Google Git
Sign in
kernel/pub/scm/linux/kernel/git/rppt/linux/refs/heads/cet/kvm^!/.
commit
ebe3137f3806d50742449cb2b6d5f68f5a1c0678
[log]
author
Mike Rapoport <rppt@linux.ibm.com>
Tue May 31 12:39:00 2022 +0300
committer
Mike Rapoport <rppt@linux.ibm.com>
Tue May 31 12:39:00 2022 +0300
tree
9c855b0d7a85b32cd49ac93f7e7b2f29d1256d81
parent
6c13d37e6c4ff3a7f86c5490b3d0f4f12d0a40da [diff]
shstk: add ability to unlock shadow stack features via ptrace

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>

diff --git a/arch/x86/include/uapi/asm/prctl.h b/arch/x86/include/uapi/asm/prctl.h
index 2109769..ea2e43a 100644
--- a/arch/x86/include/uapi/asm/prctl.h
+++ b/arch/x86/include/uapi/asm/prctl.h

@@ -24,6 +24,8 @@
 #define ARCH_X86_FEATURE_DISABLE	0x3002
 #define ARCH_X86_FEATURE_LOCK		0x3003
 #define ARCH_X86_FEATURE_ENABLE		0x3004
+/* available only via ptrace(PTRACE_ARCH_PRCTL) */
+#define ARCH_X86_FEATURE_UNLOCK		0x3005
 
 /* x86 feature bits to be used with ARCH_X86_FEATURE arch_prctl()s */
 #define LINUX_X86_FEATURE_IBT		0x00000001

diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index f05fe27..0eff5cf 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c

@@ -832,6 +832,14 @@ long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2)
 		return prctl_map_vdso(&vdso_image_64, arg2);
 #endif
 
+#ifdef CONFIG_X86_SHADOW_STACK
+	case ARCH_X86_FEATURE_UNLOCK:
+		if (task == current)
+			return -EINVAL;
+		task->thread.feat_prctl_locked &= ~arg2;
+		break;
+#endif
+
 	default:
 		ret = -EINVAL;
 		break;