From patchwork Wed Oct 16 21:57:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13839018 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A5F4D2F7CF for ; Wed, 16 Oct 2024 21:57:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BBFED6B007B; Wed, 16 Oct 2024 17:57:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B494A6B0082; Wed, 16 Oct 2024 17:57:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9E90A6B0083; Wed, 16 Oct 2024 17:57:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 7EFE06B007B for ; Wed, 16 Oct 2024 17:57:41 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id C0DA6120D31 for ; Wed, 16 Oct 2024 21:57:31 +0000 (UTC) X-FDA: 82680827712.15.5245EE2 Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by imf11.hostedemail.com (Postfix) with ESMTP id 6F3F540009 for ; Wed, 16 Oct 2024 21:57:28 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=zDmUYgIZ; spf=pass (imf11.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.172 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729115667; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=UbTHbF9Ivw4XRDMx9HdyTZiIkXcNQVZ5i0X+Hm69Xao=; b=LfKDqlU0M8dK54qcgJcovz/v8Y688mE+vbjPqVB+40OexafGYcahax8E4/uRcEAVRs1Gbs FLfRMwo6sergDw5weazZ1aEBullCgwt9/E5I8U92MR4mXNIjuP5LAgN7pYCqYh4XdlJ04G f80V64Hr9eNpc0eSRFaLsR8XmDTe8Yo= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=rivosinc-com.20230601.gappssmtp.com header.s=20230601 header.b=zDmUYgIZ; spf=pass (imf11.hostedemail.com: domain of debug@rivosinc.com designates 209.85.214.172 as permitted sender) smtp.mailfrom=debug@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729115667; a=rsa-sha256; cv=none; b=nPkE+cWl9B9oemXBG3F5AubKDRsDFHU5NWwO0gBo9gvpc7j0wd3bIPkELo8yOY9BA1zqeL N+RxzGiLtnNHSZHYa5RnhDb6cA+v5rDKN3QyIed8duMVhJUnIfRy0xOEXs4oMF83NI8tx9 IKh7Js0sHNZ1OCIC/CJpAKqssHWm3JU= Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-20cdb889222so2896105ad.3 for ; Wed, 16 Oct 2024 14:57:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1729115858; x=1729720658; darn=kvack.org; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:from:to:cc:subject:date:message-id:reply-to; bh=UbTHbF9Ivw4XRDMx9HdyTZiIkXcNQVZ5i0X+Hm69Xao=; b=zDmUYgIZn0m9cruIit31YejzglIkfEJQqnPJRlzsBIuqCLnSHmm52GZJr7/ZAgBevt 1rdjH72in7bA2LufDLU/341S0B6HcoTXnEQftGppEJbDlNIM/kTVYVXpG+lrCZIXcGJc imI2KzFZ8qjdbdm8Q7zWaUV7tYouwHpsyCxaSGFZKLBSYhEtvSl6wLFqb+0VAZR6ZHoH 2TyGHZJCj7gLEJzu5ES5GdUq0EOrKicmeWF8QAF8t4XkzDj7dwCr38kFxnUNSWGUYRFV GxncJqo5zwJOq0VeJ3aJmWpCyYM0ff4/NxSaUPXUysT+oT8wHMYLi2SjHf1tEjgFk/Zu sO3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729115858; x=1729720658; h=cc:to:content-transfer-encoding:mime-version:message-id:date :subject:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UbTHbF9Ivw4XRDMx9HdyTZiIkXcNQVZ5i0X+Hm69Xao=; b=g/l7Hei58HOFKo1rB5kTLU/3ULdTdiabPuK/s+jDawPL5JLKqpvK47g0si5Z3v461w awlEcFiV+XOsQTU0cV+Kl46V2Rld8SfE5JnulEm/GUkHBIakS1ZqisgBQaHDRTYP4Wrf kMAwfChfCHwWDlRHzj0rhqEJMcePYAHodpQZAk66i+gKJIyIeNMHEIjXCVTYEHo8siLr +cNwjwFyeadhSfIKgCem7kzV1llVS0xFSt+ddnCgFzKty2Su1O+9sgO53iaUtzpE+H6d QuBrBwUbutcTReayVTxMK0kxXXyl2jJT2N+5yaoRuYpcsaHisOiGERoBSQ7rATB2zHeZ r15w== X-Forwarded-Encrypted: i=1; AJvYcCUZqbBJOb96z+eNxiDXTZ8lSEOxxFoFO8wkgo95TnCs5bcIhiIJF2vr8W9/Ql96bU6wDbxhC9elFQ==@kvack.org X-Gm-Message-State: AOJu0Yy0xWCQN3qCZ5cMgjMWTFogg8ZbdbyVImKr9T7bJWIyV2dIe+1S SrTjTQl0A8u+MEpNTD3f+NV/PU0DGaJC/CGDIo1uE+CpUOBmDowLt+velQ9NhCY= X-Google-Smtp-Source: AGHT+IGX6A+4da53eE5JVmAt66yi5VB34Fb3sCGuK9L6pAJhKzMIQkFG7OhLQxWfzEh6vHhReV6qYg== X-Received: by 2002:a17:902:e747:b0:20c:bca5:12a8 with SMTP id d9443c01a7336-20cbca515a5mr181896915ad.60.1729115857576; Wed, 16 Oct 2024 14:57:37 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-20d17f87ccasm32973295ad.62.2024.10.16.14.57.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2024 14:57:37 -0700 (PDT) From: Deepak Gupta Subject: [PATCH RFC/RFT v2 0/2] Converge common flows for cpu assisted shadow stack Date: Wed, 16 Oct 2024 14:57:32 -0700 Message-Id: <20241016-shstk_converge-v2-0-c41536eb5c3b@rivosinc.com> MIME-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAMw2EGcC/3WNQQrCMBBFr1JmbTSJ2oArQegBijsp0qZTM4iJZ EpQSu5u6N7l4/HfX4AxEjKcqgUiJmIKvoDeVGBd7x8oaCwMWuqDkkoKdjw/7zb4hLHYHqfBDjg dR6OgjN4RJ/qswRu0zWXXNlfoinDEc4jf9SipVf9rJiWkqPdqQNvXpkZzjpQCk7dbG17Q5Zx/W 7YJALgAAAA= To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Arnd Bergmann Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, Rick Edgecombe , Mark Brown , Deepak Gupta X-Mailer: b4 0.14.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 6F3F540009 X-Stat-Signature: focqwuub3kwtczmc7dc1k1dmqzzrs11p X-Rspam-User: X-HE-Tag: 1729115848-164444 X-HE-Meta: U2FsdGVkX1+2eeOVYRVE5qfKZ5WqGiKFx+4oRWWed85GkKDz6ZQl6sdUgVlHEr1yfkbKgbwledTBOxX/RpZyPchnGqDwebM1gUVws4ThlPkS4Aw4/YuKBMtIuiziHYm4/qrPSwEgGq1mNuJ2jGfgsK//enyDuwaiygyYe1vDdnvsLSeKUaWFJL1C10GDGpiRPwQNuWSxCYXCAZA4d3r2mgE4Jn38T041P76kMN3g46iG+y4c1MVLH+LmWqAVYPCH84sE7jijIrZe3qapM8x7YhmfrTOCdLczKrlMGenhRz5kQyHC3YJSKWErCnDIJKG2UVps82rvQkFbUP5dU7g8ITRvOdCX9YCFqfqDEJPTZZkdzpDJ5JshSgZwwH0vhYDqrM5yE73W7QtxSbt+gPszKuC1nwNEUb6Fw1kePxjgnuTnAeLxaW43z4mefwlIDkT4mLylxOuzA+xkH1oLnCOTRb+CAoF+4Cf+QLnZw8YNMZYJtCWi+r/ANZdLsPKaDFwGhrhWWJDDsX1gHRNd6/PEmoXoOZTpSyzDBEARNxILzriwyVLposUhm5yKLlSEOzdqv1bJkONY6etT4uFPn8czPh1M7uP9znHoQhdHcgRmTEq9F+8Yxm3Qg3AhOx0GBol/HlFxsjxZ7xU9NjZ08fpX6otq84FxIvvay7WwhgUvgSdO7y1j2qWWY7smcT4h+X9eoH2qht/cDm5emlK3r2Zekn4xY1zMXjOj9NG8Q3xVCgQJdRYUd0+uKllEoYhY4uVSYXukgV/An0Ao/RAsVjK/ErbULRSiLTDtaEpevsu44PfVzuOrmIviPg/hWNHJCqTrez8+951eWjW9PDgjskH5IPzsNkFpoPtViGNDCu0UfVyu+Jcq0y/D/lButgI9y97pUUvzuXAjjiEfnbbVlQ5HbX9ym7d02dr9rGtJtkyuIsAJVhPHaaNc/feFsfdgBluF4N6/ylWasa+r4n3qA/i F3Zv3qq3 QbXN/C2ggqROZxjDLiInPlHltgBW69ClMQ70YxT9bvBLR4gcaRtOflsG798jRUjrTTXFzEkKd+BsG24617K62l4AyKwAfitY/AeuYZEqRXmDhnN8VAdR1YgBcqtGjU7vws1XRZ64hHKNIKRPfaR8r/Emntq8AS6SL+6dSp8fcwsf3QnZO3CvS22WNDo0EQkLGjw7ns0KqDBFiqLuYjhrpipkzqYK/CADqOKgUSoTz1p5ldFxH/fl2jNxY+mAxBfr63UDNZqSQtQuacy6CDQ2nsWGNI7C7s8wfBBpD/oEOcAv5A29GjAQjm1+vXKg0Xalit+iVCIm72sQGM/wWQxCFMpVIZopHZYOoprc28ozrilgliWqDrieyeD5txV2leKUQOYBxBChzL80dnu9R1RYNsiUhxwn63d0GC2EI05YuR9CaJli8lEi9ssoH27cSlaZBI+BHRjuJFSjgZQvScZvqyrFYZpTeoBLYyAxbaKOnTkMkgMYL89PAto0Is+BealLOpRZUTvKVPZ424FDHXxIrxOGPvpBrZgbrWGokRpTl7LVhpmAUZCjtsB241OSBOp33n4Y8SZ7dztzkwIJMu+Q7o/mV9oO0iK6thXITjoCeeh0e6jjHGMuwVDtz/41C0+mKYlZ8h6IZfLH73WZ+gNWWC2Dqkg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: x86, arm64 and risc-v support cpu assisted shadow stack. x86 was first one and most of the shadow stack related code is in x86 arch directory. arm64 guarded control stack (GCS) patches from Mark Brown are in -next. This led to obvious discussion many how to merge certain common flows in generic code. Recent one being [1]. Goes without saying having generic code helps with bug management as well (not having to fix same bug for 3 different arches). High level common flow between x86, riscv and arm64: - Enabling is via prctl. Enabling and book keeping per task_struct in thread data strutures differ on each architecture. This version of patchset doesn't try to merge those flows. - Managing virtual memory for shadow stack handled similarly. From kernel's perspective shadow stack writeable memory which can be written by only certain selected store operations (depending on arch) This patch converges this notion between different architecture to allocate, map and free shadow stack. - Virtual memory management of shadow stack on clone/fork is similar. Treatment of copy-on-write (COW) or using parent's stack (CLONE_VFORK) or allocating new shadow stack (CLONE_VM) are similar in all arch. Thus logic to setup shadow stack should be similar on clone/fork Mark brown introduced `ARCH_HAS_SHADOW_STACK` as part of arm64 gcs series [2] and this patch set depends on it. This patchset uses same config to move as much as possible common code in generic kernel. Additionaly this patchset introduces wrapper abstractions where arch specific handling is required. Generic code and arch specific code for shadow stack are independent modules and can call into each other. This is by design because each architecture's enabling mechanisms are different but at the same time from kernel's perspective it's a special memory which is writeable from certain selected store operations. I've not tested this. Only compiled for x86 with shadow stack enable. Thus this is a RFC and possible looking for some help to test as well on x86. [1] - https://lore.kernel.org/all/20241008-v5_user_cfi_series-v6-0-60d9fe073f37@rivosinc.com/T/#m98d14237663150778a3f8df59a76a3fe6318624a [2] - https://lore.kernel.org/linux-arm-kernel/20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org/T/#m1ff65a49873b0e770e71de7af178f581c72be7ad To: Thomas Gleixner To: Ingo Molnar To: Borislav Petkov To: Dave Hansen To: x86@kernel.org To: H. Peter Anvin To: Andrew Morton To: Liam R. Howlett To: Vlastimil Babka To: Lorenzo Stoakes To: Arnd Bergmann Cc: linux-kernel@vger.kernel.org Cc: linux-fsdevel@vger.kernel.org Cc: linux-mm@kvack.org Cc: linux-arch@vger.kernel.org Cc: Rick Edgecombe Cc: Mark Brown Signed-off-by: Deepak Gupta --- Changes in v2: - Doesn't carry patch which introduces `ARCH_HAS_SHADOW_STACK`. Most likely it'll be merged as part of arm64 gcs patch series. - moves shstk_setup back into x86 portion. Primary reason is that entire arch specific prctl specific handling can't be made generic easily due to arch differences. - Due to prctl handling code remaining arch specific, removed generic wrappers to set thread status and shstk enabling - Removed x86 specific comment - Added `SHADOW_STACK_SET_MARKER` - Link to v1: https://lore.kernel.org/r/20241010-shstk_converge-v1-0-631beca676e7@rivosinc.com --- Deepak Gupta (2): mm: helper `is_shadow_stack_vma` to check shadow stack vma kernel: converge common shadow stack flow agnostic to arch arch/x86/include/asm/shstk.h | 7 + arch/x86/include/uapi/asm/mman.h | 3 - arch/x86/kernel/shstk.c | 223 +++++--------------------------- include/linux/usershstk.h | 22 ++++ include/uapi/asm-generic/mman-common.h | 5 + kernel/Makefile | 2 + kernel/usershstk.c | 230 +++++++++++++++++++++++++++++++++ mm/gup.c | 2 +- mm/mmap.c | 2 +- mm/vma.h | 10 +- 10 files changed, 305 insertions(+), 201 deletions(-) --- base-commit: 4e0105ad0161b4262b51f034a757c4899c647487 change-id: 20241010-shstk_converge-aefbcbef5d71 -- - debug