Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack

[PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 02/26] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET) · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-07-23
[PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-12
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-17
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@amacapital.net> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@kernel.org> · 2020-05-20
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Peter Zijlstra <peterz@infradead.org> · 2020-05-22
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-22
[PATCH v10 06/26] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 12/26] mm: Introduce VM_SHSTK for shadow stack memory · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 11/26] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY_HW to _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 14/26] x86/mm: Update maybe_mkwrite() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 13/26] x86/mm: Shadow Stack page fault error checking · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 24/26] x86/cet/shstk: ELF header parsing for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 25/26] x86/cet/shstk: Handle thread shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 23/26] ELF: Introduce arch_setup_elf_property() · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2020-05-21
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Eugene Syromiatnikov <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
[PATCH v10 20/26] x86/cet/shstk: Handle signals for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 22/26] ELF: Add ELF program property parsing support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 19/26] x86/cet/shstk: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 21/26] ELF: UAPI and Kconfig additions for ELF program properties · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 18/26] mm: Update can_follow_write_pte() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 17/26] mm/mmap: Add shadow stack pages to memory accounting · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 16/26] mm: Add guard pages around a shadow stack. · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 15/26] mm: Fixup places that call pte_mkwrite() directly · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 10/26] x86/mm: Update pte_modify for _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 09/26] drm/i915/gvt: Change _PAGE_DIRTY to _PAGE_DIRTY_BITS · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 08/26] x86/mm: Introduce _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 07/26] x86/mm: Remove _PAGE_DIRTY_HW from kernel RO pages · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Dave Hansen <hidden> · 2020-05-07
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-07
[PATCH v10 04/26] x86/cet: Add control-protection fault handler · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24

From: Yu-cheng Yu <hidden>
Date: 2020-05-22 17:18:48
Also in: linux-arch, linux-doc, linux-mm, lkml

On Thu, 2020-05-21 at 15:42 -0700, Kees Cook wrote:

On Wed, Apr 29, 2020 at 03:07:32PM -0700, Yu-cheng Yu wrote:

[...]

quoted

+
+int prctl_cet(int option, u64 arg2)
+{
+	struct cet_status *cet;
+
+	if (!IS_ENABLED(CONFIG_X86_INTEL_CET))
+		return -EINVAL;

Using -EINVAL here means userspace can't tell the difference between an
old kernel and a kernel not built with CONFIG_X86_INTEL_CET. Perhaps
-ENOTSUPP?

Looked into this.  The kernel and GLIBC are not in sync.  So maybe we still use
EINVAL here?

Yu-cheng



In kernel:
----------

#define EOPNOTSUPP	95
#define ENOTSUPP 	524

In GLIBC:
---------

printf("ENOTSUP=%d\n", ENOTSUP);
printf("EOPNOTSUPP=%d\n", EOPNOTSUPP);
printf("%s=524\n", strerror(524));
 
ENOTSUP=95
EOPNOTSUPP=95
Unknown error 524=524

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help