From: Pavel Machek <pavel@ucw.cz>
To: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Andy Lutomirski <luto@amacapital.net>,
Balbir Singh <bsingharora@gmail.com>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Florian Weimer <fweimer@redhat.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromiun.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: [RFC PATCH v3 05/24] Documentation/x86: Add CET description
Date: Thu, 30 Aug 2018 22:39:48 +0200 [thread overview]
Message-ID: <20180830203948.GB1936@amd> (raw)
In-Reply-To: <20180830143904.3168-6-yu-cheng.yu@intel.com>
[-- Attachment #1: Type: text/plain, Size: 2419 bytes --]
Hi!
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9871e649ffef..b090787188b4 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2764,6 +2764,12 @@
> noexec=on: enable non-executable mappings (default)
> noexec=off: disable non-executable mappings
>
> + no_cet_ibt [X86-64] Disable indirect branch tracking for user-mode
> + applications
> +
> + no_cet_shstk [X86-64] Disable shadow stack support for user-mode
> + applications
Hmm, not too consistent with "nosmap" below. Would it make sense to
have cet=on/off/ibt/shstk instead?
> +++ b/Documentation/x86/intel_cet.rst
> @@ -0,0 +1,252 @@
> +=========================================
> +Control Flow Enforcement Technology (CET)
> +=========================================
> +
> +[1] Overview
> +============
> +
> +Control Flow Enforcement Technology (CET) provides protection against
> +return/jump-oriented programing (ROP) attacks.
Can you add something like "It attempts to protect process from
running arbitrary code even after attacker has control of its stack"
-- for people that don't know what ROP is, and perhaps link to
wikipedia explaining ROP or something...
> It can be implemented
> +to protect both the kernel and applications. In the first phase,
> +only the user-mode protection is implemented for the 64-bit kernel.
> +Thirty-two bit applications are supported under the compatibility
32-bit (for consistency).
Ok, so CET stops execution of malicious code before architectural
effects are visible, correct? Does it prevent micro-architectural
effects of the malicious code? (cache content would be one example;
see Spectre).
> +[3] Application Enabling
> +========================
"Enabling CET in applications" ?
> +Signal
> +------
> +
> +The main program and its signal handlers use the same SHSTK. Because
> +the SHSTK stores only return addresses, we can estimate a large
> +enough SHSTK to cover the condition that both the program stack and
> +the sigaltstack run out.
English? Is it estimate or is it large enough? "a large" -- "a" should
be deleted AFAICT.
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Pavel Machek <pavel@ucw.cz>
To: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Andy Lutomirski <luto@amacapital.net>,
Balbir Singh <bsingharora@gmail.com>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Florian Weimer <fweimer@redhat.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromiun.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>
Subject: Re: [RFC PATCH v3 05/24] Documentation/x86: Add CET description
Date: Thu, 30 Aug 2018 22:39:48 +0200 [thread overview]
Message-ID: <20180830203948.GB1936@amd> (raw)
Message-ID: <20180830203948.XHVqMPU5922tUGp8C_7Fjw9sg5HOehXHkBIf8ABKivw@z> (raw)
In-Reply-To: <20180830143904.3168-6-yu-cheng.yu@intel.com>
[-- Attachment #1: Type: text/plain, Size: 2419 bytes --]
Hi!
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9871e649ffef..b090787188b4 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2764,6 +2764,12 @@
> noexec=on: enable non-executable mappings (default)
> noexec=off: disable non-executable mappings
>
> + no_cet_ibt [X86-64] Disable indirect branch tracking for user-mode
> + applications
> +
> + no_cet_shstk [X86-64] Disable shadow stack support for user-mode
> + applications
Hmm, not too consistent with "nosmap" below. Would it make sense to
have cet=on/off/ibt/shstk instead?
> +++ b/Documentation/x86/intel_cet.rst
> @@ -0,0 +1,252 @@
> +=========================================
> +Control Flow Enforcement Technology (CET)
> +=========================================
> +
> +[1] Overview
> +============
> +
> +Control Flow Enforcement Technology (CET) provides protection against
> +return/jump-oriented programing (ROP) attacks.
Can you add something like "It attempts to protect process from
running arbitrary code even after attacker has control of its stack"
-- for people that don't know what ROP is, and perhaps link to
wikipedia explaining ROP or something...
> It can be implemented
> +to protect both the kernel and applications. In the first phase,
> +only the user-mode protection is implemented for the 64-bit kernel.
> +Thirty-two bit applications are supported under the compatibility
32-bit (for consistency).
Ok, so CET stops execution of malicious code before architectural
effects are visible, correct? Does it prevent micro-architectural
effects of the malicious code? (cache content would be one example;
see Spectre).
> +[3] Application Enabling
> +========================
"Enabling CET in applications" ?
> +Signal
> +------
> +
> +The main program and its signal handlers use the same SHSTK. Because
> +the SHSTK stores only return addresses, we can estimate a large
> +enough SHSTK to cover the condition that both the program stack and
> +the sigaltstack run out.
English? Is it estimate or is it large enough? "a large" -- "a" should
be deleted AFAICT.
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-08-30 20:39 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 14:38 [RFC PATCH v3 00/24] Control Flow Enforcement: Shadow Stack Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 01/24] x86/cpufeatures: Add CPUIDs for Control-flow Enforcement Technology (CET) Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 02/24] x86/fpu/xstate: Change some names to separate XSAVES system and user states Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 03/24] x86/fpu/xstate: Enable XSAVES system states Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 04/24] x86/fpu/xstate: Add XSAVES system states for shadow stack Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 05/24] Documentation/x86: Add CET description Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 20:39 ` Pavel Machek [this message]
2018-08-30 20:39 ` Pavel Machek
2018-08-30 22:49 ` Yu-cheng Yu
2018-08-30 22:49 ` Yu-cheng Yu
2018-09-14 21:17 ` Yu-cheng Yu
2018-09-14 21:17 ` Yu-cheng Yu
2018-09-03 2:56 ` Randy Dunlap
2018-09-03 2:56 ` Randy Dunlap
2018-08-30 14:38 ` [RFC PATCH v3 06/24] x86/cet: Control protection exception handler Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-31 15:01 ` Jann Horn
2018-08-31 15:01 ` Jann Horn
2018-08-31 16:20 ` Yu-cheng Yu
2018-08-31 16:20 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 07/24] x86/cet/shstk: Add Kconfig option for user-mode shadow stack Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 08/24] mm: Introduce VM_SHSTK for shadow stack memory Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 09/24] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 10/24] x86/mm: Introduce _PAGE_DIRTY_SW Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 11/24] drm/i915/gvt: Update _PAGE_DIRTY to _PAGE_DIRTY_BITS Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 15:49 ` Jann Horn
2018-08-30 15:49 ` Jann Horn
2018-08-30 16:02 ` Yu-cheng Yu
2018-08-30 16:02 ` Yu-cheng Yu
2018-08-30 16:08 ` Dave Hansen
2018-08-30 16:08 ` Dave Hansen
2018-08-30 16:23 ` Jann Horn
2018-08-30 16:23 ` Jann Horn
2018-08-30 17:19 ` Dave Hansen
2018-08-30 17:19 ` Dave Hansen
2018-08-30 17:26 ` Yu-cheng Yu
2018-08-30 17:26 ` Yu-cheng Yu
2018-08-30 17:33 ` Dave Hansen
2018-08-30 17:33 ` Dave Hansen
2018-08-30 17:54 ` Yu-cheng Yu
2018-08-30 17:54 ` Yu-cheng Yu
2018-08-30 17:59 ` Jann Horn
2018-08-30 17:59 ` Jann Horn
2018-08-30 20:21 ` Yu-cheng Yu
2018-08-30 20:21 ` Yu-cheng Yu
2018-08-30 20:44 ` Jann Horn
2018-08-30 20:44 ` Jann Horn
2018-08-30 20:52 ` Yu-cheng Yu
2018-08-30 20:52 ` Yu-cheng Yu
2018-08-30 21:01 ` Jann Horn
2018-08-30 21:01 ` Jann Horn
2018-08-30 21:47 ` Jann Horn
2018-08-30 21:47 ` Jann Horn
2018-08-31 9:53 ` Peter Zijlstra
2018-08-31 9:53 ` Peter Zijlstra
2018-08-31 14:33 ` Yu-cheng Yu
2018-08-31 14:33 ` Yu-cheng Yu
2018-08-31 14:47 ` Dave Hansen
2018-08-31 14:47 ` Dave Hansen
2018-08-31 15:48 ` Yu-cheng Yu
2018-08-31 15:48 ` Yu-cheng Yu
2018-08-31 15:58 ` Dave Hansen
2018-08-31 15:58 ` Dave Hansen
2018-08-31 16:29 ` Peter Zijlstra
2018-08-31 16:29 ` Peter Zijlstra
2018-09-14 20:39 ` Yu-cheng Yu
2018-09-14 20:39 ` Yu-cheng Yu
2018-09-14 20:46 ` Dave Hansen
2018-09-14 20:46 ` Dave Hansen
2018-09-14 21:08 ` Yu-cheng Yu
2018-09-14 21:08 ` Yu-cheng Yu
2018-09-14 21:33 ` Dave Hansen
2018-09-14 21:33 ` Dave Hansen
2018-08-31 1:23 ` Andy Lutomirski
2018-08-31 1:23 ` Andy Lutomirski
2018-08-30 17:34 ` Andy Lutomirski
2018-08-30 17:34 ` Andy Lutomirski
2018-08-30 18:55 ` Dave Hansen
2018-08-30 18:55 ` Dave Hansen
2018-08-31 17:46 ` Andy Lutomirski
2018-08-31 17:46 ` Andy Lutomirski
2018-08-31 17:52 ` Dave Hansen
2018-08-31 17:52 ` Dave Hansen
2018-08-30 19:59 ` Randy Dunlap
2018-08-30 19:59 ` Randy Dunlap
2018-08-30 20:23 ` Yu-cheng Yu
2018-08-30 20:23 ` Yu-cheng Yu
2018-08-31 16:29 ` Dave Hansen
2018-08-31 16:29 ` Dave Hansen
2018-08-30 14:38 ` [RFC PATCH v3 13/24] x86/mm: Shadow stack page fault error checking Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 14/24] mm: Handle shadow stack page fault Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 15/24] mm: Handle THP/HugeTLB " Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 16/24] mm: Update can_follow_write_pte/pmd for shadow stack Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 17/24] mm: Introduce do_mmap_locked() Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 18/24] x86/cet/shstk: User-mode shadow stack support Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 16:10 ` Jann Horn
2018-08-30 16:10 ` Jann Horn
2018-08-30 16:20 ` Yu-cheng Yu
2018-08-30 16:20 ` Yu-cheng Yu
2018-08-30 14:38 ` [RFC PATCH v3 19/24] x86/cet/shstk: Introduce WRUSS instruction Yu-cheng Yu
2018-08-30 14:38 ` Yu-cheng Yu
2018-08-30 15:39 ` Jann Horn
2018-08-30 15:39 ` Jann Horn
2018-08-30 15:55 ` Andy Lutomirski
2018-08-30 15:55 ` Andy Lutomirski
2018-08-30 16:22 ` Yu-cheng Yu
2018-08-30 16:22 ` Yu-cheng Yu
2018-08-31 21:49 ` Yu-cheng Yu
2018-08-31 21:49 ` Yu-cheng Yu
2018-08-31 22:16 ` Andy Lutomirski
2018-08-31 22:16 ` Andy Lutomirski
2018-09-14 20:46 ` Yu-cheng Yu
2018-09-14 20:46 ` Yu-cheng Yu
2018-08-30 14:39 ` [RFC PATCH v3 20/24] x86/cet/shstk: Signal handling for shadow stack Yu-cheng Yu
2018-08-30 14:39 ` Yu-cheng Yu
2018-08-30 14:39 ` [RFC PATCH v3 21/24] x86/cet/shstk: ELF header parsing of Shadow Stack Yu-cheng Yu
2018-08-30 14:39 ` Yu-cheng Yu
2018-08-30 14:39 ` [RFC PATCH v3 22/24] x86/cet/shstk: Handle thread shadow stack Yu-cheng Yu
2018-08-30 14:39 ` Yu-cheng Yu
2018-08-30 14:39 ` [RFC PATCH v3 23/24] x86/cet/shstk: Add arch_prctl functions for Shadow Stack Yu-cheng Yu
2018-08-30 14:39 ` Yu-cheng Yu
2018-08-30 14:39 ` [RFC PATCH v3 24/24] x86/cet/shstk: Add Shadow Stack instructions to opcode map Yu-cheng Yu
2018-08-30 14:39 ` Yu-cheng Yu
2018-09-02 8:13 ` [RFC PATCH v3 00/24] Control Flow Enforcement: Shadow Stack Balbir Singh
2018-09-02 8:13 ` Balbir Singh
2018-09-04 14:47 ` Yu-cheng Yu
2018-09-04 14:47 ` Yu-cheng Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180830203948.GB1936@amd \
--to=pavel@ucw.cz \
--cc=arnd@arndb.de \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=fweimer@redhat.com \
--cc=gorcunov@gmail.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=keescook@chromiun.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).