Re: [PATCH v20 06/25] x86/cet: Add control-protection fault handler

From: Kees Cook
Date: Wed Feb 10 2021 - 14:37:57 EST

Next message: Nicholas Fraser: "[PATCH 3/4] perf archive: Fix filtering of empty build-ids"
Previous message: Kees Cook: "Re: [PATCH v20 07/25] x86/mm: Remove _PAGE_DIRTY from kernel RO pages"
In reply to: Yu-cheng Yu: "[PATCH v20 06/25] x86/cet: Add control-protection fault handler"
Next in thread: Andy Lutomirski: "Re: [PATCH v20 06/25] x86/cet: Add control-protection fault handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 10, 2021 at 09:56:44AM -0800, Yu-cheng Yu wrote:
> A control-protection fault is triggered when a control-flow transfer
> attempt violates Shadow Stack or Indirect Branch Tracking constraints.
> For example, the return address for a RET instruction differs from the copy
> on the shadow stack; or an indirect JMP instruction, without the NOTRACK
> prefix, arrives at a non-ENDBR opcode.
>
> The control-protection fault handler works in a similar way as the general
> protection fault handler. It provides the si_code SEGV_CPERR to the signal
> handler.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Nicholas Fraser: "[PATCH 3/4] perf archive: Fix filtering of empty build-ids"
Previous message: Kees Cook: "Re: [PATCH v20 07/25] x86/mm: Remove _PAGE_DIRTY from kernel RO pages"
In reply to: Yu-cheng Yu: "[PATCH v20 06/25] x86/cet: Add control-protection fault handler"
Next in thread: Andy Lutomirski: "Re: [PATCH v20 06/25] x86/cet: Add control-protection fault handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]