From: Will Deacon <will@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com, Kees Cook <keescook@chromium.org>,
Jann Horn <jannh@google.com>,
Peter Zijlstra <peterz@infradead.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mark Rutland <mark.rutland@am.com>,
Sami Tolvanen <samitolvanen@google.com>,
Will Deacon <will@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: [PATCH 4/6] scs: Move scs_overflow_check() out of architecture code
Date: Fri, 15 May 2020 18:27:54 +0100 [thread overview]
Message-ID: <20200515172756.27185-5-will@kernel.org> (raw)
In-Reply-To: <20200515172756.27185-1-will@kernel.org>
There is nothing architecture-specific about scs_overflow_check() as
it's just a trivial wrapper around scs_corrupted().
For parity with task_stack_end_corrupted(), rename scs_corrupted() to
task_scs_end_corrupted() and call it from schedule_debug() when
CONFIG_SCHED_STACK_END_CHECK_is enabled. Finally, remove the unused
scs_overflow_check() function entirely.
This has absolutely no impact on architectures that do not support SCS
(currently arm64 only).
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/include/asm/scs.h | 18 ------------------
arch/arm64/kernel/process.c | 2 --
arch/arm64/kernel/scs.c | 2 +-
include/linux/scs.h | 4 ++--
kernel/sched/core.c | 3 +++
kernel/scs.c | 3 ++-
6 files changed, 8 insertions(+), 24 deletions(-)
diff --git a/arch/arm64/include/asm/scs.h b/arch/arm64/include/asm/scs.h
index d46efdd2060a..eaa2cd92e4c1 100644
--- a/arch/arm64/include/asm/scs.h
+++ b/arch/arm64/include/asm/scs.h
@@ -24,24 +24,6 @@
.endm
#endif /* CONFIG_SHADOW_CALL_STACK */
-#else /* __ASSEMBLY__ */
-
-#include <linux/scs.h>
-
-#ifdef CONFIG_SHADOW_CALL_STACK
-
-static inline void scs_overflow_check(struct task_struct *tsk)
-{
- if (unlikely(scs_corrupted(tsk)))
- panic("corrupted shadow stack detected inside scheduler\n");
-}
-
-#else /* CONFIG_SHADOW_CALL_STACK */
-
-static inline void scs_overflow_check(struct task_struct *tsk) {}
-
-#endif /* CONFIG_SHADOW_CALL_STACK */
-
#endif /* __ASSEMBLY __ */
#endif /* _ASM_SCS_H */
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index a35d3318492c..56be4cbf771f 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -52,7 +52,6 @@
#include <asm/mmu_context.h>
#include <asm/processor.h>
#include <asm/pointer_auth.h>
-#include <asm/scs.h>
#include <asm/stacktrace.h>
#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK)
@@ -516,7 +515,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
entry_task_switch(next);
uao_thread_switch(next);
ssbs_thread_switch(next);
- scs_overflow_check(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
diff --git a/arch/arm64/kernel/scs.c b/arch/arm64/kernel/scs.c
index adc97f826fab..955875dff9e1 100644
--- a/arch/arm64/kernel/scs.c
+++ b/arch/arm64/kernel/scs.c
@@ -6,7 +6,7 @@
*/
#include <linux/percpu.h>
-#include <asm/scs.h>
+#include <linux/scs.h>
/* Allocate a static per-CPU shadow stack */
#define DEFINE_SCS(name) \
diff --git a/include/linux/scs.h b/include/linux/scs.h
index 0eb2485ef832..2fd3df50e93e 100644
--- a/include/linux/scs.h
+++ b/include/linux/scs.h
@@ -47,7 +47,7 @@ static inline unsigned long *__scs_magic(void *s)
return (unsigned long *)(s + SCS_SIZE) - 1;
}
-static inline bool scs_corrupted(struct task_struct *tsk)
+static inline bool task_scs_end_corrupted(struct task_struct *tsk)
{
unsigned long *magic = __scs_magic(task_scs(tsk));
unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
@@ -60,8 +60,8 @@ static inline bool scs_corrupted(struct task_struct *tsk)
static inline void scs_init(void) {}
static inline void scs_task_reset(struct task_struct *tsk) {}
static inline int scs_prepare(struct task_struct *tsk, int node) { return 0; }
-static inline bool scs_corrupted(struct task_struct *tsk) { return false; }
static inline void scs_release(struct task_struct *tsk) {}
+static inline bool task_scs_end_corrupted(struct task_struct *tsk) { return false; }
#endif /* CONFIG_SHADOW_CALL_STACK */
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 934e03cfaec7..a1d815a11b90 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3878,6 +3878,9 @@ static inline void schedule_debug(struct task_struct *prev, bool preempt)
