From patchwork Tue Jan 23 13:30:54 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 13527457
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 757EDC47DDB
	for <linux-arm-kernel@archiver.kernel.org>;
 Tue, 23 Jan 2024 13:31:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID:
	References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=9hQHbMRCeZIlbGSYcatgj2LMOMO3pVBCE0iRoviKzDM=; b=TT4PIlhPh7DYuJ6DjcFyh5UBjv
	s4JJjv5jZYbS1Kpx0Sc/nScS/ExVndKOrLU+7IUEmZVdutXLoGgr+40sC0f7+85KTYiJbRK4okUlM
	zvKRC6tRAfZQd7ACgFlkrFmn3AT/RkfgnYdREuwyzEG2vvTC/f3A52CBWV5ama4BEgNBMJMFbrZrM
	ld5QnEe+O8PkRxrsoVitIhDPPzybxC45wUS83D4TsdU1a8LuBALDdp38ZJmYDhmh+0ERi17SFxLpa
	4YCcWTweYBc4STqtwWBqVucbhENeBURrRjEN4G04xYu/Y/7rTaDtN7/uH+3+K+IEnzEhyPR5hNTAg
	+Fue21Eg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1rSGrx-00Gd05-0R;
	Tue, 23 Jan 2024 13:31:13 +0000
Received: from mail-wr1-x44a.google.com ([2a00:1450:4864:20::44a])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1rSGrr-00Gcug-1L
	for linux-arm-kernel@lists.infradead.org;
	Tue, 23 Jan 2024 13:31:11 +0000
Received: by mail-wr1-x44a.google.com with SMTP id
 ffacd0b85a97d-3392814b911so1247728f8f.1
        for <linux-arm-kernel@lists.infradead.org>;
 Tue, 23 Jan 2024 05:31:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1706016664; x=1706621464;
 darn=lists.infradead.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=9D0l23Qj427yQvrYU4PbANIYXPXIkr9lqLZDHbhwxbs=;
        b=Xe9oE/ytuxbmvUA1+cF0DUevikLZlZLlUjIiK8XzMIsaorgLxQYXbLNTdNp+6B//Kc
         I7AnS5wXAiEAKdbTrYaJJWjHATY91/q24cB2cok7ofpual8Y4c/hpZyhfVs6B2QUbZJw
         z/sXHcsGwBo4/NWNUxB/gt+/QxksbTbAsNXKI7+lNRugWzIZVBpaxI6gobFhOY5CE76/
         Il4CYhBZlr0hdmzJGbJ6NQ4GwgGbQmEltOrBBNKP+ICGCjnm5LrKOr+drXUZPBbEjwug
         WlmtGpcBlf/zD7yZ7eDtJIZlLdxyLcFra71uiTQOaTqAlgfFMoUdXNHIaXEooG3jPmUJ
         dlZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706016664; x=1706621464;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=9D0l23Qj427yQvrYU4PbANIYXPXIkr9lqLZDHbhwxbs=;
        b=MB6BOEykztwMRncaLAZ3fTBelsrF+onALP6gmLEMlh1h32VQGOa86CtydCGKobpikL
         MUzB99lQDvurPsVCKg7X7bHwKTmH8pYm1LOsuUzfn4XuovFrQl9Curi2bcryfszWnZjf
         68bIEvR5rndpSYAXohXBXoRU4J3z46Y3R83bFjfY9y2IdAoEcdb45b5NO3epQFIXZB3e
         KA6hRI3Hsw6sOarAo1wk/EeuzPGKZlhaGrYsofSino0rm0Ffo297LcdNngdTiUOp6ah4
         O+jf/FOnXBnuY30ODaxvGbIbj313h3eSdvZkP7MyBet/h7z/fU7cgIUYjc3yZUtc0o+v
         OIFA==
X-Gm-Message-State: AOJu0Ywc7fNECS+MZsbE7SslTaM1SUitbGv32g5+aZ5/xUzk/p9dNqqS
	Y9RzfV5GEAlZLKfxQHxdmuw75sYBZzkK+VS2gxTZ7HsNlprThYCEmyrI/0g+oE3/sMPcTPlFUnx
	Iug+E7hwpb87UZ9WR68Tol0j2c/3ur/ihkmbyzqw9qZuHSPieJtvO3E8k0Sot9uSKDbf9FFNFVR
	B5s90OVrP2JFlQHLXF/l2bpLagsaTke/DPaReVPfcc
X-Google-Smtp-Source: 
 AGHT+IGY+UP8xGCMCpjB3xwhxIOh3zuUhcYlYv/Q4bPVtiHkYB9sCAGfFaI4QY/7a0kOIER/xaxJPcjc
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a5d:5183:0:b0:337:be13:25e7 with SMTP id
 k3-20020a5d5183000000b00337be1325e7mr30309wrv.6.1706016664244; Tue, 23 Jan
 2024 05:31:04 -0800 (PST)
Date: Tue, 23 Jan 2024 14:30:54 +0100
In-Reply-To: <20240123133052.1417449-4-ardb+git@google.com>
Mime-Version: 1.0
References: <20240123133052.1417449-4-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1709; i=ardb@kernel.org;
 h=from:subject; bh=pMxTffXhzslc34KCuN+3KOaFPd1UOVR2q/gPI+g/Nno=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXX9/r65/n0Wp9hnyp//UlnVOL/A84Uwy708Q579x3+2s
 jBWt/3pKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABOJYmT4Z8nRKjg1duU2phs5
 jcm3rzerXDovn7qqNkqBUay4ebr1QkaGmf/31RmsY5dTmvSJZ8Kzx5+s/Y+a+BmuW6Do9v+l/Ks
 sTgA=
X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog
Message-ID: <20240123133052.1417449-5-ardb+git@google.com>
Subject: [PATCH 1/2] arm64: Revert "scs: Work around full LTO issue with
 dynamic SCS"
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Sami Tolvanen <samitolvanen@google.com>,
	Kees Cook <keescook@chromium.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240123_053107_462609_FCB4FDAF 
X-CRM114-Status: GOOD (  13.26  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

From: Ard Biesheuvel <ardb@kernel.org>

This reverts commit 8c5a19cb17a71e ("arm64: scs: Work around full LTO
issue with dynamic SCS"), which did not quite fix the issue as intended.
Apparently, -fno-unwind-tables is ignored for the final full LTO link
when it is set on any of the objects, resulting in an early boot crash
due to the SCS patching code patching itself, and attempting to pop the
return address from the shadow stack while the associated push was still
a PACIASP instruction when it executed.

Reported-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/kernel/Makefile | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index e5d03a7039b4..d95b3d6b471a 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -73,13 +73,7 @@ obj-$(CONFIG_ARM64_MTE)			+= mte.o
 obj-y					+= vdso-wrap.o
 obj-$(CONFIG_COMPAT_VDSO)		+= vdso32-wrap.o
 obj-$(CONFIG_UNWIND_PATCH_PAC_INTO_SCS)	+= patch-scs.o
-
-# We need to prevent the SCS patching code from patching itself. Using
-# -mbranch-protection=none here to avoid the patchable PAC opcodes from being
-# generated triggers an issue with full LTO on Clang, which stops emitting PAC
-# instructions altogether. So instead, omit the unwind tables used by the
-# patching code, so it will not be able to locate its own PAC instructions.
-CFLAGS_patch-scs.o			+= -fno-asynchronous-unwind-tables -fno-unwind-tables
+CFLAGS_patch-scs.o			+= -mbranch-protection=none
 
