Commit 98cfa463 authored by Rick Edgecombe's avatar Rick Edgecombe Committed by Dave Hansen
Browse files

x86: Introduce userspace API for shadow stack 



Add three new arch_prctl() handles:

 - ARCH_SHSTK_ENABLE/DISABLE enables or disables the specified
   feature. Returns 0 on success or a negative value on error.

 - ARCH_SHSTK_LOCK prevents future disabling or enabling of the
   specified feature. Returns 0 on success or a negative value
   on error.

The features are handled per-thread and inherited over fork(2)/clone(2),
but reset on exec().

Co-developed-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarMike Rapoport (IBM) <rppt@kernel.org>
Tested-by: default avatarPengfei Xu <pengfei.xu@intel.com>
Tested-by: default avatarJohn Allen <john.allen@amd.com>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-27-rick.p.edgecombe%40intel.com
parent 6ee83668

arch/x86/include/asm/processor.h

+6 −0
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ struct vm86; 
#include <asm/unwind_hints.h>

#include <asm/vmxfeatures.h>

#include <asm/vdso/processor.h>

#include <asm/shstk.h>



#include <linux/personality.h>

#include <linux/cache.h>
@@ -475,6 +476,11 @@ struct thread_struct { 
	 */

	u32			pkru;



#ifdef CONFIG_X86_USER_SHADOW_STACK

	unsigned long		features;

	unsigned long		features_locked;

#endif



	/* Floating point and extended processor state */

	struct fpu		fpu;

	/*

arch/x86/include/asm/shstk.h

0 → 100644
+21 −0
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

#ifndef _ASM_X86_SHSTK_H

#define _ASM_X86_SHSTK_H



#ifndef __ASSEMBLY__

#include <linux/types.h>



struct task_struct;



#ifdef CONFIG_X86_USER_SHADOW_STACK

long shstk_prctl(struct task_struct *task, int option, unsigned long features);

void reset_thread_features(void);

#else

static inline long shstk_prctl(struct task_struct *task, int option,

			       unsigned long arg2) { return -EINVAL; }

static inline void reset_thread_features(void) {}

#endif /* CONFIG_X86_USER_SHADOW_STACK */



#endif /* __ASSEMBLY__ */



#endif /* _ASM_X86_SHSTK_H */

arch/x86/include/uapi/asm/prctl.h

+6 −0
Original line number Diff line number Diff line
@@ -23,9 +23,15 @@ 
#define ARCH_MAP_VDSO_32		0x2002

#define ARCH_MAP_VDSO_64		0x2003



/* Don't use 0x3001-0x3004 because of old glibcs */



#define ARCH_GET_UNTAG_MASK		0x4001

#define ARCH_ENABLE_TAGGED_ADDR		0x4002

#define ARCH_GET_MAX_TAG_BITS		0x4003

#define ARCH_FORCE_TAGGED_SVA		0x4004



#define ARCH_SHSTK_ENABLE		0x5001

#define ARCH_SHSTK_DISABLE		0x5002

#define ARCH_SHSTK_LOCK			0x5003



#endif /* _ASM_X86_PRCTL_H */

arch/x86/kernel/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -147,6 +147,8 @@ obj-$(CONFIG_CALL_THUNKS) += callthunks.o 


obj-$(CONFIG_X86_CET)			+= cet.o



obj-$(CONFIG_X86_USER_SHADOW_STACK)	+= shstk.o



###

# 64 bit specific files

ifeq ($(CONFIG_X86_64),y)

arch/x86/kernel/process_64.c

+6 −0
Original line number Diff line number Diff line
@@ -515,6 +515,8 @@ start_thread_common(struct pt_regs *regs, unsigned long new_ip, 
		load_gs_index(__USER_DS);

	}



	reset_thread_features();



	loadsegment(fs, 0);

	loadsegment(es, _ds);

	loadsegment(ds, _ds);
@@ -894,6 +896,10 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2) 
		else

			return put_user(LAM_U57_BITS, (unsigned long __user *)arg2);

#endif

	case ARCH_SHSTK_ENABLE:

	case ARCH_SHSTK_DISABLE:

	case ARCH_SHSTK_LOCK:

		return shstk_prctl(task, option, arg2);

	default:

		ret = -EINVAL;

		break;