Re: [PATCH v4 07/39] x86: Add user control-protection fault handler

[PATCH v4 00/39] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 01/39] Documentation/x86: Add CET shadow stack description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 01/39] Documentation/x86: Add CET shadow stack description · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 01/39] Documentation/x86: Add CET shadow stack description · Bagas Sanjaya <hidden> · 2022-12-03
Re: [PATCH v4 01/39] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-05
[PATCH v4 02/39] x86/shstk: Add Kconfig option for Shadow Stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 02/39] x86/shstk: Add Kconfig option for Shadow Stack · Kees Cook <hidden> · 2022-12-03
[PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Borislav Petkov <bp@alien8.de> · 2022-12-07
Re: [PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-07
Re: [PATCH v4 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Borislav Petkov <bp@alien8.de> · 2022-12-08
[PATCH v4 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-12-07
Re: [PATCH v4 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-07
[PATCH v4 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Borislav Petkov <bp@alien8.de> · 2022-12-20
Re: [PATCH v4 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
[PATCH v4 06/39] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 06/39] x86/fpu: Add helper for modifying xstate · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 06/39] x86/fpu: Add helper for modifying xstate · Borislav Petkov <bp@alien8.de> · 2022-12-20
Re: [PATCH v4 06/39] x86/fpu: Add helper for modifying xstate · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
Re: [PATCH v4 06/39] x86/fpu: Add helper for modifying xstate · Borislav Petkov <bp@alien8.de> · 2022-12-21
[PATCH v4 07/39] x86: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2022-12-20
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2022-12-21
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2023-01-04
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2022-12-20
Re: [PATCH v4 07/39] x86: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
[PATCH v4 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Borislav Petkov <bp@alien8.de> · 2022-12-20
[PATCH v4 09/39] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 10/39] x86/mm: Introduce _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 10/39] x86/mm: Introduce _PAGE_COW · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 10/39] x86/mm: Introduce _PAGE_COW · Borislav Petkov <bp@alien8.de> · 2022-12-20
Re: [PATCH v4 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-21
[PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · Borislav Petkov <bp@alien8.de> · 2022-12-27
Re: [PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-27
Re: [PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · Borislav Petkov <bp@alien8.de> · 2023-01-04
Re: [PATCH v4 11/39] x86/mm: Update pte_modify for _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-01-05
[PATCH v4 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Borislav Petkov <bp@alien8.de> · 2022-12-27
Re: [PATCH v4 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-27
Re: [PATCH v4 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Borislav Petkov <bp@alien8.de> · 2023-01-04
[PATCH v4 13/39] x86/mm: Start actually marking _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 13/39] x86/mm: Start actually marking _PAGE_COW · Kees Cook <hidden> · 2022-12-03
[PATCH v4 14/39] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 15/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 15/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Kees Cook <hidden> · 2022-12-03
[PATCH v4 16/39] x86/mm: Check Shadow Stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 16/39] x86/mm: Check Shadow Stack page fault errors · Borislav Petkov <bp@alien8.de> · 2023-01-04
Re: [PATCH v4 16/39] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-01-05
[PATCH v4 17/39] x86/mm: Update maybe_mkwrite() for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 17/39] x86/mm: Update maybe_mkwrite() for shadow stack · Kees Cook <hidden> · 2022-12-03
[PATCH v4 18/39] mm: Fixup places that call pte_mkwrite() directly · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 18/39] mm: Fixup places that call pte_mkwrite() directly · Kees Cook <hidden> · 2022-12-03
[PATCH v4 20/39] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 20/39] mm/mmap: Add shadow stack pages to memory accounting · Kees Cook <hidden> · 2022-12-03
[PATCH v4 21/39] mm/mprotect: Exclude shadow stack from preserve_write · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 21/39] mm/mprotect: Exclude shadow stack from preserve_write · Kees Cook <hidden> · 2022-12-03
[PATCH v4 19/39] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 22/39] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 23/39] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 23/39] mm: Don't allow write GUPs to shadow stack memory · Kees Cook <hidden> · 2022-12-03
[PATCH v4 24/39] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 24/39] mm: Warn on shadow stack memory in wrong vma · Kees Cook <hidden> · 2022-12-03
[PATCH v4 25/39] x86: Introduce userspace API for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 25/39] x86: Introduce userspace API for shadow stack · Kees Cook <hidden> · 2022-12-03
[PATCH v4 26/39] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 26/39] x86/shstk: Add user-mode shadow stack support · Kees Cook <hidden> · 2022-12-03
[PATCH v4 27/39] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 27/39] x86/shstk: Handle thread shadow stack · Kees Cook <hidden> · 2022-12-03
[PATCH v4 28/39] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 28/39] x86/shstk: Introduce routines modifying shstk · Kees Cook <hidden> · 2022-12-03
[PATCH v4 29/39] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 29/39] x86/shstk: Handle signals for shadow stack · Kees Cook <hidden> · 2022-12-03
[PATCH v4 30/39] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 30/39] x86/shstk: Introduce map_shadow_stack syscall · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 30/39] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-05
[PATCH v4 31/39] x86/shstk: Support wrss for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 31/39] x86/shstk: Support wrss for userspace · Kees Cook <hidden> · 2022-12-03
[PATCH v4 33/39] x86: Prevent 32 bit operations for 64 bit shstk tasks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 33/39] x86: Prevent 32 bit operations for 64 bit shstk tasks · Andy Lutomirski <luto@kernel.org> · 2022-12-03
Re: [PATCH v4 33/39] x86: Prevent 32 bit operations for 64 bit shstk tasks · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-04
Re: [PATCH v4 33/39] x86: Prevent 32 bit operations for 64 bit shstk tasks · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-15
[PATCH v4 32/39] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 32/39] x86: Expose thread features in /proc/$PID/status · Kees Cook <hidden> · 2022-12-03
[PATCH v4 34/39] x86/shstk: Wire in shadow stack interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 36/39] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 35/39] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
[PATCH v4 38/39] x86/shstk: Add ARCH_SHSTK_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 38/39] x86/shstk: Add ARCH_SHSTK_UNLOCK · Kees Cook <hidden> · 2022-12-03
[PATCH v4 37/39] x86: Add PTRACE interface for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 37/39] x86: Add PTRACE interface for shadow stack · Kees Cook <hidden> · 2022-12-03
Re: [PATCH v4 37/39] x86: Add PTRACE interface for shadow stack · Mike Rapoport <rppt@kernel.org> · 2022-12-09
Re: [PATCH v4 37/39] x86: Add PTRACE interface for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-12-09
[PATCH v4 39/39] x86/shstk: Add ARCH_SHSTK_STATUS · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-12-03
Re: [PATCH v4 39/39] x86/shstk: Add ARCH_SHSTK_STATUS · Kees Cook <hidden> · 2022-12-03

From: Kees Cook <hidden>
Date: 2022-12-03 02:28:18
Also in: linux-arch, linux-doc, linux-mm, lkml

On Fri, Dec 02, 2022 at 04:35:34PM -0800, Rick Edgecombe wrote:

From: Yu-cheng Yu <redacted>

A control-protection fault is triggered when a control-flow transfer
attempt violates Shadow Stack or Indirect Branch Tracking constraints.
For example, the return address for a RET instruction differs from the copy
on the shadow stack.

There already exists a control-protection fault handler for handling kernel
IBT. Refactor this fault handler into sparate user and kernel handlers,
like the page fault handler. Add a control-protection handler for usermode.

Keep the same behavior for the kernel side of the fault handler, except for
converting a BUG to a WARN in the case of a #CP happening when
!cpu_feature_enabled(). This unifies the behavior with the new shadow stack
code, and also prevents the kernel from crashing under this situation which
is potentially recoverable.

The control-protection fault handler works in a similar way as the general
protection fault handler. It provides the si_code SEGV_CPERR to the signal
handler.

Tested-by: Pengfei Xu <redacted>
Tested-by: John Allen <john.allen@amd.com>
Signed-off-by: Yu-cheng Yu <redacted>
Co-developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>

This looks nice cleaner to me. Thanks!

Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help