From patchwork Mon Jun 13 13:40:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 12879569 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E37CC43334 for ; Mon, 13 Jun 2022 13:42:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=xvRsOI6mrU+DKuuAib6JMAHy+O2uuIVk14oUoSjTGUs=; b=fLF+Hm6pljSFST rfcM1oubNRx5qp0Hq82XJQcn38sHpRoek8cfQ74sBiT733LrdxtUw1aSqvGZ5t+e/VbuwdfOcYOsi 3zRgbwTDQN2xeZ9wcAT3vh55XxLk7IBlvDGoC/wfrNH/5n0HCTvMgPzt0YP998cEMjK4Drjb6rvbM eRn21UfDQB28ETgQJCtmuy09I9rhQPKD6GLJdCwbI8gZcx5NciyRL8LPYgivL0WT5T48eYxsf3AnO 6gKI9Ohjb6fYrmeNTk3xoSRhZxBDcddVe0nEqyh3mmpD75Ktlh9nm1vkCWgn4Jk04CurAcWNRqsKZ Y7xAwkSG2Oa6f3306xxg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o0kJw-003vXs-9w; Mon, 13 Jun 2022 13:41:32 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o0kIr-003uhV-IN for linux-arm-kernel@lists.infradead.org; Mon, 13 Jun 2022 13:40:27 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E0D7B61046; Mon, 13 Jun 2022 13:40:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A8A3C341C0; Mon, 13 Jun 2022 13:40:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1655127624; bh=mpuAk3Wv11IkWlw4SmpUeR8kFrfvCbGI+pdDHUV5v88=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NqprNkIrK+bG6zcvhstcjL7aDRAFlefieqSEkBN24gkgiDvWfiLzQiLOOP/1OSrTP BYklz3HG5GJBHMpWP0gWsPbjHvRxQOTxEHte7u6+1acKW+HDnx77ZQJCqEkz3Avu9e rrFDAWLp+DcUJBAse+WLu9lzQQxedpsQyTjhCruofHj2NUE0/lnEKdjogwdPrqcCJ/ McOCAIoCDtclhBsQM3YmR+W4vP0dMbhg5tRVs1yCXcf2CFjykn/vAux4/CeJ6AzEXN MP4UpjH2oKh3KlO6buSJbElArjJqkgo+6BqZP6KmO5ysffgnLbPtxlw2PlceFsgXV7 ePd0LQkKU204A== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: catalin.marinas@arm.com, will@kernel.org, mark.rutland@arm.com, maz@kernel.org, Ard Biesheuvel , Kees Cook , Sami Tolvanen , Fangrui Song , Nick Desaulniers , Dan Li Subject: [PATCH v3 1/3] arm64: unwind: add asynchronous unwind tables to kernel and modules Date: Mon, 13 Jun 2022 15:40:06 +0200 Message-Id: <20220613134008.3760481-2-ardb@kernel.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220613134008.3760481-1-ardb@kernel.org> References: <20220613134008.3760481-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4674; h=from:subject; bh=mpuAk3Wv11IkWlw4SmpUeR8kFrfvCbGI+pdDHUV5v88=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBipz4zAKQsGHBUvz9h2qKtCt6h2NjoxLO8OQ8y+I5C 1szNas+JAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYqc+MwAKCRDDTyI5ktmPJMYdC/ 4k82r99RWmchxU4lywge+uDbscBWEmmZE3Bw7t31it7piiQ4SsitaIdn/EQi44osPjIL9BkmBvXI0o 3zpf8pyWiSFce+s807V8TEATBrvQkEc5/bgEI/41k85QiZ1MCE3mxIKBo86O87g+nqfIhiLsxAomDC SFMtneUwVwX3Hw6rJaOCczQ9u4qdsL3RPulvv307phXeweg5ZBxPkRLntmTtbKNK60OvknPjbnFq3e 6FG0JGkBnbDV5XKFvOWqM7rOGBaXq7UliSa1eolAlWcOBsXuEJbgsLtMBOPLQr0NcE5PjLOIyTYBRY +q5h+BeXxqQrP1Qszm0XilgHQykbVXWremaqxV6M3Yfj5kLxkl4uBymQUf8iIyTG1Ze/E/iymUe7l2 hpeFo4KKWVqHf/lSMiGBJ8YY6YMiswk1shp2tf7QkaSfl5B4f5siykPczJqedsgwIOlbBOG1bQTQO0 uD3LcMxlWIv0nYLRhsWmC40pSDJ/qA2Dk2EV/VOyH37sA= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220613_064025_735958_F2271313 X-CRM114-Status: GOOD ( 18.47 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Enable asynchronous unwind table generation for both the core kernel as well as modules, and emit the resulting .eh_frame sections as init code so we can use the unwind directives for code patching at boot or module load time. This will be used by dynamic shadow call stack support, which will rely on code patching rather than compiler codegen to emit the shadow call stack push and pop instructions. Signed-off-by: Ard Biesheuvel Reviewed-by: Nick Desaulniers --- arch/arm64/Kconfig | 3 +++ arch/arm64/Makefile | 5 +++++ arch/arm64/include/asm/module.lds.h | 8 ++++++++ arch/arm64/kernel/vmlinux.lds.S | 13 +++++++++++++ arch/arm64/kvm/hyp/nvhe/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 1 + 6 files changed, 31 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 1652a9800ebe..5f92344edff5 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -366,6 +366,9 @@ config KASAN_SHADOW_OFFSET default 0xeffffff800000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS default 0xffffffffffffffff +config UNWIND_TABLES + bool + source "arch/arm64/Kconfig.platforms" menu "Kernel Features" diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 6d9d4a58b898..4fbca56fa602 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -45,8 +45,13 @@ KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) KBUILD_AFLAGS += $(call cc-option,-mabi=lp64) # Avoid generating .eh_frame* sections. +ifneq ($(CONFIG_UNWIND_TABLES),y) KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables KBUILD_AFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables +else +KBUILD_CFLAGS += -fasynchronous-unwind-tables +KBUILD_AFLAGS += -fasynchronous-unwind-tables +endif ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) prepare: stack_protector_prepare diff --git a/arch/arm64/include/asm/module.lds.h b/arch/arm64/include/asm/module.lds.h index 094701ec5500..dbba4b7559aa 100644 --- a/arch/arm64/include/asm/module.lds.h +++ b/arch/arm64/include/asm/module.lds.h @@ -17,4 +17,12 @@ SECTIONS { */ .text.hot : { *(.text.hot) } #endif + +#ifdef CONFIG_UNWIND_TABLES + /* + * Currently, we only use unwind info at module load time, so we can + * put it into the .init allocation. + */ + .init.eh_frame : { *(.eh_frame) } +#endif } diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 2d4a8f995175..7bf4809f523d 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -120,6 +120,17 @@ jiffies = jiffies_64; #define TRAMP_TEXT #endif +#ifdef CONFIG_UNWIND_TABLES +#define UNWIND_DATA_SECTIONS \ + .eh_frame : { \ + __eh_frame_start = .; \ + *(.eh_frame) \ + __eh_frame_end = .; \ + } +#else +#define UNWIND_DATA_SECTIONS +#endif + /* * The size of the PE/COFF section that covers the kernel image, which * runs from _stext to _edata, must be a round multiple of the PE/COFF @@ -231,6 +242,8 @@ SECTIONS __alt_instructions_end = .; } + UNWIND_DATA_SECTIONS + . = ALIGN(SEGMENT_ALIGN); __inittext_end = .; __initdata_begin = .; diff --git a/arch/arm64/kvm/hyp/nvhe/Makefile b/arch/arm64/kvm/hyp/nvhe/Makefile index f9fe4dc21b1f..23de41479495 100644 --- a/arch/arm64/kvm/hyp/nvhe/Makefile +++ b/arch/arm64/kvm/hyp/nvhe/Makefile @@ -84,6 +84,7 @@ quiet_cmd_hypcopy = HYPCOPY $@ # Remove ftrace, Shadow Call Stack, and CFI CFLAGS. # This is equivalent to the 'notrace', '__noscs', and '__nocfi' annotations. KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_FTRACE) $(CC_FLAGS_SCS) $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) +KBUILD_CFLAGS += -fno-asynchronous-unwind-tables -fno-unwind-tables # KVM nVHE code is run at a different exception code with a different map, so # compiler instrumentation that inserts callbacks or checks into the code may diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index d0537573501e..78c46638707a 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -20,6 +20,7 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \ # disable the stackleak plugin cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ -fpie $(DISABLE_STACKLEAK_PLUGIN) \ + -fno-unwind-tables -fno-asynchronous-unwind-tables \ $(call cc-option,-mbranch-protection=none) cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ -fno-builtin -fpic \