xref: /linux/arch/s390/kernel/stackprotector.c (revision 136114e0abf03005e182d75761ab694648e6d388) 
1f5730d44SHeiko Carstens // SPDX-License-Identifier: GPL-2.0
2f5730d44SHeiko Carstens 
3f5730d44SHeiko Carstens #ifndef pr_fmt
4f5730d44SHeiko Carstens #define pr_fmt(fmt)	"stackprot: " fmt
5f5730d44SHeiko Carstens #endif
6f5730d44SHeiko Carstens 
7f5730d44SHeiko Carstens #include <linux/export.h>
8*24c77635SRandy Dunlap #include <linux/hex.h>
9f5730d44SHeiko Carstens #include <linux/uaccess.h>
10f5730d44SHeiko Carstens #include <linux/printk.h>
11f5730d44SHeiko Carstens #include <asm/abs_lowcore.h>
12f5730d44SHeiko Carstens #include <asm/sections.h>
13f5730d44SHeiko Carstens #include <asm/machine.h>
14f5730d44SHeiko Carstens #include <asm/asm-offsets.h>
15f5730d44SHeiko Carstens #include <asm/arch-stackprotector.h>
16f5730d44SHeiko Carstens 
17f5730d44SHeiko Carstens #ifdef __DECOMPRESSOR
18f5730d44SHeiko Carstens 
19f5730d44SHeiko Carstens #define DEBUGP		boot_debug
20f5730d44SHeiko Carstens #define EMERGP		boot_emerg
21f5730d44SHeiko Carstens #define PANIC		boot_panic
22f5730d44SHeiko Carstens 
23f5730d44SHeiko Carstens #else /* __DECOMPRESSOR */
24f5730d44SHeiko Carstens 
25f5730d44SHeiko Carstens #define DEBUGP		pr_debug
26f5730d44SHeiko Carstens #define EMERGP		pr_emerg
27f5730d44SHeiko Carstens #define PANIC		panic
28f5730d44SHeiko Carstens 
29f5730d44SHeiko Carstens #endif /* __DECOMPRESSOR */
30f5730d44SHeiko Carstens 
31f5730d44SHeiko Carstens int __bootdata_preserved(stack_protector_debug);
32f5730d44SHeiko Carstens 
33f5730d44SHeiko Carstens unsigned long __stack_chk_guard;
34f5730d44SHeiko Carstens EXPORT_SYMBOL(__stack_chk_guard);
35f5730d44SHeiko Carstens 
36f5730d44SHeiko Carstens struct insn_ril {
37f5730d44SHeiko Carstens 	u8 opc1 : 8;
38f5730d44SHeiko Carstens 	u8 r1	: 4;
39f5730d44SHeiko Carstens 	u8 opc2 : 4;
40f5730d44SHeiko Carstens 	u32 imm;
41f5730d44SHeiko Carstens } __packed;
42f5730d44SHeiko Carstens 
43f5730d44SHeiko Carstens /*
44f5730d44SHeiko Carstens  * Convert a virtual instruction address to a real instruction address. The
45f5730d44SHeiko Carstens  * decompressor needs to patch instructions within the kernel image based on
46f5730d44SHeiko Carstens  * their virtual addresses, while dynamic address translation is still
47f5730d44SHeiko Carstens  * disabled. Therefore a translation from virtual kernel image addresses to
48f5730d44SHeiko Carstens  * the corresponding physical addresses is required.
49f5730d44SHeiko Carstens  *
50f5730d44SHeiko Carstens  * After dynamic address translation is enabled and when the kernel needs to
51f5730d44SHeiko Carstens  * patch instructions such a translation is not required since the addresses
52f5730d44SHeiko Carstens  * are identical.
53f5730d44SHeiko Carstens  */
vaddress_to_insn(unsigned long vaddress)54f5730d44SHeiko Carstens static struct insn_ril *vaddress_to_insn(unsigned long vaddress)
55f5730d44SHeiko Carstens {
56f5730d44SHeiko Carstens #ifdef __DECOMPRESSOR
57f5730d44SHeiko Carstens 	return (struct insn_ril *)__kernel_pa(vaddress);
58f5730d44SHeiko Carstens #else
59f5730d44SHeiko Carstens 	return (struct insn_ril *)vaddress;
60f5730d44SHeiko Carstens #endif
61f5730d44SHeiko Carstens }
62f5730d44SHeiko Carstens 
insn_to_vaddress(struct insn_ril * insn)63f5730d44SHeiko Carstens static unsigned long insn_to_vaddress(struct insn_ril *insn)
64f5730d44SHeiko Carstens {
65f5730d44SHeiko Carstens #ifdef __DECOMPRESSOR
66f5730d44SHeiko Carstens 	return (unsigned long)__kernel_va(insn);
67f5730d44SHeiko Carstens #else
68f5730d44SHeiko Carstens 	return (unsigned long)insn;
69f5730d44SHeiko Carstens #endif
70f5730d44SHeiko Carstens }
71f5730d44SHeiko Carstens 
72f5730d44SHeiko Carstens #define INSN_RIL_STRING_SIZE (sizeof(struct insn_ril) * 2 + 1)
73f5730d44SHeiko Carstens 
insn_ril_to_string(char * str,struct insn_ril * insn)74f5730d44SHeiko Carstens static void insn_ril_to_string(char *str, struct insn_ril *insn)
75f5730d44SHeiko Carstens {
76f5730d44SHeiko Carstens 	u8 *ptr = (u8 *)insn;
77f5730d44SHeiko Carstens 	int i;
78f5730d44SHeiko Carstens 
79f5730d44SHeiko Carstens 	for (i = 0; i < sizeof(*insn); i++)
80f5730d44SHeiko Carstens 		hex_byte_pack(&str[2 * i], ptr[i]);
81f5730d44SHeiko Carstens 	str[2 * i] = 0;
82f5730d44SHeiko Carstens }
83f5730d44SHeiko Carstens 
stack_protector_dump(struct insn_ril * old,struct insn_ril * new)84f5730d44SHeiko Carstens static void stack_protector_dump(struct insn_ril *old, struct insn_ril *new)
85f5730d44SHeiko Carstens {
86f5730d44SHeiko Carstens 	char ostr[INSN_RIL_STRING_SIZE];
87f5730d44SHeiko Carstens 	char nstr[INSN_RIL_STRING_SIZE];
88f5730d44SHeiko Carstens 
89f5730d44SHeiko Carstens 	insn_ril_to_string(ostr, old);
90f5730d44SHeiko Carstens 	insn_ril_to_string(nstr, new);
91f5730d44SHeiko Carstens 	DEBUGP("%016lx: %s -> %s\n", insn_to_vaddress(old), ostr, nstr);
92f5730d44SHeiko Carstens }
93f5730d44SHeiko Carstens 
stack_protector_verify(struct insn_ril * insn,unsigned long kernel_start)94f5730d44SHeiko Carstens static int stack_protector_verify(struct insn_ril *insn, unsigned long kernel_start)
95f5730d44SHeiko Carstens {
96f5730d44SHeiko Carstens 	char istr[INSN_RIL_STRING_SIZE];
97f5730d44SHeiko Carstens 	unsigned long vaddress, offset;
98f5730d44SHeiko Carstens 
99f5730d44SHeiko Carstens 	/* larl */
100f5730d44SHeiko Carstens 	if (insn->opc1 == 0xc0 && insn->opc2 == 0x0)
101f5730d44SHeiko Carstens 		return 0;
102f5730d44SHeiko Carstens 	/* lgrl */
103f5730d44SHeiko Carstens 	if (insn->opc1 == 0xc4 && insn->opc2 == 0x8)
104f5730d44SHeiko Carstens 		return 0;
105f5730d44SHeiko Carstens 	insn_ril_to_string(istr, insn);
106f5730d44SHeiko Carstens 	vaddress = insn_to_vaddress(insn);
