Re: [PATCH 18/35] mm: Add guard pages around a shadow stack.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2022-02-10 at 15:07 -0800, Andy Lutomirski wrote:
> On Thu, Feb 10, 2022 at 2:44 PM Dave Hansen <dave.hansen@xxxxxxxxx>
> wrote:
> > 
> > On 1/30/22 13:18, Rick Edgecombe wrote:
> > > INCSSP(Q/D) increments shadow stack pointer and 'pops and
> > > discards' the
> > > first and the last elements in the range, effectively touches
> > > those memory
> > > areas.
> > > 
> > > The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes
> > > and
> > > 255 * 4 = 1020 bytes by INCSSPD.  Both ranges are far from
> > > PAGE_SIZE.
> > > Thus, putting a gap page on both ends of a shadow stack prevents
> > > INCSSP,
> > > CALL, and RET from going beyond.
> > 
> > What is the downside of not applying this patch?  The shadow stack
> > gap
> > is 1MB instead of 4k?
> > 
> > That, frankly, doesn't seem too bad.  How badly do we *need* this
> > patch?

Like just using VM_SHADOW_STACK | VM_GROWSDOWN to get a regular stack
sized gap? I think it could work. It also simplifies the mm->stack_vm
accounting.

It would no longer get a gap at the end though. I don't think it's
needed.

> 
> 1MB of oer-thread guard address space in a 32-bit program may be a
> show stopper.  Do we intend to support any of this for 32-bit?

It is supported in the 32 bit compatibility mode, although IBT had
dropped it. I guess this was probably the reason.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux