From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0506DC88CBB
	for <linux-mm@archiver.kernel.org>; Tue, 13 Jun 2023 00:12:48 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 3FCE98E000F; Mon, 12 Jun 2023 20:12:24 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3AE408E000B; Mon, 12 Jun 2023 20:12:24 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 24E3D8E000F; Mon, 12 Jun 2023 20:12:24 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 14D1F8E000B
	for <linux-mm@kvack.org>; Mon, 12 Jun 2023 20:12:24 -0400 (EDT)
Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id DEB8A80375
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 00:12:23 +0000 (UTC)
X-FDA: 80895797766.10.09440C0
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
	by imf08.hostedemail.com (Postfix) with ESMTP id A523F160014
	for <linux-mm@kvack.org>; Tue, 13 Jun 2023 00:12:21 +0000 (UTC)
Authentication-Results: imf08.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=W0BkPvsO;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=pass (imf08.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686615142; a=rsa-sha256;
	cv=none;
	b=5Wj/KiEx/ANstME2Ok5NmyQDWsp3VgwrXNH6iebizwu20LyUmHEgoa8vpM2WlexHxAUJAe
	IumPX2XqK7xDSZBciDZxGhLlk62u2QYxp7U6SE/Ob7+PSx4qYxx/JADhFi+8Pro/qTRgQY
	6HDZqbNlBhvzt1D1cS+eVTa7AfHnCAk=
ARC-Authentication-Results: i=1;
	imf08.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=W0BkPvsO;
	dmarc=pass (policy=none) header.from=intel.com;
	spf=pass (imf08.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1686615142;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=FOFVMBXtKB8/Hcfbd8g/yK53EZfWd2ezBu+ZFVQ6/dM=;
	b=2d5YzkvRCMEy06YtxzUhtut+oduhjTjr/0qH8mbB5BITg7yd21XQvGdQWZ8vQQwA2xE+3j
	MzYX21Kwc9ayCmEsFSDCvBc5UhOe+HvehLZ9Y4Jqri9w+0mbBRJ2PimoBHb0ReNh57qiEq
	220H5dSoklmrEswwl7rAv+tWY2W06bw=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1686615141; x=1718151141;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=svMWn5R9eThoiar+k0qdORAiS7Vwyk8B+BTeN3eLytc=;
  b=W0BkPvsOqGwx2vXcj0cJ/uDDL+JrLN1IbsmQX8sSsNCypPnJdTfOdFxt
   b2I7jZU2SkgeCyKImSh1+q/BXsnga6DnfTfTCdVErdojQhs3ju3tgHgg6
   /aSuaPiuDazmsurH8+K6OB4wM7aX+9Pt+adk3GVrq69V29szE7KSbYfBZ
   MY6m9+GBnBV43pe14jBzUTLiV/sCPq6ypNGEzQPdoDwkGXVzgUK8YJHfT
   gcrcEoZiyIWMMvN5Yi265Lqp6gOM1uIYrceOK6hsmwHciy03o0oCKx/P6
   EytezrTZ1mhGsRImYX462IBkApKGu5XvBLRiIFwmUBGZluzCk9z3MBSFT
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="361556985"
X-IronPort-AV: E=Sophos;i="6.00,238,1681196400"; 
   d="scan'208";a="361556985"
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2023 17:12:20 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10739"; a="835671022"
X-IronPort-AV: E=Sophos;i="6.00,238,1681196400"; 
   d="scan'208";a="835671022"
Received: from almeisch-mobl1.amr.corp.intel.com (HELO rpedgeco-desk4.amr.corp.intel.com) ([10.209.42.242])
  by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jun 2023 17:12:19 -0700
From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: x86@kernel.org,
	"H . Peter Anvin" <hpa@zytor.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	linux-kernel@vger.kernel.org,
	linux-doc@vger.kernel.org,
