From patchwork Fri Sep 21 15:03:43 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 10610257
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4569C15A6
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 21 Sep 2018 15:09:59 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 348862D992
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 21 Sep 2018 15:09:59 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 285762E42E; Fri, 21 Sep 2018 15:09:59 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A6F622D992
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Fri, 21 Sep 2018 15:09:58 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 450D28E0010; Fri, 21 Sep 2018 11:08:54 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3E4A98E001A; Fri, 21 Sep 2018 11:08:54 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E1ECB8E0019; Fri, 21 Sep 2018 11:08:53 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com
 [209.85.210.200])
	by kanga.kvack.org (Postfix) with ESMTP id 5DE478E000A
	for <linux-mm@kvack.org>; Fri, 21 Sep 2018 11:08:53 -0400 (EDT)
Received: by mail-pf1-f200.google.com with SMTP id p5-v6so6676516pfh.11
        for <linux-mm@kvack.org>; Fri, 21 Sep 2018 08:08:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=vXXsumCCPQu82rm5dgLsDNuf4LdMeyXLOXjYtSFPX3E=;
        b=S1g8EkSitBNcxLK7gPUCUnz+KKRwxNjVPM39QECqiDTHZRhxNguBYX66MhpRv8pGbd
         lHPHk4rcY/7nmtGZRoNp01LzRsVouZThK1OOI2zVJlD7bElmwg9D5Mpq6KLm3Pls2XoJ
         JpUUr0sszdKoEDc4E8HwvwieLwo7HEcBIG9zJGlkk6ne3iUhNrzcUd8KAENsOsMV47jO
         6qn/OtJtY8zUn4UPzrsN60Ld8kuSWDW/GIrjV5dU7+xx/nrtNAVJWgDa+rZzDMTojdCH
         gTZ6P3HFwwJj9UHxtd0iNZDoSLl1q/es4GZKxv6HOXgqOfbN43Cqm15O1SmSbzFRCGR6
         Y12A==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.136 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: APzg51AmI1hpYZKmUHgC++YJOpZbHHO2992NCEMv2CeNWNVbBrMELFi7
	tWetogTVBAc027VJuFRJ847KRRHCi4I2f+/kavftx39uNTcPCFyQZTksstNop+tyTe2JtwLR5x7
	zaCPGpQW5y2J3BMYFVJbWfoDYXPLK36ZZ3WdMVGtbPcDyzcXYSOsAPH6P08MwAe/znA==
X-Received: by 2002:a63:26c4:: with SMTP id
 m187-v6mr6919465pgm.268.1537542533066;
        Fri, 21 Sep 2018 08:08:53 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0Vda/yy4AQdETn/3RB+mmLBBRzVMvP9dbjn8vp5G5SDbq7+v1cS8XDZgcFXQIlcq8pyZnJpVU
X-Received: by 2002:a63:26c4:: with SMTP id
 m187-v6mr6919413pgm.268.1537542532147;
        Fri, 21 Sep 2018 08:08:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537542532; cv=none;
        d=google.com; s=arc-20160816;
        b=BtOdVyeiBaan2E4UNnqAv1g/e/aSRwWJ/xay+pQTDECpmAGA5yIOMUUXYOuIisdGyS
         i9Sa6JEIf4PdAEfZFmzwBfIm+bV/wInDvPnSEXqJyhbp4W9rBDmAWKGnou0yxkzJwpPo
         HlTqPbcyrw7DyjSpZCXmfjdKUjbLjum2jXO70L6tHPHCYB+dqyXEqWfEf5Zw+8x58+C5
         /hegGelwQObsgkTKt+iJIlUz3S0iF62Y1RUeNkFK4mvZpwlUVxe028KgVk53IzrewkWy
         bKLo63hoYx1FL8+xC/ZisyfnZCVepMWsLi+H1RBHfIDma+IcYVb1SlRhbFhgJJDWA+vA
         74QQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=vXXsumCCPQu82rm5dgLsDNuf4LdMeyXLOXjYtSFPX3E=;
        b=Y97OVPdID3cduHTHkwfF7YtSFkyj5HiFCfIeS2A3gwduZ1ATRFtJSn1ZggdKTbXRYe
         vEsHxVJriW8PASqgWChtefj8ms86yQy7Ey3pdVHJP5Hq1zlygK6zhn4/2qMk5Rt+RJxF
         oq7mmvNmwQ1447pIXxDEZsBWJRvpFseu0xPZnKQDWWZhR4kZRbWu01JRcJYne1xK68Qp
         0OdlomewuYNIeQReW3N9E4xCsmBqoqKgJ0TOdpVfBLNntxFHHUyQThkvZbyCmxXdfY93
         Kj1idi45JP0789vBobCHILRQo0Vk2PdAhcMj8wU9Q4kSm8NZAFFYfF7GMp3fXvjuymiO
         XLvg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.136 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136])
        by mx.google.com with ESMTPS id
 d11-v6si26378966pgh.564.2018.09.21.08.08.51
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 21 Sep 2018 08:08:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.136 as permitted sender) client-ip=192.55.52.136;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.136 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 21 Sep 2018 08:08:51 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,285,1534834800";
   d="scan'208";a="71856587"
Received: from 2b52.sc.intel.com ([143.183.136.51])
  by fmsmga007.fm.intel.com with ESMTP; 21 Sep 2018 08:08:50 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@amacapital.net>,
	Balbir Singh <bsingharora@gmail.com>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH v4 19/27] x86/cet/shstk: Introduce WRUSS instruction
Date: Fri, 21 Sep 2018 08:03:43 -0700
Message-Id: <20180921150351.20898-20-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180921150351.20898-1-yu-cheng.yu@intel.com>
References: <20180921150351.20898-1-yu-cheng.yu@intel.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

WRUSS is a new kernel-mode instruction but writes directly
to user shadow stack memory.  This is used to construct
a return address on the shadow stack for the signal
handler.

This instruction can fault if the user shadow stack is
invalid shadow stack memory.  In that case, the kernel does
fixup.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 arch/x86/include/asm/special_insns.h | 32 ++++++++++++++++++++++++++++
 arch/x86/mm/fault.c                  |  9 ++++++++
 2 files changed, 41 insertions(+)

diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h
index 317fc59b512c..c04e68ef47da 100644
--- a/arch/x86/include/asm/special_insns.h
+++ b/arch/x86/include/asm/special_insns.h
@@ -237,6 +237,38 @@ static inline void clwb(volatile void *__p)
 		: [pax] "a" (p));
 }
 
+#ifdef CONFIG_X86_INTEL_CET
+#if defined(CONFIG_IA32_EMULATION) || defined(CONFIG_X86_X32)
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	asm_volatile_goto("1: wrussd %1, (%0)\n"
+			  _ASM_EXTABLE(1b, %l[fail])
+			  :: "r" (addr), "r" (val)
+			  :: fail);
+	return 0;
+fail:
+	return -1;
+}
+#else
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	WARN_ONCE(1, "write_user_shstk_32 used but not supported.\n");
+	return -EFAULT;
+}
+#endif
+
+static inline int write_user_shstk_64(unsigned long addr, unsigned long val)
+{
+	asm_volatile_goto("1: wrussq %1, (%0)\n"
+			  _ASM_EXTABLE(1b, %l[fail])
+			  :: "r" (addr), "r" (val)
+			  :: fail);
+	return 0;
+fail:
+	return -1;
+}
+#endif /* CONFIG_X86_INTEL_CET */
+
 #define nop() asm volatile ("nop")
 
 
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 7c3877a982f4..4d4ac57a4ba2 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1305,6 +1305,15 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
 		error_code |= X86_PF_USER;
 		flags |= FAULT_FLAG_USER;
 	} else {
+		/*
+		 * WRUSS is a kernel instrcution and but writes
+		 * to user shadow stack.  When a fault occurs,
+		 * both X86_PF_USER and X86_PF_SHSTK are set.
+		 * Clear X86_PF_USER here.
+		 */
+		if ((error_code & (X86_PF_USER | X86_PF_SHSTK)) ==
+		    (X86_PF_USER | X86_PF_SHSTK))
+			error_code &= ~X86_PF_USER;
 		if (regs->flags & X86_EFLAGS_IF)
 			local_irq_enable();
 	}