From patchwork Wed Feb 3 22:58:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yu-cheng Yu X-Patchwork-Id: 12065675 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 455B6C433E6 for ; Wed, 3 Feb 2021 22:59:44 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id AEB6E64F74 for ; Wed, 3 Feb 2021 22:59:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AEB6E64F74 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 2F8AE6B0081; Wed, 3 Feb 2021 17:59:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 233FB6B0087; Wed, 3 Feb 2021 17:59:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F05BE6B0089; Wed, 3 Feb 2021 17:59:42 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0057.hostedemail.com [216.40.44.57]) by kanga.kvack.org (Postfix) with ESMTP id C742B6B0081 for ; Wed, 3 Feb 2021 17:59:42 -0500 (EST) Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 98F5D180AD81D for ; Wed, 3 Feb 2021 22:59:42 +0000 (UTC) X-FDA: 77778475404.11.chalk67_220dade275d7 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin11.hostedemail.com (Postfix) with ESMTP id 7AB2F180F8B80 for ; Wed, 3 Feb 2021 22:59:42 +0000 (UTC) X-HE-Tag: chalk67_220dade275d7 X-Filterd-Recvd-Size: 4210 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by imf15.hostedemail.com (Postfix) with ESMTP for ; Wed, 3 Feb 2021 22:59:41 +0000 (UTC) IronPort-SDR: AwlvIP6MJmZUokXlmIuzY0YO4elgTgakis3dpk8Ja+zWGZexfovedYNnK4Ml4EDm6T7LL5di7W lTkluIjd9p3w== X-IronPort-AV: E=McAfee;i="6000,8403,9884"; a="160892364" X-IronPort-AV: E=Sophos;i="5.79,399,1602572400"; d="scan'208";a="160892364" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2021 14:59:38 -0800 IronPort-SDR: hx/sv+fJRtZ5QlGY5kFKvcySAuSP0UPNqq299J1O2GMWLXV4+0uJYBmOB0IMZRgYsvkenge9h+ djOrG2bUyhVQ== X-IronPort-AV: E=Sophos;i="5.79,399,1602572400"; d="scan'208";a="392697926" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2021 14:59:37 -0800 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu Cc: Yu-cheng Yu Subject: [PATCH v19 0/7] Control-flow Enforcement: Indirect Branch Tracking Date: Wed, 3 Feb 2021 14:58:55 -0800 Message-Id: <20210203225902.479-1-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Control-flow Enforcement (CET) is a new Intel processor feature that blocks return/jump-oriented programming attacks. Details are in "Intel 64 and IA-32 Architectures Software Developer's Manual" [1]. This is the second part of CET and enables Indirect Branch Tracking (IBT). It is built on top of the shadow stack series. This version has no changes from v18. It is being re-sent as v19 to synchronize with the shadow stack series v19. [1] Intel 64 and IA-32 Architectures Software Developer's Manual: https://software.intel.com/en-us/download/intel-64-and-ia-32- architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4 [2] Indirect Branch Tracking patches v18: https://lkml.kernel.org/r/20210127213028.11362-1-yu-cheng.yu@intel.com/ H.J. Lu (3): x86/cet/ibt: Update arch_prctl functions for Indirect Branch Tracking x86/vdso/32: Add ENDBR32 to __kernel_vsyscall entry point x86/vdso: Insert endbr32/endbr64 to vDSO Yu-cheng Yu (4): x86/cet/ibt: Update Kconfig for user-mode Indirect Branch Tracking x86/cet/ibt: User-mode Indirect Branch Tracking support x86/cet/ibt: Handle signals for Indirect Branch Tracking x86/cet/ibt: Update ELF header parsing for Indirect Branch Tracking arch/x86/Kconfig | 1 + arch/x86/entry/vdso/Makefile | 4 ++ arch/x86/entry/vdso/vdso32/system_call.S | 3 ++ arch/x86/include/asm/cet.h | 3 ++ arch/x86/kernel/cet.c | 60 +++++++++++++++++++++++- arch/x86/kernel/cet_prctl.c | 5 ++ arch/x86/kernel/fpu/signal.c | 8 ++-- arch/x86/kernel/process_64.c | 8 ++++ 8 files changed, 87 insertions(+), 5 deletions(-)