Thread (59 messages) 59 messages, 6 authors, 2021-01-27

Re: [PATCH v17 02/26] x86/cet/shstk: Add Kconfig option for user-mode control-flow protection

From: Yu, Yu-cheng <hidden>
Date: 2021-01-19 18:31:33
Also in: linux-arch, linux-doc, linux-mm, lkml

On 1/19/2021 3:06 AM, Borislav Petkov wrote:
On Tue, Dec 29, 2020 at 01:30:29PM -0800, Yu-cheng Yu wrote:
quoted
Shadow Stack provides protection against function return address
corruption.  It is active when the processor supports it, the kernel has
CONFIG_X86_CET_USER enabled, and the application is built for the feature.
This is only implemented for the 64-bit kernel.  When it is enabled, legacy
non-Shadow Stack applications continue to work, but without protection.

Signed-off-by: Yu-cheng Yu <redacted>
---
  arch/x86/Kconfig           | 22 ++++++++++++++++++++++
  arch/x86/Kconfig.assembler |  5 +++++
  2 files changed, 27 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7b6dd10b162a..72cff400b9ae 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1950,6 +1950,28 @@ config X86_SGX
  
  	  If unsure, say N.
  
+config ARCH_HAS_SHADOW_STACK
+	def_bool n
+
+config X86_CET_USER
That thing needs to be X86_CET. How many times do I need to type this
before you do it?
Yes, I totally understand that now.  I was still thinking about 
separately enabling user/kernel mode.  Perhaps I should have 
communicated that thought before the change.  Sorry about that.  I will 
update it.

--
Yu-cheng
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help