From patchwork Sun Mar 19 00:15:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 13180163 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04EF7C77B6D for ; Sun, 19 Mar 2023 00:16:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8B36D280022; Sat, 18 Mar 2023 20:16:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 70147280001; Sat, 18 Mar 2023 20:16:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 468B1280022; Sat, 18 Mar 2023 20:16:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 2F8CE280001 for ; Sat, 18 Mar 2023 20:16:56 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 071D1A02F7 for ; Sun, 19 Mar 2023 00:16:56 +0000 (UTC) X-FDA: 80583732432.05.75C6550 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf26.hostedemail.com (Postfix) with ESMTP id 06FD9140003 for ; Sun, 19 Mar 2023 00:16:53 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=P7GzbI+X; spf=pass (imf26.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1679185014; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=NjfnKDB6b0HKeEX/PKHPZraQnlxUrPOXKdybnz7FfaU=; b=PI/aQd7SpmnwS4s35Lp0fe8fvfy4QbxcAW5xdyxe83+WKc2M4j3xQo/zv0Kq73PZitK+6x xAym0gW/xGT6HMMWKukdNV/ATsMYud16syBiYdbkc87ugE3KziYttTvGrRNJ7FVe28IYE7 t5DLez3Y4yKoBs/j7wPTX8HajNBNDg0= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=P7GzbI+X; spf=pass (imf26.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679185014; a=rsa-sha256; cv=none; b=2QmoyY9fHFm/b9JKAmWOB2dwTZd3RcyIBARjmKXV2c4JVxLipUZogtAt/sEARJxpuHrT85 ygfpP/xZyMjiROQ/Rhw50wJ0TV9/p8+8EyOq06Zh4l1nMb1jNE6AmXzhDjemCVzXDhxk3Z YfcXwzD+E2EnlGMPaaYGLPo74u2yKKk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679185014; x=1710721014; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=SZKEydO4/dqCRXo76Ax/xNMIP87QKuRYX84LlmCxycM=; b=P7GzbI+XgPTG+LypVqNk7fSnc3uGjHbrjYn4ZcfTDNT41DPYUiz9X99G z/RiQ8YRiWhVM5fOkBkpu6NxF+PUuj2yyb8iUSnyLB6znDjgeIPTHEC+W Kg2B9LxZYbu43kz8JknLOpOHj1W6WngIuJo0DCr55kmjVUi7R4Y8Xxmjs goywl4vWoHvdeDMuRAGx19LIpkOJBM9ikYTIuaFhwfQdjF7jDhqa4oDy0 NJ/sK6J8Fb61u+KSiF9+/GC8SRha6M08yPQNjEc4ne2AAudNLrHKxGlzZ jz04fO3GkDM01l5527wGHZW6XgwVO1Ms2+tGuXHMhRpO7S0lCvqtfyxi3 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10653"; a="338491524" X-IronPort-AV: E=Sophos;i="5.98,272,1673942400"; d="scan'208";a="338491524" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2023 17:16:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10653"; a="749672980" X-IronPort-AV: E=Sophos;i="5.98,272,1673942400"; d="scan'208";a="749672980" Received: from bmahatwo-mobl1.gar.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.135.34.5]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2023 17:16:51 -0700 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com, szabolcs.nagy@arm.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v8 35/40] x86: Expose thread features in /proc/$PID/status Date: Sat, 18 Mar 2023 17:15:30 -0700 Message-Id: <20230319001535.23210-36-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230319001535.23210-1-rick.p.edgecombe@intel.com> References: <20230319001535.23210-1-rick.p.edgecombe@intel.com> X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 06FD9140003 X-Stat-Signature: mwzf7dksk6bxuc9h6r9bf9rhrtw6pt45 X-Rspam-User: X-HE-Tag: 1679185013-182694 X-HE-Meta: U2FsdGVkX18t1IWUOjWEr9ChM/SmFu1eBfWoqzRaKLvmWmpbYZrpsq1pdulDXPnACRlAV7Xq/68nPeYQWxew4SgHDSvBSIyF8lEW65Tt0sdTeWuXRJXkzByG4FUpTQlXIFijmOz/LhVNZheRBEzuBubiXFvu4aTh0uDRjjhFiGiSAMMyNFVxwZnDg77qfCTq0sKTsUwLvxtj093WqqLMCqufS8dfeF3bZzwQDXQ8O5p+OObhBMPCpsd2pXPhPEwB4/e33GAfwP+MWpf+Ri4xAH9zmlqvhtO8qF0+G6a1uFTc1bjXq9+c6u8VmGJ/yVM7fBHSeAPDc7pr+83+Or88l+MeXtcQrns9q/uRbC10UOgABmkLjfGxCekwrzt+DOGaqRjur81cLpXLQSliIY0v9FYn/Z5x/9TPIarBTp1VqOvOLLCcLQL9HYXcbx2olwRibp5orX/qnlNwR5aDqdEgznsoGxsLbpC67V5HqsHPy2jZQbUXQjlVjFA4NVveUbWS9EaC/DKquVotZH7mJaLn6VCal260LQeeUrVw2QMh4ozgRF9lECvi2pNFBnMSiLBO0zETsuTkkYZK+AmoVkF7n2GtCRnA7NRh38s0avHP0dlGypVvWjjiUY+dmf3XHP/DfEsRlcrstFcsfdF4Rpjyh4jA0dqFO0ndJgPUojU6Hl+ulqOu8S9JohT3NMw4OOGUxKHMKZ8gEcSOfd8HSWEjOd2f8h9ocHqE/CS2K9AQU811iedfibB+pdpbsLnlNBHmpYgOoMSTBp7u689GVOhzAzPvUoIB26xLRX2ugaghJCAh58wSSF5bUsO42vFU2OcbfVgbsIfc6NUBw1VTgCGYt8eeNFef58aw81e1AezSjJpk/pO9cbafIUr6hJyXwHbG1AiQT9ss3XPvg6K+t0B4xRox2R1IITz2lSo8jFm9nPKyBf+t0eadeY8vuCTS9hbvOZ8sUAX3JrKjeCeDpfe VxKDdjQ+ wW5Ro4zwPBkpEcw1bNnbmQK71p6miWV6W4Lj3DH1fnfi20dcvx7ltw79pb0I7te3qptmSEHSniyIH3Q2QyMLR6PmjfvyknMyacI60svXYnd03/PSKPwFClBQIl8ON/W58kJVLWNH+AP5Yedcdl0YvRkitjRVO1HugVNJK4mDyBLNIRxM3sWSN7foK1pyD1yxK+ExEbSHEcm7xpAWPM2rcWWLqQpcFu7CTBp7+/B54DkJN6qEj/9M73eEv6cPbkbFLNGfnCn4delSUfYVAhsGnita+o/Zw7ZuFodH8wWDCZDxlvIJr5/IHufLKWZTn8vFEbt/0WT0ikiB65eoPPxdKFGVE56/P56phZ5ni0cYdSN2LLKOP9929ei6kDkngmOyxzYVELOznWO22twc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. [Switched to CET, added to commit log] Co-developed-by: Kirill A. Shutemov Signed-off-by: Kirill A. Shutemov Signed-off-by: Rick Edgecombe Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook --- v4: - Remove "CET" references v3: - Move to /proc/pid/status (Kees) v2: - New patch --- arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0d96bd..31c0e68f6227 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index 9b0315d34c58..3e1a33dcd0d0 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -423,6 +423,11 @@ static inline void task_thp_status(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "THP_enabled:\t%d\n", thp_enabled); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -446,6 +451,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 0260f5ea98fe..80ff8e533cbd 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)