Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement shadow stacks #455

Merged
merged 16 commits into from
Nov 6, 2024
Merged

Commits on Oct 25, 2024

  1. mm: don't set DIRTY without WRITABLE

    When CET is enabled, pages marked as DIRTY but not WRITABLE are treated
    as special pages used for storing shadow stacks. We must not use this
    combination of flags for pages not meant to be used for shadow stacks.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    de3d68f View commit details
    Browse the repository at this point in the history
  2. mm: implement VMKernelShadowStack

    The initialization and pt_flags are a bit special for shadow stack
    pages, so this warrants a new `VirtualMapping` implementations.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    1e81471 View commit details
    Browse the repository at this point in the history
  3. percpu: allocate an initial shadow stack

    This shadow stack is used when not using a task's shadow stack.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    e41469a View commit details
    Browse the repository at this point in the history
  4. percpu: setup ISST

    The interrupt shadow stack table (ISST) is very similar to the
    interrupt stack table (IST) except that it contains shadow stack
    addresses instead of normal stack addresses.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    fd5aa4e View commit details
    Browse the repository at this point in the history
  5. task: allocate shadow stacks for each task

    Each task needs to a normal shadow stack and shadow stack used for
    exception handling.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    f2a4429 View commit details
    Browse the repository at this point in the history
  6. idt: add shadow stack pointer to exception context

    Some exception handlers will need to update the shadow stack, so they
    need to know the shadow stack pointer at the time of the exception.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    dae1da4 View commit details
    Browse the repository at this point in the history
  7. idt: update return address on shadow stack

    Whenever we update the return address on the shadow stack, we'll also
    need to update the return address on the shadow stack.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    e296721 View commit details
    Browse the repository at this point in the history
  8. idt: fixup shadow stack in #HV handler

    The #HV handler messes with the stack frame and shadow stack needs to
    be adjusted accordingly.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    5d21228 View commit details
    Browse the repository at this point in the history
  9. address: add VirtAddr::as_usize

    Unlike the various From and Into implementations, this method can be
    called in const contexts.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    6029dce View commit details
    Browse the repository at this point in the history
  10. schedule: switch to special stack during context switches

    We need to guard against IRQs coming in after switching to the new page tables
    and before switching to the new stack.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    a448d45 View commit details
    Browse the repository at this point in the history
  11. schedule: switch shadow stacks in context switch

    Each task has separate shadow stacks, so we need to switch them when
    switching tasks.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    7c4b93f View commit details
    Browse the repository at this point in the history
  12. svsm: enable shadow stack

    This enables shadow stacks for the BSP.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    34ac60b View commit details
    Browse the repository at this point in the history
  13. vmsa: enable shadow stacks

    This enables shadow stacks on the secondary APs.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    8b6619c View commit details
    Browse the repository at this point in the history
  14. idt: implement #CP handler

    This exception handler will be executed when the CPU detects a mismatch
    between the return address on the stack and the return address on the
    shadow stack.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    a66514a View commit details
    Browse the repository at this point in the history
  15. shadow_stack: determine support at runtime

    Trusted CPUID values are hard to come by, so let's just try to enable
    CET in CR4 and handle failure gracefully.
    
    Signed-off-by: Tom Dohrmann <[email protected]>
    Freax13 committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    9de01ca View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2024

  1. Configuration menu
    Copy the full SHA
    5f95269 View commit details
    Browse the repository at this point in the history