Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp552105ybi; Fri, 7 Jun 2019 12:31:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqwHYRenxWxKXK1eLum59zOX9VwuZtNFwmyTnf2tL/jBqDFnWqiIczd8H3caSfSP1wft8osO X-Received: by 2002:a17:90a:9503:: with SMTP id t3mr7571599pjo.47.1559935890007; Fri, 07 Jun 2019 12:31:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559935889; cv=none; d=google.com; s=arc-20160816; b=XttyaWhMDlVK8T8cSZ8akh/GYmnzDZo/57dQHzoKv6M0ovFR3FgT1/fcf1GxJb8QJ2 9dxe3sEPrylHmdMNuEm0Pe2qjh/aIpTYZBIFfLm4FLlSs5gm36qdP3YCMM9i6QmXwrun oTKzNWT2XKTI0NPGzdC/8AQ8WJxfnQFGLpi3sOYt/urjgtRFaE8F3Uon6BOgkP2N9dy6 PjuUySqtKXnY+9njLnVSi62T/1BcIxMH+mW7Oct/brpUKbKwxJinthqDi3VyQrVbETE2 ixFSqhYwDdVxOzOZx63TQBzCdmyMwJrQDtCNZMS9cwddbkZSn90X3yXoiwZp7NNW7tUF pWhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=heFTqGzCxa74r/Tzp5AQMtuX2XXW0TdT0dTj8bKZOHM=; b=xHn8QGx2iVS1e43eGWPpdHQA0bJUerj3v89ShyqUn50JicLZI0RzMqLFbn51XdWu9i EHi/hFbuOVCaMM12kmPJ1Hf0D0KGe9kXGdBn0A4yfHPMvVkX+w1Z15gqEKSDoQ6HDRlI nk+BLAdV7q1e1o0Z9csPuLxSs9N71qzFNecQqywjzT//qmNHChLnJf15DAZojXg/y6ZK mcHgY5LvBqOgJTSMQFSYmsneV62M78aVEGN5aydbW4u/z1VCUrRFh+ZuZ4zFnJTcC2Dy iWZgL0n1+KZCAJsB0Cvbj0rO6qXe4dJOJEelex5Tbyv+/6gxLAFTGV/D+m24bFaOV63a HdZA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si2987902plp.315.2019.06.07.12.31.13; Fri, 07 Jun 2019 12:31:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730786AbfFGQxF (ORCPT + 99 others); Fri, 7 Jun 2019 12:53:05 -0400 Received: from mga06.intel.com ([134.134.136.31]:40312 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729172AbfFGQxF (ORCPT ); Fri, 7 Jun 2019 12:53:05 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jun 2019 09:53:04 -0700 X-ExtLoop1: 1 Received: from yyu32-desk1.sc.intel.com ([143.183.136.147]) by fmsmga005.fm.intel.com with ESMTP; 07 Jun 2019 09:53:03 -0700 Message-ID: Subject: Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function From: Yu-cheng Yu To: Andy Lutomirski Cc: Peter Zijlstra , x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin Date: Fri, 07 Jun 2019 09:45:02 -0700 In-Reply-To: <76B7B1AE-3AEA-4162-B539-990EF3CCE2C2@amacapital.net> References: <20190606200926.4029-1-yu-cheng.yu@intel.com> <20190606200926.4029-4-yu-cheng.yu@intel.com> <20190607080832.GT3419@hirez.programming.kicks-ass.net> <76B7B1AE-3AEA-4162-B539-990EF3CCE2C2@amacapital.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.1-2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2019-06-07 at 09:35 -0700, Andy Lutomirski wrote: > > On Jun 7, 2019, at 9:23 AM, Yu-cheng Yu wrote: > > > > > On Fri, 2019-06-07 at 10:08 +0200, Peter Zijlstra wrote: > > > > On Thu, Jun 06, 2019 at 01:09:15PM -0700, Yu-cheng Yu wrote: > > > > Indirect Branch Tracking (IBT) provides an optional legacy code bitmap > > > > that allows execution of legacy, non-IBT compatible library by an > > > > IBT-enabled application. When set, each bit in the bitmap indicates > > > > one page of legacy code. > > > > > > > > The bitmap is allocated and setup from the application. > > > > +int cet_setup_ibt_bitmap(unsigned long bitmap, unsigned long size) > > > > +{ > > > > + u64 r; > > > > + > > > > + if (!current->thread.cet.ibt_enabled) > > > > + return -EINVAL; > > > > + > > > > + if (!PAGE_ALIGNED(bitmap) || (size > TASK_SIZE_MAX)) > > > > + return -EINVAL; > > > > + > > > > + current->thread.cet.ibt_bitmap_addr = bitmap; > > > > + current->thread.cet.ibt_bitmap_size = size; > > > > + > > > > + /* > > > > + * Turn on IBT legacy bitmap. > > > > + */ > > > > + modify_fpu_regs_begin(); > > > > + rdmsrl(MSR_IA32_U_CET, r); > > > > + r |= (MSR_IA32_CET_LEG_IW_EN | bitmap); > > > > + wrmsrl(MSR_IA32_U_CET, r); > > > > + modify_fpu_regs_end(); > > > > + > > > > + return 0; > > > > +} > > > > > > So you just program a random user supplied address into the hardware. > > > What happens if there's not actually anything at that address or the > > > user munmap()s the data after doing this? > > > > This function checks the bitmap's alignment and size, and anything else is > > the > > app's responsibility. What else do you think the kernel should check? > > > > One might reasonably wonder why this state is privileged in the first place > and, given that, why we’re allowing it to be written like this. > > Arguably we should have another prctl to lock these values (until exec) as a > gardening measure. We can prevent the bitmap from being set more than once. I will test it. Yu-cheng