Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack
Date:   Thu, 27 Aug 2020 11:56:44 -0700
Message-Id: <4BDFD364-798C-4537-A88E-F94F101F524B@amacapital.net>
References: <a770d45d-b147-a8c5-b7f8-30d668cbed84@intel.com>
Cc:     Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Dave Martin <Dave.Martin@arm.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Andy Lutomirski <luto@kernel.org>, X86 ML <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Weijiang Yang <weijiang.yang@intel.com>
In-Reply-To: <a770d45d-b147-a8c5-b7f8-30d668cbed84@intel.com>
To:     "Yu, Yu-cheng" <yu-cheng.yu@intel.com>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk


> On Aug 27, 2020, at 11:13 AM, Yu, Yu-cheng <yu-cheng.yu@intel.com> wrote:
>=20
> =EF=BB=BFOn 8/27/2020 6:36 AM, Florian Weimer wrote:
>> * H. J. Lu:
>>>> On Thu, Aug 27, 2020 at 6:19 AM Florian Weimer <fweimer@redhat.com> wro=
te:
>>>>>=20
>>>>> * Dave Martin:
>>>>>=20
>>>>>> You're right that this has implications: for i386, libc probably pull=
s
>>>>>> more arguments off the stack than are really there in some situations=
.
>>>>>> This isn't a new problem though.  There are already generic prctls wi=
th
>>>>>> fewer than 4 args that are used on x86.
>>>>>=20
>>>>> As originally posted, glibc prctl would have to know that it has to pu=
ll
>>>>> an u64 argument off the argument list for ARCH_X86_CET_DISABLE.  But
>>>>> then the u64 argument is a problem for arch_prctl as well.
>>>>>=20
>>>=20
>>> Argument of ARCH_X86_CET_DISABLE is int and passed in register.
>> The commit message and the C source say otherwise, I think (not sure
>> about the C source, not a kernel hacker).
>=20
> H.J. Lu suggested that we fix x86 arch_prctl() to take four arguments, and=
 then keep MMAP_SHSTK as an arch_prctl().  Because now the map flags and siz=
e are all in registers, this also solves problems being pointed out earlier.=
  Without a wrapper, the shadow stack mmap call (from user space) will be:
>=20
> syscall(_NR_arch_prctl, ARCH_X86_CET_MMAP_SHSTK, size, MAP_32BIT).

I admit I don=E2=80=99t see a show stopping technical reason we can=E2=80=99=
t add arguments to an existing syscall, but I=E2=80=99m pretty sure it=E2=80=
=99s unprecedented, and it doesn=E2=80=99t seem like a good idea.