pgomK+rtyiBzb+rOoRTIkWobSs=; b=oeod5t5Ugq6dng rS3/PZOJ4x/Xz5FLFEhWxN9lhEywgcb0Emzj22wtdfTMG+c7Ex3809crDy6ZVO2dM76Jip3iXaVBx glwiC2oG9eVWomSJqSWC0AxVZhk2RkcOE0Ga0qxvDCzSqMmYxR0yFzh6bccvckCPrTTbGGFDsFW2T nuZwm856HfzfCzSfbTosiJxQDZoyfJYaN7G1WSTZmgg4IrsW10vhoOe+hwspOUWApChHBT3SSpA/u qqRs7WGsIdN3Lt0mO2RIa8+dyn3Lw78yO8iMK//+Mu5bU3uTxQBcfYyR+pb31Dr4ldvmqU8a2c3tm W043gFU+b7Lzs7vThvZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1riEdO-0000000519R-3VDN; Thu, 07 Mar 2024 14:22:10 +0000 Received: from mail-lf1-x12b.google.com ([2a00:1450:4864:20::12b]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1riEdI-00000005149-43GC for linux-arm-kernel@lists.infradead.org; Thu, 07 Mar 2024 14:22:06 +0000 Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-51325c38d10so1984010e87.1 for ; Thu, 07 Mar 2024 06:22:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1709821322; x=1710426122; darn=lists.infradead.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=jx4pJnE0OFqhByQQjkjVyUA5Mjqu+E6fiE//RYk7/k8=; b=vwyPJz8uyz3lPoQwaO2CUbvZHT/U9yOahBEzPSsw0rXEm65kaZ3FfvASuQ3aiyPhwq ISloocrogz+An+CDWgYN5hsgq1UdMSFXG+bwoUzAfG7ky0Vr11SBerZ8NzLQkRutYHrT 7b6C0eyDzAXCOG879XBUbkGHFliJ5v7Y2tSECCQ/IMRMYdaDIL98d7fBFhwAKTxOUrD2 tc/vtpc6KqWGIwi2MhR4rBMAAo/fmznQg2/ilZObyHrHC6KluQ+Uh2CnOMuEMaft93sJ l0XfzYcX9i1xplyeIXPoXs3YGXxbWSKDH/xqmi3KHPDzu9Lj0LSeL+/rO8qdanDzzY0A z2Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709821322; x=1710426122; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jx4pJnE0OFqhByQQjkjVyUA5Mjqu+E6fiE//RYk7/k8=; b=guwWA/t0ufQOurAl68QGyae8FjL5i4TWjL3kmmfZDHsYhIL9jjcu4hCQWwQsbRQOI4 IwdM806NkAl9IZX2TFyZbHo1HO2laFxm2pLJt73dp4CSQQKBm42W07w4C2SgDO6uNt26 xOi8g/uqyiOP3E3awfKzrFc2hGsNviX6WgQctRcULwQ6tnWRURXAIfHHS2n88zCw3vVX yfaPfXvv36fLvDwDMuH1D3UhnZnQBCe2SYS8W2VA0N0d05KhgkjOlfpBwg1Gw9vDt8wd IViQdsyw38sAm/DwiqWWJGR33ZPBDS+l62eTjGSCfMkwV2oT9++355KwpM2lFivwYmYe 0PVA== X-Gm-Message-State: AOJu0YwehIgz1Pgxj0oiIOyP9+qZdV8I+WARZWbCtFVXoudn9wiCltQ5 FxknJsaAS13hYFrrUw5qlK7Meyq/BOY1116PDblOBiY9UWy21QALfcdeBC7MQFw= X-Google-Smtp-Source: AGHT+IGRUd41bzjeQSbyrn9M4BvN7pY2mlXcHVsGjPReNPbksblrD6trgj0XMRlKH/iXwXT+9OxXEg== X-Received: by 2002:a05:6512:605:b0:513:19ce:cbde with SMTP id b5-20020a056512060500b0051319cecbdemr151003lfe.22.1709821321983; Thu, 07 Mar 2024 06:22:01 -0800 (PST) Received: from [127.0.1.1] ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id x11-20020a19e00b000000b005133b381a5csm2417137lfg.90.2024.03.07.06.22.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 06:22:01 -0800 (PST) From: Linus Walleij Subject: [PATCH v2 0/9] CFI for ARM32 using LLVM Date: Thu, 07 Mar 2024 15:21:59 +0100 Message-Id: <20240307-arm32-cfi-v2-0-cc74ea0306b3@linaro.org> MIME-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAIfN6WUC/03MQQ6CMBCF4auQWTtmOkCjrryHYYHQwiTamqkhG tK7W3Hj8n95+VZITsUlOFUrqFskSQwleFfBMPdhcihjaWDihoxpsdd7zTh4QduOljyXlQ5Q/g9 1Xl6bdelKz5KeUd8bvZjv+lOY/5XFIKE9NnVN1pNtr+ebhF7jPuoEXc75AzkAT6ijAAAA To: Russell King , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , Ard Biesheuvel , Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Linus Walleij X-Mailer: b4 0.12.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240307_062205_072232_AAB616C6 X-CRM114-Status: GOOD ( 18.75 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This is a first patch set to support CLANG CFI (Control Flow Integrity) on ARM32. For information about what CFI is, see: https://clang.llvm.org/docs/ControlFlowIntegrity.html For the kernel KCFI flavor, see: https://lwn.net/Articles/898040/ The base changes required to bring up KCFI on ARM32 was mostly related to the use of custom vtables in the kernel, combined with defines to call into these vtable members directly from sites where they are used. The approach to all of these vtable+define issues has been the same: instead of a define, wrap the call in a static inline function that explicitly calls the vtable member. The permissive mode handles the new breakpoint type (0x03) that LLVM CLANG is defining. To runtime-test the patches: - Enable CONFIG_LKDTM - echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT The patch set has been booted to userspace on the following test platforms: - Arm Versatile (QEMU) - Arm Versatile Express (QEMU) - multi_v7 booted on Versatile Express (QEMU) - Footbridge Netwinder (SA110 ARMv4) - Ux500 (ARMv7 SMP) I am not saying there will not be corner cases that we need to fix in addition to this, but it is enough to get started. Looking at what was fixed for arm64 I am a bit weary that e.g. BPF might need something to trampoline properly. But hopefullt people can get to testing it and help me fix remaining issues before the final version, or we can fix it in-tree. Signed-off-by: Linus Walleij --- Changes in v2: - Add the missing ftrace graph tracer stub. - Enable permissive mode using a breakpoint handler. - Link to v1: https://lore.kernel.org/r/20240225-arm32-cfi-v1-0-6943306f065b@linaro.org --- Linus Walleij (9): ARM: Support CLANG CFI ARM: tlbflush: Make TLB flushes into static inlines ARM: bugs: Check in the vtable instead of defined aliases ARM: proc: Use inlines instead of defines ARM: delay: Turn delay functions into static inlines ARM: turn CPU cache flush functions into static inlines ARM: page: Turn highpage accesses into static inlines ARM: ftrace: Define ftrace_stub_graph ARM: KCFI: Allow permissive CFI mode arch/arm/Kconfig | 1 + arch/arm/common/mcpm_entry.c | 10 ++----- arch/arm/include/asm/cacheflush.h | 45 ++++++++++++++++++++++------ arch/arm/include/asm/delay.h | 16 ++++++++-- arch/arm/include/asm/hw_breakpoint.h | 1 + arch/arm/include/asm/page.h | 36 ++++++++++++++++++----- arch/arm/include/asm/proc-fns.h | 57 +++++++++++++++++++++++++++++------- arch/arm/include/asm/tlbflush.h | 18 ++++++++---- arch/arm/kernel/bugs.c | 2 +- arch/arm/kernel/entry-ftrace.S | 4 +++ arch/arm/kernel/hw_breakpoint.c | 10 +++++++ arch/arm/mach-sunxi/mc_smp.c | 7 +---- arch/arm/mm/dma.h | 28 ++++++++++++++---- arch/arm/mm/proc-syms.c | 7 +---- arch/arm/mm/proc-v7-bugs.c | 4 +-- 15 files changed, 182 insertions(+), 64 deletions(-) --- base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d change-id: 20240115-arm32-cfi-65d60f201108 Best regards,