	linux-mm@kvack.org,
	linux-arch@vger.kernel.org,
	linux-api@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andy Lutomirski <luto@kernel.org>,
	Balbir Singh <bsingharora@gmail.com>,
	Borislav Petkov <bp@alien8.de>,
	Cyrill Gorcunov <gorcunov@gmail.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Eugene Syromiatnikov <esyr@redhat.com>,
	Florian Weimer <fweimer@redhat.com>,
	"H . J . Lu" <hjl.tools@gmail.com>,
	Jann Horn <jannh@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Nadav Amit <nadav.amit@gmail.com>,
	Oleg Nesterov <oleg@redhat.com>,
	Pavel Machek <pavel@ucw.cz>,
	Peter Zijlstra <peterz@infradead.org>,
	Randy Dunlap <rdunlap@infradead.org>,
	Weijiang Yang <weijiang.yang@intel.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	John Allen <john.allen@amd.com>,
	kcc@google.com,
	eranian@google.com,
	rppt@kernel.org,
	jamorris@linux.microsoft.com,
	dethoma@microsoft.com,
	akpm@linux-foundation.org,
	Andrew.Cooper3@citrix.com,
	christina.schimpe@intel.com,
	david@redhat.com,
	debug@rivosinc.com,
	szabolcs.nagy@arm.com,
	torvalds@linux-foundation.org,
	broonie@kernel.org
Cc: rick.p.edgecombe@intel.com,
	Yu-cheng Yu <yu-cheng.yu@intel.com>,
	Pengfei Xu <pengfei.xu@intel.com>
Subject: [PATCH v9 14/42] mm: Introduce VM_SHADOW_STACK for shadow stack memory
Date: Mon, 12 Jun 2023 17:10:40 -0700
Message-Id: <20230613001108.3040476-15-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230613001108.3040476-1-rick.p.edgecombe@intel.com>
References: <20230613001108.3040476-1-rick.p.edgecombe@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: A523F160014
X-Stat-Signature: x6cftntfjap6kgmetzib54ztfefw8x4y
X-HE-Tag: 1686615141-789899
X-HE-Meta: U2FsdGVkX19ZtyNWISnUg+Pw/01bSGPJVkFNIagX1gy9gyRZIlfAG5P9BPYDl3ArvjO+toobVEAqUsHG3fsVcKximm443fWexLNfkiD919wug+S7YvqnF3nzeazub8z4bErXKl6TJtZrCvPHf+aKbjIB6bYBbP8HNUmoSusW1XPoMSxxp3hJBy5/iBlu46MpQq0D+QilOpUGBk7Gv3lVtO89qw9FCtXC5stHZiyl9R30dFeTJuFoXvXeuaBWZ+9ab2LcynSWwDrCO/SDyiFste1PyShrEPiRf9EZ4gP8ccraqXF3U22AjyG5cAMX+yj/gWlEXLnclGErID2C3tPdaaoyiPdLIkS3F+rMKVfZIJIu9yRHzqA635r3EtDyyXaucXb2mRDCr2bDQ8OQLPb4oFCxNZmu6tHoEmZN+3iCbCBrlIPGf85H4IVlG9x2d9bk3vcl2PwV8xoMM+GUMOLSS7sCEU0PmRJapHlvd+POIznwqF0oaKZ/gB5c7JGf8EB3VOuuY634T3cukwMiwzRt3uMssQC1j5icxM+zLOk5MH/UttvPCmbQMSvFCdju7bXosaRBFw7eRIaopMDe10loqavxSJ672TGJOajfpZV7dkFkRvLCTW2b/hNRW2++TDCLIIrmpqlq2K7YV46w8qnLrEO5KfKJUP2+NcJ3X+GWln1nGlTXuHmz/L4xDxEshm/5/zHn8XpxZ7kIJohPgRbM0ASj1lKkivfx1jPoLf86J0kIx9jpv1f1EydYi6HvGzxKDPE77YA9NO3QSaPcIXxWRJG6UOBnuTv4JV3l6w0Cz2vO8pFsIfuO6gcv0OBM3o5u8dTZ2b2WNHbP1W/bWTklq9WbhNLVvN2yhUxfklnTzKr/Ytk4THd9NJP8xwY4caZNgD13cn33bNkt+Fn18DmUkZlReIfOSQtS3PY598WduRpEoXH8dpCVrzCK72/hpz11K9gJDB+Ww2ZP78kk2BD
 fHCH3zrZ
 BSmFVwDZLCDgi5N08gTaUYtpIyhh8DB+yJoEPt41yWAP7n+Z+u2DUeP1DUZ+i1LJ6Sni1yfxXFzoHuwIEVR1PdxnT1Z3VJ3bylLApNW1bcp3MZTMliGAW/C3hTQpH8/plOWynPQrVPidQtPOGpAbJFf5FkS+Fiwo9Xw9sPSPHZ0zJE1p4WB3YWHYCKbc//oLrd9NaOmq0NSHb4tJdVrWJs6bhxL+eXcaUIX7siC3/vKXRs8SbCsRJEtHTe5G2ZE50Va5Fz0ffNWhutEpJIUsfWn7m3bFrQ9u/noSdVxEEwt0w4iwWZgAV7XF8qItz7J82iWLgvDZeAgQOSfZY+6aNpnetOMyYz0rqLa0SHs1+X+c5wJhm96KF64hcbjcA9LF+S9Yi8egt7wig31eNXPJCzbh0h0tSAQo9Yle2zhJyNzrIL8k=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

From: Yu-cheng Yu <yu-cheng.yu@intel.com>

New hardware extensions implement support for shadow stack memory, such
as x86 Control-flow Enforcement Technology (CET). Add a new VM flag to
identify these areas, for example, to be used to properly indicate shadow
stack PTEs to the hardware.

Shadow stack VMA creation will be tightly controlled and limited to
anonymous memory to make the implementation simpler and since that is all
that is required. The solution will rely on pte_mkwrite() to create the
shadow stack PTEs, so it will not be required for vm_get_page_prot() to
learn how to create shadow stack memory. For this reason document that
VM_SHADOW_STACK should not be mixed with VM_SHARED.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Co-developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
---
 Documentation/filesystems/proc.rst | 1 +
 fs/proc/task_mmu.c                 | 3 +++
 include/linux/mm.h                 | 8 ++++++++
 3 files changed, 12 insertions(+)

diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst
index 7897a7dafcbc..6ccb57089a06 100644
--- a/Documentation/filesystems/proc.rst
+++ b/Documentation/filesystems/proc.rst
@@ -566,6 +566,7 @@ encoded manner. The codes are the following:
     mt    arm64 MTE allocation tags are enabled
     um    userfaultfd missing tracking
     uw    userfaultfd wr-protect tracking
+    ss    shadow stack page
     ==    =======================================
 
 Note that there is no guarantee that every flag and associated mnemonic will
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 420510f6a545..38b19a757281 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
 #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR
 		[ilog2(VM_UFFD_MINOR)]	= "ui",
 #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */
+#ifdef CONFIG_X86_USER_SHADOW_STACK
+		[ilog2(VM_SHADOW_STACK)] = "ss",
+#endif
 	};
 	size_t i;
 
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 6f52c1e7c640..fb17cbd531ac 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -319,11 +319,13 @@ extern unsigned int kobjsize(const void *objp);
 #define VM_HIGH_ARCH_BIT_2	34	/* bit only usable on 64-bit architectures */
 #define VM_HIGH_ARCH_BIT_3	35	/* bit only usable on 64-bit architectures */
 #define VM_HIGH_ARCH_BIT_4	36	/* bit only usable on 64-bit architectures */
+#define VM_HIGH_ARCH_BIT_5	37	/* bit only usable on 64-bit architectures */
 #define VM_HIGH_ARCH_0	BIT(VM_HIGH_ARCH_BIT_0)
 #define VM_HIGH_ARCH_1	BIT(VM_HIGH_ARCH_BIT_1)
 #define VM_HIGH_ARCH_2	BIT(VM_HIGH_ARCH_BIT_2)
 #define VM_HIGH_ARCH_3	BIT(VM_HIGH_ARCH_BIT_3)
 #define VM_HIGH_ARCH_4	BIT(VM_HIGH_ARCH_BIT_4)
+#define VM_HIGH_ARCH_5	BIT(VM_HIGH_ARCH_BIT_5)
 #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */
 
 #ifdef CONFIG_ARCH_HAS_PKEYS
@@ -339,6 +341,12 @@ extern unsigned int kobjsize(const void *objp);
 #endif
 #endif /* CONFIG_ARCH_HAS_PKEYS */
 
+#ifdef CONFIG_X86_USER_SHADOW_STACK
+# define VM_SHADOW_STACK	VM_HIGH_ARCH_5 /* Should not be set with VM_SHARED */
+#else
+# define VM_SHADOW_STACK	VM_NONE
+#endif
+
 #if defined(CONFIG_X86)
 # define VM_PAT		VM_ARCH_1	/* PAT reserves whole VMA at once (x86) */
 #elif defined(CONFIG_PPC)
-- 
2.34.1