git.osdn.net Git - tomoyo/tomoyo-test1.git/commit

author	Yu-cheng Yu <yu-cheng.yu@intel.com>
	Tue, 4 Feb 2020 17:14:24 +0000 (09:14 -0800)
committer	Borislav Petkov <bp@suse.de>
	Thu, 26 Mar 2020 11:21:40 +0000 (12:21 +0100)
commit	5790921bc18b1eb5c0c61371e31114fd4c4b0154
tree	67083a6941278990e70abb71a8297c3baf7efaff	tree \| snapshot
parent	630b99ab60aa972052a4202a1ff96c7e45eb0054	commit \| diff

x86/insn: Add Control-flow Enforcement (CET) instructions to the opcode map

Add the following CET instructions to the opcode map:

INCSSP:
    Increment Shadow Stack pointer (SSP).

RDSSP:
    Read SSP into a GPR.

SAVEPREVSSP:
    Use "previous ssp" token at top of current Shadow Stack (SHSTK) to
    create a "restore token" on the previous (outgoing) SHSTK.

RSTORSSP:
    Restore from a "restore token" to SSP.

WRSS:
    Write to kernel-mode SHSTK (kernel-mode instruction).

WRUSS:
    Write to user-mode SHSTK (kernel-mode instruction).

SETSSBSY:
    Verify the "supervisor token" pointed by MSR_IA32_PL0_SSP, set the
    token busy, and set then Shadow Stack pointer(SSP) to the value of
    MSR_IA32_PL0_SSP.

CLRSSBSY:
    Verify the "supervisor token" and clear its busy bit.

ENDBR64/ENDBR32:
    Mark a valid 64/32 bit control transfer endpoint.

Detailed information of CET instructions can be found in Intel Software
Developer's Manual.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lkml.kernel.org/r/20200204171425.28073-2-yu-cheng.yu@intel.com

arch/x86/lib/x86-opcode-map.txt		diff \| blob \| history
tools/arch/x86/lib/x86-opcode-map.txt		diff \| blob \| history