From: Eugene Syromiatnikov <esyr@redhat.com> To: Yu-cheng Yu <yu-cheng.yu@intel.com> Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@amacapital.net>, Balbir Singh <bsingharora@gmail.com>, Cyrill Gorcunov <gorcunov@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, Florian Weimer <fweimer@redhat.com>, "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>, Mike Kravetz <mike.kravetz@oracle.com>, Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>Peter Subject: Re: [RFC PATCH v4 26/27] x86/cet/shstk: Add arch_prctl functions for Shadow Stack Date: Wed, 3 Oct 2018 19:57:25 +0200 [thread overview] Message-ID: <20181003175725.GD32759@asgard.redhat.com> (raw) In-Reply-To: <20180921150351.20898-27-yu-cheng.yu@intel.com> On Fri, Sep 21, 2018 at 08:03:50AM -0700, Yu-cheng Yu wrote: > arch_prctl(ARCH_CET_STATUS, unsigned long *addr) > Return CET feature status. > > The parameter 'addr' is a pointer to a user buffer. > On returning to the caller, the kernel fills the following > information: > > *addr = SHSTK/IBT status > *(addr + 1) = SHSTK base address > *(addr + 2) = SHSTK size The subtle detail here is that x32 binaries will get 64-bit value, which is not entirely obvious. I think, it might be better to define a structure type for it as a part of UAPI, for example: struct user_cet_status { __u32 struct_size; __u32 features; __kernel_ulong_t shstk_base; __kernel_ulong_t shstk_size; }; Adding "struct_size" field along with appropriate checks will also allow for possible extensions, if they ever appear. > arch_prctl(ARCH_CET_DISABLE, unsigned long features) > Disable CET features specified in 'features'. Return > -EPERM if CET is locked. While x86_64 and x32 will have 64-bit space for feature bits, IA-32 will have only 32 bits. > arch_prctl(ARCH_CET_LOCK) > Lock in CET feature. > > arch_prctl(ARCH_CET_ALLOC_SHSTK, unsigned long *addr) > Allocate a new SHSTK. > > The parameter 'addr' is a pointer to a user buffer and indicates > the desired SHSTK size to allocate. On returning to the caller > the buffer contains the address of the new SHSTK. Again, on x32 that will be a pointer to a 64-bit value, which is not entirely obvious from this description. It's not clear whether inability to enable some CET feature in runtime is unavailable by design or by omission; same for setting (an allocated) shadow stack as task's shadow stack. > > Signed-off-by: H.J. Lu <hjl.tools@gmail.com> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> > --- > arch/x86/include/asm/cet.h | 5 ++ > arch/x86/include/uapi/asm/prctl.h | 5 ++ > arch/x86/kernel/Makefile | 2 +- > arch/x86/kernel/cet.c | 27 +++++++++++ > arch/x86/kernel/cet_prctl.c | 79 +++++++++++++++++++++++++++++++ > arch/x86/kernel/process.c | 5 ++ > 6 files changed, 122 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/kernel/cet_prctl.c > > diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h > index b7b33e1026bb..212bd68e31d3 100644 > --- a/arch/x86/include/asm/cet.h > +++ b/arch/x86/include/asm/cet.h > @@ -12,19 +12,24 @@ struct task_struct; > struct cet_status { > unsigned long shstk_base; > unsigned long shstk_size; > + unsigned int locked:1; > unsigned int shstk_enabled:1; > }; > > #ifdef CONFIG_X86_INTEL_CET > +int prctl_cet(int option, unsigned long arg2); > int cet_setup_shstk(void); > int cet_setup_thread_shstk(struct task_struct *p); > +int cet_alloc_shstk(unsigned long *arg); > void cet_disable_shstk(void); > void cet_disable_free_shstk(struct task_struct *p); > int cet_restore_signal(unsigned long ssp); > int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp); > #else > +static inline int prctl_cet(int option, unsigned long arg2) { return 0; } Why 0 and not -EINVAL? > static inline int cet_setup_shstk(void) { return 0; } 0 here also looks strange. > static inline int cet_setup_thread_shstk(struct task_struct *p) { return 0; } And here. > +static inline int cet_alloc_shstk(unsigned long *arg) { return -EINVAL; } > static inline void cet_disable_shstk(void) {} > static inline void cet_disable_free_shstk(struct task_struct *p) {} > static inline int cet_restore_signal(unsigned long ssp) { return 0; } > diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h > index 5a6aac9fa41f..3aec1088e01d 100644 > --- a/arch/x86/include/uapi/asm/prctl.h > +++ b/arch/x86/include/uapi/asm/prctl.h > @@ -14,4 +14,9 @@ > #define ARCH_MAP_VDSO_32 0x2002 > #define ARCH_MAP_VDSO_64 0x2003 > > +#define ARCH_CET_STATUS 0x3001 > +#define ARCH_CET_DISABLE 0x3002 > +#define ARCH_CET_LOCK 0x3003 > +#define ARCH_CET_ALLOC_SHSTK 0x3004 > + > #endif /* _ASM_X86_PRCTL_H */ > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 36b14ef410c8..b9e6cdc6b4f7 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -139,7 +139,7 @@ obj-$(CONFIG_UNWINDER_ORC) += unwind_orc.o > obj-$(CONFIG_UNWINDER_FRAME_POINTER) += unwind_frame.o > obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o > > -obj-$(CONFIG_X86_INTEL_CET) += cet.o > +obj-$(CONFIG_X86_INTEL_CET) += cet.o cet_prctl.o > > obj-$(CONFIG_ARCH_HAS_PROGRAM_PROPERTIES) += elf.o > > diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c > index ce0b3b7b1160..1c2689738604 100644 > --- a/arch/x86/kernel/cet.c > +++ b/arch/x86/kernel/cet.c > @@ -110,6 +110,33 @@ static int create_rstor_token(bool ia32, unsigned long ssp, > return 0; > } > > +int cet_alloc_shstk(unsigned long *arg) > +{ > + unsigned long len = *arg; > + unsigned long addr; > + unsigned long token; > + unsigned long ssp; > + > + addr = do_mmap_locked(0, len, PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE, VM_SHSTK); > + if (addr >= TASK_SIZE_MAX) > + return -ENOMEM; > + > + /* Restore token is 8 bytes and aligned to 8 bytes */ > + ssp = addr + len; > + token = ssp; > + > + if (!in_ia32_syscall()) > + token |= 1; This pair of check and bit or'ing definitely asks for a macro or a wrapper function. > + ssp -= 8; > + > + if (write_user_shstk_64(ssp, token)) > + return -EINVAL; Shouldn't addr be unmapped on error? > + *arg = addr; > + return 0; > +} > + > int cet_setup_shstk(void) > { > unsigned long addr, size; > diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c > new file mode 100644 > index 000000000000..c4b7c19f5040 > --- /dev/null > +++ b/arch/x86/kernel/cet_prctl.c > @@ -0,0 +1,79 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + > +#include <linux/errno.h> > +#include <linux/uaccess.h> > +#include <linux/prctl.h> > +#include <linux/compat.h> > +#include <asm/processor.h> > +#include <asm/prctl.h> > +#include <asm/elf.h> > +#include <asm/elf_property.h> > +#include <asm/cet.h> > + > +/* See Documentation/x86/intel_cet.txt. */ > + > +static int handle_get_status(unsigned long arg2) > +{ > + unsigned int features = 0; > + unsigned long shstk_base, shstk_size; > + unsigned long buf[3]; > + > + if (current->thread.cet.shstk_enabled) > + features |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + > + shstk_base = current->thread.cet.shstk_base; > + shstk_size = current->thread.cet.shstk_size; > + > + buf[0] = (unsigned long)features; > + buf[1] = shstk_base; > + buf[2] = shstk_size; > + return copy_to_user((unsigned long __user *)arg2, buf, > + sizeof(buf)); > +} > + > +static int handle_alloc_shstk(unsigned long arg2) > +{ > + int err = 0; > + unsigned long shstk_size = 0; > + > + if (get_user(shstk_size, (unsigned long __user *)arg2)) > + return -EFAULT; > + > + err = cet_alloc_shstk(&shstk_size); > + if (err) > + return err; > + > + if (put_user(shstk_size, (unsigned long __user *)arg2)) Again, leaking allocated stack. > + return -EFAULT; > + > + return 0; > +} > + > +int prctl_cet(int option, unsigned long arg2) > +{ > + if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) > + return -EINVAL; > + > + switch (option) { > + case ARCH_CET_STATUS: > + return handle_get_status(arg2); > + > + case ARCH_CET_DISABLE: > + if (current->thread.cet.locked) > + return -EPERM; > + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) > + cet_disable_free_shstk(current); The rest of bits in arg2 should be 0, otherwise this interface won't be possible to extend. > + return 0; > + > + case ARCH_CET_LOCK: > + current->thread.cet.locked = 1; > + return 0; > + > + case ARCH_CET_ALLOC_SHSTK: > + return handle_alloc_shstk(arg2); > + > + default: > + return -EINVAL; > + } > +} > diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c > index 440f012ef925..251b8714f9a3 100644 > --- a/arch/x86/kernel/process.c > +++ b/arch/x86/kernel/process.c > @@ -792,6 +792,11 @@ long do_arch_prctl_common(struct task_struct *task, int option, > return get_cpuid_mode(); > case ARCH_SET_CPUID: > return set_cpuid_mode(task, cpuid_enabled); > + case ARCH_CET_STATUS: > + case ARCH_CET_DISABLE: > + case ARCH_CET_LOCK: > + case ARCH_CET_ALLOC_SHSTK: > + return prctl_cet(option, cpuid_enabled); It's probably a good opportunity to change the strange name for an argument of a dispatch call.
WARNING: multiple messages have this Message-ID (diff)
From: Eugene Syromiatnikov <esyr@redhat.com> To: Yu-cheng Yu <yu-cheng.yu@intel.com> Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@amacapital.net>, Balbir Singh <bsingharora@gmail.com>, Cyrill Gorcunov <gorcunov@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, Florian Weimer <fweimer@redhat.com>, "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>, Mike Kravetz <mike.kravetz@oracle.com>, Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>, Peter Zijlstra <peterz@infradead.org>, Randy Dunlap <rdunlap@infradead.org>, "Ravi V. Shankar" <ravi.v.shankar@intel.com>, Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com> Subject: Re: [RFC PATCH v4 26/27] x86/cet/shstk: Add arch_prctl functions for Shadow Stack Date: Wed, 3 Oct 2018 19:57:25 +0200 [thread overview] Message-ID: <20181003175725.GD32759@asgard.redhat.com> (raw) Message-ID: <20181003175725.Jo5WBzGNwZVluOLehmlHm57Q_6OfQao34fytXorv02A@z> (raw) In-Reply-To: <20180921150351.20898-27-yu-cheng.yu@intel.com> On Fri, Sep 21, 2018 at 08:03:50AM -0700, Yu-cheng Yu wrote: > arch_prctl(ARCH_CET_STATUS, unsigned long *addr) > Return CET feature status. > > The parameter 'addr' is a pointer to a user buffer. > On returning to the caller, the kernel fills the following > information: > > *addr = SHSTK/IBT status > *(addr + 1) = SHSTK base address > *(addr + 2) = SHSTK size The subtle detail here is that x32 binaries will get 64-bit value, which is not entirely obvious. I think, it might be better to define a structure type for it as a part of UAPI, for example: struct user_cet_status { __u32 struct_size; __u32 features; __kernel_ulong_t shstk_base; __kernel_ulong_t shstk_size; }; Adding "struct_size" field along with appropriate checks will also allow for possible extensions, if they ever appear. > arch_prctl(ARCH_CET_DISABLE, unsigned long features) > Disable CET features specified in 'features'. Return > -EPERM if CET is locked. While x86_64 and x32 will have 64-bit space for feature bits, IA-32 will have only 32 bits. > arch_prctl(ARCH_CET_LOCK) > Lock in CET feature. > > arch_prctl(ARCH_CET_ALLOC_SHSTK, unsigned long *addr) > Allocate a new SHSTK. > > The parameter 'addr' is a pointer to a user buffer and indicates > the desired SHSTK size to allocate. On returning to the caller > the buffer contains the address of the new SHSTK. Again, on x32 that will be a pointer to a 64-bit value, which is not entirely obvious from this description. It's not clear whether inability to enable some CET feature in runtime is unavailable by design or by omission; same for setting (an allocated) shadow stack as task's shadow stack. > > Signed-off-by: H.J. Lu <hjl.tools@gmail.com> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> > --- > arch/x86/include/asm/cet.h | 5 ++ > arch/x86/include/uapi/asm/prctl.h | 5 ++ > arch/x86/kernel/Makefile | 2 +- > arch/x86/kernel/cet.c | 27 +++++++++++ > arch/x86/kernel/cet_prctl.c | 79 +++++++++++++++++++++++++++++++ > arch/x86/kernel/process.c | 5 ++ > 6 files changed, 122 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/kernel/cet_prctl.c > > diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h > index b7b33e1026bb..212bd68e31d3 100644 > --- a/arch/x86/include/asm/cet.h > +++ b/arch/x86/include/asm/cet.h > @@ -12,19 +12,24 @@ struct task_struct; > struct cet_status { > unsigned long shstk_base; > unsigned long shstk_size; > + unsigned int locked:1; > unsigned int shstk_enabled:1; > }; > > #ifdef CONFIG_X86_INTEL_CET > +int prctl_cet(int option, unsigned long arg2); > int cet_setup_shstk(void); > int cet_setup_thread_shstk(struct task_struct *p); > +int cet_alloc_shstk(unsigned long *arg); > void cet_disable_shstk(void); > void cet_disable_free_shstk(struct task_struct *p); > int cet_restore_signal(unsigned long ssp); > int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp); > #else > +static inline int prctl_cet(int option, unsigned long arg2) { return 0; } Why 0 and not -EINVAL? > static inline int cet_setup_shstk(void) { return 0; } 0 here also looks strange. > static inline int cet_setup_thread_shstk(struct task_struct *p) { return 0; } And here. > +static inline int cet_alloc_shstk(unsigned long *arg) { return -EINVAL; } > static inline void cet_disable_shstk(void) {} > static inline void cet_disable_free_shstk(struct task_struct *p) {} > static inline int cet_restore_signal(unsigned long ssp) { return 0; } > diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h > index 5a6aac9fa41f..3aec1088e01d 100644 > --- a/arch/x86/include/uapi/asm/prctl.h > +++ b/arch/x86/include/uapi/asm/prctl.h > @@ -14,4 +14,9 @@ > #define ARCH_MAP_VDSO_32 0x2002 > #define ARCH_MAP_VDSO_64 0x2003 > > +#define ARCH_CET_STATUS 0x3001 > +#define ARCH_CET_DISABLE 0x3002 > +#define ARCH_CET_LOCK 0x3003 > +#define ARCH_CET_ALLOC_SHSTK 0x3004 > + > #endif /* _ASM_X86_PRCTL_H */ > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 36b14ef410c8..b9e6cdc6b4f7 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -139,7 +139,7 @@ obj-$(CONFIG_UNWINDER_ORC) += unwind_orc.o > obj-$(CONFIG_UNWINDER_FRAME_POINTER) += unwind_frame.o > obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o > > -obj-$(CONFIG_X86_INTEL_CET) += cet.o > +obj-$(CONFIG_X86_INTEL_CET) += cet.o cet_prctl.o > > obj-$(CONFIG_ARCH_HAS_PROGRAM_PROPERTIES) += elf.o > > diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c > index ce0b3b7b1160..1c2689738604 100644 > --- a/arch/x86/kernel/cet.c > +++ b/arch/x86/kernel/cet.c > @@ -110,6 +110,33 @@ static int create_rstor_token(bool ia32, unsigned long ssp, > return 0; > } > > +int cet_alloc_shstk(unsigned long *arg) > +{ > + unsigned long len = *arg; > + unsigned long addr; > + unsigned long token; > + unsigned long ssp; > + > + addr = do_mmap_locked(0, len, PROT_READ, > + MAP_ANONYMOUS | MAP_PRIVATE, VM_SHSTK); > + if (addr >= TASK_SIZE_MAX) > + return -ENOMEM; > + > + /* Restore token is 8 bytes and aligned to 8 bytes */ > + ssp = addr + len; > + token = ssp; > + > + if (!in_ia32_syscall()) > + token |= 1; This pair of check and bit or'ing definitely asks for a macro or a wrapper function. > + ssp -= 8; > + > + if (write_user_shstk_64(ssp, token)) > + return -EINVAL; Shouldn't addr be unmapped on error? > + *arg = addr; > + return 0; > +} > + > int cet_setup_shstk(void) > { > unsigned long addr, size; > diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c > new file mode 100644 > index 000000000000..c4b7c19f5040 > --- /dev/null > +++ b/arch/x86/kernel/cet_prctl.c > @@ -0,0 +1,79 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + > +#include <linux/errno.h> > +#include <linux/uaccess.h> > +#include <linux/prctl.h> > +#include <linux/compat.h> > +#include <asm/processor.h> > +#include <asm/prctl.h> > +#include <asm/elf.h> > +#include <asm/elf_property.h> > +#include <asm/cet.h> > + > +/* See Documentation/x86/intel_cet.txt. */ > + > +static int handle_get_status(unsigned long arg2) > +{ > + unsigned int features = 0; > + unsigned long shstk_base, shstk_size; > + unsigned long buf[3]; > + > + if (current->thread.cet.shstk_enabled) > + features |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + > + shstk_base = current->thread.cet.shstk_base; > + shstk_size = current->thread.cet.shstk_size; > + > + buf[0] = (unsigned long)features; > + buf[1] = shstk_base; > + buf[2] = shstk_size; > + return copy_to_user((unsigned long __user *)arg2, buf, > + sizeof(buf)); > +} > + > +static int handle_alloc_shstk(unsigned long arg2) > +{ > + int err = 0; > + unsigned long shstk_size = 0; > + > + if (get_user(shstk_size, (unsigned long __user *)arg2)) > + return -EFAULT; > + > + err = cet_alloc_shstk(&shstk_size); > + if (err) > + return err; > + > + if (put_user(shstk_size, (unsigned long __user *)arg2)) Again, leaking allocated stack. > + return -EFAULT; > + > + return 0; > +} > + > +int prctl_cet(int option, unsigned long arg2) > +{ > + if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) > + return -EINVAL; > + > + switch (option) { > + case ARCH_CET_STATUS: > + return handle_get_status(arg2); > + > + case ARCH_CET_DISABLE: > + if (current->thread.cet.locked) > + return -EPERM; > + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) > + cet_disable_free_shstk(current); The rest of bits in arg2 should be 0, otherwise this interface won't be possible to extend. > + return 0; > + > + case ARCH_CET_LOCK: > + current->thread.cet.locked = 1; > + return 0; > + > + case ARCH_CET_ALLOC_SHSTK: > + return handle_alloc_shstk(arg2); > + > + default: > + return -EINVAL; > + } > +} > diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c > index 440f012ef925..251b8714f9a3 100644 > --- a/arch/x86/kernel/process.c > +++ b/arch/x86/kernel/process.c > @@ -792,6 +792,11 @@ long do_arch_prctl_common(struct task_struct *task, int option, > return get_cpuid_mode(); > case ARCH_SET_CPUID: > return set_cpuid_mode(task, cpuid_enabled); > + case ARCH_CET_STATUS: > + case ARCH_CET_DISABLE: > + case ARCH_CET_LOCK: > + case ARCH_CET_ALLOC_SHSTK: > + return prctl_cet(option, cpuid_enabled); It's probably a good opportunity to change the strange name for an argument of a dispatch call.
next prev parent reply other threads:[~2018-10-03 17:57 UTC|newest] Thread overview: 142+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-09-21 15:03 [RFC PATCH v4 00/27] Control Flow Enforcement: Shadow Stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 01/27] x86/cpufeatures: Add CPUIDs for Control-flow Enforcement Technology (CET) Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-25 16:27 ` Peter Zijlstra 2018-09-25 16:27 ` Peter Zijlstra 2018-09-25 16:29 ` Yu-cheng Yu 2018-09-25 16:29 ` Yu-cheng Yu 2018-09-28 16:51 ` Borislav Petkov 2018-09-28 16:51 ` Borislav Petkov 2018-09-28 16:56 ` Yu-cheng Yu 2018-09-28 16:56 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 02/27] x86/fpu/xstate: Change some names to separate XSAVES system and user states Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-25 16:37 ` Peter Zijlstra 2018-09-25 16:37 ` Peter Zijlstra 2018-10-02 15:29 ` Borislav Petkov 2018-10-02 15:29 ` Borislav Petkov 2018-10-02 16:21 ` Yu-cheng Yu 2018-10-02 16:21 ` Yu-cheng Yu 2018-10-02 16:30 ` Dave Hansen 2018-10-02 16:30 ` Dave Hansen 2018-10-02 16:37 ` Borislav Petkov 2018-10-02 16:37 ` Borislav Petkov 2018-10-02 16:39 ` Dave Hansen 2018-10-02 16:39 ` Dave Hansen 2018-10-02 16:43 ` Yu-cheng Yu 2018-10-02 16:43 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 03/27] x86/fpu/xstate: Enable XSAVES system states Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-25 17:03 ` Peter Zijlstra 2018-09-25 17:03 ` Peter Zijlstra 2018-09-25 17:23 ` Yu-cheng Yu 2018-09-25 17:23 ` Yu-cheng Yu 2018-10-02 17:15 ` Borislav Petkov 2018-10-02 17:15 ` Borislav Petkov 2018-10-04 15:47 ` Yu-cheng Yu 2018-10-04 15:47 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 04/27] x86/fpu/xstate: Add XSAVES system states for shadow stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 05/27] Documentation/x86: Add CET description Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 06/27] x86/cet: Control protection exception handler Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 10:39 ` Eugene Syromiatnikov 2018-10-03 10:39 ` Eugene Syromiatnikov 2018-10-03 16:11 ` Yu-cheng Yu 2018-10-03 16:11 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 07/27] x86/cet/shstk: Add Kconfig option for user-mode shadow stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 08/27] mm: Introduce VM_SHSTK for shadow stack memory Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 09/27] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 13:38 ` Matthew Wilcox 2018-10-03 13:38 ` Matthew Wilcox 2018-10-03 14:05 ` Dave Hansen 2018-10-03 14:05 ` Dave Hansen 2018-10-03 16:07 ` Yu-cheng Yu 2018-10-03 16:07 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 10/27] drm/i915/gvt: Update _PAGE_DIRTY to _PAGE_DIRTY_BITS Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 13:19 ` Eugene Syromiatnikov 2018-10-03 13:19 ` Eugene Syromiatnikov 2018-09-21 15:03 ` [RFC PATCH v4 11/27] x86/mm: Introduce _PAGE_DIRTY_SW Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 12/27] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 13/27] x86/mm: Shadow stack page fault error checking Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 14/27] mm: Handle shadow stack page fault Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 15/27] mm: Handle THP/HugeTLB " Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 16/27] mm: Update can_follow_write_pte/pmd for shadow stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 17/27] mm: Introduce