From patchwork Mon Mar 11 09:15:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Linus Walleij X-Patchwork-Id: 13588403 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B61B4C54E58 for ; Mon, 11 Mar 2024 09:16:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:In-Reply-To:References:Message-Id :MIME-Version:Subject:Date:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+mBw61QcVYIZglqXkMkN3JVBEhVV4d7zCNk6KA+RM/U=; b=mJirp4xAwr8fw9 0Bgjqs9oo+TPop1Zm6QkFX39pHVkK2fsOz05E6lZiWaHB6VhNviWPZ771fwobdNIGiFkak8bUzedk 61/3K8Fcy6hr61BkM1tjZN2v9IzYGz89Ph1tnCSsTsly32mUUUSWNxe8Q/hERJYQ5tXB37t5Tepa0 5Bk40wbUUdm/xogoWN+ygjfF7Jdrh8HOjj76uo5VEHJDiA2CULJNNPC6AhU32vKfZx5UAuNAeWlW1 Mrz338wNMihjztC4hwQaEIDGGbb9ZKhRULqP0iNQNjpKNBcIJ4pQ2jvcw5WGGkkQwbS6HEPZ2+fKf 9xMrB/0AbaSxKNn9RO+A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rjblU-00000000mkm-2ptu; Mon, 11 Mar 2024 09:16:12 +0000 Received: from mail-ed1-x536.google.com ([2a00:1450:4864:20::536]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rjblB-00000000mVF-1dDz for linux-arm-kernel@lists.infradead.org; Mon, 11 Mar 2024 09:15:55 +0000 Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-564647bcdbfso2856465a12.2 for ; Mon, 11 Mar 2024 02:15:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1710148551; x=1710753351; darn=lists.infradead.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=G/Pzv9BlBySoLr2F+FaLoJ1pkqaX4HzA6mcaHcCOXaw=; b=QbqojguCGNBDIxoIgKAzk0vTKyJUWPa1ci5gQvtqulZC8nHKhQ6q/fNKW4AgDvUYr+ NQsB+j0+7Nd1adYpbwge7Q2emg/OHn9DBn21M3qWICJip0g14aY3sfAyCgCMtxtrH3Tr VOEJTVkgm1pGFMxZAbPKxVQxuG0dwvFTOKtoVVopiurw79NvMzqRkRnf4E/eSq/UeuZv U1tv8k0xPCNd9xNefDXs1XlCvDJeG1GggHe/nuAZQbfhHCNqr6DtgM/NWNV8aQOLRRfd a31PdFKAOw/aHyQytbWT6BB9qz04jhC8HoxyMsjsZR1nyWnFE2b0w8pWXPb96KEZCCDU /5lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710148551; x=1710753351; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G/Pzv9BlBySoLr2F+FaLoJ1pkqaX4HzA6mcaHcCOXaw=; b=KpQpvmSRCZeJlflJnwLYSIkAYiHWAIbOeHOfO/IlxAaiwvnodzrBWdQMyu2Xo92Wvp 7jeJTwdOyulEMzTumNXuuaQqXZ3+m5Q8gM5FLcOQd+DESY925Yrs7hauqshEhwClgzxv 3SZ1C+HvI4+UDdhnOAtO27w/W8/DGhHpUQfk8ApRNsnLgX7rn6buWd+qH0dhYhCD4E09 YSh9z5Ybn4kGv7myr4BNZn0ojP1Xg0bLTDJnBV617Xh4I5drVwwCE+4vD4VOogTDSl3c sXGwnlZSe7cwoXedCBiWzr0SQfJkJC/m12rqCt6e0d136nLYgoxU4PkR1kRLdY826GeO KH0w== X-Gm-Message-State: AOJu0YxmKc6Fzy6RWYE2dMQpc5HKK7ROIaF0sx+JLT+mtdqAzCSd3W8U 6QoOzJB9zc3Ah6ZEstNP6LYSDMIhA5HzjYSAHckysHF+FK5U+Rc9x6TgiU6YyFk= X-Google-Smtp-Source: AGHT+IEGyZagLzVw1J7DJ00cDqj0QWvV6RUMbGYkddWlJVs6be33pGMvZeyV68bqU+LSFVqvXq9Ltg== X-Received: by 2002:a17:906:16cc:b0:a45:f862:82e7 with SMTP id t12-20020a17090616cc00b00a45f86282e7mr3464084ejd.23.1710148551456; Mon, 11 Mar 2024 02:15:51 -0700 (PDT) Received: from [127.0.1.1] ([85.235.12.238]) by smtp.gmail.com with ESMTPSA id js23-20020a170906ca9700b00a4617f1ccf3sm1601256ejb.169.2024.03.11.02.15.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 02:15:50 -0700 (PDT) From: Linus Walleij Date: Mon, 11 Mar 2024 10:15:46 +0100 Subject: [PATCH v3 9/9] ARM: KCFI: Allow permissive CFI mode MIME-Version: 1.0 Message-Id: <20240311-arm32-cfi-v3-9-224a0f0a45c2@linaro.org> References: <20240311-arm32-cfi-v3-0-224a0f0a45c2@linaro.org> In-Reply-To: <20240311-arm32-cfi-v3-0-224a0f0a45c2@linaro.org> To: Russell King , Sami Tolvanen , Kees Cook , Nathan Chancellor , Nick Desaulniers , Ard Biesheuvel , Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Linus Walleij X-Mailer: b4 0.12.