Re: [PATCH v15 00/26] Control-flow Enforcement: Shadow Stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/27/2020 1:29 AM, Balbir Singh wrote:
On Tue, Nov 10, 2020 at 08:21:45AM -0800, Yu-cheng Yu wrote:
Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks.  Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].

CET can protect applications and the kernel.  This series enables only
application-level protection, and has three parts:

   - Shadow stack [2],
   - Indirect branch tracking [3], and
   - Selftests [4].

I have run tests on these patches for quite some time, and they have been
very stable.  Linux distributions with CET are available now, and Intel
processors with CET are becoming available.  It would be nice if CET
support can be accepted into the kernel.  I will be working to address any
issues should they come up.


Is there a way to run these patches for testing? Bochs emulation or anything
else? I presume you've been testing against violations of CET in user space?
Can you share your testing?
Balbir Singh.


Machines with CET are already available on the market. I tested these on real machines with Fedora. There is a quick test in my earlier selftest patches:

https://lore.kernel.org/linux-api/20200521211720.20236-6-yu-cheng.yu@xxxxxxxxx/

Thanks,
Yu-cheng




[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux