Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "broonie@xxxxxxxxxx" <broonie@xxxxxxxxxx>, "szabolcs.nagy@xxxxxxx" <szabolcs.nagy@xxxxxxx>
Subject: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
From: "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx>
Date: Thu, 6 Jul 2023 16:59:45 +0000
Accept-language: en-US
Cc: "Xu, Pengfei" <pengfei.xu@xxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "kcc@xxxxxxxxxx" <kcc@xxxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, "nadav.amit@xxxxxxxxx" <nadav.amit@xxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "david@xxxxxxxxxx" <david@xxxxxxxxxx>, "Schimpe, Christina" <christina.schimpe@xxxxxxxxx>, "Yang, Weijiang" <weijiang.yang@xxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "corbet@xxxxxxx" <corbet@xxxxxxx>, "nd@xxxxxxx" <nd@xxxxxxx>, "dethoma@xxxxxxxxxxxxx" <dethoma@xxxxxxxxxxxxx>, "jannh@xxxxxxxxxx" <jannh@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "debug@xxxxxxxxxxxx" <debug@xxxxxxxxxxxx>, "pavel@xxxxxx" <pavel@xxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "mike.kravetz@xxxxxxxxxx" <mike.kravetz@xxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, "rppt@xxxxxxxxxx" <rppt@xxxxxxxxxx>, "jamorris@xxxxxxxxxxxxxxxxxxx" <jamorris@xxxxxxxxxxxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "john.allen@xxxxxxx" <john.allen@xxxxxxx>, "rdunlap@xxxxxxxxxxxxx" <rdunlap@xxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "oleg@xxxxxxxxxx" <oleg@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "keescook@xxxxxxxxxxxx" <keescook@xxxxxxxxxxxx>, "bsingharora@xxxxxxxxx" <bsingharora@xxxxxxxxx>, "gorcunov@xxxxxxxxx" <gorcunov@xxxxxxxxx>, "Yu, Yu-cheng" <yu-cheng.yu@xxxxxxxxx>, "fweimer@xxxxxxxxxx" <fweimer@xxxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "hjl.tools@xxxxxxxxx" <hjl.tools@xxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "Syromiatnikov, Eugene" <esyr@xxxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "Torvalds, Linus" <torvalds@xxxxxxxxxxxxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>, "Eranian, Stephane" <eranian@xxxxxxxxxx>
In-reply-to: <e9a377ce-7ce4-47b0-b30e-56a5aae18544@sirena.org.uk>
References: <eda8b2c4b2471529954aadbe04592da1ddae906d.camel@intel.com> <2a30ac58-d970-45c3-87d2-55396c0a83f9@sirena.org.uk> <0a9ade13b989ea881fd43fabbe5de1d248cf4218.camel@intel.com> <ccce9d4a-90fe-465a-88ae-ea1416770c77@sirena.org.uk> <ZKa+QFKHSyqMlriG@arm.com> <e9a377ce-7ce4-47b0-b30e-56a5aae18544@sirena.org.uk>
User-agent: Evolution 3.44.4-0ubuntu1

On Thu, 2023-07-06 at 15:24 +0100, Mark Brown wrote:
> On Thu, Jul 06, 2023 at 02:14:40PM +0100,
> szabolcs.nagy@xxxxxxx wrote:
> > The 07/05/2023 20:29, Mark Brown wrote:
> 
> > > Push and pop are one control, you get both or neither.
> 
> > gcspopm is always available (esentially *ssp++, this is used
> > for longjmp).
> 
> Ah, sorry - I misremembered there.  You're right, it's only push that
> we
> have control over.

Ah, ok! So if you are not planning to enable the push mode then the
features are pretty well aligned, except:
 - On x86 it is possible to switch stacks without leaving a token 
   behind.
 - The GCSPOPM/INCSSP looping may require longer loops on ARM 
   because it only pops one at at time.

If you are not going to use GCSPUSHM by default, then I think we
*should* be able to have some unified set of rules for developers for
glibc behaviors at least.

Follow-Ups:
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Mark Brown

References:
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Mark Brown
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Mark Brown
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Mark Brown

Prev by Date: Re: [RFC PATCH 11/14] context-tracking: Introduce work deferral infrastructure
Next by Date: Re: [PATCH 1/3] RISC-V: Framework for vendor extensions
Previous by thread: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
Next by thread: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]