From patchwork Wed Apr 17 08:30:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Linus Walleij <linus.walleij@linaro.org>
X-Patchwork-Id: 13632992
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 000B1C4345F
	for <linux-arm-kernel@archiver.kernel.org>;
 Wed, 17 Apr 2024 08:32:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References:Message-Id
	:MIME-Version:Subject:Date:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=CQouV5dlynaX0OTIGcHN94J4K1bMnREpAAuGeM+rbd4=; b=oYzQN4Bva6az3z
	6i7MsIWUbgnUWn4nprbNOQt3rFJz1I/8STn2wB0b6Dy0xS6KUTtvAoM5yshS0MRD3R9eCOrtEKmZk
	q6xi6ARk/gEGhj7KWLiPW94koYTFyPnl7RfxbqdAk3bE5nDlhvMuPGe/soGC1M5A1sxpGBW39zxXM
	eGfDimH+3fC/Nv3DXjpFbpcoB4NjKo0ImvYcJEIux08zDz22yQy6532PZi+OEhGTr+JVp8wgAV3Eh
	Vq9lGZhokuupkwDT5VIFY4jSaxCccJrfvVBSdU4wH79i+n0IzEsI43w5NVE50/jXio1SLkasVZA71
	CwDdOhdBoMZe6jkgWItw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rx0hj-0000000FDeD-1Hw3;
	Wed, 17 Apr 2024 08:31:43 +0000
Received: from mail-lf1-x135.google.com ([2a00:1450:4864:20::135])
	by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
	id 1rx0hF-0000000FDOB-0kAy
	for linux-arm-kernel@lists.infradead.org;
	Wed, 17 Apr 2024 08:31:21 +0000
Received: by mail-lf1-x135.google.com with SMTP id
 2adb3069b0e04-518a3e0d2ecso6806637e87.3
        for <linux-arm-kernel@lists.infradead.org>;
 Wed, 17 Apr 2024 01:31:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1713342671; x=1713947471;
 darn=lists.infradead.org;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UwkkSUi1b63q//pF6FQeQvdmd+qn9ODc8sgiig3GYAI=;
        b=YFPbP8P57DpSQcaGbQFdx+bdMvr23ftNLBl5XqbbtcSoN09F+oY0GdYnKWMWSrDsDb
         W42Uo4qG0pWJufdsc/ZF6GWUA0AMucWVUJiu0QJU8ww7F9gR9m07xDlKhESzPAsGcnLC
         wb0SrQiu4QUX3GKcxLX5yTuWjluQwxIilz1fV0/1pS+3XLEY3vV1ebg5apRC638gjC90
         6C6Rc5yko9iY23Sff98GVl1gNdGXm/8B7HtF0p5EcKUnb4JBgY7BxiV5lAkGrSYxTWq/
         KSNEeNJjoYki0iFAVzXuWunav8f4h6R6mPxqEAQypVLsM/Fwh76E5SGAy/xaTqqkvjl2
         rh/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713342671; x=1713947471;
        h=cc:to:in-reply-to:references:message-id:content-transfer-encoding
         :mime-version:subject:date:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=UwkkSUi1b63q//pF6FQeQvdmd+qn9ODc8sgiig3GYAI=;
        b=sbIQl20yRlhATrEk2AaC4yPUQUPC0YIDmqWqF2yJ51tCpBikZ4WUc8VK86mHDJjKp8
         7Oz455iK4byMbsRyeXc9jgR4zeGI1G2iwjhdcSUAz6SPtyjnTaKg8VJfGjlsLUa2cXr9
         M9TteLmvQtsa+nvmt7E/DX9H2itSxvXqvYELd9AsvV0WCNOXI1BLAI2FYEGmKYyXg4ac
         ro7NB9ZtmZRAjGuMb2wV1BqC4OzqGq234mzHYPmOiJMBI6lJASXPgRO/wDaolhNQ7NiE
         8YQ0xsVqe6XI7RYsXv/IqJSOMbmntn9jqPpDdsTrQk094kdu1qFbqSzTCGFJgPiXCiVx
         sQrQ==
X-Gm-Message-State: AOJu0YxeG7aK+mSMebawtzkWcF1WokJDpY7ZNoihl5CxR2Mk/8avdfm1
	a+yrW4OoWwz+RwHNJk350ON0TUud+UojeBa/03qNp4BC6v8KRjnmcECUqjicMYo=
X-Google-Smtp-Source: 
 AGHT+IGr9O5BADfALuCrm8PgEkRaX6wyHRxFeFfamSkMxNmouBFAbLin2v4slwtR3yl475frxdmYYQ==
X-Received: by 2002:a19:5f1e:0:b0:516:a686:8ae1 with SMTP id
 t30-20020a195f1e000000b00516a6868ae1mr11893073lfb.62.1713342671638;
        Wed, 17 Apr 2024 01:31:11 -0700 (PDT)
Received: from [192.168.1.140] ([85.235.12.238])
        by smtp.gmail.com with ESMTPSA id
 d10-20020ac24c8a000000b00516d2489f16sm1873151lfl.260.2024.04.17.01.31.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 17 Apr 2024 01:31:11 -0700 (PDT)
From: Linus Walleij <linus.walleij@linaro.org>
Date: Wed, 17 Apr 2024 10:30:59 +0200
Subject: [PATCH v6 10/11] ARM: hw_breakpoint: Handle CFI breakpoints
MIME-Version: 1.0
Message-Id: <20240417-arm32-cfi-v6-10-6486385eb136@linaro.org>
References: <20240417-arm32-cfi-v6-0-6486385eb136@linaro.org>
In-Reply-To: <20240417-arm32-cfi-v6-0-6486385eb136@linaro.org>
To: Russell King <linux@armlinux.org.uk>,
 Sami Tolvanen <samitolvanen@google.com>, Kees Cook <keescook@chromium.org>,
 Nathan Chancellor <nathan@kernel.org>,
 Nick Desaulniers <ndesaulniers@google.com>,
 Ard Biesheuvel <ardb@kernel.org>, Arnd Bergmann <arnd@arndb.de>
Cc: linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev,
 Linus Walleij <linus.walleij@linaro.org>
X-Mailer: b4 0.13.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240417_013113_425293_68356DD9 
X-CRM114-Status: GOOD (  17.66  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

