From patchwork Fri Jul 1 15:27:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 12903528 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 563C0C433EF for ; Fri, 1 Jul 2022 15:28:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=4+9kz6qh0jlCPPl5NiXFxJKopEkvOR5vznaFOZu8VW0=; b=T3DNKvwXbu+E9z V2SZxCGrMiEYJzTFSiLVAN6FJmOsHX2Wt3KxP7fZz93FQjcFdo2MstomdF1e3a/xlvEaed/nnMOkj NmKbFFjS8OUc/+b3v16vPD1slsrqRRXiWEbEEEdxxIHvIucyPQl+8d5LhPyh99PUzy7aoOcx6Dgvh 83odx0vJWCBgJUzPcJHlFzdTt2hJaoqnxxaD4WaGAuNWFjXfVW5GeiFEMZ1mF9nM5fiSusENVMAtp il/3qXMA9i+9iu7kLXQqvVcJrOH6DIugznmgRo/BR96+2dqiRerdykABnrY/3L9TrhD0GRygKnI06 QU7MmGICyFUx0jX9DaYw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7IYg-005fgH-Of; Fri, 01 Jul 2022 15:27:50 +0000 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o7IYW-005fcb-2a for linux-arm-kernel@lists.infradead.org; Fri, 01 Jul 2022 15:27:42 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6E71BB82FCC; Fri, 1 Jul 2022 15:27:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 99C00C341CD; Fri, 1 Jul 2022 15:27:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1656689257; bh=Brp8oFOo0Szx34eAmwb0DZ7ZGxEegv6CoUgUQf9nNwY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kU+3w6K6GnBT4Xa53Ozup5I0W68FtM/Ye1ifq1lAnX5UmYcZDgszdXMuH5eZSGxea ycHvuxqghTStikrcQf5gCt8jhU+w8M61DuHSqbaRKVOWPA3mVOcF9gJBvRvwThc9rP ouXG/0eNqXKkA/7D0CdI73U8k82qLrfSfpX1DzCVowl1e+zxOP6bzxeLJSaL5rpNq7 29G36ESJQF4CcBaBx2QIuU6vNSywRl4+f5sSkVihSp5PyAqLvLBzLAUf6FCrp0TRpe U+2exzsXxpp0lpX0Ilydu7qQtC2Dz6JYEd9Ky66OIDUDfRSumqu8depofUDp5857Qh CFdlB6CXHwAWA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, maz@kernel.org, Ard Biesheuvel , Nick Desaulniers Subject: [PATCH v4 1/3] arm64: unwind: add asynchronous unwind tables to kernel and modules Date: Fri, 1 Jul 2022 17:27:22 +0200 Message-Id: <20220701152724.3343599-2-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220701152724.3343599-1-ardb@kernel.org> References: <20220701152724.3343599-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6931; h=from:subject; bh=Brp8oFOo0Szx34eAmwb0DZ7ZGxEegv6CoUgUQf9nNwY=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBivxJYf4qMv0iPu60aZwFf+LI7TJ2pDP5+z4Jy83fY ylqr+keJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYr8SWAAKCRDDTyI5ktmPJKogC/ 94V6Q4GYW7zJLH+3i70j3DmF3gBMmpKXsqRIfr4m7HqYpTSpYo3auQehbA2iBRWIe8x1/arr/e3KFS uK8LGGuOW0rh1KDPi4p2P7xaEn95YWbClsqa33Fb9prD//hvyqTWwwBvwPbVsIaNf5dtMfDdP3k21+ MmQXoYmhLDj5LVm9HJb/motwI1MsTVg7m5Lpn4KUqyrSVLZSnLO/ZpvdIt9SS0VzfiaUtLxT0Afn2W YXu/q0r+mNMrnn8EmvzYH/DlCMajQTkLS+nfn6OXui+Z2H4WeIDAoacEBjgs7yTPgr9xMxox/5kZDB lnYWyiIPZzs0yoOFsARpIjr8XyO9HNsn4JAPQcDqnOYLU3J+266yK2k2FwbDiN3AyY00JXZV/5mxmP mEaNU64ZuH+1TxDsf6j4kZoYAyWiKUpPTkgjyOYnDqXDzx97Q6SgVuDKMulo88zU6SlYVJzHbxSrSw w/Fr4jz04j2GPQbI4PeAJ9m+TF9K85prtxGeAd/ZOIPYk= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220701_082740_481857_761D7E14 X-CRM114-Status: GOOD ( 20.26 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Enable asynchronous unwind table generation for both the core kernel as well as modules, and emit the resulting .eh_frame sections as init code so we can use the unwind directives for code patching at boot or module load time. This will be used by dynamic shadow call stack support, which will rely on code patching rather than compiler codegen to emit the shadow call stack push and pop instructions. Signed-off-by: Ard Biesheuvel Reviewed-by: Nick Desaulniers --- arch/arm64/Kconfig | 3 +++ arch/arm64/Makefile | 5 +++++ arch/arm64/include/asm/module.lds.h | 8 ++++++++ arch/arm64/kernel/pi/Makefile | 1 + arch/arm64/kernel/vmlinux.lds.S | 13 +++++++++++++ arch/arm64/kvm/hyp/nvhe/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + include/asm-generic/vmlinux.lds.h | 9 +++++++-- scripts/module.lds.S | 8 +++++++- 9 files changed, 46 insertions(+), 3 deletions(-) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 794cd34153b2..a9314b684f3c 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -369,6 +369,9 @@ config KASAN_SHADOW_OFFSET default 0xeffffff800000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS default 0xffffffffffffffff +config UNWIND_TABLES + bool + source "arch/arm64/Kconfig.platforms" menu "Kernel Features" diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 6d9d4a58b898..4fbca56fa602 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -45,8 +45,13 @@ KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) # Avoid generating .eh_frame* sections. +ifneq ($(CONFIG_UNWIND_TABLES),y) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables +else +KBUILD_CFLAGS += -fasynchronous-unwind-tables +KBUILD_AFLAGS += -fasynchronous-unwind-tables +endif ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) prepare: stack_protector_prepare diff --git a/arch/arm64/include/asm/module.lds.h b/arch/arm64/include/asm/module.lds.h index 094701ec5500..dbba4b7559aa 100644 --- a/arch/arm64/include/asm/module.lds.h +++ b/arch/arm64/include/asm/module.lds.h @@ -17,4 +17,12 @@ SECTIONS { */ .text.hot : { *(.text.hot) } #endif + +#ifdef CONFIG_UNWIND_TABLES + /* + * Currently, we only use unwind info at module load time, so we can + * put it into the .init allocation. + */ + .init.eh_frame : { *(.eh_frame) } +#endif } diff --git a/arch/arm64/kernel/pi/Makefile b/arch/arm64/kernel/pi/Makefile index 839291430cb3..4c0ea3cd4ea4 100644 --- a/arch/arm64/kernel/pi/Makefile +++ b/arch/arm64/kernel/pi/Makefile @@ -7,6 +7,7 @@ KBUILD_CFLAGS := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) -fpie \ -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \ -include $(srctree)/include/linux/hidden.h \ -D__DISABLE_EXPORTS -ffreestanding -D__NO_FORTIFY \ + -fno-asynchronous-unwind-tables -fno-unwind-tables \ $(call cc-option,-fno-addrsig) # remove SCS flags from all objects in this directory diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 45131e354e27..4c13dafc98b8 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -121,6 +121,17 @@ jiffies = jiffies_64; #define TRAMP_TEXT #endif +#ifdef CONFIG_UNWIND_TABLES +#define UNWIND_DATA_SECTIONS \ + .eh_frame : { \ + __eh_frame_start = .; \ + *(.eh_frame) \ + __eh_frame_end = .; \ + } +#else +#define UNWIND_DATA_SECTIONS +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from _stext to _edata, must be a round multiple of the PE/COFF @@ -231,6 +242,8 @@ SECTIONS __alt_instructions_end = .; } + UNWIND_DATA_SECTIONS + . = ALIGN(SEGMENT_ALIGN); __inittext_end = .; __initdata_begin = .; diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index f9fe4dc21b1f..23de41479495 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -84,6 +84,7 @@ quiet_cmd_hypcopy = HYPCOPY $@ # Remove ftrace, Shadow Call Stack, and CFI CFLAGS. # This is equivalent to the 'notrace', '__noscs', and '__nocfi' annotations. KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) +KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables # KVM nVHE code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index d0537573501e..78c46638707a 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -20,6 +20,7 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \ # disable the stackleak plugin cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ -fpie $(DISABLE_STACKLEAK_PLUGIN) \ + -fno-unwind-tables -fno-asynchronous-unwind-tables \ $(call cc-option,-mbranch-protection=none) cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ -fno-builtin -fpic \ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 7515a465ec03..6d870275372b 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -1008,15 +1008,20 @@ * keep any .init_array.* sections. * https://bugs.llvm.org/show_bug.cgi?id=46478 */ +#ifdef CONFIG_UNWIND_TABLES +#define DISCARD_EH_FRAME +#else +#define DISCARD_EH_FRAME *(.eh_frame) +#endif #if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) || \ defined(CONFIG_CFI_CLANG) # ifdef CONFIG_CONSTRUCTORS # define SANITIZER_DISCARDS \ - *(.eh_frame) + DISCARD_EH_FRAME # else # define SANITIZER_DISCARDS \ *(.init_array) *(.init_array.*) \ - *(.eh_frame) + DISCARD_EH_FRAME # endif #else # define SANITIZER_DISCARDS diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 1d0e1e4dc3d2..7fd5d5e5fad4 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,10 +3,16 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ +#ifdef CONFIG_UNWIND_TABLES +#define DISCARD_EH_FRAME +#else +#define DISCARD_EH_FRAME *(.eh_frame) +#endif + #ifdef CONFIG_CFI_CLANG # include # define ALIGN_CFI ALIGN(PAGE_SIZE) -# define SANITIZER_DISCARDS *(.eh_frame) +# define SANITIZER_DISCARDS DISCARD_EH_FRAME #else # define ALIGN_CFI # define SANITIZER_DISCARDS