From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 64DB820E6; Wed, 20 Aug 2025 22:30:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755729035; cv=none; b=Ad+ECnwNKvczcnwQ6oemJDpu+LWsyFuy4kTE0bccZfMrA903A3+2VK35iIlz7DFGNhCaRbKAGXVqG/MHsWz8NhiofAEG0ARtK8i4QD69NrhRRmfdidh+N/hWX9PQQ2Ph7/LXyMIXevffIslAxY2McMgoWBnUf32mzPkYZGyZ47A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755729035; c=relaxed/simple; bh=tGAdZc0KS9L/r5jqwEnengTd6HhtdTELMF/rxwYJ2II=; h=Date:Message-ID:From:To:Cc:Subject:In-Reply-To:References: MIME-Version:Content-Type; b=AwEAZn4yzanK5oJb6hMcib9lK9cwp1C//Mv9ZRRW62H1NeKfLt5hy6t5QtwSOsOMP/perzp3vVBrowOGu+8T/Doa3XhbhlRi/WvRjW5A8G2uC2Zd+uFoPZWarq363DdMl5f5fJl6VgG/uR/DSzXCsnweFEMkDTOaqo8g7QhD/3o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sNgPr9Tb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sNgPr9Tb" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC465C4CEE7; Wed, 20 Aug 2025 22:30:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1755729034; bh=tGAdZc0KS9L/r5jqwEnengTd6HhtdTELMF/rxwYJ2II=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=sNgPr9TbvOuO5FT4aQkcoymboru/M7IsHTWgI1aK4LDgWZI7NitjiK0FrvWzFfN+X Zg0OdRE3DHIXKd70iaf+hy4nUl1Kh+sN8EljRSxUT8AVWLfPaMVYG71L5XQSw2GOII LTGTzaJVN7NBgbltGqtdI1VGJIjAA3Kuzv0pHVtn1DPXYVgDl6eAKWMR/mA+znrCMK 6udb3AAC0WS3qlNA//gTe/b0e1xoRc3M+ebRSa3LrX3ZQxDaOsX2rskr/QJKxwdUci uxKvytdKrGAdCzX+MpLbOZys9fgWsVuiKZQbX5ZLuDFsLJG41k/yOPVOxxJiMJDAP9 0ct0cxFuydFFw== Received: from host86-149-246-145.range86-149.btcentralplus.com ([86.149.246.145] helo=lobster-girl.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uorKC-009WCr-U7; Wed, 20 Aug 2025 23:30:33 +0100 Date: Wed, 20 Aug 2025 23:30:31 +0100 Message-ID: <87frdlk4mw.wl-maz@kernel.org> From: Marc Zyngier To: Mark Brown Cc: Catalin Marinas , Will Deacon , Oliver Upton , Joey Gouly , Suzuki K Poulose , Shuah Khan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Thiago Jung Bauermann Subject: Re: [PATCH v15 0/6] KVM: arm64: Provide guest support for GCS In-Reply-To: <20250820-arm64-gcs-v15-0-5e334da18b84@kernel.org> References: <20250820-arm64-gcs-v15-0-5e334da18b84@kernel.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/30.1 (aarch64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 86.149.246.145 X-SA-Exim-Rcpt-To: broonie@kernel.org, catalin.marinas@arm.com, will@kernel.org, oliver.upton@linux.dev, joey.gouly@arm.com, suzuki.poulose@arm.com, shuah@kernel.org, linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, thiago.bauermann@linaro.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false On Wed, 20 Aug 2025 15:14:40 +0100, Mark Brown wrote: > > The arm64 Guarded Control Stack (GCS) feature provides support for > hardware protected stacks of return addresses, intended to provide > hardening against return oriented programming (ROP) attacks and to make > it easier to gather call stacks for applications such as profiling. > > When GCS is active a secondary stack called the Guarded Control Stack is > maintained, protected with a memory attribute which means that it can > only be written with specific GCS operations. The current GCS pointer > can not be directly written to by userspace. When a BL is executed the > value stored in LR is also pushed onto the GCS, and when a RET is > executed the top of the GCS is popped and compared to LR with a fault > being raised if the values do not match. GCS operations may only be > performed on GCS pages, a data abort is generated if they are not. > > The combination of hardware enforcement and lack of extra instructions > in the function entry and exit paths should result in something which > has less overhead and is more difficult to attack than a purely software > implementation like clang's shadow stacks. > > This series implements support for managing GCS for KVM guests, it also > includes a fix for S1PIE which has also been sent separately as this > feature is a dependency for GCS. It is based on: > > https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/gcs > Is this cover letter accurate? I don't see any PIE-related patch, and you indicate this being rebased on 6.17-rc1... M. -- Jazz isn't dead. It just smells funny.