From patchwork Thu Jan 19 21:23:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rick Edgecombe X-Patchwork-Id: 13108811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A61A7C004D4 for ; Thu, 19 Jan 2023 21:24:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EEDA028000A; Thu, 19 Jan 2023 16:24:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E292E280001; Thu, 19 Jan 2023 16:24:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C308528000A; Thu, 19 Jan 2023 16:24:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id A4981280001 for ; Thu, 19 Jan 2023 16:24:20 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 6EAF91C65BC for ; Thu, 19 Jan 2023 21:24:20 +0000 (UTC) X-FDA: 80372827080.12.DBCBEE8 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by imf27.hostedemail.com (Postfix) with ESMTP id 5E50F40017 for ; Thu, 19 Jan 2023 21:24:18 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=WkYbOLMw; spf=pass (imf27.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674163458; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=upYGst2M+pM9taclLJcrPM9etxXHvFq2ULPd7LORduM=; b=GUNApVzOkK3W5m4oXgi8XUwXcMDc17WJf2IeYevD81GuB2+bsEXSUpCZaAyj4/rQaYHJ01 0pMKTqbvyNk9sZZFDRkwDbK6aIDBg+oYhOdgbBEZ9j0juess7I95n4qdEx92WkfO43eLrB QejB67z3V0wMUqloJ8e2zW3PKW+39RU= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=WkYbOLMw; spf=pass (imf27.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674163458; a=rsa-sha256; cv=none; b=vRw0cdSM7FAYFqweqNlqC42l4wbATnBIHFGpQZfkOR0uXWTpY1UUUdDc46IejofQ6csLj2 TqLJ24mMiIBvJi1+D7zR5vS5p60R5gC9noWythhSfOavQXtikDAxeYo9luuZYgSjeFBRQQ 0pXjWTROciGzQHWOT4L2IohRpvwV6zQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674163458; x=1705699458; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=vY8qQFdDU3u0a0tvehCZCS7MwIYptOrO+eN8SXLOirs=; b=WkYbOLMwdw7lrIkE6D2/e+FlWZTuhSpMQG9coYxAGzFLGcgmeaB6sS+o /BTyHtH5zV8iFj/2a0ZbPc7Hpc+SD/Ma/zB6ee5DSR8cMI60NTFUXtZRM WAuVaIHZpD+Hq0OPtMv/HAfCHGrqrwPkLJbQmzhogheAeIu8i4mrtE18g 8oZMLl7+lIg52TZgemS68g3X2NNuzKHhLmCP9zRdoxP2w1nrV6Bor8/av gxL5Ss8oV2Iy5lEYZiazF5t/PrYndtuZv3K77iyra2jVuEAt/zAfzH8EM DJumBDXfH01vfkSLXEVcMH5pnuMyjnxP9cGHPZ1JLSvg+EN7BDXzh/hxp Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="323119974" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="323119974" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:24:17 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="989139169" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="989139169" Received: from hossain3-mobl.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.252.128.187]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:24:16 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v5 33/39] x86: Expose thread features in /proc/$PID/status Date: Thu, 19 Jan 2023 13:23:11 -0800 Message-Id: <20230119212317.8324-34-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230119212317.8324-1-rick.p.edgecombe@intel.com> References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 5E50F40017 X-Stat-Signature: fr4f966fnmrs7u1soe7bop3ba6ufue8n X-Rspam-User: X-HE-Tag: 1674163458-119854 X-HE-Meta: U2FsdGVkX194qJQ532dxaZeq8qX0NgRzXo747ndbSXjaBhCikrjgBsR4wHNdPPfr8LALlOpC/7wcv621ukx2PYfnPSP7DqOKcd3ikN7S1AIi9seAoShaScAs9IjiN+H8F5lEDjXX0LtdAdGljDJxzcnyqaxhSGjOfTx1vlnjhUywwoPCgfW81/9tIkq3JAgCFwZFc0YqH7HEF/mZ6f0qdo+wPm/VIGh0jHrvpCuXH3ZmifUODpU91Kw+jwvv505tHsrL/NR2rHRbks/K+JZ4zpOucmiVCKtNU2MW01f4gfMtbd5XzxqJ0j9MTCDjHvmmYA55obpSUljEi5AvlixWzAEt1cA31QxxmqKdBwG5juK3ceKsSSLKAa6AZE7tHReVnG4xKhiDNbYrnV22Y1wxiPELjiMpNmlo+/1sHwdo2eZTamkdnCi8uir+18LcJrRj3uB57W7QLWNUpNsCjyTdzpWhD/tXP3D65DmPS1vHundGDC3ZK7MDAnae3GAYhaVpAm4YGWRqZnVXN5WssRAlvhZmv4ksthfXBydpUPSJPv4xgkwcWrwGsSAr4F8+IrG+gr4uRJh+rEG16K48twyob+mB6lLTVfjpIjd9FfuTn4JGtedREmdKL0h+qUqNmNmJ5Ka8J4EibaiKOaFKkDqo0sEv0BQ0qikdCUkqunevp4FmtAi392lZrX2mKsEX5O3Hl1Rp2+NWOyD/IzggOw8XzQvwVlaZMzBKdjgVgd9efjHdIF/RrdRgZ1UJvz6lyymSq6KRo6P1e561lfoPJx0GWeevNbI19WNZsVqn5Jk39iIc1sJMg2vWjkMFjreQt6j07Cluh+LfocJtdLUynm35TECp600/WZbCMkZ7hLKvHV7pTyMzFKXBcvAkfUwV5FoQqln5gDe4+MnGYWpKrTrKZ6OpqPrQ/ruku29jtd9bXtWfdi/ABME/8K1JHo23nZl5uomOAgu8b4bTjpJfSS0 Y3LbQXbf RfSOL1s/cQp/MhvbhusPsnQ0ffFbGpaWOqAyPO3p1R4WyOqsZI9byuxj16lwAs2uiQcllPTr5rCs4nZtVXefAvFHvHuGVE8YJL5xn/qBZcH7C0EG8wGXVqmPOu8Rbjf5cj9O4IDE6M+DBzvwkdq7zAYDCkVGlMYYpBfNX9CqmHUb8vWelyiJDNyaAwxLMH+fPwpAY7XQ4ilQ0TM+97DtsHfAbi1/jKYmrQf17S0c8AgHpHQPyMzEDYfa5fv2rXLCXNoQa6X38NTmN2ZQuYxlpPVExPEoLoPIlXtmGiW/7xX61mrrq2tnI+pvmVM2ZErGew5wW/LySugOQDfQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. Reviewed-by: Kees Cook Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Kirill A. Shutemov [Switched to CET, added to commit log] Signed-off-by: Rick Edgecombe --- v4: - Remove "CET" references v3: - Move to /proc/pid/status (Kees) v2: - New patch arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0d96bd..31c0e68f6227 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index 49283b8103c7..7ac43ecda1c2 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -428,6 +428,11 @@ static inline void task_thp_status(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "THP_enabled:\t%d\n", thp_enabled); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -451,6 +456,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 0260f5ea98fe..80ff8e533cbd 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)