From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Andy Lutomirski <luto@kernel.org>,
Balbir Singh <bsingharora@gmail.com>,
Borislav Petkov <bp@alien8.de>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Eugene Syromiatnikov <esyr@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
Peter Zijlstra <peterz@infradead.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Dave Martin <Dave.Martin@arm.com>,
Weijiang Yang <weijiang.yang@intel.com>,
Pengfei Xu <pengfei.xu@intel.com>,
Haitao Huang <haitao.huang@intel.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [PATCH v30 29/32] x86/cet/shstk: Add arch_prctl functions for shadow stack
Date: Mon, 30 Aug 2021 11:15:25 -0700 [thread overview]
Message-ID: <20210830181528.1569-30-yu-cheng.yu@intel.com> (raw)
In-Reply-To: <20210830181528.1569-1-yu-cheng.yu@intel.com>
arch_prctl(ARCH_X86_CET_STATUS, u64 *args)
Get CET feature status.
The parameter 'args' is a pointer to a user buffer. The kernel returns
the following information:
*args = shadow stack/IBT status
*(args + 1) = shadow stack base address
*(args + 2) = shadow stack size
32-bit binaries use the same interface, but only lower 32-bits of each
item.
arch_prctl(ARCH_X86_CET_DISABLE, unsigned int features)
Disable CET features specified in 'features'. Return -EPERM if CET is
locked.
arch_prctl(ARCH_X86_CET_LOCK)
Lock in CET features.
Also change do_arch_prctl_common()'s parameter 'cpuid_enabled' to
'arg2', as it is now also passed to prctl_cet().
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
arch/x86/include/asm/cet.h | 7 ++++
arch/x86/include/uapi/asm/prctl.h | 4 +++
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/cet_prctl.c | 60 +++++++++++++++++++++++++++++++
arch/x86/kernel/process.c | 6 ++--
5 files changed, 75 insertions(+), 3 deletions(-)
create mode 100644 arch/x86/kernel/cet_prctl.c
diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h
index 90e84a45b80d..fb32cb093ebb 100644
--- a/arch/x86/include/asm/cet.h
+++ b/arch/x86/include/asm/cet.h
@@ -10,6 +10,7 @@ struct task_struct;
struct thread_shstk {
u64 base;
u64 size;
+ u64 locked:1;
};
#ifdef CONFIG_X86_SHADOW_STACK
@@ -38,6 +39,12 @@ static inline int setup_signal_shadow_stack(int proc32, void __user *restorer) {
static inline int restore_signal_shadow_stack(void) { return 0; }
#endif
+#ifdef CONFIG_X86_SHADOW_STACK
+int prctl_cet(int option, u64 arg2);
+#else
+static inline int prctl_cet(int option, u64 arg2) { return -EINVAL; }
+#endif
+
#endif /* __ASSEMBLY__ */
#endif /* _ASM_X86_CET_H */
diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h
index 5a6aac9fa41f..9245bf629120 100644
--- a/arch/x86/include/uapi/asm/prctl.h
+++ b/arch/x86/include/uapi/asm/prctl.h
@@ -14,4 +14,8 @@
#define ARCH_MAP_VDSO_32 0x2002
#define ARCH_MAP_VDSO_64 0x2003
+#define ARCH_X86_CET_STATUS 0x3001
+#define ARCH_X86_CET_DISABLE 0x3002
+#define ARCH_X86_CET_LOCK 0x3003
+
#endif /* _ASM_X86_PRCTL_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 9e064845e497..39e826b5cabd 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -151,6 +151,7 @@ obj-$(CONFIG_UNWINDER_GUESS) += unwind_guess.o
obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o
obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o
+obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o cet_prctl.o
###
# 64 bit specific files
ifeq ($(CONFIG_X86_64),y)
diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c
new file mode 100644
index 000000000000..b426d200e070
--- /dev/null
+++ b/arch/x86/kernel/cet_prctl.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/errno.h>
+#include <linux/uaccess.h>
+#include <linux/prctl.h>
+#include <linux/compat.h>
+#include <linux/mman.h>
+#include <linux/elfcore.h>
+#include <linux/processor.h>
+#include <asm/prctl.h>
+#include <asm/cet.h>
+
+/* See Documentation/x86/intel_cet.rst. */
+
+static int cet_copy_status_to_user(struct thread_shstk *shstk, u64 __user *ubuf)
+{
+ u64 buf[3] = {};
+
+ if (shstk->size) {
+ buf[0] |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
+ buf[1] = shstk->base;
+ buf[2] = shstk->size;
+ }
+
+ return copy_to_user(ubuf, buf, sizeof(buf));
+}
+
+int prctl_cet(int option, u64 arg2)
+{
+ struct thread_shstk *shstk;
+
+ if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
+ return -ENOTSUPP;
+
+ shstk = ¤t->thread.shstk;
+
+ if (option == ARCH_X86_CET_STATUS)
+ return cet_copy_status_to_user(shstk, (u64 __user *)arg2);
+
+ switch (option) {
+ case ARCH_X86_CET_DISABLE:
+ if (shstk->locked)
+ return -EPERM;
+
+ if (arg2 & ~GNU_PROPERTY_X86_FEATURE_1_VALID)
+ return -EINVAL;
+ if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)
+ shstk_disable();
+ return 0;
+
+ case ARCH_X86_CET_LOCK:
+ if (arg2)
+ return -EINVAL;
+ shstk->locked = 1;
+ return 0;
+
+ default:
+ return -ENOSYS;
+ }
+}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index bade6a594d63..7d8ccebdcab1 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -1006,14 +1006,14 @@ unsigned long get_wchan(struct task_struct *p)
}
long do_arch_prctl_common(struct task_struct *task, int option,
- unsigned long cpuid_enabled)
+ unsigned long arg2)
{
switch (option) {
case ARCH_GET_CPUID:
return get_cpuid_mode();
case ARCH_SET_CPUID:
- return set_cpuid_mode(task, cpuid_enabled);
+ return set_cpuid_mode(task, arg2);
}
- return -EINVAL;
+ return prctl_cet(option, arg2);
}
--
2.21.0
next prev parent reply other threads:[~2021-08-30 18:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 18:14 [PATCH v30 00/32] Control-flow Enforcement: Shadow Stack Yu-cheng Yu
2021-08-30 18:14 ` [PATCH v30 01/32] Documentation/x86: Add CET description Yu-cheng Yu
2021-10-05 14:26 ` Dave Hansen
2021-08-30 18:14 ` [PATCH v30 02/32] x86/cet/shstk: Add Kconfig option for Shadow Stack Yu-cheng Yu
2021-08-30 18:14 ` [PATCH v30 03/32] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET) Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 04/32] x86/cpufeatures: Introduce CPU setup and option parsing for CET Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 05/32] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 06/32] x86/cet: Add control-protection fault handler Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 07/32] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 08/32] x86/mm: Move pmd_write(), pud_write() up in the file Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 09/32] x86/mm: Introduce _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 10/32] drm/i915/gvt: Change _PAGE_DIRTY to _PAGE_DIRTY_BITS Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 11/32] x86/mm: Update pte_modify for _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 12/32] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 13/32] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 14/32] mm: Introduce VM_SHADOW_STACK for shadow stack memory Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 15/32] x86/mm: Check Shadow Stack page fault errors Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 16/32] x86/mm: Update maybe_mkwrite() for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 17/32] mm: Fixup places that call pte_mkwrite() directly Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 18/32] mm: Add guard pages around a shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 19/32] mm/mmap: Add shadow stack pages to memory accounting Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 20/32] mm: Update can_follow_write_pte() for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 21/32] mm/mprotect: Exclude shadow stack from preserve_write Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 22/32] mm: Re-introduce vm_flags to do_mmap() Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 23/32] x86/cet/shstk: Add user-mode shadow stack support Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 24/32] x86/process: Change copy_thread() argument 'arg' to 'stack_size' Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 25/32] x86/cet/shstk: Handle thread shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 26/32] x86/cet/shstk: Introduce shadow stack token setup/verify routines Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 27/32] x86/cet/shstk: Handle signals for shadow stack Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 28/32] ELF: Introduce arch_setup_elf_property() Yu-cheng Yu
2021-08-30 18:15 ` Yu-cheng Yu [this message]
2021-08-30 18:15 ` [PATCH v30 30/32] mm: Move arch_calc_vm_prot_bits() to arch/x86/include/asm/mman.h Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 31/32] mm: Update arch_validate_flags() to test vma anonymous Yu-cheng Yu
2021-08-30 18:15 ` [PATCH v30 32/32] mm: Introduce PROT_SHADOW_STACK for shadow stack Yu-cheng Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210830181528.1569-30-yu-cheng.yu@intel.com \
--to=yu-cheng.yu@intel.com \
--cc=Dave.Martin@arm.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=gorcunov@gmail.com \
--cc=haitao.huang@intel.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=oleg@redhat.com \
--cc=pavel@ucw.cz \
--cc=pengfei.xu@intel.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.