Inter-revision diff: patch 35

Comparing v1 (message) to v8 (message) 

--- v1
+++ v8
@@ -1,37 +1,113 @@
-Shadow stack is supported on newer AMD processors, but the kernel
-implementation has not been tested on them. Prevent basic issues from
-showing up for normal users by disabling shadow stack on all CPUs except
-Intel until it has been tested. At which point the limitation should be
-removed.
+Applications and loaders can have logic to decide whether to enable
+shadow stack. They usually don't report whether shadow stack has been
+enabled or not, so there is no way to verify whether an application
+actually is protected by shadow stack.
 
+Add two lines in /proc/$PID/status to report enabled and locked features.
+
+Since, this involves referring to arch specific defines in asm/prctl.h,
+implement an arch breakout to emit the feature lines.
+
+[Switched to CET, added to commit log]
+
+Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
 Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
+Tested-by: Pengfei Xu <pengfei.xu@intel.com>
+Tested-by: John Allen <john.allen@amd.com>
+Tested-by: Kees Cook <keescook@chromium.org>
 ---
+v4:
+ - Remove "CET" references
 
-v1:
- - New patch.
+v3:
+ - Move to /proc/pid/status (Kees)
 
- arch/x86/kernel/cpu/common.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
+v2:
+ - New patch
+---
+ arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++
+ fs/proc/array.c            |  6 ++++++
+ include/linux/proc_fs.h    |  2 ++
+ 3 files changed, 31 insertions(+)
 
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 9ee339f5b8ca..7fbfe707a1db 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -517,6 +517,14 @@ __setup("nopku", setup_disable_pku);
+diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c
+index 099b6f0d96bd..31c0e68f6227 100644
+--- a/arch/x86/kernel/cpu/proc.c
++++ b/arch/x86/kernel/cpu/proc.c
+@@ -4,6 +4,8 @@
+ #include <linux/string.h>
+ #include <linux/seq_file.h>
+ #include <linux/cpufreq.h>
++#include <asm/prctl.h>
++#include <linux/proc_fs.h>
  
- static __always_inline void setup_cet(struct cpuinfo_x86 *c)
+ #include "cpu.h"
+ 
+@@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = {
+ 	.stop	= c_stop,
+ 	.show	= show_cpuinfo,
+ };
++
++#ifdef CONFIG_X86_USER_SHADOW_STACK
++static void dump_x86_features(struct seq_file *m, unsigned long features)
++{
++	if (features & ARCH_SHSTK_SHSTK)
++		seq_puts(m, "shstk ");
++	if (features & ARCH_SHSTK_WRSS)
++		seq_puts(m, "wrss ");
++}
++
++void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task)
++{
++	seq_puts(m, "x86_Thread_features:\t");
++	dump_x86_features(m, task->thread.features);
++	seq_putc(m, '\n');
++
++	seq_puts(m, "x86_Thread_features_locked:\t");
++	dump_x86_features(m, task->thread.features_locked);
++	seq_putc(m, '\n');
++}
++#endif /* CONFIG_X86_USER_SHADOW_STACK */
+diff --git a/fs/proc/array.c b/fs/proc/array.c
+index 9b0315d34c58..3e1a33dcd0d0 100644
+--- a/fs/proc/array.c
++++ b/fs/proc/array.c
+@@ -423,6 +423,11 @@ static inline void task_thp_status(struct seq_file *m, struct mm_struct *mm)
+ 	seq_printf(m, "THP_enabled:\t%d\n", thp_enabled);
+ }
+ 
++__weak void arch_proc_pid_thread_features(struct seq_file *m,
++					  struct task_struct *task)
++{
++}
++
+ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+ 			struct pid *pid, struct task_struct *task)
  {
-+	/*
-+	 * Shadow stack is supported on AMD processors, but has not been
-+	 * tested. Only support it on Intel processors until this is done.
-+	 * At which point, this vendor check should be removed.
-+	 */
-+	if (c->x86_vendor != X86_VENDOR_INTEL)
-+		setup_clear_cpu_cap(X86_FEATURE_SHSTK);
+@@ -446,6 +451,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+ 	task_cpus_allowed(m, task);
+ 	cpuset_task_status_allowed(m, task);
+ 	task_context_switch_counts(m, task);
++	arch_proc_pid_thread_features(m, task);
+ 	return 0;
+ }
+ 
+diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
+index 0260f5ea98fe..80ff8e533cbd 100644
+--- a/include/linux/proc_fs.h
++++ b/include/linux/proc_fs.h
+@@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns,
+ 			struct pid *pid, struct task_struct *task);
+ #endif /* CONFIG_PROC_PID_ARCH_STATUS */
+ 
++void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task);
 +
- 	if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
- 		return;
+ #else /* CONFIG_PROC_FS */
  
+ static inline void proc_root_init(void)
 -- 
 2.17.1
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help