Re: [PATCH v29 23/32] x86/cet/shstk: Add user-mode shadow stack support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/26/2021 9:25 AM, Borislav Petkov wrote:
On Fri, Aug 20, 2021 at 11:11:52AM -0700, Yu-cheng Yu wrote:
[...]
+
+int shstk_setup(void)
+{
+	struct thread_shstk *shstk = &current->thread.shstk;
+	unsigned long addr, size;
+	int err;
+
+	if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
+		return 0;
+
+	size = round_up(min_t(unsigned long long, rlimit(RLIMIT_STACK), SZ_4G), PAGE_SIZE);
+	addr = alloc_shstk(size);
+	if (IS_ERR_VALUE(addr))
+		return PTR_ERR((void *)addr);
+
+	start_update_msrs();

You're setting CET_U with the MSR writes below. Why do you need to do
XRSTOR here? To zero out PL[012]_SSP?

If so, you can WRMSR those too - no need for a full XRSTOR...


Because on context switches the whole xstates are switched together, we need to make sure all are in registers.

+	err = wrmsrl_safe(MSR_IA32_PL3_SSP, addr + size);
+	if (!err)
+		wrmsrl_safe(MSR_IA32_U_CET, CET_SHSTK_EN);
+	end_update_msrs();
+
+	if (!err) {
+		shstk->base = addr;
+		shstk->size = size;
+	}
+
+	return err;
+}




[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux