Re: [PATCH v23 23/28] x86/cet/shstk: Handle signals for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 16, 2021 at 08:10:49AM -0700, Yu-cheng Yu wrote:
> To deliver a signal, create a shadow stack restore token and put the token
> and the signal restorer address on the shadow stack.  For sigreturn, verify
> the token and restore from it the shadow stack pointer.
> 
> A shadow stack restore token marks a restore point of the shadow stack, and
> the address in a token must point directly above the token, which is within
> the same shadow stack.  This is distinctively different from other pointers
> on the shadow stack; those pointers point to executable code area.
> 
> In sigreturn, restoring from a token ensures the target address is the
> location pointed by the token.
> 
> Introduce WRUSS, which is a kernel-mode instruction but writes directly to
> user shadow stack.  It is used to construct the user signal stack as
> described above.
> 
> Currently there is no systematic facility for extending a signal context.
> Introduce a signal context extension 'struct sc_ext', which is used to save
> shadow stack restore token address and WAIT_ENDBR status.  WAIT_ENDBR will
> be introduced later in the Indirect Branch Tracking (IBT) series, but add
> that into sc_ext now to keep the struct stable in case the IBT series is
> applied later.
> 
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
>  arch/x86/ia32/ia32_signal.c            |  17 +++
>  arch/x86/include/asm/cet.h             |   8 ++
>  arch/x86/include/asm/fpu/internal.h    |  10 ++
>  arch/x86/include/asm/special_insns.h   |  32 ++++++
>  arch/x86/include/uapi/asm/sigcontext.h |   9 ++
>  arch/x86/kernel/cet.c                  | 152 +++++++++++++++++++++++++
>  arch/x86/kernel/fpu/signal.c           | 100 ++++++++++++++++
>  arch/x86/kernel/signal.c               |  10 ++
>  8 files changed, 338 insertions(+)

The commit message lacks structure in explaining what the
problem/missing functionality is and why this is solved the way it is,
with stack tokens. Here's a good example how to structure it properly:

https://git.kernel.org/tip/323950a8a98b492ac2fa168e8e4c0becfb4554dd

Also, this patch does a couple of things at once and it needs splitting
for easier review.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux