superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include
History
Rick Edgecombe a5f6c2ace9 x86/shstk: Add user control-protection fault handler 
A control-protection fault is triggered when a control-flow transfer
attempt violates Shadow Stack or Indirect Branch Tracking constraints.
For example, the return address for a RET instruction differs from the copy
on the shadow stack.

There already exists a control-protection fault handler for handling kernel
IBT faults. Refactor this fault handler into separate user and kernel
handlers, like the page fault handler. Add a control-protection handler
for usermode. To avoid ifdeffery, put them both in a new file cet.c, which
is compiled in the case of either of the two CET features supported in the
kernel: kernel IBT or user mode shadow stack. Move some static inline
functions from traps.c into a header so they can be used in cet.c.

Opportunistically fix a comment in the kernel IBT part of the fault
handler that is on the end of the line instead of preceding it.

Keep the same behavior for the kernel side of the fault handler, except for
converting a BUG to a WARN in the case of a #CP happening when the feature
is missing. This unifies the behavior with the new shadow stack code, and
also prevents the kernel from crashing under this situation which is
potentially recoverable.

The control-protection fault handler works in a similar way as the general
protection fault handler. It provides the si_code SEGV_CPERR to the signal
handler.

Co-developed-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-28-rick.p.edgecombe%40intel.com
 		2023-08-02 15:01:50 -07:00
..
acpi More ACPI updates for 6.5-rc1 2023-07-06 22:25:06 -07:00
asm-generic mm: Rename arch pte_mkwrite()'s to pte_mkwrite_novma() 2023-07-11 14:10:56 -07:00
clocksource
crypto This update includes the following changes: 2023-06-30 21:27:13 -07:00
drm
dt-bindings Another set of clk driver updates and fixes for the merge window. The 2023-07-04 11:07:45 -07:00
keys
kunit
kvm Common KVM changes for 6.5: 2023-07-01 07:07:55 -04:00
linux x86/mm: Introduce MAP_ABOVE4G 2023-07-11 14:12:19 -07:00
math-emu
media media updates for v6.5-rc1 2023-07-05 10:42:32 -07:00
memory
misc
net Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
pcmcia
ras
rdma rdma: fix INFINIBAND_USER_ACCESS dependency 2023-07-03 16:55:04 -07:00
rv
scsi SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
soc Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
sound
target SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
trace Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
uapi x86/shstk: Add user control-protection fault handler 2023-08-02 15:01:50 -07:00
ufs SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
vdso
video sticon/parisc: Fix STI console on 64-bit only machines 2023-06-30 17:14:14 +02:00
xen