From: Yury Khrustalev <yury.khrustalev@arm.com>
To: Mark Brown <broonie@kernel.org>
Cc: "Rick P. Edgecombe" <rick.p.edgecombe@intel.com>,
Deepak Gupta <debug@rivosinc.com>,
Szabolcs Nagy <Szabolcs.Nagy@arm.com>,
"H.J. Lu" <hjl.tools@gmail.com>,
Florian Weimer <fweimer@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>, <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
"Juri Lelli" <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
Valentin Schneider <vschneid@redhat.com>,
"Christian Brauner" <brauner@kernel.org>,
Shuah Khan <shuah@kernel.org>, <linux-kernel@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, <jannh@google.com>,
Wilco Dijkstra <wilco.dijkstra@arm.com>,
<linux-kselftest@vger.kernel.org>, <linux-api@vger.kernel.org>,
Kees Cook <kees@kernel.org>,
Shuah Khan <skhan@linuxfoundation.org>
Subject: Re: [PATCH RFT v11 0/8] fork: Support shadow stacks in clone3()
Date: Wed, 30 Oct 2024 14:41:02 +0000 [thread overview]
Message-ID: <ZyJFfngdWBXidczc@arm.com> (raw)
In-Reply-To: <9843cdfb-6cc6-40b1-94b3-768c48351945@sirena.org.uk>
On Wed, Oct 30, 2024 at 02:08:59PM +0000, Mark Brown wrote:
> On Sat, Oct 05, 2024 at 11:31:27AM +0100, Mark Brown wrote:
> > The kernel has recently added support for shadow stacks, currently
> > x86 only using their CET feature but both arm64 and RISC-V have
> > equivalent features (GCS and Zicfiss respectively), I am actively
> > working on GCS[1]. With shadow stacks the hardware maintains an
> > additional stack containing only the return addresses for branch
> > instructions which is not generally writeable by userspace and ensures
> > that any returns are to the recorded addresses. This provides some
> > protection against ROP attacks and making it easier to collect call
> > stacks. These shadow stacks are allocated in the address space of the
> > userspace process.
>
> Does anyone have any thoughts on this? I reworked things to specify the
> address for the shadow stack pointer rather than the extent of the stack
> as Rick and Yuri suggested, otherwise the only change from the prior
> version was rebasing onto the arm64 GCS support since that's queued in
> -next. I think the only substantial question is picking the ABI for
> specifying the shadow stack.
I will need more time to review this as both my primary and shadow stacks
are full with other work. At a glance, I cannot offer any informed opinion
for choosing ABI atm. Apologies for the delay.
Kind regards,
Yury
prev parent reply other threads:[~2024-10-30 14:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-05 10:31 [PATCH RFT v11 0/8] fork: Support shadow stacks in clone3() Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 1/8] arm64/gcs: Return a success value from gcs_alloc_thread_stack() Mark Brown
2024-10-30 21:11 ` Deepak Gupta
2024-10-05 10:31 ` [PATCH RFT v11 2/8] Documentation: userspace-api: Add shadow stack API documentation Mark Brown
2024-10-30 21:42 ` Deepak Gupta
2024-10-05 10:31 ` [PATCH RFT v11 3/8] selftests: Provide helper header for shadow stack testing Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 4/8] fork: Add shadow stack support to clone3() Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 5/8] selftests/clone3: Remove redundant flushes of output streams Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 6/8] selftests/clone3: Factor more of main loop into test_clone3() Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 7/8] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code Mark Brown
2024-10-05 10:31 ` [PATCH RFT v11 8/8] selftests/clone3: Test shadow stack support Mark Brown
2024-10-30 14:08 ` [PATCH RFT v11 0/8] fork: Support shadow stacks in clone3() Mark Brown
2024-10-30 14:41 ` Yury Khrustalev [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyJFfngdWBXidczc@arm.com \
--to=yury.khrustalev@arm.com \
--cc=Szabolcs.Nagy@arm.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=broonie@kernel.org \
--cc=bsegall@google.com \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=debug@rivosinc.com \
--cc=dietmar.eggemann@arm.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=juri.lelli@redhat.com \
--cc=kees@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=tglx@linutronix.de \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=wilco.dijkstra@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.