[v3,05/11] arm64: bpf: Annotate JITed code for BTI

Message ID	20200506195138.22086-6-broonie@kernel.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=ghDP=6U=lists.infradead.org=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B447C20747 From: Mark Brown <broonie@kernel.org> To: Vincenzo Frascino <Vincenzo.Frascino@arm.com>, Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com> Subject: [PATCH v3 05/11] arm64: bpf: Annotate JITed code for BTI Date: Wed, 6 May 2020 20:51:32 +0100 Message-Id: <20200506195138.22086-6-broonie@kernel.org> In-Reply-To: <20200506195138.22086-1-broonie@kernel.org> References: <20200506195138.22086-1-broonie@kernel.org> MIME-Version: 1.0 summary: Content analysis details: (-5.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [198.145.29.99 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender Precedence: list Cc: Kees Cook <keescook@chromium.org>, Daniel Borkmann <daniel@iogearbox.net>, Jean-Philippe Brucker <jean-philippe.brucker@arm.com>, Mark Brown <broonie@kernel.org>, Amit Kachhap <amit.kachhap@arm.com>, Dave Martin <Dave.Martin@arm.com>, linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	arm64: BTI kernel and vDSO support \| expand [v3,00/11] arm64: BTI kernel and vDSO support [v3,01/11] arm64: Document why we enable PAC support for leaf functions [v3,02/11] arm64: bti: Support building kernel C code using BTI [v3,03/11] arm64: asm: Override SYM_FUNC_START when building the kernel with BTI [v3,04/11] arm64: Set GP bit in kernel page tables to enable BTI for the kernel [v3,05/11] arm64: bpf: Annotate JITed code for BTI [v3,06/11] arm64: mm: Mark executable text as guarded pages [v3,07/11] arm64: bti: Provide Kconfig for kernel mode BTI [v3,08/11] arm64: asm: Provide a mechanism for generating ELF note for BTI [v3,09/11] arm64: vdso: Annotate for BTI [v3,10/11] arm64: vdso: Force the vDSO to be linked as BTI when built for BTI [v3,11/11] arm64: vdso: Map the vDSO text with guarded pages when built for BTI

Message ID

20200506195138.22086-6-broonie@kernel.org (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B447C20747
From: Mark Brown <broonie@kernel.org>
To: Vincenzo Frascino <Vincenzo.Frascino@arm.com>,
 Will Deacon <will@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>
Subject: [PATCH v3 05/11] arm64: bpf: Annotate JITed code for BTI
Date: Wed,  6 May 2020 20:51:32 +0100
Message-Id: <20200506195138.22086-6-broonie@kernel.org>
In-Reply-To: <20200506195138.22086-1-broonie@kernel.org>
References: <20200506195138.22086-1-broonie@kernel.org>
MIME-Version: 1.0
Precedence: list
Cc: Kees Cook <keescook@chromium.org>, Daniel Borkmann <daniel@iogearbox.net>,
 Jean-Philippe Brucker <jean-philippe.brucker@arm.com>,
 Mark Brown <broonie@kernel.org>, Amit Kachhap <amit.kachhap@arm.com>,
 Dave Martin <Dave.Martin@arm.com>, linux-arm-kernel@lists.infradead.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

arm64: BTI kernel and vDSO support | expand

Commit Message

Mark Brown May 6, 2020, 7:51 p.m. UTC

In order to extend the protection offered by BTI to all code executing in
kernel mode we need to annotate JITed BPF code appropriately for BTI. To
do this we need to add a landing pad to the start of each BPF function and
also immediately after the function prologue if we are emitting a function
which can be tail called. Jumps within BPF functions are all to immediate
offsets and therefore do not require landing pads.

Signed-off-by: Mark Brown <broonie@kernel.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
---
 arch/arm64/net/bpf_jit.h      |  8 ++++++++
 arch/arm64/net/bpf_jit_comp.c | 12 ++++++++++++
 2 files changed, 20 insertions(+)

Comments

Daniel Borkmann May 7, 2020, 8:15 p.m. UTC | #1

[ Cc +bpf ]

On 5/6/20 9:51 PM, Mark Brown wrote:
> In order to extend the protection offered by BTI to all code executing in
> kernel mode we need to annotate JITed BPF code appropriately for BTI. To
> do this we need to add a landing pad to the start of each BPF function and
> also immediately after the function prologue if we are emitting a function
> which can be tail called. Jumps within BPF functions are all to immediate
> offsets and therefore do not require landing pads.
> 
> Signed-off-by: Mark Brown <broonie@kernel.org>
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>

Acked-by: Daniel Borkmann <daniel@iogearbox.net>

> ---
>   arch/arm64/net/bpf_jit.h      |  8 ++++++++
>   arch/arm64/net/bpf_jit_comp.c | 12 ++++++++++++
>   2 files changed, 20 insertions(+)
> 
> diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
> index eb73f9f72c46..05b477709b5f 100644
> --- a/arch/arm64/net/bpf_jit.h
> +++ b/arch/arm64/net/bpf_jit.h
> @@ -189,4 +189,12 @@
>   /* Rn & Rm; set condition flags */
>   #define A64_TST(sf, Rn, Rm) A64_ANDS(sf, A64_ZR, Rn, Rm)
>   
> +/* HINTs */
> +#define A64_HINT(x) aarch64_insn_gen_hint(x)
> +
> +/* BTI */
> +#define A64_BTI_C  A64_HINT(AARCH64_INSN_HINT_BTIC)
> +#define A64_BTI_J  A64_HINT(AARCH64_INSN_HINT_BTIJ)
> +#define A64_BTI_JC A64_HINT(AARCH64_INSN_HINT_BTIJC)
> +
>   #endif /* _BPF_JIT_H */
> diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
> index cdc79de0c794..83fa475c6b42 100644
> --- a/arch/arm64/net/bpf_jit_comp.c
> +++ b/arch/arm64/net/bpf_jit_comp.c
> @@ -171,7 +171,11 @@ static inline int epilogue_offset(const struct jit_ctx *ctx)
>   #define STACK_ALIGN(sz) (((sz) + 15) & ~15)
>   
>   /* Tail call offset to jump into */
> +#if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)
> +#define PROLOGUE_OFFSET 8
> +#else
>   #define PROLOGUE_OFFSET 7
> +#endif
>   
>   static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
>   {
> @@ -208,6 +212,10 @@ static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
>   	 *
>   	 */
>   
> +	/* BTI landing pad */
> +	if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
> +		emit(A64_BTI_C, ctx);
> +
>   	/* Save FP and LR registers to stay align with ARM64 AAPCS */
>   	emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx);
>   	emit(A64_MOV(1, A64_FP, A64_SP), ctx);
> @@ -230,6 +238,10 @@ static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
>   				    cur_offset, PROLOGUE_OFFSET);
>   			return -1;
>   		}
> +
> +		/* BTI landing pad for the tail call, done with a BR */
> +		if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
> +			emit(A64_BTI_J, ctx);
>   	}
>   
>   	ctx->stack_size = STACK_ALIGN(prog->aux->stack_depth);
>

diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h
index eb73f9f72c46..05b477709b5f 100644
--- a/arch/arm64/net/bpf_jit.h
+++ b/arch/arm64/net/bpf_jit.h
@@ -189,4 +189,12 @@ 
 /* Rn & Rm; set condition flags */
 #define A64_TST(sf, Rn, Rm) A64_ANDS(sf, A64_ZR, Rn, Rm)
 
+/* HINTs */
+#define A64_HINT(x) aarch64_insn_gen_hint(x)
+
+/* BTI */
+#define A64_BTI_C  A64_HINT(AARCH64_INSN_HINT_BTIC)
+#define A64_BTI_J  A64_HINT(AARCH64_INSN_HINT_BTIJ)
+#define A64_BTI_JC A64_HINT(AARCH64_INSN_HINT_BTIJC)
+
 #endif /* _BPF_JIT_H */
diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index cdc79de0c794..83fa475c6b42 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -171,7 +171,11 @@  static inline int epilogue_offset(const struct jit_ctx *ctx)
 #define STACK_ALIGN(sz) (((sz) + 15) & ~15)
 
 /* Tail call offset to jump into */
+#if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)
+#define PROLOGUE_OFFSET 8
+#else
 #define PROLOGUE_OFFSET 7
+#endif
 
 static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
 {
@@ -208,6 +212,10 @@  static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
 	 *
 	 */
 
+	/* BTI landing pad */
+	if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
+		emit(A64_BTI_C, ctx);
+
 	/* Save FP and LR registers to stay align with ARM64 AAPCS */
 	emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx);
 	emit(A64_MOV(1, A64_FP, A64_SP), ctx);
@@ -230,6 +238,10 @@  static int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf)
 				    cur_offset, PROLOGUE_OFFSET);
 			return -1;
 		}
+
+		/* BTI landing pad for the tail call, done with a BR */
+		if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL))
+			emit(A64_BTI_J, ctx);
 	}
 
 	ctx->stack_size = STACK_ALIGN(prog->aux->stack_depth);

[v3,05/11] arm64: bpf: Annotate JITed code for BTI

Commit Message

Comments

Patch