From patchwork Mon Feb 27 22:29:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rick Edgecombe X-Patchwork-Id: 13154266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6555FC64ED6 for ; Mon, 27 Feb 2023 22:32:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 365406B00A7; Mon, 27 Feb 2023 17:32:01 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2F1056B00A8; Mon, 27 Feb 2023 17:32:01 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F2DD6B00A9; Mon, 27 Feb 2023 17:32:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id DA2826B00A7 for ; Mon, 27 Feb 2023 17:32:00 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 95479C0A36 for ; Mon, 27 Feb 2023 22:32:00 +0000 (UTC) X-FDA: 80514520800.07.F97B69A Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by imf07.hostedemail.com (Postfix) with ESMTP id 9EA5B40003 for ; Mon, 27 Feb 2023 22:31:58 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=mab6eRah; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf07.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677537118; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=v91OPFL+NXA/Nu8SB0fkXd3GzEnDmi+70tOEkSeZJRU=; b=1u2q/lsfFyN4AndAlONbULa91+W7ThwXRnhgdRM91Kmu7ZzNVvsOs2Jma1GaM4YmouZ0Tu jF1LLjiH5BeoQd1amMGZ3FvMoCICkmnHmMxmCMZhZu1j3rPDrXAFxHK74rHXK2gVbCDb3Z aDjW+GC70xQEMlsRvYpxrE4OqKqIO0E= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=mab6eRah; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf07.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677537118; a=rsa-sha256; cv=none; b=vdzkqQ5C/y0tOp/VHk5j1IClZKa533nIJN9W6/8eKeH5tbSGXM8r0i74XwG3zv23m/BVk1 K7/cA+JDAIsRHC9MDZ2jJFmGtEeYnUQQJ/Hq7L6oU6JE+C6hfSylrU9teyqCJih2f5NTLm R+ytUH8N/cJ28rqSIIxJm3IpDXLETJg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1677537118; x=1709073118; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=IJ4r2WgIxo+o2NsnoMfw1hw6rWv+qYgJeXRvN9Qbwh8=; b=mab6eRahoTy3ACGnaJJdRQRtxXWiuuR9Fo7Z3OMo1eESaIoYkQogf8tP 883O8Yv2HIcBeTNWeMKR7m9fbwEsDqsLg8LoSTKzf3Akm5zxRG6SkCH7d y73CNVxVW2SGQDoqUTm5L/JIJjI37g5rJGGtzIVKh8oaKTZB9B600olbQ +ojl6q5Gst0dynHZlz7kMb7UCsWsatpTo+49/Th6Gjvw/N8TQMS4QRkWO pugLLeaYsJSE41U1LspBoolJJeFtJalLDhJ4lXtG3JMuXw2moq6SIFgXf WIiuCgQi5xogK/tAtPS2VOByJF3PbyiYJggwgjWy4YFcFZovtn3o4k2P8 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10634"; a="313657863" X-IronPort-AV: E=Sophos;i="5.98,220,1673942400"; d="scan'208";a="313657863" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Feb 2023 14:31:34 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10634"; a="848024780" X-IronPort-AV: E=Sophos;i="5.98,220,1673942400"; d="scan'208";a="848024780" Received: from leonqu-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.209.72.19]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Feb 2023 14:31:33 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com Cc: rick.p.edgecombe@intel.com Subject: [PATCH v7 35/41] x86: Expose thread features in /proc/$PID/status Date: Mon, 27 Feb 2023 14:29:51 -0800 Message-Id: <20230227222957.24501-36-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230227222957.24501-1-rick.p.edgecombe@intel.com> References: <20230227222957.24501-1-rick.p.edgecombe@intel.com> X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 9EA5B40003 X-Stat-Signature: ww13k5xinutg6c7qzygunarkshcizp1r X-HE-Tag: 1677537118-720243 X-HE-Meta: U2FsdGVkX1/h7yCfTI2CcuwfaUn08VvA9Lyu5bXF6C+zERDYoeULcdibCxCVbeiKchl+fLVJ3wT2Xp6bMw9YwiBzwsZGetfZPlrZjFmHMG2m5i7+lbAD4F25Pivbze3U71xYe5uLqBsn/e+UCKXivtJP7p9TrMKxg6QRqy5YhpRJCkSkvr0cIDMbuP0PwcZSEHdD2dCp9EQVCMg6Q4UFixBHkCqDugEh6tvpp5QNni4zA678o4i7e2ZBd/iytI7cbRRGC3SAe44iEAVJoDPspEEhpMnU8b9WSJxQgRmyMmPFcOOQTE4u04tl2ywQ0lg9a6MzfPQyHmffaQy7Qwn2JCPhBLB79OWwdasVtbHGy+G6HB/AIbFdaKpfhgFjEAawGkCXtLWkDuR1U+LpZMXuGy1VL2N5+D4K+mz/Mh5ywkrZYOcJzFIl8J66yHA3K6lL2lcbSw2KCk8udP8jWgYffyP1KPsP55vgXFIn+EdkoZAJby6AxGdci92dLNqdEEePz97KHVLpC54J1ko/cJx+3J1aZpktqB04bcg3In2sJ3jpThYN2v/jVmD77ccT4Mcy4CP+2iHO6naNrGIgej3piVA3B0zUgWIIalIBgARIwTv+/+SpQfi43YGwIh3I1iDXC+h1oyaVu63Gdiese8Vg/OJ7DqeiOI5R/6ZWoeZtpHoA4LpXrJi1aZvAnUg+klJ+Z66goKOR9HstnJ2k7LMymHcW/EXs1jUgdH4a4f2OoUFGYaQlYQaN56l6p41wQeGXedfxR1RoFJEfu5cPyQ9dQQH2KUEx3jX5zpkAklfjsD05PcEfPszKmYkn9ZB7xQxpOp/Texswp0tNlcFhCMVaJMbCkkkW/GA7AM/9q/92t3cRjP1cdVYvVR2l9RVqWNx0EasVb51VrKw2uJtpKuh4SYTmP47WzVuxLZ5x5uxq7r/J2I8TihA8SI15fTjQ1qUCf1Mof/D2G0ULZGBB9Xg z+9BaUH4 YZlu6BL9vj3h+lz3ReUraFZzjnZ5Sl+kPHYHcT3/5Tw6adS8uj4blb+wZQpIrwNbTm85Myk/SU7apabZUdR0bSEaFpJIMfN2ii5oZRNr7nlVduKUwi3RgT1EkbGKUce6gADJTQAiIxehQMJdKZVk8tnjvtnO/2yvKaTzMYU7AizBhVYRVLwwjl0QWHeZkgkAu57L4W0T2kI/dWGxH4uiyjizuRPVHl3VBA1vd+7LEjdGJuPjcC7wIw68FkHvREKefGBMFhGjM87tR9NDISXPvg/smmXCt7CGqUYrA3CaX29+SoTUlFjiVU5IyJz/vkW+XvCwyDc5o/SFlpWS16iF5xFG3DjYEj7lZDWeoKyGSVCZ8XJkENah9ZT0z4srCk9KLkpQ99Dp8WNCU7ks= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Applications and loaders can have logic to decide whether to enable shadow stack. They usually don't report whether shadow stack has been enabled or not, so there is no way to verify whether an application actually is protected by shadow stack. Add two lines in /proc/$PID/status to report enabled and locked features. Since, this involves referring to arch specific defines in asm/prctl.h, implement an arch breakout to emit the feature lines. Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Acked-by: Mike Rapoport (IBM) Reviewed-by: Kees Cook Signed-off-by: Kirill A. Shutemov [Switched to CET, added to commit log] Signed-off-by: Rick Edgecombe --- v4: - Remove "CET" references v3: - Move to /proc/pid/status (Kees) v2: - New patch --- arch/x86/kernel/cpu/proc.c | 23 +++++++++++++++++++++++ fs/proc/array.c | 6 ++++++ include/linux/proc_fs.h | 2 ++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c index 099b6f0d96bd..31c0e68f6227 100644 --- a/arch/x86/kernel/cpu/proc.c +++ b/arch/x86/kernel/cpu/proc.c @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "cpu.h" @@ -175,3 +177,24 @@ const struct seq_operations cpuinfo_op = { .stop = c_stop, .show = show_cpuinfo, }; + +#ifdef CONFIG_X86_USER_SHADOW_STACK +static void dump_x86_features(struct seq_file *m, unsigned long features) +{ + if (features & ARCH_SHSTK_SHSTK) + seq_puts(m, "shstk "); + if (features & ARCH_SHSTK_WRSS) + seq_puts(m, "wrss "); +} + +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task) +{ + seq_puts(m, "x86_Thread_features:\t"); + dump_x86_features(m, task->thread.features); + seq_putc(m, '\n'); + + seq_puts(m, "x86_Thread_features_locked:\t"); + dump_x86_features(m, task->thread.features_locked); + seq_putc(m, '\n'); +} +#endif /* CONFIG_X86_USER_SHADOW_STACK */ diff --git a/fs/proc/array.c b/fs/proc/array.c index 49283b8103c7..7ac43ecda1c2 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -428,6 +428,11 @@ static inline void task_thp_status(struct seq_file *m, struct mm_struct *mm) seq_printf(m, "THP_enabled:\t%d\n", thp_enabled); } +__weak void arch_proc_pid_thread_features(struct seq_file *m, + struct task_struct *task) +{ +} + int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -451,6 +456,7 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); + arch_proc_pid_thread_features(m, task); return 0; } diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 0260f5ea98fe..80ff8e533cbd 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -158,6 +158,8 @@ int proc_pid_arch_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); #endif /* CONFIG_PROC_PID_ARCH_STATUS */ +void arch_proc_pid_thread_features(struct seq_file *m, struct task_struct *task); + #else /* CONFIG_PROC_FS */ static inline void proc_root_init(void)