On Sun, May 07, 2023 at 10:11:32AM +0200, Ard Biesheuvel wrote:
On Sun, 7 May 2023 at 07:11, Greg KH gregkh@linuxfoundation.org wrote:
On Sat, May 06, 2023 at 02:34:33PM +0200, Ard Biesheuvel wrote:
All occurrences of the scs_load macro load the value of the shadow call stack pointer from the task which is current at that point. So instead of taking a task struct register argument in the scs_load macro to specify the task struct to load from, let's always reference the current task directly. This should make it much harder to exploit any instruction sequences reloading the shadow call stack pointer register from memory.
Signed-off-by: Ard Biesheuvel ardb@kernel.org Acked-by: Mark Rutland mark.rutland@arm.com Reviewed-by: Kees Cook keescook@chromium.org Link: https://lore.kernel.org/r/20230109174800.3286265-2-ardb@kernel.org Signed-off-by: Catalin Marinas catalin.marinas@arm.com Signed-off-by: Ard Biesheuvel ardb@kernel.org
arch/arm64/include/asm/scs.h | 7 ++++--- arch/arm64/kernel/entry.S | 4 ++-- arch/arm64/kernel/head.S | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-)
What is the git commit id of this in Linus's tree?
commit 2198d07c509f1db4a1185d1f65aaada794c6ea59 upstream.
Thanks, both now queued up!
greg k-h