mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 10:40:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

x86/shstk: Add Kconfig option for shadow stack

Browse source 
Shadow stack provides protection for applications against function return
address corruption. It is active when the processor supports it, the
kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built
for the feature. This is only implemented for the 64-bit kernel. When it
is enabled, legacy non-shadow stack applications continue to work, but
without protection.

Since there is another feature that utilizes CET (Kernel IBT) that will
share implementation with shadow stacks, create CONFIG_CET to signify
that at least one CET feature is configured.

Co-developed-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-7-rick.p.edgecombe%40intel.com
This commit is contained in:
Rick Edgecombe 2023-06-12 17:10:32 -07:00
parent fb47a799cc
commit 18e66b695e
2 changed files with 29 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

24
arch/x86/Kconfig
View file

@ -1849,6 +1849,11 @@ config CC_HAS_IBT
(CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
$(as-instr,endbr64) $(as-instr,endbr64)
config X86_CET
def_bool n
help
CET features configured (Shadow stack or IBT)
config X86_KERNEL_IBT config X86_KERNEL_IBT
prompt "Indirect Branch Tracking" prompt "Indirect Branch Tracking"
def_bool y def_bool y
@ -1856,6 +1861,7 @@ config X86_KERNEL_IBT
# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
depends on !LD_IS_LLD || LLD_VERSION >= 140000 depends on !LD_IS_LLD || LLD_VERSION >= 140000
select OBJTOOL select OBJTOOL
select X86_CET
help help
Build the kernel with support for Indirect Branch Tracking, a Build the kernel with support for Indirect Branch Tracking, a
hardware support course-grain forward-edge Control Flow Integrity hardware support course-grain forward-edge Control Flow Integrity
@ -1949,6 +1955,24 @@ config X86_SGX
If unsure, say N. If unsure, say N.
config X86_USER_SHADOW_STACK
bool "X86 userspace shadow stack"
depends on AS_WRUSS
depends on X86_64
select ARCH_USES_HIGH_VMA_FLAGS
select X86_CET
help
Shadow stack protection is a hardware feature that detects function
return address corruption. This helps mitigate ROP attacks.
Applications must be enabled to use it, and old userspace does not
get protection "for free".
CPUs supporting shadow stacks were first released in 2020.
See Documentation/x86/shstk.rst for more information.
If unsure, say N.
config EFI config EFI
bool "EFI runtime service support" bool "EFI runtime service support"
depends on ACPI depends on ACPI

5
arch/x86/Kconfig.assembler
View file

@ -24,3 +24,8 @@ config AS_GFNI
def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2) def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2)
help help
Supported by binutils >= 2.30 and LLVM integrated assembler Supported by binutils >= 2.30 and LLVM integrated assembler
config AS_WRUSS
def_bool $(as-instr,wrussq %rax$(comma)(%rbx))
help
Supported by binutils >= 2.31 and LLVM integrated assembler