1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * Shadow Call Stack support.
4  *
5  * Copyright (C) 2019 Google LLC
6  */
7 
8 #ifndef _LINUX_SCS_H
9 #define _LINUX_SCS_H
10 
11 #include <linux/gfp.h>
12 #include <linux/poison.h>
13 #include <linux/sched.h>
14 #include <linux/sizes.h>
15 
16 #ifdef CONFIG_SHADOW_CALL_STACK
17 
18 /*
19  * In testing, 1 KiB shadow stack size (i.e. 128 stack frames on a 64-bit
20  * architecture) provided ~40% safety margin on stack usage while keeping
21  * memory allocation overhead reasonable.
22  */
23 #define SCS_SIZE		SZ_1K
24 #define GFP_SCS			(GFP_KERNEL | __GFP_ZERO)
25 
26 /* An illegal pointer value to mark the end of the shadow stack. */
27 #define SCS_END_MAGIC		(0x5f6UL + POISON_POINTER_DELTA)
28 
29 /* Allocate a static per-CPU shadow stack */
30 #define DEFINE_SCS(name)						\
31 	DEFINE_PER_CPU(unsigned long [SCS_SIZE/sizeof(long)], name)	\
32 
33 #define task_scs(tsk)		(task_thread_info(tsk)->scs_base)
34 #define task_scs_sp(tsk)	(task_thread_info(tsk)->scs_sp)
35 
36 void scs_init(void);
37 int scs_prepare(struct task_struct *tsk, int node);
38 void scs_release(struct task_struct *tsk);
39 
scs_task_reset(struct task_struct * tsk)40 static inline void scs_task_reset(struct task_struct *tsk)
41 {
42 	/*
43 	 * Reset the shadow stack to the base address in case the task
44 	 * is reused.
45 	 */
46 	task_scs_sp(tsk) = task_scs(tsk);
47 }
48 
__scs_magic(void * s)49 static inline unsigned long *__scs_magic(void *s)
50 {
51 	return (unsigned long *)(s + SCS_SIZE) - 1;
52 }
53 
task_scs_end_corrupted(struct task_struct * tsk)54 static inline bool task_scs_end_corrupted(struct task_struct *tsk)
55 {
56 	unsigned long *magic = __scs_magic(task_scs(tsk));
57 	unsigned long sz = task_scs_sp(tsk) - task_scs(tsk);
58 
59 	return sz >= SCS_SIZE - 1 || READ_ONCE_NOCHECK(*magic) != SCS_END_MAGIC;
60 }
61 
62 #else /* CONFIG_SHADOW_CALL_STACK */
63 
scs_init(void)64 static inline void scs_init(void) {}
scs_task_reset(struct task_struct * tsk)65 static inline void scs_task_reset(struct task_struct *tsk) {}
scs_prepare(struct task_struct * tsk,int node)66 static inline int scs_prepare(struct task_struct *tsk, int node) { return 0; }
scs_release(struct task_struct * tsk)67 static inline void scs_release(struct task_struct *tsk) {}
task_scs_end_corrupted(struct task_struct * tsk)68 static inline bool task_scs_end_corrupted(struct task_struct *tsk) { return false; }
69 
70 #endif /* CONFIG_SHADOW_CALL_STACK */
71 
72 #endif /* _LINUX_SCS_H */
73