From patchwork Thu Aug 30 14:38:59 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 10581871
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 71472174A
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 30 Aug 2018 14:45:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 616972B560
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 30 Aug 2018 14:45:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 548332BC83; Thu, 30 Aug 2018 14:45:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D97672B560
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 30 Aug 2018 14:45:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 592EA6B522B; Thu, 30 Aug 2018 10:43:50 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id EBB7E6B5231; Thu, 30 Aug 2018 10:43:49 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7CD616B522F; Thu, 30 Aug 2018 10:43:49 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com
 [209.85.214.197])
	by kanga.kvack.org (Postfix) with ESMTP id 5A7726B522A
	for <linux-mm@kvack.org>; Thu, 30 Aug 2018 10:43:48 -0400 (EDT)
Received: by mail-pl1-f197.google.com with SMTP id 90-v6so4014452pla.18
        for <linux-mm@kvack.org>; Thu, 30 Aug 2018 07:43:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=+qTPVKzf+lhK4h/nXP6cgw6G1mAsYcJ5dN3/fmhpEfs=;
        b=Dvh/tsZaGxfpQV+58Ra3LRGBm9PnFhbN9PUCRQSRjl9RxGzJkQLMBgg21miFklnrD8
         9ESby89OusnvJPYlDCFldGANrc9yMHi7rbd2djj5RIMW26VTzcUJd0VKKM8yfEac+kYr
         skF8zV5itmFszRZsVo7xHdlcXlD983ZWMpUz+CwED+qlcLpr24i+8xHi9nLKvNhDbUoB
         M8xnk1uXiylKf9eG+Gz3amaiJUATtZ+7W8n6b5wTb4fkDoHzCWmI8G7yBu72K23zqWsC
         HcZ2+Sz/YUmVauM20vgPOpkzSSHR40ijO1QNt9tnvmvyAiH752RjsDFdXwhmZm2l3Qb6
         pbjQ==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.88 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: APzg51DiwyRBCfXHd3iVZJa9qlvfJvJGZ6Wq7zwa+ltCql5bPwI3hdLI
	kOUPCm6hqCILuv5t9lUm0qD9u6Wb5MZ+1wX6lhFBRTNm5GPlM5z7qs5OLH880leehXRtVGYT53i
	NYEZEzHfmXxCKPeuf7v99q8JWYMhnnds2DN3dwecbXvWdQE0a9s8800OiJo3ilY5bCQ==
X-Received: by 2002:a63:4826:: with SMTP id
 v38-v6mr10138928pga.379.1535640228055;
        Thu, 30 Aug 2018 07:43:48 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdbrCDzkb+iQBsg7CoCT3DIny9ZpGRLdTKf+YJkXizeZki+KY8hgCCiG6oh9kpg4+pzc7VHf
X-Received: by 2002:a63:4826:: with SMTP id
 v38-v6mr10138875pga.379.1535640226810;
        Thu, 30 Aug 2018 07:43:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535640226; cv=none;
        d=google.com; s=arc-20160816;
        b=wifv2IU0/kv9WyQrCGlV6pNj+B4x4UJrzUa3sqIPWIw1FvT6n6qg/Xs+ZVKs4bOVTA
         37DfzO9LDBLLJGER+9Cy/R5dK2AACZ4dRiGE1XbITKyxN/YOWquZTB6+9IqY/o7VHxdX
         7xQLIsi/j9brg9lH5YKtxCf00iCiLyeuGvOPfRoNtK8XxAaMclB7eyCes09srNod1bx5
         V6+qlJCCstPyLcAwRMR/Kc3Td1w+Giz+HgqCbLZ2gsrS5sbqv4j86DCIfxV+EgDgw88h
         RVh2YlVZft7G/RRVF/9snSFyb/GGFoYr7d3v5V68W0VwLEqvbjlNPzu+MTfclv7+H1B6
         lRsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=+qTPVKzf+lhK4h/nXP6cgw6G1mAsYcJ5dN3/fmhpEfs=;
        b=INYwoUAIwF8ttuzWsKF5plqu67EGMIYZt5FBh8/Pv7OrXQoDdf/x8C1on4cLOYMabj
         5j8JNyH0A1nw70fvPPQkQ6y31rnIR70hWTbwMjklAyshdo/Ii4JjVj1UIIfF+I0zia9j
         GjHsoWQGGRfC97UOMInsVKuQqjcjesl+H6M6zTELqam+OwHdvS4W8Q5lyY4qqLXoUpwf
         vLsUfkpJwTUUYlparEvUkSp0PynDm2Q53fkoJtHYFkhrYfvR/jlEiNj5WkS9TT02lpbx
         eLPS510Bi1UoWPkBOyI33siwbD9ZXtQoPWNcBZnJe5AsJZ4itu7uRmgw2QfbKQszRd5P
         Gwbw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.88 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88])
        by mx.google.com with ESMTPS id
 j11-v6si6596431pll.234.2018.08.30.07.43.46
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 30 Aug 2018 07:43:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.88 as permitted sender) client-ip=192.55.52.88;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.88 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Aug 2018 07:43:44 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.53,307,1531810800";
   d="scan'208";a="67186727"
Received: from 2b52.sc.intel.com ([143.183.136.52])
  by fmsmga008.fm.intel.com with ESMTP; 30 Aug 2018 07:43:42 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@amacapital.net>,
	Balbir Singh <bsingharora@gmail.com>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromiun.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH v3 19/24] x86/cet/shstk: Introduce WRUSS instruction
Date: Thu, 30 Aug 2018 07:38:59 -0700
Message-Id: <20180830143904.3168-20-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180830143904.3168-1-yu-cheng.yu@intel.com>
References: <20180830143904.3168-1-yu-cheng.yu@intel.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

WRUSS is a new kernel-mode instruction but writes directly
to user shadow stack memory.  This is used to construct
a return address on the shadow stack for the signal
handler.

This instruction can fault if the user shadow stack is
invalid shadow stack memory.  In that case, the kernel does
fixup.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 arch/x86/include/asm/special_insns.h | 37 ++++++++++++++++++++++++++++
 arch/x86/mm/extable.c                | 11 +++++++++
 arch/x86/mm/fault.c                  |  9 +++++++
 3 files changed, 57 insertions(+)

diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h
index 317fc59b512c..9f609e802c5c 100644
--- a/arch/x86/include/asm/special_insns.h
+++ b/arch/x86/include/asm/special_insns.h
@@ -237,6 +237,43 @@ static inline void clwb(volatile void *__p)
 		: [pax] "a" (p));
 }
 
+#ifdef CONFIG_X86_INTEL_CET
+
+#if defined(CONFIG_IA32_EMULATION) || defined(CONFIG_X86_X32)
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	int err = 0;
+
+	asm volatile("1: wrussd %1, (%0)\n"
+		     "2:\n"
+		     _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wruss)
+		     :
+		     : "r" (addr), "r" (val));
+
+	return err;
+}
+#else
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	BUG();
+	return 0;
+}
+#endif
+
+static inline int write_user_shstk_64(unsigned long addr, unsigned long val)
+{
+	int err = 0;
+
+	asm volatile("1: wrussq %1, (%0)\n"
+		     "2:\n"
+		     _ASM_EXTABLE_HANDLE(1b, 2b, ex_handler_wruss)
+		     :
+		     : "r" (addr), "r" (val));
+
+	return err;
+}
+#endif /* CONFIG_X86_INTEL_CET */
+
 #define nop() asm volatile ("nop")
 
 
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index 45f5d6cf65ae..e06ff851b671 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -157,6 +157,17 @@ __visible bool ex_handler_clear_fs(const struct exception_table_entry *fixup,
 }
 EXPORT_SYMBOL(ex_handler_clear_fs);
 
+#ifdef CONFIG_X86_INTEL_CET
+__visible bool ex_handler_wruss(const struct exception_table_entry *fixup,
+				struct pt_regs *regs, int trapnr)
+{
+	regs->ip = ex_fixup_addr(fixup);
+	regs->ax = -1;
+	return true;
+}
+EXPORT_SYMBOL(ex_handler_wruss);
+#endif
+
 __visible bool ex_has_fault_handler(unsigned long ip)
 {
 	const struct exception_table_entry *e;
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 3842353fb4a3..10dbb5c9aaef 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1305,6 +1305,15 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
 		error_code |= X86_PF_USER;
 		flags |= FAULT_FLAG_USER;
 	} else {
+		/*
+		 * WRUSS is a kernel instrcution and but writes
+		 * to user shadow stack.  When a fault occurs,
+		 * both X86_PF_USER and X86_PF_SHSTK are set.
+		 * Clear X86_PF_USER here.
+		 */
+		if ((error_code & (X86_PF_USER | X86_PF_SHSTK)) ==
+		    (X86_PF_USER | X86_PF_SHSTK))
+			error_code &= ~X86_PF_USER;
 		if (regs->flags & X86_EFLAGS_IF)
 			local_irq_enable();
 	}