From patchwork Wed Sep  4 16:57:58 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Brown <broonie@kernel.org>
X-Patchwork-Id: 13791208
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46A0CCD4857
	for <linux-mm@archiver.kernel.org>; Wed,  4 Sep 2024 17:03:53 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 962126B028E; Wed,  4 Sep 2024 13:03:52 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8E9FE6B028F; Wed,  4 Sep 2024 13:03:52 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 766676B0292; Wed,  4 Sep 2024 13:03:52 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com
 [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 5503E6B028E
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 13:03:52 -0400 (EDT)
Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id B80D01415C6
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 17:03:51 +0000 (UTC)
X-FDA: 82527677862.10.30EF3AA
Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91])
	by imf17.hostedemail.com (Postfix) with ESMTP id B64DE4000C
	for <linux-mm@kvack.org>; Wed,  4 Sep 2024 17:03:49 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=FTaxHHza;
	spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates
 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1725469381;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=SxAOnmRJeTHqMEHQ7iQgP0qRPbcFLltaIjzc5kd1YGU=;
	b=FYQWmFBcdLEqy+dZ8ogZUP+ELOgQ9Rv+F24VanOPwaxTn1WoM65es0lfC3Uf3IYC7/qnMw
	FdgjS7+Cn9UmkuvLlG2GiF0nnEk959F5q13ioCGPCxMXBrc9j+9zi0qum/OWJlhH4AbqCt
	ERewo8bpQsDA62Xf+SN0t7q1trdS5oQ=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=FTaxHHza;
	spf=pass (imf17.hostedemail.com: domain of broonie@kernel.org designates
 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1725469381; a=rsa-sha256;
	cv=none;
	b=x57hyLkS55UIANKvSjFfCOJ4CieJg+7XhvDM0+cgCTjmXJQSa+dH5Fy64XgUbb6iBzAyDU
	xFYZvr/rYJY+UBtkJVNmAeQITuoRh3yc/NCVizWKOQNFkhRDHzXCZgviCY4zM8skVq2Ddd
	D/cAdx+udPzlLU1Kcw7xTXhZWUKVTrE=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by nyc.source.kernel.org (Postfix) with ESMTP id 917E6A445AE;
	Wed,  4 Sep 2024 17:03:41 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EDBEC4CEC2;
	Wed,  4 Sep 2024 17:03:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1725469428;
	bh=bULBmEyxTuexdIoDddURy1JjGZM6ZRxX3SqU1u9O/JQ=;
	h=From:Subject:Date:To:Cc:From;
	b=FTaxHHzaSOfcI3YLDnf/RnK9wC9qPyShM2HHxP3ePgjXB4NzyW2MkLMNNnsY+7v4Z
	 1BqEDPvdwMr5k02sgsmIGDZzMKjOcEsh9tA142jKOFo1P8ZjN/n52sA4C0wtgY18zF
	 5V5febs0O1ZTA3zWdh8wxr3emx0HgY+VfvCXQQ0XFPkideKAHE4KMLxvNDMJwttmeP
	 APk3LE8irqsbcVBm3HqujP64qpo/YdVuUUvJohvWjWIzT6T3qn8/4A85zZhTf7Ye/F
	 2jIlctaoy6DYrQlGVrAcChy6U0YmO9LTnt160G1xK9EBP6+2LceZefaqQEqp7fNoYI
	 FD/7ShoBEL8oQ==
From: Mark Brown <broonie@kernel.org>
Subject: [PATCH v2 0/3] mm: Care about shadow stack guard gap when getting
 an unmapped area
Date: Wed, 04 Sep 2024 17:57:58 +0100
Message-Id: 
 <20240904-mm-generic-shadow-stack-guard-v2-0-a46b8b6dc0ed@kernel.org>
MIME-Version: 1.0
X-B4-Tracking: v=1; b=H4sIAJeR2GYC/4XNQQ6CMBCF4auQrh1TWknAlfcwLEpnLA3Skimih
 nB3Kx7A5f+S+WYVidhTEudiFUyLTz6GHOpQCNub4Ag85hZKqpOstYRxBEchH1lIvcH4hDQbO4B
 7GEaoOlt1NUpqKhTZmJhu/rX71zZ379Mc+b2/W8rv+pMbqf7ISwkSGmPR6LrTiPoyEAe6HyM70
 W7b9gEGbzW4ywAAAA==
To: Richard Henderson <richard.henderson@linaro.org>,
 Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
 Matt Turner <mattst88@gmail.com>, Vineet Gupta <vgupta@kernel.org>,
 Russell King <linux@armlinux.org.uk>, Guo Ren <guoren@kernel.org>,
 Huacai Chen <chenhuacai@kernel.org>, WANG Xuerui <kernel@xen0n.name>,
 Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
 "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
 Helge Deller <deller@gmx.de>, Michael Ellerman <mpe@ellerman.id.au>,
 Nicholas Piggin <npiggin@gmail.com>,
