| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <597fb45a-cb94-e8e7-8e80-45a26766d32a@intel.com>
Date: Wed, 26 Feb 2020 09:03:08 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Yu-cheng Yu <yu-cheng.yu@...el.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>, x86-patch-review@...el.com
Subject: Re: [RFC PATCH v9 05/27] x86/cet/shstk: Add Kconfig option for
user-mode Shadow Stack protection
On 2/5/20 10:19 AM, Yu-cheng Yu wrote:
> Introduce Kconfig option: X86_INTEL_SHADOW_STACK_USER.
>
> Shadow Stack (SHSTK) provides protection against function return address
> corruption. It is active when the kernel has this feature enabled, and
> both the processor and the application support it. When this feature is
> enabled, legacy non-SHSTK applications continue to work, but without SHSTK
> protection.
>
> The user-mode SHSTK protection is only implemented for the 64-bit kernel.
> IA32 applications are supported under the compatibility mode.
I think what you're trying to say here is that the hardware supports
shadow stacks with 32-bit kernels. However, this series does not
include that support and we have no plans to add it.
Right?
I'll let others weigh in, but I rather dislike the use of acronyms here.
I'd much rather see the english "shadow stack" everywhere than SHSTK.
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 5e8949953660..6c34b701c588 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1974,6 +1974,28 @@ config X86_INTEL_TSX_MODE_AUTO
> side channel attacks- equals the tsx=auto command line parameter.
> endchoice
>
> +config X86_INTEL_CET
> + def_bool n
> +
> +config ARCH_HAS_SHSTK
> + def_bool n
> +
> +config X86_INTEL_SHADOW_STACK_USER
> + prompt "Intel Shadow Stack for user-mode"
Nit: this whole thing is to support more than a single stack. I'd make
this plural at least in the text: "shadow stacks".
> + def_bool n
> + depends on CPU_SUP_INTEL && X86_64
> + select ARCH_USES_HIGH_VMA_FLAGS
> + select X86_INTEL_CET
> + select ARCH_HAS_SHSTK
> + ---help---
> + Shadow Stack (SHSTK) provides protection against program
> + stack corruption. It is active when the kernel has this
> + feature enabled, and the processor and the application
> + support it. When this feature is enabled, legacy non-SHSTK
> + applications continue to work, but without SHSTK protection.
> +
> + If unsure, say y.
This is missing a *lot* of information.
What matters to someone turning this on?
1. It's a hardware feature. This only matters if you have the right
hardware
2. It's a security hardening feature. You dance around this, but need
to come out and say it.
3. Apps must be enabled to use it. You get no protection "for free" on
old userspace.
4. The hardware supports user and kernel, but this option is for
userspace only.
Powered by blists - more mailing lists