From patchwork Mon Apr 18 13:22:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: He Zhe X-Patchwork-Id: 12816592 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D9C7FC433EF for ; Mon, 18 Apr 2022 13:26:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=0VgA9lGDt1gWOGZ/Nhs10P8KaAhEQdj7O1nUE922gIg=; b=V7f/68WCeiHpV3 mIjXSYd8whDZ0nAlfx+v3So1TipS5aWzbTQzyRex2A0t75KU5yoCgXo0pQ2ZFZXH/dNlcd6DR7lAO csBKJZrQ7gbs6nXDAvyMdlrDzDOVneuwGiglDRvtRbOH2ecNTCY0r6VaXEwtUFSzc3a98lWHcl3I6 CBNaJIXcjCeN/m2O8Xly8n0lUN8BP5Ip6RCYifPlpzk5PQXJyEnV2LDVVn2MFO83/8pvH3QuqarEi P7Qg04tTpoqZSctYn9DHhKj3C6K5/bncrUE2yv+W/kiZU00czZkoH9JiTHYuzVIRNPZcqJGtl0vci Q0dQIJZPE+Tp0K8RiyxQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1ngRNO-00H1Pp-NW; Mon, 18 Apr 2022 13:25:11 +0000 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1ngRLf-00H0Hw-RC; Mon, 18 Apr 2022 13:23:26 +0000 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 23IDCPFP019859; Mon, 18 Apr 2022 06:22:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=PPS06212021; bh=xcVf/tshGNvkkpxR7Pvh+P+nL3qZp/fr2Jfx7bsaVNA=; b=mmqtdAiS/aPzpm6mYvwix/zk/yGaaerlq0kEXRchIz0yaPCNYy86FyoIopyLxdFmFzr6 dpZrT6FVLJqf35Q1gTqtw/51OWvPqIj3tG4euRQ+2BPQm6th/swCWFZHaxyWj8MKNsnV poFgURMpHTC1n6dB43nHosX7AJTIkam+Iq37uxqzEfYlLpshhEimnf95QUpbannn3qXW c3YtIkjViSd6UsU0ifVU7K0OzEWtjaWNrt8+e9pPMEhqNmx9Tm6hzdM+dXcurBlTV86e v6TS8UsiH39N3Ozsxll/rsqSC2irALJHRoONdibHKcM4O+HkGr7WyzctyMr3M+WZMRGL Zg== Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam07lp2043.outbound.protection.outlook.com [104.47.56.43]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3ffwah150g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Apr 2022 06:22:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V5pHMDZmH6LL6tCOxu8Nm8PkISEGJDEfNk83iLPhU5UTaD4TeoGB9pRRpWP1GEcrYyIF0brJwU6rdCykAQL8QHu9g2QW2p6/2RQp0UKpd5ELZh76b/MUK4NNxtvzsPG6YutiGv1WE+Pk/TaWU9J9x4/JlFhT5OtQLgUa9qU4jZHvfUOr37lepzbGAN6/ux7pSBtV4+ligHTdRQ7po2FJHZO9VADXZidk9yeIeaDv25bVNEh4LwVyRa0LHAtHa0/iQvwLPSZivzmqPQf19uoxmRT0FfExnelsCbZAUAQkYqDn/qjMSeBwvh97Gd4y0DxuUsAlA45tMZ9vT453Mngr+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xcVf/tshGNvkkpxR7Pvh+P+nL3qZp/fr2Jfx7bsaVNA=; b=dWwFla4SV/XSHPDQChB4Ljx5SZXwg43Wu9nqjln0Ih3M3NmGcIuAa/J638uvWhZcOVwMQ11eyEnYv1/mc0O/x3JJ2ICpIzOuVUJZ36dRJfJpA258m8ph8ZqVu0nqa/3MIs+97lki7TtGUPgqofXtvNQ/COg8svJrbN78PmUPkgrS1QpBQik9JoNt8SBy3sz6ZgoJre7TCPr2pAj529ovJJcRuujWRMa3rriz4az3Jam7kNSSGZmXOzFu0RfKmZWnzn3gCdtsu0hnYj7T1DQIE72kaEQNZbmVfd32L5bHv5djVdCyEgEUEBubN5qx1OIziOTa3bnHuwj84UWqq6WjDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from