Re: [PATCH v6 00/41] Shadow stacks for userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Feb 18, 2023 at 01:13:52PM -0800, Rick Edgecombe wrote:
> This series implements Shadow Stacks for userspace using x86's Control-flow 
> Enforcement Technology (CET). CET consists of two related security features: 
> shadow stacks and indirect branch tracking. This series implements just the 
> shadow stack part of this feature, and just for userspace.

Okay, I've done some bare metal testing, and it all looks happy. The
selftest passes, and I can can see the stack address mismatch get
detected if I explicitly rewrite the saved function pointer on the stack:

[INFO] Want normal flow
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
[INFO] Normal execution flow
[INFO] Want to redirect
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
[INFO] Hijacked execution flow
[INFO] Enabling shadow stack
[INFO] Want to redirect
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
Segmentation fault (core dumped)

Tested-by: Kees Cook <keescook@xxxxxxxxxxxx>

-- 
Kees Cook




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux