From patchwork Tue Jun 13 00:11:02 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
X-Patchwork-Id: 13277751
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 35652C7EE2E
	for <linux-mm@archiver.kernel.org>; Tue, 13 Jun 2023 00:13:39 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0F0E18E0025; Mon, 12 Jun 2023 20:12:44 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 02A918E0023; Mon, 12 Jun 2023 20:12:43 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D99A88E0025; Mon, 12 Jun 2023 20:12:43 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com
 [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id B4DCA8E0023
	for <linux-mm@kvack.org>; Mon, 12 Jun 2023 20:12:43 -0400 (EDT)
Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 8A6AA160376
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 00:12:43 +0000 (UTC)
X-FDA: 80895798606.18.B15503A
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf01.hostedemail.com (Postfix) with ESMTP id 614D94000B
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 00:12:41 +0000 (UTC)
Authentication-Results: imf01.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=nfWpif70;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=pass (imf01.hostedemail.com: domain of rick.p.edgecombe@intel.com
 designates 134.134.136.65 as permitted sender)
 smtp.mailfrom=rick.p.edgecombe@intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1686615161;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=0WlSnIOpYVVB1S6QKfwhyiJstnml2qma1WgJwX0ae3s=;
	b=NnUW3tpk6fE4CuU1QuLrfHV1ZRdICt8iGpDsp29pD/yRT/hEHorjJ6zIks3bZkFGT3wD5Z
	eTIfpsBUfRPq7Que7UO0JmMGcBnckOTcfFegwVxSohK4eX1BNqAzz6fqao50vj5rVp5FFo
	N2OT+iiSsUqQmOSXRZNNAQ42ztE91Sw=
ARC-Authentication-Results: i=1;
	imf01.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=nfWpif70;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=pass (imf01.hostedemail.com: domain of rick.p.edgecombe@intel.com
 designates 134.134.136.65 as permitted sender)
 smtp.mailfrom=rick.p.edgecombe@intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686615161; a=rsa-sha256;
	cv=none;
	b=Or9pwnxJU8R+08CMuBDAY5DIho+5d9MsfxMl3L/gxbHvbESqPyrlO+q5Q+Nv8QVCd9CWT8
	36K/6bPfj+I/ISmMey2utMFMk3zgPSyG/UBYijyj/ulQJ23jG8ni06Lq6AiNAMYN1qqR6w
	8XhtCCoCR+f3kECy2Er50ou9DUCHj7k=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1686615161; x=1718151161;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=x/pco2Xet/ihWAT7hysHs+5knwsBlg8L8hAHOHmdlgo=;
  b=nfWpif70VUQQPe19vDAk/ide0uLj1/h5JF21vLyRMjJYby46kd2xeAI9
   IjwwIL5jJ2cJyB2gxNjWlTenEtjd8JPE3WCx/NO7IkpWR83Wte8YnPV5X
   PzfJ8+hjO5zDSBdNCpZeBUW+8dw49EWH13y0kchl+yrNnugk3YN7HyGli
   D/YVkk4ywxvuWR7Kuo5bqysp+qAI3nM5PaJZVmah4mv5fcYzoFVDWqEjA
   BgWwuq7IssL+RPMDEclw3etW4K2MbOja0jyhlSOYd5qNC5FhPGEbDwLrd
   /j86nAHW+bxOKCiOb4X0HEaKQ+QGAYMtDAzBIT+QwIxwWZC+zVtM0ouDX
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="361557522"
X-IronPort-AV: E=Sophos;i="6.00,238,1681196400";
   d="scan'208";a="361557522"
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jun 2023 17:12:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="835671140"
X-IronPort-AV: E=Sophos;i="6.00,238,1681196400";
   d="scan'208";a="835671140"
Received: from almeisch-mobl1.amr.corp.intel.com (HELO
 rpedgeco-desk4.amr.corp.intel.com) ([10.209.42.242])
  by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jun 2023 17:12:38 -0700
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: x86@kernel.org,
	"H . Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H . J . Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	Weijiang Yang <weijiang.yang@intel.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	John Allen <john.allen@amd.com>,
	kcc@google.com,
	eranian@google.com,
	rppt@kernel.org,
	jamorris@linux.microsoft.com,
	dethoma@microsoft.com,
	akpm@linux-foundation.org,
	Andrew.Cooper3@citrix.com,
	christina.schimpe@intel.com,
	david@redhat.com,
	debug@rivosinc.com,
	szabolcs.nagy@arm.com,
	torvalds@linux-foundation.org,
	broonie@kernel.org
Cc: rick.p.edgecombe@intel.com,
	Pengfei Xu <pengfei.xu@intel.com>
Subject: [PATCH v9 36/42] x86: Expose thread features in /proc/$PID/status
Date: Mon, 12 Jun 2023 17:11:02 -0700
Message-Id: <20230613001108.3040476-37-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230613001108.3040476-1-rick.p.edgecombe@intel.com>
References: <20230613001108.3040476-1-rick.p.edgecombe@intel.com>
MIME-Version: 1.0
X-Rspamd-Server: rspam09
X-Rspamd-Queue-Id: 614D94000B
X-Stat-Signature: uianbegcxzb8fo77s7qpjdyzzf71bd3a
X-Rspam-User: 
X-HE-Tag: 1686615161-727282
X-HE-Meta: 
 U2FsdGVkX1+j/l7Ax8NJahfEUI8ap1HPXHyKj7TPTLhibhf1vOb3w284NDlf2cJGxHtQvHNInWj/dPEB+qTPnLYGDAw814jlZ+8NDCWMtGoBfo0f6WqTK9NqwD7XmCOktfbeb4TdGPcD/SetxY/ao3uTDWBDsVvu0q6rjrUbeDC4NLGTQsjKAZNZRItVJKK/2LVNTSaONs7G2NzHBE3OQL9g4Hk467eqXzY1WH8BhI8FSuV0XW1CUnNRrYvifZAj67k7UQNoYa/hYdaJITTqDYupjmu6KVTlPNTmEF6OtfgyhFe3wHLM4BxRTxr9EPbl2vs+LnOEy/l5OXPppk/ThKLV3zH7/4PR+pIgdV4GySkgwu3tP9JxHteTvuyo/35Ve3f11CG7jCEW+oRbYSf0CP1jB+K1xb3bXjlFyZ8Zi5eRzDzLPlikMygZvjo2J3uO3do5zJ6laDeHxteX4swYE97PnVXk7Qw9ENcRZeA9FxqVhLDOoKZjy/Gkz8yzi8HEtTAs6mdnyHS28W4qwtOUTqzInsGeOn33zVlPXkYqgTRQls1Op1TaLSvfvhCMM6YGMTBvuEzj3yFHH/Kp1BW6v03uxUloGwB6ndN568Suun1wyLQoUJy4D2JYdPCd3a9iuMWmz05sYOIooedEQKswxw5cFDTozmhOh5llknZW7+RQdvxiBYttlyEF4WHwb2wc4L3eEp8J2aMudE2D0W9eVVv8gKtZ28ejpQVuxXuf3RgLoqheVMeB0fLdP38QbIxrcYjH9vkif/ms3LCPxoO1IXa3Sm3yykw/Cc5kMsrV9Z1DTvW3p0KwwOszpgQkNK3kqv6DWHmEzUZPrVSe6Js9jV0AIDVSkUqSFJJUBSTONi2Twv/lchnNHzWJAWKI4E8WXwhUERdle3wCqxejCwnHyXcY6vFyYmIjB7nW4h8G7oOPJ+RcJ5PKzQMsRgBei69sobHuUdV97tTrhXIJTlX
 H8jkE02M
 8tSAc/Er2weUdSpTJie9/VNd33gHPRacHlW5OwgLgzd2jsUk0ZuYQthvt6JtedUfXUldjTEk8cecdxbF1OtdmtyC6OjrAu8N9hyhO6WJc0a7NDkYrOQTuiRwMY39s/CTlGpHadJ4DPsTkSkwe+vJg2JYnhLdxFKSCNknwJFchtLRMhjKRMaxpQgn/5dtjq7RufghbJL/gLorwAagkVn9CoFLdLBKGFrBNPK2W61OQZ5HYfy33panlk/BYPT/EULKoMbz/JwESTGjNsVQmWkt7swfGoNLILmOV8cd7g5BqwFWuTJX/idtU9NlfTN8ZYkYig0wPg/YE+fEKLtrOa8P1RG1UbrS+hAsjVUu38GU5nACAMp+tPcwrCB8h0LNNSCLBQ7R/ol4vNXBxQZMjW4PvJlZHxFBEPJhtQtt6
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Applications and loaders can have logic to decide whether to enable
shadow stack. They usually don't report whether shadow stack has been
enabled or not, so there is no way to verify whether an application
actually is protected by shadow stack.

Add two lines in /proc/$PID/status to report enabled and locked features.

Since, this involves referring to arch specific defines in asm/prctl.h,
implement an arch breakout to emit the feature lines.

[Switched to CET, added to commit log]

Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++
 fs/proc/array.c            |  6 ++++++
 include/linux/proc_fs.h    |  2 ++
 3 files changed, 31 insertions(+)

diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c
index 099b6f0d96bd..31c0e68f6227 100644
--- a/arch/x86/kernel/cpu/proc.c
+++ b/arch/x86/kernel/cpu/proc.c
@@ -4,6 +4,8 @@
 #include <linux/string.h>
 #include <linux/seq_file.h>
 #include <linux/cpufreq.h>
+#include <asm/prctl.h>
+#include <linux/proc_fs.h>
 
 #include "cpu.h"
 
@@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = {
 	.stop	= c_stop,
 	.show	= show_cpuinfo,
 };
+
+#ifdef CONFIG_X86_USER_SHADOW_STACK
+static void dump_x86_features(struct seq_file *m, unsigned long features)
+{
+	if (features & ARCH_SHSTK_SHSTK)
+		seq_puts(m, "shstk ");
+	if (features & ARCH_SHSTK_WRSS)
+		seq_puts(m, "wrss ");
+}
+
+void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task)
+{
+	seq_puts(m, "x86_Thread_features:\t");
+	dump_x86_features(m, task->thread.features);
+	seq_putc(m, '\n');
+
+	seq_puts(m, "x86_Thread_features_locked:\t");
+	dump_x86_features(m, task->thread.features_locked);
+	seq_putc(m, '\n');
+}
+#endif /* CONFIG_X86_USER_SHADOW_STACK */
diff --git a/fs/proc/array.c b/fs/proc/array.c
index d35bbf35a874..2c2efbe685d8 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -431,6 +431,11 @@ static inline void task_untag_mask(struct seq_file *m, struct mm_struct *mm)
 	seq_printf(m, "untag_mask:\t%#lx\n", mm_untag_mask(mm));
 }
 
+__weak void arch_proc_pid_thread_features(struct seq_file *m,
+					  struct task_struct *task)
+{
+}
+
 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
 			struct pid *pid, struct task_struct *task)
 {
@@ -455,6 +460,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
 	task_cpus_allowed(m, task);
 	cpuset_task_status_allowed(m, task);
 	task_context_switch_counts(m, task);
+	arch_proc_pid_thread_features(m, task);
 	return 0;
 }
 
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 0260f5ea98fe..80ff8e533cbd 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns,
 			struct pid *pid, struct task_struct *task);
 #endif /* CONFIG_PROC_PID_ARCH_STATUS */
 
+void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task);
+
 #else /* CONFIG_PROC_FS */
 
 static inline void proc_root_init(void)