From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3044EC05027 for ; Mon, 20 Feb 2023 12:56:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F1806B0071; Mon, 20 Feb 2023 07:56:15 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C60A6B0072; Mon, 20 Feb 2023 07:56:15 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 470026B0073; Mon, 20 Feb 2023 07:56:15 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 35D756B0071 for ; Mon, 20 Feb 2023 07:56:15 -0500 (EST) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 00D50120749 for ; Mon, 20 Feb 2023 12:56:14 +0000 (UTC) X-FDA: 80487668310.24.26036B5 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf01.hostedemail.com (Postfix) with ESMTP id C24404000C for ; Mon, 20 Feb 2023 12:56:12 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UUVPdhSz; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676897772; a=rsa-sha256; cv=none; b=mi0Xr7nhXbgjHV6wMLNwt+X2U5KtZgO9LsJqDbWxzrqVJzDQyOLtV24VAECRVcZDJf7nUk b0amVpPNgefBZrtVmEVDiziH5y02xlUNPe3zOYU42Ov5tDRP9I8eRonQ4CqlRMZndCgegt gkWR+ANlbKTxvUpwKEjj7f5Oqi4Jy28= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UUVPdhSz; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676897772; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GnuE+FP8MqJnM8uTlOWJU43d7eAFCBGNdcoO7fkWHwc=; b=GhJQvLRjjCXXu0SCNNke8rO3Z5lRYqvqW/V+r5TAp9PGbQEoy0XaywtdG/3RuZwcNbcyiT WH0uUg4cDAxlBEZLrWyYfMZygcYqvm8TbNVlwFVxa2gkVJfSVdUEta+od119c09StFfcSZ j7cAc72QMaLGVkG7do3ldzZQEr6rlj4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676897772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GnuE+FP8MqJnM8uTlOWJU43d7eAFCBGNdcoO7fkWHwc=; b=UUVPdhSzjB3Wd2Azpv6Pyf1jHGE6q3+LCtwSel5zHyqdiw5B7iDj7cRf/mBsA75k98+L59 63sfmJlqM7U9JC/YfmLgKk0E/8MHRVR5iDP3O2VQTC7pXS/zfHhGTtMnUCkMgVNibytWgH S9vL6SQZZAl466dA8jcZef18bVdqrTI= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-629-izKHRXkRNwCExS1b2qHksw-1; Mon, 20 Feb 2023 07:56:11 -0500 X-MC-Unique: izKHRXkRNwCExS1b2qHksw-1 Received: by mail-wm1-f69.google.com with SMTP id j7-20020a05600c1c0700b003dc5dd44c0cso511042wms.8 for ; Mon, 20 Feb 2023 04:56:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GnuE+FP8MqJnM8uTlOWJU43d7eAFCBGNdcoO7fkWHwc=; b=s1RGmdxXNcSotSX5xbgNMRE2p8rZkNrmdlvXtt+TK/VLnmopzz9wB1LRyu14uhz949 T7P91fS/O+ZxPfNJvnr4nzRl3yAeyq2KXUhncesNRa9Z1G42KQ2J/rBu2pbbUTk4SRRZ +CPJzVIikblfk7YLDc4aK4OvEfuWS9mZJdRHtoiZbUw+2CugNPWmzABeNUDQspsAMkTA YxrMnKv7MR/43jMlYqRXZVuV7vGX76elc7hMTCWysGVtdKPvavvqGXlT502Kxi88Pe1g dsiIKogox0nyH7ribxQOmcgMrrjlp4/JVUjw5vCqpOJ++C5hiKB+oobo7A7i1s5fgrCs lnCA== X-Gm-Message-State: AO0yUKWWb/ViIkbfuGSZu3Z9NSH0Qo4vmUYH5jspzrMH7MEj6YCyIb0s sWsVk6RHUGEQjS9LcVFNkFtg+9XSSAKNdX3/JyCJD3+TQ68a3OiCA0QATOsgJxKK32inz+att78 3F7JAsUWM7Pk= X-Received: by 2002:a5d:50c4:0:b0:2c5:5ef8:fa3c with SMTP id f4-20020a5d50c4000000b002c55ef8fa3cmr1664929wrt.52.1676897769884; Mon, 20 Feb 2023 04:56:09 -0800 (PST) X-Google-Smtp-Source: AK7set+7AfOXUYCvAhkmGy5DFcawHWyJRb+ybm7J7bcPcMITmh6B+SZWusTYWwFFCaITyNI3WVqPfg== X-Received: by 2002:a5d:50c4:0:b0:2c5:5ef8:fa3c with SMTP id f4-20020a5d50c4000000b002c55ef8fa3cmr1664890wrt.52.1676897769470; Mon, 20 Feb 2023 04:56:09 -0800 (PST) Received: from ?IPV6:2003:cb:c705:8300:e519:4218:a8b5:5bec? (p200300cbc7058300e5194218a8b55bec.dip0.t-ipconnect.de. [2003:cb:c705:8300:e519:4218:a8b5:5bec]) by smtp.gmail.com with ESMTPSA id z14-20020a5d654e000000b002c5801aa9b0sm1906663wrv.40.2023.02.20.04.56.