From: "Yu, Yu-cheng" <yu-cheng.yu@intel.com>
To: David Laight <David.Laight@ACULAB.COM>,
'Andy Lutomirski' <luto@kernel.org>,
"H.J. Lu" <hjl.tools@gmail.com>
Cc: "x86@kernel.org" <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Balbir Singh <bsingharora@gmail.com>,
Borislav Petkov <bp@alien8.de>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Eugene Syromiatnikov <esyr@redhat.com>,
Florian Weimer <fweimer@redhat.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
Peter Zijlstra <peterz@infradead.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
Dave Martin <Dave.Martin@arm.com>,
Weijiang Yang <weijiang.yang@intel.com>,
Pengfei Xu <pengfei.xu@intel.com>,
Haitao Huang <haitao.huang@intel.com>
Subject: Re: [PATCH v26 0/9] Control-flow Enforcement: Indirect Branch Tracking
Date: Wed, 28 Apr 2021 09:24:52 -0700 [thread overview]
Message-ID: <7d857e5d-e3d3-1182-5712-813abf48ccba@intel.com> (raw)
In-Reply-To: <0c6e1c922bc54326b1121194759565f5@AcuMS.aculab.com>
On 4/28/2021 8:33 AM, David Laight wrote:
> From: Andy Lutomirski
>> Sent: 28 April 2021 16:15
>>
>> On Wed, Apr 28, 2021 at 7:57 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>>>
>>> On Wed, Apr 28, 2021 at 7:52 AM Andy Lutomirski <luto@kernel.org> wrote:
>>>>
>>>> On Wed, Apr 28, 2021 at 7:48 AM David Laight <David.Laight@aculab.com> wrote:
>>>>>
>>>>> From: Yu-cheng Yu
>>>>>> Sent: 27 April 2021 21:47
>>>>>>
>>>>>> Control-flow Enforcement (CET) is a new Intel processor feature that blocks
>>>>>> return/jump-oriented programming attacks. Details are in "Intel 64 and
>>>>>> IA-32 Architectures Software Developer's Manual" [1].
>>>>> ...
>>>>>
>>>>> Does this feature require that 'binary blobs' for out of tree drivers
>>>>> be compiled by a version of gcc that adds the ENDBRA instructions?
>>>>>
>>>>> If enabled for userspace, what happens if an old .so is dynamically
>>>>> loaded?
>>>
>>> CET will be disabled by ld.so in this case.
>>
>> What if a program starts a thread and then dlopens a legacy .so?
>
> Or has shadow stack enabled and opens a .so that uses retpolines?
>
When shadow stack is enabled, retpolines are not necessary. I don't
know if glibc has been updated for detection of this case. H.J.?
>>>>> Or do all userspace programs and libraries have to have been compiled
>>>>> with the ENDBRA instructions?
>>>
>>> Correct. ld and ld.so check this.
>>>
>>>> If you believe that the userspace tooling for the legacy IBT table
>>>> actually works, then it should just work. Yu-cheng, etc: how well
>>>> tested is it?
>>>>
>>>
>>> Legacy IBT bitmap isn't unused since it doesn't cover legacy codes
>>> generated by legacy JITs.
>>>
>>
>> How does ld.so decide whether a legacy JIT is in use?
>
> What if your malware just precedes its 'jump into the middle of a function'
> with a %ds segment override?
>
Do you mean far jump? It is not tracked by ibt, which tracks near
indirect jump. The details can be found in Intel SDM.
> I may have a real problem here.
> We currently release program/library binaries that run on Linux
> distributions that go back as far as RHEL6 (2.6.32 kernel era).
> To do this everything is compiled on a userspace of the same vintage.
> I'm not at all sure a new enough gcc to generate the ENDBR64 instructions
> will run on the relevant system - and may barf on the system headers
> even if we got it to run.
> I really don't want to have to build multiple copies of everything.
This is likely OK. We have tested many combinations. Should you run
into any issue, please let glibc people know.
Thanks!
>
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
> Registration No: 1397386 (Wales)
>
next prev parent reply other threads:[~2021-04-28 16:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-27 20:47 Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 1/9] x86/cet/ibt: Add Kconfig option for " Yu-cheng Yu
2021-04-28 20:29 ` Kees Cook
2021-04-27 20:47 ` [PATCH v26 2/9] x86/cet/ibt: Add user-mode Indirect Branch Tracking support Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 3/9] x86/cet/ibt: Handle signals for Indirect Branch Tracking Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 4/9] x86/cet/ibt: Update ELF header parsing " Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 5/9] x86/cet/ibt: Update arch_prctl functions " Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 6/9] x86/vdso: Insert endbr32/endbr64 to vDSO Yu-cheng Yu
2021-04-28 20:38 ` Kees Cook
[not found] ` <202104281332.94A153C@keescook>
2021-04-28 20:49 ` Yu, Yu-cheng
2021-04-27 20:47 ` [PATCH v26 7/9] x86/vdso: Introduce ENDBR macro Yu-cheng Yu
2021-04-27 20:47 ` [PATCH v26 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point Yu-cheng Yu
2021-04-28 20:39 ` Kees Cook
2021-04-27 20:47 ` [PATCH v26 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave Yu-cheng Yu
2021-04-28 20:39 ` Kees Cook
2021-04-28 14:48 ` [PATCH v26 0/9] Control-flow Enforcement: Indirect Branch Tracking David Laight
2021-04-28 14:52 ` Andy Lutomirski
2021-04-28 14:56 ` H.J. Lu
2021-04-28 15:14 ` Andy Lutomirski
2021-04-28 15:33 ` David Laight
2021-04-28 16:24 ` Yu, Yu-cheng [this message]
2021-04-28 17:15 ` H.J. Lu
2021-04-28 15:42 ` Yu, Yu-cheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7d857e5d-e3d3-1182-5712-813abf48ccba@intel.com \
--to=yu-cheng.yu@intel.com \
--cc=Dave.Martin@arm.com \
--cc=David.Laight@ACULAB.COM \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=gorcunov@gmail.com \
--cc=haitao.huang@intel.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=oleg@redhat.com \
--cc=pavel@ucw.cz \
--cc=pengfei.xu@intel.com \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=tglx@linutronix.de \
--cc=vedvyas.shanbhogue@intel.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox