From: julien.thierry@arm.com (Julien Thierry)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 0/7] Ensure stack is aligned for kernel entries
Date: Thu, 8 Nov 2018 15:01:54 +0000 [thread overview]
Message-ID: <45592bdd-2f2f-211b-8d58-bcc2c651509e@arm.com> (raw)
In-Reply-To: <cdae83fa-dc71-e635-acda-be363695bf0c@arm.com>
On 08/11/18 14:19, Ramana Radhakrishnan wrote:
> On 08/11/2018 14:10, Ard Biesheuvel wrote:
>> (+ Ramana)
>>
>> On 8 November 2018 at 14:27, Julien Thierry <julien.thierry@arm.com> wrote:
>>>
>>>
>>> On 08/11/18 13:04, Ard Biesheuvel wrote:
>>>>
>>>> On 26 September 2018 at 15:56, Julien Thierry <julien.thierry@arm.com>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> Having SCTLR_ELx.SA enabled requires the SP to be 16-bytes aligned before
>>>>> using it to access memory. When taking an exception, it is possible that
>>>>> the context during which the exception occured had SP mis-aligned.
>>>>
>>>>
>>>> How is this possible? GCC clearly only manipulates the stack pointer
>>>> in 16 byte multiples, and so if we do the same in our asm code (which
>>>> I think we already do, given the lack of reports about this issue), is
>>>> this handling really necessary?
>>>>
>>>
>>> Is there anything that actually gives us that guarantee from GCC? I agree
>>> that currently it looks like aarch64-<...>-gcc only manipulates SP aligned
>>> to 16 bytes, but I don't know whether that is certain.
>>>
>>
>> I think we should get that clarified then. I don't think it makes
>> sense for GCC to have to reason about whether SP currently has a value
>> that permits dereferencing.
>
> The ABI gives that guarantee.
>
> http://infocenter.arm.com/help/topic/com.arm.doc.ihi0055b/IHI0055B_aapcs64.pdf
>
> <quote>
>
> 5.2.2.1 Universal stack constraints
>
> <...>
>
> Additionally, at any point at which memory is accessed
> via SP, the hardware requires that SP mod 16 = 0. The stack must be
> quad-word aligned
>
> </end quote>
>
Thanks Ramana. Sadly I don't think this clarifies things. The issue is
that the guarantee is only that SP is aligned when we will use it to
access memory, but still allows for a scenario like:
-> Updating SP with non 16bytes-aligned value (it's fine as long as the
following code takes care to align it before accessing memory)
-> IRQ is raised before SP gets aligned
-> Vector entry starts saving context on misaligned stack
-> Misaligned SP exception
The only thing that would avoid us the trouble is a guarantee that GCC
never modifies SP in such a way that SP is not 16-bytes aligned.
Thanks,
--
Julien Thierry
next prev parent reply other threads:[~2018-11-08 15:01 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-26 13:56 [PATCH 0/7] Ensure stack is aligned for kernel entries Julien Thierry
2018-09-26 13:56 ` [PATCH 1/7] arm64: Add static check for pt_regs alignment Julien Thierry
2018-11-07 21:58 ` Will Deacon
2018-11-08 10:16 ` Mark Rutland
2018-11-08 11:57 ` Julien Thierry
2018-11-08 16:53 ` Will Deacon
2018-11-08 18:35 ` Ard Biesheuvel
2018-09-26 13:56 ` [PATCH 2/7] arm64: sdei: Always use sdei stack for sdei events Julien Thierry
2018-11-07 21:58 ` Will Deacon
2018-11-21 11:15 ` James Morse
2018-09-26 13:56 ` [PATCH 3/7] arm64: Align stack when taking exception from EL1 Julien Thierry
2018-11-07 21:59 ` Will Deacon
2018-11-08 12:20 ` Julien Thierry
2018-09-26 13:56 ` [PATCH 4/7] arm64: Add fast-path for stack alignment Julien Thierry
2018-11-07 21:59 ` Will Deacon
2018-11-08 12:21 ` Julien Thierry
2018-09-26 13:56 ` [PATCH 5/7] arm64: Do not apply BP hardening for hyp entries from EL2 Julien Thierry
2018-11-07 21:59 ` Will Deacon
2018-11-08 12:23 ` Julien Thierry
2018-09-26 13:56 ` [PATCH 6/7] arm64: Do not apply vector harderning " Julien Thierry
2018-11-07 21:59 ` Will Deacon
2018-11-08 12:31 ` Julien Thierry
2018-09-26 13:56 ` [PATCH 7/7] arm64: kvm: Align stack for exception coming " Julien Thierry
2018-10-19 8:07 ` [PATCH 0/7] Ensure stack is aligned for kernel entries Julien Thierry
2018-11-07 21:58 ` Will Deacon
2018-11-08 12:43 ` Julien Thierry
2018-11-08 13:04 ` Ard Biesheuvel
2018-11-08 13:27 ` Julien Thierry
2018-11-08 14:10 ` Ard Biesheuvel
2018-11-08 14:19 ` Ramana Radhakrishnan
2018-11-08 15:01 ` Julien Thierry [this message]
2018-11-08 15:33 ` Ramana Radhakrishnan
2018-11-08 15:41 ` Julien Thierry
2018-11-08 15:30 ` Dave Martin
2018-11-08 15:33 ` Ramana Radhakrishnan
2018-11-08 15:39 ` Dave Martin
2018-11-08 15:44 ` Ard Biesheuvel
2018-11-08 16:57 ` Ramana Radhakrishnan
2018-11-08 17:14 ` Ard Biesheuvel
2018-11-22 11:49 ` Julien Thierry
2018-11-22 12:11 ` Ard Biesheuvel
2018-11-22 15:10 ` Julien Thierry
2018-11-22 15:12 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45592bdd-2f2f-211b-8d58-bcc2c651509e@arm.com \
--to=julien.thierry@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).