Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET

[PATCH v3 00/37] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 01/37] Documentation/x86: Add CET description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 02/37] x86/cet/shstk: Add Kconfig option for Shadow Stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 03/37] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 03/37] x86/cpufeatures: Add CPU feature flags for shadow stacks · Borislav Petkov <bp@alien8.de> · 2022-11-07
[PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-11-07
Re: [PATCH v3 04/37] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07
[PATCH v3 05/37] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 06/37] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 09/37] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 08/37] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 07/37] x86/cet: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 10/37] x86/mm: Introduce _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 11/37] x86/mm: Update pte_modify for _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 12/37] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 13/37] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 14/37] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 15/37] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-11-16
[PATCH v3 16/37] x86/mm: Update maybe_mkwrite() for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 17/37] mm: Fixup places that call pte_mkwrite() directly · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 19/37] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 20/37] mm/mprotect: Exclude shadow stack from preserve_write · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 21/37] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 22/37] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 23/37] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 24/37] x86: Introduce userspace API for CET enabling · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 26/37] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-16
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-16
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-17
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 27/37] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
[PATCH v3 28/37] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 29/37] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 30/37] x86/shstk: Support wrss for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 31/37] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 32/37] x86/cet/shstk: Wire in CET interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 34/37] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 33/37] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
[PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-17
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Peter Zijlstra <peterz@infradead.org> · 2022-11-17
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-17
RE: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Schimpe, Christina <hidden> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-18
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Mike Rapoport <rppt@kernel.org> · 2022-11-21
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-21
Re: [PATCH v3 35/37] x86/cet: Add PTRACE interface for CET · Mike Rapoport <rppt@kernel.org> · 2022-11-22
[PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Dave Hansen <hidden> · 2022-11-15
Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK · Peter Zijlstra <peterz@infradead.org> · 2022-11-15
[RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-11-04
Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · H.J. Lu <hidden> · 2022-11-04
Re: [RFC 37/37] fs/binfmt_elf: Block old shstk elf bit · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-11-07

From: Peter Zijlstra <peterz@infradead.org>
Date: 2022-11-17 14:15:51
Also in: linux-arch, linux-doc, linux-mm, lkml

On Thu, Nov 17, 2022 at 12:25:16PM +0000, Schimpe, Christina wrote:

quoted

+ Christina

On Tue, 2022-11-15 at 15:43 +0100, Peter Zijlstra wrote:

quoted

On Fri, Nov 04, 2022 at 03:36:02PM -0700, Rick Edgecombe wrote:

quoted

From: Yu-cheng Yu <redacted>

Some applications (like GDB and CRIU) would like to tweak CET state
via ptrace. This allows for existing functionality to continue to
work for seized CET applications. Provide an interface based on the
xsave buffer format of CET, but filter unneeded states to make the
kernel’s job easier.

There is already ptrace functionality for accessing xstate, but this
does not include supervisor xfeatures. So there is not a completely
clear place for where to put the CET state. Adding it to the user
xfeatures regset would complicate that code, as it currently shares
logic with signals which should not have supervisor features.

Don’t add a general supervisor xfeature regset like the user one,
because it is better to maintain flexibility for other supervisor
xfeatures to define their own interface. For example, an xfeature
may decide not to expose all of it’s state to userspace. A lot of
enum values remain to be used, so just put it in dedicated CET
regset.

The only downside to not having a generic supervisor xfeature
regset, is that apps need to be enlightened of any new supervisor
xfeature exposed this way (i.e. they can’t try to have generic
save/restore logic). But maybe that is a good thing, because they
have to think through each new xfeature instead of encountering
issues when new a new supervisor xfeature was added.

Per this argument this should not use the CET XSAVE format and CET
name at all, because that conflates the situation vs IBT. Enabling
that might not want to follow this precedent.

Hmm, we definitely need to be able to set the SSP. Christina, does GDB need
anything else? I thought maybe toggling SHSTK_EN?

In addition to the SSP, we want to write the CET state. For instance for inferior calls,
we want to reset the IBT bits.

This is about Shadow Stack -- IBT is a completely different feature and
not subject of this series.

Also, wth is an inferior call?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help