| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1528987432.13101.7.camel@2b52.sc.intel.com>
Date: Thu, 14 Jun 2018 07:43:52 -0700
From: Yu-cheng Yu <yu-cheng.yu@...el.com>
To: Balbir Singh <bsingharora@...il.com>
Cc: linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
linux-mm@...ck.org, linux-arch@...r.kernel.org, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...capital.net>,
Jonathan Corbet <corbet@....net>,
Oleg Nesterov <oleg@...hat.com>, Arnd Bergmann <arnd@...db.de>,
Mike Kravetz <mike.kravetz@...cle.com>
Subject: Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction
On Thu, 2018-06-14 at 11:30 +1000, Balbir Singh wrote:
> On Thu, 2018-06-07 at 07:37 -0700, Yu-cheng Yu wrote:
> > WRUSS is a new kernel-mode instruction but writes directly
> > to user shadow stack memory. This is used to construct
> > a return address on the shadow stack for the signal
> > handler.
> >
> > This instruction can fault if the user shadow stack is
> > invalid shadow stack memory. In that case, the kernel does
> > fixup.
> >
> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@...el.com>
> > ---
> > arch/x86/include/asm/special_insns.h | 44 +++++++++++++++++++++++++++
> > arch/x86/lib/x86-opcode-map.txt | 2 +-
> > arch/x86/mm/fault.c | 13 +++++++-
> > tools/objtool/arch/x86/lib/x86-opcode-map.txt | 2 +-
> > 4 files changed, 58 insertions(+), 3 deletions(-)
> >
> > diff --git a/arch/x86/include/asm/special_insns.h b/arch/x86/include/asm/special_insns.h
> > index 317fc59b512c..8ce532fcc171 100644
> > --- a/arch/x86/include/asm/special_insns.h
> > +++ b/arch/x86/include/asm/special_insns.h
> > @@ -237,6 +237,50 @@ static inline void clwb(volatile void *__p)
> > : [pax] "a" (p));
> > }
> >
> > +#ifdef CONFIG_X86_INTEL_CET
> > +
> > +#if defined(CONFIG_IA32_EMULATION) || defined(CONFIG_X86_X32)
> > +static inline int write_user_shstk_32(unsigned long addr, unsigned int val)
> > +{
> > + int err;
> > +
> > + asm volatile("1:.byte 0x66, 0x0f, 0x38, 0xf5, 0x37\n"
>
> It would nice to use something like ASM_WRUSS/Q like ASM_CLAC/ASM_STAC.
> Is the 0x37 spurious? I don't see addr/val being used in the instructions
> either.
>
Yes, this is being revised. We are going to require a GCC and binutils
that support CET. I will put in the WRUSS instruction, no '.byte' any
more.
Yu-cheng
Powered by blists - more mailing lists