| .. SPDX-License-Identifier: GPL-2.0 |
| |
| ====================================================== |
| Control-flow Enforcement Technology (CET) Shadow Stack |
| ====================================================== |
| |
| CET Background |
| ============== |
| |
| Control-flow Enforcement Technology (CET) covers several related x86 processor |
| features that provide protection against control flow hijacking attacks. CET |
| can protect both applications and the kernel. |
| |
| CET introduces shadow stack and indirect branch tracking (IBT). A shadow stack |
| is a secondary stack allocated from memory which cannot be directly modified by |
| applications. When executing a CALL instruction, the processor pushes the |
| return address to both the normal stack and the shadow stack. Upon |
| function return, the processor pops the shadow stack copy and compares it |
| to the normal stack copy. If the two differ, the processor raises a |
| control-protection fault. IBT verifies indirect CALL/JMP targets are intended |
| as marked by the compiler with 'ENDBR' opcodes. Not all CPU's have both Shadow |
| Stack and Indirect Branch Tracking. Today in the 64-bit kernel, only userspace |
| shadow stack and kernel IBT are supported. |
| |
| Requirements to use Shadow Stack |
| ================================ |
| |
| To use userspace shadow stack you need HW that supports it, a kernel |
| configured with it and userspace libraries compiled with it. |
| |
| The kernel Kconfig option is X86_USER_SHADOW_STACK. When compiled in, shadow |
| stacks can be disabled at runtime with the kernel parameter: nousershstk. |
| |
| To build a user shadow stack enabled kernel, Binutils v2.29 or LLVM v6 or later |
| are required. |
| |
| At run time, /proc/cpuinfo shows CET features if the processor supports |
| CET. "user_shstk" means that userspace shadow stack is supported on the current |
| kernel and HW. |
| |
| Application Enabling |
| ==================== |
| |
| An application's CET capability is marked in its ELF note and can be verified |
| from readelf/llvm-readelf output:: |
| |
| readelf -n <application> | grep -a SHSTK |
| properties: x86 feature: SHSTK |
| |
| The kernel does not process these applications markers directly. Applications |
| or loaders must enable CET features using the interface described in section 4. |
| Typically this would be done in dynamic loader or static runtime objects, as is |
| the case in GLIBC. |
| |
| Enabling arch_prctl()'s |
| ======================= |
| |
| Elf features should be enabled by the loader using the below arch_prctl's. They |
| are only supported in 64 bit user applications. These operate on the features |
| on a per-thread basis. The enablement status is inherited on clone, so if the |
| feature is enabled on the first thread, it will propagate to all the thread's |
| in an app. |
| |
| arch_prctl(ARCH_SHSTK_ENABLE, unsigned long feature) |
| Enable a single feature specified in 'feature'. Can only operate on |
| one feature at a time. |
| |
| arch_prctl(ARCH_SHSTK_DISABLE, unsigned long feature) |
| Disable a single feature specified in 'feature'. Can only operate on |
| one feature at a time. |
| |
| arch_prctl(ARCH_SHSTK_LOCK, unsigned long features) |
| Lock in features at their current enabled or disabled status. 'features' |
| is a mask of all features to lock. All bits set are processed, unset bits |
| are ignored. The mask is ORed with the existing value. So any feature bits |
| set here cannot be enabled or disabled afterwards. |
| |
| arch_prctl(ARCH_SHSTK_UNLOCK, unsigned long features) |
| Unlock features. 'features' is a mask of all features to unlock. All |
| bits set are processed, unset bits are ignored. Only works via ptrace. |
| |
| arch_prctl(ARCH_SHSTK_STATUS, unsigned long addr) |
| Copy the currently enabled features to the address passed in addr. The |
| features are described using the bits passed into the others in |
| 'features'. |
| |
| The return values are as follows. On success, return 0. On error, errno can |
| be:: |
| |
| -EPERM if any of the passed feature are locked. |
| -ENOTSUPP if the feature is not supported by the hardware or |
| kernel. |
| -EINVAL arguments (non existing feature, etc) |
| -EFAULT if could not copy information back to userspace |
| |
| The feature's bits supported are:: |
| |
| ARCH_SHSTK_SHSTK - Shadow stack |
| ARCH_SHSTK_WRSS - WRSS |
| |
| Currently shadow stack and WRSS are supported via this interface. WRSS |
| can only be enabled with shadow stack, and is automatically disabled |
| if shadow stack is disabled. |
| |
| Proc Status |
| =========== |
| To check if an application is actually running with shadow stack, the |
| user can read the /proc/$PID/status. It will report "wrss" or "shstk" |
| depending on what is enabled. The lines look like this:: |
| |
| x86_Thread_features: shstk wrss |
| x86_Thread_features_locked: shstk wrss |
| |
| Implementation of the Shadow Stack |
| ================================== |
| |
| Shadow Stack Size |
| ----------------- |
| |
| A task's shadow stack is allocated from memory to a fixed size of |
| MIN(RLIMIT_STACK, 4 GB). In other words, the shadow stack is allocated to |
| the maximum size of the normal stack, but capped to 4 GB. In the case |
| of the clone3 syscall, there is a stack size passed in and shadow stack |
| uses this instead of the rlimit. |
| |
| Signal |
| ------ |
| |
| The main program and its signal handlers use the same shadow stack. Because |
| the shadow stack stores only return addresses, a large shadow stack covers |
| the condition that both the program stack and the signal alternate stack run |
| out. |
| |
| When a signal happens, the old pre-signal state is pushed on the stack. When |
| shadow stack is enabled, the shadow stack specific state is pushed onto the |
| shadow stack. Today this is only the old SSP (shadow stack pointer), pushed |
| in a special format with bit 63 set. On sigreturn this old SSP token is |
| verified and restored by the kernel. The kernel will also push the normal |
| restorer address to the shadow stack to help userspace avoid a shadow stack |
| violation on the sigreturn path that goes through the restorer. |
| |
| So the shadow stack signal frame format is as follows:: |
| |
| |1...old SSP| - Pointer to old pre-signal ssp in sigframe token format |
| (bit 63 set to 1) |
| | ...| - Other state may be added in the future |
| |
| |
| 32 bit ABI signals are not supported in shadow stack processes. Linux prevents |
| 32 bit execution while shadow stack is enabled by the allocating shadow stacks |
| outside of the 32 bit address space. When execution enters 32 bit mode, either |
| via far call or returning to userspace, a #GP is generated by the hardware |
| which, will be delivered to the process as a segfault. When transitioning to |
| userspace the register's state will be as if the userspace ip being returned to |
| caused the segfault. |
| |
| Fork |
| ---- |
| |
| The shadow stack's vma has VM_SHADOW_STACK flag set; its PTEs are required |
| to be read-only and dirty. When a shadow stack PTE is not RO and dirty, a |
| shadow access triggers a page fault with the shadow stack access bit set |
| in the page fault error code. |
| |
| When a task forks a child, its shadow stack PTEs are copied and both the |
| parent's and the child's shadow stack PTEs are cleared of the dirty bit. |
| Upon the next shadow stack access, the resulting shadow stack page fault |
| is handled by page copy/re-use. |
| |
| When a pthread child is created, the kernel allocates a new shadow stack |
| for the new thread. New shadow stack creation behaves like mmap() with respect |
| to ASLR behavior. Similarly, on thread exit the thread's shadow stack is |
| disabled. |
| |
| Exec |
| ---- |
| |
| On exec, shadow stack features are disabled by the kernel. At which point, |
| userspace can choose to re-enable, or lock them. |
