Re: [PATCH v3 25/37] x86/shstk: Add user-mode shadow stack support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2022-11-15 at 13:32 +0100, Peter Zijlstra wrote:
> > +     struct thread_shstk *shstk = &current->thread.shstk;
> > +     unsigned long addr, size;
> > +
> > +     /* Already enabled */
> > +     if (features_enabled(CET_SHSTK))
> > +             return 0;
> > +
> > +     /* Also not supported for 32 bit and x32 */
> > +     if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) ||
> > in_32bit_syscall())
> > +             return -EOPNOTSUPP;
> > +
> > +     size = adjust_shstk_size(0);
> > +     addr = alloc_shstk(size);
> > +     if (IS_ERR_VALUE(addr))
> > +             return PTR_ERR((void *)addr);
> > +
> > +     fpregs_lock_and_load();
> > +     wrmsrl(MSR_IA32_PL3_SSP, addr + size);
> > +     wrmsrl(MSR_IA32_U_CET, CET_SHSTK_EN);
> 
> This..
> 
> > +     fpregs_unlock();
> > +
> > +     shstk->base = addr;
> > +     shstk->size = size;
> > +     features_set(CET_SHSTK);
> > +
> > +     return 0;
> > +}
> > +static int shstk_disable(void)
> > +{
> > +     if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
> > +             return -EOPNOTSUPP;
> > +
> > +     /* Already disabled? */
> > +     if (!features_enabled(CET_SHSTK))
> > +             return 0;
> > +
> > +     fpregs_lock_and_load();
> > +     /* Disable WRSS too when disabling shadow stack */

Oops, this comment is in wrong patch.

> > +     set_clr_bits_msrl(MSR_IA32_U_CET, 0, CET_SHSTK_EN);
> 
> And this... aren't very consistent in approach. Given there is no
> U_IBT
> yet, why complicate matters like this?

Sure, I can change it.




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux