From: Mark Brown <broonie@kernel.org>
To: Deepak Gupta <debug@rivosinc.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>,
Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Arnd Bergmann <arnd@arndb.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: Re: [PATCH RFC/RFT 3/3] kernel: converge common shadow stack flow agnostic to arch
Date: Sat, 12 Oct 2024 09:49:54 +0100 [thread overview]
Message-ID: <Zwo4MtxBpmtXzSnx@finisterre.sirena.org.uk> (raw)
In-Reply-To: <Zwla7gBxyPOK0yBC@debug.ba.rivosinc.com>
[-- Attachment #1: Type: text/plain, Size: 2786 bytes --]
On Fri, Oct 11, 2024 at 10:05:50AM -0700, Deepak Gupta wrote:
> On Fri, Oct 11, 2024 at 01:33:05PM +0100, Mark Brown wrote:
> > On Thu, Oct 10, 2024 at 05:32:05PM -0700, Deepak Gupta wrote:
> > > +unsigned long alloc_shstk(unsigned long addr, unsigned long size,
> > > + unsigned long token_offset, bool set_res_tok);
> > > +int shstk_setup(void);
> > > +int create_rstor_token(unsigned long ssp, unsigned long *token_addr);
> > > +bool cpu_supports_shadow_stack(void);
> > The cpu_ naming is confusing in an arm64 context, we use cpu_ for
> > functions that report if a feature is supported on the current CPU and
> > system_ for functions that report if a feature is enabled on the system.
> hmm...
> Curious. What's the difference between cpu and system?
Like I say above cpu_ is for the current CPU and system_ is for the
system as a whole. On a big.LITTLE system it's common to have a mix of
implementations which don't have consistent feature sets.
> We can ditch both cpu and system and call it
> `user_shstk_supported()`. Again not a great name but all we are looking for
> is whether user shadow stack is supported or not.
That avoids the confusion so works for me.
> > > +void set_thread_shstk_status(bool enable);
> >
> > It might be better if this took the flags that the prctl() takes? It
> > feels like
> hmm we can do that. But I imagine it might get invoked from other flow as well.
I'd expect that any other contexts would be either copying an existing
set of flags or disabling either of which should be managable.
> Although instead of `bool`, we can take `unsigned long` here. It would work for now
> for `prctl` and future users get options to chisel around it.
> I'll do that.
Sounds good.
> > > +void set_thread_shstk_status(bool enable)
> > > +{
> > > + arch_set_thread_shstk_status(enable);
> > > +}
> > arm64 can return an error here, we reject a bunch of conditions like 32
> > bit threads and locked enable status.
> Ok.
> You would like this error to be `bool` or an `int`?
An int seems safer (eg, differentiating not supported, invalid arguments
and permission failures).
> > > + unsigned long addr, size;
> > > + /* Already enabled */
> > > + if (is_shstk_enabled(current))
> > > + return 0;
> > > + /* Also not supported for 32 bit */
> > > + if (!cpu_supports_shadow_stack() ||
> > > + (IS_ENABLED(CONFIG_X86_64) && in_ia32_syscall()))
> > > + return -EOPNOTSUPP;
> > We probably need a thread_supports_shstk(),
> `is_shstk_enabled(current)` doesn't work?
No, we just checked that immediately above - this is checking we're not
trying to enable shadow stack on a 32 bit task so it's a per task
property separate to the task already being enabled.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
prev parent reply other threads:[~2024-10-12 8:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-11 0:32 [PATCH RFC/RFT 0/3] Converge common flows for cpu assisted shadow stack Deepak Gupta
2024-10-11 0:32 ` [PATCH RFC/RFT 1/3] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Deepak Gupta
2024-10-11 10:33 ` Mark Brown
2024-10-11 17:08 ` Deepak Gupta
2024-10-11 0:32 ` [PATCH RFC/RFT 2/3] mm: helper `is_shadow_stack_vma` to check shadow stack vma Deepak Gupta
2024-10-11 10:38 ` Mark Brown
2024-10-11 17:08 ` Deepak Gupta
2024-10-11 0:32 ` [PATCH RFC/RFT 3/3] kernel: converge common shadow stack flow agnostic to arch Deepak Gupta
2024-10-11 12:33 ` Mark Brown
2024-10-11 17:05 ` Deepak Gupta
2024-10-12 8:49 ` Mark Brown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zwo4MtxBpmtXzSnx@finisterre.sirena.org.uk \
--to=broonie@kernel.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=debug@rivosinc.com \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mingo@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox