From patchwork Wed Jan 27 21:30:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12051107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CACDC433DB for ; Wed, 27 Jan 2021 21:31:03 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 239A864DC4 for ; Wed, 27 Jan 2021 21:31:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 239A864DC4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id C83EE6B0072; Wed, 27 Jan 2021 16:30:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id AE2C06B0075; Wed, 27 Jan 2021 16:30:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 87FB86B0074; Wed, 27 Jan 2021 16:30:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0126.hostedemail.com [216.40.44.126]) by kanga.kvack.org (Postfix) with ESMTP id 627AA6B0075 for ; Wed, 27 Jan 2021 16:30:54 -0500 (EST) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 2233B1EE6 for ; Wed, 27 Jan 2021 21:30:54 +0000 (UTC) X-FDA: 77752850028.10.horse84_4e0a2df2759a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin10.hostedemail.com (Postfix) with ESMTP id E603E16A4B4 for ; Wed, 27 Jan 2021 21:30:53 +0000 (UTC) X-HE-Tag: horse84_4e0a2df2759a X-Filterd-Recvd-Size: 4214 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by imf17.hostedemail.com (Postfix) with ESMTP for ; Wed, 27 Jan 2021 21:30:52 +0000 (UTC) IronPort-SDR: jr85rTb97KVj8+254bm1Ml9hx7KJlK/ItoK2FTgo/fhh+pVnO7g4Udz2HMa9P1lkVQDIRj4bkN kIFyLWHBp75Q== X-IronPort-AV: E=McAfee;i="6000,8403,9877"; a="167233429" X-IronPort-AV: E=Sophos;i="5.79,380,1602572400"; d="scan'208";a="167233429" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2021 13:30:37 -0800 IronPort-SDR: JCZZryNT2JIGNQ8KhjBAdvRReyAQrjQOFUC1VFX+JKyTx5tPmqM9d85D1rnZEOsCYVRQG2vUTg HoR9l3XFOYQw== X-IronPort-AV: E=Sophos;i="5.79,380,1602572400"; d="scan'208";a="362581352" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2021 13:30:36 -0800 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu Cc: Yu-cheng Yu Subject: [PATCH v18 0/7] Control-flow Enforcement: Indirect Branch Tracking Date: Wed, 27 Jan 2021 13:30:21 -0800 Message-Id: <20210127213028.11362-1-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Control-flow Enforcement (CET) is a new Intel processor feature that blocks return/jump-oriented programming attacks. Details are in "Intel 64 and IA-32 Architectures Software Developer's Manual" [1]. This is the second part of CET and enables Indirect Branch Tracking (IBT). It is built on top of the shadow stack series. This version has no changes from v17. It is being re-sent as v18 to synchronize with the shadow stack series v18. [1] Intel 64 and IA-32 Architectures Software Developer's Manual: https://software.intel.com/en-us/download/intel-64-and-ia-32- architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4 [2] Indirect Branch Tracking patches v17: https://lkml.kernel.org/r/20201229213350.17010-1-yu-cheng.yu@intel.com/ H.J. Lu (3): x86/cet/ibt: Update arch_prctl functions for Indirect Branch Tracking x86/vdso/32: Add ENDBR32 to __kernel_vsyscall entry point x86/vdso: Insert endbr32/endbr64 to vDSO Yu-cheng Yu (4): x86/cet/ibt: Update Kconfig for user-mode Indirect Branch Tracking x86/cet/ibt: User-mode Indirect Branch Tracking support x86/cet/ibt: Handle signals for Indirect Branch Tracking x86/cet/ibt: Update ELF header parsing for Indirect Branch Tracking arch/x86/Kconfig | 1 + arch/x86/entry/vdso/Makefile | 4 ++ arch/x86/entry/vdso/vdso32/system_call.S | 3 ++ arch/x86/include/asm/cet.h | 3 ++ arch/x86/kernel/cet.c | 60 +++++++++++++++++++++++- arch/x86/kernel/cet_prctl.c | 5 ++ arch/x86/kernel/fpu/signal.c | 8 ++-- arch/x86/kernel/process_64.c | 8 ++++ 8 files changed, 87 insertions(+), 5 deletions(-)