| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrU6axo158CiSCRRkC4GC5hib9hypC98t7LLjA3gDaacsw@mail.gmail.com>
Date: Thu, 7 Jun 2018 11:48:35 -0700
From: Andy Lutomirski <luto@...nel.org>
To: Yu-cheng Yu <yu-cheng.yu@...el.com>
Cc: LKML <linux-kernel@...r.kernel.org>, linux-doc@...r.kernel.org,
Linux-MM <linux-mm@...ck.org>,
linux-arch <linux-arch@...r.kernel.org>, X86 ML <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. J. Lu" <hjl.tools@...il.com>,
"Shanbhogue, Vedvyas" <vedvyas.shanbhogue@...el.com>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Jonathan Corbet <corbet@....net>,
Oleg Nesterov <oleg@...hat.com>, Arnd Bergmann <arnd@...db.de>,
mike.kravetz@...cle.com
Subject: Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack
On Thu, Jun 7, 2018 at 7:41 AM Yu-cheng Yu <yu-cheng.yu@...el.com> wrote:
>
> The following operations are provided.
>
> ARCH_CET_STATUS:
> return the current CET status
>
> ARCH_CET_DISABLE:
> disable CET features
>
> ARCH_CET_LOCK:
> lock out CET features
>
> ARCH_CET_EXEC:
> set CET features for exec()
>
> ARCH_CET_ALLOC_SHSTK:
> allocate a new shadow stack
>
> ARCH_CET_PUSH_SHSTK:
> put a return address on shadow stack
>
> ARCH_CET_ALLOC_SHSTK and ARCH_CET_PUSH_SHSTK are intended only for
> the implementation of GLIBC ucontext related APIs.
Please document exactly what these all do and why. I don't understand
what purpose ARCH_CET_LOCK and ARCH_CET_EXEC serve. CET is opt in for
each ELF program, so I think there should be no need for a magic
override.
Powered by blists - more mailing lists