From patchwork Sun Jan 30 21:18:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 12730165 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63479C433F5 for ; Sun, 30 Jan 2022 21:22:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CA5B56B00C5; Sun, 30 Jan 2022 16:22:16 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BB5CA6B00C7; Sun, 30 Jan 2022 16:22:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9BA0E6B00C8; Sun, 30 Jan 2022 16:22:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0186.hostedemail.com [216.40.44.186]) by kanga.kvack.org (Postfix) with ESMTP id 7EE616B00C7 for ; Sun, 30 Jan 2022 16:22:16 -0500 (EST) Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 4B6BE181E7875 for ; Sun, 30 Jan 2022 21:22:16 +0000 (UTC) X-FDA: 79088226672.05.FD9627B Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by imf25.hostedemail.com (Postfix) with ESMTP id 7B57DA0002 for ; Sun, 30 Jan 2022 21:22:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643577735; x=1675113735; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=qjlVyEBxxP1l305ldO+H2m7erFyvzIp4PIJC/dne3Rw=; b=k/yMSA5vOXO/S/FL3cUMuz8JUZPccsY9IFgQ3sxu8syKAVUVDlvdrOFY cSbIwBoYcHzvwMs3WxXxIAElv3q0RtCm0l657mEG+lsB1QBRLNRG/AFKT YrZTaYpzbUBpA9MbbDR4qxH5wiK74UyCZ71kB1q4mUPOvi+B+oiXjrR5V c2eT0JaIGJ5gMIQF4Xz7FzLIVPjNblf5VcDFZhazr/sz7HH51rLLahmyG j7g1yznLXLHF5mPgsg0vLOmmsG4JmPCArrBej33qum5SQ8SP8zuXMiLT6 cU213hnC3W5gDOpNNq2toDdGNP8ijIe2V0Nr217tkCt3qxj+8MXV6a6n3 g==; X-IronPort-AV: E=McAfee;i="6200,9189,10243"; a="244970239" X-IronPort-AV: E=Sophos;i="5.88,329,1635231600"; d="scan'208";a="244970239" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2022 13:22:14 -0800 X-IronPort-AV: E=Sophos;i="5.88,329,1635231600"; d="scan'208";a="536857038" Received: from avmallar-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.209.123.171]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2022 13:22:14 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V . Shankar" , Dave Martin , Weijiang Yang , "Kirill A . Shutemov" , joao.moreira@intel.com, John Allen , kcc@google.com, eranian@google.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH 35/35] x86/cpufeatures: Limit shadow stack to Intel CPUs Date: Sun, 30 Jan 2022 13:18:38 -0800 Message-Id: <20220130211838.8382-36-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220130211838.8382-1-rick.p.edgecombe@intel.com> References: <20220130211838.8382-1-rick.p.edgecombe@intel.com> X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 7B57DA0002 X-Stat-Signature: bn7sac7zfz9d3yximytc41z7ufrmj7ya X-Rspam-User: nil Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b="k/yMSA5v"; spf=none (imf25.hostedemail.com: domain of rick.p.edgecombe@intel.com has no SPF policy when checking 192.55.52.93) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com X-HE-Tag: 1643577735-911986 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Shadow stack is supported on newer AMD processors, but the kernel implementation has not been tested on them. Prevent basic issues from showing up for normal users by disabling shadow stack on all CPUs except Intel until it has been tested. At which point the limitation should be removed. Signed-off-by: Rick Edgecombe --- v1: - New patch. arch/x86/kernel/cpu/common.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 9ee339f5b8ca..7fbfe707a1db 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -517,6 +517,14 @@ __setup("nopku", setup_disable_pku); static __always_inline void setup_cet(struct cpuinfo_x86 *c) { + /* + * Shadow stack is supported on AMD processors, but has not been + * tested. Only support it on Intel processors until this is done. + * At which point, this vendor check should be removed. + */ + if (c->x86_vendor != X86_VENDOR_INTEL) + setup_clear_cpu_cap(X86_FEATURE_SHSTK); + if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) return;