Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp5520023imm; Tue, 12 Jun 2018 09:02:14 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKF//LPB6iIX0EDHDzzy6KXv5EaZE1fA5c1ngTD7TZPd9U4yGw7wtFnhAqZ6lwpG7skUdu5 X-Received: by 2002:a63:9c02:: with SMTP id f2-v6mr861743pge.16.1528819334441; Tue, 12 Jun 2018 09:02:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528819334; cv=none; d=google.com; s=arc-20160816; b=cQLUG7HP2ws+YEHgvQvwL2YZ+c5tD6ndh38vuo4mxomiX9HoGpi1j/16xGQ97Ww8h2 FHkdAzE+AHFsyT9/EjjnRavtLMyhG7zgSC0ZddfTL2nHWwvi+gqm3FfXmOkv4xJ9ZbGc 7gpvuafu7Zf1SDLNTzwj/Z+xHOfLAjQ0j6grGLABbrxuXEDr0Ru3xHsALjnl9F7TMFPI HtiRKDuR1GROzNpZPTiW6Mxj56WWhQySMSeiVwGB+rI1l1GjAqzyFRCddfSwJxW9Ep7J EY5uoMac54vdxnq6FCsAZ2zPItElQ07jsZ8XgIIycY/oUMUdTUkffwLD512kUZKHsN2c oV6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=B5gN5a/yzic9C2UxG4CM5VVyItbt566/vPSVmdVFovE=; b=yzWmMF1qYhA9osCZo6KFThFXwVD4egkChsCp86wLfHf0IA6Y7io3SGQ6w0XL00wbo+ sQY3c/QpkwkpwNKYB9kzbHDiZytPL8KxnkIRN05ZZHIfPFZ01nX7FQPa3vjJCKkeYlZa 0p+THxLzkjXAGk60GLpW1wLNeQ2fWgq79EOaKrXFRIrcI5iVu4ScTHxgecqfxzjUsLIO MVBwm7ZQzjVTuwPuByphN46f7krqcp5pWQkyRsU4j4ja1hMS/2ssqEpR9yijyvRmEO5v /wPGaRn7kxhQ9svaO4Chf67cZPoReiJCHD20TIp1qG1vSYKm9J0hm27Rcazgn0gTqMOv bDWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=lFVbSxc+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o2-v6si390350pfh.327.2018.06.12.09.01.59; Tue, 12 Jun 2018 09:02:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=lFVbSxc+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934512AbeFLQAU (ORCPT + 99 others); Tue, 12 Jun 2018 12:00:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:47850 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933574AbeFLQAR (ORCPT ); Tue, 12 Jun 2018 12:00:17 -0400 Received: from mail-wr0-f177.google.com (mail-wr0-f177.google.com [209.85.128.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 373F0208B9 for ; Tue, 12 Jun 2018 16:00:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1528819217; bh=SkSKIBQ5l1tGKE9gK7FfuVTXSTwDDWbmoDA6knuV4MU=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=lFVbSxc+5IomiweQKy6NrQQud97TRL7/sdYwd9cwwEr47KHOsFNP9JPXJ4rFJSnPT MbPAWWY27aVZQuL4crQRF352+xJX9VkQrrmCrENmV4IFvPhozXFY3C247Ta6Wq0PFN 5XFEK6U4WLqk7mgambIj68AnKnVn0jS22xu0UgJ4= Received: by mail-wr0-f177.google.com with SMTP id w10-v6so24655003wrk.9 for ; Tue, 12 Jun 2018 09:00:17 -0700 (PDT) X-Gm-Message-State: APt69E1zeWLW/bkbkvaAsk8xWn1i0/h/gnKU9/Ogvpi7sgPYjdDHJM0t /Pw/T5vXjjDqr7cowS0SwSH9d7H3NbE01ld1IV2kfg== X-Received: by 2002:adf:85ec:: with SMTP id 41-v6mr791913wru.120.1528819215598; Tue, 12 Jun 2018 09:00:15 -0700 (PDT) MIME-Version: 1.0 References: <20180607143807.3611-1-yu-cheng.yu@intel.com> <1528815820.8271.16.camel@2b52.sc.intel.com> In-Reply-To: <1528815820.8271.16.camel@2b52.sc.intel.com> From: Andy Lutomirski Date: Tue, 12 Jun 2018 09:00:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 00/10] Control Flow Enforcement - Part (3) To: Yu-cheng Yu Cc: bsingharora@gmail.com, LKML , linux-doc@vger.kernel.org, Linux-MM , linux-arch , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , "H. J. Lu" , "Shanbhogue, Vedvyas" , "Ravi V. Shankar" , Dave Hansen , Jonathan Corbet , Oleg Nesterov , Arnd Bergmann , mike.kravetz@oracle.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 12, 2018 at 8:06 AM Yu-cheng Yu wrote: > > On Tue, 2018-06-12 at 20:56 +1000, Balbir Singh wrote: > > > > On 08/06/18 00:37, Yu-cheng Yu wrote: > > > This series introduces CET - Shadow stack > > > > > > At the high level, shadow stack is: > > > > > > Allocated from a task's address space with vm_flags VM_SHSTK; > > > Its PTEs must be read-only and dirty; > > > Fixed sized, but the default size can be changed by sys admin. > > > > > > For a forked child, the shadow stack is duplicated when the next > > > shadow stack access takes place. > > > > > > For a pthread child, a new shadow stack is allocated. > > > > > > The signal handler uses the same shadow stack as the main program. > > > > > > > Even with sigaltstack()? > > > > > > Balbir Singh. > > Yes. > I think we're going to need some provision to add an alternate signal stack to handle the case where the shadow stack overflows.