LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Andy Lutomirski <luto@kernel.org>,
Balbir Singh <bsingharora@gmail.com>,
Borislav Petkov <bp@alien8.de>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Eugene Syromiatnikov <esyr@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
Peter Zijlstra <peterz@infradead.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Dave Martin <Dave.Martin@arm.com>,
Weijiang Yang <weijiang.yang@intel.com>,
Pengfei Xu <pengfei.xu@intel.com>,
Haitao Huang <haitao.huang@intel.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [PATCH v30 29/32] x86/cet/shstk: Add arch_prctl functions for shadow stack
Date: Mon, 30 Aug 2021 11:15:25 -0700 [thread overview]
Message-ID: <20210830181528.1569-30-yu-cheng.yu@intel.com> (raw)
In-Reply-To: <20210830181528.1569-1-yu-cheng.yu@intel.com>
arch_prctl(ARCH_X86_CET_STATUS, u64 *args)
Get CET feature status.
The parameter 'args' is a pointer to a user buffer. The kernel returns
the following information:
*args = shadow stack/IBT status
*(args + 1) = shadow stack base address
*(args + 2) = shadow stack size
32-bit binaries use the same interface, but only lower 32-bits of each
item.
arch_prctl(ARCH_X86_CET_DISABLE, unsigned int features)
Disable CET features specified in 'features'. Return -EPERM if CET is
locked.
arch_prctl(ARCH_X86_CET_LOCK)
Lock in CET features.
Also change do_arch_prctl_common()'s parameter 'cpuid_enabled' to
'arg2', as it is now also passed to prctl_cet().
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
arch/x86/include/asm/cet.h | 7 ++++
arch/x86/include/uapi/asm/prctl.h | 4 +++
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/cet_prctl.c | 60 +++++++++++++++++++++++++++++++
arch/x86/kernel/process.c | 6 ++--
5 files changed, 75 insertions(+), 3 deletions(-)
create mode 100644 arch/x86/kernel/cet_prctl.c
diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h
index 90e84a45b80d..fb32cb093ebb 100644
--- a/arch/x86/include/asm/cet.h
+++ b/arch/x86/include/asm/cet.h
@@ -10,6 +10,7 @@ struct task_struct;
struct thread_shstk {
u64 base;
u64 size;
+ u64 locked:1;
};
#ifdef CONFIG_X86_SHADOW_STACK
@@ -38,6 +39,12 @@ static inline int setup_signal_shadow_stack(int proc32, void __user *restorer) {
static inline int restore_signal_shadow_stack(void) { return 0; }
#endif
+#ifdef CONFIG_X86_SHADOW_STACK
+int prctl_cet(int option, u64 arg2);
+#else
+static inline int prctl_cet(int option, u64 arg2) { return -EINVAL; }
+#endif
+
#endif /* __ASSEMBLY__ */
#endif /* _ASM_X86_CET_H */
diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h
index 5a6aac9fa41f..9245bf629120 100644
--- a/arch/x86/include/uapi/asm/prctl.h
+++ b/arch/x86/include/uapi/asm/prctl.h
@@ -14,4 +14,8 @@
#define ARCH_MAP_VDSO_32 0x2002
#define ARCH_MAP_VDSO_64 0x2003
+#define ARCH_X86_CET_STATUS 0x3001
+#define ARCH_X86_CET_DISABLE 0x3002
+#define ARCH_X86_CET_LOCK 0x3003
+
#endif /* _ASM_X86_PRCTL_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 9e064845e497..39e826b5cabd 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -151,6 +151,7 @@ obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o
obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o
obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o
+obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o cet_prctl.o
###
# 64 bit specific files
ifeq ($(CONFIG_X86_64),y)
diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c
new file mode 100644
index 000000000000..b426d200e070
--- /dev/null
+++ b/arch/x86/kernel/cet_prctl.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/errno.h>
+#include <linux/uaccess.h>
+#include <linux/prctl.h>
+#include <linux/compat.h>
+#include <linux/mman.h>
+#include <linux/elfcore.h>
+#include <linux/processor.h>
+#include <asm/prctl.h>
+#include <asm/cet.h>
+
+/* See Documentation/x86/intel_cet.rst. */
+
+static int cet_copy_status_to_user(struct thread_shstk *shstk, u64 __user *ubuf)
+{
+ u64 buf[3] = {};
+
+ if (shstk->size) {
+ buf[0] |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
+ buf[1] = shstk->base;
+ buf[2] = shstk->size;
+ }
+
+ return copy_to_user(ubuf, buf, sizeof(buf));
+}
+
+int prctl_cet(int option, u64 arg2)
+{
+ struct thread_shstk *shstk;
+
+ if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
+ return -ENOTSUPP;
+
+ shstk = ¤t->thread.shstk;
+
+ if (option == ARCH_X86_CET_STATUS)
+ return cet_copy_status_to_user(shstk, (u64 __user *)arg2);
+
+ switch (option) {
+ case ARCH_X86_CET_DISABLE:
+ if (shstk->locked)
+ return -EPERM;
+
+ if (arg2 & ~GNU_PROPERTY_X86_FEATURE_1_VALID)
+ return -EINVAL;
+ if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)
+ shstk_disable();
+ return 0;
+
+ case ARCH_X86_CET_LOCK:
+ if (arg2)
+ return -EINVAL;
+ shstk->locked = 1;
+ return 0;
+
+ default:
+ return -ENOSYS;
+ }
+}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index bade6a594d63..7d8ccebdcab1 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -1006,14 +1006,14 @@ unsigned long get_wchan(struct task_struct *p)
}
long do_arch_prctl_common(struct task_struct *task, int option,
- unsigned long cpuid_enabled)
+ unsigned long arg2)
{
switch (option) {
case ARCH_GET_CPUID:
return get_cpuid_mode();
case ARCH_SET_CPUID:
- return set_cpuid_mode(task, cpuid_enabled);
+ return set_cpuid_mode(task, arg2);
}
- return -EINVAL;
+ return prctl_cet(option, arg2);
}
--
2.21.0
next prev parent reply other threads:[~2021-08-30 18:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 18:14 [PATCH v30 00/32] Control-flow Enforcement: Shadow Stack Yu-cheng Yu
2021-08-30 18:14 ` [PATCH v30 01/32] Documentation/x86: Add CET description Yu-cheng Yu
2021-10-05 14:26 ` Dave Hansen
2021-08-30 18:14 ` [PATCH v30 02/32] x86/cet/shstk: Add Kconfig option for Shadow Stack Yu-cheng Yu
2021-08-30 18:14 ` [PATCH v30 03/32] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET) Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 04/32] x86/cpufeatures: Introduce CPU setup and option parsing for CET Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 05/32] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 06/32] x86/cet: Add control-protection fault handler Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 07/32] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 08/32] x86/mm: Move pmd_write(), pud_write() up in the file Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 09/32] x86/mm: Introduce _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 10/32] drm/i915/gvt: Change _PAGE_DIRTY to _PAGE_DIRTY_BITS Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 11/32] x86/mm: Update pte_modify for _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 12/32] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 13/32] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 14/32] mm: Introduce VM_SHADOW_STACK for shadow stack memory Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 15/32] x86/mm: Check Shadow Stack page fault errors Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 16/32] x86/mm: Update maybe_mkwrite() for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 17/32] mm: Fixup places that call pte_mkwrite() directly Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 18/32] mm: Add guard pages around a shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 19/32] mm/mmap: Add shadow stack pages to memory accounting Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 20/32] mm: Update can_follow_write_pte() for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 21/32] mm/mprotect: Exclude shadow stack from preserve_write Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 22/32] mm: Re-introduce vm_flags to do_mmap() Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 23/32] x86/cet/shstk: Add user-mode shadow stack support Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 24/32] x86/process: Change copy_thread() argument 'arg' to 'stack_size' Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 25/32] x86/cet/shstk: Handle thread shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 26/32] x86/cet/shstk: Introduce shadow stack token setup/verify routines Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 27/32] x86/cet/shstk: Handle signals for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 28/32] ELF: Introduce arch_setup_elf_property() Yu-cheng Yu
2021-08-30 18:15 ` Yu-cheng Yu [this message]
2021-08-30 18:15 ` [PATCH v30 30/32] mm: Move arch_calc_vm_prot_bits() to arch/x86/include/asm/mman.h Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 31/32] mm: Update arch_validate_flags() to test vma anonymous Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 32/32] mm: Introduce PROT_SHADOW_STACK for shadow stack Yu-cheng Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210830181528.1569-30-yu-cheng.yu@intel.com \
--to=yu-cheng.yu@intel.com \
--cc=Dave.Martin@arm.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=gorcunov@gmail.com \
--cc=haitao.huang@intel.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=oleg@redhat.com \
--cc=pavel@ucw.cz \
--cc=pengfei.xu@intel.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).