Commit 680ed2f1 authored by Mike Rapoport's avatar Mike Rapoport Committed by Dave Hansen

x86/shstk: Add ARCH_SHSTK_UNLOCK

Userspace loaders may lock features before a CRIU restore operation has
the chance to set them to whatever state is required by the process
being restored. Allow a way for CRIU to unlock features. Add it as an
arch_prctl() like the other shadow stack operations, but restrict it being
called by the ptrace arch_pctl() interface.

[Merged into recent API changes, added commit log and docs]
Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
Signed-off-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarDavid Hildenbrand <david@redhat.com>
Tested-by: default avatarPengfei Xu <pengfei.xu@intel.com>
Tested-by: default avatarJohn Allen <john.allen@amd.com>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-42-rick.p.edgecombe%40intel.com
parent 2fab02b2
...@@ -75,6 +75,10 @@ arch_prctl(ARCH_SHSTK_LOCK, unsigned long features) ...@@ -75,6 +75,10 @@ arch_prctl(ARCH_SHSTK_LOCK, unsigned long features)
are ignored. The mask is ORed with the existing value. So any feature bits are ignored. The mask is ORed with the existing value. So any feature bits
set here cannot be enabled or disabled afterwards. set here cannot be enabled or disabled afterwards.
arch_prctl(ARCH_SHSTK_UNLOCK, unsigned long features)
Unlock features. 'features' is a mask of all features to unlock. All
bits set are processed, unset bits are ignored. Only works via ptrace.
The return values are as follows. On success, return 0. On error, errno can The return values are as follows. On success, return 0. On error, errno can
be:: be::
......
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
#define ARCH_SHSTK_ENABLE 0x5001 #define ARCH_SHSTK_ENABLE 0x5001
#define ARCH_SHSTK_DISABLE 0x5002 #define ARCH_SHSTK_DISABLE 0x5002
#define ARCH_SHSTK_LOCK 0x5003 #define ARCH_SHSTK_LOCK 0x5003
#define ARCH_SHSTK_UNLOCK 0x5004
/* ARCH_SHSTK_ features bits */ /* ARCH_SHSTK_ features bits */
#define ARCH_SHSTK_SHSTK (1ULL << 0) #define ARCH_SHSTK_SHSTK (1ULL << 0)
......
...@@ -899,6 +899,7 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2) ...@@ -899,6 +899,7 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
case ARCH_SHSTK_ENABLE: case ARCH_SHSTK_ENABLE:
case ARCH_SHSTK_DISABLE: case ARCH_SHSTK_DISABLE:
case ARCH_SHSTK_LOCK: case ARCH_SHSTK_LOCK:
case ARCH_SHSTK_UNLOCK:
return shstk_prctl(task, option, arg2); return shstk_prctl(task, option, arg2);
default: default:
ret = -EINVAL; ret = -EINVAL;
......
...@@ -489,9 +489,14 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long features) ...@@ -489,9 +489,14 @@ long shstk_prctl(struct task_struct *task, int option, unsigned long features)
return 0; return 0;
} }
/* Don't allow via ptrace */ /* Only allow via ptrace */
if (task != current) if (task != current) {
if (option == ARCH_SHSTK_UNLOCK && IS_ENABLED(CONFIG_CHECKPOINT_RESTORE)) {
task->thread.features_locked &= ~features;
return 0;
}
return -EINVAL; return -EINVAL;
}
/* Do not allow to change locked features */ /* Do not allow to change locked features */
if (features & task->thread.features_locked) if (features & task->thread.features_locked)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment