Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp620437pxb;
        Tue, 1 Feb 2022 07:08:50 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzeUCBTlU2Cfggl0VB/JDWNMdUJJGj3TUWu/Y6Rl4Y3xEBaJ7snUNqBlsRrfv/UqcxxaoIA
X-Received: by 2002:a17:907:c01c:: with SMTP id ss28mr21317353ejc.405.1643728129455;
        Tue, 01 Feb 2022 07:08:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643728129; cv=none;
        d=google.com; s=arc-20160816;
        b=TjzAUQpFhjq0XZFcvede88O8Cisz15OIOlwAoWDyotce7qhCcbyptyaiXYLjDtGKny
         NvUuZMVJrZ2UdROShDuAxHUpMPT3o2jIHiVxkvrS/PXcYQeu+H+8IOrZ++CJYy1Qt6Wy
         lZH2F85py0NjDtDWMD8+hBO4F+vfSwiqU/qzGXP8BbFyeTHazpDilvS87NVXnB5A0HRU
         bEsA5czI2Y+XyuDjf09M62n7ZKMup/cvFO1NGbHa40jc1ytL5pDd1S1ZnR9VCemxjG8q
         FArETV9keX11q9TfYZuT7XrzFzNtnbG7YBzRAGCQt27gPKTzYuQa5xdIQWkcyImSEiIq
         4nPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:in-reply-to:message-id:date:subject
         :cc:to:from:dkim-signature;
        bh=dJJpsoaO3qQ5uU8hZ1o++/h4bfUlMiXbWWr40fQX0y4=;
        b=hYhl4TmnQiBg89Ipf6L+HCk3f1+rXXxffzFa6YsGg3oo3zBGtXdIFWmQoy1LhspDi1
         tBx8ylCD/N8rqGuxHFClwmpE+sYBhsWOr8gb+z+dH9G/korxm4j5jLOTpxhaYv+ckFvN
         uHUzgilnoxc+/jZ3OK8SJeiN7+HqQjy8cz3eFASb53WnfpVlmxlFXQyNCQoIYYdQxAS0
         15UmA4z2ZLUpdAk4wF7LpOOhcCjUAexy+l06KrBq2+qYx6Wo0/B4FuPVfI/2hKkALbnY
         8RAyPnMeZSCbSvLYc1asLircERxs00j1EOJPJBZTKYOr7v8YNJhUXJMYmCr/gLMUtRCh
         7MdQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=lWfmWDe1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b4si8823454ejl.70.2022.02.01.07.08.18;
        Tue, 01 Feb 2022 07:08:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=lWfmWDe1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1356855AbiA3V0G (ORCPT <rfc822;sshegde.linux@gmail.com>
        + 99 others); Sun, 30 Jan 2022 16:26:06 -0500
Received: from mga07.intel.com ([134.134.136.100]:9048 "EHLO mga07.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1356821AbiA3VZc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 30 Jan 2022 16:25:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1643577932; x=1675113932;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references;
  bh=qjlVyEBxxP1l305ldO+H2m7erFyvzIp4PIJC/dne3Rw=;
  b=lWfmWDe1uVtISUbhbJ8UqaWGN9/ekymjl6JmgibJFvJ/a0msOYClGzfB
   jLgH997zdon7yto4gJxJJGCxnwnHLAsEKSmmFKtq75FGKssnSTi7AYNA6
   IuD35YpPW1l/KNHb4/PTIMcRtSbQF9aL+4DXF0RWlkRkf5q4nNptlycr2
   fYwjujHg0epPhYNzpHZXLKLWNJxhBENW++5k1I3eDI3OSZe/BzmGfir0w
   9N00aTCjLubqv4ISsEKAslFThE4LENdtPN0jSKi1/bieM5hPsXm+/5qKj
   Am/hMejzL2PUiHc2Huc9U2Dc1Tcko5dBjEH+t9OQzM/5NYXk0jwk9qNyy
   Q==;
X-IronPort-AV: E=McAfee;i="6200,9189,10243"; a="310685840"
X-IronPort-AV: E=Sophos;i="5.88,329,1635231600"; 
   d="scan'208";a="310685840"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2022 13:22:14 -0800
X-IronPort-AV: E=Sophos;i="5.88,329,1635231600"; 
   d="scan'208";a="536857038"
Received: from avmallar-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.209.123.171])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2022 13:22:14 -0800
From:   Rick Edgecombe <rick.p.edgecombe@intel.com>
To:     x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-mm@kvack.org,
        linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H . J . Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V . Shankar" <ravi.v.shankar@intel.com>,
        Dave Martin <Dave.Martin@arm.com>,
        Weijiang Yang <weijiang.yang@intel.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        joao.moreira@intel.com, John Allen <john.allen@amd.com>,
        kcc@google.com, eranian@google.com
Cc:     rick.p.edgecombe@intel.com
Subject: [PATCH 35/35] x86/cpufeatures: Limit shadow stack to Intel CPUs
Date:   Sun, 30 Jan 2022 13:18:38 -0800
Message-Id: <20220130211838.8382-36-rick.p.edgecombe@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220130211838.8382-1-rick.p.edgecombe@intel.com>
References: <20220130211838.8382-1-rick.p.edgecombe@intel.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Shadow stack is supported on newer AMD processors, but the kernel
implementation has not been tested on them. Prevent basic issues from
showing up for normal users by disabling shadow stack on all CPUs except
Intel until it has been tested. At which point the limitation should be
removed.

Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---

v1:
 - New patch.

 arch/x86/kernel/cpu/common.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 9ee339f5b8ca..7fbfe707a1db 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -517,6 +517,14 @@ __setup("nopku", setup_disable_pku);
 
 static __always_inline void setup_cet(struct cpuinfo_x86 *c)
 {
+	/*
+	 * Shadow stack is supported on AMD processors, but has not been
+	 * tested. Only support it on Intel processors until this is done.
+	 * At which point, this vendor check should be removed.
+	 */
+	if (c->x86_vendor != X86_VENDOR_INTEL)
+		setup_clear_cpu_cap(X86_FEATURE_SHSTK);
+
 	if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
 		return;
 
-- 
2.17.1