From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C4837C6FD1E for ; Fri, 10 Mar 2023 20:44:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2CEB16B0071; Fri, 10 Mar 2023 15:44:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 27F2B6B0072; Fri, 10 Mar 2023 15:44:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 147F66B0074; Fri, 10 Mar 2023 15:44:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 076656B0071 for ; Fri, 10 Mar 2023 15:44:06 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B8D701605B3 for ; Fri, 10 Mar 2023 20:44:05 +0000 (UTC) X-FDA: 80554165650.05.68BD3C5 Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174]) by imf05.hostedemail.com (Postfix) with ESMTP id F235510000F for ; Fri, 10 Mar 2023 20:44:02 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=bWhKR3NG; spf=pass (imf05.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678481043; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MiHyK6eFcFQYW0X9EQJHwCgulOPguYCYeXhog8HuzIs=; b=JeBJ9i0pZpW2oJYUIoBpZ9Ju2763NajMWsZ7UiMtOwRiQfedSbNhpF6yEtzd3KKVwE9Az9 jtw27zVG61WZDipC2iqy6Heiua84AB175N0znPL+tBJ6vOjrll2kYH2X4LAbJWyzM3FxC6 4/vwMwFlS1rt+QI6cdSWLJsRFl/Ev3g= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=bWhKR3NG; spf=pass (imf05.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678481043; a=rsa-sha256; cv=none; b=bM8VOr28WQcihHVFDewhBpkWqh7VyZ4gHvL52N7jJgxvFrLrp3YOlJxSAGeGVF34p/N9z2 tzmQ98+7WgejEP7rPtBpRp1rHgGF/mvAucDXlmp4IaMAdSMM1t873Zmg+yObbCIO298jOj bDkb1hgOrngwFcw5gsFNHaG0QJJ34v0= Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-536af432ee5so121391337b3.0 for ; Fri, 10 Mar 2023 12:44:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678481042; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=MiHyK6eFcFQYW0X9EQJHwCgulOPguYCYeXhog8HuzIs=; b=bWhKR3NGDtXleP47GUljwpGUd0ZL772CbqQX5a8h1Cb2+VINP3RxlrjyHM10iAn2O+ SdnPFx1STjV9IOiCLIpPRReha5ycRwuThEYT5fYenqk3N582y6ngxY8vt9p+vls4hvh0 qUb+yErHdSwsoFJfneYrQi3pZJ/7whFeV5w6LeldnliyC3Sw+7dVhTb3K/nKSsBLT7MB YeH++ImohPUUHeokysg68dANFfa+j6G+I19en6V7gBXDRjLJbQhB8A4W2m18HD3hROIC CJR7apmB3nJsFEVSB1hz7oEiYwx4jRbCv+WRKRaDcyh4BOTFARjocbxWPqWT4FmDBl+y JiGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678481042; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MiHyK6eFcFQYW0X9EQJHwCgulOPguYCYeXhog8HuzIs=; b=EJzxoocMbxzW/HLUzbz2+3HIe9QQhOty5SM19a6IMtXoeLPNSzuoRtcK32cTxzb3UD 9DM9e8wvARrjp2v/2RhuTKLoUOrhKpOh8DNlqOTqRjUNspfID77t8rrxl1un9tJHOI93 vCU4jmCBnpPE9XNehiso+KIqevfFK+rxkohyT+dSf2QIXakidZw1RxcsGwpUhdNvJuU4 3ecIH9zW8LuixLDSpw7rYoNo30LeNDaL9goqLRnzNRHyYaVogP6+xtTV99pbuPX21hsW +ytnHRARZciS8+mqvBpMjVp7b/YV3sGhNDf68VIKnC6w9xAB57kHFiU+YMbRU1ykbX8L E1ig== X-Gm-Message-State: AO0yUKVEoDveUBI6zJ++tDawQXvyHzh1IlprlwWAFvaLLZYVEYo/Mx4j Q4jHtzOzHzT/BkSDGPFMizSoW/NPdMQPOWv/7i4= X-Google-Smtp-Source: AK7set/wnmFzHOkuniTe8FhWVZ1SloaUAzrTpFYzMfVKG6Gf7/z0x1JQCIVDicqLTJnrMPNaqokwAQhpHW8IDezq6Xw= X-Received: by 2002:a81:ac1a:0:b0:533:cf4e:9a80 with SMTP id k26-20020a81ac1a000000b00533cf4e9a80mr16886546ywh.6.1678481042094; Fri, 10 Mar 2023 12:44:02 -0800 (PST) MIME-Version: 1.0 References: <20230227222957.24501-1-rick.p.edgecombe@intel.com> <20230227222957.24501-29-rick.p.edgecombe@intel.com> <9e00b2a3d988f7b24d274a108d31f5f0096eeaae.camel@intel.com> <20230309125739.GCZAnXw5T1dfzwtqh8@fat_crate.local> <20230309235152.GBZApxGNnXLvkGXCet@fat_crate.local> In-Reply-To: From: "H.J. Lu" Date: Fri, 10 Mar 2023 12:43:26 -0800 Message-ID: Subject: Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack To: "Edgecombe, Rick P" Cc: "david@redhat.com" , "bsingharora@gmail.com" , "hpa@zytor.com" , "Syromiatnikov, Eugene" , "peterz@infradead.org" , "rdunlap@infradead.org" , "keescook@chromium.org" , "Eranian, Stephane" , "dave.hansen@linux.intel.com" , "kirill.shutemov@linux.intel.com" , "linux-mm@kvack.org" , "fweimer@redhat.com" , "nadav.amit@gmail.com" , "jannh@google.com" , "dethoma@microsoft.com" , "kcc@google.com" , "linux-arch@vger.kernel.org" , "bp@alien8.de" , "oleg@redhat.com" , "andrew.cooper3@citrix.com" , "akpm@linux-foundation.org" , "Lutomirski, Andy" , "jamorris@linux.microsoft.com" , "joao@overdrivepizza.com" , "arnd@arndb.de" , "Schimpe, Christina" , "mike.kravetz@oracle.com" , "x86@kernel.org" , "Yang, Weijiang" , "debug@rivosinc.com" , "pavel@ucw.cz" , "john.allen@amd.com" , "linux-doc@vger.kernel.org" , "tglx@linutronix.de" , "rppt@kernel.org" , "mingo@redhat.com" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "linux-api@vger.kernel.org" , "gorcunov@gmail.com" Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: uxt9qdmjypsqgkp96tgeckd4sb1k8zkz X-Rspam-User: X-Rspamd-Queue-Id: F235510000F X-Rspamd-Server: rspam06 X-HE-Tag: 1678481042-697102 X-HE-Meta: U2FsdGVkX19qtBS1mJ2CeK7jJq3qG1nVioweQP4y0pWDMohzwBAOQ2HymFJcMQLi5z8dU+47QBA4/g2XsAd3qLW1LZWnlbjnpMOsU5c+HXckByTb1SX3/Ucqg3Q2BvTrXQov3Ho1aoke/MHuXbgzpMOFzZ4Jc6k6gdBjmXZikbQUp3Q1Nxs4Li8+OywSZJaHDMGGV/WvKw9nGOZrfXCe17pVszdTUOERqOAKVnu92UX6H4ytwf/8tCFgHSDbMJOY2z1jg35iuiYnQ2G00/5s7TgxoeKkE/vgLqnT0+UJ4FvrCgRgmneawhTyVtVVi0kh26dwYjPhHBXaA8O7Qsy9+SPyEQbQxWbhCgppbSo7KfnCRpix6szEEWDCIL6RIjP+2I8q/O16/w+f3wHFIx08JdRX+ceXii6hN3V0g4BsZlQNwCa+SXlQJUfPXpG9UzJ1edlY5fiC09/l6uT1/gaP7qDz65mujqEgrqi19ep1i0Fe4HhFeADTF4uQhrVJZ8YO2P53ul8XIf7GYNHK/TiEOJGo2r+Nmn/cc5P4Rk/OjgKYFyGVaFNUyA/hr7dBxtXFZ2WxleqNOeArkS5cjiBCUIJmYJVLY0idrKI2m4K/gSdRkZ/lH97a22M2NOmpZFZ4oQ1QPZQjjjGpmMEYITNlOP1TB2t5+3touYZo0nJBq/7AJ2ZDKg/M1eKOTly2Rvjs4F96paNJxSv7VxIeIl3cZTrKtNBVldYAo34fRKVcezXU7iBx3R05vWG78DGfhov4rso95P/tyNjWWtvbQuiSLDxwyWjWHMGxxRbAz4Tgp2Htozp6iDZ8fhiX5qMAHQI9LKGI2jzKlrh21/8CYymMZT8yWZnJ7Ga1WF+9m8fPfeIKqXbGlLPRS7eGpRWXuAmXiPCE3TrtlQ1tQFPr+ZHesQ/1SWozCV/wSrp5GpwK5eHryJs7qBS4liwyQlTwCj12aqvZLWT/CUx4ng20d+r jygF/qv3 bSw3A1eY5e+vaHyHaHpZOK4fRbZCfSNeQaQXUncDT6CG5/3eibYVf5To1GXGpCl6Ff7IIQhIcJkGt3nfyfopuZREU6swqLpFauaihuS0HkDemyNrINSRTXVBhniHA2mvgWDqRAkqlGmKIHugAwkY6jvOq1BbPjsfcRaVphYREFp29GCkyvbQcKIzGIlWZear9iQgFsJagZ9gt1TrpANB3V37Zk16OHIiS1CCObjgMZ9l69czvrGuj5f7ySF0cNQpBpihgyDSlkq8FyNU9sSz+Biy60hdMO41o871RdP/2ruhpT4yE70Js4JEa8oaRz2lwSVG9jJk1z5xMGtax6exkqVFsMEUMJT5IP0U6UupkHk7AsNtgjIgYvUrE7CZQcTA2nF5ZDhNdljF2fdt1Q1o5cAS5bu9mY40UBzqeIxpo+C3Xj4GAws1trOclWQWcQH+8Mr6nAWKKYZa+R/8F2ZGAfsDnOeC55XfMB5KNzcS/zaBIARnqKYiMevub8rOs8pT2CtVYmdddu0e7ar/NwnqswzG2XtFPP+jcQqKP X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Mar 10, 2023 at 12:27 PM Edgecombe, Rick P wrote: > > On Fri, 2023-03-10 at 12:00 -0800, H.J. Lu wrote: > > > > So it does: > > > > 1. Enable shadow stack > > > > 2. Call elf libs checking functions > > > > 3. If all good, lock shadow stack. Else, disable shadow stack. > > > > 4. Return from elf checking functions and if shstk is enabled, > > > > don't > > > > underflow because it was enabled in step 1 and we have return > > > > addresses > > > > from 2 on the shadow stack > > > > > > > > I'm wondering if this can't be improved in glibc to look like: > > > > 1. Check elf libs, and record it somewhere > > > > 2. Wait until just the right spot > > > > 3. If all good, enable and lock shadow stack. > > > > > > I will try it out. > > > > > > > Currently glibc enables shadow stack as early as possible. There > > are only a few places where a function call in glibc never returns. > > We can enable shadow stack just before calling main. There are > > quite some code paths without shadow stack protection. Is this > > an issue? > > Thanks for checking. Hmm, does the loader get attacked? Not I know of. But there are user codes from .init_array and .preinit_array which are executed before main. In theory, an attack can happen before main. -- H.J.