From patchwork Thu May 21 21:17:16 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 11564071
Return-Path: <SRS0=Ax4L=7D=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9DDAA1392
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:44 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 75C4F20814
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:44 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 75C4F20814
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id DD7DA8000A; Thu, 21 May 2020 17:17:41 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D877480007; Thu, 21 May 2020 17:17:41 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BD97D8000B; Thu, 21 May 2020 17:17:41 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0153.hostedemail.com
 [216.40.44.153])
	by kanga.kvack.org (Postfix) with ESMTP id 9DBA68000A
	for <linux-mm@kvack.org>; Thu, 21 May 2020 17:17:41 -0400 (EDT)
Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 4DA658248047
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:41 +0000 (UTC)
X-FDA: 76841987922.03.scale50_7d33e36253713
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,yu-cheng.yu@intel.com,,RULES_HIT:30003:30051:30054:30056:30064,0,RBL:134.134.136.65:@intel.com:.lbl8.mailshell.net-62.18.0.100
 64.95.201.95,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none
X-HE-Tag: scale50_7d33e36253713
X-Filterd-Recvd-Size: 6705
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf46.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:40 +0000 (UTC)
IronPort-SDR: 
 35SAK4eB8g1zHHN07jsz6b7gpwpnoJInl3NOU4ocXs0SN38l8g46iQBQduLHsX5lrVn2bN7XOJ
 Y9g0n/p43ZKg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2020 14:17:38 -0700
IronPort-SDR: 
 QzjXdsAulllbM+H3KzahOYdsWNjpt+dSWqSjlxG2oYkOvrg6jYVhj2c3CGUsM0/1vrz6YfEezg
 lyEjpkU/y8zA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,419,1583222400";
   d="scan'208";a="440623120"
Received: from yyu32-desk.sc.intel.com ([143.183.136.146])
  by orsmga005.jf.intel.com with ESMTP; 21 May 2020 14:17:37 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 1/5] x86/cet/shstk: Modify ARCH_X86_CET_ALLOC_SHSTK for
 32-bit address range
Date: Thu, 21 May 2020 14:17:16 -0700
Message-Id: <20200521211720.20236-2-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20200521211720.20236-1-yu-cheng.yu@intel.com>
References: <20200521211720.20236-1-yu-cheng.yu@intel.com>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Sometimes a 64-bit task might need to have a shadow stack allocated from
within 32-bit address range.  One example is selftests/x86/sigreturn.

Currently arch_prctl(ARCH_X86_CET_ALLOC_SHSTK) takes a input parameter for
the desired shadow stack size.  Modify it and use bit[0] of the parameter
to indicate the desire to allocate from 32-bit address range.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 arch/x86/include/asm/cet.h        |  2 +-
 arch/x86/include/uapi/asm/prctl.h |  2 ++
 arch/x86/kernel/cet.c             | 19 ++++++++++++-------
 arch/x86/kernel/cet_prctl.c       |  6 +++++-
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h
index f163c805a559..534b02785a39 100644
--- a/arch/x86/include/asm/cet.h
+++ b/arch/x86/include/asm/cet.h
@@ -22,7 +22,7 @@ struct cet_status {
 int prctl_cet(int option, u64 arg2);
 int cet_setup_shstk(void);
 int cet_setup_thread_shstk(struct task_struct *p);
-int cet_alloc_shstk(unsigned long *arg);
+int cet_alloc_shstk(unsigned long *arg, int map_32bit);
 void cet_disable_free_shstk(struct task_struct *p);
 int cet_verify_rstor_token(bool ia32, unsigned long ssp, unsigned long *new_ssp);
 void cet_restore_signal(struct sc_ext *sc);
diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h
index d962f0ec9ccf..e254c6a21475 100644
--- a/arch/x86/include/uapi/asm/prctl.h
+++ b/arch/x86/include/uapi/asm/prctl.h
@@ -19,4 +19,6 @@
 #define ARCH_X86_CET_LOCK		0x3003
 #define ARCH_X86_CET_ALLOC_SHSTK	0x3004
 
+#define ARCH_X86_CET_ALLOC_SHSTK_32BIT	0x1UL
+
 #endif /* _ASM_X86_PRCTL_H */
diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c
index 92b8730c0b08..d6f93e1864b2 100644
--- a/arch/x86/kernel/cet.c
+++ b/arch/x86/kernel/cet.c
@@ -57,14 +57,19 @@ static unsigned long cet_get_shstk_addr(void)
 	return ssp;
 }
 
-static unsigned long alloc_shstk(unsigned long size)
+static unsigned long alloc_shstk(unsigned long size, int map_32bit)
 {
 	struct mm_struct *mm = current->mm;
 	unsigned long addr, populate;
+	unsigned long map_flags;
+
+	map_flags = MAP_ANONYMOUS | MAP_PRIVATE;
+	if (map_32bit)
+		map_flags |= MAP_32BIT;
 
 	down_write(&mm->mmap_sem);
-	addr = do_mmap(NULL, 0, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE,
-		       VM_SHSTK, 0, &populate, NULL);
+	addr = do_mmap(NULL, 0, size, PROT_READ, map_flags, VM_SHSTK, 0,
+		       &populate, NULL);
 	up_write(&mm->mmap_sem);
 
 	if (populate)
@@ -147,14 +152,14 @@ static int create_rstor_token(bool ia32, unsigned long ssp,
 	return 0;
 }
 
-int cet_alloc_shstk(unsigned long *arg)
+int cet_alloc_shstk(unsigned long *arg, int map_32bit)
 {
 	unsigned long len = *arg;
 	unsigned long addr;
 	unsigned long token;
 	unsigned long ssp;
 
-	addr = alloc_shstk(round_up(len, PAGE_SIZE));
+	addr = alloc_shstk(round_up(len, PAGE_SIZE), map_32bit);
 
 	if (IS_ERR((void *)addr))
 		return PTR_ERR((void *)addr);
@@ -185,7 +190,7 @@ int cet_setup_shstk(void)
 		return -EOPNOTSUPP;
 
 	size = round_up(min(rlimit(RLIMIT_STACK), 1UL << 32), PAGE_SIZE);
-	addr = alloc_shstk(size);
+	addr = alloc_shstk(size, 0);
 
 	if (IS_ERR((void *)addr))
 		return PTR_ERR((void *)addr);
@@ -226,7 +231,7 @@ int cet_setup_thread_shstk(struct task_struct *tsk)
 	if (in_compat_syscall())
 		size /= 4;
 	size = round_up(size, PAGE_SIZE);
-	addr = alloc_shstk(size);
+	addr = alloc_shstk(size, 0);
 
 	if (IS_ERR((void *)addr)) {
 		cet->shstk_base = 0;
diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c
index a8e68fefd524..364ed2420202 100644
--- a/arch/x86/kernel/cet_prctl.c
+++ b/arch/x86/kernel/cet_prctl.c
@@ -35,12 +35,16 @@ static int handle_alloc_shstk(u64 arg2)
 	unsigned long arg;
 	unsigned long addr = 0;
 	unsigned long size = 0;
+	int map_32bit;
 
 	if (get_user(arg, (unsigned long __user *)arg2))
 		return -EFAULT;
 
+	map_32bit = (arg & ARCH_X86_CET_ALLOC_SHSTK_32BIT) ? 1 : 0;
+	arg &= ~(ARCH_X86_CET_ALLOC_SHSTK_32BIT);
+
 	size = arg;
-	err = cet_alloc_shstk(&arg);
+	err = cet_alloc_shstk(&arg, map_32bit);
 	if (err)
 		return err;
 

From patchwork Thu May 21 21:17:17 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 11564077
Return-Path: <SRS0=Ax4L=7D=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E82BA1392
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:50 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id BEC26207F9
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:50 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BEC26207F9
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id B79E980007; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 85C478000D; Thu, 21 May 2020 17:17:43 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 65EB280007; Thu, 21 May 2020 17:17:43 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0091.hostedemail.com
 [216.40.44.91])
	by kanga.kvack.org (Postfix) with ESMTP id 30DBE8000D
	for <linux-mm@kvack.org>; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id E00E1181AEF21
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:42 +0000 (UTC)
X-FDA: 76841987964.04.smash27_7d5c570c32b31
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,yu-cheng.yu@intel.com,,RULES_HIT:30054:30056:30064:30070,0,RBL:134.134.136.65:@intel.com:.lbl8.mailshell.net-64.95.201.95
 62.18.0.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:23,LUA_SUMMARY:none
X-HE-Tag: smash27_7d5c570c32b31
X-Filterd-Recvd-Size: 3803
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf27.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:41 +0000 (UTC)
IronPort-SDR: 
 fd5hIL/ZWBGqKHuy8mfKgGspfh10Igz/4wBOXEFSV7BlXENtStc0H6CqA50SmFEdNo7av+9rok
 QIzGyLDB4qNw==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2020 14:17:39 -0700
IronPort-SDR: 
 LMcmLIjfXH1Ol3DfgbCZO8bv/J1Ew2eZIEWo6FYj3IZl16trrDepmgIeWwt0zp/Y7d9mQmYCDG
 kwaWSRMtT35Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,419,1583222400";
   d="scan'208";a="440623127"
Received: from yyu32-desk.sc.intel.com ([143.183.136.146])
  by orsmga005.jf.intel.com with ESMTP; 21 May 2020 14:17:38 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 2/5] selftest/x86: Enable CET for selftests/x86
Date: Thu, 21 May 2020 14:17:17 -0700
Message-Id: <20200521211720.20236-3-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20200521211720.20236-1-yu-cheng.yu@intel.com>
References: <20200521211720.20236-1-yu-cheng.yu@intel.com>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

To build CET-enabled applications, GCC needs to support '-fcf-protection'.
Update x86 selftest makefile to detect and enable CET for x86 selftest
applications.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 tools/testing/selftests/x86/Makefile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index 5d49bfec1e9a..f1bf5ab87160 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -9,6 +9,7 @@ UNAME_M := $(shell uname -m)
 CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32)
 CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c)
 CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) trivial_program.c -no-pie)
+CAN_BUILD_CET := $(shell ./check_cc.sh $(CC) trivial_program.c -fcf-protection)
 
 TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \
 			check_initial_reg_state sigreturn iopl ioperm \
@@ -35,6 +36,10 @@ BINARIES_64 := $(patsubst %,$(OUTPUT)/%,$(BINARIES_64))
 
 CFLAGS := -O2 -g -std=gnu99 -pthread -Wall
 
+ifeq ($(CAN_BUILD_CET),1)
+CFLAGS += -fcf-protection -mshstk
+endif
+
 # call32_from_64 in thunks.S uses absolute addresses.
 ifeq ($(CAN_BUILD_WITH_NOPIE),1)
 CFLAGS += -no-pie

From patchwork Thu May 21 21:17:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 11564073
Return-Path: <SRS0=Ax4L=7D=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EB57113B4
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:46 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C283D207F9
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:46 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C283D207F9
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 216A68000B; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1A47B80007; Thu, 21 May 2020 17:17:43 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id F34218000B; Thu, 21 May 2020 17:17:42 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0156.hostedemail.com
 [216.40.44.156])
	by kanga.kvack.org (Postfix) with ESMTP id CF85F80007
	for <linux-mm@kvack.org>; Thu, 21 May 2020 17:17:42 -0400 (EDT)
Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 9118D52CC
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:42 +0000 (UTC)
X-FDA: 76841987964.20.leg45_7d6529b0fb819
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,yu-cheng.yu@intel.com,,RULES_HIT:30003:30012:30054:30056:30064,0,RBL:134.134.136.65:@intel.com:.lbl8.mailshell.net-62.18.0.100
 64.95.201.95,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:23,LUA_SUMMARY:none
X-HE-Tag: leg45_7d6529b0fb819
X-Filterd-Recvd-Size: 4387
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf46.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:41 +0000 (UTC)
IronPort-SDR: 
 lzj8LKxVgSXVqh8DTxDa2FqS6mdD+0jfBpbD22jdk6G40sXG+kuY5Y/atIQCjJ5Y40nBzuBNP1
 wlavUpToNPVQ==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2020 14:17:39 -0700
IronPort-SDR: 
 z89S8D4UbXcWWZCYK8v6FfkZMHdPVeuY73qpmmOQCbwRKXJ+r6qaLewJnK7uECiocvdeWKzhBp
 k/9W2uy/2LMQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,419,1583222400";
   d="scan'208";a="440623132"
Received: from yyu32-desk.sc.intel.com ([143.183.136.146])
  by orsmga005.jf.intel.com with ESMTP; 21 May 2020 14:17:39 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 3/5] selftest/x86: Fix sigreturn_64 test.
Date: Thu, 21 May 2020 14:17:18 -0700
Message-Id: <20200521211720.20236-4-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20200521211720.20236-1-yu-cheng.yu@intel.com>
References: <20200521211720.20236-1-yu-cheng.yu@intel.com>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

When shadow stack is enabled, selftests/x86/sigreturn_64 triggers a fault
when doing sigreturn to 32-bit context but the task's shadow stack pointer
is above 32-bit address range.  Fix it by:

- Allocate a small shadow stack below 32-bit address,
- Switch to the new shadow stack,
- Run tests,
- Switch back to the original 64-bit shadow stack.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 tools/testing/selftests/x86/sigreturn.c | 28 +++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/tools/testing/selftests/x86/sigreturn.c b/tools/testing/selftests/x86/sigreturn.c
index 57c4f67f16ef..5bcd74d416ff 100644
--- a/tools/testing/selftests/x86/sigreturn.c
+++ b/tools/testing/selftests/x86/sigreturn.c
@@ -45,6 +45,14 @@
 #include <stdbool.h>
 #include <sys/ptrace.h>
 #include <sys/user.h>
+#include <x86intrin.h>
+#include <asm/prctl.h>
+#include <sys/prctl.h>
+
+#ifdef __x86_64__
+int arch_prctl(int code, unsigned long *addr);
+#define ARCH_CET_ALLOC_SHSTK 0x3004
+#endif
 
 /* Pull in AR_xyz defines. */
 typedef unsigned int u32;
@@ -766,6 +774,20 @@ int main()
 	int total_nerrs = 0;
 	unsigned short my_cs, my_ss;
 
+#ifdef __x86_64__
+	/* Alloc a shadow stack within 32-bit address range */
+	unsigned long arg, ssp_64, ssp_32;
+	ssp_64 = _get_ssp();
+
+	if (ssp_64 != 0) {
+		arg = 0x1001;
+		arch_prctl(ARCH_CET_ALLOC_SHSTK, &arg);
+		ssp_32 = arg + 0x1000 - 8;
+		asm volatile("RSTORSSP (%0)\n":: "r" (ssp_32));
+		asm volatile("SAVEPREVSSP");
+	}
+#endif
+
 	asm volatile ("mov %%cs,%0" : "=r" (my_cs));
 	asm volatile ("mov %%ss,%0" : "=r" (my_ss));
 	setup_ldt();
@@ -870,6 +892,12 @@ int main()
 
 #ifdef __x86_64__
 	total_nerrs += test_nonstrict_ss();
+
+	if (ssp_64 != 0) {
+		ssp_64 -= 8;
+		asm volatile("RSTORSSP (%0)\n":: "r" (ssp_64));
+		asm volatile("SAVEPREVSSP");
+	}
 #endif
 
 	return total_nerrs ? 1 : 0;

From patchwork Thu May 21 21:17:19 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 11564075
Return-Path: <SRS0=Ax4L=7D=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F335813B4
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:48 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id CAB6420874
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:48 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CAB6420874
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 85E818000E; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 74A2F8000C; Thu, 21 May 2020 17:17:43 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 45F308000E; Thu, 21 May 2020 17:17:43 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0031.hostedemail.com
 [216.40.44.31])
	by kanga.kvack.org (Postfix) with ESMTP id 285888000C
	for <linux-mm@kvack.org>; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id D9E1F180AD820
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:42 +0000 (UTC)
X-FDA: 76841987964.11.flag68_7d73304b68b21
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,yu-cheng.yu@intel.com,,RULES_HIT:30012:30054:30056:30064,0,RBL:134.134.136.65:@intel.com:.lbl8.mailshell.net-62.18.0.100
 64.95.201.95,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none
X-HE-Tag: flag68_7d73304b68b21
X-Filterd-Recvd-Size: 3552
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf25.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:41 +0000 (UTC)
IronPort-SDR: 
 YC2NqfTCVpm8xi/1HvBKaVyq9d6ap1RfRsXTh9rnfQhfW2VEvil2Tr4M5FmuFJX8Usye4HUS+5
 PoxrTTu3oEdw==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2020 14:17:40 -0700
IronPort-SDR: 
 /r9zDoD7SFGxhHoYqXSzLpcMKQdLR//ClQAx8/S2eThDAud+UvEpi8XCme+YutCu00NsB6QJjr
 mRmRSBwuq7iA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,419,1583222400";
   d="scan'208";a="440623140"
Received: from yyu32-desk.sc.intel.com ([143.183.136.146])
  by orsmga005.jf.intel.com with ESMTP; 21 May 2020 14:17:39 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 4/5] selftest/x86: Fix sysret_rip with ENDBR
Date: Thu, 21 May 2020 14:17:19 -0700
Message-Id: <20200521211720.20236-5-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20200521211720.20236-1-yu-cheng.yu@intel.com>
References: <20200521211720.20236-1-yu-cheng.yu@intel.com>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Insert endbr64 to assembly code of sysret_rip.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 tools/testing/selftests/x86/sysret_rip.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/x86/sysret_rip.c b/tools/testing/selftests/x86/sysret_rip.c
index 84d74be1d902..027682a0f377 100644
--- a/tools/testing/selftests/x86/sysret_rip.c
+++ b/tools/testing/selftests/x86/sysret_rip.c
@@ -27,8 +27,9 @@ asm (
 	".pushsection \".text\", \"ax\"\n\t"
 	".balign 4096\n\t"
 	"test_page: .globl test_page\n\t"
-	".fill 4094,1,0xcc\n\t"
+	".fill 4090,1,0xcc\n\t"
 	"test_syscall_insn:\n\t"
+	"endbr64\n\t"
 	"syscall\n\t"
 	".ifne . - test_page - 4096\n\t"
 	".error \"test page is not one page long\"\n\t"
@@ -151,7 +152,7 @@ static void test_syscall_fallthrough_to(unsigned long ip)
 