do_mmap_locked() Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 18/27] x86/cet/shstk: User-mode shadow stack support Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 15:08 ` Eugene Syromiatnikov 2018-10-03 15:08 ` Eugene Syromiatnikov 2018-10-03 15:12 ` Yu-cheng Yu 2018-10-03 15:12 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 19/27] x86/cet/shstk: Introduce WRUSS instruction Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 4:15 ` Eugene Syromiatnikov 2018-10-03 4:15 ` Eugene Syromiatnikov 2018-09-21 15:03 ` [RFC PATCH v4 20/27] x86/cet/shstk: Signal handling for shadow stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 14:36 ` Eugene Syromiatnikov 2018-10-03 14:36 ` Eugene Syromiatnikov 2018-10-03 16:46 ` Jann Horn 2018-10-03 16:46 ` Jann Horn 2018-09-21 15:03 ` [RFC PATCH v4 21/27] x86/cet/shstk: ELF header parsing of Shadow Stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 23:27 ` Eugene Syromiatnikov 2018-10-03 23:27 ` Eugene Syromiatnikov 2018-10-09 21:15 ` Yu-cheng Yu 2018-10-09 21:15 ` Yu-cheng Yu 2018-10-15 23:40 ` Kees Cook 2018-10-15 23:40 ` Kees Cook 2018-10-16 17:23 ` Yu-cheng Yu 2018-10-16 17:23 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 22/27] x86/cet/shstk: Handle thread shadow stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 23/27] mm/map: Add Shadow stack pages to memory accounting Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 16:55 ` Randy Dunlap 2018-09-21 16:55 ` Randy Dunlap 2018-09-21 17:21 ` Yu-cheng Yu 2018-09-21 17:21 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 24/27] mm/mmap: Create a guard area between VMAs Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 4:56 ` Eugene Syromiatnikov 2018-10-03 4:56 ` Eugene Syromiatnikov 2018-10-03 5:36 ` Andy Lutomirski 2018-10-03 5:36 ` Andy Lutomirski 2018-10-03 16:00 ` Yu-cheng Yu 2018-10-03 16:00 ` Yu-cheng Yu 2018-10-03 16:18 ` Andy Lutomirski 2018-10-03 16:18 ` Andy Lutomirski 2018-10-03 16:32 ` Eugene Syromiatnikov 2018-10-03 16:32 ` Eugene Syromiatnikov 2018-10-03 16:40 ` Yu-cheng Yu 2018-10-03 16:40 ` Yu-cheng Yu 2018-10-03 16:52 ` Jann Horn 2018-10-03 16:52 ` Jann Horn 2018-10-03 21:21 ` Eugene Syromiatnikov 2018-10-03 21:21 ` Eugene Syromiatnikov 2018-09-21 15:03 ` [RFC PATCH v4 25/27] mm/mmap: Prevent Shadow Stack VMA merges Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 15:03 ` [RFC PATCH v4 26/27] x86/cet/shstk: Add arch_prctl functions for Shadow Stack Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-10-03 17:57 ` Eugene Syromiatnikov [this message] 2018-10-03 17:57 ` Eugene Syromiatnikov 2018-09-21 15:03 ` [RFC PATCH v4 27/27] x86/cet/shstk: Add Shadow Stack instructions to opcode map Yu-cheng Yu 2018-09-21 15:03 ` Yu-cheng Yu 2018-09-21 22:53 ` [RFC PATCH v4 00/27] Control Flow Enforcement: Shadow Stack Dave Hansen 2018-09-21 22:53 ` Dave Hansen 2018-09-24 15:25 ` Yu-cheng Yu 2018-09-24 15:25 ` Yu-cheng Yu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181003175725.GD32759@asgard.redhat.com \ --to=esyr@redhat.com \ --cc=arnd@arndb.de \ --cc=bsingharora@gmail.com \ --cc=corbet@lwn.net \ --cc=dave.hansen@linux.intel.com \ --cc=fweimer@redhat.com \ --cc=gorcunov@gmail.com \ --cc=hjl.tools@gmail.com \ --cc=hpa@zytor.com \ --cc=jannh@google.com \ --cc=keescook@chromium.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@amacapital.net \ --cc=mike.kravetz@oracle.com \ --cc=mingo@redhat.com \ --cc=nadav.amit@gmail.com \ --cc=oleg@redhat.com \ --cc=pavel@ucw.cz \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ --cc=yu-cheng.yu@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).