From patchwork Wed Jul 19 22:47:40 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner <tip-bot2@linutronix.de>
X-Patchwork-Id: 122887
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2769243vqt;
        Wed, 19 Jul 2023 16:22:08 -0700 (PDT)
X-Google-Smtp-Source: 
 APBJJlFd1GHlHNV4FGZn87vVPxOb06+1pW+aZ/4Mm40Q7dgXYqNHGINSFM6+M4uXsHZSCcXxNVpv
X-Received: by 2002:a05:6358:3991:b0:134:ece4:1e81 with SMTP id
 b17-20020a056358399100b00134ece41e81mr506140rwe.7.1689808928448;
        Wed, 19 Jul 2023 16:22:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689808928; cv=none;
        d=google.com; s=arc-20160816;
        b=Y4ICV5oCluAZ+SKdzcqwXiN6mVPhAMw1/h1iKonGRzC7hucfW3Znx1mgHOMAqmls9t
         uPXbzsR49vfwdQd8h5v2iX72o/i8VnFsFdh1xyMJyei1bInOhjbvYgKrXsBTTGG37EUF
         5eOy0pzzeG3Cn1DaK1zlCNq+bBIwMfLZuSAJzUSBKmGeY5wjt2F5QbquYzCPr8vYw8Fd
         V5cDHU6IHKqwe3J+yArTaqiza178Mk0gdS/x0RRjrQGwjpUqowI1POWiOikxb0mJ0kdK
         BpotFEryyBsVDCdqF6vnfHosQl4/HJEgdFx2JWt5qHiVBil6xK71R4UgaieR9Z69EIjj
         GYHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:robot-unsubscribe
         :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from
         :dkim-signature:dkim-signature:date;
        bh=iYyZYtqS+AEGd5Pnlk5ms106y7I8+ZRGduGGs3pZQd8=;
        fh=cYKsLYKlfL5GLDpOt1a9DaF93PQ8azQhO0iBCt+veh0=;
        b=N08D5gPX+abO4txwnZcOF8KA8w9CGEFvNh8rQvu44/dbOGNRe8m4/zHBVrFTe81UWO
         Y52xtlTb2j+AcIG4mft8PTklGZWxHbq2Ek/UMgNWwJQT9x66OdyCdSM2yDfU5A/iWtyv
         Hqn3c9aqAUG8dUTXVdh+nRquIk5RAWt8TgX0qaZJ6nDeT7O6yI6c1w124EXuP6hSFZyU
         tU6q48IOL4MzaAwDIPAhIXdUBL5YiUGUPBk5xOQslz8g4/p6iEGamQ17FtaY2+HXF00/
         XnxgBnui1zdZePF/4WyKo2X0AS8yeHGBQHUg9YTKSNIaRxb/ccUflwYvRJaFLFwMGtUm
         3otA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="UPtYlnJ/";
       dkim=neutral (no key) header.i=@linutronix.de header.b=HG5YCtbE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 r29-20020a638f5d000000b00553d7157e86si4554476pgn.338.2023.07.19.16.21.55;
        Wed, 19 Jul 2023 16:22:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b="UPtYlnJ/";
       dkim=neutral (no key) header.i=@linutronix.de header.b=HG5YCtbE;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231403AbjGSWtm (ORCPT <rfc822;assdfgzxcv4@gmail.com>
        + 99 others); Wed, 19 Jul 2023 18:49:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42850 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231279AbjGSWrz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Jul 2023 18:47:55 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD5A7270D;
        Wed, 19 Jul 2023 15:47:43 -0700 (PDT)
Date: Wed, 19 Jul 2023 22:47:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1689806861;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
  content-transfer-encoding:content-transfer-encoding;
        bh=iYyZYtqS+AEGd5Pnlk5ms106y7I8+ZRGduGGs3pZQd8=;
        b=UPtYlnJ/I6q8KdjNdA/U7uV49FcgktinODgB8z1iGJHYQ9b9sYYX2A9F3H90teyuRsjQgt
        pNdgFW5c67Yw0tRkG/PbCh7rzqPD/qkfmJdW85iWBkNaCumSo8HSkYtajGKKJQkVUpkzuV
        VcmLlkET6YFCjwhCvPXMh9UVM5fZ8MyJnC3XDxSXGPokgitg/bKOkvIh+yYRamsfOZMDLr
        x+ZFGHMaK02SW8qEPSdJyZYt4Gu1cFfQ8r6y5UX0LbFN5rnG9c6hBk4BjRDbiGPUrPqj67
        BS76mbvvx7Fk98vou9scRaVVOHDf0zYpmokIiOVkGPYcKbFhOIesYtyCd2qEcw==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1689806861;
        h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
         message-id:message-id:to:to:cc:cc:mime-version:mime-version:
         content-type:content-type:
  content-transfer-encoding:content-transfer-encoding;
        bh=iYyZYtqS+AEGd5Pnlk5ms106y7I8+ZRGduGGs3pZQd8=;
        b=HG5YCtbEz4gfoMYKmaXqgl6IyzPa5dOvd3Kdq8C+LTkEuxbOBVFU44XJKXjhFkps+CCwBL
        AtJL8f/VYSZv+ACQ==
From: "tip-bot2 for Rick Edgecombe" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/shstk] x86/cpufeatures: Add CPU feature flags for shadow
 stacks
Cc: "Yu-cheng Yu" <yu-cheng.yu@intel.com>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "Borislav Petkov (AMD)" <bp@alien8.de>,
        Kees Cook <keescook@chromium.org>,
        "Mike Rapoport (IBM)" <rppt@kernel.org>,
        Pengfei Xu <pengfei.xu@intel.com>,
        John Allen <john.allen@amd.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org
MIME-Version: 1.0
Message-ID: <168980686077.28540.9644400808231268450.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from
 these emails
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1771893087218243969
X-GMAIL-MSGID: 1771893087218243969

The following commit has been merged into the x86/shstk branch of tip:

Commit-ID:     701fb66d576ec4d06903e7dd55678a3005d86e5f
Gitweb:        https://git.kernel.org/tip/701fb66d576ec4d06903e7dd55678a3005d86e5f
Author:        Rick Edgecombe <rick.p.edgecombe@intel.com>
AuthorDate:    Mon, 12 Jun 2023 17:10:34 -07:00
Committer:     Rick Edgecombe <rick.p.edgecombe@intel.com>
CommitterDate: Tue, 11 Jul 2023 14:12:18 -07:00

x86/cpufeatures: Add CPU feature flags for shadow stacks

The Control-Flow Enforcement Technology contains two related features,
one of which is Shadow Stacks. Future patches will utilize this feature
for shadow stack support in KVM, so add a CPU feature flags for Shadow
Stacks (CPUID.(EAX=7,ECX=0):ECX[bit 7]).

To protect shadow stack state from malicious modification, the registers
are only accessible in supervisor mode. This implementation
context-switches the registers with XSAVES. Make X86_FEATURE_SHSTK depend
on XSAVES.

The shadow stack feature, enumerated by the CPUID bit described above,
encompasses both supervisor and userspace support for shadow stack. In
near future patches, only userspace shadow stack will be enabled. In
expectation of future supervisor shadow stack support, create a software
CPU capability to enumerate kernel utilization of userspace shadow stack
support. This user shadow stack bit should depend on the HW "shstk"
capability and that logic will be implemented in future patches.

Co-developed-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-9-rick.p.edgecombe%40intel.com
---
 arch/x86/include/asm/cpufeatures.h       | 2 ++
 arch/x86/include/asm/disabled-features.h | 8 +++++++-
 arch/x86/kernel/cpu/cpuid-deps.c         | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index cb8ca46..d7215c8 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -308,6 +308,7 @@
 #define X86_FEATURE_MSR_TSX_CTRL	(11*32+20) /* "" MSR IA32_TSX_CTRL (Intel) implemented */
 #define X86_FEATURE_SMBA		(11*32+21) /* "" Slow Memory Bandwidth Allocation */
 #define X86_FEATURE_BMEC		(11*32+22) /* "" Bandwidth Monitoring Event Configuration */
+#define X86_FEATURE_USER_SHSTK		(11*32+23) /* Shadow stack support for user mode applications */
 
 /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
 #define X86_FEATURE_AVX_VNNI		(12*32+ 4) /* AVX VNNI instructions */
@@ -380,6 +381,7 @@
 #define X86_FEATURE_OSPKE		(16*32+ 4) /* OS Protection Keys Enable */
 #define X86_FEATURE_WAITPKG		(16*32+ 5) /* UMONITOR/UMWAIT/TPAUSE Instructions */
 #define X86_FEATURE_AVX512_VBMI2	(16*32+ 6) /* Additional AVX512 Vector Bit Manipulation Instructions */
+#define X86_FEATURE_SHSTK		(16*32+ 7) /* "" Shadow stack */
 #define X86_FEATURE_GFNI		(16*32+ 8) /* Galois Field New Instructions */
 #define X86_FEATURE_VAES		(16*32+ 9) /* Vector AES */
 #define X86_FEATURE_VPCLMULQDQ		(16*32+10) /* Carry-Less Multiplication Double Quadword */
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index fafe9be..b9c7eae 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -105,6 +105,12 @@
 # define DISABLE_TDX_GUEST	(1 << (X86_FEATURE_TDX_GUEST & 31))
 #endif
 
+#ifdef CONFIG_X86_USER_SHADOW_STACK
+#define DISABLE_USER_SHSTK	0
+#else
+#define DISABLE_USER_SHSTK	(1 << (X86_FEATURE_USER_SHSTK & 31))
+#endif
+
 /*
  * Make sure to add features to the correct mask
  */
@@ -120,7 +126,7 @@
 #define DISABLED_MASK9	(DISABLE_SGX)
 #define DISABLED_MASK10	0
 #define DISABLED_MASK11	(DISABLE_RETPOLINE|DISABLE_RETHUNK|DISABLE_UNRET| \
-			 DISABLE_CALL_DEPTH_TRACKING)
+			 DISABLE_CALL_DEPTH_TRACKING|DISABLE_USER_SHSTK)
 #define DISABLED_MASK12	(DISABLE_LAM)
 #define DISABLED_MASK13	0
 #define DISABLED_MASK14	0
diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c
index f6748c8..e462c1d 100644
--- a/arch/x86/kernel/cpu/cpuid-deps.c
+++ b/arch/x86/kernel/cpu/cpuid-deps.c
@@ -81,6 +81,7 @@ static const struct cpuid_dep cpuid_deps[] = {
 	{ X86_FEATURE_XFD,			X86_FEATURE_XSAVES    },
 	{ X86_FEATURE_XFD,			X86_FEATURE_XGETBV1   },
 	{ X86_FEATURE_AMX_TILE,			X86_FEATURE_XFD       },
+	{ X86_FEATURE_SHSTK,			X86_FEATURE_XSAVES    },
 	{}
 };