MWHPR11MB1358.namprd11.prod.outlook.com (2603:10b6:300:23::8) by DM6PR11MB2857.namprd11.prod.outlook.com (2603:10b6:5:cb::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Mon, 18 Apr 2022 13:22:36 +0000 Received: from MWHPR11MB1358.namprd11.prod.outlook.com ([fe80::1cd4:125:344:9fc]) by MWHPR11MB1358.namprd11.prod.outlook.com ([fe80::1cd4:125:344:9fc%7]) with mapi id 15.20.5164.025; Mon, 18 Apr 2022 13:22:36 +0000 From: He Zhe To: catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, tglx@linutronix.de, bp@alien8.de, dave.hansen@linux.intel.com, keescook@chromium.org, alexander.shishkin@linux.intel.com, jolsa@kernel.org, namhyung@kernel.org, benh@kernel.crashing.org, paulus@samba.org, borntraeger@linux.ibm.com, svens@linux.ibm.com, hpa@zytor.com Cc: x86@kernel.org, linux-arm-kernel@lists.infradead.org, linuxppc-dev@lists.ozlabs.org, linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org, zhe.he@windriver.com Subject: [PATCH RFC 0/8] hardened usercopy and stacktrace improvement Date: Mon, 18 Apr 2022 21:22:09 +0800 Message-Id: <20220418132217.1573072-1-zhe.he@windriver.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: HK2PR02CA0133.apcprd02.prod.outlook.com (2603:1096:202:16::17) To MWHPR11MB1358.namprd11.prod.outlook.com (2603:10b6:300:23::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8381d4bd-4e4b-4e7a-dbdc-08da213e80ef X-MS-TrafficTypeDiagnostic: DM6PR11MB2857:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tt9RUO5obMpwN+Zd/EA/TZVNF/8xeaob7d3xary3RR2UT5VdkhsCjpY9B7lAWFuSTPju0p3551Ic7MMkB+jsaJYFRrPgB/eLfxd5Jd9ovIVWfPgTPjBtcfLb7vX9DF0L62ZfaAndarK5iE9TxKkMoQYInPcCbeg2CTfTDuCPTucwneIEiySr13m8iiAisy/ix+tpTIDgj12l54ykjau3D5AZ/xwTpAQLyvJh3+tpVb4ULyzHguVAbtE1MSkP+Khg2XNrzh8N197JyLo36wJFY7XYOCVbb5qKRyLLPS/tjv770ngH/yrInGm0uv9DkJcgciyVfXESQPBGaLcBMaAxVObDuIi1fZjtvRj7wy3RBd4mETtnjzARO2hvQ4o9IFfr40CeuaxrIcb3eXb8BSIz/9pb3vPBUkhGmcOtZaAjmMVegPtJiWX0lQI7H+E1L8B9Yw76afsj7wiiQHNzWs+XDIdyFxsWNMHrqsWAhGcHsBrW+qYoJ5/CGfsbfvJKJQk/MFfwinkztQKrvReOtqrYwOdpU80M99Iwjxbom1qYLnZHIutqV8rbTV6OEH4DV7o2CzSIbw0GM3H/e2u1kvMgCf3dHhstxro96De60vsCxCvEj+03duI2lCjeEQ1092L9KIDJ8M/eBxFkERACof6rBXN2FPV87bXE1VRWrWQfik82bTkO930223OR9tLc236CoFoaPWkfOtyW/yN82pLcAdOcybH8PmiGoHYXMEYHp2c= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1358.