On Wed, Feb 03, 2021 at 02:55:27PM -0800, Yu-cheng Yu wrote: > Control-flow Enforcement Technology (CET) introduces these MSRs: > > MSR_IA32_U_CET (user-mode CET settings), > MSR_IA32_PL3_SSP (user-mode shadow stack pointer), > > MSR_IA32_PL0_SSP (kernel-mode shadow stack pointer), > MSR_IA32_PL1_SSP (Privilege Level 1 shadow stack pointer), > MSR_IA32_PL2_SSP (Privilege Level 2 shadow stack pointer), > MSR_IA32_S_CET (kernel-mode CET settings), > MSR_IA32_INT_SSP_TAB (exception shadow stack table). > > The two user-mode MSRs belong to XFEATURE_CET_USER. The first three of > kernel-mode MSRs belong to XFEATURE_CET_KERNEL. Both XSAVES states are > supervisor states. This means that there is no direct, unprivileged access > to these states, making it harder for an attacker to subvert CET. > > For sigreturn and future ptrace() support, shadow stack address and MSR > reserved bits are checked before written to the supervisor states. > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
