Re: [PATCH v17 02/26] x86/cet/shstk: Add Kconfig option for user-mode control-flow protection

From: Borislav Petkov
Date: Tue Jan 19 2021 - 06:30:25 EST

Next message: Christian Brauner: "Re: [PATCH] sh: Remove unused HAVE_COPY_THREAD_TLS macro"
Previous message: Daniel Bristot de Oliveira: "BUG: sleeping function called from invalid context at kernel/stop_machine.c:135"
Next in thread: Yu, Yu-cheng: "Re: [PATCH v17 02/26] x86/cet/shstk: Add Kconfig option for user-mode control-flow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 29, 2020 at 01:30:29PM -0800, Yu-cheng Yu wrote:
> Shadow Stack provides protection against function return address
> corruption. It is active when the processor supports it, the kernel has
> CONFIG_X86_CET_USER enabled, and the application is built for the feature.
> This is only implemented for the 64-bit kernel. When it is enabled, legacy
> non-Shadow Stack applications continue to work, but without protection.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> ---
> arch/x86/Kconfig | 22 ++++++++++++++++++++++
> arch/x86/Kconfig.assembler | 5 +++++
> 2 files changed, 27 insertions(+)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 7b6dd10b162a..72cff400b9ae 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1950,6 +1950,28 @@ config X86_SGX
>
> If unsure, say N.
>
> +config ARCH_HAS_SHADOW_STACK
> + def_bool n
> +
> +config X86_CET_USER

That thing needs to be X86_CET. How many times do I need to type this
before you do it?

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Christian Brauner: "Re: [PATCH] sh: Remove unused HAVE_COPY_THREAD_TLS macro"
Previous message: Daniel Bristot de Oliveira: "BUG: sleeping function called from invalid context at kernel/stop_machine.c:135"
Next in thread: Yu, Yu-cheng: "Re: [PATCH v17 02/26] x86/cet/shstk: Add Kconfig option for user-mode control-flow protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]