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66556008)(2616005)(186003)(86362001)(83380400001)(1076003)(38100700002)(66946007)(316002)(66476007)(7416002)(107886003)(8936002)(2906002)(4326008)(6506007)(38350700002)(5660300002)(508600001)(36756003)(52116002)(8676002)(26005)(6486002)(921005)(6512007)(6666004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: i7+T7/VOuOhLWViCWrbM4Ro98WVFQpcDROo169zHxbH2NtsM+wD/MAOSZr6dHY8yJlH9N1kU45jkUVRq/XgUL30WGMpKUWebfe+RqQ5WbvNIp8amxIhkUvfrb8G1YwbMx5llKSPqu9PEzjgIaoQTOVugtMEVyEsZiWqWNS7MrfsXAZWYWcrOKQuGarMow6w2mKrYSww6uJqNkTmNbyP00L+1xJwVnlNMMh+J8P0No92GDGKTmn417eaR16fr0aL/t5g8lSJfZxyh83ud1T2Wr17XwgJQJ0BcZfg7wo52kbkBDNX69CTWlwrVY4qgGrL5/tO9DObK9L8RNDMILxilHC7oSTdN9ww7A7Zzv+O7iEGUrXJ9j7wlwMlX62LT6QXzX1YjrUnagssMXc4Ysk/oe0RQAeDTaU6Gem2rSSthr1WxR/o8Rb3a2OoaHbaYmmQXYdnV5YEtX/jla/BQHj7DurUSZ0CX+z+IoyThTnH29Nd4POQLlo1HQ+xMzrNmRX/mCuU/KW7vKzJLDi5TWFu3DsWfX/tYrsxoXGGCttOO/5ZIROIkqOfNExLEfpmR/SIPJ7cCoNAhob5kZ2PPkugB9WWz0OjsgJtcTltI3oIMesdAtbiy/6P0eedI6skYye+g1vQCH8UXCtPHgfXYzYpJTdiEz5ImiiSW/4p2fdrze+31vHrwZSy0NcLk04nxYIV0aT00B38AfL1GE3dhqXFFsftt8RRTHExZr6pL90DDpquajZuwYEhlmHV+iYN7sPuMI7pyixUhK29yRfwN+U4U1Xx/GElkLt/Yy41HLZSCKsJIr41D74GGpwSU+bk8u2ffclicaTvAJHzvAHvaVTx5Sg/cR96FxALH1Z5DmEqdoG1KzthDrEJY6dSOpS/7UKvUCimdCb2bB0UPrE9FqB/rIyQt8Idg1WfirYPtxXkv3479G7wORko2imDhR1WlOH0IlvtyVbYEh6LY+R4U6F3Dm4TlQoiNSEcYdEduyHQ3F4O6DASfMc/sd0NGSwjfyK1wi+TQ7WXpInM+1Dvc5R1E9LnVyoZzGx5ZAgqjq5QUDNNjl7sgp0E4I7e7Zl4ijD3WZ/l4CJLUoMcpzTxM3wt4FfKbFLldPWmwoMkZif9xZbTeNvplGybFx9sRIygRetsxk1XIQIp3T9nf6hT+EmqfOdsC8OzjolDM9DcKJqjvVp3+uw0yW9XhCOJ9OzP/b6w+NpGTC86dBcdh/oqVbnugWfR+LkKiunfLtgWl/bG/p2c4+vvIBsJEG54zOWcCO86ztYWwlZvL0/pK60SYJH3ts+S9iBZxq7UB2RD+yHTzv8PBx+Ci8DJOl46+g7ZTUZkN9fithfmKsXzAExt8GjWNauWc9oUdcB68PXIN+QAdITX9j4MIXil1iWZ0U3FLPnlUrmHV1KYPgNk4oH8b6bUYpLRKo+k5DbN7mrtU3V0Kqj3LPmbxsJ9sSgdbVv+SJCgth6GOxd9NuIB/eCh384LJMz+UHNYABn/ohkuHDZW23mjhgWrTgeR07HOsVCxfwx4HCwfUWxHJTO+O+x9nIKDlSwM85k0YSoD2O6RwmuRVXMueMtzaYaesmIZgJ5gZwlLsBHufDGSESKoXQQNbTw+cZoK8bx+yE7oFLkGApVTFqF0h3OgZ03sIaYuPMKx9Rcabcpvqk0/zbYD1ieezgLPlp/21vQYQYBX3didx9PdSrvEdTXQFW0ay798yfApwnP0L1k4qrZNB1Mz2kuqmYAyqbw== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8381d4bd-4e4b-4e7a-dbdc-08da213e80ef X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1358.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 13:22:36.2488 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GktaFGgGGENtFi7SkGbIJNO2WFbR1VKGaiqwn1422Tyq4lLANl6JbqoiJI3idJZ17ufb5IxrYQ/SFdQvSQg17w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2857 X-Proofpoint-ORIG-GUID: L92afs33CCEvUXDtHwxOnx65_ITv67TP X-Proofpoint-GUID: L92afs33CCEvUXDtHwxOnx65_ITv67TP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.858,Hydra:6.0.486,FMLib:17.11.64.514 definitions=2022-04-18_02,2022-04-15_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 mlxscore=0 mlxlogscore=471 phishscore=0 lowpriorityscore=0 spamscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 adultscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2204180078 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220418_062323_931190_EDB0A018 X-CRM114-Status: GOOD ( 15.93 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This series is to add copy-beyond-the-frame detection for hardened usercopy for arm64 by adding more arguments to callbacks of stackstrace and by the way more potential checks in the future can be done. This is done by: - Change stacktrace callback prototype to pass more information which currently includes pc, current stack's fp and previous frame's fp, so copying beyond the frame can be detected. - Add arch_within_stack_frames for arm64 based on existing x86 algorithm, but via stacktrace. - Make other arch_stack_walk callbacks use the new prototype. - Tune lkdtm usercopy stack frame case. Currently the way to generate bad frame use depends on stack layout of the architecture and compiler. It happens to work with x86 but does not work for arm64 and it ruins the stack in USERCOPY_STACK_FRAME_FROM and thus causes the call chain to return to NULL address. He Zhe (8): stacktrace: Change callback prototype to pass more information arm64: stacktrace: Add arch_within_stack_frames arm64: stacktrace: Make callbacks use new prototype with frame info powerpc: stacktrace: Make callbacks use new prototype with frame info riscv: stacktrace: Make callbacks use new prototype with frame info s390: stacktrace: Make callbacks use new prototype with frame info x86: stacktrace: Make callbacks use new prototype with frame info lkdtm: usercopy: Make USERCOPY_STACK_FRAME_x able to work for all archs arch/arm64/Kconfig | 1 + arch/arm64/include/asm/thread_info.h | 12 +++++ arch/arm64/kernel/perf_callchain.c | 4 +- arch/arm64/kernel/process.c | 6 +-- arch/arm64/kernel/return_address.c | 4 +- arch/arm64/kernel/stacktrace.c | 76 ++++++++++++++++++++++++++-- arch/arm64/kernel/time.c | 6 +-- arch/powerpc/kernel/stacktrace.c | 18 ++++--- arch/riscv/include/asm/stacktrace.h | 2 +- arch/riscv/kernel/perf_callchain.c | 4 +- arch/riscv/kernel/stacktrace.c | 22 ++++---- arch/s390/kernel/stacktrace.c | 14 ++--- arch/x86/kernel/stacktrace.c | 28 ++++++---- drivers/misc/lkdtm/usercopy.c | 24 +-------- include/linux/stacktrace.h | 9 +++- kernel/stacktrace.c | 10 ++-- 16 files changed, 161 insertions(+), 79 deletions(-)