From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7346C64ED6 for ; Mon, 20 Feb 2023 03:42:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CC5CA6B0071; Sun, 19 Feb 2023 22:42:23 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C4EF86B0072; Sun, 19 Feb 2023 22:42:23 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AC7FB6B0073; Sun, 19 Feb 2023 22:42:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 969B66B0071 for ; Sun, 19 Feb 2023 22:42:23 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6254A40C53 for ; Mon, 20 Feb 2023 03:42:22 +0000 (UTC) X-FDA: 80486272524.27.9865188 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by imf12.hostedemail.com (Postfix) with ESMTP id 7847640019 for ; Mon, 20 Feb 2023 03:42:20 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bUicfI6M; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676864540; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Re/3/CIaa6TLc9AUoK8DtIbP6WDJvTLErHxyMeEWQ0Q=; b=Gyt3xDOk3PUnWMGJzfxVGjYH+NIcr0nk6tHZONR4mu7oUB7TdBQgqRcPDOXJjyrR2hKDeA uGWqNFYWLMVmEdwODPOnemtbYsFWRkdsTC352R9HLsbIuhqtrzz/BsE7SufwLvvmo6/Few 3AZ2ljpMxk4M/OV6Fb7gJxdrUu0kLYs= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bUicfI6M; spf=pass (imf12.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.179 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676864540; a=rsa-sha256; cv=none; b=UWZkEGZYyYnRnL8ZrT7luIU6dnAywZhjn2oSw9hpblkk57utGzfSDfSxPZCoN5EJOGcT0E o8XJOZtvdJcGi4EB6MaIVxXLyWsoh5z3wpK7uOkm5+xYda5La+mtDlpX5lHlrGBXOPX1LP mu/9exdXnYDirVGO6FAxYIEd+jGCqgk= Received: by mail-pf1-f179.google.com with SMTP id y191so897135pfg.8 for ; Sun, 19 Feb 2023 19:42:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:subject:cc :to:from:date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=Re/3/CIaa6TLc9AUoK8DtIbP6WDJvTLErHxyMeEWQ0Q=; b=bUicfI6Ma3EQ14U6HkyUCUkMgBXWz0Jtu9LXzZBQq+jhzNVmyjEsHDEU99D5pJhVX6 AOAaLuuBywKXLhjasaxR0PqhIiT3u/+umR9b3X8I7uqhjnllwC8TTipygr1UqBjF+6lu iypv9f/7GRPjFX61d/SP2lUFvQEUPpfhMjRlU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:subject:cc :to:from:date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Re/3/CIaa6TLc9AUoK8DtIbP6WDJvTLErHxyMeEWQ0Q=; b=YUtVMxTTlLRU/mVS4KO5EMCJW8tOKKkO/0eulSbyyYljDHvcEMaQZ73ZmkUdy9ODRC nhtG/0stnttghOmZKqyYdOLDQpELggmGpB9naCbHqNZn0vb0A2Nbfc5LFZm1HWvihOMU i5xF9AMj9hqVxVYST72Kxgl4eKQMrxUjBqqyrMOc9oVmJalq/o+n9qeTqgCwH6/OeTkh 5qZxQKyuW4vFHe1fKcUYd+O7M6AP/fhlK+jZoBFpX5h03gBqhoFf+DtzeTRX5b4l9Dx5 Di7zpn/SWeKe+xQBX5lSvXRfUMKPK7c65dgzPlbQk2VjkcPC02bcgYsq1YK1DM89rwo4 dNGw== X-Gm-Message-State: AO0yUKWRnl7RfMTKmmb+WRRHiqREF1rdVlR0ZOP9MBxX5waHGi5jN//6 Lc1e9oX1kVB3RBysha9VNOO3iQ== X-Google-Smtp-Source: AK7set9ubhHzd0Qkpgz++VanVE9nN2ctikK/vAUG79ejzwTZpF5yu/FjqRddJiWdmGAc+LTQM3AO0A== X-Received: by 2002:aa7:8f0e:0:b0:5a8:c2bb:f0c4 with SMTP id x14-20020aa78f0e000000b005a8c2bbf0c4mr1702839pfr.13.1676864539219; Sun, 19 Feb 2023 19:42:19 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id e22-20020aa78256000000b00575d1ba0ecfsm6571669pfn.133.2023.02.19.19.42.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 19 Feb 2023 19:42:18 -0800 (PST) Message-ID: <63f2ec1a.a70a0220.bb3e0.bb19@mx.google.com> X-Google-Original-Message-ID: <202302191938.@keescook> Date: Sun, 19 Feb 2023 19:42:17 -0800 From: Kees Cook To: Rick Edgecombe Cc: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com Subject: Re: [PATCH v6 00/41] Shadow stacks for userspace References: <20230218211433.26859-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230218211433.26859-1-rick.p.edgecombe@intel.com> X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: x6rx4wbtm3me6b9mm11iepqcxzzncnca X-Rspamd-Queue-Id: 7847640019 X-HE-Tag: 1676864540-255544 X-HE-Meta: U2FsdGVkX1+HdefQM+HJtsxPyFMTQjMoAMtdpftURSY7x6CLp4PcfPsK5yxS46sGQEJPaYZ1otRL1ZEfutHHvFq9eaEiYCmyeQf3N7bvaOSP/JJC9fbcTeU1atn0Ykmz0dYKqkSfvea6d5CTSqTpELXfbamaL0IBkULA8Ml67fbS824BYPfABDwcfO7Ch0OcEDLIAOhBPJero9RGcCxs/z09U0xL8kbrHwrLomdJNyBa9TQ1fsoDDQ1nXYMeqRvpRapXAB0nsSMP5TjQ022RdHwll4LY1tV1zRFGTbO8gKxIitWat6XSqaaMyrbPrd0P5HnQZf6h9yXcHFGVzwzgTashgGKnUlsJIjxQGuhjwb1QUbDej3ggyGLnvbDLaXO7jwVLgbZDn12yk3qGMLiejasHuq+v4N5oD+7ods33E0CDYm6n93f2woi9A0u2yNxcV8NzxmCDi97lA6QTQ9t6E3EWc5Zuu4ONennJXWvpJfN/h62+Rg8NjqG2fVe8xwFo4D6ZQyMpBk5SvUCqGh6QwyyPobycd4prW97R8fADa7v9OLWrQ+lJVSRiPW7gnDt8JCoMkx9euxPU+RNcnYal3b2aoYGUfIFWXGN9vSru0MtEC9iOBu/U79FjapexOVmOAKIuotiU2qvP9/ZtKX+0nKt/CwIa1sERWNTzWtFAkqgvsUwhEkBMPF/XiTtrx1GwJZFehjg24LJiTuGA/djL5qtCokrWivOQJ0sWJjkNLg3Jc7H5RQZiZeJm+LRqgQexINIoSjGvvDvwA+rB6+t+3GanL/JKSpvZ8TiHL24I/cqKdBKypaLEfFRulOEfV8uRHN4wSEd5Df9pj0C2MOMzCnnEvpMwz3VOF2P7BV3+5tJEGuHHZR4gfdzD9ws8TD1SCLEvG5segRploniOp9WYTnATX1Q/01fJtYhEOlMcl4ZWpEdmlu71SLgTP0nkTbXrJv9PiRVB2mainCJqcDg vsdfZnnv TsddW8rWzMYvDJvWey7y3Mb7SljCTPUerVivV42VgNUdYxyYrcUbT/V6ItACuw9vprIb+kHtCLaHEdi1fPBTSWbDQSS9N9GeSX2mUazcc49Dzqhxk9tFVWvvid8zo4+PF2RDz4HwAnqBF0/HskKiR+/usLEo4hBNk6k+RO0WxJ1jnHoAgL8Y4APM2eEgteLuUzYI/zY82jOFCYItcaobwaqNqEAlyT+vBtJIblkZgYJouEhBMIV4sVUSFkLxpJnqgsUXHZQU9mS3fusncUOdN0mWhvl2mA01F1iLoets868v8QpMxn7xsOkPrvQ6Q54aCel17Nbw7OTUzsJOPQfdNu71B898W/NglsBUw9oiZZsCNw7/elKMCowQfJJzQPeQLe2Xe0HNcKvoBoYxzB2OO/e323rspovfYKFWsA0RUUZIV0oRvovqUO69iHOOi30sMLoMOY+LjNEpjAf0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Feb 18, 2023 at 01:13:52PM -0800, Rick Edgecombe wrote: > This series implements Shadow Stacks for userspace using x86's Control-flow > Enforcement Technology (CET). CET consists of two related security features: > shadow stacks and indirect branch tracking. This series implements just the > shadow stack part of this feature, and just for userspace. Okay, I've done some bare metal testing, and it all looks happy. The selftest passes, and I can can see the stack address mismatch get detected if I explicitly rewrite the saved function pointer on the stack: [INFO] Want normal flow [INFO] Found 0x401890 @ 0x7fff47cf2ef8 [INFO] Normal execution flow [INFO] Want to redirect [INFO] Found 0x401890 @ 0x7fff47cf2ef8 [INFO] Hijacked execution flow [INFO] Enabling shadow stack [INFO] Want to redirect [INFO] Found 0x401890 @ 0x7fff47cf2ef8 Segmentation fault (core dumped) Tested-by: Kees Cook -- Kees Cook