Commit 18e66b69 authored by Rick Edgecombe's avatar Rick Edgecombe

x86/shstk: Add Kconfig option for shadow stack

Shadow stack provides protection for applications against function return
address corruption. It is active when the processor supports it, the
kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built
for the feature. This is only implemented for the 64-bit kernel. When it
is enabled, legacy non-shadow stack applications continue to work, but
without protection.

Since there is another feature that utilizes CET (Kernel IBT) that will
share implementation with shadow stacks, create CONFIG_CET to signify
that at least one CET feature is configured.
Co-developed-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarMike Rapoport (IBM) <rppt@kernel.org>
Tested-by: default avatarPengfei Xu <pengfei.xu@intel.com>
Tested-by: default avatarJohn Allen <john.allen@amd.com>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-7-rick.p.edgecombe%40intel.com
parent fb47a799
...@@ -1849,6 +1849,11 @@ config CC_HAS_IBT ...@@ -1849,6 +1849,11 @@ config CC_HAS_IBT
(CC_IS_CLANG && CLANG_VERSION >= 140000)) && \ (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
$(as-instr,endbr64) $(as-instr,endbr64)
config X86_CET
def_bool n
help
CET features configured (Shadow stack or IBT)
config X86_KERNEL_IBT config X86_KERNEL_IBT
prompt "Indirect Branch Tracking" prompt "Indirect Branch Tracking"
def_bool y def_bool y
...@@ -1856,6 +1861,7 @@ config X86_KERNEL_IBT ...@@ -1856,6 +1861,7 @@ config X86_KERNEL_IBT
# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
depends on !LD_IS_LLD || LLD_VERSION >= 140000 depends on !LD_IS_LLD || LLD_VERSION >= 140000
select OBJTOOL select OBJTOOL
select X86_CET
help help
Build the kernel with support for Indirect Branch Tracking, a Build the kernel with support for Indirect Branch Tracking, a
hardware support course-grain forward-edge Control Flow Integrity hardware support course-grain forward-edge Control Flow Integrity
...@@ -1949,6 +1955,24 @@ config X86_SGX ...@@ -1949,6 +1955,24 @@ config X86_SGX
If unsure, say N. If unsure, say N.
config X86_USER_SHADOW_STACK
bool "X86 userspace shadow stack"
depends on AS_WRUSS
depends on X86_64
select ARCH_USES_HIGH_VMA_FLAGS
select X86_CET
help
Shadow stack protection is a hardware feature that detects function
return address corruption. This helps mitigate ROP attacks.
Applications must be enabled to use it, and old userspace does not
get protection "for free".
CPUs supporting shadow stacks were first released in 2020.
See Documentation/x86/shstk.rst for more information.
If unsure, say N.
config EFI config EFI
bool "EFI runtime service support" bool "EFI runtime service support"
depends on ACPI depends on ACPI
......
...@@ -24,3 +24,8 @@ config AS_GFNI ...@@ -24,3 +24,8 @@ config AS_GFNI
def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2) def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2)
help help
Supported by binutils >= 2.30 and LLVM integrated assembler Supported by binutils >= 2.30 and LLVM integrated assembler
config AS_WRUSS
def_bool $(as-instr,wrussq %rax$(comma)(%rbx))
help
Supported by binutils >= 2.31 and LLVM integrated assembler
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment