From patchwork Thu Sep 29 22:29:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 12994684 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0A0FAC433FE for ; Thu, 29 Sep 2022 22:30:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 693CC8D0017; Thu, 29 Sep 2022 18:30:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 61FEC8D000C; Thu, 29 Sep 2022 18:30:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 448D88D0017; Thu, 29 Sep 2022 18:30:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 34BDB8D000C for ; Thu, 29 Sep 2022 18:30:51 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 0CA4216137A for ; Thu, 29 Sep 2022 22:30:51 +0000 (UTC) X-FDA: 79966569102.13.9A7B38A Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by imf02.hostedemail.com (Postfix) with ESMTP id 6462180012 for ; Thu, 29 Sep 2022 22:30:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664490650; x=1696026650; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=TiT3uy8CkFT3vSQU1URwMBZV8RmBfXFHioOJIpTN2Lc=; b=BK6Pkur37qq+wmGZtDOS2Oq/AJi9kGHYS/wTuqWroqK9SVHvECbPUhsT Eekcq6LEtWYFV2qd5EkDpFAMUS1LNvvcrEbyzQ7Ps6Wpj93keik2uXjf4 L4VLG3wQn/gIio1EKMrjAvTdfEhOwNf5JdajDiEgv85sumkFMf44Ikl9f IFyh1XaYTr37OtNYaocaVJzFSxxl17GgkVn0w/FbNeExMOZbsZA+nzUQ7 rVcW917F7e3BoCOPV1owijos7vG166RXCiA4PwEt3EhgCyujrQH4tuUPY XlpIRJLL4bheskecGhZVppX1/MCTAUbqwy0W2lSTmguvHjBCl1gDOdIQw Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="289207557" X-IronPort-AV: E=Sophos;i="5.93,356,1654585200"; d="scan'208";a="289207557" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 15:30:49 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="691016345" X-IronPort-AV: E=Sophos;i="5.93,356,1654585200"; d="scan'208";a="691016345" Received: from sergungo-mobl.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.251.25.88]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2022 15:30:47 -0700 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V . Shankar" , Weijiang Yang , "Kirill A . Shutemov" , joao.moreira@intel.com, John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status Date: Thu, 29 Sep 2022 15:29:27 -0700 Message-Id: <20220929222936.14584-31-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220929222936.14584-1-rick.p.edgecombe@intel.com> References: <20220929222936.14584-1-rick.p.edgecombe@intel.com> ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=BK6Pkur3; spf=pass (imf02.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664490650; a=rsa-sha256; cv=none; b=tz9qPpYtLp1/0WwQHmaS/+VhlaIApaNZSZuGGcsKR2/8KtJUEfV6dPJU7jwbRrZdqFffbp VC4yjuphzlLgCAPUna19H5LHoO3tHTOgiSkeSFhHkc7wjHh7AZ1nq/yuHHzI/B6uqNMylM KHZ/bA4wpjqsXbaBW564KVfH6rKsWXM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1664490650; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=/p3W10K/8z25RuvbgRy1vxvG6JLf79zbmHkHORIHHV8=; b=bPjsyc17GhbHPifYgBX0QG2D0+hvBgOoRyAycNA4eUdqQLhuj9/KnVesgKnCD7NvRTBmb8 7VRwqCRMFESLJnU2G67743vtn0tRmmLnSRacoG49Msr/g215Lf+9Rm+H4FV2XXv5Wv28On PEguap0eUdbI3iQZlGqwpC0gmmniAYw= Authentication-Results: imf02.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=BK6Pkur3; spf=pass (imf02.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com X-Rspam-User: X-Stat-Signature: m7uoaso59qrtjfhyzwc6trh7kzsggrxa X-Rspamd-Queue-Id: 6462180012 X-Rspamd-Server: rspam05 X-HE-Tag: 1664490650-397974 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: "Kirill A. Shutemov" Applications and loaders can have logic to decide whether to enable CET. They usually don't report whether CET has been enabled or not, so there is no way to verify whether an application actually is protected by CET features. Add two lines in /proc/$PID/arch_status to report enabled and locked features. Signed-off-by: Kirill A. Shutemov [Switched to CET, added to commit log] Signed-off-by: Rick Edgecombe --- v2: - New patch arch/x86/kernel/Makefile | 2 ++ arch/x86/kernel/fpu/xstate.c | 47 --------------------------- arch/x86/kernel/proc.c | 63 ++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 47 deletions(-) create mode 100644 arch/x86/kernel/proc.c diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 8950d1f71226..b87b8a0a3749 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -141,6 +141,8 @@ obj-$(CONFIG_AMD_MEM_ENCRYPT) += sev.o obj-$(CONFIG_X86_SHADOW_STACK) += shstk.o +obj-$(CONFIG_PROC_FS) += proc.o + ### # 64 bit specific files ifeq ($(CONFIG_X86_64),y) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 5e6a4867fd05..9258fc1169cc 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -10,8 +10,6 @@ #include #include #include -#include -#include #include #include @@ -1746,48 +1744,3 @@ long fpu_xstate_prctl(int option, unsigned long arg2) return -EINVAL; } } - -#ifdef CONFIG_PROC_PID_ARCH_STATUS -/* - * Report the amount of time elapsed in millisecond since last AVX512 - * use in the task. - */ -static void avx512_status(struct seq_file *m, struct task_struct *task) -{ - unsigned long timestamp = READ_ONCE(task->thread.fpu.avx512_timestamp); - long delta; - - if (!timestamp) { - /* - * Report -1 if no AVX512 usage - */ - delta = -1; - } else { - delta = (long)(jiffies - timestamp); - /* - * Cap to LONG_MAX if time difference > LONG_MAX - */ - if (delta < 0) - delta = LONG_MAX; - delta = jiffies_to_msecs(delta); - } - - seq_put_decimal_ll(m, "AVX512_elapsed_ms:\t", delta); - seq_putc(m, '\n'); -} - -/* - * Report architecture specific information - */ -int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, - struct pid *pid, struct task_struct *task) -{ - /* - * Report AVX512 state if the processor and build option supported. - */ - if (cpu_feature_enabled(X86_FEATURE_AVX512F)) - avx512_status(m, task); - - return 0; -} -#endif /* CONFIG_PROC_PID_ARCH_STATUS */ diff --git a/arch/x86/kernel/proc.c b/arch/x86/kernel/proc.c new file mode 100644 index 000000000000..fa9cbe13c298 --- /dev/null +++ b/arch/x86/kernel/proc.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include +#include + +/* + * Report the amount of time elapsed in millisecond since last AVX512 + * use in the task. + */ +static void avx512_status(struct seq_file *m, struct task_struct *task) +{ + unsigned long timestamp = READ_ONCE(task->thread.fpu.avx512_timestamp); + long delta; + + if (!timestamp) { + /* + * Report -1 if no AVX512 usage + */ + delta = -1; + } else { + delta = (long)(jiffies - timestamp); + /* + * Cap to LONG_MAX if time difference > LONG_MAX + */ + if (delta < 0) + delta = LONG_MAX; + delta = jiffies_to_msecs(delta); + } + + seq_put_decimal_ll(m, "AVX512_elapsed_ms:\t", delta); + seq_putc(m, '\n'); +} + +static void dump_features(struct seq_file *m, unsigned long features) +{ + if (features & CET_SHSTK) + seq_puts(m, "shstk "); + if (features & CET_WRSS) + seq_puts(m, "wrss "); +} + +/* + * Report architecture specific information + */ +int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) +{ + /* + * Report AVX512 state if the processor and build option supported. + */ + if (cpu_feature_enabled(X86_FEATURE_AVX512F)) + avx512_status(m, task); + + seq_puts(m, "Thread_features:\t"); + dump_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "Thread_features_locked:\t"); + dump_features(m, task->thread.features_locked); + seq_putc(m, '\n'); + + return 0; +}