* [GIT PULL] x86/shstk for 6.6-rc1
@ 2023-08-30 23:47 Dave Hansen
2023-08-31 19:40 ` Linus Torvalds
2023-08-31 19:42 ` [GIT PULL] x86/shstk for 6.6-rc1 pr-tracker-bot
0 siblings, 2 replies; 6+ messages in thread
From: Dave Hansen @ 2023-08-30 23:47 UTC (permalink / raw)
To: torvalds; +Cc: x86, linux-kernel, Dave Hansen
Hi Linus,
This is the long awaited x86 shadow stack support. We first sent this
your way for 6.4 in a form that was harder to review.
Since then, the main deltas addressed concerns around pte_mkwrite()
and the Dirty bit shifting logic. These are mostly unchanged from the
v9 version of the patchset in June[0].
There is one last-minute fix in here to clean up a sparse warnings,
but it should not even affect code generation.
There's also a fix in here to silence an objtool warning originating
from the IBT selftest. IBT is functionally quite orthogonal to shadow
stacks except for their shared control protection handler (#CP), which
got moved around by the shadow stack series. Since the fix touches
that handler, it was easiest to just provide it on top of shadow
stacks, so here it is.
[0] https://lore.kernel.org/lkml/CAHk-=whY0ggV9P+3Ch1LcqefnS3=O7FmWkOPoiABD7QJGtwSHg@mail.gmail.com/
--
The following changes since commit 06c2afb862f9da8dc5efa4b6076a0e48c3fbaaa5:
Linux 6.5-rc1 (2023-07-09 13:53:13 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_shstk_for_6.6-rc1
for you to fetch changes up to 1fe428d3692fb10a0e8d85fafe719b154e43ad4e:
x86/shstk: Change order of __user in type (2023-08-30 10:35:53 -0700)
----------------------------------------------------------------
Add x86 shadow stack support
Convert IBT selftest to asm to fix objtool warning
----------------------------------------------------------------
Dave Hansen (1):
x86/kbuild: Fix Documentation/ reference
Josh Poimboeuf (1):
x86/ibt: Convert IBT selftest to asm
Mike Rapoport (1):
x86/shstk: Add ARCH_SHSTK_UNLOCK
Rick Edgecombe (41):
mm: Rename arch pte_mkwrite()'s to pte_mkwrite_novma()
mm: Move pte/pmd_mkwrite() callers with no VMA to _novma()
mm: Make pte_mkwrite() take a VMA
x86/shstk: Add Kconfig option for shadow stack
x86/traps: Move control protection handler to separate file
x86/cpufeatures: Add CPU feature flags for shadow stacks
x86/mm: Move pmd_write(), pud_write() up in the file
x86/mm: Introduce _PAGE_SAVED_DIRTY
x86/mm: Update ptep/pmdp_set_wrprotect() for _PAGE_SAVED_DIRTY
x86/mm: Start actually marking _PAGE_SAVED_DIRTY
x86/mm: Remove _PAGE_DIRTY from kernel RO pages
x86/mm: Check shadow stack page fault errors
mm: Add guard pages around a shadow stack.
mm: Warn on shadow stack memory in wrong vma
x86/mm: Warn if create Write=0,Dirty=1 with raw prot
mm/mmap: Add shadow stack pages to memory accounting
x86/mm: Introduce MAP_ABOVE4G
x86/mm: Teach pte_mkwrite() about stack memory
mm: Don't allow write GUPs to shadow stack memory
Documentation/x86: Add CET shadow stack description
x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states
x86/fpu: Add helper for modifying xstate
x86: Introduce userspace API for shadow stack
x86/shstk: Add user control-protection fault handler
x86/shstk: Add user-mode shadow stack support
x86/shstk: Handle thread shadow stack
x86/shstk: Introduce routines modifying shstk
x86/shstk: Handle signals for shadow stack
x86/shstk: Check that SSP is aligned on sigreturn
x86/shstk: Check that signal frame is shadow stack mem
x86/shstk: Introduce map_shadow_stack syscall
x86/shstk: Support WRSS for userspace
x86: Expose thread features in /proc/$PID/status
x86/shstk: Wire in shadow stack interface
x86/cpufeatures: Enable CET CR4 bit for shadow stack
selftests/x86: Add shadow stack test
x86: Add PTRACE interface for shadow stack
x86/shstk: Add ARCH_SHSTK_STATUS
x86/shstk: Move arch detail comment out of core mm
x86/shstk: Don't retry vm_munmap() on -EINTR
x86/shstk: Change order of __user in type
Yu-cheng Yu (3):
mm: Re-introduce vm_flags to do_mmap()
mm: Move VM_UFFD_MINOR_BIT from 37 to 38
mm: Introduce VM_SHADOW_STACK for shadow stack memory
Documentation/arch/x86/index.rst | 1 +
Documentation/arch/x86/shstk.rst | 179 +++++
Documentation/filesystems/proc.rst | 1 +
Documentation/mm/arch_pgtable_helpers.rst | 12 +-
arch/Kconfig | 8 +
arch/alpha/include/asm/pgtable.h | 2 +-
arch/arc/include/asm/hugepage.h | 2 +-
arch/arc/include/asm/pgtable-bits-arcv2.h | 2 +-
arch/arm/include/asm/pgtable-3level.h | 2 +-
arch/arm/include/asm/pgtable.h | 2 +-
arch/arm/kernel/signal.c | 2 +-
arch/arm64/include/asm/pgtable.h | 4 +-
arch/arm64/kernel/signal.c | 2 +-
arch/arm64/kernel/signal32.c | 2 +-
arch/arm64/mm/trans_pgd.c | 4 +-
arch/csky/include/asm/pgtable.h | 2 +-
arch/hexagon/include/asm/pgtable.h | 2 +-
arch/ia64/include/asm/pgtable.h | 2 +-
arch/loongarch/include/asm/pgtable.h | 4 +-
arch/m68k/include/asm/mcf_pgtable.h | 2 +-
arch/m68k/include/asm/motorola_pgtable.h | 2 +-
arch/m68k/include/asm/sun3_pgtable.h | 2 +-
arch/microblaze/include/asm/pgtable.h | 2 +-
arch/mips/include/asm/pgtable.h | 6 +-
arch/nios2/include/asm/pgtable.h | 2 +-
arch/openrisc/include/asm/pgtable.h | 2 +-
arch/parisc/include/asm/pgtable.h | 2 +-
arch/powerpc/include/asm/book3s/32/pgtable.h | 2 +-
arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +-
arch/powerpc/include/asm/nohash/32/pgtable.h | 4 +-
arch/powerpc/include/asm/nohash/32/pte-8xx.h | 4 +-
arch/powerpc/include/asm/nohash/64/pgtable.h | 2 +-
arch/riscv/include/asm/pgtable.h | 6 +-
arch/s390/Kconfig | 1 +
arch/s390/include/asm/hugetlb.h | 2 +-
arch/s390/include/asm/pgtable.h | 4 +-
arch/s390/mm/pageattr.c | 4 +-
arch/sh/include/asm/pgtable_32.h | 4 +-
arch/sparc/include/asm/pgtable_32.h | 2 +-
arch/sparc/include/asm/pgtable_64.h | 6 +-
arch/sparc/kernel/signal32.c | 2 +-
arch/sparc/kernel/signal_64.c | 2 +-
arch/um/include/asm/pgtable.h | 2 +-
arch/x86/Kconfig | 24 +
arch/x86/Kconfig.assembler | 5 +
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/disabled-features.h | 16 +-
arch/x86/include/asm/fpu/api.h | 9 +
arch/x86/include/asm/fpu/regset.h | 7 +-
