Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: szabolcs.nagy@xxxxxxx
Subject: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
From: Florian Weimer <fweimer@xxxxxxxxxx>
Date: Mon, 03 Jul 2023 20:49:17 +0200
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx>, "Lutomirski, Andy" <luto@xxxxxxxxxx>, "Xu, Pengfei" <pengfei.xu@xxxxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "kcc@xxxxxxxxxx" <kcc@xxxxxxxxxx>, "nadav.amit@xxxxxxxxx" <nadav.amit@xxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "david@xxxxxxxxxx" <david@xxxxxxxxxx>, "Schimpe, Christina" <christina.schimpe@xxxxxxxxx>, "akpm@xxxxxxxxxxxxxxxxxxxx" <akpm@xxxxxxxxxxxxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "corbet@xxxxxxx" <corbet@xxxxxxx>, "nd@xxxxxxx" <nd@xxxxxxx>, "broonie@xxxxxxxxxx" <broonie@xxxxxxxxxx>, "jannh@xxxxxxxxxx" <jannh@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "debug@xxxxxxxxxxxx" <debug@xxxxxxxxxxxx>, "bp@xxxxxxxxx" <bp@xxxxxxxxx>, "rdunlap@xxxxxxxxxxxxx" <rdunlap@xxxxxxxxxxxxx>, "linux-api@xxxxxxxxxxxxxxx" <linux-api@xxxxxxxxxxxxxxx>, "rppt@xxxxxxxxxx" <rppt@xxxxxxxxxx>, "jamorris@xxxxxxxxxxxxxxxxxxx" <jamorris@xxxxxxxxxxxxxxxxxxx>, "pavel@xxxxxx" <pavel@xxxxxx>, "john.allen@xxxxxxx" <john.allen@xxxxxxx>, "bsingharora@xxxxxxxxx" <bsingharora@xxxxxxxxx>, "mike.kravetz@xxxxxxxxxx" <mike.kravetz@xxxxxxxxxx>, "dethoma@xxxxxxxxxxxxx" <dethoma@xxxxxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "oleg@xxxxxxxxxx" <oleg@xxxxxxxxxx>, "keescook@xxxxxxxxxxxx" <keescook@xxxxxxxxxxxx>, "gorcunov@xxxxxxxxx" <gorcunov@xxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "Yu, Yu-cheng" <yu-cheng.yu@xxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "hjl.tools@xxxxxxxxx" <hjl.tools@xxxxxxxxx>, "linux-mm@xxxxxxxxx" <linux-mm@xxxxxxxxx>, "Syromiatnikov, Eugene" <esyr@xxxxxxxxxx>, "Yang, Weijiang" <weijiang.yang@xxxxxxxxx>, "linux-doc@xxxxxxxxxxxxxxx" <linux-doc@xxxxxxxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, "Torvalds, Linus" <torvalds@xxxxxxxxxxxxxxxxxxxx>, "Eranian, Stephane" <eranian@xxxxxxxxxx>
In-reply-to: <ZKMRFNSYQBC6S+ga@arm.com> (szabolcs's message of "Mon, 3 Jul 2023 19:19:00 +0100")
References: <ZJFukYxRbU1MZlQn@arm.com> <e676c4878c51ab4b6018c9426b5edacdb95f2168.camel@intel.com> <ZJLgp29mM3BLb3xa@arm.com> <c5ae83588a7e107beaf858ab04961e70d16fe32c.camel@intel.com> <ZJQR7slVHvjeCQG8@arm.com> <CALCETrW+30_a2QQE-yw9djVFPxSxm7-c2FZFwZ50dOEmnmkeDA@mail.gmail.com> <ZJR545en+dYx399c@arm.com> <1cd67ae45fc379fd82d2745190e4caf74e67499e.camel@intel.com> <ZJ2sTu9QRmiWNISy@arm.com> <e057de9dd9e9fe48981afb4ded4b337e8a83fabf.camel@intel.com> <ZKMRFNSYQBC6S+ga@arm.com>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)

* szabolcs:

>> alt shadow stack cannot be transparent to existing software anyway, it
>
> maybe not in glibc, but a libc can internally use alt shadow stack
> in sigaltstack instead of exposing a separate sigaltshadowstack api.
> (this is what a strict posix conform implementation has to do to
> support shadow stacks), leaking shadow stacks is not a correctness
> issue unless it prevents the program working (the shadow stack for
> the main thread likely wastes more memory than all the alt stack
> leaks. if the leaks become dominant in a thread the sigaltstack
> libc api can just fail).

It should be possible in theory to carve out pages from sigaltstack and
push a shadow stack page and a guard page as part of the signal frame.
As far as I understand it, the signal frame layout is not ABI, so it's
possible to hide arbitrary stuff in it.  I'm just saying that it looks
possible, not that it's a good idea.

Perhaps that's not realistic with 64K pages, though.

Thanks,
Florian

Follow-Ups:
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Szabolcs Nagy

References:
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Andy Lutomirski
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: Edgecombe, Rick P
- Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
  - From: szabolcs.nagy@xxxxxxx

Prev by Date: Re: [QUESTION] Full user space process isolation?
Next by Date: Re: [PATCH v2] readahead: Correct the start and size in ondemand_readahead()
Previous by thread: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
Next by thread: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]