x86/shstk: Enable shadow stacks for x32
1. Add shadow stack support to x32 signal. 2. Use the 64-bit map_shadow_stack syscall for x32. 3. Set up shadow stack for x32. Tested with shadow stack enabled x32 glibc on Intel Tiger Lake: I configured x32 glibc with --enable-cet, build glibc and run all glibc tests with shadow stack enabled. There are no regressions. I verified that shadow stack is enabled via /proc/pid/status. Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Tested-by: H.J. Lu <hjl.tools@gmail.com> Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Link: https://lore.kernel.org/r/20240315140433.1966543-1-hjl.tools@gmail.com
This commit is contained in:
parent
4ae3dc83b0
commit
2883f01ec3
@ -374,7 +374,7 @@
|
||||
450 common set_mempolicy_home_node sys_set_mempolicy_home_node
|
||||
451 common cachestat sys_cachestat
|
||||
452 common fchmodat2 sys_fchmodat2
|
||||
453 64 map_shadow_stack sys_map_shadow_stack
|
||||
453 common map_shadow_stack sys_map_shadow_stack
|
||||
454 common futex_wake sys_futex_wake
|
||||
455 common futex_wait sys_futex_wait
|
||||
456 common futex_requeue sys_futex_requeue
|
||||
|
@ -163,8 +163,8 @@ static int shstk_setup(void)
|
||||
if (features_enabled(ARCH_SHSTK_SHSTK))
|
||||
return 0;
|
||||
|
||||
/* Also not supported for 32 bit and x32 */
|
||||
if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) || in_32bit_syscall())
|
||||
/* Also not supported for 32 bit */
|
||||
if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) || in_ia32_syscall())
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
size = adjust_shstk_size(0);
|
||||
|
@ -315,6 +315,9 @@ int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
|
||||
|
||||
uc_flags = frame_uc_flags(regs);
|
||||
|
||||
if (setup_signal_shadow_stack(ksig))
|
||||
return -EFAULT;
|
||||
|
||||
if (!user_access_begin(frame, sizeof(*frame)))
|
||||
return -EFAULT;
|
||||
|
||||
@ -377,6 +380,9 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn)
|
||||
if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
|
||||
goto badframe;
|
||||
|
||||
if (restore_signal_shadow_stack())
|
||||
goto badframe;
|
||||
|
||||
if (compat_restore_altstack(&frame->uc.uc_stack))
|
||||
goto badframe;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user