Re: [PATCH v10 01/26] Documentation/x86: Add CET description

[PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 02/26] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET) · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-07-23
[PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-12
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-17
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@amacapital.net> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@kernel.org> · 2020-05-20
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Peter Zijlstra <peterz@infradead.org> · 2020-05-22
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-22
[PATCH v10 06/26] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 12/26] mm: Introduce VM_SHSTK for shadow stack memory · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 11/26] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY_HW to _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 14/26] x86/mm: Update maybe_mkwrite() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 13/26] x86/mm: Shadow Stack page fault error checking · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 24/26] x86/cet/shstk: ELF header parsing for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 25/26] x86/cet/shstk: Handle thread shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 23/26] ELF: Introduce arch_setup_elf_property() · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2020-05-21
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Eugene Syromiatnikov <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
[PATCH v10 20/26] x86/cet/shstk: Handle signals for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 22/26] ELF: Add ELF program property parsing support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 19/26] x86/cet/shstk: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 21/26] ELF: UAPI and Kconfig additions for ELF program properties · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 18/26] mm: Update can_follow_write_pte() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 17/26] mm/mmap: Add shadow stack pages to memory accounting · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 16/26] mm: Add guard pages around a shadow stack. · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 15/26] mm: Fixup places that call pte_mkwrite() directly · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 10/26] x86/mm: Update pte_modify for _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 09/26] drm/i915/gvt: Change _PAGE_DIRTY to _PAGE_DIRTY_BITS · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 08/26] x86/mm: Introduce _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 07/26] x86/mm: Remove _PAGE_DIRTY_HW from kernel RO pages · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Dave Hansen <hidden> · 2020-05-07
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-07
[PATCH v10 04/26] x86/cet: Add control-protection fault handler · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24

From: Dave Hansen <hidden>
Date: 2020-05-17 23:09:44
Also in: linux-arch, linux-doc, linux-mm, lkml

On 5/15/20 7:51 PM, H.J. Lu wrote:

On Fri, May 15, 2020 at 4:56 PM Dave Hansen [off-list ref] wrote:

quoted

Let's say we have an app doing silly things like retpolines.  (Lots of
app do lots of silly things).  It gets compiled in a distro but never
runs on a system with CET.  The app gets run for the first time on a
system with CET.  App goes boom.  Not init, just some random app, say
/usr/bin/ldapsearch.

I designed and implemented CET toolchain and run-time in such a way
for it very difficult to happen.   Basically, CET won't be enabled on such
an app.

Would you care to share any specifics about how this is implemented?
That would be great information to include in the kernel documentation
because it informs us about the reasons why we don't need a kernel-based
"kill switch".

quoted

What's my recourse as an end user?  I want to run my app and turn off
CET for that app.  How can I do that?

The CET OS I designed turns CET off for you and you don't have to do
anything.

OK, cool!  Could you share some of the specifics about how it does that?

quoted

        Is it possible with the patches in this series to run a single-
        threaded binary which was has GNU_PROPERTY_X86_FEATURE_1_SHSTK
        unset to run with shadow stack protection?

Yes, you can.  I added such capabilities for testing purpose.  But
you application will crash as soon as there is a CET violation.  My
CET software design is very flexible.

Yu-cheng speficially referred to the:

	GLIBC_TUNABLES=glibc.tune.hwcaps=-SHSTK,-IBT

option.  Is that the option you're talking about?

quoted

I have a quick test that checks shadow stack and ibt in both main program and in
signals.  Currently it is public on Github.  If that is desired, I can submit it
to the mailing list.

Yes, that is desired.  It must accompany this submission.  It must also
exercise all of the new ABIs.

Our CET smoke test is for quick validation of CET OS, not just
kernel. It requires the complete CET implementation.   It does
nothing if your OS isn't CET enabled.

I think requiring the complete CET implementation to be present for this
test to work is a mistake.  We don't require anything other than an
enabled kernel and the selftests that ship with that kernel.

MPX required toolchain, library and compiler changes.  Yet, we had a
totally standalone kernel test that found real bugs.  It sounds like
this smoke test as it stands wouldn't be a great fit.  But, that
shouldn't discourage us from finding something that _is_ a good fit for
the kernel-shipped selftests.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help