From patchwork Mon Mar 20 16:39:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 72316 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1334562wrt; Mon, 20 Mar 2023 10:18:26 -0700 (PDT) X-Google-Smtp-Source: AK7set/9Lf8m86DzNYEKFr85QATuvfrw+0dpKkZYPL0L5b/AHL/gcwNGeCjACnKt7Y2jlJZLiqKV X-Received: by 2002:a17:902:ec8d:b0:1a1:9020:f9c7 with SMTP id x13-20020a170902ec8d00b001a19020f9c7mr20778475plg.44.1679332706379; Mon, 20 Mar 2023 10:18:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679332706; cv=none; d=google.com; s=arc-20160816; b=niU2KXIdUqgD5og7UMQbYZtkJEjf83dJOGp921LodPqy9t1CJGgdbt1JhOV10CJl7w V+Wjm9rWbRpiB3vfdVBbFJZQpSYjEFZ7tMU6GuwuzshPESywIwlBOtkx5ja2CHz8Xymr 6xeu4ziD1wEnxF/sBhGSLSiIT1HH7Xt6n3UfZtnPqrKhUgr9XAsk+nYPATlKrCvzOy7r 0LElWkKjeWrQHcm60eAS5N0ggD/fxyoYhDvzjacZFJp/9Os61lATaJxbVwuAI/6y322A AIsM78VMbH5oDRCpGlTJ0fDaDYEX2YkJep5LrYobYGBsqmBCyqHMfJ5ip9L0+fEaWaBf B5iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=1pyNJ94Xmjg5afnQf65BD2G1qBs/X+FwFo6X2p7QCdU=; b=BsI47jghRUIiV6NLWSrQ2l+vyuY5fnTpPsBEqRPYhj+xoAPYFXxAd+K3KIrqehPGMS AiVeViPbe1Hb+WkEZX2u29L9I6OV5cgFfGnKFBd/552/MmD/2yxFf2km2zIQcFelsjPC la9Swl4D8GHgGSBSAm77M6P+xCtrQSDMGu/hLGOf0Crysus/8biAbwh0yKa5aS1w0tl2 GxvKr+CaLr50svZnFjPBxRfK0ZmdSXHeq0mNGaA0k5lF4D5KYsJfl+NCReTI5BiUjLT+ kWoqESnAdrDpZwrJB3I5oakgFLTOSKKxTtdnFyf+4ikqQFSEH9Ntn7CmOkdh64LJWqyx 5IeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="ZMY/3zrp"; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b3-20020a170902d50300b0019edbecf9b5si12356632plg.344.2023.03.20.10.18.11; Mon, 20 Mar 2023 10:18:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b="ZMY/3zrp"; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232662AbjCTQtn (ORCPT + 99 others); Mon, 20 Mar 2023 12:49:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231523AbjCTQr7 (ORCPT ); Mon, 20 Mar 2023 12:47:59 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC435279AD; Mon, 20 Mar 2023 09:41:35 -0700 (PDT) Date: Mon, 20 Mar 2023 16:39:26 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679330366; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1pyNJ94Xmjg5afnQf65BD2G1qBs/X+FwFo6X2p7QCdU=; b=ZMY/3zrpIlmQNxZRPQh8SYy77N+RHPCtKPrmWWtQtSUjmeDbX+3S5kCswgBJRBB7Bt5YRM Ex8azBN1Y6lS281OnJLmEWNw8R6y3Pvig253WUKOkSGvxk7rXV4wdkUVMblctKEb/YVvqx cwavl+M7Oh93uqNaXTuNQmvIW0S7hvXgoaQpXOW4zHLn0RdqcdfdMhl5VewFJm4FrLB5sK KcENzz1OqspfjtJGrVgngJnwmK0u07bCADryFPP0TkGhCv9WuX9JoxpESaEOWhu/Sigl7f oIjxjyER9hpnP9eA3/NisBeVXdPzK1NFe6CUWa69KZp+HEjfQf6VnUsmEwVypw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679330366; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1pyNJ94Xmjg5afnQf65BD2G1qBs/X+FwFo6X2p7QCdU=; b=bYYT8AQWj1cK9fZf0ox0/FDK/Kypy4oNdFpUvWMM6Ofyb08bgElvBmnLZWH2BuHRmIDZx+ IiSAAl6IUi2TVPBQ== From: "tip-bot2 for Yu-cheng Yu" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] mm: Introduce VM_SHADOW_STACK for shadow stack memory Cc: "Yu-cheng Yu" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Kirill A. Shutemov" , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167933036632.5837.13284433905417431566.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760907972108786799?= X-GMAIL-MSGID: =?utf-8?q?1760907972108786799?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: db31a5b7a897fd08fad6ebac9fb6516657b791a3 Gitweb: https://git.kernel.org/tip/db31a5b7a897fd08fad6ebac9fb6516657b791a3 Author: Yu-cheng Yu AuthorDate: Sat, 18 Mar 2023 17:15:13 -07:00 Committer: Dave Hansen CommitterDate: Mon, 20 Mar 2023 09:01:10 -07:00 mm: Introduce VM_SHADOW_STACK for shadow stack memory New hardware extensions implement support for shadow stack memory, such as x86 Control-flow Enforcement Technology (CET). Add a new VM flag to identify these areas, for example, to be used to properly indicate shadow stack PTEs to the hardware. Shadow stack VMA creation will be tightly controlled and limited to anonymous memory to make the implementation simpler and since that is all that is required. The solution will rely on pte_mkwrite() to create the shadow stack PTEs, so it will not be required for vm_get_page_prot() to learn how to create shadow stack memory. For this reason document that VM_SHADOW_STACK should not be mixed with VM_SHARED. Co-developed-by: Rick Edgecombe Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Reviewed-by: Kirill A. Shutemov Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230319001535.23210-19-rick.p.edgecombe%40intel.com --- Documentation/filesystems/proc.rst | 1 + fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index 9d5fd94..8b314df 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -564,6 +564,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking + ss shadow stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index 6a96e17..324b092 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR [ilog2(VM_UFFD_MINOR)] = "ui", #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ +#ifdef CONFIG_X86_USER_SHADOW_STACK + [ilog2(VM_SHADOW_STACK)] = "ss", +#endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index a1b31ca..097544a 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -326,11 +326,13 @@ extern unsigned int kobjsize(const void *objp); #define VM_HIGH_ARCH_BIT_2 34 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_3 35 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_4 36 /* bit only usable on 64-bit architectures */ +#define VM_HIGH_ARCH_BIT_5 37 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_0 BIT(VM_HIGH_ARCH_BIT_0) #define VM_HIGH_ARCH_1 BIT(VM_HIGH_ARCH_BIT_1) #define VM_HIGH_ARCH_2 BIT(VM_HIGH_ARCH_BIT_2) #define VM_HIGH_ARCH_3 BIT(VM_HIGH_ARCH_BIT_3) #define VM_HIGH_ARCH_4 BIT(VM_HIGH_ARCH_BIT_4) +#define VM_HIGH_ARCH_5 BIT(VM_HIGH_ARCH_BIT_5) #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */ #ifdef CONFIG_ARCH_HAS_PKEYS @@ -346,6 +348,12 @@ extern unsigned int kobjsize(const void *objp); #endif #endif /* CONFIG_ARCH_HAS_PKEYS */ +#ifdef CONFIG_X86_USER_SHADOW_STACK +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 /* Should not be set with VM_SHARED */ +#else +# define VM_SHADOW_STACK VM_NONE +#endif + #if defined(CONFIG_X86) # define VM_PAT VM_ARCH_1 /* PAT reserves whole VMA at once (x86) */ #elif defined(CONFIG_PPC)