Google Git
Sign in
android / kernel / common / refs/heads/android15-6.6-desktop
commit63713dbd96e56312b837413d5873aacf04cc5fdc[log] [tgz]
authorSlawomir Rosek <[email protected]>Thu Nov 21 11:18:28 2024 +0000
committerSlawomir Rosek <[email protected]>Mon Jan 27 08:09:10 2025 +0000
treef5d4e923c06bc7d3bf4bbb3c8bc7e6d48dc30616
parent78992c81d937e9a7935af01d98a1843dc212bae3 [diff]
ANDROID: GKI: x86: Enable X86 userspace shadow stack

Shadow stack protection is a hardware feature that detects function
return address corruption. This helps mitigate ROP attacks.
Applications must be enabled to use it, and old userspace does not
get protection "for free".

A shadow stack is a secondary stack allocated from memory which cannot
be directly modified by applications. When executing a CALL instruction,
the processor pushes the return address to both the normal stack and the
shadow stack. Upon function return, the processor pops the shadow stack
copy and compares it to the normal stack copy. If the two differ,
the processor raises a control-protection fault.

NOTE: It is safe to enable this security feature since it doeas not
      change anything by itself. It's not active unless additional
      consitions are met [1] and can be explicitly disabled at runtime
      via kernel boot args [2].

[1] To use userspace shadow stack you need HW that supports it, a kernel
    configured with it and userspace libraries compiled with it.

[2] The kernel Kconfig option is X86_USER_SHADOW_STACK. When compiled in,
    shadow stacks can be disabled at runtime with the kernel parameter:
    nousershstk.

At run time, /proc/cpuinfo shows CET features if the processor supports
CET. "user_shstk" means that userspace shadow stack is supported on the
current kernel and HW.

NOTE: The x86 ABI is under construction and it is expected to have
incompatible updates on the android15-6.6-desktop branch.

Bug: 348039184
Change-Id: Ie8ef5cd410b7a1661947f3c675181cccd107e24b
Signed-off-by: Slawomir Rosek <[email protected]>
3 files changed
tree: f5d4e923c06bc7d3bf4bbb3c8bc7e6d48dc30616
  1. android/
  2. arch/
  3. block/
  4. certs/
  5. chromeos/
  6. crypto/
  7. Documentation/
  8. drivers/
  9. fs/
  10. include/
  11. init/
  12. io_uring/
  13. ipc/
  14. kernel/
  15. lib/
  16. LICENSES/
  17. mm/
  18. net/
  19. rust/
  20. samples/
  21. scripts/
  22. security/
  23. sound/
  24. tools/
  25. usr/
  26. virt/
  27. .clang-format
  28. .cocciconfig
  29. .get_maintainer.ignore
  30. .gitattributes
  31. .gitignore
  32. .mailmap
  33. .rustfmt.toml
  34. abi.bzl
  35. build-kernel.sh
  36. BUILD.bazel
  37. build.config.aarch64
  38. build.config.allmodconfig
  39. build.config.allmodconfig.aarch64
  40. build.config.allmodconfig.arm
  41. build.config.allmodconfig.x86_64
  42. build.config.amlogic
  43. build.config.arm
  44. build.config.common
  45. build.config.constants
  46. build.config.crashdump
  47. build.config.crashdump.aarch64
  48. build.config.crashdump.x86_64
  49. build.config.db845c
  50. build.config.gki
  51. build.config.gki.aarch64
  52. build.config.gki.aarch64.fips140
  53. build.config.gki.x86_64
  54. build.config.gki_kasan
  55. build.config.gki_kasan.aarch64
  56. build.config.gki_kasan.x86_64
  57. build.config.gki_kprobes
  58. build.config.gki_kprobes.aarch64
  59. build.config.gki_kprobes.x86_64
  60. build.config.khwasan
  61. build.config.kunit.aarch64
  62. build.config.kunit.x86_64
  63. build.config.microdroid
  64. build.config.microdroid.aarch64
  65. build.config.microdroid.x86_64
  66. build.config.rockpi4
  67. build.config.x86_64
  68. COPYING
  69. CPPLINT.cfg
  70. CREDITS
  71. DIR_METADATA
  72. Kbuild
  73. Kconfig
  74. Kconfig.ext
  75. MAINTAINERS
  76. Makefile
  77. modules.bzl
  78. OWNERS
  79. PRESUBMIT.cfg
  80. README
  81. README.md
  82. unblocked_terms.txt
README.md

How do I submit patches to Android Common Kernels

  1. BEST: Make all of your changes to upstream Linux. If appropriate, backport to the stable releases. These patches will be merged automatically in the corresponding common kernels. If the patch is already in upstream Linux, post a backport of the patch that conforms to the patch requirements below.

    • Do not send patches upstream that contain only symbol exports. To be considered for upstream Linux, additions of EXPORT_SYMBOL_GPL() require an in-tree modular driver that uses the symbol -- so include the new driver or changes to an existing driver in the same patchset as the export.
    • When sending patches upstream, the commit message must contain a clear case for why the patch is needed and beneficial to the community. Enabling out-of-tree drivers or functionality is not a persuasive case.

  2. LESS GOOD: Develop your patches out-of-tree (from an upstream Linux point-of-view). Unless these are fixing an Android-specific bug, these are very unlikely to be accepted unless they have been coordinated with [email protected]. If you want to proceed, post a patch that conforms to the patch requirements below.

Common Kernel patch requirements

  • All patches must conform to the Linux kernel coding standards and pass scripts/checkpatch.pl
  • Patches shall not break gki_defconfig or allmodconfig builds for arm, arm64, x86, x86_64 architectures (see https://source.android.com/setup/build/building-kernels)
  • If the patch is not merged from an upstream branch, the subject must be tagged with the type of patch: UPSTREAM:, BACKPORT:, FROMGIT:, FROMLIST:, or ANDROID:.
  • All patches must have a Change-Id: tag (see https://gerrit-review.googlesource.com/Documentation/user-changeid.html)
  • If an Android bug has been assigned, there must be a Bug: tag.
  • All patches must have a Signed-off-by: tag by the author and the submitter

Additional requirements are listed below based on patch type

Requirements for backports from mainline Linux: UPSTREAM:, BACKPORT:

  • If the patch is a cherry-pick from Linux mainline with no changes at all
    • tag the patch subject with UPSTREAM:.
    • add upstream commit information with a (cherry picked from commit ...) line
    • Example:
      • if the upstream commit message is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>
  • then Joe Smith would upload the patch for the common kernel as
        UPSTREAM: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        Signed-off-by: Joe Smith <[email protected]>
  • If the patch requires any changes from the upstream version, tag the patch with BACKPORT: instead of UPSTREAM:.
    • use the same tags as UPSTREAM:
    • add comments about the changes under the (cherry picked from commit ...) line
    • Example:
        BACKPORT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>

        Bug: 135791357
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1)
        [joe: Resolved minor conflict in drivers/foo/bar.c ]
        Signed-off-by: Joe Smith <[email protected]>

Requirements for other backports: FROMGIT:, FROMLIST:,

  • If the patch has been merged into an upstream maintainer tree, but has not yet been merged into Linux mainline
    • tag the patch subject with FROMGIT:
    • add info on where the patch came from as (cherry picked from commit <sha1> <repo> <branch>). This must be a stable maintainer branch (not rebased, so don't use linux-next for example).
    • if changes were required, use BACKPORT: FROMGIT:
    • Example:
      • if the commit message in the maintainer tree is
        important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>
  • then Joe Smith would upload the patch for the common kernel as
        FROMGIT: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>

        Bug: 135791357
        (cherry picked from commit 878a2fd9de10b03d11d2f622250285c7e63deace
         https://git.kernel.org/pub/scm/linux/kernel/git/foo/bar.git test-branch)
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <[email protected]>
  • If the patch has been submitted to LKML, but not accepted into any maintainer tree
    • tag the patch subject with FROMLIST:
    • add a Link: tag with a link to the submittal on lore.kernel.org
    • add a Bug: tag with the Android bug (required for patches not accepted into a maintainer tree)
    • if changes were required, use BACKPORT: FROMLIST:
    • Example:
        FROMLIST: important patch from upstream

        This is the detailed description of the important patch

        Signed-off-by: Fred Jones <[email protected]>

        Bug: 135791357
        Link: https://lore.kernel.org/lkml/[email protected]/
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <[email protected]>

Requirements for Android-specific patches: ANDROID:

  • If the patch is fixing a bug to Android-specific code
    • tag the patch subject with ANDROID:
    • add a Fixes: tag that cites the patch with the bug
    • Example:
        ANDROID: fix android-specific bug in foobar.c

        This is the detailed description of the important fix

        Fixes: 1234abcd2468 ("foobar: add cool feature")
        Change-Id: I4caaaa566ea080fa148c5e768bb1a0b6f7201c01
        Signed-off-by: Joe Smith <[email protected]>
  • If the patch is a new feature
    • tag the patch subject with ANDROID:
    • add a Bug: tag with the Android bug (required for android-specific features)