|
|
Subscribe / Log in / New account

ARM: add vmap'ed stack support

From:  Ard Biesheuvel <ardb-AT-kernel.org>
To:  linux-arm-kernel-AT-lists.infradead.org, linux-AT-armlinux.org.uk
Subject:  [PATCH 0/5] ARM: add vmap'ed stack support
Date:  Fri, 08 Oct 2021 09:41:22 +0200
Message-ID:  <20211008074127.435364-1-ardb@kernel.org>
Cc:  Ard Biesheuvel <ardb-AT-kernel.org>, Nicolas Pitre <nico-AT-fluxnic.net>, Arnd Bergmann <arnd-AT-arndb.de>, Kees Cook <keescook-AT-chromium.org>, Keith Packard <keithpac-AT-amazon.com>, Linus Walleij <linus.walleij-AT-linaro.org>
Archive-link:  Article

This series enables support on ARM for vmap'ed task and IRQ stacks in
the kernel. This is an important hardening feature that terminates tasks
on inadvertent or deliberate accesses past the stack pointer, which
might otherwise go completely unnoticed.

Since having an accurate backtrace is especially important in such
cases, this series includes some enhancements to the unwinder and to
some hand rolled unwind info to increase the likelihood that a backtrace
can be generated when relying on the ARM unwinder. The frame pointer
unwinder turns out to be rather bullet proof in this context, and does
not need any such enhancements.

According to a quick survey I did, compiler generated code puts a single
stack push as the first instruction in about 2/3 of the cases, which the
unwinder can deal with after applying patch #4, even if this push
faulted because of a stack overflow. In the remaining cases, the
compiler tends to fall back to R11 or R7 as the frame pointer (on ARM
or Thumb-2, respectively), or emit partial unwind frames for the part of
the function that runs before the stack frame is set up, and the part
that runs inside the stack frame. In either case, the unwinder can deal
with such occurrences as they don't rely on the stack pointer directly.

Patches #1, #2 and #3 update the ARM asm string routines to align more
closely with the compiler's approach, increasing the likelihood that we
can unwind them in case of a stack overflow.

Patch #5 wires up the generic support, and adds the entry code to detect
and deal with stack overflows.

This series applies onto my IRQ stacks series sent out earlier:
https://lore.kernel.org/linux-arm-kernel/20211005071542.3...

Cc: Russell King <linux@armlinux.org.uk>
Cc: Nicolas Pitre <nico@fluxnic.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Keith Packard <keithpac@amazon.com>
Cc: Linus Walleij <linus.walleij@linaro.org>

Ard Biesheuvel (5):
  ARM: memcpy: use frame pointer as unwind anchor
  ARM: memmove: use frame pointer as unwind anchor
  ARM: memset: clean up unwind annotations
  ARM: unwind: disregard unwind info before stack frame is set up
  ARM: implement support for vmap'ed stacks

 arch/arm/Kconfig                   |  1 +
 arch/arm/include/asm/assembler.h   |  4 ++
 arch/arm/include/asm/page.h        |  4 ++
 arch/arm/include/asm/thread_info.h |  8 +++
 arch/arm/kernel/entry-armv.S       | 75 ++++++++++++++++++--
 arch/arm/kernel/entry-header.S     | 74 +++++++++++++++++++
 arch/arm/kernel/irq.c              |  9 ++-
 arch/arm/kernel/traps.c            | 65 ++++++++++++++++-
 arch/arm/kernel/unwind.c           | 17 ++++-
 arch/arm/kernel/vmlinux.lds.S      |  4 +-
 arch/arm/lib/copy_template.S       | 66 +++++++----------
 arch/arm/lib/memmove.S             | 60 ++++++----------
 arch/arm/lib/memset.S              |  7 +-
 13 files changed, 295 insertions(+), 99 deletions(-)

-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Copyright © 2021, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds