Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751513AbeAHRSF (ORCPT + 1 other); Mon, 8 Jan 2018 12:18:05 -0500 Received: from mail-wr0-f195.google.com ([209.85.128.195]:39100 "EHLO mail-wr0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751285AbeAHRSD (ORCPT ); Mon, 8 Jan 2018 12:18:03 -0500 X-Google-Smtp-Source: ACJfBov8C/qqVyLX7Ij2zLVXbZoFb4TxcBOPUqq0lzJ1AurtKPmqzCkeMgF8YNAMXuC8+0zqEKgBqg== Date: Mon, 8 Jan 2018 18:17:59 +0100 From: Ingo Molnar To: Thomas Gleixner Cc: Willy Tarreau , linux-kernel@vger.kernel.org, x86@kernel.org, gnomes@lxorguk.ukuu.org.uk, torvalds@linux-foundation.org, Dave Hansen , Andy Lutomirski , Borislav Petkov , Peter Zijlstra , Josh Poimboeuf Subject: Re: [PATCH RFC 2/4] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI Message-ID: <20180108171759.qissiwwxyg6m7rrl@gmail.com> References: <1515427939-10999-1-git-send-email-w@1wt.eu> <1515427939-10999-3-git-send-email-w@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: * Thomas Gleixner wrote: > On Mon, 8 Jan 2018, Willy Tarreau wrote: > > This allows to report the current state of the PTI protection and to > > enable or disable it for the current task. > > > > Signed-off-by: Willy Tarreau > > --- > > arch/x86/include/uapi/asm/prctl.h | 3 +++ > > arch/x86/kernel/process_64.c | 24 ++++++++++++++++++++++++ > > 2 files changed, 27 insertions(+) > > > > diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h > > index 5a6aac9..1f1b5bc 100644 > > --- a/arch/x86/include/uapi/asm/prctl.h > > +++ b/arch/x86/include/uapi/asm/prctl.h > > @@ -10,6 +10,9 @@ > > #define ARCH_GET_CPUID 0x1011 > > #define ARCH_SET_CPUID 0x1012 > > > > +#define ARCH_GET_NOPTI 0x1021 > > +#define ARCH_SET_NOPTI 0x1022 > > + > > #define ARCH_MAP_VDSO_X32 0x2001 > > #define ARCH_MAP_VDSO_32 0x2002 > > #define ARCH_MAP_VDSO_64 0x2003 > > diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c > > index c754662..1686d3d 100644 > > --- a/arch/x86/kernel/process_64.c > > +++ b/arch/x86/kernel/process_64.c > > @@ -654,6 +654,30 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2) > > ret = put_user(base, (unsigned long __user *)arg2); > > break; > > } > > + case ARCH_GET_NOPTI: { > > + unsigned long flag; > > + > > + printk(KERN_DEBUG "get1: task=%p ti=%p fl=%16lx\n", task, task_thread_info(task), task_thread_info(task)->flags); > > + flag = !!(task_thread_info(task)->flags & _TIF_NOPTI); > > + ret = put_user(flag, (unsigned long __user *)arg2); > > + break; > > Per task is really an odd choice. That should be per process I think, but > that of course needs synchronization of some form. Aside of that we need to > think about fork(). So per task (thread) is the most natural approach to low level asm flaggery. Making it per thread also makes some sense conceptually: in a complex multi-threaded runtime implementation some threads might never execute 'untrusted' code, some might. No need to penalize the 'server' threads. Not sure we want that complexity though, and while it _should_ work I think, mostly, there might be some unexpected implications. Thanks, Ingo