Message ID | 20230421134615.62539-12-weijiang.yang@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Enable CET Virtualization | expand |
On 4/21/2023 9:46 PM, Yang Weijiang wrote: > CET (Control-flow Enforcement Technology) is a CPU feature used to prevent > Return/Jump-Oriented Programming (ROP/JOP) attacks. CET introduces a new > exception type, Control Protection (#CP), and two sub-features(SHSTK,IBT) > to defend against ROP/JOP style control-flow subversion attacks. > > Shadow Stack (SHSTK): > A shadow stack is a second stack used exclusively for control transfer > operations. The shadow stack is separate from the data/normal stack and > can be enabled individually in user and kernel mode. When shadow stacks > are enabled, CALL pushes the return address on both the data and shadow > stack. RET pops the return address from both stacks and compares them. > If the return addresses from the two stacks do not match, the processor > signals a #CP. > > Indirect Branch Tracking (IBT): > IBT adds a new instrution, ENDBRANCH, that is used to mark valid target /s/instrution/instruction > addresses of indirect branches (CALL, JMP, ENCLU[EEXIT], etc...). If an > indirect branch is executed and the next instruction is _not_ an > ENDBRANCH, the processor signals a #CP. > > Several new CET MSRs are defined to support CET: > MSR_IA32_{U,S}_CET: Controls the CET settings for user mode and kernel > mode respectively. > > MSR_IA32_PL{0,1,2,3}_SSP: Stores shadow stack pointers for CPL-0,1,2,3 > protection respectively. > > MSR_IA32_INT_SSP_TAB: Stores base address of shadow stack pointer table. According to the name of the MSR, it is interrupt related, right? It's better to describe the MSR more precisely. > > Two XSAVES state bits are introduced for CET: > IA32_XSS:[bit 11]: Control saving/restoring user mode CET states > IA32_XSS:[bit 12]: Control saving/restoring kernel mode CET states. > > Six VMCS fields are introduced for CET: > {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. > {HOST,GUEST}_SSP: Stores shadow stack pointer of current active task/thread. > {HOST,GUEST}_INTR_SSP_TABLE: Stores base address of shadow stack pointer table. ditto > > If VM_EXIT_LOAD_HOST_CET_STATE = 1, the host CET states are restored from > the following VMCS fields at VM-Exit: > HOST_S_CET > HOST_SSP > HOST_INTR_SSP_TABLE > > If VM_ENTRY_LOAD_GUEST_CET_STATE = 1, the guest CET states are loaded from > the following VMCS fields at VM-Entry: > GUEST_S_CET > GUEST_SSP > GUEST_INTR_SSP_TABLE > > Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> > Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > --- > arch/x86/include/asm/vmx.h | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 498dc600bd5c..fe2aff27df8c 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -102,6 +102,7 @@ > #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 > #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 > #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 > +#define VM_EXIT_LOAD_CET_STATE 0x10000000 > > #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff > > @@ -115,6 +116,7 @@ > #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 > #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 > #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 > +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 > > #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff > > @@ -343,6 +345,9 @@ enum vmcs_field { > GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, > GUEST_SYSENTER_ESP = 0x00006824, > GUEST_SYSENTER_EIP = 0x00006826, > + GUEST_S_CET = 0x00006828, > + GUEST_SSP = 0x0000682a, > + GUEST_INTR_SSP_TABLE = 0x0000682c, > HOST_CR0 = 0x00006c00, > HOST_CR3 = 0x00006c02, > HOST_CR4 = 0x00006c04, > @@ -355,6 +360,9 @@ enum vmcs_field { > HOST_IA32_SYSENTER_EIP = 0x00006c12, > HOST_RSP = 0x00006c14, > HOST_RIP = 0x00006c16, > + HOST_S_CET = 0x00006c18, > + HOST_SSP = 0x00006c1a, > + HOST_INTR_SSP_TABLE = 0x00006c1c > }; > > /*
On 4/21/2023 9:46 PM, Yang Weijiang wrote: > CET (Control-flow Enforcement Technology) is a CPU feature used to prevent > Return/Jump-Oriented Programming (ROP/JOP) attacks. CET introduces a new > exception type, Control Protection (#CP), and two sub-features(SHSTK,IBT) > to defend against ROP/JOP style control-flow subversion attacks. > > Shadow Stack (SHSTK): > A shadow stack is a second stack used exclusively for control transfer > operations. The shadow stack is separate from the data/normal stack and > can be enabled individually in user and kernel mode. When shadow stacks > are enabled, CALL pushes the return address on both the data and shadow > stack. RET pops the return address from both stacks and compares them. > If the return addresses from the two stacks do not match, the processor > signals a #CP. > > Indirect Branch Tracking (IBT): > IBT adds a new instrution, ENDBRANCH, that is used to mark valid target /s/instrution/instruction > addresses of indirect branches (CALL, JMP, ENCLU[EEXIT], etc...). If an > indirect branch is executed and the next instruction is _not_ an > ENDBRANCH, the processor signals a #CP. > > Several new CET MSRs are defined to support CET: > MSR_IA32_{U,S}_CET: Controls the CET settings for user mode and kernel > mode respectively. > > MSR_IA32_PL{0,1,2,3}_SSP: Stores shadow stack pointers for CPL-0,1,2,3 > protection respectively. > > MSR_IA32_INT_SSP_TAB: Stores base address of shadow stack pointer table. According to the name of the MSR, it is interrupt related, right? It's better to describe the MSR more precisely. > > Two XSAVES state bits are introduced for CET: > IA32_XSS:[bit 11]: Control saving/restoring user mode CET states > IA32_XSS:[bit 12]: Control saving/restoring kernel mode CET states. > > Six VMCS fields are introduced for CET: > {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. > {HOST,GUEST}_SSP: Stores shadow stack pointer of current active task/thread. > {HOST,GUEST}_INTR_SSP_TABLE: Stores base address of shadow stack pointer table. ditto > > If VM_EXIT_LOAD_HOST_CET_STATE = 1, the host CET states are restored from > the following VMCS fields at VM-Exit: > HOST_S_CET > HOST_SSP > HOST_INTR_SSP_TABLE > > If VM_ENTRY_LOAD_GUEST_CET_STATE = 1, the guest CET states are loaded from > the following VMCS fields at VM-Entry: > GUEST_S_CET > GUEST_SSP > GUEST_INTR_SSP_TABLE > > Co-developed-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> > Signed-off-by: Zhang Yi Z <yi.z.zhang@linux.intel.com> > Signed-off-by: Yang Weijiang <weijiang.yang@intel.com> > --- > arch/x86/include/asm/vmx.h | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 498dc600bd5c..fe2aff27df8c 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -102,6 +102,7 @@ > #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 > #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 > #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 > +#define VM_EXIT_LOAD_CET_STATE 0x10000000 > > #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff > > @@ -115,6 +116,7 @@ > #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 > #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 > #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 > +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 > > #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff > > @@ -343,6 +345,9 @@ enum vmcs_field { > GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, > GUEST_SYSENTER_ESP = 0x00006824, > GUEST_SYSENTER_EIP = 0x00006826, > + GUEST_S_CET = 0x00006828, > + GUEST_SSP = 0x0000682a, > + GUEST_INTR_SSP_TABLE = 0x0000682c, > HOST_CR0 = 0x00006c00, > HOST_CR3 = 0x00006c02, > HOST_CR4 = 0x00006c04, > @@ -355,6 +360,9 @@ enum vmcs_field { > HOST_IA32_SYSENTER_EIP = 0x00006c12, > HOST_RSP = 0x00006c14, > HOST_RIP = 0x00006c16, > + HOST_S_CET = 0x00006c18, > + HOST_SSP = 0x00006c1a, > + HOST_INTR_SSP_TABLE = 0x00006c1c > }; > > /*
On 5/5/2023 10:22 AM, Binbin Wu wrote: > > > On 4/21/2023 9:46 PM, Yang Weijiang wrote: >> CET (Control-flow Enforcement Technology) is a CPU feature used to >> prevent >> Return/Jump-Oriented Programming (ROP/JOP) attacks. CET introduces a new >> exception type, Control Protection (#CP), and two >> sub-features(SHSTK,IBT) >> to defend against ROP/JOP style control-flow subversion attacks. [...] >> >> MSR_IA32_INT_SSP_TAB: Stores base address of shadow stack pointer >> table. > According to the name of the MSR, it is interrupt related, right? > It's better to describe the MSR more precisely. OK, will change the description, thanks! > >> >> Two XSAVES state bits are introduced for CET: >> IA32_XSS:[bit 11]: Control saving/restoring user mode CET states >> IA32_XSS:[bit 12]: Control saving/restoring kernel mode CET states. >> >> Six VMCS fields are introduced for CET: >> {HOST,GUEST}_S_CET: Stores CET settings for kernel mode. >> {HOST,GUEST}_SSP: Stores shadow stack pointer of current active >> task/thread. >> {HOST,GUEST}_INTR_SSP_TABLE: Stores base address of shadow stack >> pointer table. > ditto > [...]
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 498dc600bd5c..fe2aff27df8c 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -102,6 +102,7 @@ #define VM_EXIT_CLEAR_BNDCFGS 0x00800000 #define VM_EXIT_PT_CONCEAL_PIP 0x01000000 #define VM_EXIT_CLEAR_IA32_RTIT_CTL 0x02000000 +#define VM_EXIT_LOAD_CET_STATE 0x10000000 #define VM_EXIT_ALWAYSON_WITHOUT_TRUE_MSR 0x00036dff @@ -115,6 +116,7 @@ #define VM_ENTRY_LOAD_BNDCFGS 0x00010000 #define VM_ENTRY_PT_CONCEAL_PIP 0x00020000 #define VM_ENTRY_LOAD_IA32_RTIT_CTL 0x00040000 +#define VM_ENTRY_LOAD_CET_STATE 0x00100000 #define VM_ENTRY_ALWAYSON_WITHOUT_TRUE_MSR 0x000011ff @@ -343,6 +345,9 @@ enum vmcs_field { GUEST_PENDING_DBG_EXCEPTIONS = 0x00006822, GUEST_SYSENTER_ESP = 0x00006824, GUEST_SYSENTER_EIP = 0x00006826, + GUEST_S_CET = 0x00006828, + GUEST_SSP = 0x0000682a, + GUEST_INTR_SSP_TABLE = 0x0000682c, HOST_CR0 = 0x00006c00, HOST_CR3 = 0x00006c02, HOST_CR4 = 0x00006c04, @@ -355,6 +360,9 @@ enum vmcs_field { HOST_IA32_SYSENTER_EIP = 0x00006c12, HOST_RSP = 0x00006c14, HOST_RIP = 0x00006c16, + HOST_S_CET = 0x00006c18, + HOST_SSP = 0x00006c1a, + HOST_INTR_SSP_TABLE = 0x00006c1c }; /*