git.maquefel.me Git - linux.git/commit

author	Rick Edgecombe <rick.p.edgecombe@intel.com>
	Tue, 13 Jun 2023 00:10:52 +0000 (17:10 -0700)
committer	Dave Hansen <dave.hansen@linux.intel.com>
	Wed, 2 Aug 2023 22:01:50 +0000 (15:01 -0700)
commit	98cfa4630912a80a575277d1bf193376ba66116a
tree	1d861154e8be4b5e1c6adb37bafd95f30ddabbc1	tree \| snapshot
parent	6ee836687a3f39f92da790d33fa9694fe0143410	commit \| diff

x86: Introduce userspace API for shadow stack

Add three new arch_prctl() handles:

- ARCH_SHSTK_ENABLE/DISABLE enables or disables the specified
   feature. Returns 0 on success or a negative value on error.

- ARCH_SHSTK_LOCK prevents future disabling or enabling of the
   specified feature. Returns 0 on success or a negative value
   on error.

The features are handled per-thread and inherited over fork(2)/clone(2),
but reset on exec().

Co-developed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-27-rick.p.edgecombe%40intel.com

arch/x86/include/asm/processor.h		diff \| blob \| history
arch/x86/include/asm/shstk.h	[new file with mode: 0644]	blob
arch/x86/include/uapi/asm/prctl.h		diff \| blob \| history
arch/x86/kernel/Makefile		diff \| blob \| history
arch/x86/kernel/process_64.c		diff \| blob \| history
arch/x86/kernel/shstk.c	[new file with mode: 0644]	blob