[dovetail 6.6][PATCH] x86: dovetail: Fix Intel shadow stack support

xenomai.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: Jan Kiszka <jan.kiszka@siemens.com>
To: Philippe Gerum <rpm@xenomai.org>
Cc: Xenomai <xenomai@lists.linux.dev>
Subject: [dovetail 6.6][PATCH] x86: dovetail: Fix Intel shadow stack support
Date: Sat, 23 Sep 2023 11:56:16 +0200	[thread overview]
Message-ID: <20586e6d-090b-4cff-b616-e637f2e4d9d1@siemens.com> (raw)

From: Jan Kiszka <jan.kiszka@siemens.com>

Let fpregs_lock_and_load return the saved flags of fpregs_lock and make
sure that the shadow stack callers use that properly.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 arch/x86/include/asm/fpu/api.h |  2 +-
 arch/x86/kernel/fpu/core.c     |  8 ++++++--
 arch/x86/kernel/shstk.c        | 31 +++++++++++++++++++------------
 3 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/arch/x86/include/asm/fpu/api.h b/arch/x86/include/asm/fpu/api.h
index 84ce78d643792..0cd5f7642326f 100644
--- a/arch/x86/include/asm/fpu/api.h
+++ b/arch/x86/include/asm/fpu/api.h
@@ -98,7 +98,7 @@ static inline void fpregs_unlock(unsigned long flags)
  * being automatically saved/restored. Then FPU state can be modified safely in the
  * registers, before unlocking with fpregs_unlock().
  */
-void fpregs_lock_and_load(void);
+unsigned long fpregs_lock_and_load(void);
 
 #ifdef CONFIG_X86_DEBUG_FPU
 extern void fpregs_assert_state_consistent(void);
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 0d86706b962a4..85925b10ee045 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -817,8 +817,10 @@ void switch_fpu_return(void)
 }
 EXPORT_SYMBOL_GPL(switch_fpu_return);
 
-void fpregs_lock_and_load(void)
+unsigned long fpregs_lock_and_load(void)
 {
+	unsigned long flags;
+
 	/*
 	 * fpregs_lock() only disables preemption (mostly). So modifying state
 	 * in an interrupt could screw up some in progress fpregs operation.
@@ -827,12 +829,14 @@ void fpregs_lock_and_load(void)
 	WARN_ON_ONCE(!irq_fpu_usable());
 	WARN_ON_ONCE(current->flags & PF_KTHREAD);
 
-	fpregs_lock();
+	flags = fpregs_lock();
 
 	fpregs_assert_state_consistent();
 
 	if (test_thread_flag(TIF_NEED_FPU_LOAD))
 		fpregs_restore_userregs();
+
+	return flags;
 }
 
 #ifdef CONFIG_X86_DEBUG_FPU
diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c
index fd689921a1dba..fbaeb08bdc8d0 100644
--- a/arch/x86/kernel/shstk.c
+++ b/arch/x86/kernel/shstk.c
@@ -158,6 +158,7 @@ static int shstk_setup(void)
 {
 	struct thread_shstk *shstk = &current->thread.shstk;
 	unsigned long addr, size;
+	unsigned long flags;
 
 	/* Already enabled */
 	if (features_enabled(ARCH_SHSTK_SHSTK))
@@ -172,10 +173,10 @@ static int shstk_setup(void)
 	if (IS_ERR_VALUE(addr))
 		return PTR_ERR((void *)addr);
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 	wrmsrl(MSR_IA32_PL3_SSP, addr + size);
 	wrmsrl(MSR_IA32_U_CET, CET_SHSTK_EN);
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	shstk->base = addr;
 	shstk->size = size;
@@ -225,12 +226,13 @@ unsigned long shstk_alloc_thread_stack(struct task_struct *tsk, unsigned long cl
 static unsigned long get_user_shstk_addr(void)
 {
 	unsigned long long ssp;
+	unsigned long flags;
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 
 	rdmsrl(MSR_IA32_PL3_SSP, ssp);
 
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	return ssp;
 }
@@ -336,6 +338,7 @@ static int shstk_pop_sigframe(unsigned long *ssp)
 int setup_signal_shadow_stack(struct ksignal *ksig)
 {
 	void __user *restorer = ksig->ka.sa.sa_restorer;
+	unsigned long flags;
 	unsigned long ssp;
 	int err;
 
@@ -360,15 +363,16 @@ int setup_signal_shadow_stack(struct ksignal *ksig)
 	if (unlikely(err))
 		return -EFAULT;
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 	wrmsrl(MSR_IA32_PL3_SSP, ssp);
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	return 0;
 }
 
 int restore_signal_shadow_stack(void)
 {
+	unsigned long flags;
 	unsigned long ssp;
 	int err;
 
@@ -384,9 +388,9 @@ int restore_signal_shadow_stack(void)
 	if (unlikely(err))
 		return err;
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 	wrmsrl(MSR_IA32_PL3_SSP, ssp);
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	return 0;
 }
@@ -413,6 +417,7 @@ void shstk_free(struct task_struct *tsk)
 
 static int wrss_control(bool enable)
 {
+	unsigned long flags;
 	u64 msrval;
 
 	if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
@@ -430,7 +435,7 @@ static int wrss_control(bool enable)
 	if (features_enabled(ARCH_SHSTK_WRSS) == enable)
 		return 0;
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 	rdmsrl(MSR_IA32_U_CET, msrval);
 
 	if (enable) {
@@ -447,13 +452,15 @@ static int wrss_control(bool enable)
 	wrmsrl(MSR_IA32_U_CET, msrval);
 
 unlock:
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	return 0;
 }
 
 static int shstk_disable(void)
 {
+	unsigned long flags;
+
 	if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
 		return -EOPNOTSUPP;
 
@@ -461,11 +468,11 @@ static int shstk_disable(void)
 	if (!features_enabled(ARCH_SHSTK_SHSTK))
 		return 0;
 
-	fpregs_lock_and_load();
+	flags = fpregs_lock_and_load();
 	/* Disable WRSS too when disabling shadow stack */
 	wrmsrl(MSR_IA32_U_CET, 0);
 	wrmsrl(MSR_IA32_PL3_SSP, 0);
-	fpregs_unlock();
+	fpregs_unlock(flags);
 
 	shstk_free(current);
 	features_clr(ARCH_SHSTK_SHSTK | ARCH_SHSTK_WRSS);
-- 
2.35.3

next             reply	other threads:[~2023-09-23  9:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-23  9:56 Jan Kiszka [this message]
2023-09-23 10:23 ` [dovetail 6.6][PATCH] x86: dovetail: Fix Intel shadow stack support Philippe Gerum

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:84ce78d64379 dfblob:0d86706b962a dfblob:fd689921a1db
dfblob:0cd5f7642326 dfblob:85925b10ee04 dfblob:fbaeb08bdc8d
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20586e6d-090b-4cff-b616-e637f2e4d9d1@siemens.com \
    --to=jan.kiszka@siemens.com \
    --cc=rpm@xenomai.org \
    --cc=xenomai@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).