* Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote: > +X86 Documentation > +======================= > + > +Control-flow Enforcement > +======================== > + > +.. toctree:: > + :maxdepth: 1 > + > + intel_cet > diff --git a/Documentation/x86/intel_cet.rst b/Documentation/x86/intel_cet.rst > new file mode 100644 > index 000000000000..dac83bbf8a24 > --- /dev/null > +++ b/Documentation/x86/intel_cet.rst > @@ -0,0 +1,268 @@ > +.. SPDX-License-Identifier: GPL-2.0 > + > +========================================= > +Control-flow Enforcement Technology (CET) > +========================================= > + > +[1] Overview > +============ > + > +Control-flow Enforcement Technology (CET) provides protection against > +return/jump-oriented programming (ROP) attacks. It can be setup to > +protect both the kernel and applications. In the first phase, > +only the user-mode protection is implemented in 64-bit mode; 32-bit > +applications are supported in compatibility mode. > + > +CET introduces shadow stack (SHSTK) and indirect branch tracking > +(IBT). SHSTK is a secondary stack allocated from memory and cannot > +be directly modified by applications. When executing a CALL, the > +processor pushes a copy of the return address to SHSTK. Upon > +function return, the processor pops the SHSTK copy and compares it > +to the one from the program stack. If the two copies differ, the > +processor raises a control-protection exception. IBT verifies all > +indirect CALL/JMP targets are intended as marked by the compiler > +with 'ENDBR' opcodes (see CET instructions below). > + > +There are two kernel configuration options: > + > + INTEL_X86_SHADOW_STACK_USER, and > + INTEL_X86_BRANCH_TRACKING_USER. > + > +To build a CET-enabled kernel, Binutils v2.31 and GCC v8.1 or later > +are required. To build a CET-enabled application, GLIBC v2.28 or > +later is also required. > + > +There are two command-line options for disabling CET features: > + > + no_cet_shstk - disables SHSTK, and > + no_cet_ibt - disables IBT. > + > +At run time, /proc/cpuinfo shows the availability of SHSTK and IBT. What is the rough expected performance impact of CET on average function call frequency user applications and the kernel itself? Thanks, Ingo