Linux-api Archive on lore.kernel.org
 help / color / Atom feed
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	linux-mm@kvack.org, linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 0/5] Update selftests/x86 for CET
Date: Thu, 21 May 2020 14:17:15 -0700
Message-ID: <20200521211720.20236-1-yu-cheng.yu@intel.com> (raw)

When CET is enabled for selftests/x86, two tests need updates.

- The test 'sigreturn_64' does a sigreturn() from a 64-bit context into a
  32-bit context.  The task's 64-bit shadow stack pointer certainly
  triggers a fault.  Fix it by allocating and switching to a new shadow
  stack in the 32-bit address range.

  The arch_ptrcl(ARCH_X86_CET_ALLOC_SHSTK) is updated for taking a bit from
  the input parameter to indicate the desire of MAP_32BIT.  I am proposing
  this change to minimize API changes, but open to any alternatives.

- The test 'sysret_rip' fails because the assembly code needs ENDBR
  opcodes.  Fix it by adding just that.  My latest CET submission (v10)
  does not include the IBT patches.  My purpose of posting this now is to
  show the changes needed in x86 tests.  Since ENDBR is nop when IBT is not
  enabled, this patch can be applied now or split out and merged with the
  IBT patches.

- The makefile changes add "-fcf-protection -mshstk" to the gcc command,
  when those are available.

- Introduce cet_quick_test that checks the system's CET capabilities.

This series is based on my CET series:

https://lore.kernel.org/lkml/20200429220732.31602-2-yu-cheng.yu@intel.com/

Yu-cheng Yu (5):
  x86/cet/shstk: Modify ARCH_X86_CET_ALLOC_SHSTK for 32-bit address
    range
  selftest/x86: Enable CET for selftests/x86
  selftest/x86: Fix sigreturn_64 test.
  selftest/x86: Fix sysret_rip with ENDBR
  selftest/x86: Add CET quick test

 arch/x86/include/asm/cet.h                   |   2 +-
 arch/x86/include/uapi/asm/prctl.h            |   2 +
 arch/x86/kernel/cet.c                        |  19 ++-
 arch/x86/kernel/cet_prctl.c                  |   6 +-
 tools/testing/selftests/x86/Makefile         |   7 +-
 tools/testing/selftests/x86/cet_quick_test.c | 128 +++++++++++++++++++
 tools/testing/selftests/x86/sigreturn.c      |  28 ++++
 tools/testing/selftests/x86/sysret_rip.c     |   5 +-
 8 files changed, 185 insertions(+), 12 deletions(-)
 create mode 100644 tools/testing/selftests/x86/cet_quick_test.c

-- 
2.21.0


             reply index

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-21 21:17 Yu-cheng Yu [this message]
2020-05-21 21:17 ` [RFC PATCH 1/5] x86/cet/shstk: Modify ARCH_X86_CET_ALLOC_SHSTK for 32-bit address range Yu-cheng Yu
2020-05-21 22:43   ` Kees Cook
2020-05-21 21:17 ` [RFC PATCH 2/5] selftest/x86: Enable CET for selftests/x86 Yu-cheng Yu
2020-05-21 22:44   ` Kees Cook
2020-05-21 22:58     ` Yu-cheng Yu
2020-05-21 21:17 ` [RFC PATCH 3/5] selftest/x86: Fix sigreturn_64 test Yu-cheng Yu
2020-05-21 22:47   ` Kees Cook
2020-05-21 22:48   ` Kees Cook
2020-05-21 21:17 ` [RFC PATCH 4/5] selftest/x86: Fix sysret_rip with ENDBR Yu-cheng Yu
2020-05-21 21:34   ` Thomas Gleixner
2020-05-21 22:59     ` Yu-cheng Yu
2020-05-21 21:17 ` [RFC PATCH 5/5] selftest/x86: Add CET quick test Yu-cheng Yu
2020-05-21 23:02   ` Kees Cook
2020-05-21 23:23     ` Yu-cheng Yu
2020-05-22  9:28   ` Peter Zijlstra
2020-05-22 15:10     ` Yu-cheng Yu
2020-05-22 17:22     ` Kees Cook
2020-05-22 17:27       ` Peter Zijlstra
2020-05-22 17:36         ` Kees Cook
2020-05-22 18:07           ` Yu-cheng Yu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200521211720.20236-1-yu-cheng.yu@intel.com \
    --to=yu-cheng.yu@intel.com \
    --cc=Dave.Martin@arm.com \
    --cc=arnd@arndb.de \
    --cc=bp@alien8.de \
    --cc=bsingharora@gmail.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=esyr@redhat.com \
    --cc=fweimer@redhat.com \
    --cc=gorcunov@gmail.com \
    --cc=hjl.tools@gmail.com \
    --cc=hpa@zytor.com \
    --cc=jannh@google.com \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=mike.kravetz@oracle.com \
    --cc=mingo@redhat.com \
    --cc=nadav.amit@gmail.com \
    --cc=oleg@redhat.com \
    --cc=pavel@ucw.cz \
    --cc=peterz@infradead.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=rdunlap@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=vedvyas.shanbhogue@intel.com \
    --cc=weijiang.yang@intel.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-api Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-api/0 linux-api/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-api linux-api/ https://lore.kernel.org/linux-api \
		linux-api@vger.kernel.org
	public-inbox-index linux-api

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-api


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git