| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2020 14:17:15 -0700
From: Yu-cheng Yu <yu-cheng.yu@...el.com>
To: x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>,
Weijiang Yang <weijiang.yang@...el.com>
Cc: Yu-cheng Yu <yu-cheng.yu@...el.com>
Subject: [RFC PATCH 0/5] Update selftests/x86 for CET
When CET is enabled for selftests/x86, two tests need updates.
- The test 'sigreturn_64' does a sigreturn() from a 64-bit context into a
32-bit context. The task's 64-bit shadow stack pointer certainly
triggers a fault. Fix it by allocating and switching to a new shadow
stack in the 32-bit address range.
The arch_ptrcl(ARCH_X86_CET_ALLOC_SHSTK) is updated for taking a bit from
the input parameter to indicate the desire of MAP_32BIT. I am proposing
this change to minimize API changes, but open to any alternatives.
- The test 'sysret_rip' fails because the assembly code needs ENDBR
opcodes. Fix it by adding just that. My latest CET submission (v10)
does not include the IBT patches. My purpose of posting this now is to
show the changes needed in x86 tests. Since ENDBR is nop when IBT is not
enabled, this patch can be applied now or split out and merged with the
IBT patches.
- The makefile changes add "-fcf-protection -mshstk" to the gcc command,
when those are available.
- Introduce cet_quick_test that checks the system's CET capabilities.
This series is based on my CET series:
https://lore.kernel.org/lkml/20200429220732.31602-2-yu-cheng.yu@intel.com/
Yu-cheng Yu (5):
x86/cet/shstk: Modify ARCH_X86_CET_ALLOC_SHSTK for 32-bit address
range
selftest/x86: Enable CET for selftests/x86
selftest/x86: Fix sigreturn_64 test.
selftest/x86: Fix sysret_rip with ENDBR
selftest/x86: Add CET quick test
arch/x86/include/asm/cet.h | 2 +-
arch/x86/include/uapi/asm/prctl.h | 2 +
arch/x86/kernel/cet.c | 19 ++-
arch/x86/kernel/cet_prctl.c | 6 +-
tools/testing/selftests/x86/Makefile | 7 +-
tools/testing/selftests/x86/cet_quick_test.c | 128 +++++++++++++++++++
tools/testing/selftests/x86/sigreturn.c | 28 ++++
tools/testing/selftests/x86/sysret_rip.c | 5 +-
8 files changed, 185 insertions(+), 12 deletions(-)
create mode 100644 tools/testing/selftests/x86/cet_quick_test.c
--
2.21.0
Powered by blists - more mailing lists