From patchwork Fri Jan 17 22:48:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Fainelli X-Patchwork-Id: 11339959 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D8F392A for ; Fri, 17 Jan 2020 22:53:12 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0032D21D56 for ; Fri, 17 Jan 2020 22:53:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Un/uZLlm"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IqFZchOc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0032D21D56 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=K7aZahtXJc6H5sBRQFMdzQscBGXtGezLMUCmSsie8hU=; b=Un/uZLlmmEyt+wIrbjUaEjXkH9 poGsYI/bDL7Wq/4KJNSI/MWdczu5GSHQVYcD9P3b8Opw8fcCfKyD2HJhQu2fDTNQJUBJbzg0jaWjI Mjca3NHF4AU6eqqq1msI5Y0cPycF51vN6qO0BcuiElASpxSg6R+D5IQbKzr3hk2rN2YYIdblFyCWp EPjTO/8QRnhvhTM/JiL/ASCYnzZAXNEhHj+bhpfJuzH+JZHm83cyUQTBsc8cnACIk0mKSOSaRXKO2 z1k3OtLAinbFtIkOguKulDwS75pyQ4yOP8manqvncnxUdxQP7oXsCaSRk+4j8DAKMCDe+uFSgRHIW k9DoiiWQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1isaUE-0000dN-76; Fri, 17 Jan 2020 22:53:06 +0000 Received: from mail-wr1-x444.google.com ([2a00:1450:4864:20::444]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1isaTJ-0008GZ-Hw for linux-arm-kernel@lists.infradead.org; Fri, 17 Jan 2020 22:52:11 +0000 Received: by mail-wr1-x444.google.com with SMTP id b6so24230189wrq.0 for ; Fri, 17 Jan 2020 14:52:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=N4HjiapVisuR4SSv5+7J8w7zPzYkQ0Yvx9VG/gpvcq0=; b=IqFZchOckBCYBIO1eUTUBa+FjglKdOHhA5ifJk+dO9g838+TjTC1w2h87lkapOzrJA Xav6nS5KgAlnD96gPft3OeeOKPFhZxa5nB4t1W4ouHJVVL9ckaZH9bDEARwglqXo94jZ Elb910p7Owl+N8IBG60lI7Xv28kkJPKeaTqQ0uL0n9tc1cK5Acvr8EjfdJpoXTEa06LS Jqfq12I9EqaVfp0guj1JBrzaa1eig9xOkGoqaOoFUTwmR0E2kCTeXks1g2/xy5MNz9+3 159XHkE3cnDVksmaYPsZYdiWkhF8lgcna4nTe7VtIfEO4s1tWvZXUeSTVIDfuyeQSgQf anbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=N4HjiapVisuR4SSv5+7J8w7zPzYkQ0Yvx9VG/gpvcq0=; b=CNf7I++nsciE02WxXNXuwvdYjlTSSlt9RU8SUb0pJUFb2TrrZx3SNlzfYn1Uf/rqTP RdAjzSJYkvuXWRjDIOYQz/Mug1Cr/BDEGXKWeZH0wMRKGdpcQWwZ9B1lPBcDL14dz+gB zS39lhBYYWYqGm6IX2i+HuFUGmfrGaMvFekBrl20Lwq/G19eIbzgJee2ApWsht5xtK+H IKPYjgqYyqsPJzIwgsB4kRvWMvSsK3oJRnA9QRMYk9WLyXHRqszMOkv1/Z4u0wR18Scp G39lQnCs9rIPdfrBP0mx4Hu4AjjRb0YsZmzJMDUCmtt8JDzkV0hCsc5pzVC98N7URT1L C4oA== X-Gm-Message-State: APjAAAXZ32xBbO/34CydPx6K/XNhe4u8dVOFWrgShVa60Wxpi29vzNhR LafQD3CG+EZ20JBCOoERgO1kp4XN X-Google-Smtp-Source: APXvYqyoYzFEKkgDKtRboU5q025FlkhImpUrJ8rdHwhheP6ndT46BnvrqQrY5JVNJRUiFDXMohOcwQ== X-Received: by 2002:adf:8041:: with SMTP id 59mr5364700wrk.257.1579301527683; Fri, 17 Jan 2020 14:52:07 -0800 (PST) Received: from fainelli-desktop.igp.broadcom.net ([192.19.223.252]) by smtp.gmail.com with ESMTPSA id l3sm32829387wrt.29.2020.01.17.14.52.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Jan 2020 14:52:07 -0800 (PST) From: Florian Fainelli To: linux-arm-kernel@lists.infradead.org Subject: [PATCH v7 5/7] ARM: Define the virtual space of KASan's shadow region Date: Fri, 17 Jan 2020 14:48:37 -0800 Message-Id: <20200117224839.23531-6-f.fainelli@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200117224839.23531-1-f.fainelli@gmail.com> References: <20200117224839.23531-1-f.fainelli@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200117_145209_641469_5815576E X-CRM114-Status: GOOD ( 21.50 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:444 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (f.fainelli[at]gmail.com) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: mark.rutland@arm.com, alexandre.belloni@bootlin.com, mhocko@suse.com, julien.thierry@arm.com, catalin.marinas@arm.com, linux-kernel@vger.kernel.org, dhowells@redhat.com, yamada.masahiro@socionext.com, ryabinin.a.a@gmail.com, glider@google.com, kvmarm@lists.cs.columbia.edu, Florian Fainelli , corbet@lwn.net, Abbott Liu , daniel.lezcano@linaro.org, linux@armlinux.org.uk, kasan-dev@googlegroups.com, bcm-kernel-feedback-list@broadcom.com, Andrey Ryabinin , drjones@redhat.com, vladimir.murzin@arm.com, keescook@chromium.org, arnd@arndb.de, marc.zyngier@arm.com, andre.przywara@arm.com, philip@cog.systems, jinb.park7@gmail.com, tglx@linutronix.de, dvyukov@google.com, nico@fluxnic.net, gregkh@linuxfoundation.org, ard.biesheuvel@linaro.org, linux-doc@vger.kernel.org, christoffer.dall@arm.com, geert@linux-m68k.org, rob@landley.net, pombredanne@nexb.com, akpm@linux-foundation.org, thgarnie@google.com, kirill.shutemov@linux.intel.com MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org From: Abbott Liu Define KASAN_SHADOW_OFFSET,KASAN_SHADOW_START and KASAN_SHADOW_END for arm kernel address sanitizer. +----+ 0xffffffff | | | | | | +----+ CONFIG_PAGE_OFFSET | | | | |-> module virtual address space area. | |/ +----+ MODULE_VADDR = KASAN_SHADOW_END | | | | |-> the shadow area of kernel virtual address. | |/ +----+ TASK_SIZE(start of kernel space) = KASAN_SHADOW_START the | |\ shadow address of MODULE_VADDR | | ---------------------+ | | | + + KASAN_SHADOW_OFFSET |-> the user space area. Kernel address | | | sanitizer do not use this space. | | ---------------------+ | |/ ------ 0 1)KASAN_SHADOW_OFFSET: This value is used to map an address to the corresponding shadow address by the following formula: shadow_addr = (address >> 3) + KASAN_SHADOW_OFFSET; 2)KASAN_SHADOW_START This value is the MODULE_VADDR's shadow address. It is the start of kernel virtual space. 3)KASAN_SHADOW_END This value is the 0x100000000's shadow address. It is the end of kernel address sanitizer shadow area. It is also the start of the module area. When kasan is enabled, the definition of TASK_SIZE is not an 8-bit rotated constant, so we need to modify the TASK_SIZE access code in the *.s file. Cc: Andrey Ryabinin Reported-by: Ard Biesheuvel Tested-by: Linus Walleij Signed-off-by: Abbott Liu Signed-off-by: Florian Fainelli --- arch/arm/include/asm/kasan_def.h | 63 ++++++++++++++++++++++++++++++++ arch/arm/include/asm/memory.h | 5 +++ arch/arm/kernel/entry-armv.S | 5 ++- arch/arm/kernel/entry-common.S | 9 +++-- arch/arm/mm/mmu.c | 7 +++- 5 files changed, 83 insertions(+), 6 deletions(-) create mode 100644 arch/arm/include/asm/kasan_def.h diff --git a/arch/arm/include/asm/kasan_def.h b/arch/arm/include/asm/kasan_def.h new file mode 100644 index 000000000000..4f0aa9869f54 --- /dev/null +++ b/arch/arm/include/asm/kasan_def.h @@ -0,0 +1,63 @@ +/* + * arch/arm/include/asm/kasan_def.h + * + * Copyright (c) 2018 Huawei Technologies Co., Ltd. + * + * Author: Abbott Liu + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef __ASM_KASAN_DEF_H +#define __ASM_KASAN_DEF_H + +#ifdef CONFIG_KASAN + +/* + * +----+ 0xffffffff + * | | + * | | + * | | + * +----+ CONFIG_PAGE_OFFSET + * | |\ + * | | |-> module virtual address space area. + * | |/ + * +----+ MODULE_VADDR = KASAN_SHADOW_END + * | |\ + * | | |-> the shadow area of kernel virtual address. + * | |/ + * +----+ TASK_SIZE(start of kernel space) = KASAN_SHADOW_START the + * | |\ shadow address of MODULE_VADDR + * | | ---------------------+ + * | | | + * + + KASAN_SHADOW_OFFSET |-> the user space area. Kernel address + * | | | sanitizer do not use this space. + * | | ---------------------+ + * | |/ + * ------ 0 + * + *1) KASAN_SHADOW_OFFSET: + * This value is used to map an address to the corresponding shadow address by + * the following formula: shadow_addr = (address >> KASAN_SHADOW_SCALE_SHIFT) + + * KASAN_SHADOW_OFFSET; + * + * 2) KASAN_SHADOW_START: + * This value is the MODULE_VADDR's shadow address. It is the start of kernel + * virtual space. + * + * 3) KASAN_SHADOW_END + * This value is the 0x100000000's shadow address. It is the end of kernel + * addresssanitizer's shadow area. It is also the start of the module area. + * + */ + +#define KASAN_SHADOW_SCALE_SHIFT 3 +#define KASAN_SHADOW_OFFSET _AC(CONFIG_KASAN_SHADOW_OFFSET, UL) +#define KASAN_SHADOW_END ((UL(1) << (32 - KASAN_SHADOW_SCALE_SHIFT)) \ + + KASAN_SHADOW_OFFSET) +#define KASAN_SHADOW_START ((KASAN_SHADOW_END >> 3) + KASAN_SHADOW_OFFSET) + +#endif +#endif diff --git a/arch/arm/include/asm/memory.h b/arch/arm/include/asm/memory.h index 99035b5891ef..5cfa9e5dc733 100644 --- a/arch/arm/include/asm/memory.h +++ b/arch/arm/include/asm/memory.h @@ -18,6 +18,7 @@ #ifdef CONFIG_NEED_MACH_MEMORY_H #include #endif +#include /* PAGE_OFFSET - the virtual address of the start of the kernel image */ #define PAGE_OFFSET UL(CONFIG_PAGE_OFFSET) @@ -28,7 +29,11 @@ * TASK_SIZE - the maximum size of a user space task. * TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area */ +#ifndef CONFIG_KASAN #define TASK_SIZE (UL(CONFIG_PAGE_OFFSET) - UL(SZ_16M)) +#else +#define TASK_SIZE (KASAN_SHADOW_START) +#endif #define TASK_UNMAPPED_BASE ALIGN(TASK_SIZE / 3, SZ_16M) /* diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S index 858d4e541532..8cf1cc30fa7f 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -180,7 +180,7 @@ ENDPROC(__und_invalid) get_thread_info tsk ldr r0, [tsk, #TI_ADDR_LIMIT] - mov r1, #TASK_SIZE + ldr r1, =TASK_SIZE str r1, [tsk, #TI_ADDR_LIMIT] str r0, [sp, #SVC_ADDR_LIMIT] @@ -434,7 +434,8 @@ ENDPROC(__fiq_abt) @ if it was interrupted in a critical region. Here we @ perform a quick test inline since it should be false @ 99.9999% of the time. The rest is done out of line. - cmp r4, #TASK_SIZE + ldr r0, =TASK_SIZE + cmp r4, r0 blhs kuser_cmpxchg64_fixup #endif #endif diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S index 271cb8a1eba1..fee279e28a72 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -50,7 +50,8 @@ __ret_fast_syscall: UNWIND(.cantunwind ) disable_irq_notrace @ disable interrupts ldr r2, [tsk, #TI_ADDR_LIMIT] - cmp r2, #TASK_SIZE + ldr r1, =TASK_SIZE + cmp r2, r1 blne addr_limit_check_failed ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK @@ -87,7 +88,8 @@ __ret_fast_syscall: #endif disable_irq_notrace @ disable interrupts ldr r2, [tsk, #TI_ADDR_LIMIT] - cmp r2, #TASK_SIZE + ldr r1, =TASK_SIZE + cmp r2, r1 blne addr_limit_check_failed ldr r1, [tsk, #TI_FLAGS] @ re-check for syscall tracing tst r1, #_TIF_SYSCALL_WORK | _TIF_WORK_MASK @@ -128,7 +130,8 @@ ret_slow_syscall: disable_irq_notrace @ disable interrupts ENTRY(ret_to_user_from_irq) ldr r2, [tsk, #TI_ADDR_LIMIT] - cmp r2, #TASK_SIZE + ldr r1, =TASK_SIZE + cmp r2, r1 blne addr_limit_check_failed ldr r1, [tsk, #TI_FLAGS] tst r1, #_TIF_WORK_MASK diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c index 5d0d0f86e790..d05493ec7d7f 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -1272,9 +1272,14 @@ static inline void prepare_page_table(void) /* * Clear out all the mappings below the kernel image. */ - for (addr = 0; addr < MODULES_VADDR; addr += PMD_SIZE) + for (addr = 0; addr < TASK_SIZE; addr += PMD_SIZE) pmd_clear(pmd_off_k(addr)); +#ifdef CONFIG_KASAN + /*TASK_SIZE ~ MODULES_VADDR is the KASAN's shadow area -- skip over it*/ + addr = MODULES_VADDR; +#endif + #ifdef CONFIG_XIP_KERNEL /* The XIP kernel is mapped in the module area -- skip over it */ addr = ((unsigned long)_exiprom + PMD_SIZE - 1) & PMD_MASK;