From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49BA1D1A451 for ; Sat, 12 Oct 2024 08:50:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5EFA26B0093; Sat, 12 Oct 2024 04:50:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 59FEE6B0095; Sat, 12 Oct 2024 04:50:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4677D6B0099; Sat, 12 Oct 2024 04:50:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 28E2C6B0093 for ; Sat, 12 Oct 2024 04:50:01 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2A3381614BF for ; Sat, 12 Oct 2024 08:49:55 +0000 (UTC) X-FDA: 82664327718.02.66EBDFD Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf29.hostedemail.com (Postfix) with ESMTP id A8AEB12000B for ; Sat, 12 Oct 2024 08:49:54 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iPIdILaF; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728722859; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=utkJJCfJYijT3v8mTK4UxIxMmSNTNL8SNbtJMNGl6Wg=; b=zyLnZS287idv9A8Q8TOWCIX0imAX7rKXwr/6Y2LY9fZpqH1R+1MvVDb37yISbYrd6TbCsL MpM8/vgeCMJmHeQXwEr4zMxF/+c5+5BxrsIQH0rVwHucAPjbLP8/GjDdpgJYnEEaHLD0DS bnld1ZSrDjqVZs+rEMI8n17eWn1zEvM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728722859; a=rsa-sha256; cv=none; b=M3qawrd4JHSHJLt9xTvFIaIBTKXEfyBkg9/e48tca+uYa504XGw33siQmjEmKfhuIB/N7X 2Ip3WeWYTdIxI0n+zJPgr+V5sf36tRjAV4487zSMQ2PJTGlmTUkeNi717/o3wQ/ciH+iDn R2dl2albTHfNU1qJ0wlTlpG3BBZhiLE= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=iPIdILaF; spf=pass (imf29.hostedemail.com: domain of broonie@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=broonie@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id B34E5A403F4; Sat, 12 Oct 2024 08:49:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7BF9FC4CEC6; Sat, 12 Oct 2024 08:49:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1728722998; bh=OOjwuSsXKcaVSQkqd4xe3YjH96WX/1YMJsInDhIMV20=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=iPIdILaFDoFz1wtZKlCJkMwn9k8kqfb8KQmrE3F6bmZpTeM6VitmPm5YPC6XQ582O BOEAoFqwvScxkQFM11+kaji12SQsG5J0ej5l7sXywv62HcHej4RY143kzNmVR9gOMf DIkFfBbOfFyl+8ZTPMU0orC7Jr7rwTJkEWO9a+HxQD5uig9/XHm0XCDIvw1C83YrCw KB5pFsJ0saTbeim1M1DtzBJmhBba7aZp9SkDBbAO8e1kO53+sbbLjb0Tzre+OLdB42 39Q0OMHvA7DcvAGr2U+QeH+18UXUlI17bI252XzyWiRhqFLAZtkWbVA8AJV6b6XAHp m2Pc1HufRfj+Q== Date: Sat, 12 Oct 2024 09:49:54 +0100 From: Mark Brown To: Deepak Gupta Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Andrew Morton , "Liam R. Howlett" , Vlastimil Babka , Lorenzo Stoakes , Arnd Bergmann , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, Rick Edgecombe Subject: Re: [PATCH RFC/RFT 3/3] kernel: converge common shadow stack flow agnostic to arch Message-ID: References: <20241010-shstk_converge-v1-0-631beca676e7@rivosinc.com> <20241010-shstk_converge-v1-3-631beca676e7@rivosinc.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="A9LOoEE0MvFaC/2H" Content-Disposition: inline In-Reply-To: X-Cookie: Editing is a rewording activity. X-Stat-Signature: 8c7zrzk5emqi7um57yryee9foqawgh1u X-Rspamd-Queue-Id: A8AEB12000B X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1728722994-595630 X-HE-Meta: U2FsdGVkX18hy+/ZXSoGL7O8gdf6Ix/qXx9UqCtNL1GsVD5vNY+nERcX+W5XZWFHa44i2Aq+rNEk5DwUKTXxfX5hj1Me8o7312IP/nRO3MjcxpISPlgLRTheagEN1iSPsFoV1XxiNF80NZpPan3cmnmo3kAUAi4lhc1R9IzNgV4RcoVlbtW2gWPfxZU7e8ERz4/IsgEMQLrCRQ+t8dhWNwcPsj5qqwDcv9Lzv5Crpx92w5K1n9uPXPf5xiEDjXd1Ft97xzRquD6HRLVG5+SXEJrYTyIPRSIf2pJql7dg9HocL+x/MEAoZBaeVcKuBiYATkkzCDeiPLs6VjRUgifbsV8urT99zof7OBFhuIZBLt9qGD28dehM+bqlbLzo3fPifj/UtTHjuX+o2Gewe5KF13SzaRa+1NUjPCzH8WfYAsd51mbZz7otr42s1Ts3DnTFWbaNWtYQ91rwqwjjJEz5d6nPcq7KNNbDFvNXwOfda2YTSsQSBcqeWyoSUF7Ego9Xun2Z3ES6woZryLnWaR5uoebJ3icOawlvfsFX+bVUcUFW9YdHPnF3CoIv41Vt8QrS2mMPffLMLFQrKC25sQuf1ojK8jrRCdf9fwQvNARgot3e7XJMcnKcmyHSMfc+Jd1UL9S8gKUIIoGomWiDsRLYZnhHnMrQovk5bPRDd3nhhmK+UnwgVUH0MXHq+9QSKWprsyxZ36ZHtNYw1OJ+igBwbAiOxMmlG2q5lIUsCO3wiIf9wAIfeRaWhTHE3/hfpPHr11rXUQbAS5j1Xu/D9I8trTzqZNsQvk2MkEtX7AL281sZlvxWUMclVTq/1Kw9mEap/M59O3XPFTrbuh+OyUHMCtXyWouX75YZCyfX+M4AuiXBYkSCQDtqCcE8ppRhApKXrori5Slshs/QAO+Rqmuaz1HMEWq+cIm98qj1QPVL2jpRSZp0AZi0VydtUyq6e8OPT+dXDkYUVLntJK/ofiO o5u8G+sG I2gc/L3hOXcgP0aia8U4MaK81j3MvmXvQ2Bdz/biQDCJwPW6vBWVZJ+/uRxFc0qR5V8vE7w+m6GJVtsrtqdzSP/7ryz7sz0vXvhnC4TeVMazaretF7rPZBpq+9z9o6y8ahJTo9zMeiabVgOf8Sh5j5ElK8cVXdxsoHuWX47/zjTcw8T7VY686Ipjo/dZ70fF+LJY/3swszIlCcxDeh66aVrTD3fTmRMr5Hv66w4mKSVDB02OrtYiXmnIxeY4ZatD/mx8hT4qJwYVTlpo3qS9hPFXaWzhLlLfZ3IjNSkjVlQG4l9ta/wVKOZBgWw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --A9LOoEE0MvFaC/2H Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 11, 2024 at 10:05:50AM -0700, Deepak Gupta wrote: > On Fri, Oct 11, 2024 at 01:33:05PM +0100, Mark Brown wrote: > > On Thu, Oct 10, 2024 at 05:32:05PM -0700, Deepak Gupta wrote: > > > +unsigned long alloc_shstk(unsigned long addr, unsigned long size, > > > + unsigned long token_offset, bool set_res_tok); > > > +int shstk_setup(void); > > > +int create_rstor_token(unsigned long ssp, unsigned long *token_addr); > > > +bool cpu_supports_shadow_stack(void); > > The cpu_ naming is confusing in an arm64 context, we use cpu_ for > > functions that report if a feature is supported on the current CPU and > > system_ for functions that report if a feature is enabled on the system. > hmm... > Curious. What's the difference between cpu and system? Like I say above cpu_ is for the current CPU and system_ is for the system as a whole. On a big.LITTLE system it's common to have a mix of implementations which don't have consistent feature sets. > We can ditch both cpu and system and call it > `user_shstk_supported()`. Again not a great name but all we are looking f= or > is whether user shadow stack is supported or not. That avoids the confusion so works for me. > > > +void set_thread_shstk_status(bool enable); > >=20 > > It might be better if this took the flags that the prctl() takes? It > > feels like > hmm we can do that. But I imagine it might get invoked from other flow as= well. I'd expect that any other contexts would be either copying an existing set of flags or disabling either of which should be managable. > Although instead of `bool`, we can take `unsigned long` here. It would wo= rk for now > for `prctl` and future users get options to chisel around it. > I'll do that. Sounds good. > > > +void set_thread_shstk_status(bool enable) > > > +{ > > > + arch_set_thread_shstk_status(enable); > > > +} > > arm64 can return an error here, we reject a bunch of conditions like 32 > > bit threads and locked enable status. > Ok. > You would like this error to be `bool` or an `int`? An int seems safer (eg, differentiating not supported, invalid arguments and permission failures). > > > + unsigned long addr, size; > > > + /* Already enabled */ > > > + if (is_shstk_enabled(current)) > > > + return 0; > > > + /* Also not supported for 32 bit */ > > > + if (!cpu_supports_shadow_stack() || > > > + (IS_ENABLED(CONFIG_X86_64) && in_ia32_syscall())) > > > + return -EOPNOTSUPP; > > We probably need a thread_supports_shstk(), > `is_shstk_enabled(current)` doesn't work? No, we just checked that immediately above - this is checking we're not trying to enable shadow stack on a 32 bit task so it's a per task property separate to the task already being enabled. --A9LOoEE0MvFaC/2H Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmcKOC4ACgkQJNaLcl1U h9Aq1gf9FGtFo9pI8j1iQUKz51kY2q9c2SAfvTPuu1QBa/hHhmOY8K4YqSfptDUv Xft/cmnd55SA9F97UrIMJoksLr1FozS9XcR0JADnsL3RHJp5TWAgycMpXanTpBud SAXKvT4IoBQHy2hv+IxPauTvYezO37joqcesOmtD0afiEFmkLn1aD6G02pf2GPHV NV14Tkav62eAZRsfh7W7HwzkZDDATiDeK60u+bruzqpDYUhfbMZt2gk+jiD2lPoZ LHAA2MZNultkQHQmrrbvaIp5/BzKUcVncSoqOI0yVHBe7w3WLxuwK5if1rFsOmBQ BgJxw0uQ6RNh99CVJ2Wmos3pQrKY2g== =Vhxs -----END PGP SIGNATURE----- --A9LOoEE0MvFaC/2H--