Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3866164ybz; Mon, 4 May 2020 11:09:11 -0700 (PDT) X-Google-Smtp-Source: APiQypKpuw2MP3xE+PP4gKY7bWlyRs28zS8ll4abyt/EG3fq8olyOT0tH6z07eZmKRXRRV/7jwBs X-Received: by 2002:a05:6402:1d88:: with SMTP id dk8mr1472087edb.52.1588615751354; Mon, 04 May 2020 11:09:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588615751; cv=none; d=google.com; s=arc-20160816; b=cmoPj1oh7sJ1in9Gqfe23TBy1YVcyTM61sNgD9v5ptYDVLutSzv7sMf01B7nbNCPjd B6xrtk/q8cUj8FF8xSLv8SDwhuPoRvJZQXVuMSn0VSYLmPLg932GlqTANiu12onSF24k ewx+Va815YC8AsGrp+5BuECcAAENKLn7hpfroL2uIxsOtSlSNc1z8oWaLhjHpejn2CSn ap7aATL9x1tZI0937nBYZmQJ+TQAvcOq5FQybAQIVE4FgvK73nkNyfxa163RK96jEXO2 JOy6oHnY0Lzll3DMoZ3HuyMvsKn1xrmkQbitiSdr/L+wi/ANFbYcQOJbJkmoNSQXPm6d 5e4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=5H5y0GT0IX1bjv46W43wTOmcN/3DzOsesayYr+f385c=; b=N7+FyNeaqGdsRcot9ZkdKIL53KT0/fGjn49CStb7wMGPBPZF2/nv+6epsseT+CRwXI PxCdfM822R1tBq7jpzYGEIUlbfYf8zRAbDQyoGpGx205p+nlkwIBcXv4UinNuswIl256 FTt2XVMkzQj+Q9eGP5MU9Sk5xFtskJdu2oqL2N8bmlZZqq5jhKtAjHpQD1/GnVQpho/J vLAt1NxSJHf82y12ODLXERqKJ5+HwYFfV3QoUPBKjQjwIGWFZeG5SUEaRphc5UcXXftG TP9rc+mlCKtErDYdGt13D419fAdx1+DwxURZiWLU/j5AmlUL35Jml+cWqNFQ0tmEcXXz PeYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VfjjNs3D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o5si6866411ejr.501.2020.05.04.11.08.46; Mon, 04 May 2020 11:09:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VfjjNs3D; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730869AbgEDSGM (ORCPT + 99 others); Mon, 4 May 2020 14:06:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1731274AbgEDSGI (ORCPT ); Mon, 4 May 2020 14:06:08 -0400 Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B10EC061A0E for ; Mon, 4 May 2020 11:06:08 -0700 (PDT) Received: by mail-pg1-x542.google.com with SMTP id l12so116947pgr.10 for ; Mon, 04 May 2020 11:06:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=5H5y0GT0IX1bjv46W43wTOmcN/3DzOsesayYr+f385c=; b=VfjjNs3D1ejtb+5tDVnv4xIxeWbWw/o38mrHwOZ5Gwkc82EKTZ7pb9asTgtjF5BOl5 Zqs4vbc5AMjqxgNOipERymQfeg78d3WB44sQWSCPyzc8fjFCFil4qhPuqg1dVU2c7TEV A6XlZfrUYCmdVmssHy2yO3uNUZUiSM/Gfc3ko= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=5H5y0GT0IX1bjv46W43wTOmcN/3DzOsesayYr+f385c=; b=pCY06IDTYRgyoDxy0wjxEh0CNEAAeMY1iDZ3fy/0VvohBWG2dggqgKrXOyEujs2dba S0ODXCuMWL/t+fwzod+kFAeHMv9okpZ3J/mPv+SgZxbVsyrepPN2aJnN1Dk0+JZ/2Qsg p2e0hBzXokX1NfheALiZFXmR01T8xaTKyKjqQNWrDY3kMnd7eRW34WOHYGyE3GgMKzh6 PXeUh2OtG1Qm7Q2yOHvybAYD/L++QfHTVq78HnHp3h3anb3cXbkomFjCwvTEK8TW74hZ kz+tFFTDxzyrQ8WDDtQ0pLGMJqm9RUR/C/NAiA7xe1MLU5pB2mpkV2CDQsEUuOSNFK9M f7fg== X-Gm-Message-State: AGi0PualbcKml3rY+zmxWLDi7AO5f332W+bL3x8I4JVMp4NmNiRm2XK1 ErNLyjESFiiRY4W9tbCd3rtkMQ== X-Received: by 2002:a65:4c83:: with SMTP id m3mr201796pgt.128.1588615568087; Mon, 04 May 2020 11:06:08 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p2sm8099142pgh.25.2020.05.04.11.06.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 May 2020 11:06:07 -0700 (PDT) Date: Mon, 4 May 2020 11:06:06 -0700 From: Kees Cook To: Will Deacon Cc: Sami Tolvanen , Catalin Marinas , James Morse , Steven Rostedt , Ard Biesheuvel , Mark Rutland , Masahiro Yamada , Michal Marek , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dave Martin , Laura Abbott , Marc Zyngier , Masami Hiramatsu , Nick Desaulniers , Jann Horn , Miguel Ojeda , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v11 01/12] add support for Clang's Shadow Call Stack (SCS) Message-ID: <202005041050.7E29A56637@keescook> References: <20200416161245.148813-1-samitolvanen@google.com> <20200416161245.148813-2-samitolvanen@google.com> <20200420171727.GB24386@willie-the-truck> <20200420211830.GA5081@google.com> <20200422173938.GA3069@willie-the-truck> <20200422235134.GA211149@google.com> <202004231121.A13FDA100@keescook> <20200424112113.GC21141@willie-the-truck> <20200427204546.GA80713@google.com> <20200504165227.GB1833@willie-the-truck> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200504165227.GB1833@willie-the-truck> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 04, 2020 at 05:52:28PM +0100, Will Deacon wrote: > On Mon, Apr 27, 2020 at 01:45:46PM -0700, Sami Tolvanen wrote: > > On Fri, Apr 24, 2020 at 12:21:14PM +0100, Will Deacon wrote: > > > The vmap version that I asked Sami to drop > > > is at least better in this regard, although the guard page is at the wrong > > > end of the stack and we just hope that the allocation below us didn't pass > > > VM_NO_GUARD. Looks like the same story for vmap stack :/ > > > > SCS grows up and the guard page is after the allocation, so how is it at > > the wrong end? Am I missing something here? > > Sorry, I'd got the SCS upside-down in my head (hey, that second 'S' stands > for 'Stack'!). But I think I'm right about vmap stack, which feels a > little fragile even though it seems to work out today with the very limited > uses of VM_NO_GUARD. Yeah, when VMAP_STACK was originally being developed, IIRC, there was an effort made to eliminate all the users of VM_NO_GUARD, and it looks like it's mostly there. Really the only use left is arm64's kernel image mapping routines, and then it's not actually used in the traditional sense -- it's just a boolean for whether to toss in a guard page at the end of the data section, and the VMAs are built manually. I think that code could actually be refactored to drop it too and then the only user would be KASAN, which, IIUC, wants to build consecutive vmap areas. -- Kees Cook