On Thu, 2022-02-10 at 15:07 -0800, Andy Lutomirski wrote: > On Thu, Feb 10, 2022 at 2:44 PM Dave Hansen <dave.hansen@xxxxxxxxx> > wrote: > > > > On 1/30/22 13:18, Rick Edgecombe wrote: > > > INCSSP(Q/D) increments shadow stack pointer and 'pops and > > > discards' the > > > first and the last elements in the range, effectively touches > > > those memory > > > areas. > > > > > > The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes > > > and > > > 255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from > > > PAGE_SIZE. > > > Thus, putting a gap page on both ends of a shadow stack prevents > > > INCSSP, > > > CALL, and RET from going beyond. > > > > What is the downside of not applying this patch? The shadow stack > > gap > > is 1MB instead of 4k? > > > > That, frankly, doesn't seem too bad. How badly do we *need* this > > patch? Like just using VM_SHADOW_STACK | VM_GROWSDOWN to get a regular stack sized gap? I think it could work. It also simplifies the mm->stack_vm accounting. It would no longer get a gap at the end though. I don't think it's needed. > > 1MB of oer-thread guard address space in a 32-bit program may be a > show stopper. Do we intend to support any of this for 32-bit? It is supported in the 32 bit compatibility mode, although IBT had dropped it. I guess this was probably the reason.
