x86/shstk: Wire in shadow stack interface

The kernel now has the main shadow stack functionality to support
applications. Wire in the WRSS and shadow stack enable/disable functions
into the existing shadow stack API skeleton.

Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-38-rick.p.edgecombe%40intel.com

diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c
index ea0bf113f9cfe42b337a3bd6ea254ac73a24fd06..d723cdc934749827775f5756cbe39cd2b7737240 100644 (file)
--- a/arch/x86/kernel/shstk.c
+++ b/arch/x86/kernel/shstk.c
@@ -502,9 +502,17 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long features)
                return -EINVAL;
 
        if (option == ARCH_SHSTK_DISABLE) {
+               if (features & ARCH_SHSTK_WRSS)
+                       return wrss_control(false);
+               if (features & ARCH_SHSTK_SHSTK)
+                       return shstk_disable();
                return -EINVAL;
        }
 
        /* Handle ARCH_SHSTK_ENABLE */
+       if (features & ARCH_SHSTK_SHSTK)
+               return shstk_setup();
+       if (features & ARCH_SHSTK_WRSS)
+               return wrss_control(true);
        return -EINVAL;
 }