107f5730d44SHeiko Carstens 	if (__is_defined(__DECOMPRESSOR)) {
108f5730d44SHeiko Carstens 		offset = (unsigned long)insn - kernel_start + TEXT_OFFSET;
109f5730d44SHeiko Carstens 		EMERGP("Unexpected instruction at %016lx/%016lx: %s\n", vaddress, offset, istr);
110f5730d44SHeiko Carstens 		PANIC("Stackprotector error\n");
111f5730d44SHeiko Carstens 	} else {
112f5730d44SHeiko Carstens 		EMERGP("Unexpected instruction at %016lx: %s\n", vaddress, istr);
113f5730d44SHeiko Carstens 	}
114f5730d44SHeiko Carstens 	return -EINVAL;
115f5730d44SHeiko Carstens }
116f5730d44SHeiko Carstens 
__stack_protector_apply(unsigned long * start,unsigned long * end,unsigned long kernel_start)117f5730d44SHeiko Carstens int __stack_protector_apply(unsigned long *start, unsigned long *end, unsigned long kernel_start)
118f5730d44SHeiko Carstens {
119f5730d44SHeiko Carstens 	unsigned long canary, *loc;
120f5730d44SHeiko Carstens 	struct insn_ril *insn, new;
121f5730d44SHeiko Carstens 	int rc;
122f5730d44SHeiko Carstens 
123f5730d44SHeiko Carstens 	/*
124f5730d44SHeiko Carstens 	 * Convert LARL/LGRL instructions to LLILF so register R1 contains the
125f5730d44SHeiko Carstens 	 * address of the per-cpu / per-process stack canary:
126f5730d44SHeiko Carstens 	 *
127f5730d44SHeiko Carstens 	 * LARL/LGRL R1,__stack_chk_guard => LLILF R1,__lc_stack_canary
128f5730d44SHeiko Carstens 	 */
129f5730d44SHeiko Carstens 	canary = __LC_STACK_CANARY;
130f5730d44SHeiko Carstens 	if (machine_has_relocated_lowcore())
131f5730d44SHeiko Carstens 		canary += LOWCORE_ALT_ADDRESS;
132f5730d44SHeiko Carstens 	for (loc = start; loc < end; loc++) {
133f5730d44SHeiko Carstens 		insn = vaddress_to_insn(*loc);
134f5730d44SHeiko Carstens 		rc = stack_protector_verify(insn, kernel_start);
135f5730d44SHeiko Carstens 		if (rc)
136f5730d44SHeiko Carstens 			return rc;
137f5730d44SHeiko Carstens 		new = *insn;
138f5730d44SHeiko Carstens 		new.opc1 = 0xc0;
139f5730d44SHeiko Carstens 		new.opc2 = 0xf;
140f5730d44SHeiko Carstens 		new.imm = canary;
141f5730d44SHeiko Carstens 		if (stack_protector_debug)
142f5730d44SHeiko Carstens 			stack_protector_dump(insn, &new);
143f5730d44SHeiko Carstens 		s390_kernel_write(insn, &new, sizeof(*insn));
144f5730d44SHeiko Carstens 	}
145f5730d44SHeiko Carstens 	return 0;
146f5730d44SHeiko Carstens }
147f5730d44SHeiko Carstens 
148f5730d44SHeiko Carstens #ifdef __DECOMPRESSOR
__stack_protector_apply_early(unsigned long kernel_start)149f5730d44SHeiko Carstens void __stack_protector_apply_early(unsigned long kernel_start)
150f5730d44SHeiko Carstens {
151f5730d44SHeiko Carstens 	unsigned long *start, *end;
152f5730d44SHeiko Carstens 
153f5730d44SHeiko Carstens 	start = (unsigned long *)vmlinux.stack_prot_start;
154f5730d44SHeiko Carstens 	end = (unsigned long *)vmlinux.stack_prot_end;
155f5730d44SHeiko Carstens 	__stack_protector_apply(start, end, kernel_start);
156f5730d44SHeiko Carstens }
157f5730d44SHeiko Carstens #endif
158