This registers a breakpoint handler for the new breakpoint type
(0x03) inserted by LLVM CLANG for CFI breakpoints.

If we are in permissive mode, just print a backtrace and continue.

Example with CONFIG_CFI_PERMISSIVE enabled:

> echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT
lkdtm: Performing direct entry CFI_FORWARD_PROTO
lkdtm: Calling matched prototype ...
lkdtm: Calling mismatched prototype ...
CFI failure at lkdtm_indirect_call+0x40/0x4c (target: 0x0; expected type: 0x00000000)
WARNING: CPU: 1 PID: 112 at lkdtm_indirect_call+0x40/0x4c
CPU: 1 PID: 112 Comm: sh Not tainted 6.8.0-rc1+ #150
Hardware name: ARM-Versatile Express
(...)
lkdtm: FAIL: survived mismatched prototype function call!
lkdtm: Unexpected! This kernel (6.8.0-rc1+ armv7l) was built with CONFIG_CFI_CLANG=y

As you can see the LKDTM test fails, but I expect that this would be
expected behaviour in the permissive mode.

We are currently not implementing target and type for the CFI
breakpoint as this requires additional operand bundling compiler
extensions.

CPUs without breakpoint support cannot handle breakpoints naturally,
in these cases the permissive mode will not work, CFI will fall over
on an undefined instruction:

Internal error: Oops - undefined instruction: 0 [#1] PREEMPT ARM
CPU: 0 PID: 186 Comm: ash Tainted: G        W          6.9.0-rc1+ #7
Hardware name: Gemini (Device Tree)
PC is at lkdtm_indirect_call+0x38/0x4c
LR is at lkdtm_CFI_FORWARD_PROTO+0x30/0x6c

This is reasonable I think: it's the best CFI can do to ascertain
the the control flow is not broken on these CPUs.

Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
 arch/arm/include/asm/hw_breakpoint.h |  1 +
 arch/arm/kernel/hw_breakpoint.c      | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/arch/arm/include/asm/hw_breakpoint.h b/arch/arm/include/asm/hw_breakpoint.h
index 62358d3ca0a8..e7f9961c53b2 100644
--- a/arch/arm/include/asm/hw_breakpoint.h
+++ b/arch/arm/include/asm/hw_breakpoint.h
@@ -84,6 +84,7 @@ static inline void decode_ctrl_reg(u32 reg,
 #define ARM_DSCR_MOE(x)			((x >> 2) & 0xf)
 #define ARM_ENTRY_BREAKPOINT		0x1
 #define ARM_ENTRY_ASYNC_WATCHPOINT	0x2
+#define ARM_ENTRY_CFI_BREAKPOINT	0x3
 #define ARM_ENTRY_SYNC_WATCHPOINT	0xa
 
 /* DSCR monitor/halting bits. */
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index dc0fb7a81371..ce7c152dd6e9 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -17,6 +17,7 @@
 #include <linux/perf_event.h>
 #include <linux/hw_breakpoint.h>
 #include <linux/smp.h>
+#include <linux/cfi.h>
 #include <linux/cpu_pm.h>
 #include <linux/coresight.h>
 
@@ -903,6 +904,32 @@ static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
 	watchpoint_single_step_handler(addr);
 }
 
+#ifdef CONFIG_CFI_CLANG
+static void hw_breakpoint_cfi_handler(struct pt_regs *regs)
+{
+	/* TODO: implementing target and type requires compiler work */
+	unsigned long target = 0;
+	u32 type = 0;
+
+	switch (report_cfi_failure(regs, instruction_pointer(regs), &target, type)) {
+	case BUG_TRAP_TYPE_BUG:
+		die("Oops - CFI", regs, 0);
+		break;
+	case BUG_TRAP_TYPE_WARN:
+		/* Skip the breaking instruction */
+		instruction_pointer(regs) += 4;
+		break;
+	default:
+		die("Unknown CFI error", regs, 0);
+		break;
+	}
+}
+#else
+static void hw_breakpoint_cfi_handler(struct pt_regs *regs)
+{
+}
+#endif
+
 /*
  * Called from either the Data Abort Handler [watchpoint] or the
  * Prefetch Abort Handler [breakpoint] with interrupts disabled.
@@ -932,6 +959,9 @@ static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
 	case ARM_ENTRY_SYNC_WATCHPOINT:
 		watchpoint_handler(addr, fsr, regs);
 		break;
+	case ARM_ENTRY_CFI_BREAKPOINT:
+		hw_breakpoint_cfi_handler(regs);
+		break;
 	default:
 		ret = 1; /* Unhandled fault. */
 	}