 	if (sigsetjmp(jmpbuf, 1) == 0) {
 		asm volatile ("call *%[syscall_insn]" :: "a" (SYS_getpid),
-			      [syscall_insn] "rm" (ip - 2));
+			      [syscall_insn] "rm" (ip - 6));
 		errx(1, "[FAIL]\tSyscall trampoline returned");
 	}
 

From patchwork Thu May 21 21:17:20 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 11564079
Return-Path: <SRS0=Ax4L=7D=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EC4DC1392
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:52 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id C4207207F9
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu, 21 May 2020 21:17:52 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C4207207F9
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 4B6AB8000D; Thu, 21 May 2020 17:17:44 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3EF278000C; Thu, 21 May 2020 17:17:44 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 10A4B8000D; Thu, 21 May 2020 17:17:44 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0088.hostedemail.com
 [216.40.44.88])
	by kanga.kvack.org (Postfix) with ESMTP id E42248000C
	for <linux-mm@kvack.org>; Thu, 21 May 2020 17:17:43 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id A4D908248047
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:43 +0000 (UTC)
X-FDA: 76841988006.23.star20_7d92c7df21d1c
X-Spam-Summary: 
 1,0,0,,d41d8cd98f00b204,yu-cheng.yu@intel.com,,RULES_HIT:30054:30056:30064,0,RBL:134.134.136.65:@intel.com:.lbl8.mailshell.net-62.18.0.100
 64.95.201.95,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:23,LUA_SUMMARY:none
X-HE-Tag: star20_7d92c7df21d1c
X-Filterd-Recvd-Size: 6328
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf46.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu, 21 May 2020 21:17:42 +0000 (UTC)
IronPort-SDR: 
 Kklzs+HITBubjbJDmOZt+sTOlGaRFuClf/+4oBtcudsHbbl19cIg1Efsb+8g/H+S7TK+8LVo6t
 3oAgd06NfDuA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 May 2020 14:17:41 -0700
IronPort-SDR: 
 HzXYuv8kWkLJC92jOBWvCxxBL/zJnsSUtC4UNvgl2oi5BfjFgwJh4qU+XkicsAvhE4lKFDX2im
 Cn4RN1uYb1Iw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,419,1583222400";
   d="scan'208";a="440623147"
Received: from yyu32-desk.sc.intel.com ([143.183.136.146])
  by orsmga005.jf.intel.com with ESMTP; 21 May 2020 14:17:40 -0700
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
	Dave Martin <Dave.Martin@arm.com>,
	Weijiang Yang <weijiang.yang@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH 5/5] selftest/x86: Add CET quick test
Date: Thu, 21 May 2020 14:17:20 -0700
Message-Id: <20200521211720.20236-6-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20200521211720.20236-1-yu-cheng.yu@intel.com>
References: <20200521211720.20236-1-yu-cheng.yu@intel.com>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Introduce a quick test to verify shadow stack and IBT are working.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 tools/testing/selftests/x86/Makefile         |   2 +-
 tools/testing/selftests/x86/cet_quick_test.c | 128 +++++++++++++++++++
 2 files changed, 129 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/x86/cet_quick_test.c

diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile
index f1bf5ab87160..26e68272117a 100644
--- a/tools/testing/selftests/x86/Makefile
+++ b/tools/testing/selftests/x86/Makefile
@@ -14,7 +14,7 @@ CAN_BUILD_CET := $(shell ./check_cc.sh $(CC) trivial_program.c -fcf-protection)
 TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \
 			check_initial_reg_state sigreturn iopl ioperm \
 			protection_keys test_vdso test_vsyscall mov_ss_trap \
-			syscall_arg_fault
+			syscall_arg_fault cet_quick_test
 TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \
 			test_FCMOV test_FCOMI test_FISTTP \
 			vdso_restorer
diff --git a/tools/testing/selftests/x86/cet_quick_test.c b/tools/testing/selftests/x86/cet_quick_test.c
new file mode 100644
index 000000000000..e84bbbcfd26f
--- /dev/null
+++ b/tools/testing/selftests/x86/cet_quick_test.c
@@ -0,0 +1,128 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Quick tests to verify Shadow Stack and IBT are working */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <ucontext.h>
+
+ucontext_t ucp;
+int result[4] = {-1, -1, -1, -1};
+int test_id;
+
+void stack_hacked(unsigned long x)
+{
+	result[test_id] = -1;
+	test_id++;
+	setcontext(&ucp);
+}
+
+#pragma GCC push_options
+#pragma GCC optimize ("O0")
+void ibt_violation(void)
+{
+#ifdef __i386__
+	asm volatile("lea 1f, %eax");
+	asm volatile("jmp *%eax");
+#else
+	asm volatile("lea 1f, %rax");
+	asm volatile("jmp *%rax");
+#endif
+	asm volatile("1:");
+	result[test_id] = -1;
+	test_id++;
+	setcontext(&ucp);
+}
+
+void shstk_violation(void)
+{
+#ifdef __i386__
+	unsigned long x = 0;
+
+	((unsigned long *)&x)[2] = (unsigned long)stack_hacked;
+#else
+	unsigned long long x = 0;
+
+	((unsigned long long *)&x)[2] = (unsigned long)stack_hacked;
+#endif
+}
+#pragma GCC pop_options
+
+void segv_handler(int signum, siginfo_t *si, void *uc)
+{
+	result[test_id] = 0;
+	test_id++;
+	setcontext(&ucp);
+}
+
+void user1_handler(int signum, siginfo_t *si, void *uc)
+{
+	shstk_violation();
+}
+
+void user2_handler(int signum, siginfo_t *si, void *uc)
+{
+	ibt_violation();
+}
+
+int main(int argc, char *argv[])
+{
+	struct sigaction sa;
+	int r;
+
+	r = sigemptyset(&sa.sa_mask);
+	if (r)
+		return -1;
+
+	sa.sa_flags = SA_SIGINFO;
+
+	/*
+	 * Control protection fault handler
+	 */
+	sa.sa_sigaction = segv_handler;
+	r = sigaction(SIGSEGV, &sa, NULL);
+	if (r)
+		return -1;
+
+	/*
+	 * Handler to test Shadow stack
+	 */
+	sa.sa_sigaction = user1_handler;
+	r = sigaction(SIGUSR1, &sa, NULL);
+	if (r)
+		return -1;
+
+	/*
+	 * Handler to test IBT
+	 */
+	sa.sa_sigaction = user2_handler;
+	r = sigaction(SIGUSR2, &sa, NULL);
+	if (r)
+		return -1;
+
+	test_id = 0;
+	r = getcontext(&ucp);
+	if (r)
+		return -1;
+
+	if (test_id == 0)
+		shstk_violation();
+	else if (test_id == 1)
+		ibt_violation();
+	else if (test_id == 2)
+		raise(SIGUSR1);
+	else if (test_id == 3)
+		raise(SIGUSR2);
+
+	r = 0;
+	printf("[%s]\tShadow stack\n", result[0] ? "FAIL":"OK");
+	r += result[0];
+	printf("[%s]\tIBT\n", result[1] ? "FAIL":"OK");
+	r += result[1];
+	printf("[%s]\tShadow stack in signal\n", result[2] ? "FAIL":"OK");
+	r += result[2];
+	printf("[%s]\tIBT in signal\n", result[3] ? "FAIL":"OK");
+	r += result[3];
+	return r;
+}