Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1579875pxk;
        Fri, 18 Sep 2020 17:13:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzCDadYWKWRy/Mgx49NZ/Hke28vdPCWM/Doj0e8aOFt1xaablpb4UJSDBTkred8hs6bJUzS
X-Received: by 2002:a17:906:1b11:: with SMTP id o17mr40984802ejg.67.1600474405123;
        Fri, 18 Sep 2020 17:13:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600474405; cv=none;
        d=google.com; s=arc-20160816;
        b=p9nqGz2qffO+gjZwMWj5T5OtGXVFbYZ+SsDCsQjdwTqQsz/c4zpeu756Y+eqhzbV3R
         i/jREkqDD7+oP9Uv7LtdUNc5GTNggcPozf9+tq8U/nGgtWVfkjFVavbxgmbkAGpO2pkY
         ybMHHNHoKpp6haQRthsxuDqumE707BdfrCpgXbpVGSlNFbk00dPhhIYvo9S/JIhClE1V
         Nsd2+1QIIxmJ0/qDOVVga8WOzPfrRmwFwLdKWh5EjlXXS1MHBQfOch+ahbOFGQnfkhix
         VeTow7JxoYE28Jt2f9KENrjIaZvV9WJCuf+TkSJOugdvPFH5B6Oek6fvxGKxvl5avJKA
         fe+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=3K5EJCSMclxVyW4Mr94mv3sjR1o5hjuAcuR3OE8ux1k=;
        b=sfVLud9+SWBKwk0MLCT+7Hml5YxQDX68zCii6ya+ngXAYAnz4nW/cpVXRuM4jxS1rp
         QFnmmLvsS7rvfMaDy60+eqhAUhpOgl0JBvPlp/QINfstTW4IMBhCr2NdZgKihaGlVNyY
         6fvTKHeatjQkCy974NWVdY3Aq4WQ3lJvIy69EWWlp8HJmR3Ja/hOwhBig6173pUASyx8
         B1iiYJeouKQrSDA2wKnIfiugqNtHezjiRdC58T/mzaUAczzDAy44xjNmMulLsn+fzYFl
         LK75JrCW/gMP9rl/mX0glQiXQJSAsK+9opWOzlWgb9qlBPXY0U58Ull5r/LzwcFIeGed
         DueQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=L7h6oG+U;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id cq28si3369409edb.474.2020.09.18.17.13.02;
        Fri, 18 Sep 2020 17:13:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=L7h6oG+U;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726157AbgISAME (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Fri, 18 Sep 2020 20:12:04 -0400
Received: from mail.kernel.org ([198.145.29.99]:51982 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726119AbgISAME (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Sep 2020 20:12:04 -0400
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 722AA23600
        for <linux-kernel@vger.kernel.org>; Sat, 19 Sep 2020 00:12:03 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1600474323;
        bh=etjZlYYd1IIPDO1NfKNkztbf4goZGkm6DYQVvva74MI=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=L7h6oG+UCIlVAj7i6PyxRQf7m9hC/1jmn3wsGAiTRhuPMAOQbzjvfwU1eUsohup7x
         nsEMlDfmILL1Qv9F7HCx4sxrvxUj9AqhKo2z0RWVDQolq2dDHte4dIn/vts80Gz3rj
         iLjVZ1Ydk2VK8jPEt1IyztAW9dwtHXaJ1tj9YxRE=
Received: by mail-wm1-f43.google.com with SMTP id x23so6780390wmi.3
        for <linux-kernel@vger.kernel.org>; Fri, 18 Sep 2020 17:12:03 -0700 (PDT)
X-Gm-Message-State: AOAM531Yrsss5Vu/AOuFP0ZIBckAj4wc2eheGqpKgq+8kqaJS4Mg6+cE
        +HR7x79YMeDjm4iDCYoumEvVekiXVXiYHhb94UOK6g==
X-Received: by 2002:a05:600c:4104:: with SMTP id j4mr17372943wmi.36.1600474321906;
 Fri, 18 Sep 2020 17:12:01 -0700 (PDT)
MIME-Version: 1.0
References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-9-yu-cheng.yu@intel.com>
In-Reply-To: <20200918192312.25978-9-yu-cheng.yu@intel.com>
From:   Andy Lutomirski <luto@kernel.org>
Date:   Fri, 18 Sep 2020 17:11:50 -0700
X-Gmail-Original-Message-ID: <CALCETrXfixDGJhf0yPw-OckjEdeF2SbYjWFm8VbLriiP0Krhrg@mail.gmail.com>
Message-ID: <CALCETrXfixDGJhf0yPw-OckjEdeF2SbYjWFm8VbLriiP0Krhrg@mail.gmail.com>
Subject: Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled
To:     Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc:     X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Dave Martin <Dave.Martin@arm.com>,
        Weijiang Yang <weijiang.yang@intel.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Sep 18, 2020 at 12:23 PM Yu-cheng Yu <yu-cheng.yu@intel.com> wrote:
>
> Emulation of the legacy vsyscall page is required by some programs
> built before 2013.  Newer programs after 2013 don't use it.
> Disable vsyscall emulation when Control-flow Enforcement (CET) is
> enabled to enhance security.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
> ---
> v12:
> - Disable vsyscall emulation only when it is attempted (vs. at compile time).
>
>  arch/x86/entry/vsyscall/vsyscall_64.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
> index 44c33103a955..3196e963e365 100644
> --- a/arch/x86/entry/vsyscall/vsyscall_64.c
> +++ b/arch/x86/entry/vsyscall/vsyscall_64.c
> @@ -150,6 +150,15 @@ bool emulate_vsyscall(unsigned long error_code,
>
>         WARN_ON_ONCE(address != regs->ip);
>
> +#ifdef CONFIG_X86_INTEL_CET
> +       if (current->thread.cet.shstk_size ||
> +           current->thread.cet.ibt_enabled) {
> +               warn_bad_vsyscall(KERN_INFO, regs,
> +                                 "vsyscall attempted with cet enabled");
> +               return false;
> +       }

Nope, try again.  Having IBT on does *not* mean that every library in
the process knows that we have indirect branch tracking.  The legacy
bitmap exists for a reason.  Also, I want a way to flag programs as
not using the vsyscall page, but that flag should not be called CET.
And a process with vsyscalls off should not be able to read the
vsyscall page, and /proc/self/maps should be correct.

So you have some choices:

1. Drop this patch and make it work.

2. Add a real per-process vsyscall control.  Either make it depend on
vsyscall=xonly and wire it up correctly or actually make it work
correctly with vsyscall=emulate.

NAK to any hacks in this space.  Do it right or don't do it at all.