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Feb 2023 04:56:08 -0800 (PST) Message-ID: <366c0af9-850f-24b1-3133-976fa92c51e2@redhat.com> Date: Mon, 20 Feb 2023 13:56:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: Re: [PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory To: Rick Edgecombe , x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, debug@rivosinc.com Cc: Yu-cheng Yu References: <20230218211433.26859-1-rick.p.edgecombe@intel.com> <20230218211433.26859-19-rick.p.edgecombe@intel.com> From: David Hildenbrand Organization: Red Hat In-Reply-To: <20230218211433.26859-19-rick.p.edgecombe@intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: C24404000C X-Rspamd-Server: rspam01 X-Stat-Signature: or9tkuzo8em8o3qg53nktd3ypb79meo7 X-HE-Tag: 1676897772-240988 X-HE-Meta: U2FsdGVkX1/xwlOnjZYY73VwPrtERdP1VvJ+GajWN1ttOQbfQ4No1/gnRnNx7fSWoyvPJAWaT0CthSM/EAFrbKsS4xjJXzKU2YwCxxF944urUznCK/gXSWIuHA39bGILRMntv4DDo5f29hc2NkGAJG4yhFyIEIEo24cYd7f+FjyTkbfuJ2ZRrbkQ+AFkHe8w0CC6vUii70gNI4tsFZodSdiZNXCKuibgWovWTww9nciFgIKuO6lbp77bCSNLeM7+veEg8wx/X42cFLPd7+sBkUsUvWagnKRsrZcY/j2nFCkZOhw6U59vrD/14oWJ8BKwpq2g84XetUqQ2O60ZjLI1TinlrK3NIGmXyVymA54v8Lmrrot2MYs3B6l1fR6TYMCEufQ63c1AW95DgA1vSCQ1KkzgNYXLKlByaJxyDeK2mf6p6rtEKkUp81t2zgFBeca5LdTGDm4PLqrzZ8/DwL/SvQEFhNDXg7KXOiWLdO0pttc6qkwPm3rvmYzhlrFcHWu+yJCiLQc5NUo4Z59Gpl55ZDOR/i88Ja82ABKnd8JWFNS7W9ePW2WWFfnM6He/R6WwcgXIxJNf1HGOSF92V9zt9kUmapLbM/xUw8abxkQCXKA6O3NUU+n4NTSUCHI/8xm4To6z61PUunxtv7WOszK23VJknOm1889e2rVjDWFzKDn/HQljWeiSMscgwHl1aZ1RXsv6e8mTLaFceoqjZ1aoQ46Y4QZGf+Nh0npGc1MsK8g5pTkNGeTMpP26qWurGgDyEAhu0oWt50ZCCabO/mdCNDw0Sz5/psNJuXjAQOn5RxqLZ9o9aWfwRNUNmYqoDqWCuxAskqSv7UWTA5Z2bO9S94dZKkU2yx3Sg3c53dCU5hQ9ZyBLC3Qrj7V5/UGLaMCOMSdLd8smDFyXlhu19bf0UaBKsHXgo9K9e+1Zpw2eGjDG3qm4IusP/EwcePjf1CfFj6oCNdsRVcyWaGvOwi MxEw29mP NXbFDx00uY9+T3dPB+52ZS5Luc0qX8KS3itXxYZCEoNA+iNx9hZ6Pf1+qDNm3WP0iNT/sMRcX9TcRCtk3fgKKoqnYpBXAe1cG6b2i7DFmqB9XhyMASxPGWsZ1Mf68X0021nhX/V84SJOkjMqhm7wFBcl311dYT8tflO9qZRnwRTrHIXei3L1aS4xARrHjJp7eyhjdhvdJ9fq3qw1NWJ43Y+c04eAsTdZohz7Fzx0F7XrdrxC6Mi5qOofJfN76zlCQdo37Zus+P2LrWfyiiSDydBWFlGLQ65d7RHBjq++xEawcNRmBnLEAlTI5gqgsBwEI0WyWMc70BJV44AzYKqab+lMV/PHwKzwJmZPHpJ2bRJZZWGtTw8N1lv5gM0zTvDusxEbtXJa8Mr6WUykqo5Wm+Av6SjFuvm72V2tF2rxop9idOcbcFt3D/y8+dYtZvA3oq2Zw1O0R7ERYt+sV0iK5zZhGhZQSeERZZfIItFTMPwt2LhZCxLIOtZxUaiBzb4XBuEELn3HCoQb+11NH6747xe9z7spHN5gzYs9lWynj34hOcm1AXew8p5dny8QSjG25JsGWHenaayPbyomt8PMQmcCTmx7i4O9/H2/xrOHmJNFSeYPLxbv5WgZCwg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 18.02.23 22:14, Rick Edgecombe wrote: > From: Yu-cheng Yu > > The x86 Control-flow Enforcement Technology (CET) feature includes a new > type of memory called shadow stack. This shadow stack memory has some > unusual properties, which requires some core mm changes to function > properly. > > A shadow stack PTE must be read-only and have _PAGE_DIRTY set. However, > read-only and Dirty PTEs also exist for copy-on-write (COW) pages. These > two cases are handled differently for page faults. Introduce > VM_SHADOW_STACK to track shadow stack VMAs. I suggest simplifying and abstracting that description. "New hardware extensions implement support for shadow stack memory, such as x86 Control-flow Enforcement Technology (CET). Let's add a new VM flag to identify these areas, for example, to be used to properly indicate shadow stack PTEs to the hardware." > > Reviewed-by: Kees Cook > Tested-by: Pengfei Xu > Tested-by: John Allen > Signed-off-by: Yu-cheng Yu > Reviewed-by: Kirill A. Shutemov > Signed-off-by: Rick Edgecombe > Cc: Kees Cook > > --- > v6: > - Add comment about VM_SHADOW_STACK not being allowed with VM_SHARED > (David Hildenbrand) Might want to add some more meat to the patch description why that is the case. > > v3: > - Drop arch specific change in arch_vma_name(). The memory can show as > anonymous (Kirill) > - Change CONFIG_ARCH_HAS_SHADOW_STACK to CONFIG_X86_USER_SHADOW_STACK > in show_smap_vma_flags() (Boris) > --- > Documentation/filesystems/proc.rst | 1 + > fs/proc/task_mmu.c | 3 +++ > include/linux/mm.h | 8 ++++++++ > 3 files changed, 12 insertions(+) > > diff --git a/Documentation/filesystems/proc.rst b/Documentation/filesystems/proc.rst > index e224b6d5b642..115843e8cce3 100644 > --- a/Documentation/filesystems/proc.rst > +++ b/Documentation/filesystems/proc.rst > @@ -564,6 +564,7 @@ encoded manner. The codes are the following: > mt arm64 MTE allocation tags are enabled > um userfaultfd missing tracking > uw userfaultfd wr-protect tracking > + ss shadow stack page > == ======================================= > > Note that there is no guarantee that every flag and associated mnemonic will > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index af1c49ae11b1..9e2cefe47749 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -711,6 +711,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma) > #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR > [ilog2(VM_UFFD_MINOR)] = "ui", > #endif /* CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ > +#ifdef CONFIG_X86_USER_SHADOW_STACK > + [ilog2(VM_SHADOW_STACK)] = "ss", > +#endif > }; > size_t i; > > diff --git a/include/linux/mm.h b/include/linux/mm.h > index e6f1789c8e69..76e0a09aeffe 100644 > --- a/include/linux/mm.h > +++ b/include/linux/mm.h > @@ -315,11 +315,13 @@ extern unsigned int kobjsize(const void *objp); > #define VM_HIGH_ARCH_BIT_2 34 /* bit only usable on 64-bit architectures */ > #define VM_HIGH_ARCH_BIT_3 35 /* bit only usable on 64-bit architectures */ > #define VM_HIGH_ARCH_BIT_4 36 /* bit only usable on 64-bit architectures */ > +#define VM_HIGH_ARCH_BIT_5 37 /* bit only usable on 64-bit architectures */ > #define VM_HIGH_ARCH_0 BIT(VM_HIGH_ARCH_BIT_0) > #define VM_HIGH_ARCH_1 BIT(VM_HIGH_ARCH_BIT_1) > #define VM_HIGH_ARCH_2 BIT(VM_HIGH_ARCH_BIT_2) > #define VM_HIGH_ARCH_3 BIT(VM_HIGH_ARCH_BIT_3) > #define VM_HIGH_ARCH_4 BIT(VM_HIGH_ARCH_BIT_4) > +#define VM_HIGH_ARCH_5 BIT(VM_HIGH_ARCH_BIT_5) > #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */ > > #ifdef CONFIG_ARCH_HAS_PKEYS > @@ -335,6 +337,12 @@ extern unsigned int kobjsize(const void *objp); > #endif > #endif /* CONFIG_ARCH_HAS_PKEYS */ > > +#ifdef CONFIG_X86_USER_SHADOW_STACK Should we abstract this to CONFIG_ARCH_USER_SHADOW_STACK, seeing that other architectures might similarly need it? -- Thanks, David / dhildenb