From patchwork Sun Jul 16 21:50:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Brown X-Patchwork-Id: 13314934 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37C85EB64DD for ; Sun, 16 Jul 2023 21:53:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EBFF6B0075; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 874EB8D0001; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6C7E46B007B; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5B3716B0075 for ; Sun, 16 Jul 2023 17:53:05 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 2C9254029F for ; Sun, 16 Jul 2023 21:53:05 +0000 (UTC) X-FDA: 81018825930.01.88D2D35 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 4C97F4000C for ; Sun, 16 Jul 2023 21:53:03 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1689544383; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HSFo0jEjyBBHqgVk0QUU/F5q47VAzZNq81Kar4v0zXk=; b=LfEJRxIvgirSRdS15FktpEjzQUrG9HEiNF99a/mae2oOmgenv3nB88Gegwn93VYA/6ErXg qTU9xQ/iejnmDsne4XvXUesA2U4tVwmUKb2lBS4H9SuRS6MnDDSWfgeHzmB2iV1GRbnUVd FzpGttNvaoeaNcdGqxtmSXppA0cDsHg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1689544383; a=rsa-sha256; cv=none; b=itPzXRKAompdCImEzFNu2BIg1yaETcfp5TfrMgRLt4mLIjzlW7+5foQN34hhtiqi14C5Wf ahkOkcAd40ubecS+629jbUnR4eJ6B7QdvLcJG72rvXRwQfbD/QNGybkBa8exi3X4l7tZCi /E5CiYWaENBAMfFXw4648azW3GnH2GI= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UgtraBJI; spf=pass (imf01.hostedemail.com: domain of broonie@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=none) header.from=kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 73E2260ED2; Sun, 16 Jul 2023 21:53:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 852F6C433C7; Sun, 16 Jul 2023 21:52:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1689544382; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=UgtraBJIty53nrQbpln20X+ZgVVvVELrRtvAd3QMCrhZZLG55JU40/WRKPzyulIdC rdaTs7g0cGf13IEO6plkV5jWgs4u4tUGQRUFb5f/AeXP5SfGfRw0tYRLfzzgSw4dtG KtwongQnS58FCtWJ0962kRMsMbeN2Qn9fsmL5Kkkot6uH6w79KuboVGwU8n+84WVcY eRR3pYAnAajGivQocVIeEN0cuXoC0qluSb/xC6LqxKAIDzD6bRG2MLIR9U8J/EKH0D IJSZ/fzQSra/qECPc29Ob+7i1aufZgNDfzPrEFxMKKU8nRrIHTidvx8ycUaL8qHEWP IpAj+kjOE1FBQ== From: Mark Brown Date: Sun, 16 Jul 2023 22:50:58 +0100 Subject: [PATCH 02/35] prctl: Add flag for shadow stack writeability and push/pop MIME-Version: 1.0 Message-Id: <20230716-arm64-gcs-v1-2-bf567f93bba6@kernel.org> References: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> In-Reply-To: <20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org> To: Catalin Marinas , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , Szabolcs Nagy Cc: "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Mark Brown X-Mailer: b4 0.13-dev-099c9 X-Developer-Signature: v=1; a=openpgp-sha256; l=1295; i=broonie@kernel.org; h=from:subject:message-id; bh=rwg+AaLrST64GPi/dleRneXGKtoIqRfwuUuxqMEvRY8=; b=owEBbQGS/pANAwAKASTWi3JdVIfQAcsmYgBktGaQrba4c87fXI/DIs9b8uMvYL0mZkMhwI/2a8dl /uECOa+JATMEAAEKAB0WIQSt5miqZ1cYtZ/in+ok1otyXVSH0AUCZLRmkAAKCRAk1otyXVSH0Mz2B/ 0Qse7s2seNh0TDAnfYabaiAlsKHmw1NQH/pAIsYkJNq1lwhtVLDvni0GlFFI5Iy4xaXcvNqYLflNIN