From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=UpmX=PG=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 294E3C433F5
	for <linux-arm-kernel@archiver.kernel.org>; Mon, 18 Oct 2021 14:24:34 +0000 (UTC)
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id E67FF60F59
	for <linux-arm-kernel@archiver.kernel.org>; Mon, 18 Oct 2021 14:24:33 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org E67FF60F59
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=USFguO5UsuEWgDFTf3x4h2XuPnJoDUkWMKgaSMrvPo0=; b=xPsLUyfBU4dp44
	PwMSkovigbl5dblftWoqjAEGhWAVgbPSZB2eGxDM3LzJBXkVYAJZTDciZ8xl522dRZp+JWBvDX0fk
	Bv3fgQkTKJjBCSYnsdIvaVq+48JuxUHSsguEWsVd6Z6x+EoqNF/Jc/uJ41MF072BU5Va3yDdBS8WQ
	slBhkcdPKHg13s8Wkp5FDkWNKfc6kIZ1n3Ej8i6NcdJOibSWW9JJ8StSa/tOY4E4tgLxasrIop50T
	rsNmOjttIZUmiQzfScDgxxlQ7neBmmR5qk9KjV3TXNf/I7r+bhXRHNep0WlULDG0pd2qyrR9F0Jv5
	6qu6JWpwpa8je4Z2I70w==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1mcTXO-00G5DP-91; Mon, 18 Oct 2021 14:22:51 +0000
Received: from mail.kernel.org ([198.145.29.99])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1mcTRV-00G2pB-Nc
 for linux-arm-kernel@lists.infradead.org; Mon, 18 Oct 2021 14:16:47 +0000
Received: by mail.kernel.org (Postfix) with ESMTPSA id 03BBD60F9F;
 Mon, 18 Oct 2021 14:16:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1634566605;
 bh=g6fr+qyUJ8Y2ckC9WGQU6bKRli7SF7LlHNWi9L4Pqhs=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=Auvjhfm2cQ+lFw0uQIHjxSYy8esQ20UYksCUthXyDHdIrHhuem5Nek7vtEkhzn5Hf
 fmxFMml3bLosfz46nyW0b0XL4kpuemuZwfUtKNJ/tQ/0gh/Qi3adL8YU3OCJjZfPrv
 lmRgawzZw32RA4GsMThArKnZtqYyv3IfAhSHyMuSIhdUaoR4LIHFH/2hrhPRE+yZVH
 Gy1KzcC6CI74FTQyLFIIAW80K8btnnV4UhltSFlTgI9ZeJal52Yxc0u2TYavAt6wxL
 e+OQu7s7xjLEWWxrbg+HXNjZutHjbb3J/pyXtvdb8pOATcWjFwnZy16aJWm9YjyidK
 EoELnngLeAYpg==
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Russell King <linux@armlinux.org.uk>,
 Nicolas Pitre <nico@fluxnic.net>, Arnd Bergmann <arnd@arndb.de>,
 Kees Cook <keescook@chromium.org>, Keith Packard <keithpac@amazon.com>,
 Linus Walleij <linus.walleij@linaro.org>,
 Nick Desaulniers <ndesaulniers@google.com>
Subject: [PATCH v2 6/7] ARM: entry: rework stack realignment code in svc_entry
Date: Mon, 18 Oct 2021 16:16:14 +0200
Message-Id: <20211018141615.682070-7-ardb@kernel.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211018141615.682070-1-ardb@kernel.org>
References: <20211018141615.682070-1-ardb@kernel.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=3193; h=from:subject;
 bh=g6fr+qyUJ8Y2ckC9WGQU6bKRli7SF7LlHNWi9L4Pqhs=;
 b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBhbYGsZvLrI3z/ecDbWUoWayra+wfFaj9UpmG5wamF
 Wy8p9kSJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCYW2BrAAKCRDDTyI5ktmPJOOcDA
 ChCFtV5g19wKfMAwkljjd+RQKklk5ivD5wmQYHHnRfxl/eawvzfnViNBSBPa7gNK58T/taMdhwdouQ
 gPMDRXEDLh7urv6LXPyjkuuD+gWThliTw0D18CbLWChSXzUm6X+FZEO0vP56ZXCnIOv0c3nmd7hoF4
 oVTSwQR4dY1ZLfvfJjt+5/o+yRX5ebsKexBFLjJQM4k1bkkL2DAq30jnumFbyiALKCNswcK83X2z3i
 BnFW7t+FQ/Y7u2WPrqXhoXiRBU+XbIKmr9B7VT9Nm5b0vW/n3ZTzZCmXenclfGxacEWoVpb+zIJx+H
 1PZI8veX15JeuhktonKe3seznjrAZf45phP9QzHwsTnuCqeKnJ57T19ZZviNgwfHxHJA5wFmNVS7xY
 JexY9tvOiSn5I9ZysMi4ry6DbL6VnexoNeZWEiFVYObkewxyK4KlEkayRwS76r2U9EnGTbZDsOb4yP
 oLKlGILSgdYLEIsrCmgvV0IoeOzC/Ntgy7LD0jyf5DPGc=
X-Developer-Key: i=ardb@kernel.org; a=openpgp;
 fpr=F43D03328115A198C90016883D200E9CA6329909
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20211018_071645_868441_20FA992C 
X-CRM114-Status: GOOD (  16.99  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

The original Thumb-2 enablement patches updated the stack realignment
code in svc_entry to work around the lack of a STMIB instruction in
Thumb-2, by subtracting 4 from the frame size, inverting the sense of
the misaligment check, and changing to a STMIA instruction and a final
stack push of a 4 byte quantity that results in the stack becoming
aligned at the end of the sequence. It also pushes and pops R0 to the
stack in order to have a temp register that Thumb-2 allows in general
purpose ALU instructions, as TST using SP is not permitted.

Both are a bit problematic for vmap'ed stacks, as using the stack is
only permitted after we decide that we did not overflow the stack, or
have already switched to the overflow stack.

As for the alignment check: the current approach creates a corner case
where, if the initial SUB of SP ends up right at the start of the stack,
we will end up subtracting another 8 bytes and overflowing it.  This
means we would need to add the overflow check *after* the SUB that
deliberately misaligns the stack. However, this would require us to keep
local state (i.e., whether we performed the subtract or not) across the
overflow check, but without any GPRs or stack available.

So let's switch to an approach where we don't use the stack, and where
the alignment check of the stack pointer occurs in the usual way, as
this is guaranteed not to result in overflow. This means we will be able
to do the overflow check first.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
 arch/arm/kernel/entry-armv.S | 25 +++++++++++---------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index 18504d7b4d15..80afab1c344b 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -192,24 +192,27 @@ ENDPROC(__und_invalid)
 	.macro	svc_entry, stack_hole=0, trace=1, uaccess=1
  UNWIND(.fnstart		)
  UNWIND(.save {r0 - pc}		)
-	sub	sp, sp, #(SVC_REGS_SIZE + \stack_hole - 4)
+	sub	sp, sp, #(SVC_REGS_SIZE + \stack_hole)
 #ifdef CONFIG_THUMB2_KERNEL
- SPFIX(	str	r0, [sp]	)	@ temporarily saved
- SPFIX(	mov	r0, sp		)
- SPFIX(	tst	r0, #4		)	@ test original stack alignment
- SPFIX(	ldr	r0, [sp]	)	@ restored
+	add	sp, r0			@ get SP in a GPR without
+	sub	r0, sp, r0		@ using a temp register
+	tst	r0, #4			@ test stack pointer alignment
+	sub	r0, sp, r0		@ restore original R0
+	sub	sp, r0			@ restore original SP
 #else
  SPFIX(	tst	sp, #4		)
 #endif
- SPFIX(	subeq	sp, sp, #4	)
-	stmia	sp, {r1 - r12}
+ SPFIX(	subne	sp, sp, #4	)
+
+ ARM(	stmib	sp, {r1 - r12}	)
+ THUMB(	stmia	sp, {r0 - r12}	)	@ No STMIB in Thumb-2
 
 	ldmia	r0, {r3 - r5}
-	add	r7, sp, #S_SP - 4	@ here for interlock avoidance
+	add	r7, sp, #S_SP		@ here for interlock avoidance
 	mov	r6, #-1			@  ""  ""      ""       ""
-	add	r2, sp, #(SVC_REGS_SIZE + \stack_hole - 4)
- SPFIX(	addeq	r2, r2, #4	)
-	str	r3, [sp, #-4]!		@ save the "real" r0 copied
+	add	r2, sp, #(SVC_REGS_SIZE + \stack_hole)
+ SPFIX(	addne	r2, r2, #4	)
+	str	r3, [sp]		@ save the "real" r0 copied
 					@ from the exception stack
 
 	mov	r3, lr
-- 
2.30.2


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel