• Mark Rutland's avatar
    arm64: split thread_info from task stack · c02433dd
    Mark Rutland authored
    This patch moves arm64's struct thread_info from the task stack into
    task_struct. This protects thread_info from corruption in the case of
    stack overflows, and makes its address harder to determine if stack
    addresses are leaked, making a number of attacks more difficult. Precise
    detection and handling of overflow is left for subsequent patches.
    
    Largely, this involves changing code to store the task_struct in sp_el0,
    and acquire the thread_info from the task struct. Core code now
    implements current_thread_info(), and as noted in <linux/sched.h> this
    relies on offsetof(task_struct, thread_info) == 0, enforced by core
    code.
    
    This change means that the 'tsk' register used in entry.S now points to
    a task_struct, rather than a thread_info as it used to. To make this
    clear, the TI_* field offsets are renamed to TSK_TI_*, with asm-offsets
    appropriately updated to account for the structural change.
    
    Userspace clobbers sp_el0, and we can no longer restore this from the
    stack. Instead, the current task is cached in a per-cpu variable that we
    can safely access from early assembly as interrupts are disabled (and we
    are thus not preemptible).
    
    Both secondary entry and idle are updated to stash the sp and task
    pointer separately.
    Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
    Tested-by: default avatarLaura Abbott <labbott@redhat.com>
    Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Cc: James Morse <james.morse@arm.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
    Cc: Will Deacon <will.deacon@arm.com>
    Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
    c02433dd
Kconfig 30.9 KB