From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 196091E1331 for ; Wed, 4 Sep 2024 18:51:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.48 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725475922; cv=none; b=AvfdRXUexl0Fyykuuo2FPG3s2bJrw2Yi9eSmtL8PPClsO0UUa+yHXo4CxjufXCgOf67tDAtMsVj9RxqqGGkRpvhDp6YdrmYeogZE5qbr7QsTdVpZPDIl6Wy4yMZlsv/S67PjZo/8j+usQ/vlvDgJtZ87DoF9ucfEmi3vFNlhldU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725475922; c=relaxed/simple; bh=eoj+VLOqGJa6LbdWtGkk6SXvNIMddi3dJ20lVqlAgkQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=OHB/dV5ShsSJYiCfDUbLeotjtlrKFl3Bi/Qt4VNDhOnCZ/Shl/LdTOYciQsGSbcaP04hNHLGTIXH1Skz630FmR/rK0smHYazmvFUjUdx1+VJr4AEbs0eAa5oh1IN70qt4ONbvddPOvZHpz5DPXMl5Xlel560jmg/6mp3R5nQrfQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com; spf=pass smtp.mailfrom=rivosinc.com; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b=IzEmcNyK; arc=none smtp.client-ip=209.85.216.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rivosinc.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=rivosinc-com.20230601.gappssmtp.com header.i=@rivosinc-com.20230601.gappssmtp.com header.b="IzEmcNyK" Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-2d87196ec9fso3898936a91.1 for ; Wed, 04 Sep 2024 11:51:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1725475918; x=1726080718; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=; b=IzEmcNyK1v9vlTdaK4RPuV6wC1TlHPRAFRKHo/3OXzA3xD4sTLudbsYe5ZmMsoeKAa HqYz7zKizlvCocbvqVirQtVcJHjhqdkHX5jbjyi7mEjPNmTw2CtZAChH9tsIGnr31W34 mUb+81c1cyLJMcCyiYr54F1PtE68RrLS+7b+Moblb2axPGonufIgAiJ7I+m/LCSV5g4g G7XEuW8Wa3xnHZcXkVfcY/tzbCZj0sQRsuBz2NUn+Jfc/0+xojqv3DPOXe2lOrKuwTaO 9/caw2ck37/3nFwELF/atx00pKlQnXm75R3f3//3PPQsyHsNRB8XTKadJ2DHafShOzJg DAtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725475918; x=1726080718; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=; b=V6+fmokF/yMia56Ba7fJqXNOHGIC4KrgRTDwjqWnNuZ59+2K2+bRp/k18VRKGD5cW6 T67gkb0ucfVH3iJex2w8JnmCWk/i3e6hPzr/uGmCae16FEfJ7/iHkbOPH6LKy9npzAh1 E6Aze6t3B4hQ+PfWlBlf3Tq2gnZkbjr7a0mhEfXRQ4HK9aomk5NY4T8Jt09WPPyBtmxz laLc+OqHRX98g/V1Iv6L4EFcMehqYyfiWSMI9mhcwLOURpUvDwbCPcSl8VYiMjzkWg7k cMxOp39oV+oL6gzWwbbqq2ladiFQicNrXbS1dwB+KeYINT91SSTJwluLEmZKxjCn2SVc elDQ== X-Forwarded-Encrypted: i=1; AJvYcCUD5bw35l/5rG6WVTyJmgS16ulpjKAIqTw2HbYB2MQuQlbDQtDJepV/phfD0Zv5stbV4eYDZ9TuHQrIVQ==@vger.kernel.org X-Gm-Message-State: AOJu0YwCKWUSxqgRpAlrIr/HfRJGg+fAERYD2ZYfSksMJ3RsNC4XEPB3 I/TxF58lzfeDKAa9ucBfzFBA9rq/IQaU/a4dGQEEenBsoAEDcfGR5JHNCh0mr3I= X-Google-Smtp-Source: AGHT+IGxM6h9S0OM8htpvDl1qRKbi0apkGb/RUsvutqrVBDacyDPb7hJbcL2mjRY0/SNPdo0kubr6w== X-Received: by 2002:a17:90b:3903:b0:2d8:8430:8a91 with SMTP id 98e67ed59e1d1-2d89728b29emr15224775a91.10.1725475918042; Wed, 04 Sep 2024 11:51:58 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8e1ae1b3fsm6674555a91.33.2024.09.04.11.51.