From patchwork Thu Mar 7 14:22:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13585777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 49D76C54798 for ; Thu, 7 Mar 2024 14:22:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References:Message-Id :MIME-Version:Subject:Date:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qNHY6EsfeeaeEMeVPKYItKsGFk/v0QBjC6wmUbSiZSw=; b=SJmYNseFkJCA6M JjgwafkKEmXusoVOcBX6rvlwJSv5yw6qxHondWtL1+Rq34ZCb4Eh9AwtS3mDo+Z1dydHURgZlJ3GS j45G+hCHJ0luoamDzhnbW4j6XNp216gBL3LHAS4Kr/jzwYeSPfUaDRoaA90Zr/tNSeUgHSNkN6lcG DdVE719QKS1xhjnQmYwBzhwgXyLtwsyXusX7tncUmsSKFWriaNIXJNDIG3PN5waJf+Si8TrMMfQ7V N+mrVBORvxT9dERnCM0MO4+vNeqHCPmnmwmtiGodHcDoGlmiZmjmDF4VQGmF5kTwIVs2l4HJg5Khw 6hwVbkMzUJ5eELoTL5YA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1riEdv-000000051ZI-3DFa; Thu, 07 Mar 2024 14:22:43 +0000 Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1riEdV-000000051DR-1WbQ for linux-arm-kernel@lists.infradead.org; Thu, 07 Mar 2024 14:22:19 +0000 Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-5131f3fc695so999207e87.1 for ; Thu, 07 Mar 2024 06:22:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1709821335; x=1710426135; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=gA8ZxFrx9Z5SRPo+jVn81u04sn9IDPwgcfATkPUWIfU=; b=qS1y79aHEAtkYNiB5etMRLEjEAdRE48y9hGE70CVJMg3P9o9ywHjGJhnT+HpQgtPW2 ifciquuWV6EWWlqtVm46HT3sw48hdcijHm2yDe0i505gDH0U4a6IM3Z+e9QUiQ2v6dQi M/ELm5eJ47HnpkGpYMwlPgfmruTxEPXckaT4LLIVWZ8oateg3wB0k/bXHwbQNjlQqfio uebncAgS/EFsucgQ0RDZdUF7prFVUFAtI2+Mb1MiUZsMJYAmUvs5S2vVHnea/4v3NLOq Ms3+030ImC7f/xU/iAiivdWwj4vSEKejI7X8+rJbB8fF8jf4hIHsNG1X5C0g3vm1yEEl XWjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709821335; x=1710426135; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gA8ZxFrx9Z5SRPo+jVn81u04sn9IDPwgcfATkPUWIfU=; b=VxQe9zWPCkR1LEGkIFio6ctNZ/t7KDltcxhcfVJNbFT0lK9Dspn/FUvpVThSEd9CA0 PGVH1tltrlf8M7AxTkxhe1JwkAkIzq0Zjvzko5QY5e7Z1AVf6YmExl5n54Sk6ztHMV2t xrshtvZZMjh1KVnwMr2HlrGs2JHaKWnOZ7kE9uif05YiaB03mZHQ2d2g61TJGugCTHyM PoeL6ZTdzEXmMwZ5xZuKEnWfVq/85+J4RMfm2l/aJ5v16RndLLMfsOpn50hEnDzLJeed PwRfTn1eZWJ4T55pcF5vdm7Jteu2cqmfrVPcE4rrNagCLiXwUzGa2TJAtYw6flgdezoq Othg== X-Gm-Message-State: AOJu0YwYyBDCLcBHSAx7hi7vf5u05fwrBJIL9gmGOAkMcgG+JR204VQE N/ddmqeiB3osBNO9Z2NG/8z6MtkdRxVtd4uC/dAvtBAueFwZ5wHeAq5CqORK42s= X-Google-Smtp-Source: AGHT+IFJ0RWu6nZugPa5qOJDHSREvOJkqmv9RWJNmGCystSvavUS9gLkmUCT0/awji5M89TB64nTNw== X-Received: by 2002:a05:6512:2216:b0:513:4a0c:b83d with SMTP id h22-20020a056512221600b005134a0cb83dmr1652946lfu.46.1709821335171; Thu, 07 Mar 2024 06:22:15 -0800 (PST) Received: from [127.0.1.1] ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id x11-20020a19e00b000000b005133b381a5csm2417137lfg.90.2024.03.07.06.22.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Mar 2024 06:22:14 -0800 (PST) From: Linus Walleij Date: Thu, 07 Mar 2024 15:22:08 +0100 Subject: [PATCH v2 9/9] ARM: KCFI: Allow permissive CFI mode MIME-Version: 1.0 Message-Id: <20240307-arm32-cfi-v2-9-cc74ea0306b3@linaro.org> References: <20240307-arm32-cfi-v2-0-cc74ea0306b3@linaro.org> In-Reply-To: <20240307-arm32-cfi-v2-0-cc74ea0306b3@linaro.org> To: Russell King , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , Ard Biesheuvel , Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Linus Walleij X-Mailer: b4 0.12.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240307_062217_471535_36038C81 X-CRM114-Status: GOOD ( 14.95 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This registers a breakpoint handler for the new breakpoint type (0x03) inserted by LLVM CLANG for CFI breakpoints. If we are in permissive mode, just print a backtrace and continue. Example with CONFIG_CFI_PERMISSIVE enabled: root@Vexpress:/ echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry CFI_FORWARD_PROTO lkdtm: Calling matched prototype ... lkdtm: Calling mismatched prototype ... hw-breakpoint: Permissive CFI breakpoint CPU: 0 PID: 114 Comm: sh Not tainted 6.8.0-rc1+ #111 Hardware name: ARM-Versatile Express unwind_backtrace from show_stack+0x28/0x30 (...) lkdtm: FAIL: survived mismatched prototype function call! lkdtm: Unexpected! This kernel (6.8.0-rc1+ armv7l) was built with CONFIG_CFI_CLANG=y As you can see the LKDTM test fails, but I expect that this would be expected behaviour in the permissive mode. Signed-off-by: Linus Walleij --- arch/arm/include/asm/hw_breakpoint.h | 1 + arch/arm/kernel/hw_breakpoint.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/arch/arm/include/asm/hw_breakpoint.h b/arch/arm/include/asm/hw_breakpoint.h index 62358d3ca0a8..e7f9961c53b2 100644 --- a/arch/arm/include/asm/hw_breakpoint.h +++ b/arch/arm/include/asm/hw_breakpoint.h @@ -84,6 +84,7 @@ static inline void decode_ctrl_reg(u32 reg, #define ARM_DSCR_MOE(x) ((x >> 2) & 0xf) #define ARM_ENTRY_BREAKPOINT 0x1 #define ARM_ENTRY_ASYNC_WATCHPOINT 0x2 +#define ARM_ENTRY_CFI_BREAKPOINT 0x3 #define ARM_ENTRY_SYNC_WATCHPOINT 0xa /* DSCR monitor/halting bits. */ diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c index dc0fb7a81371..256146684813 100644 --- a/arch/arm/kernel/hw_breakpoint.c +++ b/arch/arm/kernel/hw_breakpoint.c @@ -932,6 +932,16 @@ static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr, case ARM_ENTRY_SYNC_WATCHPOINT: watchpoint_handler(addr, fsr, regs); break; + case ARM_ENTRY_CFI_BREAKPOINT: + if (IS_ENABLED(CONFIG_CFI_PERMISSIVE)) { + pr_err("Permissive CFI breakpoint\n"); + dump_stack(); + /* Skip the breaking instruction */ + instruction_pointer(regs) += 4; + } else { + die("Oops - CFI", regs, 0); + } + break; default: ret = 1; /* Unhandled fault. */ }