public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Yury Khrustalev <yury.khrustalev@arm.com>
To: Christian Brauner <brauner@kernel.org>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
	Florian Weimer <fweimer@redhat.com>,
	"broonie@kernel.org" <broonie@kernel.org>,
	"dietmar.eggemann@arm.com" <dietmar.eggemann@arm.com>,
	"shuah@kernel.org" <shuah@kernel.org>,
	"Szabolcs.Nagy@arm.com" <Szabolcs.Nagy@arm.com>,
	"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
	"debug@rivosinc.com" <debug@rivosinc.com>,
	"mgorman@suse.de" <mgorman@suse.de>,
	"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
	"vincent.guittot@linaro.org" <vincent.guittot@linaro.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"mingo@redhat.com" <mingo@redhat.com>,
	"rostedt@goodmis.org" <rostedt@goodmis.org>,
	"hjl.tools@gmail.com" <hjl.tools@gmail.com>,
	"tglx@linutronix.de" <tglx@linutronix.de>,
	"vschneid@redhat.com" <vschneid@redhat.com>,
	"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
	"kees@kernel.org" <kees@kernel.org>,
	"will@kernel.org" <will@kernel.org>,
	"hpa@zytor.com" <hpa@zytor.com>,
	"jannh@google.com" <jannh@google.com>,
	"peterz@infradead.org" <peterz@infradead.org>,
	"bp@alien8.de" <bp@alien8.de>,
	"wilco.dijkstra@arm.com" <wilco.dijkstra@arm.com>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	"bsegall@google.com" <bsegall@google.com>,
	"juri.lelli@redhat.com" <juri.lelli@redhat.com>,
	"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH RFT v9 4/8] fork: Add shadow stack support to clone3()
Date: Thu, 3 Oct 2024 17:05:17 +0100	[thread overview]
Message-ID: <Zv7AvSvcilHV1kSs@arm.com> (raw)
In-Reply-To: <20241001-atheismus-stetig-4f6f3001715c@brauner>

On Tue, Oct 01, 2024 at 05:12:38PM +0200, Christian Brauner wrote:
> > Thanks for the info!
> > 
> > > 
> > > My preference is to keep the api consistent and require a stack_size for
> > > shadow stacks as well.
> > 
> > Did you catch that a token can be at a different offsets location on the stack
> > depending on args passed to map_shadow_stack? So userspace will need something
> > like the code above, but that adjusts the 'shadow_stack_size' such that the
> > kernel looks for the token in the right place. It will be even weirder if
> > someone uses clone3 to switch to a stack that has already been used, and pivoted
> > off of, such that a token was left in the middle of the stack. In that case
> > userspace would have to come up with args disconnected from the actual size of
> > the shadow stack such that the kernel would be cajoled into looking for the
> > token in the right place.
> > 
> > A shadow stack size is more symmetric on the surface, but I'm not sure it will
> > be easier for userspace to handle. So I think we should just have a pointer to
> > the token. But it will be a usable implementation either way.
> 
> Maybe it's best to let glibc folks decide what is better/more ergonomic for them.

I agree that it would be better to just have a pointer to the token.

My preference would be to avoid having obscure additional arguments that may end up
having misleading name or bear some hidden functionality. If kernel is not going to
use stack size as such, then users should not have to provide it.

Thanks,
Yury

PS Apologies for delayed reply


  parent reply	other threads:[~2024-10-03 16:05 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-19 19:24 [PATCH RFT v9 0/8] fork: Support shadow stacks in clone3() Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 1/8] Documentation: userspace-api: Add shadow stack API documentation Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 2/8] selftests: Provide helper header for shadow stack testing Mark Brown
2024-08-20 21:36   ` Edgecombe, Rick P
2024-08-19 19:24 ` [PATCH RFT v9 3/8] mm: Introduce ARCH_HAS_USER_SHADOW_STACK Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 4/8] fork: Add shadow stack support to clone3() Mark Brown
2024-08-20 21:36   ` Edgecombe, Rick P
2024-08-20 23:34     ` Mark Brown
2024-08-20 23:57       ` Edgecombe, Rick P
2024-08-21  0:19         ` Mark Brown
2024-08-21  1:45           ` Edgecombe, Rick P
2024-08-21 12:45             ` Mark Brown
2024-08-21 15:54               ` Edgecombe, Rick P
2024-08-21 17:23                 ` Mark Brown
2024-08-21 18:05                   ` Catalin Marinas
2024-09-27  8:50                   ` Christian Brauner
2024-09-27 15:21                     ` Edgecombe, Rick P
2024-10-01 15:12                       ` Christian Brauner
2024-10-01 17:33                         ` Mark Brown
2024-10-01 23:03                           ` Edgecombe, Rick P
2024-10-02 13:42                             ` Mark Brown
2024-10-02 21:01                               ` Mark Brown
2024-10-02 21:25                                 ` Edgecombe, Rick P
2024-10-03 16:05                         ` Yury Khrustalev [this message]
2024-08-19 19:24 ` [PATCH RFT v9 5/8] selftests/clone3: Remove redundant flushes of output streams Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 6/8] selftests/clone3: Factor more of main loop into test_clone3() Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 7/8] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code Mark Brown
2024-08-19 19:24 ` [PATCH RFT v9 8/8] selftests/clone3: Test shadow stack support Mark Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zv7AvSvcilHV1kSs@arm.com \
    --to=yury.khrustalev@arm.com \
    --cc=Szabolcs.Nagy@arm.com \
    --cc=bp@alien8.de \
    --cc=brauner@kernel.org \
    --cc=broonie@kernel.org \
    --cc=bsegall@google.com \
    --cc=catalin.marinas@arm.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=debug@rivosinc.com \
    --cc=dietmar.eggemann@arm.com \
    --cc=fweimer@redhat.com \
    --cc=hjl.tools@gmail.com \
    --cc=hpa@zytor.com \
    --cc=jannh@google.com \
    --cc=juri.lelli@redhat.com \
    --cc=kees@kernel.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=mgorman@suse.de \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=rick.p.edgecombe@intel.com \
    --cc=rostedt@goodmis.org \
    --cc=shuah@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=vincent.guittot@linaro.org \
    --cc=vschneid@redhat.com \
    --cc=wilco.dijkstra@arm.com \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox