On Tue, 01 Oct 2024 23:58:39 +0100, Mark Brown wrote:
> The arm64 Guarded Control Stack (GCS) feature provides support for
> hardware protected stacks of return addresses, intended to provide
> hardening against return oriented programming (ROP) attacks and to make
> it easier to gather call stacks for applications such as profiling.
>
> When GCS is active a secondary stack called the Guarded Control Stack is
> maintained, protected with a memory attribute which means that it can
> only be written with specific GCS operations. The current GCS pointer
> can not be directly written to by userspace. When a BL is executed the
> value stored in LR is also pushed onto the GCS, and when a RET is
> executed the top of the GCS is popped and compared to LR with a fault
> being raised if the values do not match. GCS operations may only be
> performed on GCS pages, a data abort is generated if they are not.
>
> [...]
I applied most of the series to arm64 (for-next/gcs), apart from two KVM
patches - 16 and 40 (the latter is the kselftest). I usually start
picking patches at -rc3 but the glibc folk are waiting for these patches
to at least end up in a maintainer's branch. Of course, these patches
are subject to change until the final 6.13 release.
The KVM patches can go on top once agreed (or they can go in via the KVM
tree, I don't mind either way).
Thanks!
[01/40] mm: Introduce ARCH_HAS_USER_SHADOW_STACK
https://git.kernel.org/arm64/c/bcc9d04e749a
[02/40] mm: Define VM_HIGH_ARCH_6
https://git.kernel.org/arm64/c/9ab515b18f84
[03/40] arm64/mm: Restructure arch_validate_flags() for extensibility
https://git.kernel.org/arm64/c/f645e888b1a6
[04/40] prctl: arch-agnostic prctl for shadow stack
https://git.kernel.org/arm64/c/91e102e79740
[05/40] mman: Add map_shadow_stack() flags
https://git.kernel.org/arm64/c/3630e82ab6bd
[06/40] arm64: Document boot requirements for Guarded Control Stacks
https://git.kernel.org/arm64/c/830ae8a39685
[07/40] arm64/gcs: Document the ABI for Guarded Control Stacks
https://git.kernel.org/arm64/c/7058bf87cd59
[08/40] arm64/sysreg: Add definitions for architected GCS caps
https://git.kernel.org/arm64/c/ce0641d48ddd
[09/40] arm64/gcs: Add manual encodings of GCS instructions
https://git.kernel.org/arm64/c/dad947cc22cf
[10/40] arm64/gcs: Provide put_user_gcs()
https://git.kernel.org/arm64/c/d0aa2b435186
[11/40] arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1
https://git.kernel.org/arm64/c/ff5181d8a2a8
[12/40] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS)
https://git.kernel.org/arm64/c/6487c963083c
[13/40] arm64/mm: Allocate PIE slots for EL0 guarded control stack
https://git.kernel.org/arm64/c/092055f1508c
[14/40] mm: Define VM_SHADOW_STACK for arm64 when we support GCS
https://git.kernel.org/arm64/c/ae80e1629aea
[15/40] arm64/mm: Map pages for guarded control stack
https://git.kernel.org/arm64/c/6497b66ba694
[17/40] arm64/idreg: Add overrride for GCS
https://git.kernel.org/arm64/c/a94452112ce4
[18/40] arm64/hwcap: Add hwcap for GCS
https://git.kernel.org/arm64/c/eefc98711f84
[19/40] arm64/traps: Handle GCS exceptions
https://git.kernel.org/arm64/c/8ce71d270536
[20/40] arm64/mm: Handle GCS data aborts
https://git.kernel.org/arm64/c/cfad706e8f6d
[21/40] arm64/gcs: Context switch GCS state for EL0
https://git.kernel.org/arm64/c/fc84bc5378a8
[22/40] arm64/gcs: Ensure that new threads have a GCS
https://git.kernel.org/arm64/c/506496bcbb42
[23/40] arm64/gcs: Implement shadow stack prctl() interface
https://git.kernel.org/arm64/c/b57180c75c7e
[24/40] arm64/mm: Implement map_shadow_stack()
https://git.kernel.org/arm64/c/8f3e750673b2
[25/40] arm64/signal: Set up and restore the GCS context for signal handlers
https://git.kernel.org/arm64/c/eaf62ce1563b
[26/40] arm64/signal: Expose GCS state in signal frames
https://git.kernel.org/arm64/c/16f47bb9ac8a
[27/40] arm64/ptrace: Expose GCS via ptrace and core files
https://git.kernel.org/arm64/c/7ec3b57cb29f
[28/40] arm64: Add Kconfig for Guarded Control Stack (GCS)
https://git.kernel.org/arm64/c/5d8b172e7005
[29/40] kselftest/arm64: Verify the GCS hwcap
https://git.kernel.org/arm64/c/7a2f671db61f
[30/40] kselftest/arm64: Add GCS as a detected feature in the signal tests
https://git.kernel.org/arm64/c/b2d2f11ff5d6
[31/40] kselftest/arm64: Add framework support for GCS to signal handling tests
https://git.kernel.org/arm64/c/0d426f7dd9a0
[32/40] kselftest/arm64: Allow signals tests to specify an expected si_code
https://git.kernel.org/arm64/c/956573ac1890
[33/40] kselftest/arm64: Always run signals tests with GCS enabled
https://git.kernel.org/arm64/c/42155a8eb0f6
[34/40] kselftest/arm64: Add very basic GCS test program
https://git.kernel.org/arm64/c/3d37d4307e0f
[35/40] kselftest/arm64: Add a GCS test program built with the system libc
https://git.kernel.org/arm64/c/a505a52b4e29
[36/40] kselftest/arm64: Add test coverage for GCS mode locking
https://git.kernel.org/arm64/c/58d69a3e3582
[37/40] kselftest/arm64: Add GCS signal tests
https://git.kernel.org/arm64/c/794b64ca5665
[38/40] kselftest/arm64: Add a GCS stress test
https://git.kernel.org/arm64/c/05e6cfff58c4
[39/40] kselftest/arm64: Enable GCS for the FP stress tests
https://git.kernel.org/arm64/c/bb9ae1a66c85
--
Catalin
