From patchwork Mon Mar 20 16:39:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 72305 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1330400wrt; Mon, 20 Mar 2023 10:10:03 -0700 (PDT) X-Google-Smtp-Source: AK7set8L7rAB2UKvXAAE/aiTP88WoHMuQ76gD0Tj2rG9UUbQA/QTI7PUwH92TZpIzMuh1gKQilwl X-Received: by 2002:a17:903:247:b0:19f:3097:cd7 with SMTP id j7-20020a170903024700b0019f30970cd7mr22641697plh.26.1679332202792; Mon, 20 Mar 2023 10:10:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679332202; cv=none; d=google.com; s=arc-20160816; b=ozl71V8su27vuLnNGq8G1EEEP/g3haKz0qWcotMHJJLfe0uxi0rAmEaXH5HZpj2tN1 LkW2jbyFDPdbvJ99KVto1bPCKAnnLQwX3t4XW31PqEZT0jpPPjU5dv2TBTDOBJdT55ss WcWHAdUntXsaPNmYBF+nVrvYbgvS9v66ZCJP+NE6QjxrZY+6mvGqHha/Vl74nCvbeeTK 4KZhn004Sr6HNvuwjl4HAQ8CtqBGfUdPGyB0XbzM8wUcSPmSVttF2KE+NnJwmapxXhl1 uLqckgfBzpZhSwJBsVL0RUFdi7YBgbLEUGFBLwB9rMnexRNneLm2U/RrmsVCatv7QHXK UlvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=GcvX/w1/EqIVBN0T1Ow87iIA7shFWYQbhpGDi3ggWvI=; b=lGDC4HcMasiO8WgutSoR0UjPx7SY8Zfy5/jrJfwlqjDJpjoWE2kyA+NO7xkP2GfAS1 6ajQMkAF8ghZ/K3ZaaF2rA//0bGTxegy82AgnOIKyCZZQSa5ueguiZhX8JzWfZP7IWJV l6wZ2A55LC9E4C/uusZ89RIHjRnn+3KqlqHy5327CL9jjeaw3MdK4+fl8DN1O9IivH3U BnchElx8a2sa7cEMtgmtfdzqBwEERtvSUD+ciIayDzS7wKvOtPqfLG/nnu0baed9j5HO 2SS1NlEEzd0p5qoNN/lcLhABdxeJys+lxpJxZTb1Es7S3iF3OSvZtUfZSw12Cftwfuza EVVQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=C9U1fgk9; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j30-20020a63231e000000b005098590f1edsi10601871pgj.757.2023.03.20.10.09.47; Mon, 20 Mar 2023 10:10:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=C9U1fgk9; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232664AbjCTQvS (ORCPT + 99 others); Mon, 20 Mar 2023 12:51:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231864AbjCTQuF (ORCPT ); Mon, 20 Mar 2023 12:50:05 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E46E57EF9; Mon, 20 Mar 2023 09:42:30 -0700 (PDT) Date: Mon, 20 Mar 2023 16:39:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679330371; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GcvX/w1/EqIVBN0T1Ow87iIA7shFWYQbhpGDi3ggWvI=; b=C9U1fgk9Nh7fKMAIpJKXNeXuDiqGJx7+RgrRS3KlLWbp6RVpyoPsB8QOy/1CUb74sgJe/a FZk3qpKqeFm1Sdhfng0r/YseJiNZIdAw8fAx9VvBvWMO+BJZIG1WeUw2yGrs/YYo/xijC7 LsvCcuXHz54bQsRK47yLBLfuUXFYJkstqQHI41gFfmRRX0z54eFiISVuVnCvZ9U+uKdyY3 M/qrQ9Yyk+7THrDzW3/7dzl+/9O8NkA8qKZw0f1ITHrDk3D2zqnN+AYv3tIbF+NixP6Zpv CFY5jqiCrgwxe2swx3yZaddj0PETUauTxLW2/RTRcJSpnDFNOJE+H4UQT6sOGw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679330371; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GcvX/w1/EqIVBN0T1Ow87iIA7shFWYQbhpGDi3ggWvI=; b=dkZujAgEqEwSXazG+gUZWkEKGzbFCzIfwn5sqLRPlRxA9u3QsVhfNPRCmr3IYUbDz8Hf9A iyoZWfEF/8w/lDBQ== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/cpufeatures: Add CPU feature flags for shadow stacks Cc: "Yu-cheng Yu" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167933037079.5837.2318531976679157988.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760907444067811398?= X-GMAIL-MSGID: =?utf-8?q?1760907444067811398?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: d1b5e84f943c7b5b51bc2c1e50b36a7579ed7c75 Gitweb: https://git.kernel.org/tip/d1b5e84f943c7b5b51bc2c1e50b36a7579ed7c75 Author: Rick Edgecombe AuthorDate: Sat, 18 Mar 2023 17:14:58 -07:00 Committer: Dave Hansen CommitterDate: Mon, 20 Mar 2023 09:01:08 -07:00 x86/cpufeatures: Add CPU feature flags for shadow stacks The Control-Flow Enforcement Technology contains two related features, one of which is Shadow Stacks. Future patches will utilize this feature for shadow stack support in KVM, so add a CPU feature flags for Shadow Stacks (CPUID.(EAX=7,ECX=0):ECX[bit 7]). To protect shadow stack state from malicious modification, the registers are only accessible in supervisor mode. This implementation context-switches the registers with XSAVES. Make X86_FEATURE_SHSTK depend on XSAVES. The shadow stack feature, enumerated by the CPUID bit described above, encompasses both supervisor and userspace support for shadow stack. In near future patches, only userspace shadow stack will be enabled. In expectation of future supervisor shadow stack support, create a software CPU capability to enumerate kernel utilization of userspace shadow stack support. This user shadow stack bit should depend on the HW "shstk" capability and that logic will be implemented in future patches. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230319001535.23210-4-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/include/asm/disabled-features.h | 8 +++++++- arch/x86/kernel/cpu/cpuid-deps.c | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 73c9672..3d98ce9 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -309,6 +309,7 @@ #define X86_FEATURE_MSR_TSX_CTRL (11*32+20) /* "" MSR IA32_TSX_CTRL (Intel) implemented */ #define X86_FEATURE_SMBA (11*32+21) /* "" Slow Memory Bandwidth Allocation */ #define X86_FEATURE_BMEC (11*32+22) /* "" Bandwidth Monitoring Event Configuration */ +#define X86_FEATURE_USER_SHSTK (11*32+23) /* Shadow stack support for user mode applications */ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ @@ -378,6 +379,7 @@ #define X86_FEATURE_OSPKE (16*32+ 4) /* OS Protection Keys Enable */ #define X86_FEATURE_WAITPKG (16*32+ 5) /* UMONITOR/UMWAIT/TPAUSE Instructions */ #define X86_FEATURE_AVX512_VBMI2 (16*32+ 6) /* Additional AVX512 Vector Bit Manipulation Instructions */ +#define X86_FEATURE_SHSTK (16*32+ 7) /* "" Shadow stack */ #define X86_FEATURE_GFNI (16*32+ 8) /* Galois Field New Instructions */ #define X86_FEATURE_VAES (16*32+ 9) /* Vector AES */ #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 5dfa4fb..505f78d 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -99,6 +99,12 @@ # define DISABLE_TDX_GUEST (1 << (X86_FEATURE_TDX_GUEST & 31)) #endif +#ifdef CONFIG_X86_USER_SHADOW_STACK +#define DISABLE_USER_SHSTK 0 +#else +#define DISABLE_USER_SHSTK (1 << (X86_FEATURE_USER_SHSTK & 31)) +#endif + /* * Make sure to add features to the correct mask */ @@ -114,7 +120,7 @@ #define DISABLED_MASK9 (DISABLE_SGX) #define DISABLED_MASK10 0 #define DISABLED_MASK11 (DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \ - DISABLE_CALL_DEPTH_TRACKING) + DISABLE_CALL_DEPTH_TRACKING|DISABLE_USER_SHSTK) #define DISABLED_MASK12 0 #define DISABLED_MASK13 0 #define DISABLED_MASK14 0 diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index f6748c8..e462c1d 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -81,6 +81,7 @@ static const struct cpuid_dep cpuid_deps[] = { { X86_FEATURE_XFD, X86_FEATURE_XSAVES }, { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 }, { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD }, + { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES }, {} };