From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "dietmar.eggemann@arm.com" <dietmar.eggemann@arm.com>,
"broonie@kernel.org" <broonie@kernel.org>,
"Szabolcs.Nagy@arm.com" <Szabolcs.Nagy@arm.com>,
"brauner@kernel.org" <brauner@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"debug@rivosinc.com" <debug@rivosinc.com>,
"mgorman@suse.de" <mgorman@suse.de>,
"vincent.guittot@linaro.org" <vincent.guittot@linaro.org>,
"fweimer@redhat.com" <fweimer@redhat.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"rostedt@goodmis.org" <rostedt@goodmis.org>,
"hjl.tools@gmail.com" <hjl.tools@gmail.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"vschneid@redhat.com" <vschneid@redhat.com>,
"shuah@kernel.org" <shuah@kernel.org>,
"bristot@redhat.com" <bristot@redhat.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"bp@alien8.de" <bp@alien8.de>,
"bsegall@google.com" <bsegall@google.com>,
"x86@kernel.org" <x86@kernel.org>,
"juri.lelli@redhat.com" <juri.lelli@redhat.com>
Cc: "keescook@chromium.org" <keescook@chromium.org>,
"jannh@google.com" <jannh@google.com>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
"will@kernel.org" <will@kernel.org>
Subject: Re: [PATCH RFT v5 4/7] fork: Add shadow stack support to clone3()
Date: Fri, 9 Feb 2024 20:18:11 +0000 [thread overview]
Message-ID: <565ca9697cf26be5509ef4b3c1cc95fa4f692b9f.camel@intel.com> (raw)
In-Reply-To: <20240203-clone3-shadow-stack-v5-4-322c69598e4b@kernel.org>
On Sat, 2024-02-03 at 00:05 +0000, Mark Brown wrote:
> +static bool shstk_consume_token(struct task_struct *tsk,
> + unsigned long addr)
> +{
> + /*
> + * SSP is aligned, so reserved bits and mode bit are a zero,
> just mark
> + * the token 64-bit.
> + */
> + u64 expected = (addr - SS_FRAME_SIZE) | BIT(0);
> + u64 val;
> +
> + /* This should really be an atomic cpmxchg. It is not. */
> + __get_user(val, (__user u64 *)addr);
> + if (val != expected)
> + return false;
> +
> + if (write_user_shstk_64((u64 __user *)addr, 0))
> + return false;
> +
> + return true;
> +}
So, don't we want to consume the token on the *new* task's MM, which
was already duplicated but still unmapped? In which case I think the
other arch's would need to GUP regardless of the existence of shadow
stack atomic ops.
If so, my question is, can we GUP on the new MM at this point? There is
a lot going in copy_process(). My first suspicion of complication is
the work on the child that happens in cgroup_post_fork().
I wonder about adding a shstk_post_fork() to make it easier to think
about and maintain, even if there are no issues today.
next prev parent reply other threads:[~2024-02-09 20:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-03 0:04 [PATCH RFT v5 0/7] fork: Support shadow stacks in clone3() Mark Brown
2024-02-03 0:04 ` [PATCH RFT v5 1/7] Documentation: userspace-api: Add shadow stack API documentation Mark Brown
2024-02-04 1:33 ` Randy Dunlap
2024-02-15 4:08 ` Deepak Gupta
2024-02-03 0:04 ` [PATCH RFT v5 2/7] selftests: Provide helper header for shadow stack testing Mark Brown
2024-02-09 20:24 ` Edgecombe, Rick P
2024-02-03 0:04 ` [PATCH RFT v5 3/7] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Mark Brown
2024-02-09 20:21 ` Edgecombe, Rick P
2024-02-15 4:14 ` Deepak Gupta
2024-02-03 0:05 ` [PATCH RFT v5 4/7] fork: Add shadow stack support to clone3() Mark Brown
2024-02-09 20:18 ` Edgecombe, Rick P [this message]
2024-02-10 0:55 ` Edgecombe, Rick P
2024-02-12 15:38 ` Mark Brown
2024-02-10 0:56 ` Edgecombe, Rick P
2024-02-03 0:05 ` [PATCH RFT v5 5/7] selftests/clone3: Factor more of main loop into test_clone3() Mark Brown
2024-02-03 0:05 ` [PATCH RFT v5 6/7] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code Mark Brown
2024-02-03 0:05 ` [PATCH RFT v5 7/7] selftests/clone3: Test shadow stack support Mark Brown
2024-02-09 20:18 ` [PATCH RFT v5 0/7] fork: Support shadow stacks in clone3() Edgecombe, Rick P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=565ca9697cf26be5509ef4b3c1cc95fa4f692b9f.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=Szabolcs.Nagy@arm.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=bristot@redhat.com \
--cc=broonie@kernel.org \
--cc=bsegall@google.com \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=debug@rivosinc.com \
--cc=dietmar.eggemann@arm.com \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mgorman@suse.de \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox