From patchwork Thu Sep 12 23:16:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Deepak Gupta X-Patchwork-Id: 13802864 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5FAEFEEE270 for ; Thu, 12 Sep 2024 23:18:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=pMDPB/kyfMRW+RzkZogPdgtXBhCzxSzFcnTc6RK6Si8=; b=zZD4PJl/kRv08l UMvB2Hb4LXbZ/end38bpSpyug/b9UOtDoHNjN1RtLfVZNDn/6pQvRFugpxkh6KkvDt9JTDHzVeQEC SgD2svr3uASeZ76HpIWU0QeEWA1+9uScxv79pM3X+jybXb4T8h9e+VvHf1s5NpNPcCYD/fFOukg9x 0pkJNXzjElassElL+V+gwKRrFibaM3mODNNjz4bEMo+EcejLFszUt7St9OIEUDPY5COxReLjArQ/E eTYy0ofe1sae1B+NU7EDKfo1oucu4pdVRZYmc6wjlyXi7WkEcOXgvaZOznQQpP18yXdSLRUbEyZV5 f0S5V8imTrl8RYWe4zoQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1sot59-0000000ES48-1D41; Thu, 12 Sep 2024 23:18:35 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1sot54-0000000ERzr-3WVx for linux-riscv@bombadil.infradead.org; Thu, 12 Sep 2024 23:18:31 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=Tr63COK+U+RGXsHvnwpQo9tUUF56AGnmex8wAUb47lI=; b=hUa5YUcA0X+gpyIyuV9SELCIAx CwdDYwhYYw1aB2bLj0ODQ3nLt5s8c51sKvYJDF5EhFTDof9vZY3LGH/obuy5I0JlSstCRcoigPYbc F3B+9IgtE91DMbsLyKpS7MSwQ19H5yWpVQN9ucYpgKZSJQp7kTkYmVloXYjfExifCZjAHcwVCDf5k e42zYYIE6iyJ3gtsbwfr7f79eBPuq1sjcFF8l6qTm6wPOaZITonPMguAW8Db8zvawNvwORA4wAzbD HXqbWP/TDsWjZPcK/jP4BKvM9qTkEBjp8iFVgOXwcrWu/rd5hEcHnxltMX2P2BhJSpG2x+DtroDo7 kK6VOwgA==; Received: from mail-pg1-x535.google.com ([2607:f8b0:4864:20::535]) by casper.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sot51-0000000CN4C-0zeQ for linux-riscv@lists.infradead.org; Thu, 12 Sep 2024 23:18:29 +0000 Received: by mail-pg1-x535.google.com with SMTP id 41be03b00d2f7-7c1324be8easo1892131a12.1 for ; Thu, 12 Sep 2024 16:18:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1726183105; x=1726787905; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Tr63COK+U+RGXsHvnwpQo9tUUF56AGnmex8wAUb47lI=; b=qdjfTQMrb2HpSFvjPQRIb3GrZNKHgczjVPmzZaI54IjcAP/MQfZcVFAZjbDToD/MbI jHSOIqdg8FR1Ay4CkAjsCiswzoNFFl6Fqlo0RW1uOo0YB8d00O5LEMB4FVTX5YWh7tjy kqhgMVRiL8vs2cEjkugMW73DZbTkLaj2Pci+nY5x42VFXZ0Obo6fVsfXI1gRveVOa/Bg x+Su+1VqlzfjeKRs4r/9J+qwpUjdq3CwWveaCDQlDBzc9mjix2obdO6+skrHdK2Z9u9I kn53/a77HFIK9eESfYNRwr5ZhmHyhrinjaiYLSmp6iQ/D4J/oRsJFf1Q+8kIZbCbAkT4 onUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726183105; x=1726787905; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Tr63COK+U+RGXsHvnwpQo9tUUF56AGnmex8wAUb47lI=; b=NLOD0l78SeMCSCDW4X+9466mzGnb4RtKvIsAvmB3QjJGJJd39qBVIZ6nizPEnZNlN2 Jcw7LDXjWRkFrs1zsbTqA5TxOnPtWPpMSj5yxgQ93i+5TGDZ7UibIUVier4aT5Y//DCI XOyyeoZYplxx1yBUA4Z56Apjh0dMqKZl5MdZMEwt5eFS8By/UbAp8tqDZ2J4kYmi9axx fFPBk4WFUIULhP4vDiuWvlxKTFrVPxH4PoSexKzpZFnT62KtykmogsuVEDK1yaYJANCP pt0fKQU+PGc8bKTlWhXVWFrIQ36f71+bKsshCmrOdpExL3JTo2ETkzq0T/AofFmolbBb hjEw== X-Forwarded-Encrypted: i=1; AJvYcCWyl/CzOe5XlFmFZ5qqiEshy9Fa72Ps0C/m9CvyfVdlx6Lx+MZfy+F1K4WUF1WN7zl76A6IuEryapm4/g==@lists.infradead.org X-Gm-Message-State: AOJu0YwZrRjqvNpVbwXxstPc0XSqUcUGwsXB2iY0ns0ly1thQ4pVkwK+ E3patDWDPMGHvPTHHTweUCu+g4AyLxOVjwDEgySMPG6H9MGTV9TMh5wjsIPw2/s= X-Google-Smtp-Source: AGHT+IEDlbanVmMoBHXIDtdzRNuiWJ0Gl4K78KpM2NYaBdsrPCDFJdZTucI/ImbEr5mpj8z5f/pv1g== X-Received: by 2002:a17:90a:62ca:b0:2d8:9fbe:6727 with SMTP id 98e67ed59e1d1-2db9fc1adabmr6645974a91.4.1726183104748; Thu, 12 Sep 2024 16:18:24 -0700 (PDT) Received: from debug.ba.rivosinc.com ([64.71.180.162]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2db6c1ac69asm3157591a91.0.2024.09.12.16.18.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Sep 2024 16:18:24 -0700 (PDT) From: Deepak Gupta To: paul.walmsley@sifive.com, palmer@sifive.com, conor@kernel.org, linux-doc@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, devicetree@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH v4 18/30] prctl: arch-agnostic prctl for indirect branch tracking Date: Thu, 12 Sep 2024 16:16:37 -0700 Message-ID: <20240912231650.3740732-19-debug@rivosinc.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240912231650.3740732-1-debug@rivosinc.com> References: <20240912231650.3740732-1-debug@rivosinc.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240913_001827_365555_F55FC9DD X-CRM114-Status: GOOD ( 12.81 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: quic_zhonhan@quicinc.com, zong.li@sifive.com, zev@bewilderbeest.net, david@redhat.com, peterz@infradead.org, catalin.marinas@arm.com, broonie@kernel.org, dave.hansen@linux.intel.com, atishp@rivosinc.com, bjorn@rivosinc.com, namcaov@gmail.com, usama.anjum@collabora.com, guoren@kernel.org, alx@kernel.org, jszhang@kernel.org, hpa@zytor.com, puranjay@kernel.org, shuah@kernel.org, sorear@fastmail.com, costa.shul@redhat.com, robh@kernel.org, antonb@tenstorrent.com, quic_bjorande@quicinc.com, lorenzo.stoakes@oracle.com, corbet@lwn.net, dawei.li@shingroup.cn, anup@brainfault.org, deller@gmx.de, x86@kernel.org, andrii@kernel.org, willy@infradead.org, kees@kernel.org, mingo@redhat.com, libang.li@antgroup.com, samitolvanen@google.com, greentime.hu@sifive.com, osalvador@suse.de, ajones@ventanamicro.com, revest@chromium.org, ancientmodern4@gmail.com, aou@eecs.berkeley.edu, jerry.shih@sifive.com, alexghiti@rivosinc.com, arnd@arndb.de, yang.lee@linux.alibaba.com, charlie@rivosinc.com, bgray@linux.ibm.com, Liam.Howlett@oracle.com, leobras@redhat.com, songshuaishuai@tinylab.org, xiao.w.wang@intel.com, bp@alien8.de, cuiyunhui@bytedance.com, mchitale@ventanamicro.com, cleger@rivosinc.com, tglx@linutronix.de, krzk+dt@kernel.org, vbabka@suse.cz, debug@rivosinc.com, brauner@kernel.org, bhe@redhat.com, ke.zhao@shingroup.cn, oleg@redhat.com, samuel.holland@sifive.com, ben.dooks@codethink.co.uk, evan@rivosinc.com, palmer@dabbelt.com, ebiederm@xmission.com, andy.chiu@sifive.com, schwab@suse.de, akpm@linux-foundation.org, sameo@rivosinc.com, tanzhasanwork@gmail.com, rppt@kernel.org, ryan.roberts@arm.com Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org Three architectures (x86, aarch64, riscv) have support for indirect branch tracking feature in a very similar fashion. On a very high level, indirect branch tracking is a CPU feature where CPU tracks branches which uses memory operand to perform control transfer in program. As part of this tracking on indirect branches, CPU goes in a state where it expects a landing pad instr on target and if not found then CPU raises some fault (architecture dependent) x86 landing pad instr - `ENDBRANCH` aarch64 landing pad instr - `BTI` riscv landing instr - `lpad` Given that three major arches have support for indirect branch tracking, This patch makes `prctl` for indirect branch tracking arch agnostic. To allow userspace to enable this feature for itself, following prtcls are defined: - PR_GET_INDIR_BR_LP_STATUS: Gets current configured status for indirect branch tracking. - PR_SET_INDIR_BR_LP_STATUS: Sets a configuration for indirect branch tracking. Following status options are allowed - PR_INDIR_BR_LP_ENABLE: Enables indirect branch tracking on user thread. - PR_INDIR_BR_LP_DISABLE; Disables indirect branch tracking on user thread. - PR_LOCK_INDIR_BR_LP_STATUS: Locks configured status for indirect branch tracking for user thread. Signed-off-by: Deepak Gupta --- include/linux/cpu.h | 4 ++++ include/uapi/linux/prctl.h | 27 +++++++++++++++++++++++++++ kernel/sys.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) diff --git a/include/linux/cpu.h b/include/linux/cpu.h index bdcec1732445..eff56aae05d7 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -203,4 +203,8 @@ static inline bool cpu_mitigations_auto_nosmt(void) } #endif +int arch_get_indir_br_lp_status(struct task_struct *t, unsigned long __user *status); +int arch_set_indir_br_lp_status(struct task_struct *t, unsigned long status); +int arch_lock_indir_br_lp_status(struct task_struct *t, unsigned long status); + #endif /* _LINUX_CPU_H_ */ diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index b8d7b6361754..41ffb53490a4 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -349,4 +349,31 @@ struct prctl_mm_map { */ #define PR_LOCK_SHADOW_STACK_STATUS 76 +/* + * Get the current indirect branch tracking configuration for the current + * thread, this will be the value configured via PR_SET_INDIR_BR_LP_STATUS. + */ +#define PR_GET_INDIR_BR_LP_STATUS 77 + +/* + * Set the indirect branch tracking configuration. PR_INDIR_BR_LP_ENABLE will + * enable cpu feature for user thread, to track all indirect branches and ensure + * they land on arch defined landing pad instruction. + * x86 - If enabled, an indirect branch must land on `ENDBRANCH` instruction. + * arch64 - If enabled, an indirect branch must land on `BTI` instruction. + * riscv - If enabled, an indirect branch must land on `lpad` instruction. + * PR_INDIR_BR_LP_DISABLE will disable feature for user thread and indirect + * branches will no more be tracked by cpu to land on arch defined landing pad + * instruction. + */ +#define PR_SET_INDIR_BR_LP_STATUS 78 +# define PR_INDIR_BR_LP_ENABLE (1UL << 0) + +/* + * Prevent further changes to the specified indirect branch tracking + * configuration. All bits may be locked via this call, including + * undefined bits. + */ +#define PR_LOCK_INDIR_BR_LP_STATUS 79 + #endif /* _LINUX_PRCTL_H */ diff --git a/kernel/sys.c b/kernel/sys.c index 7e0c10e867cf..5f88d358066d 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -2339,6 +2339,21 @@ int __weak arch_lock_shadow_stack_status(struct task_struct *t, unsigned long st return -EINVAL; } +int __weak arch_get_indir_br_lp_status(struct task_struct *t, unsigned long __user *status) +{ + return -EINVAL; +} + +int __weak arch_set_indir_br_lp_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + +int __weak arch_lock_indir_br_lp_status(struct task_struct *t, unsigned long status) +{ + return -EINVAL; +} + #define PR_IO_FLUSHER (PF_MEMALLOC_NOIO | PF_LOCAL_THROTTLE) #ifdef CONFIG_ANON_VMA_NAME @@ -2812,6 +2827,21 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, return -EINVAL; error = arch_lock_shadow_stack_status(me, arg2); break; + case PR_GET_INDIR_BR_LP_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_get_indir_br_lp_status(me, (unsigned long __user *) arg2); + break; + case PR_SET_INDIR_BR_LP_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_set_indir_br_lp_status(me, arg2); + break; + case PR_LOCK_INDIR_BR_LP_STATUS: + if (arg3 || arg4 || arg5) + return -EINVAL; + error = arch_lock_indir_br_lp_status(me, arg2); + break; default: error = -EINVAL; break;