 Christophe Leroy <christophe.leroy@csgroup.eu>,
 Naveen N Rao <naveen@kernel.org>,
 Alexander Gordeev <agordeev@linux.ibm.com>,
 Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
 Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>,
 Christian Borntraeger <borntraeger@linux.ibm.com>,
 Sven Schnelle <svens@linux.ibm.com>,
 Yoshinori Sato <ysato@users.sourceforge.jp>, Rich Felker <dalias@libc.org>,
 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
 "David S. Miller" <davem@davemloft.net>,
 Andreas Larsson <andreas@gaisler.com>, Thomas Gleixner <tglx@linutronix.de>,
 Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
 Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
 "H. Peter Anvin" <hpa@zytor.com>, Chris Zankel <chris@zankel.net>,
 Max Filippov <jcmvbkbc@gmail.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 "Liam R. Howlett" <Liam.Howlett@oracle.com>,
 Vlastimil Babka <vbabka@suse.cz>,
 Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org,
 linux-snps-arc@lists.infradead.org, linux-arm-kernel@lists.infradead.org,
 linux-csky@vger.kernel.org, loongarch@lists.linux.dev,
 linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org,
 linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
 linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-mm@kvack.org,
 "Liam R. Howlett" <Liam.Howlett@Oracle.com>,
 Mark Brown <broonie@kernel.org>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>
X-Mailer: b4 0.15-dev-99b12
X-Developer-Signature: v=1; a=openpgp-sha256; l=3075; i=broonie@kernel.org;
 h=from:subject:message-id; bh=bULBmEyxTuexdIoDddURy1JjGZM6ZRxX3SqU1u9O/JQ=;
 b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBm2JLn9sSIWk3S99ZcZ0LBwVX5IdsXF8juyr4Cy5E1
 KFq4s/aJATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZtiS5wAKCRAk1otyXVSH0LHiB/
 9nkgQUOVTlUbAmWo/1GWPj3aVUvDcv0pj9B7z3NcU9N9R9JzbgMMFLrWdQk5jwpTGfHHXkRNANVuvF
 yKig8+IRVvSpGuFpKpsLmegPvrQX1McoVCR659thVX2oLIf6wpdg0LRsBXocswHT36RDNsVfpdTsJM
 X1S72+e1Jt9HIYt4so8I0Zdga/Mt9VqrIg4QrfUtNDzNMYv7a8/AtVY7saHIjeiEwSOdKShaIlDBPV
 aMyaeN6XQhDtvIJQopnxBZsr+uDpt9WM/iq/kDuIa1U6F5kpoObcPaMG4EfjQ3fobknmo/jMH0lBSh
 O0wNT8iXCGWSoD2Q3fN3Rp0pOZQAOP
X-Developer-Key: i=broonie@kernel.org; a=openpgp;
 fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB
X-Rspamd-Server: rspam03
X-Rspam-User: 
X-Rspamd-Queue-Id: B64DE4000C
X-Stat-Signature: nmnmxb9ecnd4e6shnjtsfapu77w56nan
X-HE-Tag: 1725469429-6278
X-HE-Meta: 
 U2FsdGVkX1/KCMDlew1bgHW0pGqIEIjLJ8hHpeWa1Lfgp09YVzUKhbWA9mvMLbLOKrALx3ifekWIwgxyIVLJw06YFxrXalr4xeHsUWU7V2iSGto86jiilIuomaRPu0iv5hvwZsdM+h9+OaHdd3iLjfJeWc+FzLdTOgxyAgqbmzNMOFJsZvF4tOz2iqZrW5ELIbdQ8RvuZLN0lopXSnxvEWWlzJ8i/DVpN1pnEXJvtTiCaVcbDShkE9GB22p7hxJqnxbtZ9WoBiWNWn9GYYYJGJdfUktnJIKIZd9Rz1zDwZqLLne8/GJIBUbipb6XQYoXriy0/ACS/58SlRLshe8HK9LLnDQtX0I0afinZUO28YvFSWaCkTCV212DQq8ZUh0OqGI8DMCquzwkTY4nO5Td9Cqxy59gVgF8nGrhucrKrbgMbKAqE9LF3qp16Rc/P9HsiXq0qP1m6Zqh3YGrZWV/Ow8AHWFDpFciC3vdPp3xVKWtD7yrbIdo2RRwweKQmiwIfc5au7YphFILsd5JMpTShO9sQM2GEWYyowayxyEEUoPTRMCc6ODICYIfRzqt0J7272W6erYde02KLWcobea9y770G5o2J5o85hKsXBuoAHp1dZQZjpgJS6tRk1q8asU+mR+Z2Z7uStdu5Huk87j3GT8GAgUsdzTg7hVkpeFFciL6MpSvb4t8e0NW5A5oQruwf1/PCV/91Id0dSMUiPvzIDaNtxI88xMWCgvJsxHrfeM9E0YSQ2d6D7s7gslVctkPqzIY1bsuLt48rbN+X+SPHcgrwjnRpRLzZcZFx01/4z/GkTi2AFOSLGlRAnG+GtsZp6eu68vNarEd3R4crmtwGVCo3ICaIJ6ScXbJYrBwZLNDT67TILivG6At8u+5clPPqNu+C9tpv1fhC9Q9U36aSGKJQhz1FW7fV9ELKzNq8SjEyTODyyB8h6pP3o+eB+FRYr11UbjuTqdfXYlxiwg
 eQGRBo3r
 XDjCBTQf0G9rclGRJkPTWUt+CMAf/fKw8m+qAGGoVxnE6/IRLZj+ws2w8eiaAp41QVyAWapiWLiqLn0WE2YGKb/rFygAfLpRyefO+F0LswmY+Uu8Ito2HzQfSHbIzGZybR07HVXm5aJfsRCwt9O84jGdVWGcb77O4hlPWCgCxpKUsL1dOomooyP8zJRMHEpUsrNyp+GITq5tTv5kIjSmOvH6c2cczvQGnEOwEfG4Pr/3L3KABmvSVeP4MtO6VOXl1Qk/P6BjDKDx3bGatEi7A3fcpI5hCsjc15+K1DhXyqsZ23InCulvJ8Grj9Q==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

As covered in the commit log for c44357c2e76b ("x86/mm: care about shadow
stack guard gap during placement") our current mmap() implementation does
not take care to ensure that a new mapping isn't placed with existing
mappings inside it's own guard gaps. This is particularly important for
shadow stacks since if two shadow stacks end up getting placed adjacent to
each other then they can overflow into each other which weakens the
protection offered by the feature.

On x86 there is a custom arch_get_unmapped_area() which was updated by the
above commit to cover this case by specifying a start_gap for allocations
with VM_SHADOW_STACK. Both arm64 and RISC-V have equivalent features and
use the generic implementation of arch_get_unmapped_area() so let's make
the equivalent change there so they also don't get shadow stack pages
placed without guard pages. The arm64 and RISC-V shadow stack
implementations are currently on the list:

   https://lore.kernel.org/r/20240829-arm64-gcs-v12-0-42fec94743
   https://lore.kernel.org/lkml/20240403234054.2020347-1-debug@rivosinc.com/

Given the addition of the use of vm_flags in the generic implementation
we also simplify the set of possibilities that have to be dealt with in
the core code by making arch_get_unmapped_area() take vm_flags as
standard. This is a bit invasive since the prototype change touches
quite a few architectures but since the parameter is ignored the change
is straightforward, the simplification for the generic code seems worth
it.

Changes in v2:
- Add comment to stack_guard_placement()
- Build fixes for xtensa and MIPS.
- Link to v1: https://lore.kernel.org/r/20240902-mm-generic-shadow-stack-guard-v1-0-9acda38b3dd3@kernel.org
---
Mark Brown (3):
      mm: Make arch_get_unmapped_area() take vm_flags by default
      mm: Pass vm_flags to generic_get_unmapped_area()
      mm: Care about shadow stack guard gap when getting an unmapped area

 arch/alpha/kernel/osf_sys.c       |  2 +-
 arch/arc/mm/mmap.c                |  3 ++-
 arch/arm/mm/mmap.c                |  7 ++---
 arch/csky/abiv1/mmap.c            |  3 ++-
 arch/loongarch/mm/mmap.c          |  5 ++--
 arch/mips/mm/mmap.c               |  5 ++--
 arch/parisc/kernel/sys_parisc.c   |  5 ++--
 arch/parisc/mm/hugetlbpage.c      |  2 +-
 arch/powerpc/mm/book3s64/slice.c  | 10 ++++---
 arch/s390/mm/mmap.c               |  4 +--
 arch/sh/mm/mmap.c                 |  5 ++--
 arch/sparc/kernel/sys_sparc_32.c  |  2 +-
 arch/sparc/kernel/sys_sparc_64.c  |  4 +--
 arch/x86/include/asm/pgtable_64.h |  1 -
 arch/x86/kernel/sys_x86_64.c      | 21 +++------------
 arch/xtensa/kernel/syscall.c      |  3 ++-
 include/linux/sched/mm.h          | 27 +++++++------------
 mm/mmap.c                         | 55 +++++++++++++++++++--------------------
 18 files changed, 75 insertions(+), 89 deletions(-)
---
base-commit: 7c626ce4bae1ac14f60076d00eafe71af30450ba
change-id: 20240830-mm-generic-shadow-stack-guard-5bc5b8d0e95d

Best regards,