Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling

[PATCH v3 00/37] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 01/37] Documentation/x86: Add CET description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 02/37] x86/cet/shstk: Add Kconfig option for Shadow Stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 03/37] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 03/37] x86/cpufeatures: Add CPU feature flags for shadow stacks · Borislav Petkov <bp@alien8.de> · 2022-11-07
[PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
[PATCH v3 05/37] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 06/37] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 09/37] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 08/37] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 07/37] x86/cet: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 10/37] x86/mm: Introduce _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 11/37] x86/mm: Update pte_modify for _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 12/37] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 14/37] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-16
[PATCH v3 16/37] x86/mm: Update maybe_mkwrite() for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 17/37] mm: Fixup places that call pte_mkwrite() directly · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 19/37] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 21/37] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 22/37] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 23/37] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 26/37] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-16
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-16
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-17
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 28/37] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 29/37] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 30/37] x86/shstk: Support wrss for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 31/37] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 32/37] x86/cet/shstk: Wire in CET interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 34/37] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 33/37] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-17
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Peter Zijlstra <peterz@infradead.org> · 2022-11-17
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-17
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Mike Rapoport <rppt@kernel.org> · 2022-11-21
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-21
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Mike Rapoport <rppt@kernel.org> · 2022-11-22
[PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Dave Hansen <hidden> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
[RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · H.J. Lu <hidden> · 2022-11-04
Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07

From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Date: 2022-11-15 20:55:16
Also in: linux-arch, linux-doc, linux-mm, lkml

On Tue, 2022-11-15 at 14:03 +0100, Peter Zijlstra wrote:

On Tue, Nov 15, 2022 at 01:26:23PM +0100, Peter Zijlstra wrote:

quoted

On Fri, Nov 04, 2022 at 03:35:51PM -0700, Rick Edgecombe wrote:

quoted

From: "Kirill A. Shutemov" <redacted>

Add three new arch_prctl() handles:

  - ARCH_CET_ENABLE/DISABLE enables or disables the specified
    feature. Returns 0 on success or an error.

  - ARCH_CET_LOCK prevents future disabling or enabling of the
    specified feature. Returns 0 on success or an error

The features are handled per-thread and inherited over
fork(2)/clone(2),
but reset on exec().

This is preparation patch. It does not implement any features.

Urgh... so much for sharing with other architectures I suppose :/

The ARM64 BTI thing is very similar to IBT (except I think their
approach to the legacy bitmap is much saner).

Given that IBT isn't supported and needs the whole legacy bitmap
mess,
do we really want to call this CET ? Why not just make a Shadow
Stack
API and tackle IBT independently.

On that; ARM64 exposes PROT_BTI (to be used by mprotect()) and have
an
ELF_ARM64_BTI note for the loader to bootstrap things.

We could co-opt that same interface and instead of flipping actual
PTE
bits, have this thing manage the legacy bitmap -- basically have the
legacy bitmap function as an external PTE bit array (in inverse).

Basically, have every page mapped PROT_EXEC set the bit in the legacy
bitmap while every page mapped PROT_EXEC|PROT_BTI will have the
legacy
bitmap bit to 0.

And as long as there is a single 0 in the bitmap, the feature is
enabled.

(obviously we can delay allocating the bitmap until the first
PROT_EXEC
mapping that lacks PROT_BTI)

This is an interesting idea. I'll have to think a little more on it.

One non-impossible issue would be setting IBT in the MSR late. Each
thread would have to be interrupted and have it set, while no new
threads are created. Maybe this is easy and I just don't know how to do
it.

The other thing is there would be overhead compared to an IBT
implementation with a separate interface from BTI. Would have to look
at the tradeoffs.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help