On Wed, Feb 05, 2020 at 10:19:13AM -0800, Yu-cheng Yu wrote: > Introduce Kconfig option: X86_INTEL_SHADOW_STACK_USER. > > Shadow Stack (SHSTK) provides protection against function return address > corruption. It is active when the kernel has this feature enabled, and > both the processor and the application support it. When this feature is > enabled, legacy non-SHSTK applications continue to work, but without SHSTK > protection. > > The user-mode SHSTK protection is only implemented for the 64-bit kernel. > IA32 applications are supported under the compatibility mode. > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> > --- > arch/x86/Kconfig | 22 ++++++++++++++++++++++ > arch/x86/Makefile | 7 +++++++ > 2 files changed, 29 insertions(+) > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 5e8949953660..6c34b701c588 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1974,6 +1974,28 @@ config X86_INTEL_TSX_MODE_AUTO > side channel attacks- equals the tsx=auto command line parameter. > endchoice > > +config X86_INTEL_CET > + def_bool n > + > +config ARCH_HAS_SHSTK > + def_bool n > + > +config X86_INTEL_SHADOW_STACK_USER > + prompt "Intel Shadow Stack for user-mode" > + def_bool n > + depends on CPU_SUP_INTEL && X86_64 > + select ARCH_USES_HIGH_VMA_FLAGS > + select X86_INTEL_CET > + select ARCH_HAS_SHSTK > + ---help--- > + Shadow Stack (SHSTK) provides protection against program > + stack corruption. It is active when the kernel has this > + feature enabled, and the processor and the application > + support it. When this feature is enabled, legacy non-SHSTK > + applications continue to work, but without SHSTK protection. > + > + If unsure, say y. > + > config EFI > bool "EFI runtime service support" > depends on ACPI > diff --git a/arch/x86/Makefile b/arch/x86/Makefile > index 94df0868804b..c34f5befa4c8 100644 > --- a/arch/x86/Makefile > +++ b/arch/x86/Makefile > @@ -149,6 +149,13 @@ ifdef CONFIG_X86_X32 > endif > export CONFIG_X86_X32_ABI > > +# Check assembler Shadow Stack suppot > +ifdef CONFIG_X86_INTEL_SHADOW_STACK_USER > + ifeq ($(call as-instr, saveprevssp, y),) This test needs to happen in the Kconfig rather than the Makefile; the CONFIG should be unavailable if AS doesn't support the feature. -Kees > + $(error CONFIG_X86_INTEL_SHADOW_STACK_USER not supported by the assembler) > + endif > +endif > + > # > # If the function graph tracer is used with mcount instead of fentry, > # '-maccumulate-outgoing-args' is needed to prevent a GCC bug > -- > 2.21.0 > -- Kees Cook
