From patchwork Fri Dec 9 15:20:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13069736 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AFCC8C4332F for ; Fri, 9 Dec 2022 15:22:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=tAYcxoUZk2KfNQc7LXtM8s1e0x+1oJG+oTI6ObIg5/o=; b=VuYaFDfGk4SrXd uvZs+FmahoTfGt7jFc/JeJAk8qEG4GFXiWsV2nY7R9lspXPpZr27YzMs7gJ3sXAox3nY1BmjZhr19 3mvuAfK+zubGyIG3hW1zTB0DvqImNzYlVQV30rjhRUJcs+K8XPqLYctBc3qOXx5FdMhbGuZd8pUoq Bn2zuNVRlfkgz3Lw8ko3Gbh2GyoidA3/2xrMF+qplupA33me2ZNWs7CC5tLppilWhNocFb4siDdNT TDhUlresICX7Yswo+Lmyj1VNMMcauROE6TrIdSUW0IYFiucqc7IJC0z7coSfReWLeOgYyXnoahnAl 0bdmrzRY54A/EPd9bttg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p3fBj-008wI6-9F; Fri, 09 Dec 2022 15:21:23 +0000 Received: from dfw.source.kernel.org ([139.178.84.217]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p3fBQ-008wBw-9J for linux-arm-kernel@lists.infradead.org; Fri, 09 Dec 2022 15:21:08 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D0CEB6227A; Fri, 9 Dec 2022 15:20:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A343AC433EF; Fri, 9 Dec 2022 15:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1670599259; bh=0zFo/Xq0di+0v6k9RQcUf3OuT4/YQfKBeTNdO88Ezuk=; h=From:To:Cc:Subject:Date:From; b=lAdXGQ3vEtYVb6hRV0mR6xY1+rPQ/+WNcONT05x1dJAMyeCCVOKNL0DE+yOVqySCU TKfwp/tc4mt11SJogQe3s4SPtn63brpVeJXc2EZww/HiuZ6NyaQDFmolzZAkjZ9PsM BrDRxjBbzPqAeJmS2tkj8ja9H69Gc47FabG+svm4zVEhmP1fOtzAM04p8DiB8lu2OY wOjS9pzddp5A+3Z/jQ0+z60QEYEWw6koCVcUK4uM+yI4347TEuNYutV3iy4eqXrt28 AgHBe6BWxVZwwISqplLtKn41Co84IYTRSB8i5E9nx2maAl5pIl2C2ZIBD326SZMYOX L87D4IledbFVA== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , Marc Zyngier , Will Deacon , Mark Rutland , Kees Cook , Catalin Marinas , Mark Brown Subject: [PATCH v3 0/4] arm64: Add return address protection to asm code Date: Fri, 9 Dec 2022 16:20:44 +0100 Message-Id: <20221209152048.3517080-1-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2055; i=ardb@kernel.org; h=from:subject; bh=0zFo/Xq0di+0v6k9RQcUf3OuT4/YQfKBeTNdO88Ezuk=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjk1JIBtP73sFSRhMyiZWQS5re8RSK/gdYmuUFxT40 +IiRc6WJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCY5NSSAAKCRDDTyI5ktmPJNW5DA DIeUe8hilwr3RjWeC3ucJT5gSpn5p8fREEo6JLtXlWqicPIaZAsxXOXEWLqHfuVyaR8dO1B2ftrPcz CEXCNn7FMbdcvzUVCuOtn+4BeTE7YqZphclm5uFmBEn5r3wdBFDjitAG+Yj8dDGV7lNM/KernH82E6 lbxwzkVxaHc/0RILTI9vpbhHrLa2yIUTA1U3UADNdfMJcdsk34du9FwH/xBiFKbpmvlVzSM/vdgz+w 0XXQ0BFvgr+f7dfUEGDV8wKP7KYEowQOP5sRr7jseY+l8tyiA3Uu/8BzVD+nH0du+ufDf3x5dGnJI2 JZSVsEHoEZy1uKwRIXm99CPLx7pjap9xFbmIGFrVZA/zm7A5hqCdRa+IorMKz64CV+aNFTH7h8IUrX F5WkXbeIc578vCCBCuFhtUiKTTKjzVh3KDWpHkTTssl+XuJ3D2vDjyBRvcLQtisr18d09NU6TG0TGk hi1BPj8taNcQ4C0HneEmUXzrIm0mbjnnp0XotlgXVlBoE= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221209_072104_424702_C969FF58 X-CRM114-Status: GOOD ( 14.56 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Control flow integrity features such as shadow call stack or PAC work by placing special instructions between the reload of the link register from the stack and the function return. The point of this is not only to protect the control flow when calling that particular function, but also to ensure that the sequence of instructions appearing at the end of the function cannot be subverted and used in other ways than intended, in a ROP/JOP style attack. This means that it is generally a bad idea to incorporate any code that is rarely or never used, but lacks such protections. So add some macros that we can invoke in assembler code to protect the return address while it is stored on the stack, and wire it up in the ftrace code, which is often built into production kernels even when not used. Another example of this is crypto code, and some fixes have been queued up in the cryptodev tree to ensure that the frame_push and frame_pop macros are used consistently. v3: - rebase onto updated ftrace tree - drop EFI changes for the time being, I'll bring those back later - emit unwind directives for return address registers != x30, and handle them in the dynamic SCS patching code Cc: Marc Zyngier Cc: Will Deacon Cc: Mark Rutland Cc: Kees Cook Cc: Catalin Marinas Cc: Mark Brown Ard Biesheuvel (4): arm64: assembler: Force error on misuse of .Lframe_local_offset arm64: assembler: Protect return addresses in asm routines arm64: ftrace: Preserve original link register value in ftrace_regs arm64: ftrace: Add return address protection arch/arm64/include/asm/assembler.h | 76 ++++++++++++++++++++ arch/arm64/include/asm/ftrace.h | 2 +- arch/arm64/kernel/entry-ftrace.S | 27 +++++-- arch/arm64/kernel/patch-scs.c | 70 +++++++++++++----- arch/arm64/kernel/stacktrace.c | 1 + 5 files changed, 151 insertions(+), 25 deletions(-)