Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp8993890ybi;
        Fri, 7 Jun 2019 01:31:30 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz2KzWPIeGTn0/Fn3/gUIjmd8IwNolAQoj1jwg9jmsjIRKmqlYqjQ0uKpIg/SIawjt1dZJE
X-Received: by 2002:aa7:83d0:: with SMTP id j16mr40141363pfn.208.1559896290059;
        Fri, 07 Jun 2019 01:31:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559896290; cv=none;
        d=google.com; s=arc-20160816;
        b=oByFHnCGsZKZ4Fx7nyzriHhg9QstJoLwe6/odKjEWIAKz7fdxRDBGoCe+fws+SNzt7
         syCveQTrZUNH4R10HPzsHcJMmvvDfq8PiOtiP9W4YgTpCZR34SdU+ObJUn6uJ3zDH97x
         8hOmLe9gG8jg0TMWha5p0fAcFylHs+AUDf1E0UzCCy984DDZWvKTcfvdm93oRqr26ZPK
         zX3HNkhQhHw/O/J66NvDrxvEj58dTyHD6658lIihb0JVrTHsHCDTQS4/zB283qJlhZuV
         kudeIem2kx8t6quTTu2dekYjvfH0DhJfGK8EbWJnyDWLUsijaznEgOaUl77IpDJrAwjg
         wQiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=T2+J8KOCU8D0FrF3JsY6TcG0OhfOJ0h4LqGgdXA+AZ0=;
        b=FgPkc662Aq1yw+Lhqr03RaikkUyX5XaA/sr1NA0SqDmUY1I7YrR+kgKQlMSePBRARA
         X9dzUIXjeZIO1Q8RyLJdZuI1LWFDwcJ65C8eMEJpHprghPQa32keTZEllrUuKA+XvUPt
         xdUEH5nPkTkxX1K+7TTqlgaVwD5fRsHSW0mS2Kp8ebEUsZn01Lu4MurXKUQX2D25WDFP
         5edl9UZNU8FZefYHhg223PNZ1fajf+Gh8h4GC2WGpo21hhB4SRdLTHqZHlu9vTGf7XqG
         PyPAdqX5rSecWgsvLEsMFMmNWM1mblFUoVCHCiPjtRW+MBatXXxUuySkD8mvcvov0+ss
         yviw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=UkJpC7dn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e7si1187958pjj.21.2019.06.07.01.31.13;
        Fri, 07 Jun 2019 01:31:30 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=UkJpC7dn;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727795AbfFGIJG (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Fri, 7 Jun 2019 04:09:06 -0400
Received: from merlin.infradead.org ([205.233.59.134]:47632 "EHLO
        merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725978AbfFGIJF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 7 Jun 2019 04:09:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
        d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version:
        References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
        Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
        Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
        List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
         bh=T2+J8KOCU8D0FrF3JsY6TcG0OhfOJ0h4LqGgdXA+AZ0=; b=UkJpC7dnl6p1BOyZG/oCTfAsK
        MCq5N2Nkf5FTQ36Pp2TRqbmVMpzuneO72NDYNJpinfN4KhVjvnSMi1SGmTI84SdmvdHpZxj3DpDlS
        l4oFrtTyTTWpHOt+Byrg8AY5dgn5Qmbsg7JVMYHaxNEm9eICXvy4+QVioPIenEOX5990R58OWw6E9
        2lwQs5Ub8efcU5WDrtjgCEPFkcvXjXaa/0b1m2HwGBwS+mMml6ETFXG7W9uC0T+hOFNtLMQCLXjLj
        k5K1dJQurVg95jcGZz8Uj7b4tJk14Th7RH7f6n09w9n57k5QK+4OXn9HCEx2swAN+cRTvcI0oKEpY
        im/2HQGTg==;
Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net)
        by merlin.infradead.org with esmtpsa (Exim 4.92 #3 (Red Hat Linux))
        id 1hZ9vO-0006Rr-2q; Fri, 07 Jun 2019 08:08:34 +0000
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000)
        id B1910202CD6B2; Fri,  7 Jun 2019 10:08:32 +0200 (CEST)
Date:   Fri, 7 Jun 2019 10:08:32 +0200
From:   Peter Zijlstra <peterz@infradead.org>
To:     Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc:     x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-mm@kvack.org,
        linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@amacapital.net>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Dave Martin <Dave.Martin@arm.com>
Subject: Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup
 function
Message-ID: <20190607080832.GT3419@hirez.programming.kicks-ass.net>
References: <20190606200926.4029-1-yu-cheng.yu@intel.com>
 <20190606200926.4029-4-yu-cheng.yu@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190606200926.4029-4-yu-cheng.yu@intel.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jun 06, 2019 at 01:09:15PM -0700, Yu-cheng Yu wrote:
> Indirect Branch Tracking (IBT) provides an optional legacy code bitmap
> that allows execution of legacy, non-IBT compatible library by an
> IBT-enabled application.  When set, each bit in the bitmap indicates
> one page of legacy code.
> 
> The bitmap is allocated and setup from the application.

> +int cet_setup_ibt_bitmap(unsigned long bitmap, unsigned long size)
> +{
> +	u64 r;
> +
> +	if (!current->thread.cet.ibt_enabled)
> +		return -EINVAL;
> +
> +	if (!PAGE_ALIGNED(bitmap) || (size > TASK_SIZE_MAX))
> +		return -EINVAL;
> +
> +	current->thread.cet.ibt_bitmap_addr = bitmap;
> +	current->thread.cet.ibt_bitmap_size = size;
> +
> +	/*
> +	 * Turn on IBT legacy bitmap.
> +	 */
> +	modify_fpu_regs_begin();
> +	rdmsrl(MSR_IA32_U_CET, r);
> +	r |= (MSR_IA32_CET_LEG_IW_EN | bitmap);
> +	wrmsrl(MSR_IA32_U_CET, r);
> +	modify_fpu_regs_end();
> +
> +	return 0;
> +}

So you just program a random user supplied address into the hardware.
What happens if there's not actually anything at that address or the
user munmap()s the data after doing this?