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2024 11:51:57 -0700 (PDT) Date: Wed, 4 Sep 2024 11:51:53 -0700 From: Deepak Gupta To: Mark Brown Cc: Richard Henderson , Ivan Kokshaysky , Matt Turner , Vineet Gupta , Russell King , Guo Ren , Huacai Chen , WANG Xuerui , "James E.J. Bottomley" , Helge Deller , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Alexander Gordeev , Gerald Schaefer , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Sven Schnelle , Yoshinori Sato , Rich Felker , John Paul Adrian Glaubitz , "David S. Miller" , Andreas Larsson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Chris Zankel , Max Filippov , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-snps-arc@lists.infradead.org, linux-csky@vger.kernel.org, loongarch@lists.linux.dev, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-mm@kvack.org, Rick Edgecombe Subject: Re: [PATCH 3/3] mm: Care about shadow stack guard gap when getting an unmapped area Message-ID: References: <20240902-mm-generic-shadow-stack-guard-v1-0-9acda38b3dd3@kernel.org> <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org> Precedence: bulk X-Mailing-List: linux-alpha@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org> On Mon, Sep 02, 2024 at 08:08:15PM +0100, Mark Brown wrote: >As covered in the commit log for c44357c2e76b ("x86/mm: care about shadow >stack guard gap during placement") our current mmap() implementation does >not take care to ensure that a new mapping isn't placed with existing >mappings inside it's own guard gaps. This is particularly important for >shadow stacks since if two shadow stacks end up getting placed adjacent to >each other then they can overflow into each other which weakens the >protection offered by the feature. > >On x86 there is a custom arch_get_unmapped_area() which was updated by the >above commit to cover this case by specifying a start_gap for allocations >with VM_SHADOW_STACK. Both arm64 and RISC-V have equivalent features and >use the generic implementation of arch_get_unmapped_area() so let's make >the equivalent change there so they also don't get shadow stack pages >placed without guard pages. > >Architectures which do not have this feature will define VM_SHADOW_STACK >to VM_NONE and hence be unaffected. > >Suggested-by: Rick Edgecombe >Signed-off-by: Mark Brown >--- > mm/mmap.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/mm/mmap.c b/mm/mmap.c >index b06ba847c96e..902c482b6084 100644 >--- a/mm/mmap.c >+++ b/mm/mmap.c >@@ -1753,6 +1753,14 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) > return gap; > } > >+static inline unsigned long stack_guard_placement(vm_flags_t vm_flags) >+{ >+ if (vm_flags & VM_SHADOW_STACK) >+ return PAGE_SIZE; >+ >+ return 0; >+} >+ > /* > * Search for an unmapped address range. > * >@@ -1814,6 +1822,7 @@ generic_get_unmapped_area(struct file *filp, unsigned long addr, > info.length = len; > info.low_limit = mm->mmap_base; > info.high_limit = mmap_end; >+ info.start_gap = stack_guard_placement(vm_flags); > return vm_unmapped_area(&info); > } > >@@ -1863,6 +1872,7 @@ generic_get_unmapped_area_topdown(struct file *filp, unsigned long addr, > info.length = len; > info.low_limit = PAGE_SIZE; > info.high_limit = arch_get_mmap_base(addr, mm->mmap_base); >+ info.start_gap = stack_guard_placement(vm_flags); > addr = vm_unmapped_area(&info); > > /* > lgtm Reviewed-by: Deepak Gupta >-- >2.39.2 > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0F287CD4F21 for ; Wed, 4 Sep 2024 18:52:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: