1

Enable shadow stacks for x32.

While we normally don't do such feature-enabling on 32-bit
 kernels anymore, this change is small, straightforward & tested on
 upstream glibc.
 
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEEBpT5eoXrXCwVQwEKEnMQ0APhK1gFAmZByx4RHG1pbmdvQGtl
 cm5lbC5vcmcACgkQEnMQ0APhK1htKA/9EXRmI4498QY07EaqkrvGdzDnPnvQgHLv
 JoPvMM73pCY8FyOt0D/fRLeS/JvP0zGnn6HT55LeQkJVcWUIAdDhuniDBSjxS7xd
 BdwHzkfJn2qa6kA1ekXWS7zHY+D1hsJEq9/15gFj/q2JVfo+HyN768fHS6kohdkW
 aNneAbsVOJZNxmKNVXXiC69xhDNVyjFxEJ0xP7rUctjj4GvJRg14pt95//z+YnNB
 qKmmd1/+ul652rZzsFbDjB9PZkkixm8qALFDR7I94UWX3MYknpTcV+n/tFSykQrv
 z3nabF+pTHKSJDrtGVOC4ks+SofK2wwEg4vYC2mfCWtVcZfPoEfEIVum6VbmfW8J
 2sr1hfydTRycA6i90U2IjbnyYCtQsXyzyHGuJI4JplDinHu+GxiQQ9xMU7nmdlA+
 xXazqk8dciMpzPJY8pUv0JXurNFfq/n6BfYTYrBsBeRCm8gcyYFB7fTkJWamowWc
 DhXHOz/MC6BkZhgkoB1/L9i9GgMu9boCJ1vdcnUMBZfqWVlcePlspOtUtabhvF2r
 8NKKLwTtdcgGswrBmVcWZhbwRuc9imK3uAoNlSIEe5jC8rlcp7F5lnpYF2DPFnYn
 VCeGfoQGdJyt8D+9Ag7wm9zseMRekdI8dABJW2ZVAmq810+6PSW4ToONwlqzfL63
 uTcapyAC0qQ=
 =AqG9
 -----END PGP SIGNATURE-----

Merge tag 'x86-shstk-2024-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 shadow stacks from Ingo Molnar:
 "Enable shadow stacks for x32.

  While we normally don't do such feature-enabling for 32-bit anymore,
  this change is small, straightforward & tested on upstream glibc"

* tag 'x86-shstk-2024-05-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/shstk: Enable shadow stacks for x32
This commit is contained in:
Linus Torvalds 2024-05-13 19:33:23 -07:00
commit a5131c3fdf
3 changed files with 9 additions and 3 deletions

View File

@ -374,7 +374,7 @@
450 common set_mempolicy_home_node sys_set_mempolicy_home_node 450 common set_mempolicy_home_node sys_set_mempolicy_home_node
451 common cachestat sys_cachestat 451 common cachestat sys_cachestat
452 common fchmodat2 sys_fchmodat2 452 common fchmodat2 sys_fchmodat2
453 64 map_shadow_stack sys_map_shadow_stack 453 common map_shadow_stack sys_map_shadow_stack
454 common futex_wake sys_futex_wake 454 common futex_wake sys_futex_wake
455 common futex_wait sys_futex_wait 455 common futex_wait sys_futex_wait
456 common futex_requeue sys_futex_requeue 456 common futex_requeue sys_futex_requeue

View File

@ -163,8 +163,8 @@ static int shstk_setup(void)
if (features_enabled(ARCH_SHSTK_SHSTK)) if (features_enabled(ARCH_SHSTK_SHSTK))
return 0; return 0;
/* Also not supported for 32 bit and x32 */ /* Also not supported for 32 bit */
if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) || in_32bit_syscall()) if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK) || in_ia32_syscall())
return -EOPNOTSUPP; return -EOPNOTSUPP;
size = adjust_shstk_size(0); size = adjust_shstk_size(0);

View File

@ -315,6 +315,9 @@ int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
uc_flags = frame_uc_flags(regs); uc_flags = frame_uc_flags(regs);
if (setup_signal_shadow_stack(ksig))
return -EFAULT;
if (!user_access_begin(frame, sizeof(*frame))) if (!user_access_begin(frame, sizeof(*frame)))
return -EFAULT; return -EFAULT;
@ -377,6 +380,9 @@ COMPAT_SYSCALL_DEFINE0(x32_rt_sigreturn)
if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags)) if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
goto badframe; goto badframe;
if (restore_signal_shadow_stack())
goto badframe;
if (compat_restore_altstack(&frame->uc.uc_stack)) if (compat_restore_altstack(&frame->uc.uc_stack))
goto badframe; goto badframe;