From patchwork Fri Sep 21 15:05:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610297 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7F9A214BD for ; Fri, 21 Sep 2018 15:11:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 70A062E448 for ; Fri, 21 Sep 2018 15:11:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6E4152E52A; Fri, 21 Sep 2018 15:11:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 022EA2E51E for ; Fri, 21 Sep 2018 15:11:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 58EC58E0024; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 543328E0023; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 406138E0024; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id F2AD18E0023 for ; Fri, 21 Sep 2018 11:10:29 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id v186-v6so4776668pgb.14 for ; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=9ge0BToENFLkDFx5+uBu/yHmjAvnoFdBtu1gWRK9/M0=; b=EQ75kn0NIjADTIqPIqFP9iwQf3xX6ek4HbPnUdRnwGuGNE57opWYvl2REOnq4lkmjJ RT2/3RHajRt2z7sYE8IUDIj0o4t14W5YyW32Q00WlYnkVda+OVKnPAiGBsHRbawngLbk 8RNIw/k3bZcZEmx2lBuGdkhhfqnAsdaAQQ0JP0UMtVwceyfgnkJdMNlKSswpT5Ia32/r yeHVQrQLxgq8sz6rCR7D+2woN3L8voCK429uBfEh++4KC858HKfNbbyjydqc6tY9rvst bdvREN/cfAHaJFMbqdBpuuqExQIqeG+ffxTv37+qaAGmXjGIe7incaYKEalLuiCd7C+z SGLg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51Cga9fQAkQvQedVR2klaQkmvXqU1vNfjPhkzgp39B3oWXcqhzJt 2YqMb++yYoed1+IMaOUJSXiL/awVseIThDj7qU5+Ta6kFxuTIwAjrFNcSv+pXd4EJH3TBbpTQfw bX/7YCroJX+npt2qRfSqERDOiSzxnp74t4WHkjq3xnfSE6RKTC/4HMmDSES4FteTOHQ== X-Received: by 2002:a62:6711:: with SMTP id b17-v6mr47234256pfc.243.1537542629668; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdafwLelzMiduygTnnBG8EquDiavcHOb/XGgtQPJ5l8DBpzjN28t8D230jAE3BKe6YYX6O6U X-Received: by 2002:a62:6711:: with SMTP id b17-v6mr47234173pfc.243.1537542628412; Fri, 21 Sep 2018 08:10:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542628; cv=none; d=google.com; s=arc-20160816; b=wo0uJnkaMHwJ2aBmvno8DDZo7HS2s2pR3WnG+NWpOpdIFtwRQAYlIcJgPZbAsZLEnl O4Lia2CS9OdApC7CTLDEgzxeKta3kQBv9UugvusdF6lAkvyiEnASxPYxEiE8G8FXMpV9 4BlxcMtPIhEW3Qu1wK7FH+dt0l+YV/M71ZXNh91V8ZH/kXS+yRCe0js0cX9CIyDLZBVN oiXZJyyOY4GJkLwwvmDQTurNFtm8xf9dyGSrp1Rexx1IESIvaOwnpZSGk/c/TdM6M2OF NEp2A0atUScRnl5Gh/jQi/vgi2FD+5DaoxNCukLSVOQo7w93uRlx/ErV+1CW/RIIq4yA VgdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=9ge0BToENFLkDFx5+uBu/yHmjAvnoFdBtu1gWRK9/M0=; b=LnestYi7+WGPqvrEXPW6WRo8EFOGsXcxEx1rgvdxp1FfJ4Q7YQS70GijHgCdFKdNyO ZvyKa05MRqs14JzjDQFNatgA9yi09892ft3op5fdMHO3CXK8nScb7VL9AVRHmv2wVJrv jb4x4nUG+HfgYIwgdeSDImPUDdkaRtM8HbrOMGCCmuSYRfiIaXXpWsYHnZ18npfCnlYv +fZVc2AKEfen+bJB5sUT0hK+G2j5V9Ow8SJyvqop4HjSYFPulLlIj1tBvh2c6iHlNAFV iNktrFuNilY7awhwWD9+bWnj8nEXVnbFZS25/nt/Esh0RirI1KdVQ3968VG/RaBRd8wp wOuA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id g16-v6si2805450pgd.354.2018.09.21.08.10.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:28 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187961" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:27 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 1/9] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking Date: Fri, 21 Sep 2018 08:05:45 -0700 Message-Id: <20180921150553.21016-2-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The user-mode indirect branch tracking support is done mostly by GCC to insert ENDBR64/ENDBR32 instructions at branch targets. The kernel provides CPUID enumeration, feature MSR setup and the allocation of legacy bitmap. Signed-off-by: Yu-cheng Yu --- arch/x86/Kconfig | 12 ++++++++++++ arch/x86/Makefile | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 6377125543cc..2a0ff538a229 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1941,6 +1941,18 @@ config X86_INTEL_SHADOW_STACK_USER If unsure, say y. +config X86_INTEL_BRANCH_TRACKING_USER + prompt "Intel Indirect Branch Tracking for user-mode" + def_bool n + depends on CPU_SUP_INTEL && X86_64 + select X86_INTEL_CET + select ARCH_HAS_PROGRAM_PROPERTIES + ---help--- + Indirect Branch Tracking provides hardware protection against return-/jmp- + oriented programming attacks. + + If unsure, say y + config EFI bool "EFI runtime service support" depends on ACPI diff --git a/arch/x86/Makefile b/arch/x86/Makefile index b28842b80295..ff652bba849f 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -159,6 +159,13 @@ ifdef CONFIG_X86_INTEL_SHADOW_STACK_USER endif endif +# Check compiler ibt support +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + ifeq ($(call cc-option-yn, -fcf-protection=branch), n) + $(error CONFIG_X86_INTEL_BRANCH_TRACKING_USER not supported by compiler) + endif +endif + # # If the function graph tracer is used with mcount instead of fentry, # '-maccumulate-outgoing-args' is needed to prevent a GCC bug From patchwork Fri Sep 21 15:05:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610311 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A98D14BD for ; Fri, 21 Sep 2018 15:11:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E8D312E4E5 for ; Fri, 21 Sep 2018 15:11:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E65582E550; Fri, 21 Sep 2018 15:11:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 53F042E4E5 for ; Fri, 21 Sep 2018 15:11:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7AFC98E002B; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 762E38E002A; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6053A8E002B; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 1EFF28E0028 for ; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id d1-v6so6706815pfo.16 for ; Fri, 21 Sep 2018 08:10:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=19kvAQGrLEU6DwDdanz0hEuJCCTFazxdJr+BJdT9MqE=; b=gg762d/M4FBiXpEAW9ZP/RN/uh2xBRP7zyz4Mhl2QvxV84DIqm1PjmYscpbPEn5oiC 4vyHe4+9i5Rqtg2YtJlkc4Y17kmlDGolniZU74ZIOuGvlrCeGmgCvW5lzX35pJNMWRtF DmapjaAUMS8ldAb3dYYuDnvTAGbfXTAlShRuZRvceO6opqtz/nhp9f9LgPco8vYiItUO zIp7agAs75jFuhmsJLiGgu0HGLoVzgZR7iQA1rgZc3a3QGTOK5xvDoOFLHS4pP2XY2J2 byE1/HMfzcc7z/b6lSqYYXiZmJK4AVWTGglathesnkCi4NaH/W/S0rFFQ4nz0zULGLNu LmMA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojegpOcqLSOyq5sapysjVvUYNpEaFghXT9OGGCqDwBAzJmeb7lP ymHgg7JCRLI/xPT/05m4ok9EX76TD2Ihjg3EWYjKfzAuhzi2XNYCDaNn3Lk2BFQBeIICRO8FHOX aEJlayuNhDJZ5JU5vdoFstYzyd4S62l7fOB3ZRxKWrz1vockOIzacHkfG6GsuXUgFOg== X-Received: by 2002:a17:902:24e7:: with SMTP id l36-v6mr2211288plg.234.1537542637793; Fri, 21 Sep 2018 08:10:37 -0700 (PDT) X-Google-Smtp-Source: ACcGV63T//fmeKkol/Ms0gJeKQWQJx3mnDyXflfrfcOlSEmu6Xtc6U6hHC6osix+JszoHu85RG19 X-Received: by 2002:a17:902:24e7:: with SMTP id l36-v6mr2210659plg.234.1537542628747; Fri, 21 Sep 2018 08:10:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542628; cv=none; d=google.com; s=arc-20160816; b=EZAw6en9mAi0hQK1lsvfeeyCV55ZX9RBhQcXrLrGyhRYXWZ38frp6/hYjh04mLypeY 5c5iCf6woJ/XFcyJa+4RkDDSibf6K5XcX6sjdATT74RqwMI5quvxZTHjgfK2nztVfxNj e9v6BHUQnyTSeuvJvHiqzEJmmnwZSY6eUKio/jbrHzs1Mkm7roEJ1+nTIQ8M8K+qluYR meoyXMGJX6vWe0v3sEo0s/5h58eKgWzhonvZurt5ow9RAwuqgup7juB0CwvKrs1KpHrH //ROS4PEqQrXkJUAPAbhjLpOv/R4RgF7Zczukz4l5NUX4Yoa8w46CSTCwwjZHYiIYlOp BIyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=19kvAQGrLEU6DwDdanz0hEuJCCTFazxdJr+BJdT9MqE=; b=eBrIH8VBWE4dffpyRNujLARDMWEBTLDh3A0vS2kT0mChVwsGe4MS+2AfiA7S8q9pDH t43/cwofGHixF88vth8MKXE7ObpsqCz+6Dana4zxN7XnnYYZTVsfo5hMdFvNULJB6P5k goImOsswSN8fDeCd1CTaCE+IhNC2fpwg9lFNSsezmiK4e7fLcrTejrp0BBJOBfunHW4X E2Nzt13ptVeqzLWSEtVYRM3vmjhOU+X3YmdRFK/kMI+BPgdykD4y/fxlPRnSuBoLaMzz IA4CtHqQUcpN7bhntTNZk+KqPZ56/8V/sdJIrpAb/s1m1WymxEzGg0aML6+MczsvIyqH H1Ag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id g16-v6si2805450pgd.354.2018.09.21.08.10.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:28 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187965" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:27 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 2/9] x86/cet/ibt: User-mode indirect branch tracking support Date: Fri, 21 Sep 2018 08:05:46 -0700 Message-Id: <20180921150553.21016-3-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add user-mode indirect branch tracking enabling/disabling and supporting routines. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/asm/cet.h | 8 ++++++ arch/x86/include/asm/disabled-features.h | 8 +++++- arch/x86/kernel/cet.c | 31 ++++++++++++++++++++++++ arch/x86/kernel/cpu/common.c | 20 ++++++++++++++- arch/x86/kernel/process.c | 1 + 5 files changed, 66 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h index 212bd68e31d3..1fea93fd436a 100644 --- a/arch/x86/include/asm/cet.h +++ b/arch/x86/include/asm/cet.h @@ -12,8 +12,11 @@ struct task_struct; struct cet_status { unsigned long shstk_base; unsigned long shstk_size; + unsigned long ibt_bitmap_addr; + unsigned long ibt_bitmap_size; unsigned int locked:1; unsigned int shstk_enabled:1; + unsigned int ibt_enabled:1; }; #ifdef CONFIG_X86_INTEL_CET @@ -25,6 +28,9 @@ void cet_disable_shstk(void); void cet_disable_free_shstk(struct task_struct *p); int cet_restore_signal(unsigned long ssp); int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp); +int cet_setup_ibt(void); +int cet_setup_ibt_bitmap(void); +void cet_disable_ibt(void); #else static inline int prctl_cet(int option, unsigned long arg2) { return 0; } static inline int cet_setup_shstk(void) { return 0; } @@ -35,6 +41,8 @@ static inline void cet_disable_free_shstk(struct task_struct *p) {} static inline int cet_restore_signal(unsigned long ssp) { return 0; } static inline int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp) { return 0; } +static inline int cet_setup_ibt(void) { return 0; } +static inline void cet_disable_ibt(void) {} #endif #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 3624a11e5ba6..ce5bdaf0f1ff 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -62,6 +62,12 @@ #define DISABLE_SHSTK (1<<(X86_FEATURE_SHSTK & 31)) #endif +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER +#define DISABLE_IBT 0 +#else +#define DISABLE_IBT (1<<(X86_FEATURE_IBT & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -72,7 +78,7 @@ #define DISABLED_MASK4 (DISABLE_PCID) #define DISABLED_MASK5 0 #define DISABLED_MASK6 0 -#define DISABLED_MASK7 (DISABLE_PTI) +#define DISABLED_MASK7 (DISABLE_PTI|DISABLE_IBT) #define DISABLED_MASK8 0 #define DISABLED_MASK9 (DISABLE_MPX) #define DISABLED_MASK10 0 diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 1c2689738604..6adfe795d692 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -12,6 +12,8 @@ #include #include #include +#include +#include #include #include #include @@ -283,3 +285,32 @@ int cet_setup_signal(bool ia32, unsigned long rstor_addr, set_shstk_ptr(ssp); return 0; } + +int cet_setup_ibt(void) +{ + u64 r; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + rdmsrl(MSR_IA32_U_CET, r); + r |= (MSR_IA32_CET_ENDBR_EN | MSR_IA32_CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, r); + + current->thread.cet.ibt_enabled = 1; + return 0; +} + +void cet_disable_ibt(void) +{ + u64 r; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return; + + rdmsrl(MSR_IA32_U_CET, r); + r &= ~(MSR_IA32_CET_ENDBR_EN | MSR_IA32_CET_LEG_IW_EN | + MSR_IA32_CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, r); + current->thread.cet.ibt_enabled = 0; +} diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index bffa9ef47832..230f65ee881e 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -413,7 +413,8 @@ __setup("nopku", setup_disable_pku); static __always_inline void setup_cet(struct cpuinfo_x86 *c) { - if (cpu_feature_enabled(X86_FEATURE_SHSTK)) + if (cpu_feature_enabled(X86_FEATURE_SHSTK) || + cpu_feature_enabled(X86_FEATURE_IBT)) cr4_set_bits(X86_CR4_CET); } @@ -434,6 +435,23 @@ static __init int setup_disable_shstk(char *s) __setup("no_cet_shstk", setup_disable_shstk); #endif +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER +static __init int setup_disable_ibt(char *s) +{ + /* require an exact match without trailing characters */ + if (strlen(s)) + return 0; + + if (!boot_cpu_has(X86_FEATURE_IBT)) + return 1; + + setup_clear_cpu_cap(X86_FEATURE_IBT); + pr_info("x86: 'no_cet_ibt' specified, disabling Branch Tracking\n"); + return 1; +} +__setup("no_cet_ibt", setup_disable_ibt); +#endif + /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 251b8714f9a3..ac0ea9c7e89f 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -137,6 +137,7 @@ void flush_thread(void) memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); cet_disable_shstk(); + cet_disable_ibt(); fpu__clear(&tsk->thread.fpu); } From patchwork Fri Sep 21 15:05:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610315 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6434815E8 for ; Fri, 21 Sep 2018 15:11:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 552002E45E for ; Fri, 21 Sep 2018 15:11:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 52AD82E4E5; Fri, 21 Sep 2018 15:11:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E24AB2E55C for ; Fri, 21 Sep 2018 15:11:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9AA138E0028; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 917D08E002C; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6A2278E0028; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id 26FE98E002A for ; Fri, 21 Sep 2018 11:10:38 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id g9-v6so5795633pgc.16 for ; Fri, 21 Sep 2018 08:10:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=hBcH5DA3/9CPjXEnDP6a+Vqekbjnf4bFOs5utUIsqPg=; b=UIsernYjQOymko2a70geuavrEW6mJlZzfXNs8sa+Sz3A2B8wEg2QU1o3dvH/kiQRsr Wz7LKRcpdozsmPnxNf1EnLOc7paOIGHYGOaOLBBQEqGb7uxQztKcRkM/CwYHsHWWusbB diQyD7UY6wsj9h4MLv9L8rgcfxfa+F5sUuruKZqXUEEsKhmRH77htkqGQzF7IDfVSAxv SmUeTu2D4hd/VDmqIo7j+5cAXQgFZbUtQnBiLFHZ5Mw3ja2Ut2GUOSlSqPpdMV6KIKrl Pz1DyUr9vYnItOF0yH2M7lZ+hzj31sb9fMUoVNWJ3gmiItSbh+tD0/NbzzPwsIPk57kw NuOA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51DctZGN0CoUaMSgdmbRv7BQNP961tWKlEye0Suntsswsa09SZUo V4tPysJM/CgQUp5hkkz4Tmy1RLWLqCj/zSm9NfjZHeJE6BL7BLRL4B+AcY8V/+wcyr0fxvDfKvY R4vVhKC6HiNr0wazGi+r60CekKXLRPA89q8FWTQsXgWI4pPPAy782gViK1ACGmiN84Q== X-Received: by 2002:a63:b95e:: with SMTP id v30-v6mr41371397pgo.221.1537542637840; Fri, 21 Sep 2018 08:10:37 -0700 (PDT) X-Google-Smtp-Source: ANB0VdajjAkxU4j5ZbdPELzDWI5QPr1j3nd7cpnmTXNRwAUBx8oKr2mwJ3d8BglFeoM28QbeBw2u X-Received: by 2002:a63:b95e:: with SMTP id v30-v6mr41370866pgo.221.1537542629102; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=OlTMfDvqMVt0HTZZMykf75WX8xwo+s1L00OYHOxCeLMLsIzq5/WriSMszHenHG0NvK ob1QMenPmbKO+Y/1xJLo/gy9ID4sVPLpopffYS105t7STDl/j4eotykAvWQ+A8WzJgEd 6DmKYwR9ckSJyJ67/fSSOQFGQQ6jd0Nxb0SSGel3XkpFxndkENAFME2J39FYyoNup19V PtmWFY+X0f5HsmWgvm//J4ncn0q6tgFdWMkPHnGNZeg6Hocm6G9uBobGyzZF5CYC5dT4 5nIGGTP774Tl1ubsrDltdkDORJu4OAg1/oeRmiqoWpu1cwEccCoAm2aIYm8Fapb9Dga9 J1vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=hBcH5DA3/9CPjXEnDP6a+Vqekbjnf4bFOs5utUIsqPg=; b=Z1Eldr4esd/FaCKqzGqHs0OH1weLg1GtFPBd5PH5jg9JFSSnuhLdaXAzUeQ21tac3H t1WIX/xn23jxuR4xhZwDL2z2vST846vFLxmVn/AyCCOXbZDPE8ctUgQOjZZPbgrDkXH5 p0u0O0mQf0Hfw1OTQgLhkxtI/nCQN13zsVnw4p8jaXDFmunZtXv8fSCkVmopQn94tGEl soerhwW9t3X1UhixNyCopbgDoEWFa+QJEIaKwW9pVi8O3vJGWpgMwfSVy4wg8XOQtK4S w7/s+KaP5PXTMsnMLSHJ2Fqlb4VVOq+zZ6nEUbFRpX7baKOasy6R9G2buj6CKYU8+84J 4grA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id g16-v6si2805450pgd.354.2018.09.21.08.10.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:27 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187968" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:27 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 3/9] x86/cet/ibt: Add IBT legacy code bitmap allocation function Date: Fri, 21 Sep 2018 08:05:47 -0700 Message-Id: <20180921150553.21016-4-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Indirect branch tracking provides an optional legacy code bitmap that indicates locations of non-IBT compatible code. When set, each bit in the bitmap represents a page in the linear address is legacy code. We allocate the bitmap only when the application requests it. Most applications do not need the bitmap. Signed-off-by: Yu-cheng Yu --- arch/x86/kernel/cet.c | 45 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 6adfe795d692..a65d9745af08 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -314,3 +314,48 @@ void cet_disable_ibt(void) wrmsrl(MSR_IA32_U_CET, r); current->thread.cet.ibt_enabled = 0; } + +int cet_setup_ibt_bitmap(void) +{ + u64 r; + unsigned long bitmap; + unsigned long size; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + if (!current->thread.cet.ibt_bitmap_addr) { + /* + * Calculate size and put in thread header. + * may_expand_vm() needs this information. + */ + size = TASK_SIZE / PAGE_SIZE / BITS_PER_BYTE; + current->thread.cet.ibt_bitmap_size = size; + bitmap = do_mmap_locked(0, size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, + VM_DONTDUMP); + + if (bitmap >= TASK_SIZE) { + current->thread.cet.ibt_bitmap_size = 0; + return -ENOMEM; + } + + current->thread.cet.ibt_bitmap_addr = bitmap; + } + + /* + * Lower bits of MSR_IA32_CET_LEG_IW_EN are for IBT + * settings. Clear lower bits even bitmap is already + * page-aligned. + */ + bitmap = current->thread.cet.ibt_bitmap_addr; + bitmap &= PAGE_MASK; + + /* + * Turn on IBT legacy bitmap. + */ + rdmsrl(MSR_IA32_U_CET, r); + r |= (MSR_IA32_CET_LEG_IW_EN | bitmap); + wrmsrl(MSR_IA32_U_CET, r); + return 0; +} From patchwork Fri Sep 21 15:05:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610299 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D3D614BD for ; Fri, 21 Sep 2018 15:11:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2D8FD2E429 for ; Fri, 21 Sep 2018 15:11:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2B4B22E4E5; Fri, 21 Sep 2018 15:11:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7A232E4C4 for ; Fri, 21 Sep 2018 15:11:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AC7D38E0025; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9D3C08E0020; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8C4AB8E0023; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 39E148E0020 for ; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id e8-v6so6311128plt.4 for ; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=Tne72t5xNUAu7cmJjXTyttB7FmSRY0YU7pN2zREygVM=; b=sLaPyKqzrTQftlOuQk1srS/ADsezovmPnhWGZukmqFootRG6q9ElE7Rjtr8jzSP8gq 3FaWBWys9QDo/TmOlOilOLRbC6fX0zcQaCpZK5nH2Z8xdNOJeuROf759lExEEzD0hk8s JLdKA82YGEZHZWWD71oral9zUnrIr7rNiwe8jAKp565UDMPiPWJFUmFY7EcQ3+byJlaK GEkGB/OcMwzrwQG93JzSckLFwrImm6+a2IeOee+DN2gjwT8DNhUJigfAN6uhEefXrU8v MoFXA9A82n22FQKj410Yny2/+hUXACWDcjMV5VwA8nm4Q9ZAvfdZXPfwmWopVg8agVTo /4pw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51Crcq5vjj2wSgbPQ5HKkVwYAjNtxmF5z24s1nn4fcis15B8YBhf 0sbMtfo00P4KmoJIcTIbcPDt5yIS4laNCfn4FWaC52r5FEus1AOCxNe0lgOkOPFajRhPGzWrak1 eNbuRstRwWTDsZu9sKjwiqvSdFHIe/M6lIvUCB/OLCNXBSDh71IEXPNWDdclrPOGREA== X-Received: by 2002:a62:1157:: with SMTP id z84-v6mr47151184pfi.66.1537542629920; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaenhFxMy+TmgeAls0qS/7DTxaWExCb5Rl3icemBZxhb6s9Kc8+V1Yk2CruKwgY3p07P4ev X-Received: by 2002:a62:1157:: with SMTP id z84-v6mr47151122pfi.66.1537542629095; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=rmUjfHS849fRzHk6ciftjhGdnmsYljrAwg/hidi7Z+hw9Yr3tKZ8IlPwe/NRUfx5NH 0RUTM3jjQjMm6xNbMvRDqgwzMKnUX/nmB7SjkaTwyJ1/gSQqJ3lP9JOhQCB6qXzWQ0vD 3ERhLn7odq83vdroP5X7NDjrMBktucyMq7q41FpOdM/91Q9XbM3LBnwyOCPDpJkNJp4A NX6M+JIMtUl3thCAuZImoYgFOJ6H3iUiwxLEJnAWhNfGn26Ou+ZJPI9EWXJrpxGNgBIG JvJ/+W3/XUm7XDE8AStiJNIfBOQhzspozV4laLuSvxqg2SjInf6EBOcYuj7GrugUf6T/ qOdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=Tne72t5xNUAu7cmJjXTyttB7FmSRY0YU7pN2zREygVM=; b=zcYzFWl/eK1u60KfqKCdoffa5et6kQzSEXUbRw1tDhpJBMNHjN2REnWxKx3zXe4QUQ u7XCRvG8Sq8jJfahAcfQHtm00GrEGwmtfeKZPyVUy/mzDfLAu3FGgfx98G0a/ta2NnY8 maa+5qgFOz46plYq7xGDYugV0ijGB1vunOZGUVFUqWq4+ooStcuI5DXgrnDd6PLeeEH/ JqE/rg9xitSSAvROlIa3jNdkdztGLVQtp4mmI5SlYQZOj9Xea5iXGNUhe354Wl/I2sjT awMmL22XZmzlwawA3Z2vXH45t0wjmlZKlMP0SLvIZA4/zGy7oNm/Ru41HRfDfnI3rNNY 6FwA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d11-v6si29460120pln.471.2018.09.21.08.10.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187971" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 4/9] mm/mmap: Add IBT bitmap size to address space limit check Date: Fri, 21 Sep 2018 08:05:48 -0700 Message-Id: <20180921150553.21016-5-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The indirect branch tracking legacy bitmap takes a large address space. This causes may_expand_vm() failure on the address limit check. For a IBT-enabled task, add the bitmap size to the address limit. Signed-off-by: Yu-cheng Yu --- arch/x86/include/uapi/asm/resource.h | 5 +++++ include/uapi/asm-generic/resource.h | 3 +++ mm/mmap.c | 12 +++++++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/resource.h b/arch/x86/include/uapi/asm/resource.h index 04bc4db8921b..0741b2a6101a 100644 --- a/arch/x86/include/uapi/asm/resource.h +++ b/arch/x86/include/uapi/asm/resource.h @@ -1 +1,6 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +#ifdef CONFIG_X86_INTEL_CET +#define rlimit_as_extra() current->thread.cet.ibt_bitmap_size +#endif + #include diff --git a/include/uapi/asm-generic/resource.h b/include/uapi/asm-generic/resource.h index f12db7a0da64..8a7608a09700 100644 --- a/include/uapi/asm-generic/resource.h +++ b/include/uapi/asm-generic/resource.h @@ -58,5 +58,8 @@ # define RLIM_INFINITY (~0UL) #endif +#ifndef rlimit_as_extra +#define rlimit_as_extra() 0 +#endif #endif /* _UAPI_ASM_GENERIC_RESOURCE_H */ diff --git a/mm/mmap.c b/mm/mmap.c index fa581ced3f56..397b8cb0b0af 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3237,7 +3237,17 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, */ bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages) { - if (mm->total_vm + npages > rlimit(RLIMIT_AS) >> PAGE_SHIFT) + unsigned long as_limit = rlimit(RLIMIT_AS); + unsigned long as_limit_plus = as_limit + rlimit_as_extra(); + + /* as_limit_plus overflowed */ + if (as_limit_plus < as_limit) + as_limit_plus = RLIM_INFINITY; + + if (as_limit_plus > as_limit) + as_limit = as_limit_plus; + + if (mm->total_vm + npages > as_limit >> PAGE_SHIFT) return false; if (is_data_mapping(flags) && From patchwork Fri Sep 21 15:05:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D95915A4 for ; Fri, 21 Sep 2018 15:11:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C7EFB2E503 for ; Fri, 21 Sep 2018 15:11:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C58FB2E53B; Fri, 21 Sep 2018 15:11:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 669BF2E52F for ; Fri, 21 Sep 2018 15:11:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 120948E0026; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0FC8B8E0028; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB3418E0026; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id A5EDC8E0023 for ; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id v9-v6so6720877pff.4 for ; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=kac2I6z3fQfSWOBvkXXMbQ+N+Ykk3JirFXzlhuyyKhc=; b=mpQbP/Nxs5PYU+LgHU9gratIQc/pZKCbW7RVoYX4lMvpdDwCoJXs8Y+J7U2F0atnhS G2ZLozZrbnrDJ8rvXC1vKO0C2YdzcMLC6AX2d9LrCUgLr+QLp4N4OmRRF+bTPbpA+/Rw YgpsMtxe/H17QLeR3DXNO8eCpC1toTvIN3TviQZcQpyr/O2pTezwM2rdSI5/egxVOi0Z hzYWf5ooPI/UAwl4kwdKbaS7tgsQfGcx/L649WZDlRc7kLW2S3byoYV+3Vlt4U9FxVaL 4E9rn7STzMp9N6Fsg07er0n5BOQU7g7cokmV80Bu3oknIqZfu8VZLT9QvMVIbo2juMfZ UIlw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51AGPBXcxO30Ge4ROsf/BB/koXNXMSNYK8mPlqKbn0EGCKfMHAY4 WimMeYA0lv4wIcY0TtCkXe0oHaLVBYeqO4iB9OYrKO2XDMsW7vVbuqA3OBZTDk7jt8Ws26rvucM As8xONMbynyY3GoyS/QGISqfo/BT/PENyP6SDjhYwOKAzN6E3UiM5R915eiB7nW6+iA== X-Received: by 2002:a17:902:8e86:: with SMTP id bg6-v6mr45074239plb.108.1537542630365; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZHholwClAeNvv85imqhOrDfz/jBK8vZpachfUaIbFeuD3a7KqLW3ogZ1VQ6y/UEC4w3f8n X-Received: by 2002:a17:902:8e86:: with SMTP id bg6-v6mr45074165plb.108.1537542629439; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=xmNXRnQVuvEyUKfZgbLoPQtW+48BVOr5njEzGn5sZtR8rf7I8c/YZh3rh2VVFWkf21 jjYvnxf5YGuF/qSZEaIC0ymuId2MZ0STRa3QpyFLwIW6zkWRA1opBmptieRC+n3wPbYq Z23pmvWqaMY5esbsDo4LKwvzt1Q7DRWzEj8uL0dd9a69quAaXaBDPEEq3yWpWriAwYsW Ewjxz4jCp4WDeSQENl5F6JGvamragbLDz9ERkzPbx+cGiD96lSnQex/am+h2vhlhnu1K xgaPmVOVQ+7ou/vNQb5SsDkhlPnzCfg7ld54X+mfq8COJzTsQKv7QwQadsJhqEh7wnVj NBSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=kac2I6z3fQfSWOBvkXXMbQ+N+Ykk3JirFXzlhuyyKhc=; b=ARXk3RCC8M7NyupY+2IJ3gL4shSnUGoEJ2WaZ+hz0GYca+BcBXoTs1SO741pRdpZek tTOQaG2HxBFUYqLUsMmU6+yXm6kPviRZvR+fct/M10NIeICWXP/zhbUDvJG7X2UVytJM KXj3GkTMkWBDNzKff3+UPbnyRQwOEfxd43KGmbUcakz4Kx5sRg1+KKwm+VCVPeXhHj8H rS0XaD2pWXCXs5fEcTPQSGRqzLgxZqVEaKlYyeuJiaGcx7JLdpoVurTQyR4QhlY75nBF jNMzyBKenFrf+fdZR8hZbKtCE6ZIA7qmOx5kawPguSwwC+w+cucsgyXjRQSO0ro5fU5w nImQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d11-v6si29460120pln.471.2018.09.21.08.10.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187974" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 5/9] x86/cet/ibt: ELF header parsing for IBT Date: Fri, 21 Sep 2018 08:05:49 -0700 Message-Id: <20180921150553.21016-6-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Look in .note.gnu.property of an ELF file and check if Indirect Branch Tracking needs to be enabled for the task. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/uapi/asm/elf_property.h | 1 + arch/x86/kernel/elf.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/elf_property.h b/arch/x86/include/uapi/asm/elf_property.h index af361207718c..343a871b8fc1 100644 --- a/arch/x86/include/uapi/asm/elf_property.h +++ b/arch/x86/include/uapi/asm/elf_property.h @@ -11,5 +11,6 @@ * Bits for GNU_PROPERTY_X86_FEATURE_1_AND */ #define GNU_PROPERTY_X86_FEATURE_1_SHSTK (0x00000002) +#define GNU_PROPERTY_X86_FEATURE_1_IBT (0x00000001) #endif /* _UAPI_ASM_X86_ELF_PROPERTY_H */ diff --git a/arch/x86/kernel/elf.c b/arch/x86/kernel/elf.c index 2fddd0bc545b..13358026cd64 100644 --- a/arch/x86/kernel/elf.c +++ b/arch/x86/kernel/elf.c @@ -300,7 +300,8 @@ int arch_setup_features(void *ehdr_p, void *phdr_p, struct elf64_hdr *ehdr64 = ehdr_p; - if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) + if (!cpu_feature_enabled(X86_FEATURE_SHSTK) && + !cpu_feature_enabled(X86_FEATURE_IBT)) return 0; if (ehdr64->e_ident[EI_CLASS] == ELFCLASS64) { @@ -335,6 +336,11 @@ int arch_setup_features(void *ehdr_p, void *phdr_p, } } + if (cpu_feature_enabled(X86_FEATURE_IBT)) { + if (feature & GNU_PROPERTY_X86_FEATURE_1_IBT) + err = cet_setup_ibt(); + } + out: return err; } From patchwork Fri Sep 21 15:05:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610305 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id ECDDF14BD for ; Fri, 21 Sep 2018 15:11:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC6072E53B for ; Fri, 21 Sep 2018 15:11:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D06D32E557; Fri, 21 Sep 2018 15:11:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 576952E503 for ; Fri, 21 Sep 2018 15:11:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 92B758E0020; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 7615A8E0029; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 47DDD8E0023; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id E07688E0020 for ; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id q12-v6so5801504pgp.6 for ; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=FBdvGM3Zrj9jLn+rPs7bJTTqCftJsm33/g+xI11unTw=; b=XHyw+sIW2tQjpuC0l29PFY8iuZXRbUWd8lhdPMD5xSnxzfGCrx/DELCBK1Vyl5L8IN 2bqa/9CT46bZ2EHQM4LnDFnZz1rctclFQhhP7gtwkHjHV+zSHoBuFTpNyOe57s30kd9R c+BxuQhjmXf6WLsYlPjP9XIY/gFfXg3Kq4XP0FQ0Ehz2J09kT/T581HXEaLDY6T0SgXN fTXDlj0bv/xlss7xmimnCwVgOz9PIYaDMTdBHJZkPbzaqxHNdNnM0pOZXUvMJvyxTp9k 14MuhPjhai4KLlArWFiBpou/WgC+ftsJ38yVXXgSc9APlSkcNT2wbY0r/0MtFlTw7HYg N7ug== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51AAQmZsbtbs5eRzQ/AByXtFvtg9WovnSRT9IfWYYljFXDRI6N8R 7exEWNLvRXn2DGNpSeiaXl9qh+IECMr/5fYwYE8CLmgSmKHn6vURLdciiLY3NCGZiiInzradA/Z ZXoaIm7Wqrja4JSZS5fxtMacDQO/JDm56anfKnJQtoi3MRyvKvFZKyuCT/kkxTmEQxQ== X-Received: by 2002:a62:1f11:: with SMTP id f17-v6mr46955107pff.168.1537542630605; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZuou9Z5W7ip/c3Tttf7LQ+aCcdVDRs9BUTzXCBPTkUGlV4F7WEjd8k0/tGmt15FoIpO4Xl X-Received: by 2002:a62:1f11:: with SMTP id f17-v6mr46955023pff.168.1537542629462; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=ivG/sd1Qki2kePm3rnWdvh+hSqMu5Hm1u1DXBNAEdB2ilX6kXlgXSRTvCht7Ff+Tl+ XYMwcTCNk6pYkCXTayiUYz6ifTsSjD5hKy/ZFQ0zypRTIOmyBmKskQyrJu5I21dXuNbe eGESuJGwgtLXatliDCFCJKiBZmYFRCLPxNOQaS17uzucAVp8FEbJKRTcBPKHvs5zUGQD mWEvr4JRZ+uFaD+brTCwqJ62UcFkfGVjG+2Ye3wYkmmiTEkqHjFhOkwwoNNc9rn5h63B tdJ1molEPa8roNIGQoFoLDErhQVKnE+tncbGG9bu+zNfoeb0Dva4SEuaDFEI26mp1Fep TDkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=FBdvGM3Zrj9jLn+rPs7bJTTqCftJsm33/g+xI11unTw=; b=NwS4vv7/S+3Jf9rK1VuLUYcvrkZBX6FD3vPgwQ+YjwhM8EP0+1Wwu2FGT+O7S2mX6k qIYpkPrvWtP2tqgWQA1U7uVKxWbF+uvApUjmkPT25oPm8knhgd+dzcWCf5EMWlIQL6Dg 2b2tbRcrABqrLeIn1Ycqe6LZ9qJ3XdG9lufbnVkjqex8PdQdcWW4ESzhKaKMVpfegbI0 Io2adaxMkhsa39eKFKKvrsRBmUO+bjGEdsuBKMu1mRTAgYDaxBk4+fXoiZ5CSGDMuAuN yo9QZcj5TPxmtIGk/Va3kFvFr/DSDriEOmuu4Yp050hcN8I2IGHis0hazpFo4+vp4Ugm FucQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id g16-v6si2805450pgd.354.2018.09.21.08.10.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187978" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 6/9] x86/cet/ibt: Add arch_prctl functions for IBT Date: Fri, 21 Sep 2018 08:05:50 -0700 Message-Id: <20180921150553.21016-7-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Update ARCH_CET_STATUS and ARCH_CET_DISABLE to include Indirect Branch Tracking features. Introduce: arch_prctl(ARCH_CET_LEGACY_BITMAP, unsigned long *addr) Enable the Indirect Branch Tracking legacy code bitmap. The parameter 'addr' is a pointer to a user buffer. On returning to the caller, the kernel fills the following: *addr = IBT bitmap base address *(addr + 1) = IBT bitmap size Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/uapi/asm/prctl.h | 1 + arch/x86/kernel/cet_prctl.c | 38 ++++++++++++++++++++++++++++++- arch/x86/kernel/process.c | 1 + 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h index 3aec1088e01d..31d2465f9caf 100644 --- a/arch/x86/include/uapi/asm/prctl.h +++ b/arch/x86/include/uapi/asm/prctl.h @@ -18,5 +18,6 @@ #define ARCH_CET_DISABLE 0x3002 #define ARCH_CET_LOCK 0x3003 #define ARCH_CET_ALLOC_SHSTK 0x3004 +#define ARCH_CET_LEGACY_BITMAP 0x3005 #endif /* _ASM_X86_PRCTL_H */ diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c index c4b7c19f5040..df47b5ebc3f4 100644 --- a/arch/x86/kernel/cet_prctl.c +++ b/arch/x86/kernel/cet_prctl.c @@ -20,6 +20,8 @@ static int handle_get_status(unsigned long arg2) if (current->thread.cet.shstk_enabled) features |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; + if (current->thread.cet.ibt_enabled) + features |= GNU_PROPERTY_X86_FEATURE_1_IBT; shstk_base = current->thread.cet.shstk_base; shstk_size = current->thread.cet.shstk_size; @@ -49,9 +51,35 @@ static int handle_alloc_shstk(unsigned long arg2) return 0; } +static int handle_bitmap(unsigned long arg2) +{ + unsigned long addr, size; + + if (current->thread.cet.ibt_enabled) { + int err; + + err = cet_setup_ibt_bitmap(); + if (err) + return err; + + addr = current->thread.cet.ibt_bitmap_addr; + size = current->thread.cet.ibt_bitmap_size; + } else { + addr = 0; + size = 0; + } + + if (put_user(addr, (unsigned long __user *)arg2) || + put_user(size, (unsigned long __user *)arg2 + 1)) + return -EFAULT; + + return 0; +} + int prctl_cet(int option, unsigned long arg2) { - if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) + if (!cpu_feature_enabled(X86_FEATURE_SHSTK) && + !cpu_feature_enabled(X86_FEATURE_IBT)) return -EINVAL; switch (option) { @@ -63,6 +91,8 @@ int prctl_cet(int option, unsigned long arg2) return -EPERM; if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) cet_disable_free_shstk(current); + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_IBT) + cet_disable_ibt(); return 0; @@ -73,6 +103,12 @@ int prctl_cet(int option, unsigned long arg2) case ARCH_CET_ALLOC_SHSTK: return handle_alloc_shstk(arg2); + /* + * Allocate legacy bitmap and return address & size to user. + */ + case ARCH_CET_LEGACY_BITMAP: + return handle_bitmap(arg2); + default: return -EINVAL; } diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index ac0ea9c7e89f..aea15a9b6a3e 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -797,6 +797,7 @@ long do_arch_prctl_common(struct task_struct *task, int option, case ARCH_CET_DISABLE: case ARCH_CET_LOCK: case ARCH_CET_ALLOC_SHSTK: + case ARCH_CET_LEGACY_BITMAP: return prctl_cet(option, cpuid_enabled); } From patchwork Fri Sep 21 15:05:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610303 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D1B0914BD for ; Fri, 21 Sep 2018 15:11:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C30A22E454 for ; Fri, 21 Sep 2018 15:11:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BF8D42E543; Fri, 21 Sep 2018 15:11:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 418CA2E454 for ; Fri, 21 Sep 2018 15:11:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5E7AB8E0027; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 53ED08E0020; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 405F18E0028; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id ED6908E0023 for ; Fri, 21 Sep 2018 11:10:30 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id w19-v6so6704548pfa.14 for ; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=TK8EDeMGPZ2hWiuLL/i5vI4+eG5g0kdJ6UAxh9hkMGQ=; b=OHGM4ShlRT29Xctea56RXhAkjy3lof3MSt7F5Nim1tMjemtVyxvuU9Reudn9lFD4pK X8+LBeSIoSbn6bvDEsFFZPwrcWexHLVNTOVaqYSTwH17Ib+NiYx67Su5uCUYiuQ6YeP5 gpmvLmqIA4CfHHc71YYONZd+dAA1/DW2SMVDwnm9MbDUqFBi3R5qd5fk4fYBA3ShZ7zU zeg2U3I5oK8ZSWK3vQNHtzahaaeH06Qr0E/Iq5P/Vhg0CpWwo7POOpov1pMKFw5E8zqh DzBCRPYG4jz4/CSoricBOfLjT7PfTvuEl7Jk7n2UcchZZ8hUOrPCD5+Y2sDRKRZOlWVf J6fQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51BH4/tIqil6QRCLAq3vVSje9S0DWvzhOiHOgxEQJaK6Rk7vx4FE vOTCCqWVMA4M9zYvbCit43YZWWVs3EriBW9onzC6AKmEvFU5mFX0N3A3/roA9EAAz7W5mvmtEY0 /q4Kcj/35wiiKPWZxI+ngtoMfSPyN3ssbjiTPv5fcVAAil30udVjSth+yO7oCiMTY1g== X-Received: by 2002:a63:991a:: with SMTP id d26-v6mr42073083pge.159.1537542630664; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdbfj0+8OvFydxa/W8Mq2NXY6hGLnu/aWeQrm3/tT/j/3vzksxgMfQs3KuHCFkD9u8xaw35Q X-Received: by 2002:a63:991a:: with SMTP id d26-v6mr42073020pge.159.1537542629758; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=k4oeCcG6VCKGwnCQfl0SC3meh55y5xikOxaqq9XZ4ZPAO+efTqDV4q59iSCCCTAv+1 YzHUp3NxNQNq/1/T6f4mW4k3MHPYCDpkF0mu5azamkItLKIBnobt2NEpxeGMRSGQuXeQ qP+vQ3ZN31BnEHQ3HqQzwAHTt+ixApm6OXMR1Ofuikove0qNMnt7pEtnYhRM/6avkBdr W0NOiEQhb456QwuFF2QWOZAZEs//Z3Ut2PxHsMhouS+OaT+/MI2OUpnhZqgNsYOHI9qh 1YcEZlfTut9a6hInVuKixn2m6Tv4dhELxl7hdJhjEprK3uESorKeyOQU/PrJR+JxiHhE C3DA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=TK8EDeMGPZ2hWiuLL/i5vI4+eG5g0kdJ6UAxh9hkMGQ=; b=R6fPAt6mDLKD8/zYVFoCYBs7QTikDd7L4FGAG0XQcOG0zWfQ8x5FIcKhu2cf+ZoZg5 Vsn9kTxWMi3A7auMcCvlTTMcOkxVP7JmDzaAlB6uYldONvLpYAUTyGcUN7b8MaIMNJCw 8phrzRma5bI3qDlaxsG3LR3aUAD3cyFNcGfkSUsLgMwxSBd9lpg4kk50xU8eubY/aJ8w MkWArLQ0ckHzFyl4E8tU6CExLHK9+mMxak6fqTxjchPybz9iCpmmROXCrPjmqRX77cay 0bwvV5kG8lODy5X1enHR4rz/U2p8rR6awYA07x1kTGgukC562dGOaXFfmtGvH0zXL5Bm DzAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d11-v6si29460120pln.471.2018.09.21.08.10.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187982" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 7/9] x86/cet/ibt: Add ENDBR to op-code-map Date: Fri, 21 Sep 2018 08:05:51 -0700 Message-Id: <20180921150553.21016-8-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add control transfer terminating instructions: ENDBR64/ENDBR32: Mark a valid 64/32-bit control transfer endpoint. Signed-off-by: Yu-cheng Yu --- arch/x86/lib/x86-opcode-map.txt | 13 +++++++++++-- tools/objtool/arch/x86/lib/x86-opcode-map.txt | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt index c5e825d44766..fbc53481bc59 100644 --- a/arch/x86/lib/x86-opcode-map.txt +++ b/arch/x86/lib/x86-opcode-map.txt @@ -620,7 +620,16 @@ ea: SAVEPREVSSP (f3) # Skip 0xeb-0xff EndTable -Table: 3-byte opcode 2 (0x0f 0x38) +Table: 3-byte opcode 2 (0x0f 0x1e) +Referrer: +AVXcode: +# Skip 0x00-0xf9 +fa: ENDBR64 (f3) +fb: ENDBR32 (f3) +#skip 0xfc-0xff +EndTable + +Table: 3-byte opcode 3 (0x0f 0x38) Referrer: 3-byte escape 1 AVXcode: 2 # 0x0f 0x38 0x00-0x0f @@ -804,7 +813,7 @@ f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) | WRSS Pq,Qq f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) EndTable -Table: 3-byte opcode 3 (0x0f 0x3a) +Table: 3-byte opcode 4 (0x0f 0x3a) Referrer: 3-byte escape 2 AVXcode: 3 # 0x0f 0x3a 0x00-0xff diff --git a/tools/objtool/arch/x86/lib/x86-opcode-map.txt b/tools/objtool/arch/x86/lib/x86-opcode-map.txt index c5e825d44766..fbc53481bc59 100644 --- a/tools/objtool/arch/x86/lib/x86-opcode-map.txt +++ b/tools/objtool/arch/x86/lib/x86-opcode-map.txt @@ -620,7 +620,16 @@ ea: SAVEPREVSSP (f3) # Skip 0xeb-0xff EndTable -Table: 3-byte opcode 2 (0x0f 0x38) +Table: 3-byte opcode 2 (0x0f 0x1e) +Referrer: +AVXcode: +# Skip 0x00-0xf9 +fa: ENDBR64 (f3) +fb: ENDBR32 (f3) +#skip 0xfc-0xff +EndTable + +Table: 3-byte opcode 3 (0x0f 0x38) Referrer: 3-byte escape 1 AVXcode: 2 # 0x0f 0x38 0x00-0x0f @@ -804,7 +813,7 @@ f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) | WRSS Pq,Qq f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) EndTable -Table: 3-byte opcode 3 (0x0f 0x3a) +Table: 3-byte opcode 4 (0x0f 0x3a) Referrer: 3-byte escape 2 AVXcode: 3 # 0x0f 0x3a 0x00-0xff From patchwork Fri Sep 21 15:05:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610307 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A18235A4 for ; Fri, 21 Sep 2018 15:11:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8FE162E535 for ; Fri, 21 Sep 2018 15:11:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8DB4D2E548; Fri, 21 Sep 2018 15:11:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 162F12E545 for ; Fri, 21 Sep 2018 15:11:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BA61F8E0029; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 898738E0023; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5E6798E0028; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id 060AA8E0027 for ; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id a8-v6so6306621pla.10 for ; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to :subject:date:message-id:in-reply-to:references; bh=DzxbjDY4h6ee9dgtV6hY0nHV4jolczbZKl0Vg0iYMGs=; b=HUsOGrXYYLfsKY0XEeGI4wylE/95lZgjsvnhj5H8flRJSRHM5IEJ/d5jgngbf+Jblh SCQk+o/CzdhrHJtyDWBPeL+dNpKYUmexynxG5MtEjvKe8tPSPw3SQYaPZ4krg3AzM0R0 PZX65HHPmYyCK2aUHiT4yaztiSbMgFwWlO2NI2eZfSogvNzq0qE5W56w6ia3Z0JPft1x sn0ktTTUIEzYsPWqD02bcAIxehgmFem4OSaRSNBYii58NJ+RuI4r3pSMLxGr47L25OmZ kolPIALjRyx7rOz3bx8RR2flgHfUHFa1WqJRykh0BkINRLblvND8vZtVur9I20zsbWU6 hlAA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51DJLnhNABipxLOX91guk7E8wEjg/EX8STw/uQa6IRHUpmFK4ZZq QTC2SdU1VLF7DohpCu6eLeK7gY+OmEJfAyRYMMHZar7y+FQPSEVntPj/uc+klzLs092Tn4ilqna A9q+RYEGJQnJSJbq+uTUDdWe3lZaw5mKC6IDB0zU1gE0+rue9ywwu38C48a0EOgGlzQ== X-Received: by 2002:a63:a54f:: with SMTP id r15-v6mr41587733pgu.336.1537542630684; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) X-Google-Smtp-Source: ANB0VdaxqAIhW8ODZVpC+rFaP2DTxoAMfsCg0a/O0umJlggru1HtIOUzleFqqtcdj08NaSR7X/Tc X-Received: by 2002:a63:a54f:: with SMTP id r15-v6mr41587673pgu.336.1537542629772; Fri, 21 Sep 2018 08:10:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542629; cv=none; d=google.com; s=arc-20160816; b=MTOtATh57qQUmLxn2dcpi+iwb+js7bywzwtbCunzKZ4+QFo4KqQFvS94FMVgJBZgvI iQn1IQatrATC+HdN5BjDgn2GcW0uHNMC6lFykXqZukCb6nzCrCCYeT7ZRomAcpVBWGd/ uKgAo+dPUmiDgCXhMKqfYukT8gM6/0TDdOn7rSeTLzLQrsZFk0KLjvu+yf58YnmYU1Hj +SXs2fxi2YuepgTem2a0XzPGpEeBDKLEGtGe2wdrF73l8fr0sH9LqdNuYGXyx9s9W2SU 2qa203qJwMT0lp2tK340j91L/763HRN7ItYXgO6snCoZrt580TesTliYujBHu0FW5vh2 x+VQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from; bh=DzxbjDY4h6ee9dgtV6hY0nHV4jolczbZKl0Vg0iYMGs=; b=Nzca4VPJwBOcEHZ5Q3hiDfjlVysEaa9iTRru+1f7knEzARrJwEz1/hRlfBpCloxEgK I7AOwL/vmaeJ77uW4zqMn79jQrv4XagPf1rv85eNyMCAUQq+26uTwKgMUaEdywtaq2kT Xse+qJcDjVPbnbo6TIySuDzZ9GhejNn845wrSazacz3yban08Zu3sd9mLwaaCuRlvw0e tHqgcc3L8hyrRbqSXj50oHWVH+PClJm78dQ8LmUS3QKfWt0e9uUakr9h+34aPfwWW/6k 1ukohNtDWc/j+D+1QbS7YSQI+SErF9qYfw/kIAB+vpW0rMhwMBGmNkLAIzqeSeBR26oj oBvA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id g16-v6si2805450pgd.354.2018.09.21.08.10.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:29 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187985" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Subject: [RFC PATCH v4 8/9] x86: Insert endbr32/endbr64 to vDSO Date: Fri, 21 Sep 2018 08:05:52 -0700 Message-Id: <20180921150553.21016-9-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: "H.J. Lu" When Intel indirect branch tracking is enabled, functions in vDSO which may be called indirectly must have endbr32 or endbr64 as the first instruction. Compiler must support -fcf-protection=branch so that it can be used to compile vDSO. Signed-off-by: H.J. Lu --- arch/x86/entry/vdso/.gitignore | 4 ++++ arch/x86/entry/vdso/Makefile | 12 +++++++++++- arch/x86/entry/vdso/vdso-layout.lds.S | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/.gitignore b/arch/x86/entry/vdso/.gitignore index aae8ffdd5880..552941fdfae0 100644 --- a/arch/x86/entry/vdso/.gitignore +++ b/arch/x86/entry/vdso/.gitignore @@ -5,3 +5,7 @@ vdso32-sysenter-syms.lds vdso32-int80-syms.lds vdso-image-*.c vdso2c +vclock_gettime.S +vgetcpu.S +vclock_gettime.asm +vgetcpu.asm diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index fa3f439f0a92..8694f70c08e6 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -102,13 +102,17 @@ vobjx32s := $(foreach F,$(vobjx32s-y),$(obj)/$F) # Convert 64bit object file to x32 for x32 vDSO. quiet_cmd_x32 = X32 $@ - cmd_x32 = $(OBJCOPY) -O elf32-x86-64 $< $@ + cmd_x32 = $(OBJCOPY) -R .note.gnu.property -O elf32-x86-64 $< $@ $(obj)/%-x32.o: $(obj)/%.o FORCE $(call if_changed,x32) targets += vdsox32.lds $(vobjx32s-y) +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + $(obj)/vclock_gettime.o $(obj)/vgetcpu.o $(obj)/vdso32/vclock_gettime.o: KBUILD_CFLAGS += -fcf-protection=branch +endif + $(obj)/%.so: OBJCOPYFLAGS := -S $(obj)/%.so: $(obj)/%.so.dbg $(call if_changed,objcopy) @@ -160,6 +164,12 @@ quiet_cmd_vdso = VDSO $@ VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \ $(call ld-option, --build-id) -Bsymbolic +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + VDSO_LDFLAGS += $(call ldoption, -z$(comma)ibt) +endif +ifdef CONFIG_X86_INTEL_SHADOW_STACK_USER + VDSO_LDFLAGS += $(call ldoption, -z$(comma)shstk) +endif GCOV_PROFILE := n # diff --git a/arch/x86/entry/vdso/vdso-layout.lds.S b/arch/x86/entry/vdso/vdso-layout.lds.S index acfd5ba7d943..cabaeedfed78 100644 --- a/arch/x86/entry/vdso/vdso-layout.lds.S +++ b/arch/x86/entry/vdso/vdso-layout.lds.S @@ -74,6 +74,7 @@ SECTIONS .fake_shstrtab : { *(.fake_shstrtab) } :text + .note.gnu.property : { *(.note.gnu.property) } :text :note .note : { *(.note.*) } :text :note .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr From patchwork Fri Sep 21 15:05:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10610309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 137095A4 for ; Fri, 21 Sep 2018 15:11:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 038F52E52F for ; Fri, 21 Sep 2018 15:11:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 017542E508; Fri, 21 Sep 2018 15:11:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 575162E52F for ; Fri, 21 Sep 2018 15:11:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 14CEF8E0023; Fri, 21 Sep 2018 11:10:32 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0D2608E0028; Fri, 21 Sep 2018 11:10:32 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F04708E0023; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 935068E0028 for ; Fri, 21 Sep 2018 11:10:31 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id 191-v6so5738619pgb.23 for ; Fri, 21 Sep 2018 08:10:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=E8OuBBuYqzTnoDRh7sIExW9D2eaT+4irfvEVkuj+fhE=; b=cjW5tnRt/NNzVhtsvN9VV+Bm1A/GutnpyKX2phldkmB3T1KCrnwf5tl2ME+ui1jLuY ElYysDPgoRBPHA/+0vTmNDT1BFf9geTvosunXhgmXCGn7qt5luzSLN0ksWEBJAaG6BA7 5JEPBUp6u+nabg6X/k7mt5YKyBxNJ6tFlrV9PdS4ZLr3ZNfwjND5AbyUAEgFTCrt4wMW mTTx7UcBV43CNhtvUEpPdgqBOUAByMLO2uzYwiGE3OqScClErzTs+SXOXMHmTkv2Ti8A 9y1Ugg/xBEnyrm1Z/B9yBnMBZ7KyxQwfRxTHGTDSx0joNyclmh720VDnHzS+iy1PGpo6 unkw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51Bt3I6Kh2gZwSUxhj4sBoUGsSWlqUIxf9L5eGzoAECUroCuWfFo 0jQzIda7SDBVhnxtx+3f+JeAhy/2Apb0yw1hjgZLe4XmBFnVNNq5Ur4pD9n0ajJ0dMTZBkFXIVN rJ82CnwfSP/1jvUqibgj4tjsTOPKKwxmv8DX7tvgIr2v4OgnFRkNOCnEeTEgpBAcwZg== X-Received: by 2002:a62:2c53:: with SMTP id s80-v6mr46350402pfs.154.1537542631259; Fri, 21 Sep 2018 08:10:31 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZTS+/70P0kqPhLQvFK7A7V/HvHxiKFRH+Zp/wi7DlnErfI7i9l16QlX+Tyj8mcWO3EOnWb X-Received: by 2002:a62:2c53:: with SMTP id s80-v6mr46350332pfs.154.1537542630070; Fri, 21 Sep 2018 08:10:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537542630; cv=none; d=google.com; s=arc-20160816; b=GqiY7dVY+0QPu93FP2+fNI9JaRGYt2uZKSZ9I+HYeObLj4/oLtLJm7+stnOMHM8+Xg ElIKWT/4nCb1aLAtregGzM1sJclOP2tKN94OWrfBhra+L82xZSOc0wPW5uWRU4K89U1i 5vFywXmhFEzfLvwvE9lKPWpKj6sbmZo7tf8VcPTNXJIxcbBETs1tdcxVg6YW8kIDZirs bXNpyfJwSCiyfawTtd4Opg2uRBut6QO8bLRkAEe8B2w1kYxEpfltXXwwItdNefXO2oJO m5vbxDNEnE2WQJ4KXjiKH0oH1N4jwdI7LSbK8XjYbdM8BZS90vEYkJt3eEOsgZwmqk/Q fmiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=E8OuBBuYqzTnoDRh7sIExW9D2eaT+4irfvEVkuj+fhE=; b=n8d+zwlSdSBuUA23LqbGiAEGI/GH98Z2X5jO5lDVFP4DuDjAitzwV5NifMnAOnYS74 kyVgZoyq8D97BsaszsXjAFtmbRxJhJXqZKIUUrmXOrgT7gDRKRqSXocxV1jh1HS/Kjkb xIJg+Z4iLEyoIZnqKdzXt7E/Ns+jVmx2toxxKG9OwBCLUacm3ftx7/nJCK1/+Hk9cfRS 22uq+osIiLtUAdF1jtizShb6MkBLIgcp46YTbyA1KeMENjD8rSBEKmiXVYqH/5eGojx0 510dXU1cpE8HQvpK3aNVQUt1+XE7Lve+z5csQCLgrkjg8rtvt1jFtcMPKZcF1Pi55lM3 uCzg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d11-v6si29460120pln.471.2018.09.21.08.10.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Sep 2018 08:10:30 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Sep 2018 08:10:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,285,1534834800"; d="scan'208";a="88187988" Received: from 2b52.sc.intel.com ([143.183.136.51]) by fmsmga002.fm.intel.com with ESMTP; 21 Sep 2018 08:10:28 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [RFC PATCH v4 9/9] x86/cet: Add PTRACE interface for CET Date: Fri, 21 Sep 2018 08:05:53 -0700 Message-Id: <20180921150553.21016-10-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180921150553.21016-1-yu-cheng.yu@intel.com> References: <20180921150553.21016-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add REGSET_CET64/REGSET_CET32 to get/set CET MSRs: IA32_U_CET (user-mode CET settings), IA32_PL3_SSP (user-mode shadow stack), IA32_PL0_SSP (kernel-mode shadow stack), IA32_PL1_SSP (ring-1 shadow stack), IA32_PL2_SSP (ring-2 shadow stack). Signed-off-by: Yu-cheng Yu --- arch/x86/include/asm/fpu/regset.h | 7 +++--- arch/x86/kernel/fpu/regset.c | 41 +++++++++++++++++++++++++++++++ arch/x86/kernel/ptrace.c | 16 ++++++++++++ include/uapi/linux/elf.h | 1 + 4 files changed, 62 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/fpu/regset.h b/arch/x86/include/asm/fpu/regset.h index d5bdffb9d27f..edad0d889084 100644 --- a/arch/x86/include/asm/fpu/regset.h +++ b/arch/x86/include/asm/fpu/regset.h @@ -7,11 +7,12 @@ #include -extern user_regset_active_fn regset_fpregs_active, regset_xregset_fpregs_active; +extern user_regset_active_fn regset_fpregs_active, regset_xregset_fpregs_active, + cetregs_active; extern user_regset_get_fn fpregs_get, xfpregs_get, fpregs_soft_get, - xstateregs_get; + xstateregs_get, cetregs_get; extern user_regset_set_fn fpregs_set, xfpregs_set, fpregs_soft_set, - xstateregs_set; + xstateregs_set, cetregs_set; /* * xstateregs_active == regset_fpregs_active. Please refer to the comment diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c index bc02f5144b95..7008eb084d36 100644 --- a/arch/x86/kernel/fpu/regset.c +++ b/arch/x86/kernel/fpu/regset.c @@ -160,6 +160,47 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset, return ret; } +int cetregs_active(struct task_struct *target, const struct user_regset *regset) +{ +#ifdef CONFIG_X86_INTEL_CET + if (target->thread.cet.shstk_enabled || target->thread.cet.ibt_enabled) + return regset->n; +#endif + return 0; +} + +int cetregs_get(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) +{ + struct fpu *fpu = &target->thread.fpu; + struct cet_user_state *cetregs; + + if (!boot_cpu_has(X86_FEATURE_SHSTK)) + return -ENODEV; + + cetregs = get_xsave_addr(&fpu->state.xsave, XFEATURE_MASK_SHSTK_USER); + + fpu__prepare_read(fpu); + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, cetregs, 0, -1); +} + +int cetregs_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) +{ + struct fpu *fpu = &target->thread.fpu; + struct cet_user_state *cetregs; + + if (!boot_cpu_has(X86_FEATURE_SHSTK)) + return -ENODEV; + + cetregs = get_xsave_addr(&fpu->state.xsave, XFEATURE_MASK_SHSTK_USER); + + fpu__prepare_write(fpu); + return user_regset_copyin(&pos, &count, &kbuf, &ubuf, cetregs, 0, -1); +} + #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION /* diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index e2ee403865eb..ac2bc3a18427 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -49,7 +49,9 @@ enum x86_regset { REGSET_IOPERM64 = REGSET_XFP, REGSET_XSTATE, REGSET_TLS, + REGSET_CET64 = REGSET_TLS, REGSET_IOPERM32, + REGSET_CET32, }; struct pt_regs_offset { @@ -1276,6 +1278,13 @@ static struct user_regset x86_64_regsets[] __ro_after_init = { .size = sizeof(long), .align = sizeof(long), .active = ioperm_active, .get = ioperm_get }, + [REGSET_CET64] = { + .core_note_type = NT_X86_CET, + .n = sizeof(struct cet_user_state) / sizeof(u64), + .size = sizeof(u64), .align = sizeof(u64), + .active = cetregs_active, .get = cetregs_get, + .set = cetregs_set + }, }; static const struct user_regset_view user_x86_64_view = { @@ -1331,6 +1340,13 @@ static struct user_regset x86_32_regsets[] __ro_after_init = { .size = sizeof(u32), .align = sizeof(u32), .active = ioperm_active, .get = ioperm_get }, + [REGSET_CET32] = { + .core_note_type = NT_X86_CET, + .n = sizeof(struct cet_user_state) / sizeof(u64), + .size = sizeof(u64), .align = sizeof(u64), + .active = cetregs_active, .get = cetregs_get, + .set = cetregs_set + }, }; static const struct user_regset_view user_x86_32_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 5ef25a565e88..f4cdfdc59c0a 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -401,6 +401,7 @@ typedef struct elf64_shdr { #define NT_386_TLS 0x200 /* i386 TLS slots (struct user_desc) */ #define NT_386_IOPERM 0x201 /* x86 io permission bitmap (1=deny) */ #define NT_X86_XSTATE 0x202 /* x86 extended state using xsave */ +#define NT_X86_CET 0x203 /* x86 cet state */ #define NT_S390_HIGH_GPRS 0x300 /* s390 upper register halves */ #define NT_S390_TIMER 0x301 /* s390 timer register */ #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator register */