[缺陷描述]: kernel-selftests测试x86/test_shadow_stack_64执行异常,返回[SKIP] Could not enable Shadow stack,需开发同学帮忙确认下是否这个case测试有问题。 [重现概率]: 必现 [重现步骤] 1. 下载kernel-6.6.25-2_rc1.an23.src.rpm 2. rpm -i kernel-6.6.25-2_rc1.an23.src.rpm 3. yum-builddep -y /root/rpmbuild/SPECS/kernel.spec rpmbuild -bp /root/rpmbuild/SPECS/kernel.spec cd /root/rpmbuild/BUILD/kernel-6.6.25-2_rc1.an23/linux-6.6.25-2_rc1.an23.x86_64/tools/testing/selftests/x86 4. make;./test_shadow_stack_64 [期望结果]: 用例执行PASS [实际结果]: [root@iZbp1c9jzchxjqive233ugZ x86]# ./test_shadow_stack_64 [SKIP] Could not enable Shadow stack [重现环境]: 环境信息:云上ecs Last login: Tue Apr 23 15:16:32 2024 from 59.82.30.41 [root@iZbp1c9jzchxjqive233ugZ ~]# uname -r 6.6.25-2_rc1.an23.x86_64 [root@iZbp1c9jzchxjqive233ugZ ~]# cat /etc/os-release NAME="Anolis OS" VERSION="23" ID="anolis" VERSION_ID="23" PLATFORM_ID="platform:an23" PRETTY_NAME="Anolis OS 23" ANSI_COLOR="0;31" HOME_URL="https://openanolis.cn/" BUG_REPORT_URL="https://bugzilla.openanolis.cn/" [root@iZbp1c9jzchxjqive233ugZ ~]# cat /proc/cmdline BOOT_IMAGE=(hd0,gpt2)/boot/vmlinuz-6.6.25-2_rc1.an23.x86_64 root=UUID=06ce37cb-4731-4a37-a95d-1f756b7eee30 ro rhgb crashkernel=0M-2G:0M,2G-8G:192M,8G-:256M cryptomgr.notests cgroup.memory=nokmem rcupdate.rcu_cpu_stall_timeout=300 quiet biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8 noibrs nvme_core.io_timeout=4294967295 nvme_core.admin_timeout=4294967295 [root@iZbp1c9jzchxjqive233ugZ ~]# df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 4.0M 0 4.0M 0% /dev tmpfs 7.6G 0 7.6G 0% /dev/shm tmpfs 3.1G 560K 3.1G 1% /run /dev/nvme0n1p2 40G 14G 27G 33% / tmpfs 7.6G 0 7.6G 0% /tmp tmpfs 1.6G 4.0K 1.6G 1% /run/user/0 [root@iZbp1c9jzchxjqive233ugZ ~]# [root@iZbp1c9jzchxjqive233ugZ ~]# free -g total used free shared buff/cache available Mem: 15 0 14 0 0 14 Swap: 0 0 0 [root@iZbp1c9jzchxjqive233ugZ ~]# [root@iZbp1c9jzchxjqive233ugZ ~]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 52 bits physical, 57 bits virtual Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: GenuineIntel BIOS Vendor ID: Alibaba Cloud Model name: Intel(R) Xeon(R) Platinum 8475B BIOS Model name: pc-q35-df-2.1 CPU @ 0.0GHz BIOS CPU family: 1 CPU family: 6 Model: 143 Thread(s) per core: 2 Core(s) per socket: 2 Socket(s): 1 Stepping: 8 CPU(s) scaling MHz: 83% CPU max MHz: 3800.0000 CPU min MHz: 800.0000 BogoMIPS: 5400.00 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cp uid aperfmperf tsc_known_freq pni pclmulqdq monitor ssse3 fma cx16 pdcm pcid sse4_1 sse4_2 x 2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_faul t ibrs_enhanced fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512d q rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsav ec xgetbv1 xsaves avx_vnni avx512_bf16 wbnoinvd ida arat hwp hwp_notify hwp_act_window hwp_e pp hwp_pkg_req avx512vbmi umip pku ospke waitpkg avx512_vbmi2 gfni vaes vpclmulqdq avx512_vn ni avx512_bitalg avx512_vpopcntdq rdpid bus_lock_detect cldemote movdiri movdir64b enqcmd fs rm md_clear serialize tsxldtrk amx_bf16 avx512_fp16 amx_tile amx_int8 arch_capabilities Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 96 KiB (2 instances) L1i: 64 KiB (2 instances) L2: 4 MiB (2 instances) L3: 97.5 MiB (1 instance) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Gather data sampling: Not affected Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Unknown: No mitigations Reg file data sampling: Not affected Retbleed: Not affected Spec rstack overflow: Not affected Spec store bypass: Vulnerable Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Spectre v2: Mitigation; Enhanced / Automatic IBRS, RSB filling, PBRSB-eIBRS SW sequence Srbds: Not affected Tsx async abort: Not affected
进行了一个系统调用判断来SKIP了这个case,需要开发确认是否支持该功能 #define ARCH_PRCTL(arg1, arg2) \ ({ \ long _ret; \ register long _num asm("eax") = __NR_arch_prctl; \ register long _arg1 asm("rdi") = (long)(arg1); \ register long _arg2 asm("rsi") = (long)(arg2); \ \ asm volatile ( \ "syscall\n" \ : "=a"(_ret) \ : "r"(_arg1), "r"(_arg2), \ "0"(_num) \ : "rcx", "r11", "memory", "cc" \ ); \ _ret; \ })
# CONFIG_X86_USER_SHADOW_STACK is not set 在我们的内核中,user shadow stack并没有打开,所以用户态的测试程序没有办法enable shadow stack。这是符合预期的
这是防止用户态ROP攻击的安全开关,没有必要打开开关,维持现状,won't fix