mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 05:44:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/sparc
History
Rick Edgecombe a5f6c2ace9 x86/shstk: Add user control-protection fault handler 
A control-protection fault is triggered when a control-flow transfer
attempt violates Shadow Stack or Indirect Branch Tracking constraints.
For example, the return address for a RET instruction differs from the copy
on the shadow stack.

There already exists a control-protection fault handler for handling kernel
IBT faults. Refactor this fault handler into separate user and kernel
handlers, like the page fault handler. Add a control-protection handler
for usermode. To avoid ifdeffery, put them both in a new file cet.c, which
is compiled in the case of either of the two CET features supported in the
kernel: kernel IBT or user mode shadow stack. Move some static inline
functions from traps.c into a header so they can be used in cet.c.

Opportunistically fix a comment in the kernel IBT part of the fault
handler that is on the end of the line instead of preceding it.

Keep the same behavior for the kernel side of the fault handler, except for
converting a BUG to a WARN in the case of a #CP happening when the feature
is missing. This unifies the behavior with the new shadow stack code, and
also prevents the kernel from crashing under this situation which is
potentially recoverable.

The control-protection fault handler works in a similar way as the general
protection fault handler. It provides the si_code SEGV_CPERR to the signal
handler.

Co-developed-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-28-rick.p.edgecombe%40intel.com
2023-08-02 15:01:50 -07:00
..
boot kbuild: factor out the common installation code into scripts/install.sh 2022-05-11 21:45:53 +09:00
configs mm/slab: rename CONFIG_SLAB to CONFIG_SLAB_DEPRECATED 2023-05-26 19:01:47 +02:00
crypto crypto: Kconfig - simplify cipher entries 2022-08-26 18:50:43 +08:00
include mm: Rename arch pte_mkwrite()'s to pte_mkwrite_novma() 2023-07-11 14:10:56 -07:00
kernel x86/shstk: Add user control-protection fault handler 2023-08-02 15:01:50 -07:00
lib bitops: wrap non-atomic bitops with a transparent macro 2022-06-30 19:52:41 -07:00
math-emu
mm sparc32: fix lock_mm_and_find_vma() conversion 2023-06-29 20:41:24 -07:00
net net: remove skb->vlan_present 2022-11-11 18:18:05 -08:00
power
prom sparc64: Replace all non-returning strlcpy with strscpy 2023-06-14 12:04:06 -07:00
vdso treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
video arch/sparc: Add module license and description for fbdev helpers 2023-06-29 13:30:02 +02:00
Kbuild kbuild: use more subdir- for visiting subdirectories while cleaning 2021-10-24 13:49:46 +09:00
Kconfig Merge branch 'expand-stack' 2023-06-28 20:35:21 -07:00
Kconfig.debug watchdog/sparc64: define HARDLOCKUP_DETECTOR_SPARC64 2023-06-19 16:25:29 -07:00
Makefile Merge drm/drm-next into drm-misc-next 2023-05-09 15:03:40 +02:00