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240311_021553_576464_CD109506 X-CRM114-Status: GOOD ( 16.82 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This registers a breakpoint handler for the new breakpoint type (0x03) inserted by LLVM CLANG for CFI breakpoints. If we are in permissive mode, just print a backtrace and continue. Example with CONFIG_CFI_PERMISSIVE enabled: > echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry CFI_FORWARD_PROTO lkdtm: Calling matched prototype ... lkdtm: Calling mismatched prototype ... CFI failure at lkdtm_indirect_call+0x40/0x4c (target: 0x0; expected type: 0x00000000) WARNING: CPU: 1 PID: 112 at lkdtm_indirect_call+0x40/0x4c CPU: 1 PID: 112 Comm: sh Not tainted 6.8.0-rc1+ #150 Hardware name: ARM-Versatile Express (...) lkdtm: FAIL: survived mismatched prototype function call! lkdtm: Unexpected! This kernel (6.8.0-rc1+ armv7l) was built with CONFIG_CFI_CLANG=y As you can see the LKDTM test fails, but I expect that this would be expected behaviour in the permissive mode. We are currently not implementing target and type for the CFI breakpoint as this requires additional operand bundling compiler extensions. Signed-off-by: Linus Walleij --- arch/arm/include/asm/hw_breakpoint.h | 1 + arch/arm/kernel/hw_breakpoint.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/arch/arm/include/asm/hw_breakpoint.h b/arch/arm/include/asm/hw_breakpoint.h index 62358d3ca0a8..e7f9961c53b2 100644 --- a/arch/arm/include/asm/hw_breakpoint.h +++ b/arch/arm/include/asm/hw_breakpoint.h @@ -84,6 +84,7 @@ static inline void decode_ctrl_reg(u32 reg, #define ARM_DSCR_MOE(x) ((x >> 2) & 0xf) #define ARM_ENTRY_BREAKPOINT 0x1 #define ARM_ENTRY_ASYNC_WATCHPOINT 0x2 +#define ARM_ENTRY_CFI_BREAKPOINT 0x3 #define ARM_ENTRY_SYNC_WATCHPOINT 0xa /* DSCR monitor/halting bits. */ diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c index dc0fb7a81371..61a984b83bfe 100644 --- a/arch/arm/kernel/hw_breakpoint.c +++ b/arch/arm/kernel/hw_breakpoint.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -903,6 +904,32 @@ static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs) watchpoint_single_step_handler(addr); } +#ifdef CONFIG_CFI_CLANG +static void hw_breakpoint_cfi_handler(struct pt_regs *regs) +{ + /* TODO: implementing target and type requires compiler work */ + unsigned long target = 0; + u32 type = 0; + + switch (report_cfi_failure(regs, instruction_pointer(regs), &target, type)) { + case BUG_TRAP_TYPE_BUG: + die("Oops - CFI", regs, 0); + break; + case BUG_TRAP_TYPE_WARN: + /* Skip the breaking instruction */ + instruction_pointer(regs) += 4; + break; + default: + pr_crit("Unknown CFI error\n"); + break; + } +} +#else +static void hw_breakpoint_cfi_handler(struct pt_regs *regs) +{ +} +#endif + /* * Called from either the Data Abort Handler [watchpoint] or the * Prefetch Abort Handler [breakpoint] with interrupts disabled. @@ -932,6 +959,9 @@ static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr, case ARM_ENTRY_SYNC_WATCHPOINT: watchpoint_handler(addr, fsr, regs); break; + case ARM_ENTRY_CFI_BREAKPOINT: + hw_breakpoint_cfi_handler(regs); + break; default: ret = 1; /* Unhandled fault. */ }