From 239f5f1767e862a2030508a88940652d1de60771 Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Tue, 9 Jun 2020 12:44:53 +0100 Subject: [PATCH] Revert "FROMLIST: arm64: implement Shadow Call Stack" Shadow call stack is now merged upstream for 5.9, so revert the patches cherry-picked into android-mainline in preparation for pulling the upstream version instead. This reverts commit 084cffa679f1e6dfd958a354bf2eb5aa89e0ed53. Signed-off-by: Will Deacon Change-Id: Ie0f0e3a32948f68082ed23e67535529035a16300 --- arch/arm64/Kconfig | 5 ---- arch/arm64/include/asm/scs.h | 37 ------------------------- arch/arm64/include/asm/stacktrace.h | 4 --- arch/arm64/include/asm/thread_info.h | 3 --- arch/arm64/kernel/Makefile | 1 - arch/arm64/kernel/asm-offsets.c | 3 --- arch/arm64/kernel/entry.S | 31 ++------------------- arch/arm64/kernel/head.S | 9 ------- arch/arm64/kernel/irq.c | 2 -- arch/arm64/kernel/process.c | 2 -- arch/arm64/kernel/scs.c | 40 ---------------------------- arch/arm64/kernel/smp.c | 4 --- 12 files changed, 2 insertions(+), 139 deletions(-) delete mode 100644 arch/arm64/include/asm/scs.h delete mode 100644 arch/arm64/kernel/scs.c diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index aae97fe45599..0bae1b2ecb9e 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -65,7 +65,6 @@ config ARM64 select ARCH_USE_QUEUED_RWLOCKS select ARCH_USE_QUEUED_SPINLOCKS select ARCH_SUPPORTS_MEMORY_FAILURE - select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK select ARCH_SUPPORTS_LTO_CLANG select ARCH_SUPPORTS_THINLTO select ARCH_SUPPORTS_ATOMIC_RMW @@ -1029,10 +1028,6 @@ config ARCH_HAS_CACHE_LINE_SIZE config ARCH_ENABLE_SPLIT_PMD_PTLOCK def_bool y if PGTABLE_LEVELS > 2 -# Supported by clang >= 7.0 -config CC_HAVE_SHADOW_CALL_STACK - def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18) - config SECCOMP bool "Enable seccomp to safely compute untrusted bytecode" ---help--- diff --git a/arch/arm64/include/asm/scs.h b/arch/arm64/include/asm/scs.h deleted file mode 100644 index c50d2b0c6c5f..000000000000 --- a/arch/arm64/include/asm/scs.h +++ /dev/null @@ -1,37 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#ifndef _ASM_SCS_H -#define _ASM_SCS_H - -#ifndef __ASSEMBLY__ - -#include - -#ifdef CONFIG_SHADOW_CALL_STACK - -extern void scs_init_irq(void); - -static __always_inline void scs_save(struct task_struct *tsk) -{ - void *s; - - asm volatile("mov %0, x18" : "=r" (s)); - task_set_scs(tsk, s); -} - -static inline void scs_overflow_check(struct task_struct *tsk) -{ - if (unlikely(scs_corrupted(tsk))) - panic("corrupted shadow stack detected inside scheduler\n"); -} - -#else /* CONFIG_SHADOW_CALL_STACK */ - -static inline void scs_init_irq(void) {} -static inline void scs_save(struct task_struct *tsk) {} -static inline void scs_overflow_check(struct task_struct *tsk) {} - -#endif /* CONFIG_SHADOW_CALL_STACK */ - -#endif /* __ASSEMBLY __ */ - -#endif /* _ASM_SCS_H */ diff --git a/arch/arm64/include/asm/stacktrace.h b/arch/arm64/include/asm/stacktrace.h index b6cf32fb4efe..4d9b1f48dc39 100644 --- a/arch/arm64/include/asm/stacktrace.h +++ b/arch/arm64/include/asm/stacktrace.h @@ -68,10 +68,6 @@ extern void dump_backtrace(struct pt_regs *regs, struct task_struct *tsk); DECLARE_PER_CPU(unsigned long *, irq_stack_ptr); -#ifdef CONFIG_SHADOW_CALL_STACK -DECLARE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr); -#endif - static inline bool on_irq_stack(unsigned long sp, struct stack_info *info) { diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h index 1fb651f73da3..512174a8e789 100644 --- a/arch/arm64/include/asm/thread_info.h +++ b/arch/arm64/include/asm/thread_info.h @@ -41,9 +41,6 @@ struct thread_info { #endif } preempt; }; -#ifdef CONFIG_SHADOW_CALL_STACK - void *shadow_call_stack; -#endif }; #define thread_saved_pc(tsk) \ diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index 151f28521f1e..4e5b8ee31442 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -63,7 +63,6 @@ obj-$(CONFIG_CRASH_CORE) += crash_core.o obj-$(CONFIG_ARM_SDE_INTERFACE) += sdei.o obj-$(CONFIG_ARM64_SSBD) += ssbd.o obj-$(CONFIG_ARM64_PTR_AUTH) += pointer_auth.o -obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o obj-y += vdso/ probes/ obj-$(CONFIG_COMPAT_VDSO) += vdso32/ diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c index 777a662888ec..9981a0a5a87f 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -33,9 +33,6 @@ int main(void) DEFINE(TSK_TI_ADDR_LIMIT, offsetof(struct task_struct, thread_info.addr_limit)); #ifdef CONFIG_ARM64_SW_TTBR0_PAN DEFINE(TSK_TI_TTBR0, offsetof(struct task_struct, thread_info.ttbr0)); -#endif -#ifdef CONFIG_SHADOW_CALL_STACK - DEFINE(TSK_TI_SCS, offsetof(struct task_struct, thread_info.shadow_call_stack)); #endif DEFINE(TSK_STACK, offsetof(struct task_struct, stack)); #ifdef CONFIG_STACKPROTECTOR diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S index 0b164a24696c..ddcde093c433 100644 --- a/arch/arm64/kernel/entry.S +++ b/arch/arm64/kernel/entry.S @@ -178,10 +178,6 @@ alternative_cb_end apply_ssbd 1, x22, x23 -#ifdef CONFIG_SHADOW_CALL_STACK - ldr x18, [tsk, #TSK_TI_SCS] // Restore shadow call stack - str xzr, [tsk, #TSK_TI_SCS] // Limit visibility of saved SCS -#endif ptrauth_keys_install_kernel tsk, 1, x20, x22, x23 .else add x21, sp, #S_FRAME_SIZE @@ -284,12 +280,6 @@ alternative_else_nop_endif ct_user_enter .endif -#ifdef CONFIG_SHADOW_CALL_STACK - .if \el == 0 - str x18, [tsk, #TSK_TI_SCS] // Save shadow call stack - .endif -#endif - #ifdef CONFIG_ARM64_SW_TTBR0_PAN /* * Restore access to TTBR0_EL1. If returning to EL0, no need for SPSR @@ -398,9 +388,6 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 .macro irq_stack_entry mov x19, sp // preserve the original sp -#ifdef CONFIG_SHADOW_CALL_STACK - mov x20, x18 // preserve the original shadow stack -#endif /* * Compare sp with the base of the task stack. @@ -418,24 +405,15 @@ alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0 /* switch to the irq stack */ mov sp, x26 - -#ifdef CONFIG_SHADOW_CALL_STACK - /* also switch to the irq shadow stack */ - ldr_this_cpu x18, irq_shadow_call_stack_ptr, x26 -#endif - 9998: .endm /* - * The callee-saved regs (x19-x29) should be preserved between - * irq_stack_entry and irq_stack_exit. + * x19 should be preserved between irq_stack_entry and + * irq_stack_exit. */ .macro irq_stack_exit mov sp, x19 -#ifdef CONFIG_SHADOW_CALL_STACK - mov x18, x20 -#endif .endm /* GPRs used by entry code */ @@ -922,11 +900,6 @@ SYM_FUNC_START(cpu_switch_to) ldr lr, [x8] mov sp, x9 msr sp_el0, x1 -#ifdef CONFIG_SHADOW_CALL_STACK - str x18, [x0, #TSK_TI_SCS] - ldr x18, [x1, #TSK_TI_SCS] - str xzr, [x1, #TSK_TI_SCS] // limit visibility of saved SCS -#endif ptrauth_keys_install_kernel x1, 1, x8, x9, x10 ret SYM_FUNC_END(cpu_switch_to) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 01b5e6fdfc41..57a91032b4c2 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -27,7 +27,6 @@ #include #include #include -#include #include #include #include @@ -425,10 +424,6 @@ SYM_FUNC_START_LOCAL(__primary_switched) stp xzr, x30, [sp, #-16]! mov x29, sp -#ifdef CONFIG_SHADOW_CALL_STACK - adr_l x18, init_shadow_call_stack // Set shadow call stack -#endif - str_l x21, __fdt_pointer, x5 // Save FDT pointer ldr_l x4, kimage_vaddr // Save the offset between @@ -742,10 +737,6 @@ SYM_FUNC_START_LOCAL(__secondary_switched) ldr x2, [x0, #CPU_BOOT_TASK] cbz x2, __secondary_too_slow msr sp_el0, x2 -#ifdef CONFIG_SHADOW_CALL_STACK - ldr x18, [x2, #TSK_TI_SCS] // set shadow call stack - str xzr, [x2, #TSK_TI_SCS] // limit visibility of saved SCS -#endif mov x29, #0 mov x30, #0 b secondary_start_kernel diff --git a/arch/arm64/kernel/irq.c b/arch/arm64/kernel/irq.c index fe0ca522ff60..04a327ccf84d 100644 --- a/arch/arm64/kernel/irq.c +++ b/arch/arm64/kernel/irq.c @@ -21,7 +21,6 @@ #include #include #include -#include unsigned long irq_err_count; @@ -64,7 +63,6 @@ static void init_irq_stacks(void) void __init init_IRQ(void) { init_irq_stacks(); - scs_init_irq(); irqchip_init(); if (!handle_arch_irq) panic("No interrupt controller found."); diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c index a35d3318492c..56be4cbf771f 100644 --- a/arch/arm64/kernel/process.c +++ b/arch/arm64/kernel/process.c @@ -52,7 +52,6 @@ #include #include #include -#include #include #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) @@ -516,7 +515,6 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev, entry_task_switch(next); uao_thread_switch(next); ssbs_thread_switch(next); - scs_overflow_check(next); /* * Complete any pending TLB or cache maintenance on this CPU in case diff --git a/arch/arm64/kernel/scs.c b/arch/arm64/kernel/scs.c deleted file mode 100644 index eaadf5430baa..000000000000 --- a/arch/arm64/kernel/scs.c +++ /dev/null @@ -1,40 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Shadow Call Stack support. - * - * Copyright (C) 2019 Google LLC - */ - -#include -#include -#include -#include - -DEFINE_PER_CPU(unsigned long *, irq_shadow_call_stack_ptr); - -#ifndef CONFIG_SHADOW_CALL_STACK_VMAP -DEFINE_PER_CPU(unsigned long [SCS_SIZE/sizeof(long)], irq_shadow_call_stack) - __aligned(SCS_SIZE); -#endif - -void scs_init_irq(void) -{ - int cpu; - - for_each_possible_cpu(cpu) { -#ifdef CONFIG_SHADOW_CALL_STACK_VMAP - unsigned long *p; - - p = __vmalloc_node_range(PAGE_SIZE, SCS_SIZE, - VMALLOC_START, VMALLOC_END, - GFP_SCS, PAGE_KERNEL, - 0, cpu_to_node(cpu), - __builtin_return_address(0)); - - per_cpu(irq_shadow_call_stack_ptr, cpu) = p; -#else - per_cpu(irq_shadow_call_stack_ptr, cpu) = - per_cpu(irq_shadow_call_stack, cpu); -#endif /* CONFIG_SHADOW_CALL_STACK_VMAP */ - } -} diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c index 185f3d2e3da9..bb813d06114a 100644 --- a/arch/arm64/kernel/smp.c +++ b/arch/arm64/kernel/smp.c @@ -46,7 +46,6 @@ #include #include #include -#include #include #include #include @@ -371,9 +370,6 @@ void cpu_die(void) unsigned int cpu = smp_processor_id(); const struct cpu_operations *ops = get_cpu_ops(cpu); - /* Save the shadow stack pointer before exiting the idle task */ - scs_save(current); - idle_task_exit(); local_daif_mask();