Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1375445pxu; Thu, 17 Dec 2020 08:32:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJzTjxO9MAMwyL2pAQuMfpWwdBnBoxx+fwrEvlqWJkE5+t8QBK+qLZmqJgFps2YloDn7Jyvd X-Received: by 2002:a50:f089:: with SMTP id v9mr98715edl.353.1608222731432; Thu, 17 Dec 2020 08:32:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608222731; cv=none; d=google.com; s=arc-20160816; b=EMeDt81BzD5sYfu1cCylKAfIEqNG329WOxDiOmtASRV2Bdo+Kr/CW0ex+ABLwU7x4C YlITFbqTlnIVFD4GX4099N72cRgV7ZHI821uSM+XqJuwaWcQih2uArSKIdsBgzpP3Y7V kFZnQjrmUb2Ufog0c+jcJ9QZJ20txTtp2i8d6byTZfzsY7SJYKEuFvEVZrCJ87aeW3cr U1VFW3AirwT0jdxD9SkgaBKQ0gW8jXcaIQWlPn8DW3GT8jDqPgtj3Ic0XpUbxkSGMRuU 01WJFBKFwa0AFefCvMUBHWqkW3Odt5kanDxOM4D6qOC2eChDvttbYS2c4JDA49IyiqeB QjxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=9k89GhbIvkOYuYJ200pDrCq+cdUHR8LSQ3o0Y1Y9y2Q=; b=Y4fFpnRdAOMeYFQfII/SWktSszoJ8E3P1blyyY9Gk8r3c5uumkaLQ1biQj/3P9XEBu KvnxCjhGx6I6gcbJpochOGqMnpVUXFHOc3bMna95gQjkEPQOWl88ff5cXpyOOndebE+I c8rBbIyYjNXFQB3L+30rwdCynhT1WIjlbWionGh9ArKrheXwvrpivjUT5KbgjYNFZukV Cmv38LiYSfF8MNS0Fx7ozMacXcQ7MykFsUs2QyJXH9eEbgqNU6fNZufCy4Yuv5Wdr8N5 2GFJAOdL9CPdD4MW5lccy0nKK78Nm4IKeWdipyTqUDnZhNBb8fZYy/ojA6Sgl0tCG5RB gldw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p20si2898823ejw.65.2020.12.17.08.31.47; Thu, 17 Dec 2020 08:32:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728181AbgLQQay (ORCPT + 99 others); Thu, 17 Dec 2020 11:30:54 -0500 Received: from mail.kernel.org ([198.145.29.99]:37482 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728081AbgLQQay (ORCPT ); Thu, 17 Dec 2020 11:30:54 -0500 From: guoren@kernel.org Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: palmerdabbelt@google.com, paul.walmsley@sifive.com, anup@brainfault.org, greentime.hu@sifive.com, zong.li@sifive.com, keescook@chromium.org, bjorn.topel@gmail.com, atish.patra@wdc.com, cooper.qu@linux.alibaba.com Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-csky@vger.kernel.org, guoren@kernel.org, Guo Ren Subject: [PATCH RESEND v4] riscv: Enable per-task stack canaries Date: Thu, 17 Dec 2020 16:29:18 +0000 Message-Id: <1608222558-6677-1-git-send-email-guoren@kernel.org> X-Mailer: git-send-email 2.7.4 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Guo Ren This enables the use of per-task stack canary values if GCC has support for emitting the stack canary reference relative to the value of tp, which holds the task struct pointer in the riscv kernel. After compare arm64 and x86 implementations, seems arm64's is more flexible and readable. The key point is how gcc get the offset of stack_canary from gs/el0_sp. x86: Use a fix offset from gs, not flexible. struct fixed_percpu_data { /* * GCC hardcodes the stack canary as %gs:40. Since the * irq_stack is the object at %gs:0, we reserve the bottom * 48 bytes of the irq stack for the canary. */ char gs_base[40]; // :( unsigned long stack_canary; }; arm64: Use -mstack-protector-guard-offset & guard-reg gcc options: -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=xxx riscv: Use -mstack-protector-guard-offset & guard-reg gcc options: -mstack-protector-guard=tls -mstack-protector-guard-reg=tp -mstack-protector-guard-offset=xxx GCC's implementation has been merged: commit c931e8d5a96463427040b0d11f9c4352ac22b2b0 Author: Cooper Qu Date: Mon Jul 13 16:15:08 2020 +0800 RISC-V: Add support for TLS stack protector canary access In the end, these codes are inserted by gcc before return: * 0xffffffe00020b396 <+120>: ld a5,1008(tp) # 0x3f0 * 0xffffffe00020b39a <+124>: xor a5,a5,a4 * 0xffffffe00020b39c <+126>: mv a0,s5 * 0xffffffe00020b39e <+128>: bnez a5,0xffffffe00020b61c <_do_fork+766> 0xffffffe00020b3a2 <+132>: ld ra,136(sp) 0xffffffe00020b3a4 <+134>: ld s0,128(sp) 0xffffffe00020b3a6 <+136>: ld s1,120(sp) 0xffffffe00020b3a8 <+138>: ld s2,112(sp) 0xffffffe00020b3aa <+140>: ld s3,104(sp) 0xffffffe00020b3ac <+142>: ld s4,96(sp) 0xffffffe00020b3ae <+144>: ld s5,88(sp) 0xffffffe00020b3b0 <+146>: ld s6,80(sp) 0xffffffe00020b3b2 <+148>: ld s7,72(sp) 0xffffffe00020b3b4 <+150>: addi sp,sp,144 0xffffffe00020b3b6 <+152>: ret ... * 0xffffffe00020b61c <+766>: auipc ra,0x7f8 * 0xffffffe00020b620 <+770>: jalr -1764(ra) # 0xffffffe000a02f38 <__stack_chk_fail> Signed-off-by: Guo Ren Signed-off-by: Cooper Qu Reviewed-by: Kees Cook Cc: Palmer Dabbelt --- arch/riscv/Kconfig | 7 +++++++ arch/riscv/Makefile | 10 ++++++++++ arch/riscv/include/asm/stackprotector.h | 3 ++- arch/riscv/kernel/asm-offsets.c | 3 +++ arch/riscv/kernel/process.c | 2 +- 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index a627ae2..3d9daee 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -420,6 +420,13 @@ config EFI allow the kernel to be booted as an EFI application. This is only useful on systems that have UEFI firmware. +config CC_HAVE_STACKPROTECTOR_TLS + def_bool $(cc-option,-mstack-protector-guard=tls -mstack-protector-guard-reg=tp -mstack-protector-guard-offset=0) + +config STACKPROTECTOR_PER_TASK + def_bool y + depends on STACKPROTECTOR && CC_HAVE_STACKPROTECTOR_TLS + endmenu config BUILTIN_DTB diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile index b6eb946..508de08 100644 --- a/arch/riscv/Makefile +++ b/arch/riscv/Makefile @@ -67,6 +67,16 @@ KBUILD_CFLAGS_MODULE += $(call cc-option,-mno-relax) # architectures. It's faster to have GCC emit only aligned accesses. KBUILD_CFLAGS += $(call cc-option,-mstrict-align) +ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) +prepare: stack_protector_prepare +stack_protector_prepare: prepare0 + $(eval KBUILD_CFLAGS += -mstack-protector-guard=tls \ + -mstack-protector-guard-reg=tp \ + -mstack-protector-guard-offset=$(shell \ + awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' \ + include/generated/asm-offsets.h)) +endif + # arch specific predefines for sparse CHECKFLAGS += -D__riscv -D__riscv_xlen=$(BITS) diff --git a/arch/riscv/include/asm/stackprotector.h b/arch/riscv/include/asm/stackprotector.h index 5962f88..09093af 100644 --- a/arch/riscv/include/asm/stackprotector.h +++ b/arch/riscv/include/asm/stackprotector.h @@ -24,6 +24,7 @@ static __always_inline void boot_init_stack_canary(void) canary &= CANARY_MASK; current->stack_canary = canary; - __stack_chk_guard = current->stack_canary; + if (!IS_ENABLED(CONFIG_STACKPROTECTOR_PER_TASK)) + __stack_chk_guard = current->stack_canary; } #endif /* _ASM_RISCV_STACKPROTECTOR_H */ diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c index db20344..877ff65 100644 --- a/arch/riscv/kernel/asm-offsets.c +++ b/arch/riscv/kernel/asm-offsets.c @@ -66,6 +66,9 @@ void asm_offsets(void) OFFSET(TASK_THREAD_F30, task_struct, thread.fstate.f[30]); OFFSET(TASK_THREAD_F31, task_struct, thread.fstate.f[31]); OFFSET(TASK_THREAD_FCSR, task_struct, thread.fstate.fcsr); +#ifdef CONFIG_STACKPROTECTOR + OFFSET(TSK_STACK_CANARY, task_struct, stack_canary); +#endif DEFINE(PT_SIZE, sizeof(struct pt_regs)); OFFSET(PT_EPC, pt_regs, epc); diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index dd5f985..f786b5f 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -24,7 +24,7 @@ register unsigned long gp_in_global __asm__("gp"); -#ifdef CONFIG_STACKPROTECTOR +#if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include unsigned long __stack_chk_guard __read_mostly; EXPORT_SYMBOL(__stack_chk_guard); -- 2.7.4