| Message ID | 20220130211838.8382-5-rick.p.edgecombe@intel.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Shadow stacks for userspace | expand |
> * Some CPU features depend on higher CPUID levels, which may not always > * be available due to CPUID level capping or broken virtualization > @@ -1261,6 +1269,9 @@ static void __init cpu_parse_early_param(void) > if (cmdline_find_option_bool(boot_command_line, "noxsaves")) > setup_clear_cpu_cap(X86_FEATURE_XSAVES); > > + if (cmdline_find_option_bool(boot_command_line, "no_user_shstk")) > + setup_clear_cpu_cap(X86_FEATURE_SHSTK); Given this: https://lore.kernel.org/all/20220127115626.14179-2-bp@alien8.de/ I'd probably yank the command-line option out of this series, or stick it in a separate patch that you tack on to the end.
On Mon, 2022-02-07 at 14:49 -0800, Dave Hansen wrote: > Given this: > > > https://lore.kernel.org/all/20220127115626.14179-2-bp@alien8.de/ > > I'd probably yank the command-line option out of this series, or > stick > it in a separate patch that you tack on to the end. Makes sense. I'll change the docs to point out exactly how to use this new parameter for shadow stack. It could come in handy if some important service miss marks itself as shadow stack capable and complicates boot. Thanks.
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f5a27f067db9..6c5456c56dbf 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -3389,6 +3389,10 @@ noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings + no_user_shstk [X86-64] Disable Shadow Stack for user-mode + applications. Disabling shadow stack also disables + IBT. + nosmap [X86,PPC] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h index bcba3c643e63..a8df907e8017 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -130,6 +130,8 @@ #define X86_CR4_SMAP _BITUL(X86_CR4_SMAP_BIT) #define X86_CR4_PKE_BIT 22 /* enable Protection Keys support */ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) +#define X86_CR4_CET_BIT 23 /* enable Control-flow Enforcement */ +#define X86_CR4_CET _BITUL(X86_CR4_CET_BIT) /* * x86-64 Task Priority Register, CR8 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 7b8382c11788..9ee339f5b8ca 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -515,6 +515,14 @@ static __init int setup_disable_pku(char *arg) __setup("nopku", setup_disable_pku); #endif /* CONFIG_X86_64 */ +static __always_inline void setup_cet(struct cpuinfo_x86 *c) +{ + if (!cpu_feature_enabled(X86_FEATURE_SHSTK)) + return; + + cr4_set_bits(X86_CR4_CET); +} + /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization @@ -1261,6 +1269,9 @@ static void __init cpu_parse_early_param(void) if (cmdline_find_option_bool(boot_command_line, "noxsaves")) setup_clear_cpu_cap(X86_FEATURE_XSAVES); + if (cmdline_find_option_bool(boot_command_line, "no_user_shstk")) + setup_clear_cpu_cap(X86_FEATURE_SHSTK); + arglen = cmdline_find_option(boot_command_line, "clearcpuid", arg, sizeof(arg)); if (arglen <= 0) return; @@ -1632,6 +1643,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) x86_init_rdrand(c); setup_pku(c); + setup_cet(c); /* * Clear/Set all flags overridden by options, need do it