From patchwork Fri Jun 16 19:16:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 109349 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1572346vqr; Fri, 16 Jun 2023 12:38:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ444JzKJo7be06gDegOGe25eG3UW6GGw0xfLrdNS+X54eRA+DyVbJuHw2Jem1jwQYR8RxPo X-Received: by 2002:a05:6a20:8403:b0:11d:9249:170e with SMTP id c3-20020a056a20840300b0011d9249170emr3998400pzd.12.1686944327140; Fri, 16 Jun 2023 12:38:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686944327; cv=none; d=google.com; s=arc-20160816; b=wZPdRYsN8UVFNqWQy3L1ElfK4Sv8xqxpCT+QUBJ/5uG0CZMmiEm5yn2HJif2A6PeJh eWEQ8WNG/yy/QJ79cUBuMuz1gT3mMB5vNHIG48UFFe+vpvAHln6rikhP8Mmnut78GUsa 7wrHtE3DhkWKlnkAVEtWMw60P7bF6MJDhtoBMOXNMChCXokCvFcjrZaHRqc+w/d0g+Gj ggwwNwPX49eiI1nDfxttf99vc2xEyYIxz4J4f4HlCOeEEMj35gh9DMP50eu7s1t+PtRv mhbP/rq07FhCEJpVQawu5FIS/bY3a2KKJ1dZ5syeWsKwaxGaapuEgIp7E5mLRQcryZg5 mMNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=9RGa4VIIDFiHWyfftGTzzfEoJi9C11JmGHAo2XjXk4Y=; b=YsbmuSaF5IZP9iDwiPcZVyJIoHoa+ZUL8LnTChpaNJcv3LbTzEvR74D8m+9JdJLsmH Uzspe8UzkA0ap8LJaKeSgC+P0Zbu0SwuguhXTNUxfMyhO2xA03B9eNMB5AMlUiCVHWF7 hMAsMeZ31Aw967f2tlRr+flNb30jm0ZRopFH+bf8PFye+XJRNHYSJidIVMXKBm1LIcz2 OzXVHhKxURblafYWOIlVlWNKm/4J3exsXNiDxysyj+EgWlZFHktmk/k/RGrpIjn67SsV 92wTof1e1NYUEB6lApUY1Y8NUvHQG5Wi95sU3au1O0ewanPlsUb4B1VfNzRi2IXFooPi /mgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=dGf1xmst; dkim=neutral (no key) header.i=@linutronix.de header.b=JSQxx+Be; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l63-20020a639142000000b005533a94a2fdsi2944491pge.466.2023.06.16.12.38.31; Fri, 16 Jun 2023 12:38:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=dGf1xmst; dkim=neutral (no key) header.i=@linutronix.de header.b=JSQxx+Be; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346064AbjFPTRY (ORCPT + 99 others); Fri, 16 Jun 2023 15:17:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233340AbjFPTQ5 (ORCPT ); Fri, 16 Jun 2023 15:16:57 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87BB13A8D; Fri, 16 Jun 2023 12:16:55 -0700 (PDT) Date: Fri, 16 Jun 2023 19:16:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1686943014; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9RGa4VIIDFiHWyfftGTzzfEoJi9C11JmGHAo2XjXk4Y=; b=dGf1xmstP0MrdO9iao1Vgav9l0nnH6xVZ1cxTTipfppvgqC26pGJykdQnm+ZwQEWvM8BIF iWUo4H3asZk6OPeBy/N4l8sR7GLylqcilgs76YHedRxIE8kjF1qFoahoRXeG8kW9td3V5m yqivJQweqKg/z4NThQhk2K1PnO+ZdpWJH6GFLbUuDSTU+ODiOaeOKDP4naAl78YicZC+TY n+M3qrbNpiv7h4a1jWbdQ75nqpgZ/MfQFnbcc6dY2JuXS59OhMrtHG5C3k0QdSXAyVIKfy 6SY91gHH6FEdXgbORY8aXkBsxP180rU9KgIEYyjj8VVWnwhFa1uWaKGYAGFC+w== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1686943014; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9RGa4VIIDFiHWyfftGTzzfEoJi9C11JmGHAo2XjXk4Y=; b=JSQxx+Bep9aSokVJaXquW1kGQVX7dBdU7xZUdf+UFGJEOM011SzpGyF0Zoq7RgjnoZP2q5 YHJG2CI+RX4r9qAw== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86: Expose thread features in /proc/$PID/status Cc: "Kirill A. Shutemov" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168694301349.404.16571113627709344472.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768889334542433242?= X-GMAIL-MSGID: =?utf-8?q?1768889334542433242?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: eec387cbf905036a3f6322c6e3b83d03ff9d19fb Gitweb: https://git.kernel.org/tip/eec387cbf905036a3f6322c6e3b83d03ff9d19fb Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:11:02 -07:00 Committer: Dave Hansen CommitterDate: Thu, 15 Jun 2023 16:31:34 -07:00 x86: Expose thread features in /proc/$PID/status Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. [Switched to CET, added to commit log] Co-developed-by: Kirill A. Shutemov Signed-off-by: Kirill A. Shutemov Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-37-rick.p.edgecombe%40intel.com --- arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0..31c0e68 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index d35bbf3..2c2efbe 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -431,6 +431,11 @@ static inline void task_untag_mask(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "untag_mask:\t%#lx\n", mm_untag_mask(mm)); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -455,6 +460,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 0260f5e..80ff8e5 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)