JB8WxsYfarT9t79wGVEVsXLhN+//YY1W7vIKO7J4qV6OS2zy6xDzLqKUegxjSm1ZzWrLAUmxVvhRTn rdAoifqTz2kttVaBZVk3b2vjudnWDDO1+MV/WXlfbytVw59XLti4le9LkQpNUou/8h3n87mJ3aderr ghHhsnAWYpe/P3JeZi2bHfg9prLFsn0sN6umDfODDRdURGFtk7VPJR/4qEHIpbPDzgcun6Q0ENfn3D fgvdczW1gaU0aCK0NKAnMefJZ1CwOA X-Developer-Key: i=broonie@kernel.org; a=openpgp; fpr=3F2568AAC26998F9E813A1C5C3F436CA30F5D8EB X-Stat-Signature: 4efrwggn9x8nksktdaou5p54wwqfum5s X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 4C97F4000C X-Rspam-User: X-HE-Tag: 1689544383-740411 X-HE-Meta: U2FsdGVkX1/Z3C+Xsnt+6BLCNkXjDcaOzMlfdICM+GcMUQjTvLhTRm+fpzXviZm0FBFQg9KV0ZhRv3RVL2DKYwiqKH1iZ74t/HNxnvTNygIi7PTqHuIn6Tmaba246tVlQrTSM8bpjyeB2GtnG9QnjVLbwHKis97G/ohBZZTXNrQQP6778SV7kpOmaa85RIdT0816j0GUD2wSsxE5iFSQAlI8eivJr1Dgf0O5Y3x7XTM73J8jidaftHeXEYz8sw/vJQZQuYOtaKTskCe7hUoUos5atfcOrV0ugT9tr4nixyWWkeYaI0PacSrhc40fICVH3lr02QicrY/6vySIKe0C8zwDnsU8M1DwvVGEW3w6LZR36vUdOI4uo78d3vmajnaniokwZ2W6ga09tvlt865Ja9huNiAXflLXyvissiHXuuXYiq1PbF2PI70ZG8AGn4QtNES2sKgPgxii6wdUb60joLXz34Bvo7nwybFkJC95ncQntYzYDmyiM1Gf55YYzy7MxAGuwM17KLUmEr/yDrqzU/+Ssn8wY0Wuj8eiHkWk0/F+zx3BAVu8mxcCmsF+QxC0f9RTL4uGJP3LAA75psibv5O21F1AIABYSObq52jk6Vg2pzeSRX1qKESfpIWnGibS9faJ2PZubjdyqMZSm3qqyJul7/Ebtn522z7DbiklnirBC0zObPdQIq9birbBWTytabEdMfhiYEV4L18SqKpZK8GXqFb56zS9vS9pLV9xEzUr2ejCuptV6mcVREAQHyv/ve2KHlDFSvAhAuUaqsRgdscb6wOvGor+pzgRHCN4Ft4yMlxRJM7UGO7EpcfjK6eKmAJdn2knuppmq+5JRMn0pwEd4yCIo5VVTep5iH5TjnlInh2hBHaGSI9U1v4XFposCGzRheJrLju5aNq5D6hTE+rbIaWFSjZsjauA1V+awgjRTRzsdfA95tre8Lte2QjhCyWZQHMejelAHesJaT8 ecxJrj0D 0HSqrNLDeasgcMs9ASpyrgl4wUknO+TwW0xQsZU8YocylqIyridk+p5PGRm1PHHGsP3wlXg7bFnmqkqSwmaYwyfvzBsu+kAkF1h4uoYS8Esv5OUybjur9/LjIfuo1Oajxi8y4pNZuwtFyF3JmNXci08QOhwGfI+Rii521SamXazqyi/eZPa3koQmYHvvlybVkPu41tueFvkbnPPCG3sB3O96WsIGgP0YpV2cSiveDXbGOXlSVlkLCIoBMhIq8noOsFB8ouoYcMCwuZMZi4JIWSqL23IsrVq7AmrGhTtCZgetJuKezhQPPvr1Rl5/tUgBDzCo6fnSs2gQlhGt/07HnASKdQbM1MQBL4zFJ+t05hqTUEPNvhtu+Ox9VihiYA26lV7hIIl+B7KOZFJUG3dtp5lN/CtABuFMpkZkYLOA7875TP6Q= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On arm64 and x86 the kernel can control if there is write access to the shadow stack via specific instructions defined for the purpose, useful for things like userspace threading at the expense of some security. Add a flag to allow this to be selected when changing the shadow stack status. On arm64 the kernel can separately control if userspace is able to pop and push values directly onto the shadow stack via GCS push and pop instructions, supporting many scenarios where userspace needs to write to the stack with less security exposure than full write access. Add a flag to allow this to be selected when changing the shadow stack status. Signed-off-by: Mark Brown --- include/uapi/linux/prctl.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 9fdc77fa2bfe..e88d2ddcdb2d 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -321,5 +321,7 @@ struct prctl_mm_map { #define PR_SET_SHADOW_STACK_STATUS 72 # define PR_SHADOW_STACK_LOCK (1UL << 0) # define PR_SHADOW_STACK_ENABLE (1UL << 1) +# define PR_SHADOW_STACK_WRITE (1UL << 2) +# define PR_SHADOW_STACK_PUSH (1UL << 3) #endif /* _LINUX_PRCTL_H */