Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
Subject: Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
From: Florian Weimer <fweimer@xxxxxxxxxx>
Date: Mon, 10 Oct 2022 14:33:30 +0200
Cc: Kees Cook <keescook@xxxxxxxxxxxx>, Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "H . Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, Arnd Bergmann <arnd@xxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V . Shankar" <ravi.v.shankar@xxxxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, "joao.moreira@xxxxxxxxx" <joao.moreira@xxxxxxxxx>, John Allen <john.allen@xxxxxxx>, "kcc@xxxxxxxxxx" <kcc@xxxxxxxxxx>, "eranian@xxxxxxxxxx" <eranian@xxxxxxxxxx>, "rppt@xxxxxxxxxx" <rppt@xxxxxxxxxx>, "jamorris@xxxxxxxxxxxxxxxxxxx" <jamorris@xxxxxxxxxxxxxxxxxxx>, "dethoma@xxxxxxxxxxxxx" <dethoma@xxxxxxxxxxxxx>, Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
In-reply-to: <37ef8d93-8bd2-ae5e-4508-9be090231d06@citrix.com> (Andrew Cooper's message of "Wed, 5 Oct 2022 02:30:56 +0000")
References: <20220929222936.14584-1-rick.p.edgecombe@intel.com> <20220929222936.14584-19-rick.p.edgecombe@intel.com> <202210031127.C6CF796@keescook> <37ef8d93-8bd2-ae5e-4508-9be090231d06@citrix.com>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

* Andrew Cooper:

> You don't actually need a hole to create a guard.  Any mapping of type
> != shstk will do.
>
> If you've got a load of threads, you can tightly pack stack / shstk /
> stack / shstk with no holes, and they each act as each other guard pages.

Can userspace read the shadow stack directly?  Writing is obviously
blocked, but reading?

GCC's stack-clash probing uses OR instructions, so it would be fine with
a readable mapping.  POSIX does not appear to require PROT_NONE mappings
for the stack guard region, either.  However, the
pthread_attr_setguardsize manual page pretty clearly says that it's got
to be unreadable and unwriteable.  Hence my question.

Thanks,
Florian

Follow-Ups:
- Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
  - From: Andrew Cooper

References:
- [PATCH v2 00/39] Shadowstacks for userspace
  - From: Rick Edgecombe
- [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
  - From: Rick Edgecombe
- Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
  - From: Kees Cook
- Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
  - From: Andrew Cooper

Prev by Date: Re: [PATCH v2 01/39] Documentation/x86: Add CET description
Next by Date: Re: [RESEND PATCH v5 1/1] docs: driver-api: virtio: virtio on Linux
Previous by thread: Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
Next by thread: Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]