Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 04, 2022 at 03:35:52PM -0700, Rick Edgecombe wrote:

> +static int shstk_setup(void)
> +{
> +	struct thread_shstk *shstk = &current->thread.shstk;
> +	unsigned long addr, size;
> +
> +	/* Already enabled */
> +	if (features_enabled(CET_SHSTK))
> +		return 0;
> +
> +	/* Also not supported for 32 bit and x32 */
> +	if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) || in_32bit_syscall())
> +		return -EOPNOTSUPP;
> +
> +	size = adjust_shstk_size(0);
> +	addr = alloc_shstk(size);
> +	if (IS_ERR_VALUE(addr))
> +		return PTR_ERR((void *)addr);
> +
> +	fpregs_lock_and_load();
> +	wrmsrl(MSR_IA32_PL3_SSP, addr + size);
> +	wrmsrl(MSR_IA32_U_CET, CET_SHSTK_EN);

This..

> +	fpregs_unlock();
> +
> +	shstk->base = addr;
> +	shstk->size = size;
> +	features_set(CET_SHSTK);
> +
> +	return 0;
> +}

> +static int shstk_disable(void)
> +{
> +	if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
> +		return -EOPNOTSUPP;
> +
> +	/* Already disabled? */
> +	if (!features_enabled(CET_SHSTK))
> +		return 0;
> +
> +	fpregs_lock_and_load();
> +	/* Disable WRSS too when disabling shadow stack */
> +	set_clr_bits_msrl(MSR_IA32_U_CET, 0, CET_SHSTK_EN);

And this... aren't very consistent in approach. Given there is no U_IBT
yet, why complicate matters like this?

> +	wrmsrl(MSR_IA32_PL3_SSP, 0);
> +	fpregs_unlock();
> +
> +	shstk_free(current);
> +	features_clr(CET_SHSTK);
> +
> +	return 0;
> +}



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux