From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 637ADC38142
	for <linux-mm@archiver.kernel.org>; Fri, 20 Jan 2023 00:46:30 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D1E846B0074; Thu, 19 Jan 2023 19:46:29 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CA6D16B0075; Thu, 19 Jan 2023 19:46:29 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B47486B0078; Thu, 19 Jan 2023 19:46:29 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id A109F6B0074
	for <linux-mm@kvack.org>; Thu, 19 Jan 2023 19:46:29 -0500 (EST)
Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 68BD2A0A0C
	for <linux-mm@kvack.org>; Fri, 20 Jan 2023 00:46:29 +0000 (UTC)
X-FDA: 80373336498.29.EB21529
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43])
	by imf13.hostedemail.com (Postfix) with ESMTP id 375D72000D
	for <linux-mm@kvack.org>; Fri, 20 Jan 2023 00:46:26 +0000 (UTC)
Authentication-Results: imf13.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=mrcA3bRA;
	spf=pass (imf13.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.43 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1674175587;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=P1wnVSZdra+euEs7ZvKDTGyvbT6g6viojgbgmEshJwE=;
	b=JcIMY8pPhBp0O5KccIWa9Uyv9pcJrocAI1QCfSUFY4co0Fqr+1sABtxMctui+oPT7JNPp+
	cd2G5voNqZTaQ7Zj5podwoU8d/pxzRNNcHuanQRvQNZhcwngbVnDXrv1yfbKMdaaAAjtkr
	YSeuh7sRVjGYpzyoCs3QjnjNByRLavQ=
ARC-Authentication-Results: i=1;
	imf13.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=mrcA3bRA;
	spf=pass (imf13.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.43 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674175587; a=rsa-sha256;
	cv=none;
	b=T3pbJUvZFEek6c8+Kd9qP3Fc+scdEZmF7N5mP5XA9MJg64D93dmfK/wPa8zqH5iFKkZllt
	RFmPzJ8gx8Ci1YSxtzLye9xVpbuTwIBD/3tLtvd5Q28xlqEeD5zkpBrjh8qbbuZE/evSbk
	T5tw7XCdK51QTZBK22XBz+2K7xk+BfI=
Received: by mail-pj1-f43.google.com with SMTP id d8so4130447pjc.3
        for <linux-mm@kvack.org>; Thu, 19 Jan 2023 16:46:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=P1wnVSZdra+euEs7ZvKDTGyvbT6g6viojgbgmEshJwE=;
        b=mrcA3bRAfRsxg962kSM9tEKDUYTUg47gO03Fl0Kq0/nsxlmmWfudI9OPr3V0fBBN0q
         SOzp5bOcdDI4N4u4dxAv+c+bS+x2EUsiZbZAmFpmxaL/enWKLIir3E2hUYb3nH5vK5M+
         226Z4Y5MF/vfMm5VHfAHPVavGegauof4l6Q7A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=P1wnVSZdra+euEs7ZvKDTGyvbT6g6viojgbgmEshJwE=;
        b=ivkdVik1iS5mzTF5hBhSh3Pm2N9v6QxotTzFcY+UvAY/kHnk0kqmiEUn3i4PsZGFsS
         wUqsrxr2jHCx/BfYti48UkRRwvcUzv4gdsarh2/MY7vWBbz7iH/YIHQLNtVjDv7+FY0Y
         dahYQy7ertmTYz7zROKUv89s+U8MKtvrRsmtaP3YwypXd/gOLLlnaX6C8G+Ivr3nFE8V
         w+R8UCPX5UkS8OHA2RRdY5pYB+0fFAS3AkGxbdTH+n1IQAwhU5qNKzZIOgVeZtPWP9Ky
         jQKkOWnHhvrh2zx7qUcDVVc2ewsu518oV2GfmnReGN699i9U1NsXsebKUD0lDJsuVpe5
         zKsw==
X-Gm-Message-State: AFqh2krLi94QowI3lYh3EY+ggGubn7PUxVA4iVvmz0/7QaazlmIpUqOK
	gmctENfc3d3WvQe+Yk25fLauFQ==
X-Google-Smtp-Source: AMrXdXvz4LrAbyOlE6ugjAl0CAgWr/m2tS2CGoI+FfZesn3j5vlMIGe5u5ya9NwlUhOtYRWYqiuS0g==
X-Received: by 2002:a17:902:b60e:b0:192:8b0e:98e1 with SMTP id b14-20020a170902b60e00b001928b0e98e1mr12059970pls.54.1674175586170;
        Thu, 19 Jan 2023 16:46:26 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id w9-20020a1709026f0900b00194b3a7853esm4528706plk.181.2023.01.19.16.46.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Jan 2023 16:46:25 -0800 (PST)
Date: Thu, 19 Jan 2023 16:46:24 -0800
From: Kees Cook <keescook@chromium.org>
To: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org, linux-mm@kvack.org,
	linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H . J . Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>, Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	Weijiang Yang <weijiang.yang@intel.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	John Allen <john.allen@amd.com>, kcc@google.com, eranian@google.com,
	rppt@kernel.org, jamorris@linux.microsoft.com,
	dethoma@microsoft.com, akpm@linux-foundation.org,
	Andrew.Cooper3@citrix.com, christina.schimpe@intel.com,
	Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: Re: [PATCH v5 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow
 stack
Message-ID: <202301191646.E739868F@keescook>
References: <20230119212317.8324-1-rick.p.edgecombe@intel.com>
 <20230119212317.8324-5-rick.p.edgecombe@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230119212317.8324-5-rick.p.edgecombe@intel.com>
X-Rspamd-Queue-Id: 375D72000D
X-Stat-Signature: 8q81dupgdiyxw1c3ompeawm7xx151o93
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1674175586-879446
X-HE-Meta: U2FsdGVkX18OhXXcHX0V101ha1389DDvl8YIbrXp1mZzNz34+JdbbkWQNy0s1ZDAxGAG8kzg4t5pbe7O3eOS1oWLfigwBcGyv39YQuIstg6lFfdJ/S6rpBbx5CvwwWiMcucPFnY+gN/IzOVZojwKGtGq54w5LI+9QsDw8kzbMITMHUKMcQ86WSfXBv3bSvVhOT/uh4e/0YPX7winmJIrAm0l1Kp6/dQq56SkzGUQAw7RfIZsr4hbKxJt6RwKbWojk83ry0PPWlfgmaTwY/k7xnsUP6d6Pt1cWi9Gr9vO4VazvSiUzk7XtVjPsfTDjm9TUComJth6up68mVPqu1SNEY7/uAf5DH63QuCfEFB3aIdu2EExxqO/E3xjIG5f3xXS4QHUt/DsIvC26G0nsQ4FNBsq7yZNJP4rbosd+oMQ0xlJdaalzoE1FM9Cf1zb9tApNxA7Dz7kFbzneOew1QxHLhi7sdbiLIk60poP96X+PUWMLboWtXcTV48WQzq2gQAdlLeEVPZ5QJTUlsmnQ8NHCrhLOyR4L/Oerfehh0qC58jn2B3O68pebXJmUriTZmpI4FXC4cMgQmWQjG9mXnm0HGhKx8NWuSXKC9gNmCCJ+YD7i9m054DOzPERd2i9KiTRZ5GgPHsMzub+Y73HOeznN2fxSqhcPJ7LYDq/bXRf9TUjLbRTiPP8dducuP8c2gyuyb2i5NYMWfHKcTDinaja4aCrFQgT/XlFDWTiH3wZPVyZosWYX7JpM9BwqrY9jjw7CyXU6FZVTiZSge9ddJuZGcH0DLJ7iEjLnTfXSF29/AURero/+x1fa4Awt++DN9y/9k61YJcouuwySpDoETYTP8Lpma+6wtl6juRN/dHv31xsu489p2iOhFKq/ppXPi0r2V3tWsH7fpsP5Vo2HLQVm9Gqd8loetXYqtSpgtGKBQ52HTQafeSuA9v76ct18hI7ftveCKLTuyKtUcXXZKh
 fMsEx0o2
 d733JksyCiiQJdCAr5gI8GOJ/lsrGPGiMv3CH1ZyLgSN50WDE7jApXTD5LTLYcA+ofC9dMYx+/rZ/flXxj3IklF4oDB4204Ni1k2dZIDZN2M1bhkfqCNzWr23smHIaHQQQKvdlkVXS5i3DBGU3IGv50DEpQ7JMjgrK2O2X+fsxOdcRHrWXIpjLsWQgHUfwzFKTJOKJ3G0Sks1MeW2MC1BweDGwXN5IdxSWvTaLYbDo7fS7iZj1blCfv3pnUDyJgS+WQGbJq/Q1Oo9D5c1X3j06mUM2iKZJO3YRgtoTNQwkyzpBjAtEz6FQxEpKGZZZaN3cWrAv/NT2NubjsxXC0byYuZlx8Q4w+YUslv3WoCuLIcmrgqEMTkmlPZq1qP54ANsQS/wgk/dCtPYanFJzCLys76ZEtNgMwgoyEEh+S3KMfU/WpTwPLTHj9DWj7RqqnHUDqYnuG1kUPC4PoAVfHr021+6eMEwg1FtYOV36A0HYVSiwNwM76hcZiSXSNpWLgwgIBPRr0Sa0gTkZtRktv+L+xEISsaJnPigqEoa/ataEM7kqYk=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu, Jan 19, 2023 at 01:22:42PM -0800, Rick Edgecombe wrote:
> From: Yu-cheng Yu <yu-cheng.yu@intel.com>
> 
> Setting CR4.CET is a prerequisite for utilizing any CET features, most of
> which also require setting MSRs.
> 
> Kernel IBT already enables the CET CR4 bit when it detects IBT HW support
> and is configured with kernel IBT. However, future patches that enable
> userspace shadow stack support will need the bit set as well. So change
> the logic to enable it in either case.
> 
> Clear MSR_IA32_U_CET in cet_disable() so that it can't live to see
> userspace in a new kexec-ed kernel that has CR4.CET set from kernel IBT.
> 
> Tested-by: Pengfei Xu <pengfei.xu@intel.com>
> Tested-by: John Allen <john.allen@amd.com>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook