From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A205ECD1292 for ; Thu, 4 Apr 2024 21:27:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=HQlJYq/dGGZZZ5Cyo0xutURv93XN9Dwl98FMKiqu8so=; b=zCYAPirbsJNOua eJYBubuoxBhYoTRUW0XQ0/GmEZTEvNS9+LYQv7n02FYbmgSEPhLZb90maxQPCKtgDx1q3+WGAKXao HihgG48FWPKXH8k7X0E9w5qXw4WboyNhGkZkw4U/Qydb3BWT80Yks7BXsrGB2WcBEUxP3YOWU82ES CuvqVr7ffL07b1azdvgbXu1o4bG53AoXgRjGY/Vdk60MlGoT14P9pRNom29leAnSqUwFTML5RebL6 Hl9h9DCsArsYb+Ff6C3ZDYdbV6f9GdXayB2oN99mBxkXpIm/TgWtkIZrsBNTbdonUmtg7IXewQWli z7H05QmcxIee8C6f+I2A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsUbl-00000004K4v-2V55; Thu, 04 Apr 2024 21:26:53 +0000 Received: from mail-pf1-x42f.google.com ([2607:f8b0:4864:20::42f]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsUbh-00000004K2j-3cNg for linux-arm-kernel@lists.infradead.org; Thu, 04 Apr 2024 21:26:51 +0000 Received: by mail-pf1-x42f.google.com with SMTP id d2e1a72fcca58-6eaf9565e6bso1104418b3a.2 for ; Thu, 04 Apr 2024 14:26:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1712266007; x=1712870807; darn=lists.infradead.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=DgYnGJst+ZiZfm8ZbfksoEITg37DemIHtgCmtLvGPes=; b=mo/K5KI33pdpvDYvY/3z/Hj9+ERPHdry5EEKxq/aRfvOj6vSfaTRU3f3CLYL/cHyAW sApOrAAflhwg9LtmN/2d6fE3QaMuZM6cCaeCBCE8AUo4ky2b0Hehk5zwEYv5+7aUK2Z9 e66sUPP99e/XsEKwfnVJ77u2QYoOYDoy6ou3c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712266007; x=1712870807; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DgYnGJst+ZiZfm8ZbfksoEITg37DemIHtgCmtLvGPes=; b=ik1+I40/EnBf4Y3izXJGbPCPTcQKPEKBBbg6EG53KHgoPXNrS789W605d4z9dHwEGj wdIKzq8uxdqCI1Jglv3lA02QhY9oaUsDUwBuI4YSIuxTu4ky4MgUy5TGclaPcNzqj9mG h6jhBZAyXtCtxvFvFmBD6fQMCH/zVnFH2SVGazdwXWcBUSNp2i0gBBueRT2MfiFhFD62 ggCp3Rrk1y6H45fGFDj8LfxPAGX55EzfyM5pL10h5NS3VsvHkzOpTSSurDk9rq3NZSLu 0OmaVgMJ3tKdLb267ADrv8okBlHtbuvLCHrz5/kz0TJvU3o+PSoQEMXjz+9yTXnpPvgK sbFg== X-Forwarded-Encrypted: i=1; AJvYcCUJ/be9WDH7eP+v4XKEJO8/CCN9OKR6eUFw1hdsODUyZf8deKr1KeTPBU3QWsu0X2jcw/UB6sslbrPoYKysUyhVIzu/nuZEa2P97/HvJ7a8x1PEKg8= X-Gm-Message-State: AOJu0Yz6Q46YupeG62MQsW3y5pp1qinaO3+4Tu5/wVY5BM0Sjh0vKRYz F6k+S24d0RNhpcA59HpOlWC+QRAUlfmC862/vSSjW4CA2NAOb4rx8lv5tbw+lw== X-Google-Smtp-Source: AGHT+IE3VAEGnyJZjxWWizzkl8A8UqQPU05exvSE7NCf9gCPgZiPeGDco3wbRo8ROfRWHlGVbpfRGA== X-Received: by 2002:a05:6a00:1828:b0:6ec:fdcd:18eb with SMTP id y40-20020a056a00182800b006ecfdcd18ebmr513393pfa.21.1712266007232; Thu, 04 Apr 2024 14:26:47 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id du17-20020a056a002b5100b006ecceed26bfsm93629pfb.219.2024.04.04.14.26.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 14:26:46 -0700 (PDT) Date: Thu, 4 Apr 2024 14:26:46 -0700 From: Kees Cook To: Linus Walleij Cc: Russell King , Sami Tolvanen , Nathan Chancellor , Nick Desaulniers , Ard Biesheuvel , Arnd Bergmann , linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Subject: Re: [PATCH v4 7/8] ARM: hw_breakpoint: Handle CFI breakpoints Message-ID: <202404041426.F7AA8E92@keescook> References: <20240328-arm32-cfi-v4-0-a11046139125@linaro.org> <20240328-arm32-cfi-v4-7-a11046139125@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240328-arm32-cfi-v4-7-a11046139125@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240404_142650_122956_EC3462F2 X-CRM114-Status: GOOD ( 20.74 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Mar 28, 2024 at 09:19:30AM +0100, Linus Walleij wrote: > This registers a breakpoint handler for the new breakpoint type > (0x03) inserted by LLVM CLANG for CFI breakpoints. > > If we are in permissive mode, just print a backtrace and continue. > > Example with CONFIG_CFI_PERMISSIVE enabled: > > > echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT > lkdtm: Performing direct entry CFI_FORWARD_PROTO > lkdtm: Calling matched prototype ... > lkdtm: Calling mismatched prototype ... > CFI failure at lkdtm_indirect_call+0x40/0x4c (target: 0x0; expected type: 0x00000000) > WARNING: CPU: 1 PID: 112 at lkdtm_indirect_call+0x40/0x4c > CPU: 1 PID: 112 Comm: sh Not tainted 6.8.0-rc1+ #150 > Hardware name: ARM-Versatile Express > (...) > lkdtm: FAIL: survived mismatched prototype function call! > lkdtm: Unexpected! This kernel (6.8.0-rc1+ armv7l) was built with CONFIG_CFI_CLANG=y > > As you can see the LKDTM test fails, but I expect that this would be > expected behaviour in the permissive mode. > > We are currently not implementing target and type for the CFI > breakpoint as this requires additional operand bundling compiler > extensions. > > CPUs without breakpoint support cannot handle breakpoints naturally, > in these cases the permissive mode will not work, CFI will fall over > on an undefined instruction: > > Internal error: Oops - undefined instruction: 0 [#1] PREEMPT ARM > CPU: 0 PID: 186 Comm: ash Tainted: G W 6.9.0-rc1+ #7 > Hardware name: Gemini (Device Tree) > PC is at lkdtm_indirect_call+0x38/0x4c > LR is at lkdtm_CFI_FORWARD_PROTO+0x30/0x6c > > This is reasonable I think: it's the best CFI can do to ascertain > the the control flow is not broken on these CPUs. > > Signed-off-by: Linus Walleij Thanks for making this "fail closed". Looks good! Reviewed-by: Kees Cook -- Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel