From patchwork Mon Feb 13 04:53:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13137857 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E853C636D7 for ; Mon, 13 Feb 2023 04:54:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 899B46B0073; Sun, 12 Feb 2023 23:54:13 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 821E96B0074; Sun, 12 Feb 2023 23:54:13 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6EA796B0075; Sun, 12 Feb 2023 23:54:13 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 60D476B0073 for ; Sun, 12 Feb 2023 23:54:13 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 3ADF4A13E4 for ; Mon, 13 Feb 2023 04:54:13 +0000 (UTC) X-FDA: 80461051986.24.3566441 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by imf16.hostedemail.com (Postfix) with ESMTP id 6661618000C for ; Mon, 13 Feb 2023 04:54:10 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=vt+qlNRD; dmarc=none; spf=pass (imf16.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676264050; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Lt6u6bYwhuTYMTt/YfubY13MWrPuafF8Y1u+P5cWyE8=; b=0zNkKiX0lUyhAEKklIDjXhiCs8Lmf3AmkqixT0jo9ElOFesXgM4/zuXaFEom/PBOzPuZ6Z EiwAdWB8nneDY9N0SrsR7ikWTn5Wgm0+2CJsYvztUhJzK81EFsBvMP5sV+V9afKiOTiKUr ZEsi4vDapTfi8Ug4bz5baD1wCUqX4gQ= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=vt+qlNRD; dmarc=none; spf=pass (imf16.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676264050; a=rsa-sha256; cv=none; b=TbZYi381h/SFd49/II4YwpiT+OlhHuOYFi5B6RipYzvAryvGkM6R1rWkk7TRb8GZvqpueL /E8i08kxRUNKj12OTcfwr9LeRZAvknxYk7yquY7cllKCcdHJag4neUFo35igRvMqOvJjZt yibN5RJUqkCwp2fd5DYFBu03KG8aJC0= Received: by mail-pj1-f53.google.com with SMTP id bg2so1476040pjb.4 for ; Sun, 12 Feb 2023 20:54:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Lt6u6bYwhuTYMTt/YfubY13MWrPuafF8Y1u+P5cWyE8=; b=vt+qlNRDi7mRznlVUmbqj3O98hmw8TzQhEaLZE107DASJjh3mP5YoOhuFoE/yDgncn OCvZHgb1zW/hH2iTg9NRv5Wvr+diw7rZF11dNmNK02h8Eanq2/2oPPW05Ri4S37QtvJL 22/4YVAOYRBOGaZ1sF7hoskBSUqcx3veQeIhV7or5WE2e3hlEkKjqfifPGWWsd0kxu/j WAyBfRKGlvAkydGHT9alybIs4NM7Z4c5f3VlNPpGkMhJwjPyX420tB4sAm4543ChntNk KKPDv0GKHwLrhhldTsJrjzkPUijMNypauZOdcTMX5tonq3hrIgVD+1N6zaNBQE3PWR3U 6B0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lt6u6bYwhuTYMTt/YfubY13MWrPuafF8Y1u+P5cWyE8=; b=3yTIiqtCDGKzBeCSR+SyoT3Ja238gX/9ozX64LsebOloCVJjxh+TV60YELcwdLQANp ixglkuEO5/gxFkCAj7LIl/BbCQObUoFSS7mXggbmCYpyL7QC0dZipRq6B9AiaMbXuhuR COwCKpzdGbWj9obYLxk2/XFhS44nVd+yfDQKMM43+Z0AMciBMYyr85BkE9RzzlE96i5g yBFyyB+o86aXGrUuUVjFQCNjNV2Xa0ryvrn+y2dIpUmy2c/XlIrSRwpgs6X+8LbWQxmm 5Lf3hv6zdDvQwOXpcQYNfZdIYjeb40O4+dhBKTRuQrr0CEB8usdmngJSonnrU/bmKeS6 NwjA== X-Gm-Message-State: AO0yUKVym5/kb19DEl7dU7IG55oewM/K9myyEqh/7Erzk1gmw5tyfS+G vOEJT0r5U1btXuv7kd3wCs5vKA== X-Google-Smtp-Source: AK7set/M2hXnLP/wI4jka3ngVh/rpW9tQNim5nRuWweSNonl8MMrLnl7Zea2Dyx/IgKeNWfXUHLJEQ== X-Received: by 2002:a17:902:dcc5:b0:199:482f:d4c4 with SMTP id t5-20020a170902dcc500b00199482fd4c4mr13241724pll.44.1676264049102; Sun, 12 Feb 2023 20:54:09 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e5-20020a170902784500b00189e7cb8b89sm7078303pln.127.2023.02.12.20.54.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Feb 2023 20:54:08 -0800 (PST) From: Deepak Gupta To: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Arnd Bergmann , Andrew Morton , Paul Walmsley , Palmer Dabbelt , Albert Ou Cc: Deepak Gupta , linux-arch@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH v1 RFC Zisslpcfi 05/20] mmap : Introducing new protection "PROT_SHADOWSTACK" for mmap Date: Sun, 12 Feb 2023 20:53:34 -0800 Message-Id: <20230213045351.3945824-6-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230213045351.3945824-1-debug@rivosinc.com> References: <20230213045351.3945824-1-debug@rivosinc.com> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 6661618000C X-Stat-Signature: e8yuburpd3fzcaqffjbuatzsw4cjdsqh X-HE-Tag: 1676264050-962689 X-HE-Meta: U2FsdGVkX1/nWnnqZvHmCQ/zhFpTMCfSkpbpl6199tMIL7s6Pa3ZGsV14XW/F3qFGl2YG7iODtZi72SloZ3ZV0ehtQBXHke2HU0YhEkgf0+/XxEn9lHG5R420PeeQKwFGVAKdlvkzA/cNwcXdiv2GvDDyhA1ebwsQLNC4mjggkJVhB7HjZYHVeIg657uSuG1VzQ1E1TiOr8iwWkEJKCJS32IPrYfwESsaC0bTW3sk4+049MU/zi9gSArl8di0Mr965kWM0kjDbMC4/Kv8DCZIMDi+Xn/dRdpyK0wC3wBcoEPQ0a7Mf9j9fa3b4nSg9mDeK1bG5fggRbY/PKLLEghFdcWEmklGp1oQ+6+/oOaAV+bZ3n870j+rzBTzGL5VGSxNyb6DVR9BshAO++BS8IIsB6ZJAMFvZ/XqwcUU1yFu4ReQGF24dQrBYLVU9I7pqa4AemU63NtoAvD/pb4iWP7VMVPnbXtdYEg0/mt1tqxH4qs0yM2N7yEp430C1Nr2UoY/a6WjOM7FwS5nYxn9efCj2LtCF4Bgo2iHM29wtD3M+Ez+vekwGf1CZDpDd2HhB6Jl/ABiLXi52UqfpN3p4hLiyxAEtp2a1jpknGA8nbYc3Md32+WiChmFcISvnfFB6mdkUEhbZc7/LwmNPGvUyygHeZf58Vwvtc6ykkQaUimvgHgc/1sNxRlh0Wym7CrFzLgjd0arCHydXyuO9Wlt+gKSfXkwIOS3Cjlnk0fT11uY0a5NvRJn3tOlb27A5xKRp6l5dEqZdfyO9AbTt27g2H4HnohwCU70N3NudnsMiiswSWTGm6EVUrl+9ABJC9nXigs6xIfpjuN+SgucVjKjV1QBBGYdyXAVWVkXhbVK/EIacsVRHoT/6p+xlCsKl5nkUZh2kXJnRli3qCz4IOb11AZI7ns6P0KBkCvxEyieo4/ET/bX7AhNuslZ37sxEmZRKSR7S5PKH3tSqj5Cqt0Ar4 10kyRmsD h0lruTg7NA3RmhftBECPtOchcJlqpLK/G2Q1xcactxVg4cwzH30bYgBdtE10Qv3+3Be4IOFGcmeKO5ti6J5HwSS/dsG54r9RU8blPtXj7rGpW+fjm09qVD9eLT9oYZMP0q/p1H0Gxd27vXQmiQ1eTZ20uWiQg0jfC90Edwbf53O9I5ikFfmwUxOWVkFXxs919Ck4XAi4nOPawnKNXrSAbGy45kAbaEvv79Iu4E3aaLJUkVTGpuMfGCf9RAa74eP6ejgzhz0ljkLYDtKhSGmaQx+2h4zkbYGCEy3/rY/ZcFTsGNDigTsJZyOV6Z/6uowgiVqv6NJGHXaSrfo9ngNVzVLFiHKDvxolvGELyEQTedBJl7h+HPR1YskiVI1Ssqb00o2iI6UsD3EYHjzE+515nMgIXGfd/tfnZ6s0EblAqGVxSbSJOixWbBmn2filkhR6lzekiJ1n+koRVIKEKciYA1O63vCLnmJSrv/vTibVzi5wz1eSzKv6zk958SEkC3DG/7/p4fKsUWg2fLxJUG5t8wn8HzLqZsrxm3Ag1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Major architectures (x86, arm, riscv) have introduced shadow stack support in their architecture for return control flow integrity ISA extensions have some special encodings to make sure this shadow stack page has special property in page table i.e a readonly page but still writeable under special scenarios. As an example x86 has `call` (or new shadow stack instructions) which can perform store on shadow stack but regular stores are disallowed. Similarly riscv has sspush & ssamoswap instruction which can perform stores but regular stores are not allowed. As evident a page which can only be writeable by certain special instructions but otherwise appear readonly to regular stores need a new protection flag. This patch introduces a new mmap protection flag to indicate such protection in generic manner. Architectures can implement such protection using arch specific encodings in page tables. Signed-off-by: Deepak Gupta --- include/uapi/asm-generic/mman-common.h | 6 ++++++ mm/mmap.c | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h index 6ce1f1ceb432..c8e549b29a24 100644 --- a/include/uapi/asm-generic/mman-common.h +++ b/include/uapi/asm-generic/mman-common.h @@ -11,6 +11,12 @@ #define PROT_WRITE 0x2 /* page can be written */ #define PROT_EXEC 0x4 /* page can be executed */ #define PROT_SEM 0x8 /* page may be used for atomic ops */ +/* + * Major architectures (x86, aarch64, riscv) have shadow stack now. Each architecture can + * choose to implement different PTE encodings. x86 encodings are PTE.R=0, PTE.W=1, PTE.D=1 + * riscv encodings are PTE.R=0, PTE.W=1. Aarch64 encodings are not published yet + */ +#define PROT_SHADOWSTACK 0x40 /* 0x10 reserved for arch-specific use */ /* 0x20 reserved for arch-specific use */ #define PROT_NONE 0x0 /* page can not be accessed */ diff --git a/mm/mmap.c b/mm/mmap.c index 425a9349e610..7e877c93d711 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -1251,6 +1252,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, if (!len) return -EINVAL; + /* If PROT_SHADOWSTACK is specified and arch doesn't support it, return -EINVAL */ + if ((prot & PROT_SHADOWSTACK) && !arch_supports_shadow_stack()) + return -EINVAL; /* * Does the application expect PROT_READ to imply PROT_EXEC? * From patchwork Mon Feb 13 04:53:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13137858 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B02C9C636CC for ; Mon, 13 Feb 2023 04:54:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DAD986B0078; Sun, 12 Feb 2023 23:54:15 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D2D096B0075; Sun, 12 Feb 2023 23:54:15 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BA4416B0078; Sun, 12 Feb 2023 23:54:15 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id AC4FE6B0074 for ; Sun, 12 Feb 2023 23:54:15 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 625E11415F7 for ; Mon, 13 Feb 2023 04:54:15 +0000 (UTC) X-FDA: 80461052070.15.7749EAA Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by imf05.hostedemail.com (Postfix) with ESMTP id 92112100007 for ; Mon, 13 Feb 2023 04:54:13 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=kQCkDlkh; spf=pass (imf05.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.51 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676264053; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oP4wZ0K6nVayFSsIwI2M/qbAeCayW2BZaB6BdNSazd0=; b=JKwSBs+n5iWPVZg8yafueid/OpvPmY4GyanaiL1bBXRW/KWAkovDRxuoBu3+yGAnhA2Y1W z6ocLaDGu+OiqNLwQuYwyoVG6nflhVqa6Th9eYqubznNf43Xia4gX6spFbIQICZYFpj6vY T2u+SxglXKd7H+VXayG9TCPgr3V5Uu0= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=kQCkDlkh; spf=pass (imf05.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.51 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676264053; a=rsa-sha256; cv=none; b=Vr+fscQojEFVBqeQuCcYm2LAkvVdTJ5/colWZQP90kNy8356l0wuUh0qTGFN/2KT9bEQAd OACsl/M7AtADB97I3lBkZppgUdnS1Squ4LVPQW8JGXys0WH75yUvbFfY1rkrqEZulgVIzA IoDUgAJvLP1oZZXAofZY0FgjifXtxkI= Received: by mail-pj1-f51.google.com with SMTP id w14-20020a17090a5e0e00b00233d3b9650eso3255655pjf.4 for ; Sun, 12 Feb 2023 20:54:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oP4wZ0K6nVayFSsIwI2M/qbAeCayW2BZaB6BdNSazd0=; b=kQCkDlkhAa4XVmRG1hxXFbpWGlXPMBYAGXgy0L0uPsR9g5pVZDofnEGhHEJYmp4t70 GThKDRHlZLQeCmf3sShq+tYAdJikORjaEoHzhV8XPsEC3fuBeKmrypEuXS7bnM4Hr1Mu ejAuWJdj4rylP7L48un2eYEoyEM3T/HgHUJ+XVCnMOro/vM0ja9j4XcrCb2wVTAb2ykU VVkETKJNdrlyLnPFCjstqmRxjQbAorY6hbHg6u7JiS4XZd2HNWZ+rc/s5B7cfxPqGP5E y7sCTgg87DvCTzj8NBBDe3V2Zk1icq2em5kbBEcbVFNjlxLiW6d6zxFc1ZAJ17l5bZV5 /rrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oP4wZ0K6nVayFSsIwI2M/qbAeCayW2BZaB6BdNSazd0=; b=PJqOGYyrjQFqkCaKiVpOM2sgkOCQFtg70ZreMLfH0ewWhOE4EHqUY2xoXdwJ/N7M02 WJeh22OnUpBqPublX8jXvV3QzT2g0neuYNXwYu30FamWTB92C8iSfwIG7DQH9RpoSXPf t/v2JRlPKS7G+f6r+zFPl1i6OHluEiDPCafCcuP25UL0OEnpKotis/FpVnfzEfHJeyY8 TGLwsapYCGmnpLDfbT1MqpU5+AKjouQKmN6neMdRdlj9WN9vuDUvKclIxU2LFQr9Y9tO SosbsjglO4Lgcj2KIeT2Ou7LSm0EjyDjHZNMG2bdk9CdyGo5knTt1J3jeJS+3VDXMqnt 6apA== X-Gm-Message-State: AO0yUKWUksGNhukruc4KG/LCzSgeg2l7wvLgEMWvWLyHws08AEfUsyg8 y9fH23c8gGd5avSyedH+GAY4Og== X-Google-Smtp-Source: AK7set/Y/udvpjSPyiRHvzVVe58rgU9SM3O2saFl6KwR15sjL2H2TEzdTJbI8CgO0QDxGQ+4+3WsRQ== X-Received: by 2002:a17:902:ce86:b0:19a:9580:750 with SMTP id f6-20020a170902ce8600b0019a95800750mr5863992plg.16.1676264052424; Sun, 12 Feb 2023 20:54:12 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e5-20020a170902784500b00189e7cb8b89sm7078303pln.127.2023.02.12.20.54.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Feb 2023 20:54:12 -0800 (PST) From: Deepak Gupta To: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Alexander Viro , Eric Biederman , Kees Cook , Paul Walmsley , Palmer Dabbelt , Albert Ou Cc: Deepak Gupta , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH v1 RFC Zisslpcfi 07/20] elf: ELF header parsing in GNU property for cfi state Date: Sun, 12 Feb 2023 20:53:36 -0800 Message-Id: <20230213045351.3945824-8-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230213045351.3945824-1-debug@rivosinc.com> References: <20230213045351.3945824-1-debug@rivosinc.com> MIME-Version: 1.0 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 92112100007 X-Rspam-User: X-Stat-Signature: braq1pr6hhtbxtpniwktszzwkmjnk9j5 X-HE-Tag: 1676264053-631226 X-HE-Meta: U2FsdGVkX194wuSMax6cT93FLRufsx56iDRrfLkvRMPlP27f1TmH+JoBiOETTvVlbhgP1qOCStraNly62A/Gl9dxh6XwKMK0j+ijlcuiEUtlVy7Qss8YZreuunlQlzYhCKo1bRw6MLdpUCS7B6DCIBeN0Y4v8FSONiRX7kTNr5ddmkWaKPSLNRlRQbL5XTqC9iqBHcxeY1+BkBORODCsMP3hnXVLxwAVWvRkuBQQGcLahVd13sZRBuA9yNGNWlYyPmCsyBkqI1P/Qth8iCj3IsD/r7MaGmnRDdlMOmcwbxH+tsSo/5opN7gMYMYPlWqxQHNHdmLoWwXpEwubeY23DyQIvyxKf29mshvdxnTjUtq7gsa7t5OxXqSgdIQrfWwQRVDyQQZeM/e9irlX5uQ54NDj+92G/dSxc9B6aks081Eb9tU2FFzGhEauNXmKEZdmV0UP6pw2Wa2pcUMGTVHk8eIcjSK7qPpQUW+mWeOWe1O/vKhFYGiyeZEndgKfyl3/YaGjpJz9QVFrmnHtZWrEAjPkrK7OAloiUr1S/2wT1U1/iPqQt21wV0Nu7bdrKfZ/1VOIzi3OnwNMzmbNHkrfAsXyXOLHc+i8G5IWoSwuPujAHjq2wwe0g+jL8ssfW4ZwI8FOOCMFTUF0e2woILkIURFYI2Acl2ET2bEjmqeMSn/tL4M3pLmczacRfky/sstGR3MKb0oqI7OeeI6YIRAyvjEuPBo6Mnnwob7Cqz35fmqc4M+iN63i7j93Vdxo6B3BC4WKm3pebK1jeiL2h8TDV5URgciJY4uExW8EMbzKXEYAJPtU7VcQqDG8fH2gbUwtZou/KK8qjwKbNfCY+JQpz32PFkpOvn9wRk51aUWQNe/M9Kdp9oo+ak1+dYalV5aUatoAI/rL7peIsm+mYKgbxmNbpa7Y+5Jn5gc+DGiDdlaXMceEg0Yf8XnrtlqaxPiko59bq376c7JJZXObvxe zrLu2+E6 lyXtqNzniJN3DL9ix846Fs8mLogbViYjBzaYwF1Lebv9EvSvzR9uTQ15Jone7qjjLgubxPmw51v4mvbeYkMKARs8Y7inBm8ys1SvaN/Hbd85Cf5RNQDnfj89r30IS4p7fe777gcsNqXcpkWijG+eFXml191VSuN8ekALYFYwn7+B7bN13L2TIp3Xzz+r2Ya5RMDJ/ITcV0G6pJNlGi+Y6Vm1OjPDjWNsSf1ZVis0IHbQ2v8nsocW/8uwuMopQYZJfXjVuWjEhjVmUGybI9J61T5CpUeTuqZyckNAV2x+r8ptv95xBqNno8Rq/ZtDmOGnUFF76j/lnygE0/hJzYlPRAzJA2weISE3rrKq/aYJ1DeI4zB55cGSFbwe0b9/TEajHURzGc7rvn8oH9A/XrcNh1gYKaYJ/9lcgO3IBLTEmTO10AhUPKA56nh+tJv6TeK0qCR8mauzizGEJgmrudhphoq5LgQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Binaries enabled with support for control-flow integrity will have new instructions that may fault on cpus which dont implement cfi mechanisms. This change adds - stub for setting up cfi state when loading a binary. Architecture specific implementation can choose to implement this stub and setup cfi state for program. - define riscv ELF flag marker for forward cfi and backward cfi in uapi/linux/elf.h Signed-off-by: Deepak Gupta --- fs/binfmt_elf.c | 5 +++++ include/linux/elf.h | 8 ++++++++ include/uapi/linux/elf.h | 6 ++++++ 3 files changed, 19 insertions(+) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 9a780fafc539..bb431052eb01 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1277,6 +1277,11 @@ static int load_elf_binary(struct linux_binprm *bprm) set_binfmt(&elf_format); +#if defined(CONFIG_USER_SHADOW_STACK) || defined(CONFIG_USER_INDIRECT_BR_LP) + retval = arch_elf_setup_cfi_state(&arch_state); + if (retval < 0) + goto out; +#endif #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES retval = ARCH_SETUP_ADDITIONAL_PAGES(bprm, elf_ex, !!interpreter); if (retval < 0) diff --git a/include/linux/elf.h b/include/linux/elf.h index c9a46c4e183b..106d28f065aa 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -109,4 +109,12 @@ static inline int arch_elf_adjust_prot(int prot, } #endif +#if defined(CONFIG_USER_SHADOW_STACK) || defined(CONFIG_USER_INDIRECT_BR_LP) +extern int arch_elf_setup_cfi_state(const struct arch_elf_state *state); +#else +static inline int arch_elf_setup_cfi_state(const struct arch_elf_state *state) +{ + return 0; +} +#endif #endif /* _LINUX_ELF_H */ diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h index 4c6a8fa5e7ed..1cbd332061dc 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -468,4 +468,10 @@ typedef struct elf64_note { /* Bits for GNU_PROPERTY_AARCH64_FEATURE_1_BTI */ #define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) +/* .note.gnu.property types for RISCV: */ +/* Bits for GNU_PROPERTY_RISCV_FEATURE_1_FCFI/BCFI */ +#define GNU_PROPERTY_RISCV_FEATURE_1_AND 0xc0000000 +#define GNU_PROPERTY_RISCV_FEATURE_1_FCFI (1u << 0) +#define GNU_PROPERTY_RISCV_FEATURE_1_BCFI (1u << 1) + #endif /* _UAPI_LINUX_ELF_H */ From patchwork Mon Feb 13 04:53:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13137859 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD644C64ED6 for ; Mon, 13 Feb 2023 04:54:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 120DF6B0074; Sun, 12 Feb 2023 23:54:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F27966B0075; Sun, 12 Feb 2023 23:54:17 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DC7896B007B; Sun, 12 Feb 2023 23:54:17 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id C74146B0074 for ; Sun, 12 Feb 2023 23:54:17 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id DA87E1A149B for ; Mon, 13 Feb 2023 04:54:16 +0000 (UTC) X-FDA: 80461052112.10.28A6C5A Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by imf04.hostedemail.com (Postfix) with ESMTP id 0D7084000C for ; Mon, 13 Feb 2023 04:54:14 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=qYf8FTmW; spf=pass (imf04.