shstk: ELF header parsing for shadow stack

Yu-cheng Yu Wed, 29 Apr 2020 15:10:16 -0700

Check an ELF file's .note.gnu.property, and setup shadow stack if the
application supports it.


Signed-off-by: Yu-cheng Yu <[email protected]>
---
v9:
- Change cpu_feature_enabled() to static_cpu_has().

 arch/x86/Kconfig             |  2 ++
 arch/x86/include/asm/elf.h   | 13 +++++++++++++
 arch/x86/kernel/process_64.c | 29 +++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ac07e1f6a2bc..8b7b97ff5fb4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1970,6 +1970,8 @@ config X86_INTEL_SHADOW_STACK_USER
        select X86_INTEL_CET
        select ARCH_MAYBE_MKWRITE
        select ARCH_HAS_SHADOW_STACK
+       select ARCH_USE_GNU_PROPERTY
+       select ARCH_BINFMT_ELF_STATE
        help
          Shadow Stacks provides protection against program stack
          corruption.  It's a hardware feature.  This only matters
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index 69c0f892e310..fac79b621e0a 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -367,6 +367,19 @@ extern int compat_arch_setup_additional_pages(struct 
linux_binprm *bprm,
                                              int uses_interp);
 #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages
 
+#ifdef CONFIG_ARCH_BINFMT_ELF_STATE
+struct arch_elf_state {
+       unsigned int gnu_property;
+};
+
+#define INIT_ARCH_ELF_STATE {  \
+       .gnu_property = 0,      \
+}
+
+#define arch_elf_pt_proc(ehdr, phdr, elf, interp, state) (0)
+#define arch_check_elf(ehdr, interp, interp_ehdr, state) (0)
+#endif
+
 /* Do not change the values. See get_align_mask() */
 enum align_flags {
        ALIGN_VA_32     = BIT(0),
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 5ef9d8f25b0e..93ba4afd0c19 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -730,3 +730,32 @@ unsigned long KSTK_ESP(struct task_struct *task)
 {
        return task_pt_regs(task)->sp;
 }
+
+#ifdef CONFIG_ARCH_USE_GNU_PROPERTY
+int arch_parse_elf_property(u32 type, const void *data, size_t datasz,
+                            bool compat, struct arch_elf_state *state)
+{
+       if (type != GNU_PROPERTY_X86_FEATURE_1_AND)
+               return 0;
+
+       if (datasz != sizeof(unsigned int))
+               return -ENOEXEC;
+
+       state->gnu_property = *(unsigned int *)data;
+       return 0;
+}
+
+int arch_setup_elf_property(struct arch_elf_state *state)
+{
+       int r = 0;
+
+       memset(&current->thread.cet, 0, sizeof(struct cet_status));
+
+       if (static_cpu_has(X86_FEATURE_SHSTK)) {
+               if (state->gnu_property & GNU_PROPERTY_X86_FEATURE_1_SHSTK)
+                       r = cet_setup_shstk();
+       }
+
+       return r;
+}
+#endif
-- 
2.21.0

[PATCH v10 24/26] x86/cet/shstk: ELF header parsing for shadow stack

Reply via email to