Re: [PATCH v6 00/41] Shadow stacks for userspace

[PATCH v6 00/41] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 01/41] Documentation/x86: Add CET shadow stack description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 02/41] x86/shstk: Add Kconfig option for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 03/41] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 04/41] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 05/41] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 06/41] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 07/41] x86: Move control protection handler to separate file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 09/41] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 08/41] x86/shstk: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 10/41] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel() · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel() · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel() · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel() · Deepak Gupta <hidden> · 2023-03-01
[PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · Heiko Carstens <hca@linux.ibm.com> · 2023-02-23
Re: [PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-23
[PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · Michael Ellerman <mpe@ellerman.id.au> · 2023-02-20
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA · Deepak Gupta <hidden> · 2023-03-01
[PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · David Hildenbrand <hidden> · 2023-02-21
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-21
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Dave Hansen <hidden> · 2023-02-21
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · David Hildenbrand <hidden> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Dave Hansen <hidden> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · David Hildenbrand <hidden> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Kees Cook <kees@kernel.org> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Dave Hansen <hidden> · 2023-02-22
Re: [PATCH v6 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Kees Cook <hidden> · 2023-02-22
[PATCH v6 15/41] x86/mm: Update ptep/pmdp_set_wrprotect() for _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 16/41] x86/mm: Start actually marking _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 17/41] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · David Hildenbrand <hidden> · 2023-02-21
Re: [PATCH v6 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Deepak Gupta <hidden> · 2023-02-22
[PATCH v6 19/41] x86/mm: Check shadow stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 19/41] x86/mm: Check shadow stack page fault errors · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 19/41] x86/mm: Check shadow stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-22
Re: [PATCH v6 19/41] x86/mm: Check shadow stack page fault errors · David Hildenbrand <hidden> · 2023-02-23
[PATCH v6 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 20/41] x86/mm: Teach pte_mkwrite() about stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Deepak Gupta <hidden> · 2023-03-01
[PATCH v6 21/41] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 22/41] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 22/41] mm/mmap: Add shadow stack pages to memory accounting · David Hildenbrand <hidden> · 2023-02-20
Re: [PATCH v6 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 22/41] mm/mmap: Add shadow stack pages to memory accounting · David Hildenbrand <hidden> · 2023-02-21
Re: [PATCH v6 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-22
[PATCH v6 23/41] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 24/41] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 24/41] mm: Don't allow write GUPs to shadow stack memory · David Hildenbrand <hidden> · 2023-02-21
Re: [PATCH v6 24/41] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-21
[PATCH v6 25/41] x86/mm: Introduce MAP_ABOVE4G · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 25/41] x86/mm: Introduce MAP_ABOVE4G · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 25/41] x86/mm: Introduce MAP_ABOVE4G · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
[PATCH v6 26/41] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
[PATCH v6 28/41] x86: Introduce userspace API for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-02-24
Re: [PATCH v6 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-24
Re: [PATCH v6 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-02-28
Re: [PATCH v6 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-28
[PATCH v6 29/41] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 29/41] x86/shstk: Add user-mode shadow stack support · Borislav Petkov <bp@alien8.de> · 2023-02-24
Re: [PATCH v6 29/41] x86/shstk: Add user-mode shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-24
Re: [PATCH v6 29/41] x86/shstk: Add user-mode shadow stack support · Borislav Petkov <bp@alien8.de> · 2023-02-24
[PATCH v6 30/41] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 31/41] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 32/41] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 33/41] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-02-23
Re: [PATCH v6 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-23
Re: [PATCH v6 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-02-23
Re: [PATCH v6 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-23
[PATCH v6 34/41] x86/shstk: Support WRSS for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 35/41] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 36/41] x86/shstk: Wire in shadow stack interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 38/41] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 38/41] x86/fpu: Add helper for initing features · Kees Cook <hidden> · 2023-02-19
[PATCH v6 37/41] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · Kees Cook <hidden> · 2023-02-19
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · David Hildenbrand <hidden> · 2023-02-21
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-21
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · Borislav Petkov <bp@alien8.de> · 2023-02-23
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-23
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · Borislav Petkov <bp@alien8.de> · 2023-02-24
Re: [PATCH v6 37/41] selftests/x86: Add shadow stack test · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-24
[PATCH v6 39/41] x86: Add PTRACE interface for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
[PATCH v6 41/41] x86/shstk: Add ARCH_SHSTK_STATUS · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-18
Re: [PATCH v6 00/41] Shadow stacks for userspace · Kees Cook <hidden> · 2023-02-20
Re: [PATCH v6 00/41] Shadow stacks for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 00/41] Shadow stacks for userspace · Mike Rapoport <rppt@kernel.org> · 2023-02-20
Re: [PATCH v6 00/41] Shadow stacks for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-20
Re: [PATCH v6 00/41] Shadow stacks for userspace · John Allen <john.allen@amd.com> · 2023-02-20
Re: [PATCH v6 00/41] Shadow stacks for userspace · Pengfei Xu <hidden> · 2023-02-21
Re: [PATCH v6 00/41] Shadow stacks for userspace · Borislav Petkov <bp@alien8.de> · 2023-02-22
Re: [PATCH v6 00/41] Shadow stacks for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-02-22

From: Kees Cook <hidden>
Date: 2023-02-20 03:44:21
Also in: linux-arch, linux-doc, linux-mm, lkml

On Sat, Feb 18, 2023 at 01:13:52PM -0800, Rick Edgecombe wrote:

This series implements Shadow Stacks for userspace using x86's Control-flow 
Enforcement Technology (CET). CET consists of two related security features: 
shadow stacks and indirect branch tracking. This series implements just the 
shadow stack part of this feature, and just for userspace.

Okay, I've done some bare metal testing, and it all looks happy. The
selftest passes, and I can can see the stack address mismatch get
detected if I explicitly rewrite the saved function pointer on the stack:

[INFO] Want normal flow
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
[INFO] Normal execution flow
[INFO] Want to redirect
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
[INFO] Hijacked execution flow
[INFO] Enabling shadow stack
[INFO] Want to redirect
[INFO] Found 0x401890 @ 0x7fff47cf2ef8
Segmentation fault (core dumped)

Tested-by: Kees Cook <redacted>

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help