mbox series

[v1,0/9] Add dynamic DEXCR support

Message ID 20240417112325.728010-1-bgray@linux.ibm.com (mailing list archive)
Headers show
Series Add dynamic DEXCR support | expand

Message

Benjamin Gray April 17, 2024, 11:23 a.m. UTC 
Adds support for a process to change its DEXCR value. The implementation is
somewhat conservative; SBHE (speculative branch hint enable) is not exposed
as an editable aspect because its effects can bleed over to other threads.

As explained in the third patch, this series changes the reset/inherit
behaviour on exec. Previously there was a bitmask that tracked which aspects
to copy from the current state vs resetting to a fixed default. This
allows unprivileged processes to disable ROP protection for setuid binaries
though, and is generally a weird interface to work with. The actual intent
(and new implementation) tracks the exec value as an independent value that
doesn't use the parent's DEXCR at all. The parent can control this reset value
separately to its own DEXCR value.

The other interesting part is the prctl interface. I've made the _SET, _CLEAR,
_SET_ONEXEC, and _CLEAR_ONEXEC controls each a separate flag. This makes it
easier to re-use with the getter prctl, as opposed to making set/clear a boolean
value with a separate flag for if it's 'on-exec'. With separate flags you can
return both the current and on-exec state in the getter in the same way you'd
prepare it for the setter.

There are still more features that can be added. A global switch to disable
ROP protection could be useful as an option to prevent performance degradation.
Also a prctl to randomise the hash key could be useful for when userspace knows
a fork is not going to run any parent hashes. These features could be added in
a future series (or the next version of this one :) ) though.

Benjamin Gray (9):
  selftests/powerpc/dexcr: Add -no-pie to hashchk tests
  powerpc/dexcr: Track the DEXCR per-process
  powerpc/dexcr: Reset DEXCR value across exec
  powerpc/dexcr: Add DEXCR prctl interface
  selftests/powerpc/dexcr: Add DEXCR prctl interface test
  selftests/powerpc/dexcr: Attempt to enable NPHIE in hashchk selftest
  selftests/powerpc/dexcr: Add DEXCR config details to lsdexcr
  selftests/powerpc/dexcr: Add chdexcr utility
  Documentation: Document PowerPC kernel dynamic DEXCR interface

 Documentation/arch/powerpc/dexcr.rst          | 141 +++++++++++-
 arch/powerpc/include/asm/processor.h          |  13 +-
 arch/powerpc/kernel/Makefile                  |   1 +
 arch/powerpc/kernel/dexcr.c                   | 120 ++++++++++
 arch/powerpc/kernel/process.c                 |  17 ++
 arch/powerpc/kernel/ptrace/ptrace-view.c      |   7 +-
 include/uapi/linux/prctl.h                    |  16 ++
 kernel/sys.c                                  |  16 ++
 .../selftests/powerpc/dexcr/.gitignore        |   2 +
 .../testing/selftests/powerpc/dexcr/Makefile  |   8 +-
 .../testing/selftests/powerpc/dexcr/chdexcr.c | 110 +++++++++
 tools/testing/selftests/powerpc/dexcr/dexcr.c |  40 ++++
 tools/testing/selftests/powerpc/dexcr/dexcr.h |  57 +++++
 .../selftests/powerpc/dexcr/dexcr_test.c      | 213 ++++++++++++++++++
 .../selftests/powerpc/dexcr/hashchk_test.c    |   8 +-
 .../testing/selftests/powerpc/dexcr/lsdexcr.c | 103 ++++++---
 16 files changed, 823 insertions(+), 49 deletions(-)
 create mode 100644 arch/powerpc/kernel/dexcr.c
 create mode 100644 tools/testing/selftests/powerpc/dexcr/chdexcr.c
 create mode 100644 tools/testing/selftests/powerpc/dexcr/dexcr_test.c

--
2.44.0

Comments

Michael Ellerman May 8, 2024, 1:39 p.m. UTC | #1 
On Wed, 17 Apr 2024 21:23:16 +1000, Benjamin Gray wrote:
> Adds support for a process to change its DEXCR value. The implementation is
> somewhat conservative; SBHE (speculative branch hint enable) is not exposed
> as an editable aspect because its effects can bleed over to other threads.
> 
> As explained in the third patch, this series changes the reset/inherit
> behaviour on exec. Previously there was a bitmask that tracked which aspects
> to copy from the current state vs resetting to a fixed default. This
> allows unprivileged processes to disable ROP protection for setuid binaries
> though, and is generally a weird interface to work with. The actual intent
> (and new implementation) tracks the exec value as an independent value that
> doesn't use the parent's DEXCR at all. The parent can control this reset value
> separately to its own DEXCR value.
> 
> [...]

Applied to powerpc/next.

[1/9] selftests/powerpc/dexcr: Add -no-pie to hashchk tests
      https://git.kernel.org/powerpc/c/d7228a58d9438d6f219dc7f33eab0d1980b3bd2f
[2/9] powerpc/dexcr: Track the DEXCR per-process
      https://git.kernel.org/powerpc/c/75171f06c4507c3b6b5a69d793879fb20d108bb1
[3/9] powerpc/dexcr: Reset DEXCR value across exec
      https://git.kernel.org/powerpc/c/bbd99922d0f4518518282217159666c679c6a0d1
[4/9] powerpc/dexcr: Add DEXCR prctl interface
      https://git.kernel.org/powerpc/c/628d701f2de5b9a16d1dd82bea68fd895f56f1a1
[5/9] selftests/powerpc/dexcr: Add DEXCR prctl interface test
      https://git.kernel.org/powerpc/c/5bfa66bf86d792bbcc76bc09cf99a2ae9d6e0eec
[6/9] selftests/powerpc/dexcr: Attempt to enable NPHIE in hashchk selftest
      https://git.kernel.org/powerpc/c/9930fba02a1c587849aea1e6c5688168013c065f
[7/9] selftests/powerpc/dexcr: Add DEXCR config details to lsdexcr
      https://git.kernel.org/powerpc/c/9c4866b209ad31cae7c832d45c6137ce6a993ca0
[8/9] selftests/powerpc/dexcr: Add chdexcr utility
      https://git.kernel.org/powerpc/c/f88723a609787254f7645eb6ac261b8363e8a5bc
[9/9] Documentation: Document PowerPC kernel dynamic DEXCR interface
      https://git.kernel.org/powerpc/c/9248edf31ab28723fb00900ecb8bacdb05eeefff

cheers