From patchwork Sat Dec 3 00:35:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 29193 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1143311wrr; Fri, 2 Dec 2022 16:44:01 -0800 (PST) X-Google-Smtp-Source: AA0mqf5fOzDGGbSO+H9HSOKg6ezXPSRgbTYftaNy8ID4Ms2mOYp0ahEIelcJWNQrEwjxSYpk3xXI X-Received: by 2002:a63:5910:0:b0:42b:68a1:4207 with SMTP id n16-20020a635910000000b0042b68a14207mr53560353pgb.326.1670028241089; Fri, 02 Dec 2022 16:44:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670028241; cv=none; d=google.com; s=arc-20160816; b=uaXRTDXOSx3TBlUutfDy3/M9OEiohFaSHQXlxPsSfucvltBgVeMKltsBYeAGf83ep+ fE1NAwOggYfRS0lWqpAFjAWHeSZm75saSiIkzbbB4kukp+pU3YkIvkTyPUgyHG7VHV00 MSVPKyFOFM+7kmHr13XUk4+A3XEhr62C9yccWFWb7CAhWdNXQCuZZDSivAiJpl3+yPlK w4cDRIxiA48SR/kZqLrcaZrYinUHpQpYhax4x7Jkr3aLNhXeu9+B2EDFufF84J8LdQE3 kxHDpqUICKCujDC1VqtLLT2MR9w7czyo6RxZe/gHA/Yqr/ROaPAY6zkCm2xDADYKdrNH htBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=sme6E7WId2b/OescfNOtoFZmHp2FGiGCXrZa7345wuM=; b=MRz/iO+dJSa+M247RCEQhwTZ+xWd7k/Gsk0v78k3qLZN+QRndhrSXFC89oSfI2h8MC 3FKZctixXJjTUrqMJWe0cTONU3M0oJXPZ3deoFq5RU7HInjET4/VKO9aaQ+GKsSgmscl kDITpU/45v9Ri7y6FBOSfor4jNpME03qDa84RxJf5xG74/OyNft5I21CBlkEpN46F9jX d6rAEk+hoB2a44/GbWKAaA9ZgdbwEMeieLHRMgd/3kWQje+7BOkl+cp6wjeb30vRJRWq HCvR4CZgus1tjQll3WztifEJhd3mv5WkeufSMXN9o67u2P58lVTymRWHALJRD0L9T4mC iAVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JLznq60w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c7-20020a056a000ac700b0056bf15d0cbfsi9564888pfl.308.2022.12.02.16.43.48; Fri, 02 Dec 2022 16:44:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JLznq60w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235132AbiLCAnZ (ORCPT + 99 others); Fri, 2 Dec 2022 19:43:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235279AbiLCAmD (ORCPT ); Fri, 2 Dec 2022 19:42:03 -0500 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 299851042E0; Fri, 2 Dec 2022 16:38:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670027908; x=1701563908; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=9Rgq6Is1ft2SHhT8Knmc6hxAfAY7NUj7tCn2AnWmhHU=; b=JLznq60wRLmOAHjqC+rkZsCOl7pFbD2wpjlzi9HyaQHHk/0UJhUMJSXh 96jhzCFrokGQJxiP9kg+E6JbcRDKwJOizY6Jetv5tL5pYQ4Sdd9Wouw84 hdvq2xzmb3ya8x+vd0PlzwoWhodqhdDSA6epCLxMMqow5ujDt1uzXeisy sSdCZNAUDr5z7ck1cHlvksd1oB69AebpTJxCWnMXIZArPqu/p+zCCJdbZ oRabDTvIrhDFU/6Y30qAvBJBvOh9UBQxVhkTmsZMCNi10iAEJ1Hbp9haz mDAvCfwqMNojKgsWSdY9ssqWj+XfMlzoDD1/vakepWxjllmo+sJS0bOrr w==; X-IronPort-AV: E=McAfee;i="6500,9779,10549"; a="313711482" X-IronPort-AV: E=Sophos;i="5.96,213,1665471600"; d="scan'208";a="313711482" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Dec 2022 16:37:40 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10549"; a="787479999" X-IronPort-AV: E=Sophos;i="5.96,213,1665471600"; d="scan'208";a="787479999" Received: from bgordon1-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.212.211.211]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Dec 2022 16:37:38 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v4 32/39] x86: Expose thread features in /proc/$PID/status Date: Fri, 2 Dec 2022 16:35:59 -0800 Message-Id: <20221203003606.6838-33-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221203003606.6838-1-rick.p.edgecombe@intel.com> References: <20221203003606.6838-1-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1751151533025356032?= X-GMAIL-MSGID: =?utf-8?q?1751151533025356032?= Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Kirill A. Shutemov [Switched to CET, added to commit log] Signed-off-by: Rick Edgecombe Reviewed-by: Kees Cook --- v4: - Remove "CET" references v3: - Move to /proc/pid/status (Kees) v2: - New patch arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0d96bd..31c0e68f6227 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index d2a94eafe9a3..96ee17d68b4c 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -433,6 +433,11 @@ static inline void task_untag_mask(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "untag_mask:\t%#lx\n", mm_untag_mask(mm)); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -457,6 +462,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 81d6e4ec2294..5a8b21c0a587 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)