 # Force dependency (vdso*-wrap.S includes vdso.so through incbin)
 $(obj)/vdso-wrap.o: $(obj)/vdso/vdso.so

From patchwork Tue Jan 23 13:30:55 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ardb+git@google.com>
X-Patchwork-Id: 13527458
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 6EFB1C47DDB
	for <linux-arm-kernel@archiver.kernel.org>;
 Tue, 23 Jan 2024 13:31:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:Message-ID:
	References:Mime-Version:In-Reply-To:Date:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=Hn8/PwQfGn2zMk1yZ0bttzH7l4hh3O5jvH6x01OZqWw=; b=si9I4LijtH8SsawncTrxQQIGHx
	5tShXTdkNPg5pGk43QqO6fIGWOqoQmO6rCC46JS3VS+OfQoVVBZOrsf3/g0QkX5LP8sSw9h9ADYma
	5/UM2/Mcxe1+ZrM1jkTz07p/lWuc78CP4r4/5yDxg4F6oP7+3+dIettZ/jYQBvhrHBFYIrXfdmHp5
	M8wN9QP80QtXELclqFVkmf01E/36+HFTbTXOZEt8Di65jrc7lEzE3RP0eqHtmseNqaUAsde0Wm6EE
	JF+UWx1YGdVfC+BPk/NDurPS3BUlz3bvHHt80I4Sq0AKE8/9TX/UV8jA7r0dIRtwZFNMWhdaATb2j
	RHQ+3+cQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1rSGs7-00Gd4R-2V;
	Tue, 23 Jan 2024 13:31:23 +0000
Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1rSGrv-00Gcwm-1u
	for linux-arm-kernel@lists.infradead.org;
	Tue, 23 Jan 2024 13:31:12 +0000
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-5ff7cf2fd21so44290177b3.1
        for <linux-arm-kernel@lists.infradead.org>;
 Tue, 23 Jan 2024 05:31:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1706016667; x=1706621467;
 darn=lists.infradead.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=VeQEnQMAaKVbgrVUhl3pEs5BZS3M5I1oxCaLYERlw2Y=;
        b=mWOQ4FO129VesWAgbLLC/jqcxwMxLpqQAdpYWGDo+TaYGs13pdwZH6yxUUPQCte5EP
         guH9SlXDU5WtR+Gn9oUY5Pmc+116UpSXcmagbomPYO9Ka7kJxwlWf1M16I8gLHxTiZeg
         PpWsWes0QJ9/81Xfn1qshrpAvJ09gJTR55wq6eXMJe7HBHh5VVrlJ/STyFUwKIkqxDm5
         v+i4BnggneFay2n/CacQJkUXKSlhAtltz7PRirFqxRiDBOw7MyJ5q27HsVb531GgASKl
         wLzLeUUiO9Nx8QaWoAv59EhvQZWjjOkRO6q5HxRgMb3YEeS7+fPYVRtVMuBDS4pes3PD
         /xRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706016667; x=1706621467;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=VeQEnQMAaKVbgrVUhl3pEs5BZS3M5I1oxCaLYERlw2Y=;
        b=G2zeMX4xM60mjmu+y4pVINEgMBa7wTyb3TS0eSJXxWuU298GuGcvEN7Jua2DDIeEdT
         Nk6d/AR53asr5rLvjLr0adnefKDYCf3Qx2O5npnDPiFqtZVm6B/EkND1UBpNWVCdhctz
         zAjCiNa/rcwRmJL8mjd3EoHH304AF5Be4XLPUCbGjcmlQSOMwP10DqOmgkkbHTswXwMm
         pxLD2Xa4yvDna5ipsSzsXuIKahr325ahasUhSIJUerr4LRIvM0A0riiobbffe7A7CVhX
         d1JiHmS005ARip/Cv5YaiV0o/doIXyy0BF1LjeLIOLGmMhl2GxipqBSU5rHG1muvXjN9
         bkMg==
X-Gm-Message-State: AOJu0Yw84YwZ9nqPNfZooow3V/yj69SIx3c7k0cLkepb4AX2fmISrB+6
	c2vEZjrT8mJ8YBs0LGo5iBdKklBDc0lZtE2cWHQw09PqDZpjrtvl2JqDAPK55/dl4w1kUAEksaC
	l1gkCZ+e8tCAVBGjC0AKpys5/aJXOTtgJjNx5Pzn3hy07QHOCk49mvzYcP9ecfv84ebz8ry8hrU
	e1W/bgZ1DIezyXu/8EePV3ASqVadClAh5dSPQ1HWLg
X-Google-Smtp-Source: 
 AGHT+IHQtA5KLOcUl3hbaVrVBQpPthBZcFGFbXocKgIaksQ+yTwL7ZH/HxPNjX4I+V8t+Jgw8qTJcvbj
X-Received: from palermo.c.googlers.com
 ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a])
 (user=ardb job=sendgmr) by 2002:a81:b644:0:b0:5f7:49b7:a57d with SMTP id
 h4-20020a81b644000000b005f749b7a57dmr3108875ywk.1.1706016666732; Tue, 23 Jan
 2024 05:31:06 -0800 (PST)
Date: Tue, 23 Jan 2024 14:30:55 +0100
In-Reply-To: <20240123133052.1417449-4-ardb+git@google.com>
Mime-Version: 1.0
References: <20240123133052.1417449-4-ardb+git@google.com>
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-Developer-Signature: v=1; a=openpgp-sha256; l=1521; i=ardb@kernel.org;
 h=from:subject; bh=QKIyshRQ/CFFi9hzE0yb4ofr/EWAu3MgxFPO+jOEI3I=;
 b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXX9/v59Ftvmz0p6vGvJ58uF10uC57xeXWk8Y7XKAYZ73
 lc73r+u7ihlYRDjYJAVU2QRmP333c7TE6VqnWfJwsxhZQIZwsDFKQATMahh+F/m2JS63ljU3S6v
 YUaL8J3NGmF3yt/9zsr+syqm7345vxDDb3YPxi/Hd9bpX/5j1bgn8oraFt+QnUJSf9WWn7/WdPr
 IXhYA
X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog
Message-ID: <20240123133052.1417449-6-ardb+git@google.com>
Subject: [PATCH 2/2] arm64: scs: Disable LTO for SCS patching code
From: Ard Biesheuvel <ardb+git@google.com>
To: linux-arm-kernel@lists.infradead.org
Cc: will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com,
	Ard Biesheuvel <ardb@kernel.org>, Sami Tolvanen <samitolvanen@google.com>,
	Kees Cook <keescook@chromium.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20240123_053111_640105_AE3696F2 
X-CRM114-Status: GOOD (  11.64  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