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.47 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676264055; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=o6mU7eTgSI6j468x6JlFr8IfE22BslDPe1KItKKWUgQ=; b=7ElJO157b0QclpDgzi7y9qzlO4fiS8XZjnOJ2TUwT6R+RdplKm0xS5yHy2TITsZH/zSlks IW5UP/sK0iAdqJGwuTXOv92yzVL9orR6306GfnE4SwIXLDMZQjiywtu36Bqx7rSWVzUVZK MFRueUExIxrdDGg/e/p7r2q3jrjqo8A= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=qYf8FTmW; spf=pass (imf04.hostedemail.com: domain of debug@rivosinc.com designates 209.85.216.47 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676264055; a=rsa-sha256; cv=none; b=MOAksbG5lzy+XJZynQUbW7ua5JI7bDxNpKxxl09SNN7Nj4C97uiczoosmh62auqKhTy1oH kI13uC0GqPWLY7DdLhLAJnbTdzwfgKjfw7uoxSzowSsXSiGiKFnkvyRiVQbc2lAD+gl0LT BhTSThTmnWJSuS+h0Vpb0vhwKAEz5Zs= Received: by mail-pj1-f47.google.com with SMTP id f16-20020a17090a9b1000b0023058bbd7b2so11042953pjp.0 for ; Sun, 12 Feb 2023 20:54:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=o6mU7eTgSI6j468x6JlFr8IfE22BslDPe1KItKKWUgQ=; b=qYf8FTmWzIZq1sj/cRWNqkDlyaUrlHtAkUn706G2DjlsOFiB0iWKuqtT+MxmEI3t6T Ff0DhMKpSFR6ca05rAxMPooGPzA1kFOzhjYrqNY3J0Ka4Zz14ybBi+36q/CVw1rjCcJQ s21yu/DiDLNr4UUmwy6Wsgi9sOq9iax7KYKB0pZOhEhM5LpPkR5ngeHS/g47Fh7aN/AI cMC9Y8a3hzHTiL32AkRANplY0UlHrCUshHymlqQKPn6qaw5BdiwO3FgxJ0F1Iu/SSLhy 5pCenej/IO1VFA3WT/JAMOuCLszHyDZbQ8niFlM4YacqhxIEIz1YG6akTVFEeYQFxrxP 0ULQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=o6mU7eTgSI6j468x6JlFr8IfE22BslDPe1KItKKWUgQ=; b=WdTWZfQVvvkOB9kCzB5LJIvzT578px+aV85/9/Qr8xcWeN6cVPDMP0LUymYk7hMRUR SSOghUWtSdZAUJF2nf7qZLkiKBKXCaNqMOVYWRgwQZiXIXLJEGDo1MLKJAQx5Sefb+tJ lQwnqRstJWR9wHCBFfbDTGIXDaGabeVhkagRiDlqMfXvzklNetgk2kp6DF5yGUJM+1MX 6YnNQ7GoX0ouk9J4AHvUq27MNU6+hLgjBGOcivdZ8taR+EXU6gssSNSqG1QVFPcRsnuh zjuRTgK5SsMh0V9rpdVzk8qB0JD9WtWHJFICF/FmQpWDSkeNl5/8WKO1O+/n1bOLPtu3 7krw== X-Gm-Message-State: AO0yUKVJYYUn8eL6bSFwzjJHb6mQQCv820Vfw4HaIu7AunUkAlC5+5bg 0uEyrEGdVh9ZT4v0NlkttBv44cdQw/UACOJe X-Google-Smtp-Source: AK7set8HPfJbTibzxMHxoi7mMOcMVGZORNN77Z7301T7+NMj1/NsI1Getj9LRbOMwSbpaixi5cPnoA== X-Received: by 2002:a17:903:1c2:b0:198:e1b8:9476 with SMTP id e2-20020a17090301c200b00198e1b89476mr29006123plh.15.1676264053898; Sun, 12 Feb 2023 20:54:13 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e5-20020a170902784500b00189e7cb8b89sm7078303pln.127.2023.02.12.20.54.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Feb 2023 20:54:13 -0800 (PST) From: Deepak Gupta To: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Paul Walmsley , Palmer Dabbelt , Albert Ou , Eric Biederman , Kees Cook Cc: Deepak Gupta , linux-mm@kvack.org Subject: [PATCH v1 RFC Zisslpcfi 08/20] riscv: ELF header parsing in GNU property for riscv zisslpcfi Date: Sun, 12 Feb 2023 20:53:37 -0800 Message-Id: <20230213045351.3945824-9-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230213045351.3945824-1-debug@rivosinc.com> References: <20230213045351.3945824-1-debug@rivosinc.com> MIME-Version: 1.0 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0D7084000C X-Rspam-User: X-Stat-Signature: 3jcfnof77qddja8gw5guxe48p1e5meur X-HE-Tag: 1676264054-968824 X-HE-Meta: U2FsdGVkX19XjQs7DfR37ohEM4NP+om+OGqT2ejOUhnNUlzGwb6xA88A3A7jJP1OMOWa41y+K70yDjxPf7xXZ3mFnXprThTrdcx93ZbVLp+6ZB4auKSI7TiXGbCOJF+a0KFAqp+NeEdcH1kknx6xSPckEs4ld7nBH45DrsRHm7cgNBWA3aw8Uc/M30E75EtF1VeLGceS4ckbNFebfdObiOPxTKZ2fFDPJKKqpexFrCjXvk6KpgE/uTn6v3c8hjeStjTEA/7Z+pGcInd0JIAx3VnX+AoZRvmec5ASvSY1vM7nrVk3UHi00mSPgd6XUshNI/FH9RSKES9OAUHZlGgX+bsHGfM6GAffvMgS2VRC7ev7XzhXJkPr/+0RYVwwbCEQnS3fv+La+ua3MMNQSbbjYgq5TCzZDi0FAQr0XDV48KT65C1uISH4BzQCHf3lVYyeskeblohGvQQSTOTVTYEIqRUEFJYikTtbLxMYPbkKCUvphyYasss7sZDzRhRG74FnbXwhK0AW/c9TQoBrXwq2uPKMYD4imfifqsx0UChdtmM2QEW/A2Fj+xUPHN9VYPLapbyRspn55Fsj0xDQoVjUqLhwhxCTekVWrNw1Z0ZiHv/mVL20+/AARo93qD2xDPFCjkPcmElVDZ2oO3bFieQQwVmWinm07FHKQbqK74itl7SPZspQqKIMgiY5iejPYGwPFIJOWQMwYGymt8x4exBDdNVpGjmNf1842X3Z9REzXAmM/dj6ktldwF4D14DFvIfBlY8LhMWLGExLqx5mId6Ib98tuXXR27J7SKsDO6HL4dwTnEgUHbAM6iPq2NgvsyAr9p0moUVORLBMlG3AQehcVDv30ABEgOp8gb5u7G9avxCEpQ0oBmvbxmpPX+v2hrqEcxDfSoJ/xa4hyEOB4nnmKmMQboau9MWjfEncL6el4m2bWWL+mttrylxzOc1X61bKrIh6HR1eKStBOI2T0rX T9u1XsC5 d3+06emxf/92mTpTCrBCG23+NtXEwtPxk1kqK8XYTdLh2Nn0zEWEMsSQ5sCEVqamU3FwyDARxj5n+SWHDg9eHYDK4UdHxMZR7MMIPUqM6yg6K5+2NnAl3lZmnkvugPgM0uLfzrFP0ALtVWQli4Sss8y2UKzGQSTdKpMIB0rw3FxLZIV2GM4lW1HdRdbkLwITqX5JTCsskVxajFh0WXzXbKFknmY6jhrDDFChO+COYGtoq5jzv/t0GwByNdN/uQMU34ztr4prTZkPu5xj6JSOu7xwkZBj4WlCqmOgwf8NCkh27qNgGlmLoWyC0546mCbU+snuhbXFQ2IWPid0CmezddCfIcxIOxYZD0hitbbC3GbEcT7+r9Ec6EYGeYjLSA0UOPQXgOnYv8R0fegOtKVTDPvZV4vrg9VXnCHZTkFirbbMtua2VgPrbHxRZGPbwMplvbUmR2YvIBbsKGLOrPaYvZQJhhQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Binaries