On Wed, Apr 28, 2021 at 11:39:00AM -0700, Yu, Yu-cheng wrote:
> Sorry about that. After that email thread, we went ahead to separate shadow
> stack and ibt into different files. I thought about the struct, the file
> names cet.h, etc. The struct still needs to include ibt status, and if it
> is shstk_desc, the name is not entirely true. One possible approach is, we
> don't make it a struct here, and put every item directly in thread_struct.
> However, the benefit of putting all in a struct is understandable (you might
> argue the opposite :-)). Please make the call, and I will do the change.
/me looks forward into the patchset...
So this looks like the final version of it:
@@ -15,6 +15,7 @@ struct cet_status {
unsigned long shstk_base;
unsigned long shstk_size;
unsigned int locked:1;
+ unsigned int ibt_enabled:1;
};
If so, that thing should be simply:
struct cet {
unsigned long shstk_base;
unsigned long shstk_size;
unsigned int shstk_lock : 1,
ibt : 1;
}
Is that ibt flag per thread or why is it here? I guess I'll find out.
/me greps...
ah yes, it is.
> Yes, the comments are in patch #23: Handle thread shadow stack. I wanted to
> add that in the patch that takes the path.
That comes next, I'll look there.
> > vm_munmap() can return other negative error values, where are you
> > handling those?
> >
>
> For other error values, the loop stops.
And then what happens?
> > > + cet->shstk_base = 0;
> > > + cet->shstk_size = 0;
You clear those here without even checking whether unmap failed somehow.
And then stuff leaks but we don't care, right?
Someone else's problem, I'm sure.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