From: Ard Biesheuvel <ardb@kernel.org>

Full LTO takes the '-mbranch-protection=none' passed to the compiler
when generating the dynamic shadow call stack patching code as a hint to
stop emitting PAC instructions altogether. (Thin LTO appears unaffected
by this)

Work around this by disabling LTO for the compilation unit, which
appears to convince the linker that it should still use PAC in the rest
of the kernel..

Fixes: 3b619e22c460 ("arm64: implement dynamic shadow call stack for Clang")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm64/kernel/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile
index d95b3d6b471a..467cb7117273 100644
--- a/arch/arm64/kernel/Makefile
+++ b/arch/arm64/kernel/Makefile
@@ -73,7 +73,13 @@ obj-$(CONFIG_ARM64_MTE)			+= mte.o
 obj-y					+= vdso-wrap.o
 obj-$(CONFIG_COMPAT_VDSO)		+= vdso32-wrap.o
 obj-$(CONFIG_UNWIND_PATCH_PAC_INTO_SCS)	+= patch-scs.o
+
+# We need to prevent the SCS patching code from patching itself. Using
+# -mbranch-protection=none here to avoid the patchable PAC opcodes from being
+# generated triggers an issue with full LTO on Clang, which stops emitting PAC
+# instructions altogether. So disable LTO as well for the compilation unit.
 CFLAGS_patch-scs.o			+= -mbranch-protection=none
+CFLAGS_REMOVE_patch-scs.o		+= $(CC_FLAGS_LTO)
 
 # Force dependency (vdso*-wrap.S includes vdso.so through incbin)
 $(obj)/vdso-wrap.o: $(obj)/vdso/vdso.so