Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/10/2022 14:40, Florian Weimer wrote:
> * Andrew Cooper:
>
>>> POSIX does not appear to require PROT_NONE mappings
>>> for the stack guard region, either.  However, the
>>> pthread_attr_setguardsize manual page pretty clearly says that it's got
>>> to be unreadable and unwriteable.  Hence my question.
>> Hmm.  If that's what the manuals say, then fine.
>>
>> But honestly, you don't get very far at all without faulting on a
>> read-only stack.
> I guess we can update the manual page proactively.  It does look like a
> tempting optimization.

Here's one I prepared earlier, discussing getting supervisor shadow
stacks working in Xen.

http://xenbits.xen.org/people/andrewcoop/Xen-CET-SS.pdf

This optimisation turned out to be very helpful by being able to put the
shadow stacks in what were previously the guard holes, meaning we didn't
actually need to allocate any more memory for the stacks.

~Andrew




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux