1. Patchew
  2. linux
  3. [PATCH 00/35] Shadow stacks for userspace
  4. View patch

[PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack

Rick Edgecombe posted 35 patches 3 years, 10 months ago
There is a newer version of this series
[PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
Posted by Rick Edgecombe 3 years, 10 months ago 
From: Yu-cheng Yu <yu-cheng.yu@intel.com>

Shadow Stack provides protection against function return address
corruption.  It is active when the processor supports it, the kernel has
CONFIG_X86_SHADOW_STACK enabled, and the application is built for the
feature.  This is only implemented for the 64-bit kernel.  When it is
enabled, legacy non-Shadow Stack applications continue to work, but without
protection.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: Kees Cook <keescook@chromium.org>
---

Yu-cheng v25:
 - Remove X86_CET and use X86_SHADOW_STACK directly.

Yu-cheng v24:
 - Update for the splitting X86_CET to X86_SHADOW_STACK and X86_IBT.

 arch/x86/Kconfig           | 22 ++++++++++++++++++++++
 arch/x86/Kconfig.assembler |  5 +++++
 2 files changed, 27 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ebe8fc76949a..b9efa0fd906d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -26,6 +26,7 @@ config X86_64
 	depends on 64BIT
 	# Options that are inherently 64-bit kernel only:
 	select ARCH_HAS_GIGANTIC_PAGE
+	select ARCH_HAS_SHADOW_STACK
 	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
 	select ARCH_USE_CMPXCHG_LOCKREF
 	select HAVE_ARCH_SOFT_DIRTY
@@ -1940,6 +1941,27 @@ config X86_SGX
 
 	  If unsure, say N.
 
+config ARCH_HAS_SHADOW_STACK
+	def_bool n
+
+config X86_SHADOW_STACK
+	prompt "Intel Shadow Stack"
+	def_bool n
+	depends on AS_WRUSS
+	depends on ARCH_HAS_SHADOW_STACK
+	select ARCH_USES_HIGH_VMA_FLAGS
+	help
+	  Shadow Stack protection is a hardware feature that detects function
+	  return address corruption.  This helps mitigate ROP attacks.
+	  Applications must be enabled to use it, and old userspace does not
+	  get protection "for free".
+	  Support for this feature is present on Tiger Lake family of
+	  processors released in 2020 or later.  Enabling this feature
+	  increases kernel text size by 3.7 KB.
+	  See Documentation/x86/intel_cet.rst for more information.
+
+	  If unsure, say N.
+
 config EFI
 	bool "EFI runtime service support"
 	depends on ACPI
diff --git a/arch/x86/Kconfig.assembler b/arch/x86/Kconfig.assembler
index 26b8c08e2fc4..00c79dd93651 100644
--- a/arch/x86/Kconfig.assembler
+++ b/arch/x86/Kconfig.assembler
@@ -19,3 +19,8 @@ config AS_TPAUSE
 	def_bool $(as-instr,tpause %ecx)
 	help
 	  Supported by binutils >= 2.31.1 and LLVM integrated assembler >= V7
+
+config AS_WRUSS
+	def_bool $(as-instr,wrussq %rax$(comma)(%rbx))
+	help
+	  Supported by binutils >= 2.31 and LLVM integrated assembler
-- 
2.17.1
Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
Posted by Dave Hansen 3 years, 10 months ago 
On 1/30/22 13:18, Rick Edgecombe wrote:
> +config X86_SHADOW_STACK
> +	prompt "Intel Shadow Stack"
> +	def_bool n
> +	depends on AS_WRUSS
> +	depends on ARCH_HAS_SHADOW_STACK
> +	select ARCH_USES_HIGH_VMA_FLAGS
> +	help
> +	  Shadow Stack protection is a hardware feature that detects function
> +	  return address corruption.  This helps mitigate ROP attacks.
> +	  Applications must be enabled to use it, and old userspace does not
> +	  get protection "for free".
> +	  Support for this feature is present on Tiger Lake family of
> +	  processors released in 2020 or later.  Enabling this feature
> +	  increases kernel text size by 3.7 KB.

I guess the "2020" comment is still OK.  But, given that it's on AMD and
a could of other Intel models, maybe we should just leave this at:

	CPUs supporting shadow stacks were first released in 2020.

If we say anything.  We mostly want folks to just go read the
documentation if they needs more details.
Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
Posted by Thomas Gleixner 3 years, 10 months ago 
On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote:

> On 1/30/22 13:18, Rick Edgecombe wrote:
>> +config X86_SHADOW_STACK
>> +	prompt "Intel Shadow Stack"
>> +	def_bool n
>> +	depends on AS_WRUSS
>> +	depends on ARCH_HAS_SHADOW_STACK
>> +	select ARCH_USES_HIGH_VMA_FLAGS
>> +	help
>> +	  Shadow Stack protection is a hardware feature that detects function
>> +	  return address corruption.  This helps mitigate ROP attacks.
>> +	  Applications must be enabled to use it, and old userspace does not
>> +	  get protection "for free".
>> +	  Support for this feature is present on Tiger Lake family of
>> +	  processors released in 2020 or later.  Enabling this feature
>> +	  increases kernel text size by 3.7 KB.
>
> I guess the "2020" comment is still OK.  But, given that it's on AMD and
> a could of other Intel models, maybe we should just leave this at:
>
> 	CPUs supporting shadow stacks were first released in 2020.

Yes.

> If we say anything.  We mostly want folks to just go read the
> documentation if they needs more details.

Also the kernel text size increase blurb is pretty useless as that's a
number which is wrong from day one.

Thanks,

        tglx
Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
Posted by Edgecombe, Rick P 3 years, 10 months ago 
On Tue, 2022-02-08 at 09:41 +0100, Thomas Gleixner wrote:
> On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote:
> 
> > On 1/30/22 13:18, Rick Edgecombe wrote:
> > > +config X86_SHADOW_STACK
> > > +    prompt "Intel Shadow Stack"
> > > +    def_bool n
> > > +    depends on AS_WRUSS
> > > +    depends on ARCH_HAS_SHADOW_STACK
> > > +    select ARCH_USES_HIGH_VMA_FLAGS
> > > +    help
> > > +      Shadow Stack protection is a hardware feature that detects
> > > function
> > > +      return address corruption.  This helps mitigate ROP
> > > attacks.
> > > +      Applications must be enabled to use it, and old userspace
> > > does not
> > > +      get protection "for free".
> > > +      Support for this feature is present on Tiger Lake family
> > > of
> > > +      processors released in 2020 or later.  Enabling this
> > > feature
> > > +      increases kernel text size by 3.7 KB.
> > 
> > I guess the "2020" comment is still OK.  But, given that it's on
> > AMD and
> > a could of other Intel models, maybe we should just leave this at:
> > 
> >        CPUs supporting shadow stacks were first released in 2020.
> 
> Yes.
> 
> > If we say anything.  We mostly want folks to just go read the
> > documentation if they needs more details.
> 
> Also the kernel text size increase blurb is pretty useless as that's
> a
> number which is wrong from day one.

Makes sense. Thanks.
Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
Posted by Thomas Gleixner 3 years, 10 months ago 
On Sun, Jan 30 2022 at 13:18, Rick Edgecombe wrote:
> +config ARCH_HAS_SHADOW_STACK
> +	def_bool n
> +
> +config X86_SHADOW_STACK
> +	prompt "Intel Shadow Stack"

It's also available on AMD, right?

Thanks,

        tglx

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.