From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35D57C54EED for ; Sun, 22 Jan 2023 08:20:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 508A66B0072; Sun, 22 Jan 2023 03:20:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4B8AD6B0073; Sun, 22 Jan 2023 03:20:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3598F6B0074; Sun, 22 Jan 2023 03:20:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 242306B0072 for ; Sun, 22 Jan 2023 03:20:46 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id E5242160373 for ; Sun, 22 Jan 2023 08:20:45 +0000 (UTC) X-FDA: 80381738850.29.ED88239 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf06.hostedemail.com (Postfix) with ESMTP id 1857C18000C for ; Sun, 22 Jan 2023 08:20:43 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z6hKozL6; spf=pass (imf06.hostedemail.com: domain of rppt@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674375644; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yOK1SBDQgmMzobFgC+JR0SdX/Mw+dO81jke9kG4zh9E=; b=WA74tf8X5KtOXzhT1BdILxBPXKZMT2SAYbJyVZkI58jy2B6MsNBQ6IDCr81BFr7EUCzsEP faewZzL/zu1SKXS8BcY/pDp006Be1I8b7ONr1K0t0cxjSWppr5oEb3tyFB7R3KdwQtB5ZH OVqHHj7iNaph99M7+2sf1gBBMCg+zdI= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Z6hKozL6; spf=pass (imf06.hostedemail.com: domain of rppt@kernel.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=rppt@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674375644; a=rsa-sha256; cv=none; b=ZrnwyEtWU4+YBttZCjhxbeOFThhC3Pzj3s4oRGXcSk7uprUGs0lVNwaTsR/YUAmUBNXJ1y ExPifJyLZx4X6BtIYTWMbfvL20NPH99Hlm6ARnU/HEMcAzFxGBI+w0z2R62wK2t/SvkBqH 3OVSWB0FJBhxKDQnHVC7FmKAI+GnkmI= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 6A88EB80921; Sun, 22 Jan 2023 08:20:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8002C433EF; Sun, 22 Jan 2023 08:20:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674375640; bh=m4H80+TIF4duNDh4EgU1la2WrEseSp4CLGoM7x1IKUA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Z6hKozL6nvfWd0+VUczs21N/LNXiWPDq6tbHswzRA5Hit6J98G/dY0zntw2Eorog1 7UE1/8hIlXjS8dv+1Haa8dr5cNAcOk40AvTWrmu2AbOFnovnURb+B7BzNyIzkRcj5P 3Swd61dO2A4XfRzZVpA/BbxwjjzpaB2CzlsbAObbzf7o1kcGtYFSdFbn+jmBFj2Xdl 6go9Z1GXo967Er7lud3k8tmYs/sB+g9VnlQyHwhZErWJLZsL9Zhghct26OASG6AcOg PWayv+kxIMbsVQ9xiwcxJl5bRM0QCKMxGJtjOMSorl6dVutRWIdCpnat/TNRKtK5hN r6NWCdllHUktg== Date: Sun, 22 Jan 2023 10:20:27 +0200 From: Mike Rapoport To: Rick Edgecombe Cc: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Subject: Re: [PATCH v5 00/39] Shadow stacks for userspace Message-ID: References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230119212317.8324-1-rick.p.edgecombe@intel.com> X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 1857C18000C X-Stat-Signature: 6xq8ebd8cqkhhjyptjagfr9e7eg1gh3p X-HE-Tag: 1674375643-836951 X-HE-Meta: U2FsdGVkX18+L0JduKM1oFdyxTB4dpAGXWq7e2kmT+C7Zol+S7xPTfRtEprFhAo2L9oyHcHxqb2oO8V4/8Uw+F7e++j6wR9/vjbPmHgF8cukCbrey1nlVupAH27vD95D0cr5jIN0szGDfTjir5+OWSY1F5osOIaf3FrB2lBKHx1Vu5kHPiGbGy8GpYI5lElkj2+jRxt0lS7S6Lb/Qy20GzJCQvpuFSVjp9131TS1bc/0T045QV/kMpXNDuzOnanvO7YwT2+SdEF9LAtF6FYLEI0sNRsUeths3rh+4QgF9CCiGa4vmcGEtlpdPRS6D1wn+r2vkD4LCAU0YNgsOW+FMUvgFzuKQyKv31/31am22CC6dd8KwKm6CiuPMB+hH6EPeVcicw3+pkPVnurN2mYyfXo9Tp3R5oQ9P5VrQ6IijqFl5dofwrLAGx8nir87AHulDMbUDJLFAmO7gG2lrEQQE2wN5iVgEgZilfi+KQA+v1i3XrGgVeo+CyzhMKH5SBzVXPdW2rxd9n761kngkiwj6tCZvg5vzxE21flH3nbYiMfAJS3JE8Pe/+PH2Zz1aDmeDITyoFnXZ9fQCF3DIyUt33AnwQlSgh2lNbovItYsH+lwNxBSVzcNiEtDopSCV9jznKKQ8XhCOPmvM/fjqBWgxHc1IQA/EoasR4jsVnCUKK7OeBASwD8Z55gCDgCZWffecEU9MbUyP+Cf/k/afdWJgc020LTPwfzj37U9nExst0BkLbBunO8tuPZ0yFACAKRWyREvTN0P1eh+dY0z30bIfW1KPIr4AmO97V/210pzrVzDNL6GLGQ5Lmpmz4mQuL3izgGmSC4WzZSOONke8TCWmoHwoYMQntuA2JKneEesXnkLl2o30+2/PNcKNapwVe7jtqTumD1LKzO8tm6Yp1jUELSvPKYs/2kazkHUWeTOSlGnViXEuqnt8WNOxhAtblrEVqjxFFMyy6wK9ZVu8ey Abs9QrlN YHcA/6tv+l9nEVPyVfIaRtbzAVRnOX5Gi8EMdSZ2kvIorfrLGAi94DTZ3L+oeCIeVN6vFkXnQVbe6b52kIqg86HIjvPdLrIrYcFft+WL8VtAM7VN4cCci3Cc14Oer72o9Ar0tvqicyRRcxCLmJHx6SQvceW3y5GYDtJVY8XUwj3yNNCOrf6I2tDF8G5EzBahyfARttVSQJajhsxgn4HIRSzHKhy2p219UYYsodRk+1b1NKJH/c4Q/R9T9brM/SdFMfuU0NcrlP0/o69dWiyPsqW2Jgfy0iyWXHtSOARbox1lAzyy1dzAarcc23eG2OolrbANNLserJowzQOUgILCz1N+da7SYeWw2EFsQiRSXrr4C6zd9R7Siw5BIX1DD6ViWrGcThnhG26KRlssYBy0LnXNbTK7DvGci666lhu3Q3u7u7mR6vj/UbSfq7fCM92gJWjqsMjUFVWSb4oc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jan 19, 2023 at 01:22:38PM -0800, Rick Edgecombe wrote: > Hi, > > This series implements Shadow Stacks for userspace using x86's Control-flow > Enforcement Technology (CET). CET consists of two related security features: > shadow stacks and indirect branch tracking. This series implements just the > shadow stack part of this feature, and just for userspace. Acked-by: Mike Rapoport (IBM) > Previous version [1]. > > [0] https://lore.kernel.org/lkml/20220130211838.8382-1-rick.p.edgecombe@intel.com/ > [1] https://lore.kernel.org/lkml/20221203003606.6838-1-rick.p.edgecombe@intel.com/ > > Kirill A. Shutemov (1): > x86: Introduce userspace API for shadow stack > > Mike Rapoport (1): > x86/shstk: Add ARCH_SHSTK_UNLOCK > > Rick Edgecombe (14): > x86/fpu: Add helper for modifying xstate > x86/mm: Introduce _PAGE_COW > x86/mm: Start actually marking _PAGE_COW > mm: Handle faultless write upgrades for shstk > mm: Don't allow write GUPs to shadow stack memory > x86/mm: Introduce MAP_ABOVE4G > mm: Warn on shadow stack memory in wrong vma > x86/shstk: Introduce map_shadow_stack syscall > x86/shstk: Support WRSS for userspace > x86: Expose thread features in /proc/$PID/status > x86/shstk: Wire in shadow stack interface > selftests/x86: Add shadow stack test > x86/fpu: Add helper for initing features > x86/shstk: Add ARCH_SHSTK_STATUS > > Yu-cheng Yu (23): > Documentation/x86: Add CET shadow stack description > x86/shstk: Add Kconfig option for shadow stack > x86/cpufeatures: Add CPU feature flags for shadow stacks > x86/cpufeatures: Enable CET CR4 bit for shadow stack > x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states > x86: Add user control-protection fault handler > x86/mm: Remove _PAGE_DIRTY from kernel RO pages > x86/mm: Move pmd_write(), pud_write() up in the file > x86/mm: Update pte_modify for _PAGE_COW > x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for > transition from _PAGE_DIRTY to _PAGE_COW > mm: Move VM_UFFD_MINOR_BIT from 37 to 38 > mm: Introduce VM_SHADOW_STACK for shadow stack memory > x86/mm: Check shadow stack page fault errors > x86/mm: Update maybe_mkwrite() for shadow stack > mm: Fixup places that call pte_mkwrite() directly > mm: Add guard pages around a shadow stack. > mm/mmap: Add shadow stack pages to memory accounting > mm: Re-introduce vm_flags to do_mmap() > x86/shstk: Add user-mode shadow stack support > x86/shstk: Handle thread shadow stack > x86/shstk: Introduce routines modifying shstk > x86/shstk: Handle signals for shadow stack > x86: Add PTRACE interface for shadow stack > > Documentation/filesystems/proc.rst | 1 + > Documentation/x86/index.rst | 1 + > Documentation/x86/shstk.rst | 176 +++++ > arch/arm/kernel/signal.c | 2 +- > arch/arm64/kernel/signal.c | 2 +- > arch/arm64/kernel/signal32.c | 2 +- > arch/sparc/kernel/signal32.c | 2 +- > arch/sparc/kernel/signal_64.c | 2 +- > arch/x86/Kconfig | 24 + > arch/x86/Kconfig.assembler | 5 + > arch/x86/entry/syscalls/syscall_64.tbl | 1 + > arch/x86/include/asm/cpufeatures.h | 2 + > arch/x86/include/asm/disabled-features.h | 16 +- > arch/x86/include/asm/fpu/api.h | 9 + > arch/x86/include/asm/fpu/regset.h | 7 +- > arch/x86/include/asm/fpu/sched.h | 3 +- > arch/x86/include/asm/fpu/types.h | 16 +- > arch/x86/include/asm/fpu/xstate.h | 6 +- > arch/x86/include/asm/idtentry.h | 2 +- > arch/x86/include/asm/mmu_context.h | 2 + > arch/x86/include/asm/msr.h | 11 + > arch/x86/include/asm/pgtable.h | 338 ++++++++- > arch/x86/include/asm/pgtable_types.h | 65 +- > arch/x86/include/asm/processor.h | 8 + > arch/x86/include/asm/shstk.h | 40 ++ > arch/x86/include/asm/special_insns.h | 13 + > arch/x86/include/asm/tlbflush.h | 3 +- > arch/x86/include/asm/trap_pf.h | 2 + > arch/x86/include/asm/traps.h | 12 + > arch/x86/include/uapi/asm/mman.h | 4 + > arch/x86/include/uapi/asm/prctl.h | 12 + > arch/x86/kernel/Makefile | 4 + > arch/x86/kernel/cet.c | 152 ++++ > arch/x86/kernel/cpu/common.c | 35 +- > arch/x86/kernel/cpu/cpuid-deps.c | 1 + > arch/x86/kernel/cpu/proc.c | 23 + > arch/x86/kernel/fpu/core.c | 59 +- > arch/x86/kernel/fpu/regset.c | 87 +++ > arch/x86/kernel/fpu/xstate.c | 148 ++-- > arch/x86/kernel/fpu/xstate.h | 6 + > arch/x86/kernel/idt.c | 2 +- > arch/x86/kernel/process.c | 18 +- > arch/x86/kernel/process_64.c | 9 +- > arch/x86/kernel/ptrace.c | 12 + > arch/x86/kernel/shstk.c | 492 +++++++++++++ > arch/x86/kernel/signal.c | 1 + > arch/x86/kernel/signal_32.c | 2 +- > arch/x86/kernel/signal_64.c | 8 +- > arch/x86/kernel/sys_x86_64.c | 6 +- > arch/x86/kernel/traps.c | 87 --- > arch/x86/mm/fault.c | 38 + > arch/x86/mm/pat/set_memory.c | 2 +- > arch/x86/mm/pgtable.c | 6 + > arch/x86/xen/enlighten_pv.c | 2 +- > arch/x86/xen/xen-asm.S | 2 +- > fs/aio.c | 2 +- > fs/proc/array.c | 6 + > fs/proc/task_mmu.c | 3 + > include/linux/mm.h | 59 +- > include/linux/mman.h | 4 + > include/linux/pgtable.h | 35 + > include/linux/proc_fs.h | 2 + > include/linux/syscalls.h | 1 + > include/uapi/asm-generic/siginfo.h | 3 +- > include/uapi/asm-generic/unistd.h | 2 +- > include/uapi/linux/elf.h | 2 + > ipc/shm.c | 2 +- > kernel/sys_ni.c | 1 + > mm/gup.c | 2 +- > mm/huge_memory.c | 12 +- > mm/memory.c | 7 +- > mm/migrate_device.c | 4 +- > mm/mmap.c | 12 +- > mm/nommu.c | 4 +- > mm/userfaultfd.c | 10 +- > mm/util.c | 2 +- > tools/testing/selftests/x86/Makefile | 4 +- > .../testing/selftests/x86/test_shadow_stack.c | 667 ++++++++++++++++++ > 78 files changed, 2578 insertions(+), 259 deletions(-) > create mode 100644 Documentation/x86/shstk.rst > create mode 100644 arch/x86/include/asm/shstk.h > create mode 100644 arch/x86/kernel/cet.c > create mode 100644 arch/x86/kernel/shstk.c > create mode 100644 tools/testing/selftests/x86/test_shadow_stack.c > > -- > 2.17.1 >