From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2EF5C433E1 for ; Thu, 27 Aug 2020 18:56:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A2E7E22BEA for ; Thu, 27 Aug 2020 18:56:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=amacapital-net.20150623.gappssmtp.com header.i=@amacapital-net.20150623.gappssmtp.com header.b="1qJZF1j7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726291AbgH0S4u (ORCPT ); Thu, 27 Aug 2020 14:56:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43586 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726197AbgH0S4u (ORCPT ); Thu, 27 Aug 2020 14:56:50 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 207C7C061264 for ; Thu, 27 Aug 2020 11:56:50 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id q93so3037151pjq.0 for ; Thu, 27 Aug 2020 11:56:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=qvX+0t4taP46QXZOUzH9jS+RyGYBYFHPCCevAMrrHDg=; b=1qJZF1j7aP9/gm8JJKCOiOmY8yDhder5SBu4XDeJXypfw+jqz30KJKC2TixCvPVViK xlyPbT0mk9IkEZAohEpohg9pTxIu+yU+8I99UYuFfB2+W6d1yn9K/s/ZEdAeYNwEFrh7 uIEw6O9Sv5M7d82YW0k2n7hJ42sUVJ+0AyoHw/pBvsJg0JfJkhZLOV0kygxS5bRK7lwp hnZ4sJgY33aokxqI9jOqk7Ssge/vXqhthQtrILVuuzdVHv1aHxPjsnxK2HiRQfrXnTEO n/GkIFN8FvZ2rmUMRWcnfMJIwbR8JUj0xzI1/BNVZ2o8q0vatriR3W41ZXJSnyJeurqg 8wYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=qvX+0t4taP46QXZOUzH9jS+RyGYBYFHPCCevAMrrHDg=; b=sn4/2KA9XsjsMrEoRcZYfhsf5XaWW1pVBeuYOi5i4Nyc1kRSOKVD1AxT2CVlq1NC9c dpB0+sr5kzIxFcLVmdHSb9OtHTBWEmSzYSCXa9rdlr+KrvGY6waBe6NyN14HAYQQjNox INHcPsFdbn17w1HzovTzhl6Ik/q0AG9r79KaP+QAmrmapa63eN4lCXYOOnTn4EDUgb9T iHIfr8PzfPZFyVaIn75iypKQQzitJdtVRYlNVHRXcQAekE/XhunVeZEgHxrL7Vlaj86h L17cYlNHClbH6gcEHbqgyZHm3xFSXFgg76ytESTuUwvvhfrOP5vVjRAH21f9zsKFdZPY ts0w== X-Gm-Message-State: AOAM530DASz4uciir0l9/GWd8aOFQBcNaxHw+43B0iYxTnN91Za9EP/2 j4a6aKhuBZef/Bl/h2aGkhyvvg== X-Google-Smtp-Source: ABdhPJw0Il7nyzGXecauI/EFZTlrviyvlwdNvPHCgqm8m/VXXhnhoQ1jf2Ta5Mdp8f616+x7S9BSZw== X-Received: by 2002:a17:90a:ec03:: with SMTP id l3mr200548pjy.193.1598554609609; Thu, 27 Aug 2020 11:56:49 -0700 (PDT) Received: from ?IPv6:2601:646:c200:1ef2:f108:b6a3:155e:4f99? ([2601:646:c200:1ef2:f108:b6a3:155e:4f99]) by smtp.gmail.com with ESMTPSA id y203sm3847139pfb.58.2020.08.27.11.56.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 27 Aug 2020 11:56:48 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack Date: Thu, 27 Aug 2020 11:56:44 -0700 Message-Id: <4BDFD364-798C-4537-A88E-F94F101F524B@amacapital.net> References: Cc: Florian Weimer , "H.J. Lu" , Dave Martin , Dave Hansen , Andy Lutomirski , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Weijiang Yang In-Reply-To: To: "Yu, Yu-cheng" X-Mailer: iPhone Mail (17G80) Sender: linux-arch-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-arch@vger.kernel.org > On Aug 27, 2020, at 11:13 AM, Yu, Yu-cheng wrote: >=20 > =EF=BB=BFOn 8/27/2020 6:36 AM, Florian Weimer wrote: >> * H. J. Lu: >>>> On Thu, Aug 27, 2020 at 6:19 AM Florian Weimer wro= te: >>>>>=20 >>>>> * Dave Martin: >>>>>=20 >>>>>> You're right that this has implications: for i386, libc probably pull= s >>>>>> more arguments off the stack than are really there in some situations= . >>>>>> This isn't a new problem though. There are already generic prctls wi= th >>>>>> fewer than 4 args that are used on x86. >>>>>=20 >>>>> As originally posted, glibc prctl would have to know that it has to pu= ll >>>>> an u64 argument off the argument list for ARCH_X86_CET_DISABLE. But >>>>> then the u64 argument is a problem for arch_prctl as well. >>>>>=20 >>>=20 >>> Argument of ARCH_X86_CET_DISABLE is int and passed in register. >> The commit message and the C source say otherwise, I think (not sure >> about the C source, not a kernel hacker). >=20 > H.J. Lu suggested that we fix x86 arch_prctl() to take four arguments, and= then keep MMAP_SHSTK as an arch_prctl(). Because now the map flags and siz= e are all in registers, this also solves problems being pointed out earlier.= Without a wrapper, the shadow stack mmap call (from user space) will be: >=20 > syscall(_NR_arch_prctl, ARCH_X86_CET_MMAP_SHSTK, size, MAP_32BIT). I admit I don=E2=80=99t see a show stopping technical reason we can=E2=80=99= t add arguments to an existing syscall, but I=E2=80=99m pretty sure it=E2=80= =99s unprecedented, and it doesn=E2=80=99t seem like a good idea.