f5bba5d5f4
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5798 # Merge Request Required Information ## Summary of Changes Backport a few missing shadow stack patches and enable shadow stack. Checked using the kernel selftests: ``` [root@intel-alderlake-m-01 ~]# lscpu | grep shstk [root@intel-alderlake-m-01 ~]# reboot now ... [root@intel-alderlake-m-01 ~]# uname -a Linux intel-alderlake-m-01.khw.eng.bos2.dc.redhat.com 5.14.0-527.SHSTK_UPDATE_WITH_GUARD_GAP.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Nov 24 14:21:55 EST 2024 x86_64 x86_64 x86_64 GNU/Linux [root@intel-alderlake-m-01 ~]# lscpu | grep shstk Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb ssbd ibrs ibpb stibp ibrs_enhanced tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid rdseed adx smap clflushopt clwb intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves split_lock_detect user_shstk avx_vnni dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp hwp_pkg_req hfi vnmi umip pku ospke waitpkg gfni vaes vpclmulqdq tme rdpid movdiri movdir64b fsrm md_clear serialize pconfig arch_lbr ibt flush_l1d arch_capabilities [root@intel-alderlake-m-01 ~]# ./tools/testing/selftests/x86/test_shadow_stack [INFO] new_ssp = 7fec4a3ffff8, *new_ssp = 7fec4a400001 [INFO] changing ssp from 7fec4adffff0 to 7fec4a3ffff8 [INFO] ssp is now 7fec4a400000 [OK] Shadow stack pivot [OK] Shadow stack faults [INFO] Corrupting shadow stack [INFO] Generated shadow stack violation successfully [OK] Shadow stack violation test [INFO] Gup read -> shstk access success [INFO] Gup write -> shstk access success [INFO] Violation from normal write [INFO] Gup read -> write access success [INFO] Violation from normal write [INFO] Gup write -> write access success [INFO] Cow gup write -> write access success [OK] Shadow gup test [INFO] Violation from shstk access [OK] mprotect() test [OK] Userfaultfd test [OK] Guard gap test, other mapping's gaps [OK] Guard gap test, placement mapping's gaps [OK] Ptrace test [OK] 32 bit test [OK] Uretprobe test ``` Leaving out da42b5229b since the relevant part is a follow-up of f7875966dc, which is not included. Omitted-fix: da42b5229b27bb5c0eff3408c92f025e6041dad3 Omitted-fix: 249608ee47132cab3b1adacd9e463548f57bd316 ## Approved Development Ticket(s) JIRA: https://issues.redhat.com/browse/RHEL-15599 Signed-off-by: Štěpán Horáček <shoracek@redhat.com> Approved-by: David Arcari <darcari@redhat.com> Approved-by: Rafael Aquini <raquini@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Augusto Caringi <acaringi@redhat.com> |
||
|---|---|---|
| .. | ||
| 68000 | ||
| amiga | ||
| apollo | ||
| atari | ||
| bvme6000 | ||
| coldfire | ||
| configs | ||
| emu | ||
| fpsp040 | ||
| hp300 | ||
| ifpsp060 | ||
| include | ||
| kernel | ||
| lib | ||
| mac | ||
| math-emu | ||
| mm | ||
| mvme16x | ||
| mvme147 | ||
| q40 | ||
| sun3 | ||
| sun3x | ||
| tools/amiga | ||
| Kbuild | ||
| Kconfig | ||
| Kconfig.bus | ||
| Kconfig.cpu | ||
| Kconfig.debug | ||
| Kconfig.devices | ||
| Kconfig.machine | ||
| Makefile | ||
| install.sh | ||