| tag name | sent/arm32-cfi-v2 (c27cc345a7ff5917d0fab8daa5e9dc77e9640701) |
| tag date | 2024-03-07 15:22:16 +0100 |
| tagged by | Linus Walleij <linus.walleij@linaro.org> |
| tagged object | commit 6810fff8b0... |
| download | linux-integrator-sent/arm32-cfi-v2.tar.gz |
|---|
CFI for ARM32 using LLVM
This is a first patch set to support CLANG CFI (Control Flow
Integrity) on ARM32.
For information about what CFI is, see:
https://clang.llvm.org/docs/ControlFlowIntegrity.html
For the kernel KCFI flavor, see:
https://lwn.net/Articles/898040/
The base changes required to bring up KCFI on ARM32 was mostly
related to the use of custom vtables in the kernel, combined
with defines to call into these vtable members directly from
sites where they are used.
The approach to all of these vtable+define issues has been
the same: instead of a define, wrap the call in a static inline
function that explicitly calls the vtable member.
The permissive mode handles the new breakpoint type (0x03) that
LLVM CLANG is defining.
To runtime-test the patches:
- Enable CONFIG_LKDTM
- echo CFI_FORWARD_PROTO > /sys/kernel/debug/provoke-crash/DIRECT
The patch set has been booted to userspace on the following
test platforms:
- Arm Versatile (QEMU)
- Arm Versatile Express (QEMU)
- multi_v7 booted on Versatile Express (QEMU)
- Footbridge Netwinder (SA110 ARMv4)
- Ux500 (ARMv7 SMP)
I am not saying there will not be corner cases that we need
to fix in addition to this, but it is enough to get started.
Looking at what was fixed for arm64 I am a bit weary that
e.g. BPF might need something to trampoline properly.
But hopefullt people can get to testing it and help me fix
remaining issues before the final version, or we can fix it
in-tree.
To: Russell King <linux@armlinux.org.uk>
To: Sami Tolvanen <samitolvanen@google.com>
To: Kees Cook <keescook@chromium.org>
To: Nathan Chancellor <nathan@kernel.org>
To: Nick Desaulniers <ndesaulniers@google.com>
To: Ard Biesheuvel <ardb@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: <linux-arm-kernel@lists.infradead.org>
Cc: <llvm@lists.linux.dev>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
---
Changes in v2:
- Add the missing ftrace graph tracer stub.
- Enable permissive mode using a breakpoint handler.
- Link to v1: https://lore.kernel.org/r/20240225-arm32-cfi-v1-0-6943306f065b@linaro.org
---
Linus Walleij (9):
ARM: Support CLANG CFI
ARM: tlbflush: Make TLB flushes into static inlines
ARM: bugs: Check in the vtable instead of defined aliases
ARM: proc: Use inlines instead of defines
ARM: delay: Turn delay functions into static inlines
ARM: turn CPU cache flush functions into static inlines
ARM: page: Turn highpage accesses into static inlines
ARM: ftrace: Define ftrace_stub_graph
ARM: KCFI: Allow permissive CFI mode
arch/arm/Kconfig | 1 +
arch/arm/common/mcpm_entry.c | 10 ++-----
arch/arm/include/asm/cacheflush.h | 45 ++++++++++++++++++++++------
arch/arm/include/asm/delay.h | 16 ++++++++--
arch/arm/include/asm/hw_breakpoint.h | 1 +
arch/arm/include/asm/page.h | 36 ++++++++++++++++++-----
arch/arm/include/asm/proc-fns.h | 57 +++++++++++++++++++++++++++++-------
arch/arm/include/asm/tlbflush.h | 18 ++++++++----
arch/arm/kernel/bugs.c | 2 +-
arch/arm/kernel/entry-ftrace.S | 4 +++
arch/arm/kernel/hw_breakpoint.c | 10 +++++++
arch/arm/mach-sunxi/mc_smp.c | 7 +----
arch/arm/mm/dma.h | 28 ++++++++++++++----
arch/arm/mm/proc-syms.c | 7 +----
arch/arm/mm/proc-v7-bugs.c | 4 +--
15 files changed, 182 insertions(+), 64 deletions(-)
---
base-commit: 6613476e225e090cc9aad49be7fa504e290dd33d
change-id: 20240115-arm32-cfi-65d60f201108
Best regards,