Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Wed, 9 Sep 2020 15:59:27 -0700
Cc: Dave Martin <Dave.Martin@xxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, "open list:DOCUMENTATION" <linux-doc@xxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Vedvyas Shanbhogue <vedvyas.shanbhogue@xxxxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>
In-reply-to: <5979c58d-a6e3-d14d-df92-72cdeb97298d@intel.com>
Ironport-sdr: uE6UyTtjPlOTBHpRRpnnfsLptG/Wlg1QLfAeK2lBlBLqo4Bs4Toy5o7wJ9do7Mc3XUgu38dm8l G2GD1PGR4L0g==
Ironport-sdr: XtF3ZCQI1jGEeDh1Sr0MERUVxn9OShpOumA+mYvfBRdvTH4fu8xlHlf8EXWt/8kOayqGjNLSoM OWC99aDoyUlw==
References: <086c73d8-9b06-f074-e315-9964eb666db9@intel.com> <73c2211f-8811-2d9f-1930-1c5035e6129c@intel.com> <af258a0e-56e9-3747-f765-dfe45ce76bba@intel.com> <ef7f9e24-f952-d78c-373e-85435f742688@intel.com> <20200826164604.GW6642@arm.com> <87ft892vvf.fsf@oldenburg2.str.redhat.com> <CALCETrVeNA0Kt2rW0CRCVo1JE0CKaBxu9KrJiyqUA8LPraY=7g@mail.gmail.com> <0e9996bc-4c1b-cc99-9616-c721b546f857@intel.com> <4f2dfefc-b55e-bf73-f254-7d95f9c67e5c@intel.com> <CAMe9rOqt9kbqERC8U1+K-LiDyNYuuuz3TX++DChrRJwr5ajt6Q@mail.gmail.com> <20200901102758.GY6642@arm.com> <c91bbad8-9e45-724b-4526-fe3674310c57@intel.com> <CALCETrWJQgtO_tP1pEaDYYsFgkZ=fOxhyTRE50THcxYoHyTTwg@mail.gmail.com> <32005d57-e51a-7c7f-4e86-612c2ff067f3@intel.com> <46dffdfd-92f8-0f05-6164-945f217b0958@intel.com> <ed929729-4677-3d3b-6bfd-b379af9272b8@intel.com> <6e1e22a5-1b7f-2783-351e-c8ed2d4893b8@intel.com> <5979c58d-a6e3-d14d-df92-72cdeb97298d@intel.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 9/9/20 3:08 PM, Yu, Yu-cheng wrote:
> After looking at this more, I found the changes are more similar to
> mprotect() than madvise().  We are going to change an anonymous mapping
> to a read-only mapping, and add the VM_SHSTK flag to it.  Would an
> x86-specific mprotect(PROT_SHSTK) make more sense?
> 
> One alternative would be requiring a read-only mapping for
> madvise(MADV_SHSTK).  But that is inconvenient for the application.

Why?  It's just:

	mmap()/malloc();
	mprotect(PROT_READ);
	madvise(MADV_SHSTK);

vs.

	mmap()/malloc();
	mprotect(PROT_SHSTK);

I'm not sure a single syscall counts as inconvenient.

I don't quite think we should use a PROT_ bit for this.  It seems like
the kind of thing that could be fragile and break existing expectations.
 I don't care _that_ strongly though.

Follow-Ups:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng

References:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Martin
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Florian Weimer
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: H.J. Lu
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Martin
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng

Prev by Date: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by Date: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Previous by thread: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by thread: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]