From patchwork Mon Nov 19 21:48:03 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yu-cheng Yu <yu-cheng.yu@intel.com>
X-Patchwork-Id: 10689551
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1DB9C13BB
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Mon, 19 Nov 2018 21:55:10 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 100F12A583
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Mon, 19 Nov 2018 21:55:10 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 03F0A2A6F3; Mon, 19 Nov 2018 21:55:10 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 901BF2A583
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Mon, 19 Nov 2018 21:55:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 4F82C6B1C9F; Mon, 19 Nov 2018 16:54:32 -0500 (EST)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 484376B1CA3; Mon, 19 Nov 2018 16:54:32 -0500 (EST)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1E5B36B1CA2; Mon, 19 Nov 2018 16:54:32 -0500 (EST)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com
 [209.85.210.198])
	by kanga.kvack.org (Postfix) with ESMTP id CB3CD6B1C9F
	for <linux-mm@kvack.org>; Mon, 19 Nov 2018 16:54:31 -0500 (EST)
Received: by mail-pf1-f198.google.com with SMTP id 68so21655045pfr.6
        for <linux-mm@kvack.org>; Mon, 19 Nov 2018 13:54:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-original-authentication-results:x-gm-message-state:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=E0G/ZhvDtzadXfew8Pq+HzUDsd3S9LSVTFg1o3vV4DM=;
        b=qxYkD6ZMfapVr6vb+UWL4PtibYiT8LR2p2pe43DR/lZzehmDkmxwvJcJMct+TXm7LD
         Xwub+FqMzPnxtxuhge4fyP0ToqWEHAbPyiFuBiSn9ezejd4FveolHszUoJ8mEnAHXkT0
         BkXzBMvIV1A2L9UZYUf3MpLu9TvacQGEueRCS9HwphV35s9x/q8bS/nzt2D/sKDyGT4/
         vc7s8avqzxxZPY/vLnXuIg0h/dYsGgUYQV4gHv1z/h0bUUzMIXVRcPxk0N9sHd/Ie6RJ
         Gs02flX+0+ePv3BGFAmRJAUO3sPaJOpe7KaP6eeVWFAaSsYSupw3iwvQsyufthMvPXUU
         pyZw==
X-Original-Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.93 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Gm-Message-State: AGRZ1gLVSZHE9f992RL7Fs5Ti7Q4vPS3MMQSNqFTExnE5N1MkRGkOuMW
	7gHscnFnZSG1cTUbHvyyKzbd2/Vg6ABKEPA94/gkInp5FyjOxoWSLvGmkXLvPfdYzZM5ZOFn9aE
	yOHzOoPCVwRHBYKvadopl+giyaOpWAypPCzQBxsNaXC40A7GSW+lcEeyEGTw/xtWgYw==
X-Received: by 2002:a62:5f05:: with SMTP id
 t5-v6mr24709867pfb.223.1542664471510;
        Mon, 19 Nov 2018 13:54:31 -0800 (PST)
X-Google-Smtp-Source: 
 AJdET5eKWfXZCheBmz8VxJHyK+JsQi7OSLThdA68K0x0dFEY9aXkphWev/ssAv6tQ6TEzGRo9lOG
X-Received: by 2002:a62:5f05:: with SMTP id
 t5-v6mr24709834pfb.223.1542664470773;
        Mon, 19 Nov 2018 13:54:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542664470; cv=none;
        d=google.com; s=arc-20160816;
        b=nHbTy4y1tvEX2ZNzEpi3kseawj/fhJ0NOTgc2FOWb55Sc9wh2lj+tjL+BN49OIYOjR
         WjvCBtXBUOKPzQKMXAwDKagzFz658KBmmePXHEGRWKNdpFUuJE827MY4PIRA9/EW1uaa
         AJ5+tKvjSpt9pg6Y0dyMW2QO+T75ygyDETRP0RmYuU0W8ChT7GaAZ41roDgruG6LSiv4
         BHudgF28u+OGtZuzvCT0cT3XCjdr07Ozqn9tRhpjefjchwNOFptVXUtIIx3SFRJhqfLy
         vLMam9RYRbyvGYAs17UtaIcdJFjcJ2ziyDr6caGnA/kXirUAD9AbHF9Mi9w+YZvC7A68
         IR5g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=E0G/ZhvDtzadXfew8Pq+HzUDsd3S9LSVTFg1o3vV4DM=;
        b=U37Ja338yoyRoL8Cf+oMlA8Se8VhWsqcnSL4EW/WqvJdMu4KPfhBOknJRX6r2HI1wY
         bJlD6DAUmiL7qWi0FGRpuhll2UGa9h4vgY+Dk25nPB518Q7pOSZf1RgdV1AsLTE+ZkSE
         5BgLAvqOBcOxCVQk7ARylL+zcmhX+z2Is8YrCx8mAd8EIMfW+tB8y+7nbgFBwuStN/UD
         uaD2fBtGQYH1k4ok8cW+xC4ZBfrQ2m7n8HCwpvJ6FtaMGAT60kKMwdII302Pro5Dzkes
         B6yvhLPU6iIditqgXSPFf73LFgV95TqimkBULPNf+OINi9ELdkjenVChHBivbcWRV64A
         e3/g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.93 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93])
        by mx.google.com with ESMTPS id
 o11si40652866pgd.234.2018.11.19.13.54.30
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 19 Nov 2018 13:54:30 -0800 (PST)
Received-SPF: pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.93 as permitted sender) client-ip=192.55.52.93;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of yu-cheng.yu@intel.com designates
 192.55.52.93 as permitted sender) smtp.mailfrom=yu-cheng.yu@intel.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 19 Nov 2018 13:54:30 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,254,1539673200";
   d="scan'208";a="93319902"
Received: from yyu32-desk1.sc.intel.com ([143.183.136.147])
  by orsmga008.jf.intel.com with ESMTP; 19 Nov 2018 13:54:29 -0800
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@amacapital.net>,
	Balbir Singh <bsingharora@gmail.com>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H.J. Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [RFC PATCH v6 20/26] x86/cet/shstk: Introduce WRUSS instruction
Date: Mon, 19 Nov 2018 13:48:03 -0800
Message-Id: <20181119214809.6086-21-yu-cheng.yu@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181119214809.6086-1-yu-cheng.yu@intel.com>
References: <20181119214809.6086-1-yu-cheng.yu@intel.com>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

WRUSS is a new kernel-mode instruction but writes directly to user
shadow stack memory.  This is used to construct a return address on
the shadow stack for the signal handler.

This instruction can fault if the user shadow stack is invalid shadow
stack memory.  In that case, the kernel does a fixup.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
---
 arch/x86/include/asm/special_insns.h | 32 ++++++++++++++++++++++++++++
 arch/x86/mm/fault.c                  |  9 ++++++++
 2 files changed, 41 insertions(+)

diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h
index 43c029cdc3fe..43957f197a9a 100644
--- a/arch/x86/include/asm/special_insns.h
+++ b/arch/x86/include/asm/special_insns.h
@@ -237,6 +237,38 @@ static inline void clwb(volatile void *__p)
 		: [pax] "a" (p));
 }
 
+#ifdef CONFIG_X86_INTEL_CET
+#if defined(CONFIG_IA32_EMULATION) || defined(CONFIG_X86_X32)
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	asm_volatile_goto("1: wrussd %1, (%0)\n"
+			  _ASM_EXTABLE(1b, %l[fail])
+			  :: "r" (addr), "r" (val)
+			  :: fail);
+	return 0;
+fail:
+	return -EPERM;
+}
+#else
+static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
+{
+	WARN_ONCE(1, "%s used but not supported.\n", __func__);
+	return -EFAULT;
+}
+#endif
+
+static inline int write_user_shstk_64(unsigned long addr, unsigned long val)
+{
+	asm_volatile_goto("1: wrussq %1, (%0)\n"
+			  _ASM_EXTABLE(1b, %l[fail])
+			  :: "r" (addr), "r" (val)
+			  :: fail);
+	return 0;
+fail:
+	return -EPERM;
+}
+#endif /* CONFIG_X86_INTEL_CET */
+
 #define nop() asm volatile ("nop")
 
 
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c3368fed706c..7b5de629748e 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1318,6 +1318,15 @@ void do_user_addr_fault(struct pt_regs *regs,
 		}
 		flags |= FAULT_FLAG_USER;
 	} else {
+		/*
+		 * WRUSS is a kernel instruction and but writes
+		 * to user shadow stack.  When a fault occurs,
+		 * both X86_PF_USER and X86_PF_SHSTK are set.
+		 * Clear X86_PF_USER from sw_error_code.
+		 */
+		if ((hw_error_code & (X86_PF_USER | X86_PF_SHSTK)) ==
+		    (X86_PF_USER | X86_PF_SHSTK))
+			sw_error_code &= ~X86_PF_USER;
 		if (regs->flags & X86_EFLAGS_IF)
 			local_irq_enable();
 	}