#ifdef CONFIG_SCHED_STACK_END_CHECK
if (task_stack_end_corrupted(prev))
panic("corrupted stack end detected inside scheduler\n");
+
+ if (task_scs_end_corrupted(prev))
+ panic("corrupted shadow stack detected inside scheduler\n");
#endif
#ifdef CONFIG_DEBUG_ATOMIC_SLEEP
diff --git a/kernel/scs.c b/kernel/scs.c
index aea841cd7586..faf0ecd7b893 100644
--- a/kernel/scs.c
+++ b/kernel/scs.c
@@ -98,7 +98,8 @@ void scs_release(struct task_struct *tsk)
if (!s)
return;
- WARN(scs_corrupted(tsk), "corrupted shadow stack detected when freeing task\n");
+ WARN(task_scs_end_corrupted(tsk),
+ "corrupted shadow stack detected when freeing task\n");
scs_check_usage(tsk);
scs_free(s);
}
--
2.26.2.761.g0e0b3e54be-goog
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Will Deacon <will@kernel.org>
To: linux-kernel@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Kees Cook <keescook@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mark Rutland <mark.rutland@am.com>, Jann Horn <jannh@google.com>,
Ard Biesheuvel <ardb@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
kernel-team@android.com
Subject: [PATCH 4/6] scs: Move scs_overflow_check() out of architecture code
Date: Fri, 15 May 2020 18:27:54 +0100 [thread overview]
Message-ID: <20200515172756.27185-5-will@kernel.org> (raw)
In-Reply-To: <20200515172756.27185-1-will@kernel.org>
There is nothing architecture-specific about scs_overflow_check() as
it's just a trivial wrapper around scs_corrupted().
For parity with task_stack_end_corrupted(), rename scs_corrupted() to
task_scs_end_corrupted() and call it from schedule_debug() when
CONFIG_SCHED_STACK_END_CHECK_is enabled. Finally, remove the unused
scs_overflow_check() function entirely.
This has absolutely no impact on architectures that do not support SCS
(currently arm64 only).
Signed-off-by: Will Deacon <will@kernel.org>
---
arch/arm64/include/asm/scs.h | 18 ------------------
arch/arm64/kernel/process.c | 2 --
arch/arm64/kernel/scs.c | 2 +-
include/linux/scs.h | 4 ++--
kernel/sched/core.c | 3 +++
kernel/scs.c | 3 ++-
6 files changed, 8 insertions(+), 24 deletions(-)
diff --git a/arch/arm64/include/asm/scs.h b/arch/arm64/include/asm/scs.h
index d46efdd2060a..eaa2cd92e4c1 100644
--- a/arch/arm64/include/asm/scs.h
+++ b/arch/arm64/include/asm/scs.h
@@ -24,24 +24,6 @@
.endm
#endif /* CONFIG_SHADOW_CALL_STACK */
-#else /* __ASSEMBLY__ */
-
-#include <linux/scs.h>
-
-#ifdef CONFIG_SHADOW_CALL_STACK
-
-static inline void scs_overflow_check(struct task_struct *tsk)
-{
- if (unlikely(scs_corrupted(tsk)))
- panic("corrupted shadow stack detected inside scheduler\n");
-}
-
-#else /* CONFIG_SHADOW_CALL_STACK */
-
-static inline void scs_overflow_check(struct task_struct *tsk) {}
-
-#endif /* CONFIG_SHADOW_CALL_STACK */
-
#endif /* __ASSEMBLY __ */
#endif /* _ASM_SCS_H */
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index a35d3318492c..56be4cbf771f 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -52,7 +52,6 @@
#include <asm/mmu_context.h>
#include <asm/processor.h>
#include <asm/pointer_auth.h>
-#include <asm/scs.h>
#include <asm/stacktrace.h>
#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK)
@@ -516,7 +515,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
entry_task_switch(next);
uao_thread_switch(next);
ssbs_thread_switch(next);
- scs_overflow_check(next);
/*
* Complete any pending TLB or cache maintenance on this CPU in case
diff --git a/arch/arm64/kernel/scs.c b/arch/arm64/kernel/scs.c
index adc97f826fab..955875dff9e1 100644
--- a/arch/arm64/kernel/scs.c
+++ b/arch/arm64/kernel/scs.c
@@ -6,7 +6,7 @@
*/
#include <linux/percpu.h>
-#include <asm/scs.h>
+#include <linux/scs.h>
/* Allocate a static per-CPU shadow stack */
#define DEFINE_SCS(name) \
diff --git a/include/linux/scs.h b/include/linux/scs.h
index 0eb2485ef832..2fd3df50e93e 100644
--- a/include/linux/scs.h
+++ b/include/linux/scs.h
@@ -47,7 +47,7 @@ static inline unsigned long *__scs_magic(void *s)
return (unsigned long *)(s + SCS_SIZE) - 1;
}
-static inline bool scs_corrupted(struct task_struct *tsk)
+static inline bool task_scs_end_corrupted(struct task_struct *tsk)
{
unsigned long *magic = __scs_magic(task_scs(tsk));
unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
@@ -60,8 +60,8 @@ static inline bool scs_corrupted(struct task_struct *tsk)
static inline void scs_init(void) {}
static inline void scs_task_reset(struct task_struct *tsk) {}
static inline int scs_prepare(struct task_struct *tsk, int node) { return 0; }
-static inline bool scs_corrupted(struct task_struct *tsk) { return false; }
static inline void scs_release(struct task_struct *tsk) {}
+static inline bool task_scs_end_corrupted(struct task_struct *tsk) { return false; }
#endif /* CONFIG_SHADOW_CALL_STACK */
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 934e03cfaec7..a1d815a11b90 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3878,6 +3878,9 @@ static inline void schedule_debug(struct task_struct *prev, bool preempt)
#ifdef CONFIG_SCHED_STACK_END_CHECK
if (task_stack_end_corrupted(prev))
panic("corrupted stack end detected inside scheduler\n");
+
+ if (task_scs_end_corrupted(prev))
+ panic("corrupted shadow stack detected inside scheduler\n");
#endif
#ifdef CONFIG_DEBUG_ATOMIC_SLEEP
diff --git a/kernel/scs.c b/kernel/scs.c
index aea841cd7586..faf0ecd7b893 100644
--- a/kernel/scs.c
+++ b/kernel/scs.c
@@ -98,7 +98,8 @@ void scs_release(struct task_struct *tsk)
if (!s)
return;
- WARN(scs_corrupted(tsk), "corrupted shadow stack detected when freeing task\n");
+ WARN(task_scs_end_corrupted(tsk),
+ "corrupted shadow stack detected when freeing task\n");
scs_check_usage(tsk);
scs_free(s);
}
--
2.26.2.761.g0e0b3e54be-goog
next prev parent reply other threads:[~2020-05-15 17:29 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 17:27 [PATCH 0/6] Clean up Shadow Call Stack patches for 5.8 Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-15 17:27 ` [PATCH 1/6] arm64: scs: Store absolute SCS stack pointer value in thread_info Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-18 11:37 ` Mark Rutland
2020-05-18 11:37 ` Mark Rutland
2020-05-18 13:37 ` Will Deacon
2020-05-18 13:37 ` Will Deacon
2020-05-15 17:27 ` [PATCH 2/6] scs: Move accounting into alloc/free functions Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-18 11:38 ` Mark Rutland
2020-05-18 11:38 ` Mark Rutland
2020-05-18 13:39 ` Will Deacon
2020-05-18 13:39 ` Will Deacon
2020-05-15 17:27 ` [PATCH 3/6] arm64: scs: Use 'scs_sp' register alias for x18 Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-18 11:55 ` Mark Rutland
2020-05-18 11:55 ` Mark Rutland
2020-05-18 13:03 ` Will Deacon
2020-05-18 13:03 ` Will Deacon
2020-05-18 13:13 ` Mark Rutland
2020-05-18 13:13 ` Mark Rutland
2020-05-15 17:27 ` Will Deacon [this message]
2020-05-15 17:27 ` [PATCH 4/6] scs: Move scs_overflow_check() out of architecture code Will Deacon
2020-05-18 12:12 ` Mark Rutland
2020-05-18 12:12 ` Mark Rutland
2020-05-18 13:23 ` Will Deacon
2020-05-18 13:23 ` Will Deacon
2020-05-18 13:32 ` Mark Rutland
2020-05-18 13:32 ` Mark Rutland
2020-05-18 15:31 ` Kees Cook
2020-05-18 15:31 ` Kees Cook
2020-05-18 16:44 ` Will Deacon
2020-05-18 16:44 ` Will Deacon
2020-05-15 17:27 ` [PATCH 5/6] scs: Remove references to asm/scs.h from core code Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-18 12:15 ` Mark Rutland
2020-05-18 12:15 ` Mark Rutland
2020-05-15 17:27 ` [PATCH 6/6] scs: Move DEFINE_SCS macro into " Will Deacon
2020-05-15 17:27 ` Will Deacon
2020-05-18 12:14 ` Mark Rutland
2020-05-18 12:14 ` Mark Rutland
2020-05-18 13:26 ` Will Deacon
2020-05-18 13:26 ` Will Deacon
2020-05-18 13:37 ` Mark Rutland
2020-05-18 13:37 ` Mark Rutland
2020-05-15 20:42 ` [PATCH 0/6] Clean up Shadow Call Stack patches for 5.8 Sami Tolvanen
2020-05-15 20:42 ` Sami Tolvanen
2020-05-18 13:52 ` Will Deacon
2020-05-18 13:52 ` Will Deacon
2020-05-18 15:43 ` Sami Tolvanen
2020-05-18 15:43 ` Sami Tolvanen
2020-05-18 16:49 ` Will Deacon
2020-05-18 16:49 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200515172756.27185-5-will@kernel.org \
--to=will@kernel.org \
--cc=ardb@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@am.com \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.