implement shadow stacks #455
Open
Commits on Sep 18, 2024
-
mm: implement VMKernelShadowStack
The initialization and pt_flags are a bit special for shadow stack pages, so this warrants a new `VirtualMapping` implementations. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
percpu: allocate an initial shadow stack
This shadow stack is used when not using a task's shadow stack. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
The interrupt shadow stack table (ISST) is very similar to the interrupt stack table (IST) except that it contains shadow stack addresses instead of normal stack addresses. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
task: allocate shadow stacks for each task
Each task needs to a normal shadow stack and shadow stack used for exception handling. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
idt: add shadow stack pointer to exception context
Some exception handlers will need to update the shadow stack, so they need to know the shadow stack pointer at the time of the exception. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
idt: update return address on shadow stack
Whenever we update the return address on the shadow stack, we'll also need to update the return address on the shadow stack. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
schedule: switch to special stack during context switches
We need to guard against IRQs coming in after switching to the new page tables and before switching to the new stack. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
schedule: switch shadow stacks in context switch
Each task has separate shadow stacks, so we need to switch them when switching tasks. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
This enables shadow stacks for the BSP. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
This enables shadow stacks on the secondary APs. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
This exception handler will be executed when the CPU detects a mismatch between the return address on the stack and the return address on the shadow stack. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
-
shadow_stack: determine support at runtime
Trusted CPUID values are hard to come by, so let's just try to enable CET in CR4 and handle failure gracefully. Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.