From patchwork Thu Jan 19 21:22:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 45992 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp556165wrn; Thu, 19 Jan 2023 13:36:18 -0800 (PST) X-Google-Smtp-Source: AMrXdXsrv1Qrtp8tVDaefCUpMcW6h6W+AZaMkgd08sb0O7RARtZKLu2FxCmtzmvwIPInrvrYoxvu X-Received: by 2002:a05:6a21:170f:b0:af:9dda:b033 with SMTP id nv15-20020a056a21170f00b000af9ddab033mr13080302pzb.37.1674164177881; Thu, 19 Jan 2023 13:36:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674164177; cv=none; d=google.com; s=arc-20160816; b=Cz2akeKrsK6smJjfTmsiL/6gSdJYzD6QhXZBaAEE6t+AAK/15NurrhzfL4+nV8+7oI uDoqkkIdR3GA8W3MPbkC7XGrl1eMwyaLOxshR22kr6iVeCLlwHJoG+IHQ5FLXsgxjfcW 8d2gbYQiUY00cfH+AyzfERPnZLr9ckngUvZGLKtlwW6Te4sxqb/Wm+doBrPHuoEZejsS U9+8nU5+ZseSd3Wl6bZ9ysg64hNdvaxeVb4ZG/vMDQ888/Aq+7sFXJWqITTlGjGXNVgQ 6uTI3c4cuI8MXx989z5PuNlYGg/zpcmtwQYZ2tI7gFJGw8VwWRgxYuUD12KJU72vmzoq hwxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=StQkA6ot9FCk/YmAiAeLd46+t6/Gkl8n00cyZWXpPeQ=; b=xRiJcrLyWTj/YN5vWrsR/O6ogNuYbFjrTDCiQDbLJVmVOYQmi0l9AolIQS1srziTYC aTL+/Bb/IFLdO5lL9eSrY9XOnez9Xdqpp+ijWoQ7/L2b4xneZ8jc1d9PPfy2NjLoHa+R yHMBvyeytDAuLGo39OgBRLXv7ddnPYC1H+AkzEsBOT6Avzmo7IEYKyH7PX04Tqo4ikOn SSKE1QjpwSu9PEIct20WuQe8z6ppnlxVz6LlV5Ieu5tuaJUtow0xi1sNpZWuwsjP32Aj iC+sdTY8SGG+w2ytjlLGEWkL2YY/UZOUhB5ooigHk9Ky83hmhvhWUojuNfNXJAFc3NcT FIcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LXsvEtmK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f69-20020a636a48000000b004d21c99e5b7si2375551pgc.316.2023.01.19.13.36.05; Thu, 19 Jan 2023 13:36:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LXsvEtmK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230419AbjASVe5 (ORCPT + 99 others); Thu, 19 Jan 2023 16:34:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230423AbjASVcz (ORCPT ); Thu, 19 Jan 2023 16:32:55 -0500 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C73EFA9585; Thu, 19 Jan 2023 13:26:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674163581; x=1705699581; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=G9eEBGmU/UnEJ+400J+VwekvQK2O1I9MsdKnAZAqxQw=; b=LXsvEtmKlb3UalVFARwCFI7tkjepU7eCssI9j0x3Yo2MHNki7w8VGscW D6zfdb/x6YKWhbmcqcR9o3w3kiMqjUd08vrg9eXnQO1eSH8lYVxb0Zot5 fiDqjDl58fcwfp9TrWjM+kgNRAVgc7kIkw9LvXDl4SosPLznNfsOR7TRF NoBxNCfj5flKkMn4Lp7hJNZ/CIBCwevvO/wqFt8vyVNKeTGfGcoDkBvgm 7o5/NPMRzqth4GvyHJCAaS3+kynRxkvfS0kfxXjFUY6ItQbsJQqvz99UV qbcSuomH5e3j6HGRQLUbvb0y3XAgjr6ZoP1bWEdR23niquyOGluWR22HK A==; X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="323119497" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="323119497" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:23:49 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="989139056" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="989139056" Received: from hossain3-mobl.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.252.128.187]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:23:47 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Cc: rick.p.edgecombe@intel.com, Yu-cheng Yu Subject: [PATCH v5 15/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory Date: Thu, 19 Jan 2023 13:22:53 -0800 Message-Id: <20230119212317.8324-16-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230119212317.8324-1-rick.p.edgecombe@intel.com> References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755488376604578079?= X-GMAIL-MSGID: =?utf-8?q?1755488376604578079?= From: Yu-cheng Yu The x86 Control-flow Enforcement Technology (CET) feature includes a new type of memory called shadow stack. This shadow stack memory has some unusual properties, which requires some core mm changes to function properly. A shadow stack PTE must be read-only and have _PAGE_DIRTY set. However, read-only and Dirty PTEs also exist for copy-on-write (COW) pages. These two cases are handled differently for page faults. Introduce VM_SHADOW_STACK to track shadow stack VMAs. Reviewed-by: Kees Cook Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Yu-cheng Yu Reviewed-by: Kirill A. Shutemov Signed-off-by: Rick Edgecombe Cc: Kees Cook --- v3: - Drop arch specific change in arch_vma_name(). The memory can show as anonymous (Kirill) - Change CONFIG_ARCH_HAS_SHADOW_STACK to CONFIG_X86_USER_SHADOW_STACK in show_smap_vma_flags() (Boris) Documentation/filesystems/proc.rst | 1 + fs/proc/task_mmu.c | 3 +++ include/linux/mm.h | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst index e224b6d5b642..115843e8cce3 100644 --- a/Documentation/filesystems/proc.rst +++ b/Documentation/filesystems/proc.rst @@ -564,6 +564,7 @@ encoded manner. The codes are the following: mt arm64 MTE allocation tags are enabled um userfaultfd missing tracking uw userfaultfd wr-protect tracking + ss shadow stack page == ======================================= Note that there is no guarantee that every flag and associated mnemonic will diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c index e35a0398db63..982126ffdbae 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR [ilog2(VM_UFFD_MINOR)] = "ui", #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ +#ifdef CONFIG_X86_USER_SHADOW_STACK + [ilog2(VM_SHADOW_STACK)] = "ss", +#endif }; size_t i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 82a9a4903651..824e730b21af 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -315,11 +315,13 @@ extern unsigned int kobjsize(const void *objp); #define VM_HIGH_ARCH_BIT_2 34 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_3 35 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_BIT_4 36 /* bit only usable on 64-bit architectures */ +#define VM_HIGH_ARCH_BIT_5 37 /* bit only usable on 64-bit architectures */ #define VM_HIGH_ARCH_0 BIT(VM_HIGH_ARCH_BIT_0) #define VM_HIGH_ARCH_1 BIT(VM_HIGH_ARCH_BIT_1) #define VM_HIGH_ARCH_2 BIT(VM_HIGH_ARCH_BIT_2) #define VM_HIGH_ARCH_3 BIT(VM_HIGH_ARCH_BIT_3) #define VM_HIGH_ARCH_4 BIT(VM_HIGH_ARCH_BIT_4) +#define VM_HIGH_ARCH_5 BIT(VM_HIGH_ARCH_BIT_5) #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */ #ifdef CONFIG_ARCH_HAS_PKEYS @@ -335,6 +337,12 @@ extern unsigned int kobjsize(const void *objp); #endif #endif /* CONFIG_ARCH_HAS_PKEYS */ +#ifdef CONFIG_X86_USER_SHADOW_STACK +# define VM_SHADOW_STACK VM_HIGH_ARCH_5 +#else +# define VM_SHADOW_STACK VM_NONE +#endif + #if defined(CONFIG_X86) # define VM_PAT VM_ARCH_1 /* PAT reserves whole VMA at once (x86) */ #elif defined(CONFIG_PPC)