Content-Transfer-Encoding:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=M5qm3wxlHbaftXoOGfnfBLKH2MML1XvnJioBkrySw/U=; b=UQtYIhubeAhN+lrZ5Z3ERbFvjb ZyjiXsNyv0Yxqn51MJjYRJ6FlwPF5OZqUnfWJ+MQ/htnqYxkfK1zT608ctuYffO+uxM1ZXZoLrT0j svdwZwSzkM0+HKUnLJSx8UW9q80Q6hh65Nxm4fVRNLLTZa4NVROUq/zZPcn6ei/ysd5sQO2fOBqY9 Al9Giu4XdbWHn2CBJvwtAIXRYOBHn+neMzZCyg2EDhvK5wJUMLt8W5hWSqv9zxo2G4CbCtawv1N6/ vVJ0UaweXfEGAipG0qgBvZHCoaNPsuvw/czk1/GRL78wBE3xTWgCqP6hswmN6mTXdi6+S9NRS4VtW mpXEIC6A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1slv6q-00000005hGf-1gVF; Wed, 04 Sep 2024 18:52:04 +0000 Received: from mail-pj1-x102d.google.com ([2607:f8b0:4864:20::102d]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1slv6l-00000005hB4-4BEP for linux-snps-arc@lists.infradead.org; Wed, 04 Sep 2024 18:52:02 +0000 Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-2d87196ec9fso3898939a91.1 for ; Wed, 04 Sep 2024 11:51:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1725475918; x=1726080718; darn=lists.infradead.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=; b=0VN4ZOw+ynq7+bmQMByymnMTMpj1a9uotDyn/ReGgqv4siYRDCXR/IYLKphX9fJbCs cfnP2PP6EJYvAhAZiKgD/aX85LPZ8hhm7hTq5AF6xTJBTbZpCMXRlPxQlwbtjXo5V6Ug RD7wz04yUwKAfptqrQLV+mb/lepd0ekxirL+26u4vQMgJPNyPdGYqS8rRl2YGe8TZti/ ZUkG8hAf7sve94mxremcQqs5S7k8cXFL1XyqW+Hpongk+DHyXiwNGSeLgTgacRYk8GP4 JX5NDAoOCvOzh3CNV8yBKxoJZe70A3xm91SXP7dZleKl6AWEDgt+UbnSu8qGmpIRTNSy dADw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725475918; x=1726080718; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=O6ZVaLfTmncaiFC3xCMQJd5Si2uYtr9Mg2hPai6p2Zs=; b=NF6hV3Ho8dJGkBXFCFMl1SdxFy2f3QKJrWrA1EoINQ9OUEeUARIf4j5hRh6/LcSIh6 mAkf8Dn3W/W41CXamW19lq8Fcz7q0N/7w8FJfDQTyLq2TzbEzkYHIvCOPoVI7VRtrsgK GmxyDB1Wk/mBHZgZq+wWoqu/JvzwVbxFWsnydhdo1+MQadWzWjQ6W6mAyUpl1/QEhMxF Ei3FWg+2BbgDjdF/PgzMx1mpy9AE8kXZPIAQiGBmMygC+SSb4pSxcaNoqgiw3O6DXMsU r2B2fj9383dSV92TXNVKZg9kt5d6p9Ab0wmPE01bSfkdEqRAR/yXJNx55VLDsxAbaNTI ByKg== X-Forwarded-Encrypted: i=1; AJvYcCWl9Y92CIE8s6EThtlR3xh/r5/+ZBSn1ph8FTGgXAMSPE0eEXpU4c1nz1zOH2Ug5e6ElkCRgSdkSjfuKWBrVg==@lists.infradead.org X-Gm-Message-State: AOJu0Yxt5pDeDtaqlcdPAcMCm2jDfzd9wfEjCwyj2m+fc/ki378J+Cj6 vGCZK3doBU1ZNgzcw4pTjiotjfI1Bvu+BK8JJD9FMcg9lr6kMH7rVOiV4ajk5A8= X-Google-Smtp-Source: AGHT+IGxM6h9S0OM8htpvDl1qRKbi0apkGb/RUsvutqrVBDacyDPb7hJbcL2mjRY0/SNPdo0kubr6w== X-Received: by 2002:a17:90b:3903:b0:2d8:8430:8a91 with SMTP id 98e67ed59e1d1-2d89728b29emr15224775a91.10.1725475918042; Wed, 04 Sep 2024 11:51:58 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8e1ae1b3fsm6674555a91.33.2024.09.04.11.51.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2024 11:51:57 -0700 (PDT) Date: Wed, 4 Sep 2024 11:51:53 -0700 From: Deepak Gupta To: Mark Brown Cc: Richard Henderson , Ivan Kokshaysky , Matt Turner , Vineet Gupta , Russell King , Guo Ren , Huacai Chen , WANG Xuerui , "James E.J. Bottomley" , Helge Deller , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Naveen N Rao , Alexander Gordeev , Gerald Schaefer , Heiko Carstens , Vasily Gorbik , Christian Borntraeger , Sven Schnelle , Yoshinori Sato , Rich Felker , John Paul Adrian Glaubitz , "David S. Miller" , Andreas Larsson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Chris Zankel , Max Filippov , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-snps-arc@lists.infradead.org, linux-csky@vger.kernel.org, loongarch@lists.linux.dev, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-mm@kvack.org, Rick Edgecombe Subject: Re: [PATCH 3/3] mm: Care about shadow stack guard gap when getting an unmapped area Message-ID: References: <20240902-mm-generic-shadow-stack-guard-v1-0-9acda38b3dd3@kernel.org> <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240902-mm-generic-shadow-stack-guard-v1-3-9acda38b3dd3@kernel.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240904_115200_217600_75608E12 X-CRM114-Status: GOOD ( 16.43 ) X-BeenThere: linux-snps-arc@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux on Synopsys ARC Processors List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-snps-arc" Errors-To: linux-snps-arc-bounces+linux-snps-arc=archiver.kernel.org@lists.infradead.org On Mon, Sep 02, 2024 at 08:08:15PM +0100, Mark Brown wrote: >As covered in the commit log for c44357c2e76b ("x86/mm: care about shadow >stack guard gap during placement") our current mmap() implementation does >not take care to ensure that a new mapping isn't placed with existing >mappings inside it's own guard gaps. This is particularly important for >shadow stacks since if two shadow stacks end up getting placed adjacent to >each other then they can overflow into each other which weakens the >protection offered by the feature. > >On x86 there is a custom arch_get_unmapped_area() which was updated by the >above commit to cover this case by specifying a start_gap for allocations >with VM_SHADOW_STACK. Both arm64 and RISC-V have equivalent features and >use the generic implementation of arch_get_unmapped_area() so let's make >the equivalent change there so they also don't get shadow stack pages >placed without guard pages. > >Architectures which do not have this feature will define VM_SHADOW_STACK >to VM_NONE and hence be unaffected. > >Suggested-by: Rick Edgecombe >Signed-off-by: Mark Brown >--- > mm/mmap.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > >diff --git a/mm/mmap.c b/mm/mmap.c >index b06ba847c96e..902c482b6084 100644 >--- a/mm/mmap.c >+++ b/mm/mmap.c >@@ -1753,6 +1753,14 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) > return gap; > } > >+static inline unsigned long stack_guard_placement(vm_flags_t vm_flags) >+{ >+ if (vm_flags & VM_SHADOW_STACK) >+ return PAGE_SIZE; >+ >+ return 0; >+} >+ > /* > * Search for an unmapped address range. > * >@@ -1814,6 +1822,7 @@ generic_get_unmapped_area(struct file *filp, unsigned long addr, > info.length = len; > info.low_limit = mm->mmap_base; > info.high_limit = mmap_end; >+ info.start_gap = stack_guard_placement(vm_flags); > return vm_unmapped_area(&info); > } > >@@ -1863,6 +1872,7 @@ generic_get_unmapped_area_topdown(struct file *filp, unsigned long addr, > info.length = len; > info.low_limit = PAGE_SIZE; > info.high_limit = arch_get_mmap_base(addr, mm->mmap_base); >+ info.start_gap = stack_guard_placement(vm_flags); > addr = vm_unmapped_area(&info); > > /* > lgtm Reviewed-by: Deepak Gupta >-- >2.39.2 > _______________________________________________ linux-snps-arc mailing list linux-snps-arc@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-snps-arc