From patchwork Thu Jan 19 21:23:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 46017 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp559408wrn; Thu, 19 Jan 2023 13:45:40 -0800 (PST) X-Google-Smtp-Source: AMrXdXstsYTAJtRQ1xLwuj+PuKSCKAaYRzeS5RRZLFHHh6a9Bw4cIUYcLYDZ+rfQkpkfDRCuhDTT X-Received: by 2002:a05:6402:3224:b0:45c:834b:f287 with SMTP id g36-20020a056402322400b0045c834bf287mr14535651eda.4.1674164740590; Thu, 19 Jan 2023 13:45:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674164740; cv=none; d=google.com; s=arc-20160816; b=sHx7aMIbXCF+m8zS+PPVFxhM1Rp1z2oBIW5DduHgXVSk+ljfDBlI8zNQ7LliPH1aoK FyjLWruRcw65QvVCWP8x5rvPwooUR9wiuPzc0a2xfqxpSkcH/IB+UD0c2ryJYautHtBr zBvpAvmd9hIRx1Rbe9Bj+8O7seeqNka2BqwKV3SpduZuOslTzlOr6doXSSeAQKxUZY3b KBv7lC1SEXaOTt5+IHZlSIaEfjusTMM5gw7l9GXnz/NfQGnIlZKiohyK9zJ43MxpBg4e WjVqackGLFHc5Tvsu5XOd9kDqOq/agcbSq5q3sjE+u5LtTwndqgAcO92koZfzgdi2tOM w4EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=upYGst2M+pM9taclLJcrPM9etxXHvFq2ULPd7LORduM=; b=BToPODwAYig1gvffUfB+CeTUhn/xRQs7bnJt45AxBdwuVrTjgH3+Og0LxRCwZac2WR 6rr2DMHYhqc4Hpai1GeI/kxqf2DO8LzNvmsmjU33zzPD34xbglVkYwLAaVscK1Snkg8m lNydef1NWZmhT7Vdr1ZUGX+L0Z0lOKN5irkhXePDNnlUVN85nJjhLTfeqklUiuy2y9Sk uNC7hMGSa0ff1N+1O0+9GwMkSpYNClSqKbIZ8I/RXmxAL+UxsbzLAhHN0phbc66Pcnxg IMlJvG7fKKA5OLcJd9qDPPMyv380RAqPa053BEZ3/NsCGzTao+zi/z8WrJJOdsYbfGwn m4vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gQkrwrQ4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h12-20020a056402280c00b0048c0b5672e4si51341048ede.37.2023.01.19.13.45.16; Thu, 19 Jan 2023 13:45:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=gQkrwrQ4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231243AbjASVmg (ORCPT + 99 others); Thu, 19 Jan 2023 16:42:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230092AbjASViK (ORCPT ); Thu, 19 Jan 2023 16:38:10 -0500 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 036F24ABC2; Thu, 19 Jan 2023 13:27:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674163673; x=1705699673; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=vY8qQFdDU3u0a0tvehCZCS7MwIYptOrO+eN8SXLOirs=; b=gQkrwrQ4Dn6lvzoLLIOoZj6nwoj2pw+qVTv02bXHhd7Ix3u3k+bemd5x rU+E9ClBPy78ZtArP0KQsxrnzNb6tTAHA9Y/SEKAlWK9koXLa5HXJbPGi qWxbgBmvMelkQn8oKtx+j8iN0sBZHhD06SowEv5I0JbSIOxjEa+y4Y3sH AQX9ilJQHkJpUpRfLXZnbFTL70uf5vUsxV54O04OjTILRJCU6gH4bafYi MUrsUq68uyoDsLTYQMnRGXhze0S940xweCwcmJs6sfe5DfdDOSO18tyte 9sb7unTi272m62rH+56a7SC4OP9ONC/0X8o88JBaqoNBAb9sQrwVaMrfF A==; X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="323119970" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="323119970" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:24:17 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="989139169" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="989139169" Received: from hossain3-mobl.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.252.128.187]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:24:16 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v5 33/39] x86: Expose thread features in /proc/$PID/status Date: Thu, 19 Jan 2023 13:23:11 -0800 Message-Id: <20230119212317.8324-34-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230119212317.8324-1-rick.p.edgecombe@intel.com> References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755488966868615256?= X-GMAIL-MSGID: =?utf-8?q?1755488966868615256?= Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. Reviewed-by: Kees Cook Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Kirill A. Shutemov [Switched to CET, added to commit log] Signed-off-by: Rick Edgecombe --- v4: - Remove "CET" references v3: - Move to /proc/pid/status (Kees) v2: - New patch arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0d96bd..31c0e68f6227 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index 49283b8103c7..7ac43ecda1c2 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -428,6 +428,11 @@ static inline void task_thp_status(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "THP_enabled:\t%d\n", thp_enabled); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -451,6 +456,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 0260f5ea98fe..80ff8e533cbd 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)