enabled for Zisslpcfi will have new instructions that may fault on risc-v cpus which dont implement Zimops or Zicfi. This change adds - support for parsing new backward and forward cfi flags in PT_GNU_PROPERTY - setting cfi state on recognizing cfi flags in ELF - enable back cfi and forward cfi in sstatus Signed-off-by: Deepak Gupta --- arch/riscv/include/asm/elf.h | 54 +++++++++++++++++++++++++++++ arch/riscv/kernel/process.c | 67 ++++++++++++++++++++++++++++++++++++ 2 files changed, 121 insertions(+) diff --git a/arch/riscv/include/asm/elf.h b/arch/riscv/include/asm/elf.h index e7acffdf21d2..60ac2d2390ee 100644 --- a/arch/riscv/include/asm/elf.h +++ b/arch/riscv/include/asm/elf.h @@ -14,6 +14,7 @@ #include #include #include +#include /* * These are used to set parameters in the core dumps. @@ -140,4 +141,57 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm, compat_arch_setup_additional_pages #endif /* CONFIG_COMPAT */ + +#define RISCV_ELF_FCFI (1 << 0) +#define RISCV_ELF_BCFI (1 << 1) + +#ifdef CONFIG_ARCH_BINFMT_ELF_STATE +struct arch_elf_state { + int flags; +}; + +#define INIT_ARCH_ELF_STATE { \ + .flags = 0, \ +} +#endif + +#ifdef CONFIG_ARCH_USE_GNU_PROPERTY +static inline int arch_parse_elf_property(u32 type, const void *data, + size_t datasz, bool compat, + struct arch_elf_state *arch) +{ + /* + * TODO: Do we want to support in 32bit/compat? + * may be return 0 for now. + */ + if (IS_ENABLED(CONFIG_COMPAT) && compat) + return 0; + if ((type & GNU_PROPERTY_RISCV_FEATURE_1_AND) == GNU_PROPERTY_RISCV_FEATURE_1_AND) { + const u32 *p = data; + + if (datasz != sizeof(*p)) + return -ENOEXEC; + if (arch_supports_indirect_br_lp_instr() && + (*p & GNU_PROPERTY_RISCV_FEATURE_1_FCFI)) + arch->flags |= RISCV_ELF_FCFI; + if (arch_supports_shadow_stack() && (*p & GNU_PROPERTY_RISCV_FEATURE_1_BCFI)) + arch->flags |= RISCV_ELF_BCFI; + } + return 0; +} + +static inline int arch_elf_pt_proc(void *ehdr, void *phdr, + struct file *f, bool is_interp, + struct arch_elf_state *state) +{ + return 0; +} + +static inline int arch_check_elf(void *ehdr, bool has_interp, + void *interp_ehdr, + struct arch_elf_state *state) +{ + return 0; +} +#endif #endif /* _ASM_RISCV_ELF_H */ diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 8955f2432c2d..db676262e61e 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -24,6 +24,7 @@ #include #include #include +#include register unsigned long gp_in_global __asm__("gp"); @@ -135,6 +136,14 @@ void start_thread(struct pt_regs *regs, unsigned long pc, else regs->status |= SR_UXL_64; #endif +#ifdef CONFIG_USER_SHADOW_STACK + if (current_thread_info()->user_cfi_state.ufcfi_en) + regs->status |= SR_UFCFIEN; +#endif +#ifdef CONFIG_USER_INDIRECT_BR_LP + if (current_thread_info()->user_cfi_state.ubcfi_en) + regs->status |= SR_UBCFIEN; +#endif } void flush_thread(void) @@ -189,3 +198,61 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) p->thread.sp = (unsigned long)childregs; /* kernel sp */ return 0; } + + +int allocate_shadow_stack(unsigned long *shadow_stack_base, unsigned long *shdw_size) +{ + int flags = MAP_ANONYMOUS | MAP_PRIVATE; + struct mm_struct *mm = current->mm; + unsigned long addr, populate, size; + *shadow_stack = 0; + + if (!shdw_size) + return -EINVAL; + + size = *shdw_size; + + /* If size is 0, then try to calculate yourself */ + if (size == 0) + size = round_up(min_t(unsigned long long, rlimit(RLIMIT_STACK), SZ_4G), PAGE_SIZE); + mmap_write_lock(mm); + addr = do_mmap(NULL, 0, size, PROT_SHADOWSTACK, flags, 0, + &populate, NULL); + mmap_write_unlock(mm); + if (IS_ERR_VALUE(addr)) + return PTR_ERR((void *)addr); + *shadow_stack_base = addr; + *shdw_size = size; + return 0; +} + +#if defined(CONFIG_USER_SHADOW_STACK) || defined(CONFIG_USER_INDIRECT_BR_LP) +/* gets called from load_elf_binary(). This'll setup shadow stack and forward cfi enable */ +int arch_elf_setup_cfi_state(const struct arch_elf_state *state) +{ + int ret = 0; + unsigned long shadow_stack_base = 0; + unsigned long shadow_stk_size = 0; + struct thread_info *info = NULL; + + info = current_thread_info(); + /* setup back cfi state */ + /* setup cfi state only if implementation supports it */ + if (arch_supports_shadow_stack() && (state->flags & RISCV_ELF_BCFI)) { + info->user_cfi_state.ubcfi_en = 1; + ret = allocate_shadow_stack(&shadow_stack_base, &shadow_stk_size); + if (ret) + return ret; + + info->user_cfi_state.user_shdw_stk = (shadow_stack_base + shadow_stk_size); + info->user_cfi_state.shdw_stk_base = shadow_stack_base; + } + /* setup forward cfi state */ + if (arch_supports_indirect_br_lp_instr() && (state->flags & RISCV_ELF_FCFI)) { + info->user_cfi_state.ufcfi_en = 1; + info->user_cfi_state.lp_label = 0; + } + + return ret; +} +#endif \ No newline at end of file From patchwork Mon Feb 13 04:53:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13137860 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1DF0AC64EC7 for ; Mon, 13 Feb 2023 04:54:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7871B6B0075; Sun, 12 Feb 2023 23:54:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 737536B007B; Sun, 12 Feb 2023 23:54:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B13C6B007D; Sun, 12 Feb 2023 23:54:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 483646B0075 for ; Sun, 12 Feb 2023 23:54:21 -0500 (EST) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 090AE12131D for ; Mon, 13 Feb 2023 04:54:21 +0000 (UTC) X-FDA: 80461052322.21.833A52E Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by imf27.hostedemail.com (Postfix) with ESMTP id 437AE40007 for ; Mon, 13 Feb 2023 04:54:19 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=K5WRT8kv; dmarc=none; spf=pass (imf27.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.170 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676264059; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8YCem4BrJJv8uMiBliK+eUgJsgA757fo9l+siWv19bQ=; b=xrWCELWy/WiuoYSEJnUrNRI8+l+p+c/jR0FKvoLQDcMCI3vE8X2yfri6OA+Msq3/W8kuDx jUpWllAhKGlnLVN5X3ll381HIXn4EU4aYqxk/QkE9hRDNhdrLuR6aXW55xPAG6eD8mvrpO UImGEQEGAynE530ZpArtWeExHZj5s4w= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=rivosinc-com.20210112.gappssmtp.com header.s=20210112 header.b=K5WRT8kv; dmarc=none; spf=pass (imf27.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.170 as permitted sender) smtp.mailfrom=debug@rivosinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676264059; a=rsa-sha256; cv=none; b=XOj8KaZb+QkRIox6T6wSAcm0XvoxJMQ7iFe5/Y6pgQgIX1EvfnoyDTzRpCFYqxmeiQ7xK6 r5LGAc35wdQZtV6D+4ZNH9/ISADsx8VZqRIm7WVSOtlDpw5s78uWh2S1pO8pbFgIOprpST TTiLn35Dvu0fpDgE8Av4YmTYEGndLVg= Received: by mail-pl1-f170.google.com with SMTP id h4so4467638pll.9 for ; Sun, 12 Feb 2023 20:54:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8YCem4BrJJv8uMiBliK+eUgJsgA757fo9l+siWv19bQ=; b=K5WRT8kvkrTRnxFXNxNWmZZe1eWQeiMi1qunE1LIKywvna8j3v5SzYl1jChj3QeZjI oNQVdHcccQpG2WuR1gzQg9kq/+0VuzgdVWD7JtRLTBXEFTOX1GEgMl7e5WBjD6OfQPdd 71LTAu0tFhni4ZSn88ImId4fpVYObX1bY6JW37HXCp7hvg9l286KFURTu9ooi1NBKqLt u26MG8kM25n8svLfFhRQp8B3l5+xVXSXRfyHCQXaBio+kKCjC+Q8QLGXOyPk+PiaEIGE UxpBMq4IRtaJ3U/MEkWjmDf10E4N70sMBA71dAXlsLakRYCt8pcisJr17siP90QETbWq 4NMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8YCem4BrJJv8uMiBliK+eUgJsgA757fo9l+siWv19bQ=; b=QZ3NJJme6DgZq2ZQsjkqJrmLnXk01AXpy3d3l6XrCd+ohWj42HEuRs1pePEv0rO5BB Jyl62+RquC5vbFp4lPvFnetX4OXGBk1iBSmnRTegdKHrh9hNt8WND5YAxj5qK0Db/yKj HqoQDzYxUUo93r1OkaRPO2K55hpAnMGKPAiHyV/4i/Y8YpPol33Yagv0aCoREsXe9bEv 7PLJ04VhySDo1hR7Jt+HyntTV5/9XF970hFsHG2xa+u0r98FdBhvoWHmRl/8LSSGsoZW oZax09p3u+u32ANLXTCrNIsTrauOqDQKjB0Zwbk6wPQ6wEcvUpU7cZeC8Pg832425I6l UcVg== X-Gm-Message-State: AO0yUKVqgfNmrwFmZSNdfewgMcYfIQ+yx9VeYUy7s39a9CKHanhvovVl nkDZkNQ0jMIa77a55LLImbPmiw== X-Google-Smtp-Source: AK7set9FL/syEzV/2KBqufzNCOsrJUvHtlRk/LJL1zmvxtRWPEp1GVPCimz+TSI3kDQUud1c6m89VA== X-Received: by 2002:a17:902:e74c:b0:199:2a36:6c3f with SMTP id p12-20020a170902e74c00b001992a366c3fmr27035701plf.6.1676264058174; Sun, 12 Feb 2023 20:54:18 -0800 (PST) Received: from debug.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id e5-20020a170902784500b00189e7cb8b89sm7078303pln.127.2023.02.12.20.54.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Feb 2023 20:54:17 -0800 (PST) From: Deepak Gupta To: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Andrew Morton Cc: Deepak Gupta , linux-mm@kvack.org Subject: [PATCH v1 RFC Zisslpcfi 11/20] mmu: maybe_mkwrite updated to manufacture shadow stack PTEs Date: Sun, 12 Feb 2023 20:53:40 -0800 Message-Id: <20230213045351.3945824-12-debug@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230213045351.3945824-1-debug@rivosinc.com> References: <20230213045351.3945824-1-debug@rivosinc.com> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 437AE40007 X-Stat-Signature: oc4j1pe7bqsmr1y6p3bstcegoin3itrg X-HE-Tag: 1676264059-895284 X-HE-Meta: U2FsdGVkX1/zRVTudh6TfyulD7R60RistfQIgzKxIoKAcln6r/Tt1E3kWDuIfSsv4zeS5aNXgHJKSTafxbxF/zQvExXznjyxGjXpxtk74ODVsjUPRWBoZTLYFzHaetY8F02RUkGdb0GuqvxpET/snGezdGc85vxYb6zzdOvASeJxnwqu15FHhhnucccbTylm/CkzoIQxrjpQE3nPKpVkq/U/Dg6cRuax4TPDvw0ziwwvjm9jntszgAtS8LpA6eiIqn1JtLvNaDlHCAIMoEoeDbzEaT5VJ7oh99SO3s1Y9YrAZYhUUtL3QW0Jcp7pyVVDxZP4YBI4I9n0o6fhghkWJWbI/RZ1yp5GebNb1ie53yXs4jtw/bNMVZFR6Y+HyYfGWoSe5HBHfQpOgyuw9fmxBrqBt24i7Pbzcbqgpw3Kl+ud1iqIdHgFZVVwsexz8rpQHuIl22DCALW+cjXv5m2TjuEE7VhrCqyURoSkFQXXmxxfFeZzyos7JwNRs6QfO9fpkPY7aCuKAl9Yajr5Aztqa7PEBDnj3VmsZIgIS7W3qn/5cBcKl9JP3rM3mGXQCuatcvvDH1ogTrpPyJsKRYoBBY1QlIZGpe/I/5ziqtWlyK4LYOZe494BdHZp8J31OybIq9KA9JDRAx07yndW/WrOPezC+w4wSB5thydAVJlwAKYGWO/KdQQ3OD82PYZkkAd5gCOQ3JwrIDGkweGIoVPWa7cMj76OWFx+G6cq6ZR3vRgkN+xc+MuFHl151h4AuEblAYBb2k3JpJWwFikAOjNgH9SF0hMXINCS2kbBKxvlrcx8Bb++ENpdrCxW0B8QwPik/W3D0mkdqqxK2COByya5605SEyeuIcDiWbodRNKV96150mu1uNHY5nwbU6aYJDJqOhHJPpYq9380YRSX7UajMLhN1QshoPSMR/yFM4UfXUo0h7cdmmZ2Ea0FleTi/K6KM7GfsPPXHVcJ1eA1E0e jiO4Byan NsldfBDPw0a7xTOQtXzEP5GHEKfa1zsdltio1g2GngzIF5DQbiuNcGtIxggcGSBfVg2WkOrp9tMwq2ByvSONGDIkOWQQRTKPtEdco5/OB6B/rLap3QGFbM2ytRzi2YWIyY65IQWm7KRwd5Ap2FykFz5hKMyXD/ipXQFvH+r5Ltg1YBE+5wifiQ6LHQx7Qo3g0qC2G3WjcIxtFefZbxlmP6mpeqN+jm/4XRrj9+3czW2H59HK3VLTxM8Bofoz2EJMB667hiMqH0rTdLW1+S44inxF0XX7XSWFRNJQeCiOsWMDeH1PWP5HxXozC4I5ee2iQeds8xuqhP8W9tGqCvuYp1f7qV/5JOBc0pB5+3h/QZ8232u4jcu73DwU7v0N7WCUmCLHQv/DnTcpzyFcafTKm8gzO6P7SOX8AdZGDcWH6LJL9Wq2pd9XsVhspyNxbTTcFGXHm1P1wmAeGFdP4ceEtFRllCRua2gc7W3Ph8UgkKxzpoTuejpSdaUQKXVPgwtN2+HMY X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: maybe_mkwrite creates PTEs with WRITE encodings for underlying arch if VM_WRITE is turned on in vma->vm_flags. Shadow stack memory is a write- able memory except it can only be written by certain specific instructions. This patch allows maybe_mkwrite to create shadow stack PTEs if vma is shadow stack VMA. Each arch can define which combination of VMA flags means a shadow stack. Additionally pte_mkshdwstk must be provided by arch specific PTE construction headers to create shadow stack PTEs. (in arch specific pgtable.h). This patch provides dummy/stub pte_mkshdwstk if CONFIG_USER_SHADOW_STACK is not selected. Signed-off-by: Deepak Gupta --- include/linux/mm.h | 23 +++++++++++++++++++++-- include/linux/pgtable.h | 4 ++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index 8f857163ac89..a7705bc49bfe 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1093,6 +1093,21 @@ static inline unsigned long thp_size(struct page *page) void free_compound_page(struct page *page); #ifdef CONFIG_MMU + +#ifdef CONFIG_USER_SHADOW_STACK +bool arch_is_shadow_stack_vma(struct vm_area_struct *vma); +#endif + +static inline bool +is_shadow_stack_vma(struct vm_area_struct *vma) +{ +#ifdef CONFIG_USER_SHADOW_STACK + return arch_is_shadow_stack_vma(vma); +#else + return false; +#endif +} + /* * Do pte_mkwrite, but only if the vma says VM_WRITE. We do this when * servicing faults for write access. In the normal case, do always want @@ -1101,8 +1116,12 @@ void free_compound_page(struct page *page); */ static inline pte_t maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) { - if (likely(vma->vm_flags & VM_WRITE)) - pte = pte_mkwrite(pte); + if (likely(vma->vm_flags & VM_WRITE)) { + if (unlikely(is_shadow_stack_vma(vma))) + pte = pte_mkshdwstk(pte); + else + pte = pte_mkwrite(pte); + } return pte; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index 1159b25b0542..94b157218c73 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1736,4 +1736,8 @@ pgprot_t vm_get_page_prot(unsigned long vm_flags) \ } \ EXPORT_SYMBOL(vm_get_page_prot); +#ifndef CONFIG_USER_SHADOW_STACK +#define pte_mkshdwstk(pte) pte +#endif + #endif /* _LINUX_PGTABLE_H */