Commit 18e66b69 authored by Rick Edgecombe's avatar Rick Edgecombe
Browse files

x86/shstk: Add Kconfig option for shadow stack 



Shadow stack provides protection for applications against function return
address corruption. It is active when the processor supports it, the
kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built
for the feature. This is only implemented for the 64-bit kernel. When it
is enabled, legacy non-shadow stack applications continue to work, but
without protection.

Since there is another feature that utilizes CET (Kernel IBT) that will
share implementation with shadow stacks, create CONFIG_CET to signify
that at least one CET feature is configured.

Co-developed-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarMike Rapoport (IBM) <rppt@kernel.org>
Tested-by: default avatarPengfei Xu <pengfei.xu@intel.com>
Tested-by: default avatarJohn Allen <john.allen@amd.com>
Tested-by: default avatarKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-7-rick.p.edgecombe%40intel.com
parent fb47a799

arch/x86/Kconfig

+24 −0
Original line number Diff line number Diff line
@@ -1849,6 +1849,11 @@ config CC_HAS_IBT 
		  (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \

		  $(as-instr,endbr64)



config X86_CET

	def_bool n

	help

	  CET features configured (Shadow stack or IBT)



config X86_KERNEL_IBT

	prompt "Indirect Branch Tracking"

	def_bool y
@@ -1856,6 +1861,7 @@ config X86_KERNEL_IBT 
	# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f

	depends on !LD_IS_LLD || LLD_VERSION >= 140000

	select OBJTOOL

	select X86_CET

	help

	  Build the kernel with support for Indirect Branch Tracking, a

	  hardware support course-grain forward-edge Control Flow Integrity
@@ -1949,6 +1955,24 @@ config X86_SGX 


	  If unsure, say N.



config X86_USER_SHADOW_STACK

	bool "X86 userspace shadow stack"

	depends on AS_WRUSS

	depends on X86_64

	select ARCH_USES_HIGH_VMA_FLAGS

	select X86_CET

	help

	  Shadow stack protection is a hardware feature that detects function

	  return address corruption.  This helps mitigate ROP attacks.

	  Applications must be enabled to use it, and old userspace does not

	  get protection "for free".



	  CPUs supporting shadow stacks were first released in 2020.



	  See Documentation/x86/shstk.rst for more information.



	  If unsure, say N.



config EFI

	bool "EFI runtime service support"

	depends on ACPI

arch/x86/Kconfig.assembler

+5 −0
Original line number Diff line number Diff line
@@ -24,3 +24,8 @@ config AS_GFNI 
	def_bool $(as-instr,vgf2p8mulb %xmm0$(comma)%xmm1$(comma)%xmm2)

	help

	  Supported by binutils >= 2.30 and LLVM integrated assembler



config AS_WRUSS

	def_bool $(as-instr,wrussq %rax$(comma)(%rbx))

	help

	  Supported by binutils >= 2.31 and LLVM integrated assembler