From patchwork Thu Oct 11 15:16:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636905 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AE85617E1 for ; Thu, 11 Oct 2018 15:22:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9D5AD2BA2E for ; Thu, 11 Oct 2018 15:22:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 90BCB2B9DB; Thu, 11 Oct 2018 15:22:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1B4392BA24 for ; Thu, 11 Oct 2018 15:22:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7AC3E6B0298; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 783806B0299; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 625176B029B; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id 1D6FF6B0299 for ; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id b27-v6so8122230pfm.15 for ; Thu, 11 Oct 2018 08:21:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=Iq5Xh4cI/zY3DrkDmU3iCZiYvsCE7e2msv6ERSQ9RH8=; b=HGdZJVCwLYoYzmGGNjVosCQhMPZiZjjVypQEuB1Ci1uhk06cci13yWxqDkUPASvwyF 8nk9e99eS/94k3bWQ0WCjYlneptxun3Jb5w5h3qJwQf98LxT1v4E3SutgiTdZqqglGhg 9Tt1GMMbTMHK9Ar7fcmoYojFuZHNVhBVit/PVNOVPIzQPWYPzqVEySoIj5HeRkVxBZvq 4kvNCjQXvGvekiMjz5eHvC3e+UxLUr2/6TUbqV567/m9p8utqATGdVMUHHx9meCFAmH2 JJTuRTnlphaijka1Nn9ex6ql9ZmwrfqfItxC4tJKZ+uUTIVMmpv3HRrdwTL6edEw9GVn 8kNQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojEvMBAc3paxidT6Lk7e+6AUv7oYIRBVqtyEVg3OLHE1eZ4nEy1 Wt92E1jYwwSPc0SRf6g1Cj1IdzxhSXsXAdhLLdM2cDPU/k3SA59ENef8dJw2Ea5J3xfeo1sAMUb SdbKjv7lAFu1XAEkzR1gn8IpIvHSBAxyn1u2FIBw1XyUMpSApHygbIkOjAnVfBenykA== X-Received: by 2002:a62:f58a:: with SMTP id b10-v6mr2010994pfm.253.1539271304791; Thu, 11 Oct 2018 08:21:44 -0700 (PDT) X-Google-Smtp-Source: ACcGV63dk4yLa8qLgtgu0yKWHKJ5GzRpddcJDiZj57Rieepq5aNYgZbNvPr9lqTj+bipUlVkNMtl X-Received: by 2002:a62:f58a:: with SMTP id b10-v6mr2010949pfm.253.1539271304096; Thu, 11 Oct 2018 08:21:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271304; cv=none; d=google.com; s=arc-20160816; b=ZR5FECLfarX07vslEdrhkqHTJAzwVmCgpOaDIPL4kt85tj1BtVG8iZN4rpTe5bMSD1 0QjBOcudrf0cDtegX+k7Tm1daPDFK5MKwLEcJVf/nk08z8TagLxIsu6cQSq0ZrHp8SSx /C+v7PaWFcSfA6xel9KctAn1ugpEHQjoSErz0iQwWNb+LP9vT+zpT7F6GYz6o4lg3s/i EBGitRq2HfTT+dPjoBLesiUF4yzEA5+fyG1DkWghL57r2L4WMOcyzA6OeA5wiwta4gCG jjRp4h3Ihys1yiEF5FuHrVpMlb+kkbm/hMfhrglMrIRLuo2/G9DLhQ5U+8i52XHT4Dh4 g3Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=Iq5Xh4cI/zY3DrkDmU3iCZiYvsCE7e2msv6ERSQ9RH8=; b=Zdg+O9LpgSJOSKazwdIR6bueLiEhVlUzrPWG8RoHSwJJuz59XOBu3dfW2GcbkSj1HT GEEnP9fATcesjIOzGiy7aZB+8pUTu80QMmY3IlCtArdmLKZOfF4fnhD7Q9LSTWIEIaej Yos3g4u8p527FjGL0RA0AX7GIX9DG0G+YodEJqaQ2F8Go6vjSiXjYPYxQ93WJM/WJTke sosVcOVjweYvvsUFGpGpCDVbJdO/gd0Rf7AmhRZwl1sr+nC/BqJfVmhTm04rdlyisj7i mS43t2v3fg2VB76L6gB2qUiLZnONAjQLZ3twRpoyFgoiKs8EeruFMhPSKxY4W0jSai89 8BbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id w90-v6si28024425pfk.208.2018.10.11.08.21.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:21:44 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:21:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271617" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:42 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 01/11] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking Date: Thu, 11 Oct 2018 08:16:44 -0700 Message-Id: <20181011151654.27221-2-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The user-mode indirect branch tracking support is done mostly by GCC to insert ENDBR64/ENDBR32 instructions at branch targets. The kernel provides CPUID enumeration, feature MSR setup and the allocation of legacy bitmap. Signed-off-by: Yu-cheng Yu --- arch/x86/Kconfig | 16 ++++++++++++++++ arch/x86/Makefile | 7 +++++++ 2 files changed, 23 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index ac2244896a18..dd65dae3c5cb 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1919,6 +1919,9 @@ config X86_INTEL_CET config ARCH_HAS_SHSTK def_bool n +config ARCH_HAS_AS_LIMIT + def_bool n + config ARCH_HAS_PROGRAM_PROPERTIES def_bool n @@ -1943,6 +1946,19 @@ config X86_INTEL_SHADOW_STACK_USER If unsure, say y. +config X86_INTEL_BRANCH_TRACKING_USER + prompt "Intel Indirect Branch Tracking for user-mode" + def_bool n + depends on CPU_SUP_INTEL && X86_64 + select X86_INTEL_CET + select ARCH_HAS_AS_LIMIT + select ARCH_HAS_PROGRAM_PROPERTIES + ---help--- + Indirect Branch Tracking provides hardware protection against return-/jmp- + oriented programming attacks. + + If unsure, say y + config EFI bool "EFI runtime service support" depends on ACPI diff --git a/arch/x86/Makefile b/arch/x86/Makefile index b28842b80295..ff652bba849f 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -159,6 +159,13 @@ ifdef CONFIG_X86_INTEL_SHADOW_STACK_USER endif endif +# Check compiler ibt support +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + ifeq ($(call cc-option-yn, -fcf-protection=branch), n) + $(error CONFIG_X86_INTEL_BRANCH_TRACKING_USER not supported by compiler) + endif +endif + # # If the function graph tracer is used with mcount instead of fentry, # '-maccumulate-outgoing-args' is needed to prevent a GCC bug From patchwork Thu Oct 11 15:16:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636907 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A939B17E1 for ; Thu, 11 Oct 2018 15:22:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 96C8B2BA40 for ; Thu, 11 Oct 2018 15:22:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 94BB02BA2C; Thu, 11 Oct 2018 15:22:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DF5752BA4C for ; Thu, 11 Oct 2018 15:22:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0814D6B029B; Thu, 11 Oct 2018 11:21:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 014426B029D; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D9D596B029E; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 91E036B029B for ; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id 14-v6so8050595pfk.22 for ; Thu, 11 Oct 2018 08:21:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=/yofMfJkctWwkJZBDJxtB9MQCUIfJdSPsgtfuOwxmtQ=; b=PeRaywTpF/QroHAqs1eMKCnye4RGlsSJNXZsasxKL4bv7cGdnBSHBLOXmJTHuk6jnI F5rPXOl/2vopVa/1WJ+xSxfgI9ahUPDeXA4LcYVMSUeRR9fQ0UUaTstMKoLD1rfl9pXd ypQLOtwJVPhsT+kg2ikWSbD5xCoB2z/LkzG5kLsXKjqiUqtD2yd3Xxc2h1xWR2eqHw96 UCyC35EMbQ4GAIUDINj+lnl6FA5nlnSI7athfjrLSbOQlXg7eVmoAcUNqEasiVf8MkVf IIiBZJnBNEppN9EPfKjXgGafyA31+nIfsV3LsBjZnKsF3FXFArMRsLy4JdLe5zfl7YcB 2cNw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfohDOwKDa+ETRkw0P99QcFly/03x8R3RMnBye9jgeNHAZGgLtMih iWr7wGmsCWdiclFod1xl7V8+MBCp5FcQKkez4RdEHghc7wDp5ZmFm2XFOnhr83xjkaBz++ZgOys HWha2jyKuPtH0OWrAmkDmOZWxJrkNpi14VOXh1o5GzfH7tDaG+WAemU9SmZmmokAguQ== X-Received: by 2002:a63:cb51:: with SMTP id m17-v6mr1765257pgi.105.1539271305267; Thu, 11 Oct 2018 08:21:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV61RIagAzPnHvl0ToS3FeL/4ArAYsm6n/2QXIepw7HQFQxwwVne0PK2S4hO5E3En8YE/SZ8m X-Received: by 2002:a63:cb51:: with SMTP id m17-v6mr1765205pgi.105.1539271304406; Thu, 11 Oct 2018 08:21:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271304; cv=none; d=google.com; s=arc-20160816; b=Q6L+Lxi8fQutbcsMClD1Ob7jj4X0z1BdSXr9mV6oP4PNRmXbxCNAiNzY2f3YC4irSu 8CiGzjSmRa+wzoQQ23MrfYJBWOM4f+lN6PPndMqyRoDylUrkijB4D+XJkNqblT/sN3iP mcHprMbh1wNIfgtCaXlerTnlfhfnaq3t8E+09S29dicmVF9cRVceFFegNaQV1I1zO/p/ zNi1lFef82WsBhh0Pj+QBrfSDT3aZZMr227bxLLUP/otTifu11iTQvO3BkCYAw/yUTg5 Z204td6IN4IrSpQj8YH7PqxY33JpBurOEqre9fBAKzDMdOM608dHS6ZDlne2YcWVHLdg Ofhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=/yofMfJkctWwkJZBDJxtB9MQCUIfJdSPsgtfuOwxmtQ=; b=ir2iyzu8pWOOJ2UEGvMCVfHoXrhNN/8JTsNZDqyX/aXq94eLaWqhmVe/I++BB/qVDm 0Q7RmJMbTR48KSYeBnLIetnrnZilXEEhXYQ8Jxv5SHb6+N3xHOFsam13xLqp1d0aAITK FlD8cS7TtVkyWFl4Sa6AaU42nhj3QEz2nlLpYlvFp0NLCsFJgmozQa0vPHBg0Z/FK4Q9 bmHSSamxucm7eFB/xcDWGpeK4zM6gAa9kwufulpBo80u6UOhVTjt0T496EvLvTlj7g2d J+SgoVFsfYngtfvAPCJW4DkuywXdU8uo3y7bSi/qF5sdPtADjYQZc/mFFbXxehqfK6CR ZTug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id w90-v6si28024425pfk.208.2018.10.11.08.21.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:21:44 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:21:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271620" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:43 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 02/11] x86/cet/ibt: User-mode indirect branch tracking support Date: Thu, 11 Oct 2018 08:16:45 -0700 Message-Id: <20181011151654.27221-3-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add user-mode indirect branch tracking enabling/disabling and supporting routines. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/asm/cet.h | 8 ++++++ arch/x86/include/asm/disabled-features.h | 8 +++++- arch/x86/kernel/cet.c | 31 ++++++++++++++++++++++++ arch/x86/kernel/cpu/common.c | 17 +++++++++++++ arch/x86/kernel/process.c | 1 + 5 files changed, 64 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cet.h b/arch/x86/include/asm/cet.h index 6fa23a41580c..082abf5e8528 100644 --- a/arch/x86/include/asm/cet.h +++ b/arch/x86/include/asm/cet.h @@ -12,8 +12,11 @@ struct task_struct; struct cet_status { unsigned long shstk_base; unsigned long shstk_size; + unsigned long ibt_bitmap_addr; + unsigned long ibt_bitmap_size; unsigned int locked:1; unsigned int shstk_enabled:1; + unsigned int ibt_enabled:1; }; #ifdef CONFIG_X86_INTEL_CET @@ -25,6 +28,9 @@ void cet_disable_shstk(void); void cet_disable_free_shstk(struct task_struct *p); int cet_restore_signal(unsigned long ssp); int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp); +int cet_setup_ibt(void); +int cet_setup_ibt_bitmap(void); +void cet_disable_ibt(void); #else static inline int prctl_cet(int option, unsigned long arg2) { return -EINVAL; } static inline int cet_setup_shstk(void) { return -EINVAL; } @@ -35,6 +41,8 @@ static inline void cet_disable_free_shstk(struct task_struct *p) {} static inline int cet_restore_signal(unsigned long ssp) { return -EINVAL; } static inline int cet_setup_signal(bool ia32, unsigned long rstor, unsigned long *new_ssp) { return -EINVAL; } +static inline int cet_setup_ibt(void) { return -EINVAL; } +static inline void cet_disable_ibt(void) {} #endif #define cpu_x86_cet_enabled() \ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 3624a11e5ba6..ce5bdaf0f1ff 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -62,6 +62,12 @@ #define DISABLE_SHSTK (1<<(X86_FEATURE_SHSTK & 31)) #endif +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER +#define DISABLE_IBT 0 +#else +#define DISABLE_IBT (1<<(X86_FEATURE_IBT & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -72,7 +78,7 @@ #define DISABLED_MASK4 (DISABLE_PCID) #define DISABLED_MASK5 0 #define DISABLED_MASK6 0 -#define DISABLED_MASK7 (DISABLE_PTI) +#define DISABLED_MASK7 (DISABLE_PTI|DISABLE_IBT) #define DISABLED_MASK8 0 #define DISABLED_MASK9 (DISABLE_MPX) #define DISABLED_MASK10 0 diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 17ad328586aa..40c4c08e5e31 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -12,6 +12,8 @@ #include #include #include +#include +#include #include #include #include @@ -296,3 +298,32 @@ int cet_setup_signal(bool ia32, unsigned long rstor_addr, set_shstk_ptr(ssp); return 0; } + +int cet_setup_ibt(void) +{ + u64 r; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + rdmsrl(MSR_IA32_U_CET, r); + r |= (MSR_IA32_CET_ENDBR_EN | MSR_IA32_CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, r); + + current->thread.cet.ibt_enabled = 1; + return 0; +} + +void cet_disable_ibt(void) +{ + u64 r; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return; + + rdmsrl(MSR_IA32_U_CET, r); + r &= ~(MSR_IA32_CET_ENDBR_EN | MSR_IA32_CET_LEG_IW_EN | + MSR_IA32_CET_NO_TRACK_EN); + wrmsrl(MSR_IA32_U_CET, r); + current->thread.cet.ibt_enabled = 0; +} diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index c3960326b67f..785e387cfdfd 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -435,6 +435,23 @@ static __init int setup_disable_shstk(char *s) __setup("no_cet_shstk", setup_disable_shstk); #endif +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER +static __init int setup_disable_ibt(char *s) +{ + /* require an exact match without trailing characters */ + if (s[0] != '\0') + return 0; + + if (!boot_cpu_has(X86_FEATURE_IBT)) + return 1; + + setup_clear_cpu_cap(X86_FEATURE_IBT); + pr_info("x86: 'no_cet_ibt' specified, disabling Branch Tracking\n"); + return 1; +} +__setup("no_cet_ibt", setup_disable_ibt); +#endif + /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index f240fce2b20f..f44c26bf6d28 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -137,6 +137,7 @@ void flush_thread(void) memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); cet_disable_shstk(); + cet_disable_ibt(); fpu__clear(&tsk->thread.fpu); } From patchwork Thu Oct 11 15:16:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636909 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 13BD3112B for ; Thu, 11 Oct 2018 15:22:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F32E92B9A5 for ; Thu, 11 Oct 2018 15:22:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E689A2BA52; Thu, 11 Oct 2018 15:22:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2ECC22BA08 for ; Thu, 11 Oct 2018 15:22:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 563246B0299; Thu, 11 Oct 2018 11:21:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4C2D26B029D; Thu, 11 Oct 2018 11:21:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 38F5A6B029F; Thu, 11 Oct 2018 11:21:46 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id C8E9D6B0299 for ; Thu, 11 Oct 2018 11:21:45 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id k66-v6so6225699pga.21 for ; Thu, 11 Oct 2018 08:21:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=r2Tz1zF9viesqgaQ/f+Tq24NzwdM6shBdg3m8QU3p4g=; b=rE04D7baNAY1t76mQh54UOFD0EJRpqVNW0RYOwIBoMFwWG31kHlTCk7xH92haOpN3V L7VjS6c496Rof0Xpn0t5a3oay+L6Rzf6xLsBG2CRV6uq7jo7IWbsl85cGIHkI8tl633g wjn/YXK4P2Q8x9eOkkCt39XxQ0fm2HcA6G16XagzYzrK37pqrM0wbtkEJNLV8TNNWrFJ aIc1rF3XPzsFQFN7AbynjsPevfm//IWMlCScFJ//fFeSD/4G5PAUhiMTDTNJxSGrSwRQ tgdlsUYeB2M2pBcOBHyzsF/Y/XObAEIp0bR6PtoC653ng9XJ2MEWotmHaiTySN90FuGG F1Kw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojxyWQnJTZgaPgHWBsX+x5FDsMxEp54sIa3G8QpBcQIRobmuMQd RaVy5Cel9z4iF8l5qaTODZJXE1+4icdQWQWK/gH+Mr9C8wXzl2bJidQtu6Klj11gF/Vxj9pxH9N 71Zh/xmjJGRW6NnrmkULttDJuKb4RQ9p3vfrI0ewf1CytuaU8yaf9O+mmrBlQFDDbpQ== X-Received: by 2002:a63:f848:: with SMTP id v8-v6mr1831427pgj.82.1539271305504; Thu, 11 Oct 2018 08:21:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV63OkstG7tMoz6DJiX31XTD00NRs2oCZ/Wf3Bjz21sUkHM0XJF3512ANLOGKvz5Q1/Ra00de X-Received: by 2002:a63:f848:: with SMTP id v8-v6mr1831379pgj.82.1539271304681; Thu, 11 Oct 2018 08:21:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271304; cv=none; d=google.com; s=arc-20160816; b=KzHmkcoWEEhkwfnWbIOOa5sCs5mXrYNLsfP4N7ngavlK4cacK1/ruAXytAZBtbbnP4 KEK9l1b/m6GBR9cpeW/iRt84a80nOkjC6I/BmMf1JApoiEQFFHUV8s3SYnkYKGN/eOKC BeUtJsTH/bGzte36+yyeBGIck+SYhyCqylrZE6HcQlUfUUm79CnOUI3QVOfV2fCjFVq6 WzU/duiAKMkyiHfSC2Jpd5Xyqurt0ioqX0ApkFLqxe0NJppoJp6HDQqO7T7M0dZnhnhr 6O+URAIecfILPOAan3h+60bb7Hr+QOfke+HWpL/YZT1I0iWKDcoVWv8xkFVqDVMhEO3w PAmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=r2Tz1zF9viesqgaQ/f+Tq24NzwdM6shBdg3m8QU3p4g=; b=zYgrgUhvNgfVXyXdiWtzRC5R9+DoFFAa19IYCFSN/ptBwt1+IWy+3bor8CbfymiPtr t6WfM1q9dU3lpT73OwFTrRFny7g8TIJxVzj02vUvKVMiu1gpvNu2w++5hQsT88gg7Q2N xvbbUmODniqIkBZWBnNMPOA8ZOCSRQ/ByEulxcB1VrvNaf/eZoirgTRQkh44CPt4WyWY D6g6gjJsqZX8ipkPRAtqILc3uLWUu+QHWx6vSGkAcNme0y35hG/9I3x3fUqx/8KCZ2Fx M5SlkNni0awuBk9lVOkOFVBg2noVnZRCM4M5JBpATOeBKHEMsDQXMVVvPElPgppPmedO BdYw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id w90-v6si28024425pfk.208.2018.10.11.08.21.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:21:44 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:21:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271624" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:44 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 03/11] x86/cet/ibt: Add IBT legacy code bitmap allocation function Date: Thu, 11 Oct 2018 08:16:46 -0700 Message-Id: <20181011151654.27221-4-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Indirect branch tracking provides an optional legacy code bitmap that indicates locations of non-IBT compatible code. When set, each bit in the bitmap represents a page in the linear address is legacy code. We allocate the bitmap only when the application requests it. Most applications do not need the bitmap. Signed-off-by: Yu-cheng Yu --- arch/x86/kernel/cet.c | 47 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/arch/x86/kernel/cet.c b/arch/x86/kernel/cet.c index 40c4c08e5e31..77ae4eaa9dea 100644 --- a/arch/x86/kernel/cet.c +++ b/arch/x86/kernel/cet.c @@ -21,6 +21,7 @@ #include #include #include +#include static int set_shstk_ptr(unsigned long addr) { @@ -327,3 +328,49 @@ void cet_disable_ibt(void) wrmsrl(MSR_IA32_U_CET, r); current->thread.cet.ibt_enabled = 0; } + +int cet_setup_ibt_bitmap(void) +{ + u64 r; + unsigned long bitmap; + unsigned long size; + + if (!cpu_feature_enabled(X86_FEATURE_IBT)) + return -EOPNOTSUPP; + + if (!current->thread.cet.ibt_bitmap_addr) { + /* + * Calculate size and put in thread header. + * may_expand_vm() needs this information. + */ + size = in_compat_syscall() ? task_size_32bit() : task_size_64bit(1); + size = size / PAGE_SIZE / BITS_PER_BYTE; + current->thread.cet.ibt_bitmap_size = size; + bitmap = do_mmap_locked(0, size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, + VM_DONTDUMP); + + if ((bitmap >= TASK_SIZE) || (bitmap < size)) { + current->thread.cet.ibt_bitmap_size = 0; + return -ENOMEM; + } + + current->thread.cet.ibt_bitmap_addr = bitmap; + + /* + * Lower bits of MSR_IA32_CET_LEG_IW_EN are for IBT + * settings. Clear lower bits even bitmap is already + * page-aligned. + */ + bitmap &= PAGE_MASK; + + /* + * Turn on IBT legacy bitmap. + */ + rdmsrl(MSR_IA32_U_CET, r); + r |= (MSR_IA32_CET_LEG_IW_EN | bitmap); + wrmsrl(MSR_IA32_U_CET, r); + } + + return 0; +} From patchwork Thu Oct 11 15:16:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636911 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D1E4B17E1 for ; Thu, 11 Oct 2018 15:22:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0E0F2BA47 for ; Thu, 11 Oct 2018 15:22:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B3CB42BA42; Thu, 11 Oct 2018 15:22:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E10F2BA3B for ; Thu, 11 Oct 2018 15:22:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9CEE66B029D; Thu, 11 Oct 2018 11:22:07 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9601B6B02A0; Thu, 11 Oct 2018 11:22:07 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73F446B02A1; Thu, 11 Oct 2018 11:22:07 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 258776B029D for ; Thu, 11 Oct 2018 11:22:07 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id x2-v6so6208296pgr.8 for ; Thu, 11 Oct 2018 08:22:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=d1q+L6xRd38r++1iYXaTRxHM6bzgrxeKrLjB3l6Upgw=; b=rjonCIlbhIgRvsviQjbRJR9NZC7g9Zx/hUFSX9GFsIHZwCXZFb5KSsVGcCz4WL6Ues 56AqxywQasYdOvyleHmvkPB1dUnFi9DnDItvABEpVnnxEAnzmCANRvmleJGL9KySB517 x+AT+/k4SlDL26sERADZLjy3UrLHzjfhWafV/ScOTR1YXm9NcSnpYzVNdk2Y8ENu3q9H 9T/IZXUpbMs7piBNxd3RAJetQP1jL10Oge7hLjIJVM2FxDlDO8h02mcYerg2t4/Jk93R R2wIOPLaQcDDX3q/9b6/RWF7VRqCO7Q+q0ljRddNlblD5yvD6kCB3Wtb4ImapJlvCLQY unTw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfogjVRkOq8e8jTNGrTXp0+zmIzm6rs7JRIJUeUJXZ58vn5Wjhcuy 4Tf2p/hvfrKcr9P95JR8TNdNXQPuBhkXpLTMuMm+H3n2OSA5Xc6uKu0GMynMTsAlYD6ud8m5RTt sG+u4v8ug9IXOZZFgjDa34eXnGnS+t6GnLtHN/egdbxuqhnoclU1nuCUWbmRGhZOG2w== X-Received: by 2002:a63:d048:: with SMTP id s8-v6mr1788912pgi.311.1539271326830; Thu, 11 Oct 2018 08:22:06 -0700 (PDT) X-Google-Smtp-Source: ACcGV60PHGQKgCXHwCfgMLxVfU1zD8R9b63n3Dge/1GC4E0Af1PbB96jr9GrdxP2B+kJf5XoenAC X-Received: by 2002:a63:d048:: with SMTP id s8-v6mr1788878pgi.311.1539271326143; Thu, 11 Oct 2018 08:22:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271326; cv=none; d=google.com; s=arc-20160816; b=hq9XjyvMPJmq1h5zv6Aljf/0Slx4iJa7REjZW+Fh1d9yQpWdAJNLoHVkaPeb0eTIKm snC5PIU7KjXHXCW+BzyOtEpj2COM6M2ZtXZbphQCHr7ytlU04uz7pQkmlR4RI9mD1CT2 jCDtWaaQ2TQg0ljc/R6/KHA3+KrVGk+ub0fzx5RmDR1TwcKYcDwnTSdHDbuzjVWEO/b+ d46NaDy31nIlIPGZsCVyMkTy7kwU/pJQ0ZgdiDTPqwfFd9OG5PFNZ6tiK2wz7rJdiAec IK7orbJPmon9aVbAlNPbO5s+W3X18Rn/4TRBTdYaTlaBpzwrPADkAytO9rzzXDuM43F2 wQDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=d1q+L6xRd38r++1iYXaTRxHM6bzgrxeKrLjB3l6Upgw=; b=XZSK1/tsQL8dEhVRvOwIs0RntgsOh6QdUbuEjz4CxJ7/R7NDbPA0ephpY2ZUSuihRs ef3s28/kZN5HPhXC9PMK/3YCPS4TuNSJoacH8XqsEEAf7Ex+nvi+6eStY7RrnlBPFE3X Bv4dpYGp3mMxjJNlmaUYl9XwLZSx58w22VK2Z5cFs/17AKBXodDNsz/3CdmsyH9KL2kO BO6UKTjUsMqszU9kTf282d0KYtp/OLj7WBa4ljHu7J+4cugqq/oTr56OO+15biyYO+ro OgVFvk8mnNBTWeD/hfmnQP1TDXu3jwtYFxhh8vIYWH+JVB+M6zOazywN5mLHrjxzuhFM TZOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id 33-v6si28541073plh.50.2018.10.11.08.22.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:06 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271627" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:44 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 04/11] mm/mmap: Add IBT bitmap size to address space limit check Date: Thu, 11 Oct 2018 08:16:47 -0700 Message-Id: <20181011151654.27221-5-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The indirect branch tracking legacy bitmap takes a large address space. This causes may_expand_vm() failure on the address limit check. For a IBT-enabled task, add the bitmap size to the address limit. Signed-off-by: Yu-cheng Yu --- arch/x86/include/asm/mmu_context.h | 7 +++++++ mm/mmap.c | 19 ++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h index 8da7c999b7ee..9c726171e5c5 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -341,4 +341,11 @@ static inline unsigned long __get_current_cr3_fast(void) return cr3; } +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER +static inline unsigned long arch_as_limit(void) +{ + return current->thread.cet.ibt_bitmap_size; +} +#endif + #endif /* _ASM_X86_MMU_CONTEXT_H */ diff --git a/mm/mmap.c b/mm/mmap.c index fa581ced3f56..62b3045af005 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3231,13 +3231,30 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } +#ifndef CONFIG_ARCH_HAS_AS_LIMIT +static inline int arch_as_limit(void) +{ + return 0; +} +#endif + /* * Return true if the calling process may expand its vm space by the passed * number of pages */ bool may_expand_vm(struct mm_struct *mm, vm_flags_t flags, unsigned long npages) { - if (mm->total_vm + npages > rlimit(RLIMIT_AS) >> PAGE_SHIFT) + unsigned long as_limit = rlimit(RLIMIT_AS); + unsigned long as_limit_plus = as_limit + arch_as_limit(); + + /* as_limit_plus overflowed */ + if (as_limit_plus < as_limit) + as_limit_plus = RLIM_INFINITY; + + if (as_limit_plus > as_limit) + as_limit = as_limit_plus; + + if (mm->total_vm + npages > as_limit >> PAGE_SHIFT) return false; if (is_data_mapping(flags) && From patchwork Thu Oct 11 15:16:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D37AA17E1 for ; Thu, 11 Oct 2018 15:23:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C249C2BA4D for ; Thu, 11 Oct 2018 15:23:06 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B37152BA59; Thu, 11 Oct 2018 15:23:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 386332BA52 for ; Thu, 11 Oct 2018 15:23:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9769E6B02A5; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8BBCC6B02AA; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6C4096B02A5; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id 07CFD6B02A3 for ; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id e24-v6so6242797pga.16 for ; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=StORTPBNA6TeZo6VcPugQPhXp09bTuFa2SHwm2IbcY8=; b=PN07HI63KY5654KsRwyDWia+tt0KtJJBodlvogLYqOgUMAIHm0YUWy30RVCiY5GQRC z/sSz3tMnMPhnaaX3QFlWDGiV7c6LlJHTOH3wORUuvhErozRIsm/IwrwmfHragDtA6uU TXvk3U9xwprk79FXcRy9eB/+PjIgkUS6cyBni0RZ2Q+nbFT5F3sG3qzU8klmvRI559Pz KFKu7epAzy88dh4HD66gejgkz1suHYiagziUrb9WYi4P6qvWLPrnDFxtAt+X696OLQmi +DSVOTrqHJiY9TWA39q7hW3jeuIk9htK+GXKxk7z5A2k+sFgXzi3KMMbHZBFNC8cLTm8 FY0w== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfog9GBQl/DdE5E/Q7X5Bj2YqrIWptQ4KMUjg5gawFShFk5gdyUB9 yUiwEzcrW4/WJSMRuv0T5SY/6gYeEq1QVj0IywxKdn8aEiFpl9CttPscmzCRj/gkW4pyV2ywjqB OQlGPq3uKfaV5nW7QeG7XDi3mkhabagk/U0CYSoCo26qD3Kaun/AXUp+IuYRUwArQVg== X-Received: by 2002:a17:902:223:: with SMTP id 32-v6mr2021917plc.112.1539271328726; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV62x69LEi4r8xAJz6k1NKuwdeLaBPxbSTL4iAH8HB00W0QNVxo9EFR55n9kyh/4/d1rdxbst X-Received: by 2002:a17:902:223:: with SMTP id 32-v6mr2021884plc.112.1539271328110; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271328; cv=none; d=google.com; s=arc-20160816; b=d4bs3MsccavwvxvSk0rx0yGRH0AauCrN1tbheAXLU5GSGwV0h6esxcJSgSdpT33qgQ wTtLvR35SnfFEBFm2Nac8LgPFBFg7WYkkVwOdd+QcFJbAmQWprBQiSgQTSAf60DwiRjI HgAi1lkQlfDvhNYENvfJO6dwipueC98opbU/1oBK7ZBHDHGleRRVdAxETQcrWumNbJiY kNiYy9HYnYC3GOGX5wXp0LVRmUYgLidR5V6+J6cvG1t69qlEZgFRR4joUmWASmRb5DQN CIHfUb0Ze/9thzLT7Y+VKCjhXjojS6gMM0VW/as9J0pkif/RLUSW8A0WAEwKESROBC0A I4/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=StORTPBNA6TeZo6VcPugQPhXp09bTuFa2SHwm2IbcY8=; b=VbhmA3F9aXMTyE8kbMDMPWvuk3KnmI1rAzoUJpgynF0G2r+2sSs9sQtjecb2f79R92 BDOlR45HTDsgIWYauMieuCXs3B4hSNk1Cn/EGiuLvJiE8CGQaHXjLowYzd8o8KG6nW4S J4wYTFOL+Lbnp27WPCfES/COEv/Ix2veIjlt/mWi1pI844Dej+aIUoA1vV6DhPVSa3jM S+gKglItgT8cePYj6x266uj9/OM4fZt8/fp37wUOcbV00RNA0uBxnfrXcz72xdpYr3O9 YKJblrJTo4PLaq2bpSXAaZj7dqFX1R3BQa+qUnHXlH2ZYop1MmAk1x5m91vqakBW+MJV FbFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id 33-v6si28541073plh.50.2018.10.11.08.22.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271630" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:44 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 05/11] x86/cet/ibt: ELF header parsing for IBT Date: Thu, 11 Oct 2018 08:16:48 -0700 Message-Id: <20181011151654.27221-6-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Look in .note.gnu.property of an ELF file and check if Indirect Branch Tracking needs to be enabled for the task. Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/uapi/asm/elf_property.h | 1 + arch/x86/kernel/elf.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/arch/x86/include/uapi/asm/elf_property.h b/arch/x86/include/uapi/asm/elf_property.h index af361207718c..343a871b8fc1 100644 --- a/arch/x86/include/uapi/asm/elf_property.h +++ b/arch/x86/include/uapi/asm/elf_property.h @@ -11,5 +11,6 @@ * Bits for GNU_PROPERTY_X86_FEATURE_1_AND */ #define GNU_PROPERTY_X86_FEATURE_1_SHSTK (0x00000002) +#define GNU_PROPERTY_X86_FEATURE_1_IBT (0x00000001) #endif /* _UAPI_ASM_X86_ELF_PROPERTY_H */ diff --git a/arch/x86/kernel/elf.c b/arch/x86/kernel/elf.c index 2e2030a0462b..177b5144fdf4 100644 --- a/arch/x86/kernel/elf.c +++ b/arch/x86/kernel/elf.c @@ -336,6 +336,11 @@ int arch_setup_features(void *ehdr_p, void *phdr_p, } } + if (cpu_feature_enabled(X86_FEATURE_IBT)) { + if (feature & GNU_PROPERTY_X86_FEATURE_1_IBT) + err = cet_setup_ibt(); + } + out: return err; } From patchwork Thu Oct 11 15:16:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636921 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 997CD112B for ; Thu, 11 Oct 2018 15:23:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88B972BA19 for ; Thu, 11 Oct 2018 15:23:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8075E2BA61; Thu, 11 Oct 2018 15:23:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 013162BA5C for ; Thu, 11 Oct 2018 15:23:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CFC8C6B02A4; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C42E46B02AC; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 741046B02A0; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 321B16B02A6 for ; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id v4-v6so6505802plz.21 for ; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=1Gs7vOzKcSnO1Z0mJBHrDtF4yXiqvuuOOTyzIpVDKT4=; b=A11aRHDbNWkD9yCzCAeXkBZoIGK7m5MnHeXzVd2syJH+ltBTrtweBRAc5l08u5bAYk ofS0QQntQK+SayhAsYVrtlk26yHu4qTB4pSNdGsyt+/ypX+bzm67zR2FuIoDxvWvyyxr p3AjCiM0ahkBdrAFv3uX6gbe0kO8UK8NbPF4iXMjrsNBa+PInMm7c0n3zqfN/5lKwLM7 nk7vT4lp9Eh8HSj9iRPhr0l31wDPJ0UQVSphKdF/3R7hjM6WGP1WKYHpEdRcSam7u9mG /m/T+Plcz1Whze/KgpIUQLZrx9qTJs78/C6icNWP1Ku8GgEY4hENmbrM35rW7fUyc38K 8Q/A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojV+58OaDFpIYNBBkPsdJOKWDZEVeqKyWgJLBWrZJcf1SAfi8S7 cVDQJ+GT+FKoFzdBdDTlhDN2JNYlhAX6NTRxObOa19StXyMCqhWFMj4PYNLgp5Xo2MQnGFNo5Yh yLyZ9lOr4O3TsmplJjTiJDEmj/ID5FgFXPy10DQmJJOzzgUSdeQGxcROo5IQNMyB1GQ== X-Received: by 2002:a17:902:b90c:: with SMTP id bf12-v6mr2005691plb.259.1539271328881; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV61o0mffTuGsGLyCVSCgQjnfnMcL1AfZvOcsq9K5b+XHv59OPGxylZFkszYmpeB29zu9tQte X-Received: by 2002:a17:902:b90c:: with SMTP id bf12-v6mr2005643plb.259.1539271328072; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271328; cv=none; d=google.com; s=arc-20160816; b=smrGky1JQEnaw193kkdpY0IJAfRQkc/gKmqVSk7eWBb7JBqxs4UoTINnZjgzuxKU2r S0PPYJ2/fF2Kb0V4XB/UILaZiihTSgE0+2fsh7Hiu4duqIC3iDzzvASoqIhYKY5EkIdK IT687ipryps1OH/sYImnCunjYo8eHgmwy5bJzR0pP1NghpqbGfzgHbm5Pk/PF4pvumnj FAebIZebTtpzLc64U5NeRAVAemt9Fi5+vAorqjUD2vwtfXc+ldwt+dF9mb/zm7HpsoDW nde7o8aLYn2WP7iX622rcFoYtdc7l9QbbKVpznm6cpq3xNdiE694XSQ6Si1fNFYYka8S TvFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=1Gs7vOzKcSnO1Z0mJBHrDtF4yXiqvuuOOTyzIpVDKT4=; b=PBgRRjMZGHhfF016IU7Yhn8g9qlHV6AT4Le4LXiL8aJ6FZ8DesOdcMHxBpzQX4ffBK JSYBzDsNLumPXMGkhUPiX2Zs6mkzF9SjuBQBPPd1/dGvTtgaXegeioyJdU8aQILnU6fx v60rSBUz8Rj8J4kybgGP3kbq2CSAP0YguEXRgQwpIfySupjKxb9CXjRHzTG7LtTHuaQ/ /2lxcRns2yFV730ds+xSE6CAIG4sVN3/oN6TZ9QuBEQ9nZ5YdeBtWWRITnQubmFhNP0m 6zFWB3QWhubl5kVlP/RSNonfNtyGhSl9dtbKaFlUPnl9gXfztT+WUr2UpV+GhFZ3Y/8Z 0zog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id a28-v6si14382557pfc.106.2018.10.11.08.22.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271633" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:44 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 06/11] x86/cet/ibt: Add arch_prctl functions for IBT Date: Thu, 11 Oct 2018 08:16:49 -0700 Message-Id: <20181011151654.27221-7-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Update ARCH_X86_CET_STATUS and ARCH_X86_CET_DISABLE to include Indirect Branch Tracking features. Introduce: arch_prctl(ARCH_X86_CET_GET_LEGACY_BITMAP, unsigned long *addr) Enable the Indirect Branch Tracking legacy code bitmap. Allocate the bitmap if the task does not have one. The parameter 'addr' is a pointer to a user buffer. On returning to the caller, the kernel fills the following: *addr = IBT bitmap base address *(addr + 1) = IBT bitmap size Signed-off-by: H.J. Lu Signed-off-by: Yu-cheng Yu --- arch/x86/include/uapi/asm/prctl.h | 1 + arch/x86/kernel/cet_prctl.c | 35 +++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h index d962f0ec9ccf..fd4eae92c733 100644 --- a/arch/x86/include/uapi/asm/prctl.h +++ b/arch/x86/include/uapi/asm/prctl.h @@ -18,5 +18,6 @@ #define ARCH_X86_CET_DISABLE 0x3002 #define ARCH_X86_CET_LOCK 0x3003 #define ARCH_X86_CET_ALLOC_SHSTK 0x3004 +#define ARCH_X86_CET_GET_LEGACY_BITMAP 0x3005 #endif /* _ASM_X86_PRCTL_H */ diff --git a/arch/x86/kernel/cet_prctl.c b/arch/x86/kernel/cet_prctl.c index 320dbb620d61..dc7e9785f5e7 100644 --- a/arch/x86/kernel/cet_prctl.c +++ b/arch/x86/kernel/cet_prctl.c @@ -21,6 +21,8 @@ static int handle_get_status(unsigned long arg2) if (current->thread.cet.shstk_enabled) features |= GNU_PROPERTY_X86_FEATURE_1_SHSTK; + if (current->thread.cet.ibt_enabled) + features |= GNU_PROPERTY_X86_FEATURE_1_IBT; shstk_base = current->thread.cet.shstk_base; shstk_size = current->thread.cet.shstk_size; @@ -56,6 +58,31 @@ static int handle_alloc_shstk(unsigned long arg2) return 0; } +static int handle_bitmap(unsigned long arg2) +{ + unsigned long addr, size; + + if (current->thread.cet.ibt_enabled) { + int err; + + err = cet_setup_ibt_bitmap(); + if (err) + return err; + + addr = current->thread.cet.ibt_bitmap_addr; + size = current->thread.cet.ibt_bitmap_size; + } else { + addr = 0; + size = 0; + } + + if (put_user(addr, (unsigned long __user *)arg2) || + put_user(size, (unsigned long __user *)arg2 + 1)) + return -EFAULT; + + return 0; +} + int prctl_cet(int option, unsigned long arg2) { if (!cpu_x86_cet_enabled()) @@ -70,6 +97,8 @@ int prctl_cet(int option, unsigned long arg2) return -EPERM; if (arg2 & GNU_PROPERTY_X86_FEATURE_1_SHSTK) cet_disable_free_shstk(current); + if (arg2 & GNU_PROPERTY_X86_FEATURE_1_IBT) + cet_disable_ibt(); return 0; @@ -80,6 +109,12 @@ int prctl_cet(int option, unsigned long arg2) case ARCH_X86_CET_ALLOC_SHSTK: return handle_alloc_shstk(arg2); + /* + * Allocate legacy bitmap and return address & size to user. + */ + case ARCH_X86_CET_GET_LEGACY_BITMAP: + return handle_bitmap(arg2); + default: return -EINVAL; } From patchwork Thu Oct 11 15:16:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636915 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D8E2B112B for ; Thu, 11 Oct 2018 15:23:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C30D42BA19 for ; Thu, 11 Oct 2018 15:23:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C08032BA58; Thu, 11 Oct 2018 15:23:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A1B3B2BA5E for ; Thu, 11 Oct 2018 15:23:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6C7656B02A3; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 60D656B02A9; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 25EA26B02A0; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id C785E6B02A2 for ; Thu, 11 Oct 2018 11:22:08 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id b22-v6so8052093pfc.18 for ; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=TK8EDeMGPZ2hWiuLL/i5vI4+eG5g0kdJ6UAxh9hkMGQ=; b=S93MSOeIOW1TGHWtA06YJH8yLpbQlrFClBuUJuwm4H1sucriQuwIjb8b3Ipfv6bPKT G2F8LbzknRgJK417Nhy1ZHSX2hLKHVtMeRz6K5g47HqN1dPb2eLN/zymD37FaWtRTw1P u/qqRbc7hk80NLSEUyROaWJLYzVgMg7DQ1SAlhBfRpWl5fDqVVK8u8VxRhzAIcYwyqXB yyi+TdZhiZlDysdnYduIY+DTQrY6tzQR6s+3BVTxsbNonzZaQbfHQ2Pg8tszejoXS3d8 EK1PmbLQlA78vCmHd2jxBVEOUmmCMRdWqlXkcgzA56T69hQCuH0xUVB2/MC1JPXVAYh/ Yaww== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojh/s6jj0Imn/6dZTizsUrPgt4tBpNEBy0i0ir1ZgK6zCAaZ3j2 4cJ1Y6iBfYXY09TWeMkX0y+lKhFB7WhwbbIMJ2PsxGrm4qTjbhKRa1AOuKbgqWm6CJHXHPI414h 4tU+b5RTWg/3AQ6XPMBbQKx511MSSKhD07DI8qygoIWGwsbg6ZCAcSsw0RBi0byToAw== X-Received: by 2002:a62:d206:: with SMTP id c6-v6mr2056779pfg.8.1539271328503; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV60pqzAWSW5Wyv0+tKjYO05Z+KYDmPJUQlAjOgx5PCf2vO18tzDxFUKOXY5ZF/2VdUbsrdTr X-Received: by 2002:a62:d206:: with SMTP id c6-v6mr2056734pfg.8.1539271327837; Thu, 11 Oct 2018 08:22:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271327; cv=none; d=google.com; s=arc-20160816; b=fQLUzNANjY3r6qOf7seGwM8d3QuCc0MbZE66H4U6Jn+sg6eElLMNsb0tJZb5fc7i9S pcdekxbn9baJR0wSoTkbAwrRYynIMr5p+xqZ/4PWHoURCS1w0SfUlsGPLlz7/q3C5Ohd bf1AMqhs8DOSvRaEvRnx2v/aC8lA2gabg1kRaYblkByA8fScprH9MYCRaZppr7PSwZnq onPPSrS+h4i7Bvb6FTY8RlKsKsvzud4y6hICS2yyZ3P95LHYl74atNCCwJ8MyfQ6/ubg EFy2RnixTehTYCabnvA3ts4PPaB6XPiC1T66BrNVxAGgVOj92U9Q/cuw1oW2S+blRYh4 t0Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=TK8EDeMGPZ2hWiuLL/i5vI4+eG5g0kdJ6UAxh9hkMGQ=; b=VGDlmttl6DpLg2DFl32KA7xc28Z2e57LNzYyY90/E2s4LqyTVxknsk6w9jTZ/x0GEu bERpjMqX/Ey71MP/EoREebU7fybcRss2xtN+9dEcS/nhvMSdUjEbMY4RamxUXciVjVUE G3Zn8Nvr6KC0SnJbUHEbRqCH1zPaIjDOHmggrTKmw7oSYh7brVDEGN9ucpOFDA4GWVZJ i4omyzA5oy2LailQWuXt6HK81jI5G2I9bavkA+Rt7pYpcttN8RPVPU1RLwqWgtT2DRYC wpQC0VY9tg28I2IhqSsPdSFH+FmsjwOmZCZS2WjKdsaWGk0waKaecjXaxfxucLDYtXcy YV9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id 33-v6si28541073plh.50.2018.10.11.08.22.07 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:07 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271636" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:45 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 07/11] x86/cet/ibt: Add ENDBR to op-code-map Date: Thu, 11 Oct 2018 08:16:50 -0700 Message-Id: <20181011151654.27221-8-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add control transfer terminating instructions: ENDBR64/ENDBR32: Mark a valid 64/32-bit control transfer endpoint. Signed-off-by: Yu-cheng Yu --- arch/x86/lib/x86-opcode-map.txt | 13 +++++++++++-- tools/objtool/arch/x86/lib/x86-opcode-map.txt | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt index c5e825d44766..fbc53481bc59 100644 --- a/arch/x86/lib/x86-opcode-map.txt +++ b/arch/x86/lib/x86-opcode-map.txt @@ -620,7 +620,16 @@ ea: SAVEPREVSSP (f3) # Skip 0xeb-0xff EndTable -Table: 3-byte opcode 2 (0x0f 0x38) +Table: 3-byte opcode 2 (0x0f 0x1e) +Referrer: +AVXcode: +# Skip 0x00-0xf9 +fa: ENDBR64 (f3) +fb: ENDBR32 (f3) +#skip 0xfc-0xff +EndTable + +Table: 3-byte opcode 3 (0x0f 0x38) Referrer: 3-byte escape 1 AVXcode: 2 # 0x0f 0x38 0x00-0x0f @@ -804,7 +813,7 @@ f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) | WRSS Pq,Qq f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) EndTable -Table: 3-byte opcode 3 (0x0f 0x3a) +Table: 3-byte opcode 4 (0x0f 0x3a) Referrer: 3-byte escape 2 AVXcode: 3 # 0x0f 0x3a 0x00-0xff diff --git a/tools/objtool/arch/x86/lib/x86-opcode-map.txt b/tools/objtool/arch/x86/lib/x86-opcode-map.txt index c5e825d44766..fbc53481bc59 100644 --- a/tools/objtool/arch/x86/lib/x86-opcode-map.txt +++ b/tools/objtool/arch/x86/lib/x86-opcode-map.txt @@ -620,7 +620,16 @@ ea: SAVEPREVSSP (f3) # Skip 0xeb-0xff EndTable -Table: 3-byte opcode 2 (0x0f 0x38) +Table: 3-byte opcode 2 (0x0f 0x1e) +Referrer: +AVXcode: +# Skip 0x00-0xf9 +fa: ENDBR64 (f3) +fb: ENDBR32 (f3) +#skip 0xfc-0xff +EndTable + +Table: 3-byte opcode 3 (0x0f 0x38) Referrer: 3-byte escape 1 AVXcode: 2 # 0x0f 0x38 0x00-0x0f @@ -804,7 +813,7 @@ f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) | WRSS Pq,Qq f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) EndTable -Table: 3-byte opcode 3 (0x0f 0x3a) +Table: 3-byte opcode 4 (0x0f 0x3a) Referrer: 3-byte escape 2 AVXcode: 3 # 0x0f 0x3a 0x00-0xff From patchwork Thu Oct 11 15:16:51 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636913 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DA1BC17E1 for ; Thu, 11 Oct 2018 15:22:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C72A42BA5B for ; Thu, 11 Oct 2018 15:22:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BB1E12BA5E; Thu, 11 Oct 2018 15:22:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A1FE2BA5B for ; Thu, 11 Oct 2018 15:22:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 262606B02A2; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0CE896B02A5; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAFF96B02A4; Thu, 11 Oct 2018 11:22:08 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id A596E6B02A0 for ; Thu, 11 Oct 2018 11:22:08 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id p89-v6so8074202pfj.12 for ; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to :subject:date:message-id:in-reply-to:references; bh=0lwKd3VCdluxV9TIoAnzM2ZXz+CjhIEXN1/3QJINxnU=; b=VIuh3VOMT7Un8kUQME8YzhsCax6NBr2tfABLN5c07KRyxMbiMsI+6cgXhf45obx0j4 kO65MboUXhVAQy6TC4gDHY4UOWuga94jR/AU21HvKG+/0Ac9kqaD5KjMb+CyT3XI+EC7 QOqliVncWenBqmg1z7loEHBtywM5gO5jUdKGUK1nomnD7o9azTVmKYeaEA/S8PS5nuK2 vgH1lYMAHVz30bVYm/NSSVdrag4gSQVKg5rnlQb4VwtY7h7EwoPx5Glgsf2arFktFXca OxldvPecmrZiArb/jVXO0bu9dsyViW6Y0yY5FTjN2oQ7weFy+XJ5TaVbF/5dvREnXz9o SwGg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfoiPsHjIzKP+TinUVcTlCdzidiPILEExUoHOO1VpGnGrzPzbJLd0 H0hVMbZahGRmDRTv1qoPPM7FwguF+yvt5VhbHBHdcF98R8JAm3K/PweSWGuQ2yttqH5FZvvTtZR aBw+QibjKiNY3C6pAFOEWbXJgsHSthVu/X1DRGmNv3cVdBUjup9kadGbDmgoolqciHg== X-Received: by 2002:a17:902:ab8a:: with SMTP id f10-v6mr2003195plr.203.1539271328239; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV63qtc88facBe+xtQXKlcJrDjadKAxv6eqg/mFhD44QIx7ON7ctsa/oReYhgQbsVDOGX9SEA X-Received: by 2002:a17:902:ab8a:: with SMTP id f10-v6mr2003162plr.203.1539271327563; Thu, 11 Oct 2018 08:22:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271327; cv=none; d=google.com; s=arc-20160816; b=OiCzMFzb38oKqADZJzT5vGfaDXDgAnVcbNzfAnWo+6UXwLHcP/TuPnc5ozyfU/klKJ juUl2Nqn/vNTh+KYH8hAS17C5CgNpQK399bRETgvoVVY0PipaQH8L0csa+UJRvh721mZ xHqGL55srFKPLjDf7o7VYUoc8TRkjT4ghvvTq16pmQpbf2TZgVYD2ZyKOC1UARWqYOLn r3sCmFuCkJPv6XB3l24kaLuQwrWlEfOEoEwm8GsqGkDdZr4KM/MaI7dFZnqmOsdqzla7 6h/UAjEAly7TCyXZWhxp3e5rO/60cLKI5vZpZuBEYyXwGxTF2qaOpVfzKqbakQ+UjUgn DS6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from; bh=0lwKd3VCdluxV9TIoAnzM2ZXz+CjhIEXN1/3QJINxnU=; b=dEDHDDoom5emIN0F4YqOwTmiLeNfDoW9QRbczrLHC++K48IeHyt1xxU9vQddNW0U12 m3JOcLmGCLygS7/7Dt5xso2FG2I0STsBzw2iQKC8sf/bcbcIxq5mo21rRq1y27LroEcu W1uXb/Xxc9G6KVk/7R96pautZRZV2szNHA11iBEO7W/rOS+vmxalDR/zsb33MruNd6Wf 88p7jV8fXV5qtXA3FXuwOHyofLvMZWDEQvf471hfpv9iY3PLsccZPRf4mNot67oQyA4M NPJTEDPINmE44AJULI7n3McSa5QS2FeSV49MTvy3k+5G3mM0Y3mtCDIzwzo1oaU3U282 6rtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id 33-v6si28541073plh.50.2018.10.11.08.22.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:07 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271639" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:45 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Subject: [PATCH v5 08/11] x86: Insert endbr32/endbr64 to vDSO Date: Thu, 11 Oct 2018 08:16:51 -0700 Message-Id: <20181011151654.27221-9-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: "H.J. Lu" When Intel indirect branch tracking is enabled, functions in vDSO which may be called indirectly must have endbr32 or endbr64 as the first instruction. Compiler must support -fcf-protection=branch so that it can be used to compile vDSO. Signed-off-by: H.J. Lu --- arch/x86/entry/vdso/.gitignore | 4 ++++ arch/x86/entry/vdso/Makefile | 12 +++++++++++- arch/x86/entry/vdso/vdso-layout.lds.S | 1 + 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/.gitignore b/arch/x86/entry/vdso/.gitignore index aae8ffdd5880..552941fdfae0 100644 --- a/arch/x86/entry/vdso/.gitignore +++ b/arch/x86/entry/vdso/.gitignore @@ -5,3 +5,7 @@ vdso32-sysenter-syms.lds vdso32-int80-syms.lds vdso-image-*.c vdso2c +vclock_gettime.S +vgetcpu.S +vclock_gettime.asm +vgetcpu.asm diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 141d415a8c80..0b1b464e7ae7 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -108,13 +108,17 @@ vobjx32s := $(foreach F,$(vobjx32s-y),$(obj)/$F) # Convert 64bit object file to x32 for x32 vDSO. quiet_cmd_x32 = X32 $@ - cmd_x32 = $(OBJCOPY) -O elf32-x86-64 $< $@ + cmd_x32 = $(OBJCOPY) -R .note.gnu.property -O elf32-x86-64 $< $@ $(obj)/%-x32.o: $(obj)/%.o FORCE $(call if_changed,x32) targets += vdsox32.lds $(vobjx32s-y) +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + $(obj)/vclock_gettime.o $(obj)/vgetcpu.o $(obj)/vdso32/vclock_gettime.o: KBUILD_CFLAGS += -fcf-protection=branch +endif + $(obj)/%.so: OBJCOPYFLAGS := -S $(obj)/%.so: $(obj)/%.so.dbg $(call if_changed,objcopy) @@ -172,6 +176,12 @@ quiet_cmd_vdso = VDSO $@ VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \ $(call ld-option, --build-id) -Bsymbolic +ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + VDSO_LDFLAGS += $(call ldoption, -z$(comma)ibt) +endif +ifdef CONFIG_X86_INTEL_SHADOW_STACK_USER + VDSO_LDFLAGS += $(call ldoption, -z$(comma)shstk) +endif GCOV_PROFILE := n # diff --git a/arch/x86/entry/vdso/vdso-layout.lds.S b/arch/x86/entry/vdso/vdso-layout.lds.S index acfd5ba7d943..cabaeedfed78 100644 --- a/arch/x86/entry/vdso/vdso-layout.lds.S +++ b/arch/x86/entry/vdso/vdso-layout.lds.S @@ -74,6 +74,7 @@ SECTIONS .fake_shstrtab : { *(.fake_shstrtab) } :text + .note.gnu.property : { *(.note.gnu.property) } :text :note .note : { *(.note.*) } :text :note .eh_frame_hdr : { *(.eh_frame_hdr) } :text :eh_frame_hdr From patchwork Thu Oct 11 15:16:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 53FD117E1 for ; Thu, 11 Oct 2018 15:23:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 421DB2BA19 for ; Thu, 11 Oct 2018 15:23:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 400732B159; Thu, 11 Oct 2018 15:23:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CEBEE2BA19 for ; Thu, 11 Oct 2018 15:23:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 022F16B02A7; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id EB4B66B02AA; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A1DC16B02AB; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id 427806B02A7 for ; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id p89-v6so8074236pfj.12 for ; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to :subject:date:message-id:in-reply-to:references; bh=Ug0e6c/ePrlKqmU4ndzY3elEK3Oaa/JjFSkVe5cWmmg=; b=HIEGW6Jv2WlGDNMwiqQNRIV736FzL5KnwGNHBqtxauKX+l4ufwSrTm3pJY4k1z+G6t IarbYYkqTlTsuGol0/DY/kIpdblv4gFiHx8nHRB1Wr4gmFHJ80TyARf0PyS+oCoLFTjQ jDcPm54Py9Y3M7z2O28wnGmVKvvgxaJlyUuko/fU4h7c77qJa1xukPSh9tCs6Loyrgci 3cMcd2tKJFfHZY4XY3okIGE9wRFWK1lETjKHMqPYwqnyEaPq6R3HklrM3hf30+FyiaVP fUJ/0K8VnYjaKaEx5tHuePvQ83ZzOk75aFq7VnXWYazcYbUy0wn4LiX60oWYrxlPJP/v y/0A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfogj/P5QYf4zbEEVW9zeIjZoD367gSlNE44LmsxiFGfmrEexfwwT /Z3cIxHYTb5ZnayaHf/UxUsT0LyPvhCHPYqB+6q3qCTPBO8y4xHCj0nPAwxypXWLPfR1wYayaYF PbCzviYWfiHy8Z33shf0UCX7vL6zw+HEpGtTuCGCDEenzBT27lB4V7j6PK0pfxpEsqA== X-Received: by 2002:a62:401:: with SMTP id 1-v6mr2007721pfe.236.1539271328958; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV614WFflJtZwFAjcVkvnS9G1tNz5oDps2P7qGP9WbLVWI8k82RiOY1277jox8fYyDACCUJF5 X-Received: by 2002:a62:401:: with SMTP id 1-v6mr2007682pfe.236.1539271328409; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271328; cv=none; d=google.com; s=arc-20160816; b=H9KR6ozDKiZwswRMhNW/epJ1QP1OSSCzc86GCitYxOP0pYGUujq1JLBS7/Tf0AlhIX 2bgtYE2FMSllLYLI0vdvnco+fS0y+8Y4XXlHxs49lInBZ6wYM/kFE1ICE7LT6IP0K6v6 ZC0mH5a8o++oEib+8de/dkMYrk3JUVJQznKxStXwcvCsjue2lJAXz7Mc1SeB5flmOHUS 1HdFbGzNfusvOFZbcvrf3yJI88zULER9FMllhCgVIS8dfR46DTvkn9ermyqFLkzWzwun dMdN8NNjg2KGV56+cj04PyK48fQy1oKbk1j2I6gqarJCanPMxTxbic4LTy3oOR/HzFE/ tNgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from; bh=Ug0e6c/ePrlKqmU4ndzY3elEK3Oaa/JjFSkVe5cWmmg=; b=pRWyXzbP+AnADG5Dy0pKmSOh4t5uBHooDDkcxcZieeBmKqDjIEXkNoAOHDjEHmwlH8 e5Om55qJ9s36HEMtIUU1WCfahGmHDLPQXYkokJf53XDXtc8x82Abq13Oct3EIYbLn5eO dxmXSB1UfZoSXcfqOkiz53mVqn8zvNoJmH9XBgWxEMaEET5SaPDikHAs+XW42g3Jls+7 hUdaH6s0vW95x8aZhknZT/YDkrTsjEAuwOyYeBCpvWWyGiqY6WgYouNjqPWb1BG2nqGL jEezhLi9kucxSKAtxBJC4Mn6wfGsBZMv3H/2i0prf9xUOS8UnGlC0cFCIRhBIIxMhOyB LawQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id 33-v6si28541073plh.50.2018.10.11.08.22.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271642" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:45 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Subject: [PATCH v5 09/11] x86/vsyscall/32: Add ENDBR32 to vsyscall entry point Date: Thu, 11 Oct 2018 08:16:52 -0700 Message-Id: <20181011151654.27221-10-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: "H.J. Lu" Add ENDBR32 to vsyscall entry point. Signed-off-by: H.J. Lu --- arch/x86/entry/vdso/vdso32/system_call.S | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/entry/vdso/vdso32/system_call.S b/arch/x86/entry/vdso/vdso32/system_call.S index 263d7433dea8..2fc8141fff4e 100644 --- a/arch/x86/entry/vdso/vdso32/system_call.S +++ b/arch/x86/entry/vdso/vdso32/system_call.S @@ -14,6 +14,9 @@ ALIGN __kernel_vsyscall: CFI_STARTPROC +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + endbr32 +#endif /* * Reshuffle regs so that all of any of the entry instructions * will preserve enough state. From patchwork Thu Oct 11 15:16:53 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636925 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5E84A17E1 for ; Thu, 11 Oct 2018 15:23:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C0C92B96B for ; Thu, 11 Oct 2018 15:23:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3975E2B9D8; Thu, 11 Oct 2018 15:23:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D3A962B96B for ; Thu, 11 Oct 2018 15:23:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3634A6B02A0; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1691E6B02AC; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B7E696B02A9; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by kanga.kvack.org (Postfix) with ESMTP id 46CBE6B02A4 for ; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Received: by mail-pl1-f197.google.com with SMTP id l7-v6so6526794plg.6 for ; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to :subject:date:message-id:in-reply-to:references; bh=3ugSYk0cuonbsBh5Oq+uwsNMoaUkt7zsjtm/OCNTtIE=; b=hXJT+7vB8TpNHVfne1WqDnV++s8ZMbzObERQ5mI6tpduOfCUVoN+cvkbs7G4TyJv5O B/GiWP+FLA+iMOSxLxu2S7CGNKHw4eoExr2OIIUcCiXOU++ALasEvTdt7YxSS2nol1Kn qTGr6314ZopAnRMiwv6LZwk0ap70RYrN2ZcEnDw2pkMUt6d18hQYDnFELNBFl2DPVIq6 vFPWTkLete/CpxAPMj/xvcK6n1o0BfCRhHCI8Ig8nk59v/tKU/auirQzTazmjDx68V6R AYncEuuv/1C00ZfC2vxdP8z1mE0kV/rxGJQSemDW6dVVpFkqW4/MC0dAdRYyK+/CRX5F wsuA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfojeYXHwFBswv8jAarkN4hh1pLcelJdbHvncbqlGOUsPz6r+kyBk eYR/5nsKOg7RZbe7TM3hhuZm1zDh4BkqY5pVlqvAKIRsLQO8laJ5rGXNCM3MD9ZHCXRQ2fAAvLA /q9Be6cDrTNsvLKTbpk5N75hcOBxadKC6uqJNtJM/bgxITA5B09QjR5bnkYavhcK8sg== X-Received: by 2002:a63:2e47:: with SMTP id u68-v6mr1862247pgu.294.1539271328956; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) X-Google-Smtp-Source: ACcGV629r3OgdHBs1QgXaQtyImVrTE13waTBr64KUIK/lVhehX6FzNTU6Gnw9bxHTovwLJGBKYN5 X-Received: by 2002:a63:2e47:: with SMTP id u68-v6mr1862211pgu.294.1539271328351; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271328; cv=none; d=google.com; s=arc-20160816; b=ZFzI1tPKqIs7Rg5F6iWipaEtxCEH+4DAd1EGSYITTk3MXv9makzv4EgULui/jEDZWk kytT9kCWX1dAyaeTzrd+2KUdj1oix0vu8fBwjLH0QInLWiugjWHaAKDHNYPFtQqXcbjD kER0LIHTnZVCTRGpD8nB/hNlSAoB0DOzaHwthJpWg/h9llfR2TsFYE9IFtu4tZv0rX8+ EoXFVSkGJ45KMcHYCcR+P2mYsy0JEMylpoDS8jxELyWgzEd27Dw4pgRx1DO3rnSfeHg9 IY+p1WmpC27PrPj7SzoQqoMJq8U+pV69hpXvVhqxNvkCYYjQW+Us9MdTcPVJUggyyJXi IB6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:to:from; bh=3ugSYk0cuonbsBh5Oq+uwsNMoaUkt7zsjtm/OCNTtIE=; b=mPFuA+AEeQMkGQSkLbXtn5NMwU5t1JduTzZMS7526tBSInAKTW4Xzq0/kdz5e5CK3s E/eyz24RYp7rQCTEA0i7BTUaMsQff0gwf6pf7zG7LwNKc1uOCVyP5T2NZhADX49wDZMg ftdCLvGv2LJE51iPtHfJTiCUAEOFE7ghpV72YybKro2yDRnG/euOm4fVpst2IL6GVxq+ iAai0ZhaguvcMCbi2rdsP5Ie7wLZxB26GyCmCZEfgjkYssRr59Xu5VrGwUur8bY8MlfC vgyhj+z0K7mf799STxGVgTlZGxQhCCM3y++KY9EvXVTFTlfQTYgld8INnDtc8J8I2/lF nOpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id a28-v6si14382557pfc.106.2018.10.11.08.22.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:05 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271646" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:45 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Subject: [PATCH v5 10/11] x86/vsyscall/64: Add ENDBR64 to vsyscall entry points Date: Thu, 11 Oct 2018 08:16:53 -0700 Message-Id: <20181011151654.27221-11-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: "H.J. Lu" Add ENDBR64 to vsyscall entry points. Signed-off-by: H.J. Lu --- arch/x86/entry/vsyscall/vsyscall_emu_64.S | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/entry/vsyscall/vsyscall_emu_64.S b/arch/x86/entry/vsyscall/vsyscall_emu_64.S index c9596a9af159..08554445bef1 100644 --- a/arch/x86/entry/vsyscall/vsyscall_emu_64.S +++ b/arch/x86/entry/vsyscall/vsyscall_emu_64.S @@ -18,16 +18,25 @@ __PAGE_ALIGNED_DATA .type __vsyscall_page, @object __vsyscall_page: +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + endbr64 +#endif mov $__NR_gettimeofday, %rax syscall ret .balign 1024, 0xcc +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + endbr64 +#endif mov $__NR_time, %rax syscall ret .balign 1024, 0xcc +#ifdef CONFIG_X86_INTEL_BRANCH_TRACKING_USER + endbr64 +#endif mov $__NR_getcpu, %rax syscall ret From patchwork Thu Oct 11 15:16:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 10636929 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B661C112B for ; Thu, 11 Oct 2018 15:23:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3E4F2917E for ; Thu, 11 Oct 2018 15:23:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 97E552B9C9; Thu, 11 Oct 2018 15:23:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11EAB2917E for ; Thu, 11 Oct 2018 15:23:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 643596B02AB; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 588E66B02AA; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A3B46B02AB; Thu, 11 Oct 2018 11:22:10 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id CC53C6B02A0 for ; Thu, 11 Oct 2018 11:22:09 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id r72-v6so4033107pfj.3 for ; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references; bh=E8OuBBuYqzTnoDRh7sIExW9D2eaT+4irfvEVkuj+fhE=; b=mW9KMIKgfxZ6K+HKz814j4jZPFFSEOmmpQ8uoFNcRfwlNU6pwzfEQD8g0dmMOtaL4B pdVwIqt/ftaPyEKY4XvRVjtTTpCiFkVvPy1gJDXzBGqJP8vpv1LkPB1/NRuESbRrwGqP 10vWBAHCgFVohnSEn38OAfHkpeoZRKszM9U+tkkbACxQOx9lt42nbqdvDF5uOdpAykmR bL/Ate2xH87I9mxcFHvgmd9tZB91VbX0cmk5AzHnxNdCdQCwU3zJYkPfMjPkRSEnpIak cmJqfH3dM/FIb5+2R6UO4F98OydHclGKeZxM9ZMTE6WWUoRG6+zl2/0EfJ9h4HtR8wBk TuUA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: ABuFfoiJ0O+UrT/JBJP3zjy828tZnyD+nLjyKEI19N5WkzqxmrLSvcLB a9m/roVI7ZB2kNL5yxR0udCjtMlEXIbDsIV/THEouvXSJnu1VDcelJryiODAslgjRD4KNjVpI9J NtlR2N1++xckHz2yXeSCDrZL1XONJVsCqeU0tDVvrAoB/2w+INbz4b3porHnypzC9PQ== X-Received: by 2002:a63:8543:: with SMTP id u64-v6mr1793247pgd.373.1539271329500; Thu, 11 Oct 2018 08:22:09 -0700 (PDT) X-Google-Smtp-Source: ACcGV62L7dDAnq961OBkTSlLp/ovCqiL+E4/UWJTysPN/6hMGWrYA8cbXQAzHDVcZBD2M/Lu0Q71 X-Received: by 2002:a63:8543:: with SMTP id u64-v6mr1793201pgd.373.1539271328689; Thu, 11 Oct 2018 08:22:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539271328; cv=none; d=google.com; s=arc-20160816; b=0m2vHEBVSmivko8AvlXdE/iikuu8GbbZSzkNrSrsUJVpLTjrBZElJufHdIyHdDEIVF q4sQ7zX0fe+swHLsz6SL505tNYfeAipXZ6tKz7TXNRY19Kc1WPgVhjkgyRq9MoVR2gWv Uuk0gq/inZ6miMCqZFPjKW1enie0XpIZXTwmVNyvfFiPQpG2o2kpmegVKbNnvWjWPsi9 fMyq+78sijT8ltstuk0IXICYFxG2Dv/Pt2POxht0zwCxVUyL3liJgrV8dD8ZWHk431i9 Z01Lb4vCgrdtRAdYIhYa3L1DsqnwM5AbvAlJjH+/aFEKdrteGb7VsR3+XwDNjS+aqOn0 mDTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:message-id:date:subject:cc:to:from; bh=E8OuBBuYqzTnoDRh7sIExW9D2eaT+4irfvEVkuj+fhE=; b=bkwAF2LK5m9l6/7pCvqCGBlScYMlH539murNYV1gsLBm632X5B9BMtFxhITzrchElm Jc70CsDegBQH0kzm+wRGHExN6J1FC+pO6cw4lmDtrDJ4uD3o9LHP+qIib9VaGjgg7usv D1chMdXdYDyyLbXr6ewnmkkqzIAxjoaVmg54aBGvXDLFMuDA6HDmUGovQnh6Xj0h3cMf MLm6zcOWw69LtGm+Z7vOfGO7WkFq+lEFqvuKLeow3TPBknP3cxGr52Inlwe2lgwHSc8M vH72awrteG/lkGF/lCuS++RAhD4kQ9+KJVOdSc4ABkiI85Yzaw8DVs9bQ1ftnb8kRLPJ OpcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id a28-v6si14382557pfc.106.2018.10.11.08.22.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Oct 2018 08:22:08 -0700 (PDT) Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: domain of yu-cheng.yu@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Oct 2018 08:22:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,368,1534834800"; d="scan'208";a="77271650" Received: from 2b52.sc.intel.com ([143.183.136.147]) by fmsmga007.fm.intel.com with ESMTP; 11 Oct 2018 08:21:45 -0700 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Cc: Yu-cheng Yu Subject: [PATCH v5 11/11] x86/cet: Add PTRACE interface for CET Date: Thu, 11 Oct 2018 08:16:54 -0700 Message-Id: <20181011151654.27221-12-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181011151654.27221-1-yu-cheng.yu@intel.com> References: <20181011151654.27221-1-yu-cheng.yu@intel.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add REGSET_CET64/REGSET_CET32 to get/set CET MSRs: IA32_U_CET (user-mode CET settings), IA32_PL3_SSP (user-mode shadow stack), IA32_PL0_SSP (kernel-mode shadow stack), IA32_PL1_SSP (ring-1 shadow stack), IA32_PL2_SSP (ring-2 shadow stack). Signed-off-by: Yu-cheng Yu --- arch/x86/include/asm/fpu/regset.h | 7 +++--- arch/x86/kernel/fpu/regset.c | 41 +++++++++++++++++++++++++++++++ arch/x86/kernel/ptrace.c | 16 ++++++++++++ include/uapi/linux/elf.h | 1 + 4 files changed, 62 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/fpu/regset.h b/arch/x86/include/asm/fpu/regset.h index d5bdffb9d27f..edad0d889084 100644 --- a/arch/x86/include/asm/fpu/regset.h +++ b/arch/x86/include/asm/fpu/regset.h @@ -7,11 +7,12 @@ #include -extern user_regset_active_fn regset_fpregs_active, regset_xregset_fpregs_active; +extern user_regset_active_fn regset_fpregs_active, regset_xregset_fpregs_active, + cetregs_active; extern user_regset_get_fn fpregs_get, xfpregs_get, fpregs_soft_get, - xstateregs_get; + xstateregs_get, cetregs_get; extern user_regset_set_fn fpregs_set, xfpregs_set, fpregs_soft_set, - xstateregs_set; + xstateregs_set, cetregs_set; /* * xstateregs_active == regset_fpregs_active. Please refer to the comment diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c index bc02f5144b95..7008eb084d36 100644 --- a/arch/x86/kernel/fpu/regset.c +++ b/arch/x86/kernel/fpu/regset.c @@ -160,6 +160,47 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset, return ret; } +int cetregs_active(struct task_struct *target, const struct user_regset *regset) +{ +#ifdef CONFIG_X86_INTEL_CET + if (target->thread.cet.shstk_enabled || target->thread.cet.ibt_enabled) + return regset->n; +#endif + return 0; +} + +int cetregs_get(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) +{ + struct fpu *fpu = &target->thread.fpu; + struct cet_user_state *cetregs; + + if (!boot_cpu_has(X86_FEATURE_SHSTK)) + return -ENODEV; + + cetregs = get_xsave_addr(&fpu->state.xsave, XFEATURE_MASK_SHSTK_USER); + + fpu__prepare_read(fpu); + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, cetregs, 0, -1); +} + +int cetregs_set(struct task_struct *target, const struct user_regset *regset, + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) +{ + struct fpu *fpu = &target->thread.fpu; + struct cet_user_state *cetregs; + + if (!boot_cpu_has(X86_FEATURE_SHSTK)) + return -ENODEV; + + cetregs = get_xsave_addr(&fpu->state.xsave, XFEATURE_MASK_SHSTK_USER); + + fpu__prepare_write(fpu); + return user_regset_copyin(&pos, &count, &kbuf, &ubuf, cetregs, 0, -1); +} + #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION /* diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c index e2ee403865eb..ac2bc3a18427 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -49,7 +49,9 @@ enum x86_regset { REGSET_IOPERM64 = REGSET_XFP, REGSET_XSTATE, REGSET_TLS, + REGSET_CET64 = REGSET_TLS, REGSET_IOPERM32, + REGSET_CET32, }; struct pt_regs_offset { @@ -1276,6 +1278,13 @@ static struct user_regset x86_64_regsets[] __ro_after_init = { .size = sizeof(long), .align = sizeof(long), .active = ioperm_active, .get = ioperm_get }, + [REGSET_CET64] = { + .core_note_type = NT_X86_CET, + .n = sizeof(struct cet_user_state) / sizeof(u64), + .size = sizeof(u64), .align = sizeof(u64), + .active = cetregs_active, .get = cetregs_get, + .set = cetregs_set + }, }; static const struct user_regset_view user_x86_64_view = { @@ -1331,6 +1340,13 @@ static struct user_regset x86_32_regsets[] __ro_after_init = { .size = sizeof(u32), .align = sizeof(u32), .active = ioperm_active, .get = ioperm_get }, + [REGSET_CET32] = { + .core_note_type = NT_X86_CET, + .n = sizeof(struct cet_user_state) / sizeof(u64), + .size = sizeof(u64), .align = sizeof(u64), + .active = cetregs_active, .get = cetregs_get, + .set = cetregs_set + }, }; static const struct user_regset_view user_x86_32_view = { diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 5ef25a565e88..f4cdfdc59c0a 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -401,6 +401,7 @@ typedef struct elf64_shdr { #define NT_386_TLS 0x200 /* i386 TLS slots (struct user_desc) */ #define NT_386_IOPERM 0x201 /* x86 io permission bitmap (1=deny) */ #define NT_X86_XSTATE 0x202 /* x86 extended state using xsave */ +#define NT_X86_CET 0x203 /* x86 cet state */ #define NT_S390_HIGH_GPRS 0x300 /* s390 upper register halves */ #define NT_S390_TIMER 0x301 /* s390 timer register */ #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator register */