From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on archive.lwn.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, FSL_HELO_FAKE,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable autolearn_force=no version=3.4.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by archive.lwn.net (Postfix) with ESMTP id 9B4487D089 for ; Tue, 20 Nov 2018 09:53:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726977AbeKTUVO (ORCPT ); Tue, 20 Nov 2018 15:21:14 -0500 Received: from mail-wm1-f67.google.com ([209.85.128.67]:35638 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726943AbeKTUVO (ORCPT ); Tue, 20 Nov 2018 15:21:14 -0500 Received: by mail-wm1-f67.google.com with SMTP id c126so1508025wmh.0; Tue, 20 Nov 2018 01:52:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=r1Gaqae/pJv/yHYiqxnaEvj6zIGb7jvtUr4qFjNV/Ac=; b=ClDBJbGSJpT6DbZyegpyU1qht4WD0TwwhjG6cb2NLS8gFQNoGR4qMCCCB1czNGMKWb Ntxrls6vf79WlHlMJbges2NXlt3Sl1H5bHT1U1MXmDDyeeIuxGbgp9c3AToBNlNn4lNj NaM3g2KiWalthOqIQflD9P50RZXZ1caIZE7PKq4pBEszNuveJOihU6OtTlHjGLwBnW6I /PswOuZemuJJckM3RjTDq+P6KQNh6mdlgzoWQuWh5ZAgcMD0ik8uIKHscaLophalsOgG jnswGJgXHNP1x7Q4M7gpEHilVQnjxoM+mW+EskI3Y7Fi+493YM5dUwP4Qu1DjV2wAI33 z1Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=r1Gaqae/pJv/yHYiqxnaEvj6zIGb7jvtUr4qFjNV/Ac=; b=Wk3DYZNo1Q/MTTWulZ8LxiB6FtTvpByI9DOD2QC0UhTJ0zZVmboWi5CeGxLk+LtUp1 6PyE1emS8QlsSqMVQpXgSsLLuovYZNSQw8GCbbKEinEB5MIe1vm3g0Aox3S4Ov10P9y2 Rd5SQ57qK/yFxfa5MhF7JoPyuOxx5chDXxzBOA8v7Nq6Go5cvAA8GcOG45xbrnmXj6g2 0WiCMBoD+dr8jJk9IVipmWKRN+TeSZnv7hIPaaltWVUJX0YHg0RNuK9ueAC+YCFTicK/ a3GrVmkI/gsxh5k163E5PTYE1WPyGzKPDm8gvvg2SMEXa8UIYE9RfsFHW4JetTOcXWhV reXA== X-Gm-Message-State: AA+aEWYmeZ2xa0pvVPEYj+N947VKZPujNYwqexy4+tvDtCEo8QVmNCky giyeUqv4j87+aW0jUA/XEbM= X-Google-Smtp-Source: AJdET5dSjSij58XZUpdJld5dyMB1FlhS3lj1eWNL7qgCa5AoG1owvTs51Ns7Xzb+wQXV+pWNfbrnHg== X-Received: by 2002:a1c:c44c:: with SMTP id u73mr1571159wmf.45.1542707577016; Tue, 20 Nov 2018 01:52:57 -0800 (PST) Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213]) by smtp.gmail.com with ESMTPSA id a11sm1877783wmh.26.2018.11.20.01.52.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 20 Nov 2018 01:52:56 -0800 (PST) Date: Tue, 20 Nov 2018 10:52:53 +0100 From: Ingo Molnar To: Yu-cheng Yu Cc: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue Subject: Re: [RFC PATCH v6 01/26] Documentation/x86: Add CET description Message-ID: <20181120095253.GA119911@gmail.com> References: <20181119214809.6086-1-yu-cheng.yu@intel.com> <20181119214809.6086-2-yu-cheng.yu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181119214809.6086-2-yu-cheng.yu@intel.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-doc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org * Yu-cheng Yu wrote: > +X86 Documentation > +======================= > + > +Control-flow Enforcement > +======================== > + > +.. toctree:: > + :maxdepth: 1 > + > + intel_cet > diff --git a/Documentation/x86/intel_cet.rst b/Documentation/x86/intel_cet.rst > new file mode 100644 > index 000000000000..dac83bbf8a24 > --- /dev/null > +++ b/Documentation/x86/intel_cet.rst > @@ -0,0 +1,268 @@ > +.. SPDX-License-Identifier: GPL-2.0 > + > +========================================= > +Control-flow Enforcement Technology (CET) > +========================================= > + > +[1] Overview > +============ > + > +Control-flow Enforcement Technology (CET) provides protection against > +return/jump-oriented programming (ROP) attacks. It can be setup to > +protect both the kernel and applications. In the first phase, > +only the user-mode protection is implemented in 64-bit mode; 32-bit > +applications are supported in compatibility mode. > + > +CET introduces shadow stack (SHSTK) and indirect branch tracking > +(IBT). SHSTK is a secondary stack allocated from memory and cannot > +be directly modified by applications. When executing a CALL, the > +processor pushes a copy of the return address to SHSTK. Upon > +function return, the processor pops the SHSTK copy and compares it > +to the one from the program stack. If the two copies differ, the > +processor raises a control-protection exception. IBT verifies all > +indirect CALL/JMP targets are intended as marked by the compiler > +with 'ENDBR' opcodes (see CET instructions below). > + > +There are two kernel configuration options: > + > + INTEL_X86_SHADOW_STACK_USER, and > + INTEL_X86_BRANCH_TRACKING_USER. > + > +To build a CET-enabled kernel, Binutils v2.31 and GCC v8.1 or later > +are required. To build a CET-enabled application, GLIBC v2.28 or > +later is also required. > + > +There are two command-line options for disabling CET features: > + > + no_cet_shstk - disables SHSTK, and > + no_cet_ibt - disables IBT. > + > +At run time, /proc/cpuinfo shows the availability of SHSTK and IBT. What is the rough expected performance impact of CET on average function call frequency user applications and the kernel itself? Thanks, Ingo