From patchwork Sun Jul 16 21:50:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 120950 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp792876vqt; Sun, 16 Jul 2023 15:08:33 -0700 (PDT) X-Google-Smtp-Source: APBJJlG4gQdR2lrN5mI1G6rD3c9jZ1ZxlZqTwvACBNZqgPVKzveg96UmUOEa/CGsHqSvEM8ZYaRr X-Received: by 2002:a05:6a20:b70a:b0:133:c12a:4d6 with SMTP id fg10-20020a056a20b70a00b00133c12a04d6mr8713046pzb.1.1689545312909; Sun, 16 Jul 2023 15:08:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689545312; cv=none; d=google.com; s=arc-20160816; b=WvH+q9U5uIq/Qnl+2KllakxwiFy6ugWyncQKfwI9FXbt+Wnc1JVZo5sOlT0T45ojHx HLfYK0e+BtxzCPWTpnA/34ojU6CQexjWKdLDuP7mGg7AYz3aa9xNXeBPc+ypm07rPoNE TKsOOf3Kx8g2j0giD4+JBq2LRJeAP/ffhywDFSrOjLRwH/6sZ+dJ7lpRPnV6haqFuzCC Yoi7/OZygPKnp/ypIeUNEKDbGMwAxByDjbiE7UEMjsRWDcnE75tjv7DHJnOoHmqFdd8Y eE2e3u9ObYMX6y3EHjP3ZRQUnFtNT7eIP9yCcGwMoC4ksjRPw1J031oSRonwDdOOneTF sIdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=HSFo0jEjyBBHqgVk0QUU/F5q47VAzZNq81Kar4v0zXk=; fh=EdAFSmIgUzZTC6WCy4Jg1wBZ0/m6m2d/OjiRUJ3BsTI=; b=tmcwPU1bG2T9Y/SFqFOzl6QilRCuMS3+5BoOTTpd/309nQHHtYzooH0NDZVeMR55R4 jEA2v1mpwVdCmECV+46dxeZQM2bXUAjSAiyk65C0opuPywKMxvH7sU5J1h15MBfWEuEg hP2Tkzv4IBEYmJ+ulILUkDV0Gomqq0FHMJyaLfkNPqEx8tAneDPMxZwoF85RTl1N/zJe YKvyPCdhzjo7r7SObUV7Sz77J5/PyrvYd1oMslj4cNlt/r0qbArnoS6wrGF/z+JDT6mZ 3KB/0+hPNXY0L2WdmsXfO3W1Zh0aEwz/Dcm8B6CEMW0H/+qCaYXj5KH+PDdp61aDBgwO hh0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x4-20020a63db44000000b0055febf1491esi2244408pgi.279.2023.07.16.15.08.19; Sun, 16 Jul 2023 15:08:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230440AbjGPVxQ (ORCPT + 99 others); Sun, 16 Jul 2023 17:53:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230390AbjGPVxE (ORCPT ); Sun, 16 Jul 2023 17:53:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 476FDE57; Sun, 16 Jul 2023 14:53:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D7E1460EC6; Sun, 16 Jul 2023 21:53:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 852F6C433C7; Sun, 16 Jul 2023 21:52:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544382; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UgtraBJIty53nrQbpln20X+ZgVVvVELrRtvAd3QMCrhZZLG55JU40/WRKPzyulIdC rdaTs7g0cGf13IEO6plkV5jWgs4u4tUGQRUFb5f/AeXP5SfGfRw0tYRLfzzgSw4dtG KtwongQnS58FCtWJ0962kRMsMbeN2Qn9fsmL5Kkkot6uH6w79KuboVGwU8n+84WVcY eRR3pYAnAajGivQocVIeEN0cuXoC0qluSb/xC6LqxKAIDzD6bRG2MLIR9U8J/EKH0D IJSZ/fzQSra/qECPc29Ob+7i1aufZgNDfzPrEFxMKKU8nRrIHTidvx8ycUaL8qHEWP IpAj+kjOE1FBQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:50:58 +0100 Subject: [PATCH 02/35] prctl: Add flag for shadow stack writeability and push/pop MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-2-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1295; i=broonie@kernel.org; h=from:subject:message-id; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaQrba4c87fXI/DIs9b8uMvYL0mZkMhwI/2a8dl /uECOa+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkAAKCRAk1otyXVSH0Mz2B/ 0Qse7s2seNh0TDAnfYabaiAlsKHmw1NQH/pAIsYkJNq1lwhtVLDvni0GlFFI5Iy4xaXcvNqYLflNIN JB8WxsYfarT9t79wGVEVsXLhN+//YY1W7vIKO7J4qV6OS2zy6xDzLqKUegxjSm1ZzWrLAUmxVvhRTn rdAoifqTz2kttVaBZVk3b2vjudnWDDO1+MV/WXlfbytVw59XLti4le9LkQpNUou/8h3n87mJ3aderr ghHhsnAWYpe/P3JeZi2bHfg9prLFsn0sN6umDfODDRdURGFtk7VPJR/4qEHIpbPDzgcun6Q0ENfn3D fgvdczW1gaU0aCK0NKAnMefJZ1CwOA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771616666136811462 X-GMAIL-MSGID: 1771616666136811462 On arm64 and x86 the kernel can control if there is write access to the shadow stack via specific instructions defined for the purpose, useful for things like userspace threading at the expense of some security. Add a flag to allow this to be selected when changing the shadow stack status. On arm64 the kernel can separately control if userspace is able to pop and push values directly onto the shadow stack via GCS push and pop instructions, supporting many scenarios where userspace needs to write to the stack with less security exposure than full write access. Add a flag to allow this to be selected when changing the shadow stack status. Signed-off-by: Mark Brown --- include/uapi/linux/prctl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 9fdc77fa2bfe..e88d2ddcdb2d 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -321,5 +321,7 @@ struct prctl_mm_map { #define PR_SET_SHADOW_STACK_STATUS 72 # define PR_SHADOW_STACK_LOCK (1UL << 0) # define PR_SHADOW_STACK_ENABLE (1UL << 1) +# define PR_SHADOW_STACK_WRITE (1UL << 2) +# define PR_SHADOW_STACK_PUSH (1UL << 3) #endif /* _LINUX_PRCTL_H */