LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Yu-cheng Yu <yu-cheng.yu@intel.com>
To: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org, x86@kernel.org,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H.J. Lu" <hjl.tools@gmail.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@amacapital.net>,
Jonathan Corbet <corbet@lwn.net>, Oleg Nesterov <oleg@redhat.com>,
Arnd Bergmann <arnd@arndb.de>,
Mike Kravetz <mike.kravetz@oracle.com>
Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
Subject: [PATCH 0/5] Control Flow Enforcement - Part (1)
Date: Thu, 7 Jun 2018 07:35:39 -0700 [thread overview]
Message-ID: <20180607143544.3477-1-yu-cheng.yu@intel.com> (raw)
Control flow enforcement technology (CET) is an upcoming Intel
processor family feature that prevents return/jmp-oriented
programming attacks. It has two components: shadow stack (SHSTK)
and indirect branch tracking (IBT).
The specification is at:
https://software.intel.com/sites/default/files/managed/4d/2a/
control-flow-enforcement-technology-preview.pdf
The SHSTK is a secondary stack allocated from system memory.
The CALL instruction stores a secure copy of the return address
on the SHSTK; the RET instruction compares the return address
from the program stack to the SHSTK copy. Any mismatch
triggers a control protection fault.
When the IBT is enabled, the processor verifies an indirect
CALL/JMP destination is an ENDBR instruction; otherwise, it
raises a control protection fault. The compiler inserts ENDBRs
at all valid branch targets.
CET can be enabled for both kernel and user mode protection.
The Linux kernel patches being posted are for user-mode
protection. They are grouped into four series:
(1) CPUID enumeration, CET XSAVES system states, and
documentation;
(2) Kernel config, exception handling, and memory management
changes;
(3) SHSTK support;
(4) IBT support, command-line tool, PTRACE.
Yu-cheng Yu (5):
x86/cpufeatures: Add CPUIDs for Control-flow Enforcement Technology
(CET)
x86/fpu/xstate: Change some names to separate XSAVES system and user
states
x86/fpu/xstate: Enable XSAVES system states
x86/fpu/xstate: Add XSAVES system states for shadow stack
Documentation/x86: Add CET description
Documentation/admin-guide/kernel-parameters.txt | 6 +
Documentation/x86/intel_cet.txt | 161 ++++++++++++++++++++++++
arch/x86/include/asm/cpufeatures.h | 2 +
arch/x86/include/asm/fpu/internal.h | 6 +-
arch/x86/include/asm/fpu/types.h | 22 ++++
arch/x86/include/asm/fpu/xstate.h | 31 ++---
arch/x86/include/uapi/asm/processor-flags.h | 2 +
arch/x86/kernel/cpu/scattered.c | 1 +
arch/x86/kernel/fpu/core.c | 11 +-
arch/x86/kernel/fpu/init.c | 10 --
arch/x86/kernel/fpu/signal.c | 6 +-
arch/x86/kernel/fpu/xstate.c | 152 +++++++++++++---------
12 files changed, 319 insertions(+), 91 deletions(-)
create mode 100644 Documentation/x86/intel_cet.txt
--
2.15.1
next reply other threads:[~2018-06-07 14:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-07 14:35 Yu-cheng Yu [this message]
2018-06-07 14:35 ` [PATCH 1/5] x86/cpufeatures: Add CPUIDs for Control-flow Enforcement Technology (CET) Yu-cheng Yu
2018-06-07 14:35 ` [PATCH 2/5] x86/fpu/xstate: Change some names to separate XSAVES system and user states Yu-cheng Yu
2018-06-07 15:38 ` Andy Lutomirski
2018-06-07 15:47 ` Yu-cheng Yu
2018-06-07 14:35 ` [PATCH 3/5] x86/fpu/xstate: Enable XSAVES system states Yu-cheng Yu
2018-06-07 14:35 ` [PATCH 4/5] x86/fpu/xstate: Add XSAVES system states for shadow stack Yu-cheng Yu
2018-06-07 14:35 ` [PATCH 5/5] Documentation/x86: Add CET description Yu-cheng Yu
2018-06-07 15:39 ` Andy Lutomirski
2018-06-07 15:49 ` Yu-cheng Yu
2018-06-09 0:10 ` Randy Dunlap
2018-06-15 11:14 ` Pavel Machek
2018-06-15 14:22 ` Yu-cheng Yu
2018-06-21 13:05 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180607143544.3477-1-yu-cheng.yu@intel.com \
--to=yu-cheng.yu@intel.com \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=vedvyas.shanbhogue@intel.com \
--cc=x86@kernel.org \
--subject='Re: [PATCH 0/5] Control Flow Enforcement - Part (1)' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).