lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202002251321.6C21B71F@keescook>
Date:   Tue, 25 Feb 2020 13:22:47 -0800
From:   Kees Cook <keescook@...omium.org>
To:     Yu-cheng Yu <yu-cheng.yu@...el.com>
Cc:     x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-mm@...ck.org,
        linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
        Arnd Bergmann <arnd@...db.de>,
        Andy Lutomirski <luto@...nel.org>,
        Balbir Singh <bsingharora@...il.com>,
        Borislav Petkov <bp@...en8.de>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Florian Weimer <fweimer@...hat.com>,
        "H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
        Jonathan Corbet <corbet@....net>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Nadav Amit <nadav.amit@...il.com>,
        Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
        Peter Zijlstra <peterz@...radead.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@...el.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
        Dave Martin <Dave.Martin@....com>, x86-patch-review@...el.com
Subject: Re: [RFC PATCH v9 24/27] x86/cet/shstk: ELF header parsing for
 Shadow Stack

On Wed, Feb 05, 2020 at 10:19:32AM -0800, Yu-cheng Yu wrote:
> Check an ELF file's .note.gnu.property, and setup Shadow Stack if the
> application supports it.
> 
> v9:
> - Change cpu_feature_enabled() to static_cpu_has().
> 
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@...el.com>
> ---
>  arch/x86/Kconfig             |  2 ++
>  arch/x86/include/asm/elf.h   | 13 +++++++++++++
>  arch/x86/kernel/process_64.c | 31 +++++++++++++++++++++++++++++++
>  3 files changed, 46 insertions(+)
> 
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 6c34b701c588..d1447380e02e 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1987,6 +1987,8 @@ config X86_INTEL_SHADOW_STACK_USER
>  	select ARCH_USES_HIGH_VMA_FLAGS
>  	select X86_INTEL_CET
>  	select ARCH_HAS_SHSTK
> +	select ARCH_USE_GNU_PROPERTY
> +	select ARCH_BINFMT_ELF_STATE
>  	---help---
>  	  Shadow Stack (SHSTK) provides protection against program
>  	  stack corruption.  It is active when the kernel has this
> diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
> index 69c0f892e310..fac79b621e0a 100644
> --- a/arch/x86/include/asm/elf.h
> +++ b/arch/x86/include/asm/elf.h
> @@ -367,6 +367,19 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
>  					      int uses_interp);
>  #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages
>  
> +#ifdef CONFIG_ARCH_BINFMT_ELF_STATE
> +struct arch_elf_state {
> +	unsigned int gnu_property;
> +};
> +
> +#define INIT_ARCH_ELF_STATE {	\
> +	.gnu_property = 0,	\
> +}
> +
> +#define arch_elf_pt_proc(ehdr, phdr, elf, interp, state) (0)
> +#define arch_check_elf(ehdr, interp, interp_ehdr, state) (0)
> +#endif
> +
>  /* Do not change the values. See get_align_mask() */
>  enum align_flags {
>  	ALIGN_VA_32	= BIT(0),
> diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
> index 506d66830d4d..99548cde0cc6 100644
> --- a/arch/x86/kernel/process_64.c
> +++ b/arch/x86/kernel/process_64.c
> @@ -732,3 +732,34 @@ unsigned long KSTK_ESP(struct task_struct *task)
>  {
>  	return task_pt_regs(task)->sp;
>  }
> +
> +#ifdef CONFIG_ARCH_USE_GNU_PROPERTY
> +int arch_parse_elf_property(u32 type, const void *data, size_t datasz,
> +			     bool compat, struct arch_elf_state *state)
> +{
> +	if (type != GNU_PROPERTY_X86_FEATURE_1_AND)
> +		return 0;
> +
> +	if (datasz != sizeof(unsigned int))
> +		return -ENOEXEC;
> +
> +	state->gnu_property = *(unsigned int *)data;
> +	return 0;
> +}
> +
> +int arch_setup_elf_property(struct arch_elf_state *state)
> +{
> +	int r = 0;
> +
> +	memset(&current->thread.cet, 0, sizeof(struct cet_status));
> +
> +	if (static_cpu_has(X86_FEATURE_SHSTK)) {
> +		if (state->gnu_property & GNU_PROPERTY_X86_FEATURE_1_SHSTK)
> +			r = cet_setup_shstk();
> +		if (r < 0)
> +			return r;

This test is redundant; there's no loop. This can just fall through to
the final return.

-Kees

> +	}
> +
> +	return r;
> +}
> +#endif
> -- 
> 2.21.0
> 

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