Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andy Lutomirski <luto@xxxxxxxxxx>
Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Mon, 14 Sep 2020 14:14:34 -0700
Cc: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>, Dave Martin <Dave.Martin@xxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, "open list:DOCUMENTATION" <linux-doc@xxxxxxxxxxxxxxx>, Linux-MM <linux-mm@xxxxxxxxx>, linux-arch <linux-arch@xxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Vedvyas Shanbhogue <vedvyas.shanbhogue@xxxxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>
In-reply-to: <CALCETrX5qJAZBe9sHL6+HFvre-bbo+us1==q9KHNCyRrzaUsjw@mail.gmail.com>
References: <086c73d8-9b06-f074-e315-9964eb666db9@intel.com> <4f2dfefc-b55e-bf73-f254-7d95f9c67e5c@intel.com> <CAMe9rOqt9kbqERC8U1+K-LiDyNYuuuz3TX++DChrRJwr5ajt6Q@mail.gmail.com> <20200901102758.GY6642@arm.com> <c91bbad8-9e45-724b-4526-fe3674310c57@intel.com> <CALCETrWJQgtO_tP1pEaDYYsFgkZ=fOxhyTRE50THcxYoHyTTwg@mail.gmail.com> <32005d57-e51a-7c7f-4e86-612c2ff067f3@intel.com> <46dffdfd-92f8-0f05-6164-945f217b0958@intel.com> <ed929729-4677-3d3b-6bfd-b379af9272b8@intel.com> <6e1e22a5-1b7f-2783-351e-c8ed2d4893b8@intel.com> <5979c58d-a6e3-d14d-df92-72cdeb97298d@intel.com> <ab1a3344-60f4-9b9d-81d4-e6538fdcafcf@intel.com> <08c91835-8486-9da5-a7d1-75e716fc5d36@intel.com> <a881837d-c844-30e8-a614-8b92be814ef6@intel.com> <cbec8861-8722-ec31-2c02-1cfed20255eb@intel.com> <b3379d26-d8a7-deb7-59f1-c994bb297dcb@intel.com> <a1efc4330a3beff10671949eddbba96f8cde96da.camel@intel.com> <41aa5e8f-ad88-2934-6d10-6a78fcbe019b@intel.com> <CALCETrX5qJAZBe9sHL6+HFvre-bbo+us1==q9KHNCyRrzaUsjw@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 9/14/20 11:31 AM, Andy Lutomirski wrote:
> No matter what we do, the effects of calling vfork() are going to be a
> bit odd with SHSTK enabled.  I suppose we could disallow this, but
> that seems likely to cause its own issues.

What's odd about it?  If you're a vfork()'d child, you can't touch the
stack at all, right?  If you do, you or your parent will probably die a
horrible death.

The extra shadow stacks sanity checks means we'll probably see shadow
stack exceptions instead of the slightly more chaotic death without them.

Follow-Ups:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski

References:
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: H.J. Lu
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Martin
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu, Yu-cheng
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Yu-cheng Yu
- Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Dave Hansen
- Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
  - From: Andy Lutomirski

Prev by Date: Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by Date: Re: [patch 05/13] mm/pagemap: Clenaup PREEMPT_COUNT leftovers
Previous by thread: Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Next by thread: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]