Re: [RFC PATCH v6 01/26] Documentation/x86: Add CET description
From: Ingo Molnar <mingo@kernel.org>
Date: 2018-11-20 09:54:02
Also in:
linux-arch, linux-doc, linux-mm, lkml
* Yu-cheng Yu [off-list ref] wrote:
quoted hunk ↗ jump to hunk
+X86 Documentation +======================= + +Control-flow Enforcement +======================== + +.. toctree:: + :maxdepth: 1 + + intel_cetdiff --git a/Documentation/x86/intel_cet.rst b/Documentation/x86/intel_cet.rst new file mode 100644 index 000000000000..dac83bbf8a24 --- /dev/null +++ b/Documentation/x86/intel_cet.rst@@ -0,0 +1,268 @@ +.. SPDX-License-Identifier: GPL-2.0 + +========================================= +Control-flow Enforcement Technology (CET) +========================================= + +[1] Overview +============ + +Control-flow Enforcement Technology (CET) provides protection against +return/jump-oriented programming (ROP) attacks. It can be setup to +protect both the kernel and applications. In the first phase, +only the user-mode protection is implemented in 64-bit mode; 32-bit +applications are supported in compatibility mode. + +CET introduces shadow stack (SHSTK) and indirect branch tracking +(IBT). SHSTK is a secondary stack allocated from memory and cannot +be directly modified by applications. When executing a CALL, the +processor pushes a copy of the return address to SHSTK. Upon +function return, the processor pops the SHSTK copy and compares it +to the one from the program stack. If the two copies differ, the +processor raises a control-protection exception. IBT verifies all +indirect CALL/JMP targets are intended as marked by the compiler +with 'ENDBR' opcodes (see CET instructions below). + +There are two kernel configuration options: + + INTEL_X86_SHADOW_STACK_USER, and + INTEL_X86_BRANCH_TRACKING_USER. + +To build a CET-enabled kernel, Binutils v2.31 and GCC v8.1 or later +are required. To build a CET-enabled application, GLIBC v2.28 or +later is also required. + +There are two command-line options for disabling CET features: + + no_cet_shstk - disables SHSTK, and + no_cet_ibt - disables IBT. + +At run time, /proc/cpuinfo shows the availability of SHSTK and IBT.
What is the rough expected performance impact of CET on average function call frequency user applications and the kernel itself? Thanks, Ingo