arch/x86/include/asm/fpu/sched.h | 3 +-
arch/x86/include/asm/fpu/types.h | 16 +-
arch/x86/include/asm/fpu/xstate.h | 6 +-
arch/x86/include/asm/idtentry.h | 2 +-
arch/x86/include/asm/mmu_context.h | 2 +
arch/x86/include/asm/pgtable.h | 302 +++++++-
arch/x86/include/asm/pgtable_types.h | 42 +-
arch/x86/include/asm/processor.h | 8 +
arch/x86/include/asm/shstk.h | 38 +
arch/x86/include/asm/special_insns.h | 13 +
arch/x86/include/asm/tlbflush.h | 3 +-
arch/x86/include/asm/trap_pf.h | 2 +
arch/x86/include/asm/traps.h | 15 +-
arch/x86/include/uapi/asm/mman.h | 4 +
arch/x86/include/uapi/asm/prctl.h | 12 +
arch/x86/kernel/Makefile | 5 +
arch/x86/kernel/cet.c | 131 ++++
arch/x86/kernel/cpu/common.c | 35 +-
arch/x86/kernel/cpu/cpuid-deps.c | 1 +
arch/x86/kernel/cpu/proc.c | 23 +
arch/x86/kernel/fpu/core.c | 54 +-
arch/x86/kernel/fpu/regset.c | 81 +++
arch/x86/kernel/fpu/xstate.c | 90 ++-
arch/x86/kernel/ibt_selftest.S | 17 +
arch/x86/kernel/idt.c | 2 +-
arch/x86/kernel/process.c | 21 +-
arch/x86/kernel/process_64.c | 8 +
arch/x86/kernel/ptrace.c | 12 +
arch/x86/kernel/shstk.c | 550 +++++++++++++++
arch/x86/kernel/signal.c | 1 +
arch/x86/kernel/signal_32.c | 2 +-
arch/x86/kernel/signal_64.c | 8 +-
arch/x86/kernel/sys_x86_64.c | 6 +-
arch/x86/kernel/traps.c | 87 ---
arch/x86/mm/fault.c | 22 +
arch/x86/mm/pat/set_memory.c | 4 +-
arch/x86/mm/pgtable.c | 40 ++
arch/x86/xen/enlighten_pv.c | 2 +-
arch/x86/xen/mmu_pv.c | 2 +-
arch/x86/xen/xen-asm.S | 2 +-
arch/xtensa/include/asm/pgtable.h | 2 +-
fs/aio.c | 2 +-
fs/proc/array.c | 6 +
fs/proc/task_mmu.c | 3 +
include/asm-generic/hugetlb.h | 2 +-
include/linux/mm.h | 47 +-
include/linux/mman.h | 4 +
include/linux/pgtable.h | 28 +
include/linux/proc_fs.h | 1 +
include/linux/syscalls.h | 1 +
include/uapi/asm-generic/siginfo.h | 3 +-
include/uapi/linux/elf.h | 2 +
ipc/shm.c | 2 +-
kernel/sys_ni.c | 1 +
mm/debug_vm_pgtable.c | 12 +-
mm/gup.c | 2 +-
mm/huge_memory.c | 11 +-
mm/internal.h | 4 +-
mm/memory.c | 5 +-
mm/migrate.c | 2 +-
mm/migrate_device.c | 2 +-
mm/mmap.c | 14 +-
mm/mprotect.c | 2 +-
mm/nommu.c | 4 +-
mm/userfaultfd.c | 2 +-
mm/util.c | 2 +-
tools/testing/selftests/x86/Makefile | 2 +-
tools/testing/selftests/x86/test_shadow_stack.c | 884 ++++++++++++++++++++++++
118 files changed, 2789 insertions(+), 307 deletions(-)
create mode 100644 Documentation/arch/x86/shstk.rst
create mode 100644 arch/x86/include/asm/shstk.h
create mode 100644 arch/x86/kernel/cet.c
create mode 100644 arch/x86/kernel/ibt_selftest.S
create mode 100644 arch/x86/kernel/shstk.c
create mode 100644 tools/testing/selftests/x86/test_shadow_stack.c
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [GIT PULL] x86/shstk for 6.6-rc1
2023-08-30 23:47 [GIT PULL] x86/shstk for 6.6-rc1 Dave Hansen
@ 2023-08-31 19:40 ` Linus Torvalds
2023-08-31 21:27 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Ingo Molnar
2023-08-31 19:42 ` [GIT PULL] x86/shstk for 6.6-rc1 pr-tracker-bot
1 sibling, 1 reply; 6+ messages in thread
From: Linus Torvalds @ 2023-08-31 19:40 UTC (permalink / raw)
To: Dave Hansen; +Cc: x86, linux-kernel
On Wed, 30 Aug 2023 at 16:48, Dave Hansen <dave.hansen@linux.intel.com> wrote:
>
> Add x86 shadow stack support
I assume you are aware of the system call renumbering from linux-next,
but I thought I'd mention it anyway. 452 was taken by fchmodat2, so
your new map_shadow_stack() system call is merged as 453.
I do also note that it looks like the merge resolution of the
_COMMON_PAGE_CHG_MASK bits in linux-next is wrong, and lost the
_PAGE_DIRTY_BITS part in Ingo's -tip merge 783560d95e0e ("Merge branch
'x86/mm' into x86/merge, to ease integration testing").
Anyway, please do double-check my merge for correctness, and test it
on some machine that hopefully supports this and has the
infrastructure set up for it.
Linus
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1]
2023-08-31 19:40 ` Linus Torvalds
@ 2023-08-31 21:27 ` Ingo Molnar
2023-08-31 21:36 ` [tip: x86/merge] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes tip-bot2 for Ingo Molnar
2023-08-31 21:50 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Linus Torvalds
0 siblings, 2 replies; 6+ messages in thread
From: Ingo Molnar @ 2023-08-31 21:27 UTC (permalink / raw)
To: Linus Torvalds; +Cc: Dave Hansen, x86, linux-kernel
* Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Wed, 30 Aug 2023 at 16:48, Dave Hansen <dave.hansen@linux.intel.com> wrote:
> >
> > Add x86 shadow stack support
>
> I assume you are aware of the system call renumbering from linux-next,
> but I thought I'd mention it anyway. 452 was taken by fchmodat2, so
> your new map_shadow_stack() system call is merged as 453.
>
> I do also note that it looks like the merge resolution of the
> _COMMON_PAGE_CHG_MASK bits in linux-next is wrong, and lost the
> _PAGE_DIRTY_BITS part in Ingo's -tip merge 783560d95e0e ("Merge branch
> 'x86/mm' into x86/merge, to ease integration testing").
>
> Anyway, please do double-check my merge for correctness, and test it
> on some machine that hopefully supports this and has the
> infrastructure set up for it.
I believe there's one semantic conflict you missed, which breaks the powerpc64
build: recent changes to arch/powerpc/include/asm/book3s/64/pgtable.h created
a new semantic conflict due to the changes to the pte_mkwrite() API:
161e393c0f63 ("mm: Make pte_mkwrite() take a VMA")
... resolved with the fix below.
Only build tested though.
The crossing upstream commit was:
27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage")
Thanks,
Ingo
Signed-off-by: Ingo Molnar <mingo@kernel.org>
arch/powerpc/include/asm/book3s/64/pgtable.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h
index 136232a89739..5c497c862d75 100644
--- a/arch/powerpc/include/asm/book3s/64/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/64/pgtable.h
@@ -931,7 +931,7 @@ static inline pte_t *pudp_ptep(pud_t *pud)
#define pud_mkdirty(pud) pte_pud(pte_mkdirty(pud_pte(pud)))
#define pud_mkclean(pud) pte_pud(pte_mkclean(pud_pte(pud)))
#define pud_mkyoung(pud) pte_pud(pte_mkyoung(pud_pte(pud)))
-#define pud_mkwrite(pud) pte_pud(pte_mkwrite(pud_pte(pud)))
+#define pud_mkwrite(pud) pte_pud(pte_mkwrite_novma(pud_pte(pud)))
#define pud_write(pud) pte_write(pud_pte(pud))
#ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY
^ permalink raw reply related [flat|nested] 6+ messages in thread* [tip: x86/merge] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes
2023-08-31 21:27 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Ingo Molnar
@ 2023-08-31 21:36 ` tip-bot2 for Ingo Molnar
2023-08-31 21:50 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Linus Torvalds
1 sibling, 0 replies; 6+ messages in thread
From: tip-bot2 for Ingo Molnar @ 2023-08-31 21:36 UTC (permalink / raw)
To: linux-tip-commits; +Cc: Ingo Molnar, x86, linux-kernel
The following commit has been merged into the x86/merge branch of tip:
Commit-ID: cc852156ee7cbd4c83dfd64e9b800f7932f867d0
Gitweb: https://git.kernel.org/tip/cc852156ee7cbd4c83dfd64e9b800f7932f867d0
Author: Ingo Molnar <mingo@kernel.org>
AuthorDate: Thu, 31 Aug 2023 23:27:31 +02:00
Committer: Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 31 Aug 2023 23:32:39 +02:00
powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes
I believe there's one semantic conflict we missed, which breaks the powerpc64
build: recent changes to arch/powerpc/include/asm/book3s/64/pgtable.h created
a new semantic conflict due to the changes to the pte_mkwrite() API:
161e393c0f63 ("mm: Make pte_mkwrite() take a VMA")
... resolved with the fix below.
Only build tested though.
The crossing upstream commit was:
27af67f35631 ("powerpc/book3s64/mm: enable transparent pud hugepage")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/ZPEFw1XGrI69ZbJ6@gmail.com
--
arch/powerpc/include/asm/book3s/64/pgtable.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
arch/powerpc/include/asm/book3s/64/pgtable.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h
index 136232a..5c497c8 100644
--- a/arch/powerpc/include/asm/book3s/64/pgtable.h
+++ b/arch/powerpc/include/asm/book3s/64/pgtable.h
@@ -931,7 +931,7 @@ static inline pte_t *pudp_ptep(pud_t *pud)
#define pud_mkdirty(pud) pte_pud(pte_mkdirty(pud_pte(pud)))
#define pud_mkclean(pud) pte_pud(pte_mkclean(pud_pte(pud)))
#define pud_mkyoung(pud) pte_pud(pte_mkyoung(pud_pte(pud)))
-#define pud_mkwrite(pud) pte_pud(pte_mkwrite(pud_pte(pud)))
+#define pud_mkwrite(pud) pte_pud(pte_mkwrite_novma(pud_pte(pud)))
#define pud_write(pud) pte_write(pud_pte(pud))
#ifdef CONFIG_HAVE_ARCH_SOFT_DIRTY
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1]
2023-08-31 21:27 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Ingo Molnar
2023-08-31 21:36 ` [tip: x86/merge] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes tip-bot2 for Ingo Molnar
@ 2023-08-31 21:50 ` Linus Torvalds
1 sibling, 0 replies; 6+ messages in thread
From: Linus Torvalds @ 2023-08-31 21:50 UTC (permalink / raw)
To: Ingo Molnar; +Cc: Dave Hansen, x86, linux-kernel
On Thu, 31 Aug 2023 at 14:27, Ingo Molnar <mingo@kernel.org> wrote:
>
> I believe there's one semantic conflict you missed, which breaks the powerpc64
> build: recent changes to arch/powerpc/include/asm/book3s/64/pgtable.h created
> a new semantic conflict due to the changes to the pte_mkwrite() API:
Ack. Patch applied (with mightily changed commit message).
Linus
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [GIT PULL] x86/shstk for 6.6-rc1
2023-08-30 23:47 [GIT PULL] x86/shstk for 6.6-rc1 Dave Hansen
2023-08-31 19:40 ` Linus Torvalds
@ 2023-08-31 19:42 ` pr-tracker-bot
1 sibling, 0 replies; 6+ messages in thread
From: pr-tracker-bot @ 2023-08-31 19:42 UTC (permalink / raw)
To: Dave Hansen; +Cc: torvalds, x86, linux-kernel, Dave Hansen
The pull request you sent on Wed, 30 Aug 2023 16:47:52 -0700:
> https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_shstk_for_6.6-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/df57721f9a63e8a1fb9b9b2e70de4aa4c7e0cd2e
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-31 21:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-30 23:47 [GIT PULL] x86/shstk for 6.6-rc1 Dave Hansen
2023-08-31 19:40 ` Linus Torvalds
2023-08-31 21:27 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Ingo Molnar
2023-08-31 21:36 ` [tip: x86/merge] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes tip-bot2 for Ingo Molnar
2023-08-31 21:50 ` [PATCH] powerpc: Fix pud_mkwrite() definition after pte_mkwrite() API changes [was: Re: [GIT PULL] x86/shstk for 6.6-rc1] Linus Torvalds
2023-08-31 19:42 ` [GIT PULL] x86/shstk for 6.6-rc1 pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).