| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aIdxUpSc-Co8wLYE@willie-the-truck>
Date: Mon, 28 Jul 2025 13:47:14 +0100
From: Will Deacon <will@...nel.org>
To: Sami Tolvanen <samitolvanen@...gle.com>
Cc: Deepak Gupta <debug@...osinc.com>,
Paul Walmsley <paul.walmsley@...ive.com>,
Palmer Dabbelt <palmer@...belt.com>,
Albert Ou <aou@...s.berkeley.edu>, Alexandre Ghiti <alex@...ti.fr>,
Masahiro Yamada <masahiroy@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nicolas Schier <nicolas.schier@...ux.dev>,
Andrew Morton <akpm@...ux-foundation.org>,
David Hildenbrand <david@...hat.com>,
Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
"Liam R. Howlett" <Liam.Howlett@...cle.com>,
Vlastimil Babka <vbabka@...e.cz>, Mike Rapoport <rppt@...nel.org>,
Suren Baghdasaryan <surenb@...gle.com>,
Michal Hocko <mhocko@...e.com>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>,
Monk Chiang <monk.chiang@...ive.com>,
Kito Cheng <kito.cheng@...ive.com>,
Justin Stitt <justinstitt@...gle.com>,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-kbuild@...r.kernel.org, linux-mm@...ck.org,
llvm@...ts.linux.dev, rick.p.edgecombe@...el.com,
broonie@...nel.org, cleger@...osinc.com, apatel@...tanamicro.com,
ajones@...tanamicro.com, conor.dooley@...rochip.com,
charlie@...osinc.com, samuel.holland@...ive.com, bjorn@...osinc.com,
fweimer@...hat.com, jeffreyalaw@...il.com,
heinrich.schuchardt@...onical.com, andrew@...ive.com,
ved@...osinc.com
Subject: Re: [PATCH 10/11] scs: generic scs code updated to leverage hw
assisted shadow stack
On Fri, Jul 25, 2025 at 04:13:27PM +0000, Sami Tolvanen wrote:
> On Thu, Jul 24, 2025 at 04:37:03PM -0700, Deepak Gupta wrote:
> > diff --git a/include/linux/scs.h b/include/linux/scs.h
> > index 4ab5bdc898cf..6ceee07c2d1a 100644
> > --- a/include/linux/scs.h
> > +++ b/include/linux/scs.h
> > @@ -12,6 +12,7 @@
> > #include <linux/poison.h>
> > #include <linux/sched.h>
> > #include <linux/sizes.h>
> > +#include <asm/scs.h>
> >
> > #ifdef CONFIG_SHADOW_CALL_STACK
> >
> > @@ -37,22 +38,45 @@ static inline void scs_task_reset(struct task_struct *tsk)
> > * Reset the shadow stack to the base address in case the task
> > * is reused.
> > */
> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
> > + task_scs_sp(tsk) = task_scs(tsk) + SCS_SIZE;
> > +#else
> > task_scs_sp(tsk) = task_scs(tsk);
> > +#endif
> > }
> >
> > static inline unsigned long *__scs_magic(void *s)
> > {
> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
> > + return (unsigned long *)(s);
> > +#else
> > return (unsigned long *)(s + SCS_SIZE) - 1;
> > +#endif
> > }
> >
> > static inline bool task_scs_end_corrupted(struct task_struct *tsk)
> > {
> > unsigned long *magic = __scs_magic(task_scs(tsk));
> > - unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
> > + unsigned long sz;
> > +
> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
> > + sz = (task_scs(tsk) + SCS_SIZE) - task_scs_sp(tsk);
> > +#else
> > + sz = task_scs_sp(tsk) - task_scs(tsk);
> > +#endif
> >
> > return sz >= SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) != SCS_END_MAGIC;
> > }
> >
> > +static inline void __scs_store_magic(unsigned long *s, unsigned long magic_val)
> > +{
> > +#ifdef CONFIG_ARCH_HAS_KERNEL_SHADOW_STACK
> > + arch_scs_store(s, magic_val);
> > +#else
> > + *__scs_magic(s) = magic_val;
> > +#endif
> > +}
> > +
>
> I'm not a huge fan of all the ifdefs. We could clean this up by
> allowing architectures to simply override some these functions, or at
> least use if (IS_ENABLED(CONFIG...)) instead. Will, any thoughts about
> this?
Yeah, I agree that allowing architectures to provide overrides makes
sense, however I also suspect that some of this needs to be a runtime
decision because not all CPUs will support the hardware-accelerated
feature and will presumably want to fall back on the software
implementation.
Will
Powered by blists - more mailing lists