From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C6BBC004D4 for ; Fri, 20 Jan 2023 01:05:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 19CEA6B007B; Thu, 19 Jan 2023 20:05:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 14D5A6B007D; Thu, 19 Jan 2023 20:05:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F303B6B007E; Thu, 19 Jan 2023 20:05:08 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id E24376B007B for ; Thu, 19 Jan 2023 20:05:08 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A628F1A091E for ; Fri, 20 Jan 2023 01:05:08 +0000 (UTC) X-FDA: 80373383496.22.78E6D26 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by imf17.hostedemail.com (Postfix) with ESMTP id 7B89E40008 for ; Fri, 20 Jan 2023 01:05:06 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GoRuHyDu; spf=pass (imf17.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674176706; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=i74/kf5lW4kHShv6Z0Gp0/LN6JGTfz3NMfEeR3zBQxE=; b=DWcnnNuKMJzyI4bQLj9O63VlvxyyZBDTDbNDo/Emp7E8gwCse6A6q0WDUTtnqOIa1mnfNl 8UphAqRNp2caV5YFFs6xzHx+MjJFkeBFAZ5kPa+Er+sAWbVZMnINmYpaS+XAKppsK5mTqb g08ZRDqLrwPiKBMcYExymgdY9WOtUGI= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=GoRuHyDu; spf=pass (imf17.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674176706; a=rsa-sha256; cv=none; b=xHjuKvxY5Fvrp1aY5LVPXEy+/CyrFcIVrXTzXfEZATbbNJnHmSgsvF7k+n/Tvzo12fT+lo NM0IMF7IfKzdgf05Zx1hfgJHpidLot+jyX5yKJ6tTi3LDtAVbjymueeeCnNZwikn56cbmi HWWYoWThwBUt6ZPWjIxLO4djJjpJoGQ= Received: by mail-pf1-f179.google.com with SMTP id s3so2850960pfd.12 for ; Thu, 19 Jan 2023 17:05:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=i74/kf5lW4kHShv6Z0Gp0/LN6JGTfz3NMfEeR3zBQxE=; b=GoRuHyDu314b5alYHUqIeA4iwWnqKmRTPgguZQu8m2BT54UuOxDL2kD8d4kJgWM1ZZ qR3Y/TV93KcQuVawLIeJk45pD9kgXh3Y53HiV5J2dnsTHM5SquPA0uJmVsLTHdPprrB1 MEB1h7QwFkRO7g3dd+FRCu0LANZ3c5XVoOY6o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=i74/kf5lW4kHShv6Z0Gp0/LN6JGTfz3NMfEeR3zBQxE=; b=xANRmXymhVm2wbyJKxsHDG8Wm2F5bpHS1QS4w4E6nU5WK2mw48IIR6K57dUR/ff+RJ k7Xg2rnnLDrOoj0pT/WUxIu/2NEVfMWpfRJlJkjboTaXJV6LZLxTViKezmO4cLeJLTHX zeFwIrAhFTDSNaaWXsHhMVwebrt6FlyafAxBGbMBIzlkhGzcI2Nv/CXKikqDZon9gsU6 /hOEHcjxSw10PI863cZ6NCIsDMb7oKhvdoVG5bMHCkKeJH3gqcP2eDO9kNT5zVUHWUvI pxWZrVdE8BGOsjykDtoI48OEVkyodkbSXqzwQ7apRErM5PR4JIi9S/+nnXMOa6IOaZNK mVBQ== X-Gm-Message-State: AFqh2kqHzvI2TgAJB/v2Ik96gV5UeRTSj7dA7S7mcQoOa388+Ki1xkyL MUvtTojSpzNfczCwAhpGQ1f9mA== X-Google-Smtp-Source: AMrXdXtMzGgnTJkwmf6Dly8CjbEie3lwTxkUFFJtUk22J72Xgx8sc8ANi2hfM+4eU7Ti83oRSH8YRw== X-Received: by 2002:aa7:8718:0:b0:576:14a4:b76a with SMTP id b24-20020aa78718000000b0057614a4b76amr11737546pfo.34.1674176705426; Thu, 19 Jan 2023 17:05:05 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b18-20020aa78ed2000000b0058bbe1240easm12025111pfr.190.2023.01.19.17.05.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Jan 2023 17:05:04 -0800 (PST) Date: Thu, 19 Jan 2023 17:05:04 -0800 From: Kees Cook To: Rick Edgecombe Cc: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, Yu-cheng Yu Subject: Re: [PATCH v5 27/39] x86/shstk: Add user-mode shadow stack support Message-ID: <202301191705.E64F62342D@keescook> References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> <20230119212317.8324-28-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230119212317.8324-28-rick.p.edgecombe@intel.com> X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: gehu1wqc5hjcj9uqmy6ndiiwyd5g9tx6 X-Rspamd-Queue-Id: 7B89E40008 X-HE-Tag: 1674176706-755893 X-HE-Meta: U2FsdGVkX19MRl+mgHjfd0aqMv+WMECzIHjfEpQr5w7E7769XpxZ3v9pC/32i+1Qo2PhQH3ifxrxb8iAUYq7jw91EAqP3Uc8ng5JEtG30KzWyusL9TKoCFb3WnoOcmn9a2ozWRIeNPcp9+Iv81JyOQXkg6t7yXYQg4iJnekkL9qZl+oacIEtlTd5bCHdG0lo0AQ6NIX2QIGt7D9sY6VfSU3Fr131IcpVmtP9Xzqff9vuzIuzNCXtM49iPuADSWcLhpfPTLyoOER20bg8PTYs2TSID5c3SPVGHPdwwTH/kaVDI2kgNfkhgKv4Q/5GOyyOJy9vTd9RIWZJhZKZ4iB3cteqmeJaPkRwDWbDug381lz2ZjjviO/83DNdPiPPJXrjrLM1u9L79ppAES6IU8295l3FZ4tj1B3bunX6BrynyIsnIshkmFNPBDULxoq4QgJiduq1nx8jzn4VR5VfiAPKT21rrccFWsI3uu4S6CGcwVokPB292IsbNgRHaCrF6bg9kD3wDc6ILepAnNtzC5u2wgOiWdC3LrsZ8CJPWcxpAf1DjPLMVE1IHPArctlPqBfVB27lQOt6xaDUOwZ56/FM7yeY31qr5LUHL+oDRnOKOh0Q2OWpLOE6cvVEwHFGJMFGgtEMYuUv++du97hm2rxbtwan+TnlfHEHRb2tj2dKJxoq02zER4euGcwWJNLtHF/wQmiVs6tERjt3TbMvCk+UKbZU/t6BecnQulKCaBC/ozKcxizBX88x89hzwykA1Zb9uLdEzV51UOOf1GqpPxxyOrCFpeZ+uJIYF9t+P6tROjHxI/HDlW1lkTELcvSHV4f4uy2W0+MwDziFMs5z0Gh30UHwVDbv5D5QF4BNmXjv8lF8yGr4DCdtHPSfaqWELHfOT4Vk+dYhxETqQRCMphZmJdQUAxeYGbQ7POAYqpA746ki9Bz8jRQ3wsgPkcj4hWOXJH88w2VG4xSrwxsryYw 4hm9RVDZ tWQnCbJlg+pnW2sdy9fX3H+XzWXH9VmPqa0b13JkTmCHx0ozrWffHYW5ahEOBX+/5CbTOsIG3srFdvWqw+DvOgD4KeBKZ37APFBQAQ+0zx70L/bIRYA2yb28i0f+21KJsNVNx6OPqJrhjWJBDhiEObBhy2+37miEW3vWqI0dAY2yuAFa6D0wPaXXM0Sl7RJp0u1SAvZ4fPTSfMscWW+ZujbaKFdlD+Xr0VCyXyLV9Cs+PDso4j1Vz58yH5ZT8/Nw4XOFstikVNtjVFlfE2iTKcHhvSFzb/HVWBaxv7lsp3vnMm+ZCh+R1tbYsL1pYuQEx/kdQE0lw/hGppIbxn/ouCGAhmNhZDpLc0Sho5hqn0Ea4B7VWnc+BLxR+USrQc8VQxpHlgAKTlekvsoDDwvv01gu1OiVNzHg8noETeJQfp/VCseJ5m+rWse1naUZmuHuFJ86es/mEOpZx/i3rDfVTKVV+UQCmtvu2007SZ/vjzb7++3eC+YsL8omtmAYGXc8J/NlhakLBms/RqfRERzfZEqJVOpwcLBxTEJWxZMhyEu9cXes= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jan 19, 2023 at 01:23:05PM -0800, Rick Edgecombe wrote: > From: Yu-cheng Yu > > Introduce basic shadow stack enabling/disabling/allocation routines. > A task's shadow stack is allocated from memory with VM_SHADOW_STACK flag > and has a fixed size of min(RLIMIT_STACK, 4GB). > > Keep the task's shadow stack address and size in thread_struct. This will > be copied when cloning new threads, but needs to be cleared during exec, > so add a function to do this. > > Do not support IA32 emulation or x32. > > Tested-by: Pengfei Xu > Tested-by: John Allen > Signed-off-by: Yu-cheng Yu Reviewed-by: Kees Cook -- Kees Cook