forked from mirrors/linux
x86/shstk: Add Kconfig option for shadow stack
Shadow stack provides protection for applications against function return address corruption. It is active when the processor supports it, the kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built for the feature. This is only implemented for the 64-bit kernel. When it is enabled, legacy non-shadow stack applications continue to work, but without protection. Since there is another feature that utilizes CET (Kernel IBT) that will share implementation with shadow stacks, create CONFIG_CET to signify that at least one CET feature is configured. Co-developed-by: Yu-cheng Yu <yu-cheng.yu@intel.com> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Tested-by: Pengfei Xu <pengfei.xu@intel.com> Tested-by: John Allen <john.allen@amd.com> Tested-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/all/20230613001108.3040476-7-rick.p.edgecombe%40intel.com
This commit is contained in:
Rick Edgecombe
parent
fb47a799cc
commit
18e66b695e
2 changed files with 29 additions and 0 deletions
|
|
@ -1849,6 +1849,11 @@ config CC_HAS_IBT
|
|||
(CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
|
||||
$(as-instr,endbr64)
|
||||
|
||||
config X86_CET
|
||||
def_bool n
|
||||
help
|
||||
CET features configured (Shadow stack or IBT)
|
||||
|
||||
config X86_KERNEL_IBT
|
||||
prompt "Indirect Branch Tracking"
|
||||
def_bool y
|
||||
|
|
@ -1856,6 +1861,7 @@ config X86_KERNEL_IBT
|
|||
# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
|
||||
depends on !LD_IS_LLD || LLD_VERSION >= 140000
|
||||
select OBJTOOL
|
||||
select X86_CET
|
||||
help
|
||||
Build the kernel with support for Indirect Branch Tracking, a
|
||||
hardware support course-grain forward-edge Control Flow Integrity
|
||||
|
|
@ -1949,6 +1955,24 @@ config X86_SGX
|
|||
|
||||
If unsure, say N.
|
||||
|
||||
config X86_USER_SHADOW_STACK
|
||||
bool "X86 userspace shadow stack"
|
||||
depends on AS_WRUSS
|
||||
depends on X86_64
|
||||
select ARCH_USES_HIGH_VMA_FLAGS
|
||||
select X86_CET
|
||||
help
|
||||
Shadow stack protection is a hardware feature that detects function
|
||||
return address corruption. This helps mitigate ROP attacks.
|
||||
Applications must be enabled to use it, and old userspace does not
|
||||
get protection "for free".
|
||||
|
||||
CPUs supporting shadow stacks were first released in 2020.
|
||||
|
||||
See Documentation/x86/shstk.rst for more information.
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
config EFI
|
||||
bool "EFI runtime service support"
|
||||
depends on ACPI
|
||||
|
|
|
|||
|
|
@ -24,3 +24,8 @@ config AS_GFNI
|
|||
def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2)
|
||||
help
|
||||
Supported by binutils >= 2.30 and LLVM integrated assembler
|
||||
|
||||
config AS_WRUSS
|
||||
def_bool $(as-instr,wrussq %rax$(comma)(%rbx))
|
||||
help
|
||||
Supported by binutils >= 2.31 and LLVM integrated assembler
|
||||
|
|
|
|||
Loading…
Reference in a new issue