From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 28D92C678D4
	for <linux-mm@archiver.kernel.org>; Tue,  7 Mar 2023 14:01:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9231B6B0071; Tue,  7 Mar 2023 09:01:09 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8D4956B0072; Tue,  7 Mar 2023 09:01:09 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 74CB0280001; Tue,  7 Mar 2023 09:01:09 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 61B2E6B0071
	for <linux-mm@kvack.org>; Tue,  7 Mar 2023 09:01:09 -0500 (EST)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 05602160D05
	for <linux-mm@kvack.org>; Tue,  7 Mar 2023 14:01:08 +0000 (UTC)
X-FDA: 80542263858.17.08F39FB
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by imf23.hostedemail.com (Postfix) with ESMTP id 4A499140046
	for <linux-mm@kvack.org>; Tue,  7 Mar 2023 14:01:03 +0000 (UTC)
Authentication-Results: imf23.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UvKZTZrz;
	spf=pass (imf23.hostedemail.com: domain of fweimer@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=fweimer@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1678197665;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5ju9gg/y4szyt14f2LWbHQQkg2yj4KFsHllcMP2Gs2E=;
	b=zFeYxjIBzhDE8NCcxZlTDB9BsPOXmghpFYucF4jgdAEnz5L2zVZgyaRbfrDpto3IEwUi0G
	bYe0jurawxqMuIgTQ6/xHDLSABTCwXPhynq7sZbdoVC5MeQweYxi1QWKWtjVDfLddi/MEV
	QBq/T94uISm4ki6De8N/4CXDr5FuGJ8=
ARC-Authentication-Results: i=1;
	imf23.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UvKZTZrz;
	spf=pass (imf23.hostedemail.com: domain of fweimer@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=fweimer@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678197665; a=rsa-sha256;
	cv=none;
	b=v76ygJLUVjhBjUbpOVXQ9pQp7Mpei6Ovo8L6P+BJtrn9WFe6utBBwZ8Eg8WGTNHureMBqt
	DportfS3uPqdJv4CFd4piAhmc1J+/0T8H5az5tw9OU2HvPnWAGxzHy6hJWsZyU5RyvvYr7
	Jr0cvu66PpqagPhSYEzC3ocrgY1xK/A=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1678197662;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=5ju9gg/y4szyt14f2LWbHQQkg2yj4KFsHllcMP2Gs2E=;
	b=UvKZTZrzib1efLgy6K0b+Ark/XoYNXbw8j6/rFm5c8mmACZ9tvUKe/PxdoM3I0eYEk0gHF
	6h5lZ7IAwGTD88Ljsf3iXcFv5O/JHl4qQxSpktyvcW/uYPy1Q84UM9dAwnV/kOivYMzb7R
	2YX7vCU6NgxFRht+yVedqzFY7obwT+c=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-153-IhkD_1szN0qSCW-h4ox-0w-1; Tue, 07 Mar 2023 09:00:52 -0500
X-MC-Unique: IhkD_1szN0qSCW-h4ox-0w-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 88A7929DD9A8;
	Tue,  7 Mar 2023 14:00:12 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.2.16.80])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5562D492C18;
	Tue,  7 Mar 2023 14:00:04 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: szabolcs.nagy@arm.com
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,  "david@redhat.com"
 <david@redhat.com>,  "bsingharora@gmail.com" <bsingharora@gmail.com>,
  "hpa@zytor.com" <hpa@zytor.com>,  "Syromiatnikov, Eugene"
 <esyr@redhat.com>,  "peterz@infradead.org" <peterz@infradead.org>,
  "rdunlap@infradead.org" <rdunlap@infradead.org>,  "keescook@chromium.org"
 <keescook@chromium.org>,  "Yu, Yu-cheng" <yu-cheng.yu@intel.com>,
  "Eranian, Stephane" <eranian@google.com>,
  "kirill.shutemov@linux.intel.com" <kirill.shutemov@linux.intel.com>,
  "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
  "linux-mm@kvack.org" <linux-mm@kvack.org>,  "nadav.amit@gmail.com"
 <nadav.amit@gmail.com>,  "jannh@google.com" <jannh@google.com>,
  "dethoma@microsoft.com" <dethoma@microsoft.com>,  "broonie@kernel.org"
 <broonie@kernel.org>,  "kcc@google.com" <kcc@google.com>,
  "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
  "bp@alien8.de" <bp@alien8.de>,  "oleg@redhat.com" <oleg@redhat.com>,
  "hjl.tools@gmail.com" <hjl.tools@gmail.com>,  "Yang, Weijiang"
 <weijiang.yang@intel.com>,  "Lutomirski, Andy" <luto@kernel.org>,
  "jamorris@linux.microsoft.com" <jamorris@linux.microsoft.com>,
  "arnd@arndb.de" <arnd@arndb.de>,  "tglx@linutronix.de"
 <tglx@linutronix.de>,  "Schimpe, Christina" <christina.schimpe@intel.com>,
  "debug@rivosinc.com" <debug@rivosinc.com>,  "x86@kernel.org"
 <x86@kernel.org>,  "linux-doc@vger.kernel.org"
 <linux-doc@vger.kernel.org>,  "mike.kravetz@oracle.com"
 <mike.kravetz@oracle.com>,  "pavel@ucw.cz" <pavel@ucw.cz>,
  "andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>,
  "john.allen@amd.com" <john.allen@amd.com>,  "rppt@kernel.org"
 <rppt@kernel.org>,  "nd@arm.com" <nd@arm.com>,  "mingo@redhat.com"
 <mingo@redhat.com>,  "corbet@lwn.net" <corbet@lwn.net>,
  "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
  "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
  "gorcunov@gmail.com" <gorcunov@gmail.com>,  "akpm@linux-foundation.org"
 <akpm@linux-foundation.org>
Subject: Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack
 description
References: <Y/9fdYQ8Cd0GI+8C@arm.com>
	<636de4a28a42a082f182e940fbd8e63ea23895cc.camel@intel.com>
	<df8ef3a9e5139655a223589c16a68393ab3f6d1d.camel@intel.com>
	<ZADQISkczejfgdoS@arm.com>
	<9714f724b53b04fdf69302c6850885f5dfbf3af5.camel@intel.com>
	<ZAYS6CHuZ0MiFvmE@arm.com> <87wn3tsuxf.fsf@oldenburg.str.redhat.com>
	<a205aed2171a0a463e3bb7179e8dd63bd4012e7e.camel@intel.com>
	<ZAc2LQEfvRLCknQQ@arm.com>
Date: Tue, 07 Mar 2023 15:00:02 +0100
In-Reply-To: <ZAc2LQEfvRLCknQQ@arm.com> (szabolcs's message of "Tue, 7 Mar
	2023 13:03:41 +0000")
Message-ID: <87ilfcoe59.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 4A499140046
X-Stat-Signature: kfu843m1xxzjsbkbsg8iuchhi53e4ntp
X-HE-Tag: 1678197663-761289
X-HE-Meta: U2FsdGVkX188xVgfSwINGQ4OEenISbEb9HUdpWJV2smlc39J0+8Mjxbci0niwOXH5ccIxA0BukRT4jpvYS0OXAQM4TWL9waFupFaQtxGLytsD12OGqB5sKb3hP0j4I9Aa4gwM2JMZllihkWFJRbsggadkiypvnQ7jI7caAjOF4VXz57HsHsL8EmHgPqtaXduAn3WhCG8p+d3aVK3B43cZo/9sLIK12PnfUjGkLbaFmT99q84v35OKOPMZGkFBwCoWB+71omJtT0SJrDwmoKf5V2hRu/jQJh2tCBbFv5WZ9SSmcHUNaqrCvjI4zUllcX9cKFe+mSwWxM0u/37gTFocdIfevrq6kl7mhQgkwuzrGbiW9EyjgndV14LEnOsMf8DSR44aq22zmTm13jRuFfAySZM/IChFyl0lyyNkTbJNMSLuJWtqUbErvg4iNSwLtP4e/LtJ6wCmwU/88glbipQdrgSTLdfBkPPBIgNzdwr0cUHljp27p6ejg3ERcaQucjDeULRJoxeN+LyXS1uRvHNVzHlYosmqk5Wak63e1V/vtH1r9DxYBO9opuCL6wGij6UXgKNLQJAf6tuoEG4Q36qP6bK67oDmTr9aSRTK8bw2OdWYrneGLVeYKTib2GNdpSjQoSVLoo/XoJZiPbNgrCgUvWd2YqP3E3h82rDhGIEpeKK+9Fdkjn/tsICZU/ic4psA/SjMPIu8CzUVe18jlhtHZZmaYrmxnPUTAQyYfcL7PTGKBh/+JXs5E2xzll1P1VEhGk1ePAvWXRA/Sh2yxYl5m09DKq7updj/ZZIUryJ6bD6VF23KksYelMTf8FHKwDyhj46Lt839shW7x78wmw8apWDXNOrrn66CM/+t/QtgXl2dtktBp9trYR8H8QxjzkUn0AMad3MHb/o+Hzx/AT3tZrVbPUcqNRk4pRlyZjMCpaOMSygmISQS0K10+iNiIwrmyPWi24cB1NEJC/OCv1
 oOWFgyXh
 qJQC9q3rXdV/87xBKn9CIzu7q+KoQGYai83O8sndeWuZzffs/ln2+KfryyMbxlV0B0QLbyUu5v6/Y4BKJURF4mYEBkJI28FEjk0Nv50mYUUTjcWhuPgwtLGNaJZeC4jSRtGySkcB4M8bOmxtkwz6v6vRKF/jc61NqiYibwc99fXRKfTtzoqe1FcAVbZLnetR+RfKnqGnwtrj7h/7RTXcLMgjKdBw5SFICYl3TH8/TEK7DEvqpizD9xqcJ/g==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

* szabolcs:

> changing/disabling the alt stack is not valid while a handler is
> executing on it. if we don't allow jumping out and back to an
> alt stack (swapcontext) then there can be only one alt stack
> live per thread and change/disable can do the shadow stack free.
>
> if jump back is allowed (linux even makes it race-free with
> SS_AUTODISARM) then the life-time of alt stack is extended
> beyond change/disable (jump back to an unregistered alt stack).
>
> to support jump back to an alt stack the requirements are
>
> 1) user has to manage an alt shadow stack together with the alt
>    stack (requies user code change, not just libc).
>
> 2) kernel has to push a restore token on the thread shadow stack
>    on signal entry (at least in case of alt shadow stack, and
>    deal with corner cases around shadow stack overflow).

We need to have a story for stackful coroutine switching as well, not
just for sigaltstack.  I hope that we can use OpenJDK (Project Loom) and
QEMU as guinea pigs.  If we have something that works for both,
hopefully that covers a broad range of scenarios.  Userspace
coordination can eventually be handled by glibc; we can deallocate
alternate stacks on thread exit fairly easily (at least compared to the
current stack 8-).

Thanks,
Florian