Received: by 2002:a05:6a10:6006:0:0:0:0 with SMTP id w6csp858674pxa; Thu, 27 Aug 2020 18:37:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyyhsDHb+mJ25QvxoY4oh3jpE31oMOdazYYkLmdRZXJVtCfAju7ageEj1lU+OWeKI0VgWo7 X-Received: by 2002:a17:906:1756:: with SMTP id d22mr23485083eje.29.1598578638066; Thu, 27 Aug 2020 18:37:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1598578638; cv=none; d=google.com; s=arc-20160816; b=PPLKZvV2m5RhPweqjp9T0XrRR+bA/GTFSndfhmq8uFwGGL/0dkhJZTHt4m9fuP48B3 sqIHGM3/ZdRQMoTM5PG6C9tEFVsksqbJspbQkhU1NvbtHJAl1ZVVHkssPEswLxxN/UVD GwxOQTbHtLddQCp3IfdcBdJII/5FA6CB7RfnWgltPZxXY2M4lsKuq0k5An96h/j4vnGP +GVOnifaqAAmyztt7EX9IJgVKImG7WGyb4ITy52xMV+RYeHaUVL0e5u9Lkvt5EezkW9i jx2wdiRMj0bz4Xt3bvBT1WVFgf8WuqKGKXbWdnFlXj+9+6e7ZYdKigxNMQahr5ZzzPOT 3ICg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=4Li0TZPO0uBsvz2f7LP/HUXUXXTIQiT47Y9ObhUEQFI=; b=rEHTvBhOor3BoqVYyjUQs79/1mn2yRv8neI6wWpgQoDAoH4JRw74LH1UrejrDPJKLZ McFHCQCGuDCP4t6VYYf9uLgonpYmxvffftEEnofYRZgG1oVPK6YRXOVDKU5aHdmbsdFg 6EoLtUc5YC1MSBSICu9MVeUkcQExVM1JORWtS1/11neSvSJshef7/cmvP3Tk+a+FT//9 7L+2jHmi3oqlGxVPW0vaPgt4Wxnhx662MMDZKNgioL8DRGfFShOokRytCEnACVQqQQLo ZKJpxotJVRrevWWYPBZpftrGiM7KEQyeJXfRaMQh0EmrQNe+ezt/QwGKGMCUSLmx8Ms1 bNoA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uRmcfm+e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s17si2579160ejy.13.2020.08.27.18.36.55; Thu, 27 Aug 2020 18:37:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=uRmcfm+e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728305AbgH1Bfj (ORCPT + 99 others); Thu, 27 Aug 2020 21:35:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:59498 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728268AbgH1Bfi (ORCPT ); Thu, 27 Aug 2020 21:35:38 -0400 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 21DC720C09 for ; Fri, 28 Aug 2020 01:35:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598578537; bh=tiwxfT4ZMLpMEWhyNE2BjdBuHmjGuQJ6mucgE6D9qkc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=uRmcfm+eR0WIlwue7S9+eANKIDrpY5M+F5fBcTFGN90g2h81uyWfSVhceV5DbbGrg /Oe5GG3/y3AnqLUHitHWCx3ciML13KjKruPDw0fiif4jRsXq3GE3Z+Zx6IsOfaqJNf nVVeHjN2y0rW8BdIxt1ec8TPXeNOAQvJn+5LmDI4= Received: by mail-wm1-f51.google.com with SMTP id a65so6839373wme.5 for ; Thu, 27 Aug 2020 18:35:37 -0700 (PDT) X-Gm-Message-State: AOAM533OAcWBQsLJw4ohM0bVqpt3dAmr0/lqRCeYMfHABKBlbqJAoo9U ya1wMAlKQMomFZQoDNofyesFiLLi/eDsuzdW2EKbtw== X-Received: by 2002:a7b:c76e:: with SMTP id x14mr303768wmk.176.1598578535632; Thu, 27 Aug 2020 18:35:35 -0700 (PDT) MIME-Version: 1.0 References: <4BDFD364-798C-4537-A88E-F94F101F524B@amacapital.net> In-Reply-To: From: Andy Lutomirski Date: Thu, 27 Aug 2020 18:35:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack To: "H.J. Lu" Cc: "Yu, Yu-cheng" , Florian Weimer , Dave Martin , Dave Hansen , Andy Lutomirski , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Weijiang Yang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 27, 2020 at 12:38 PM H.J. Lu wrote: > > On Thu, Aug 27, 2020 at 11:56 AM Andy Lutomirski wr= ote: > > > > > > > > > On Aug 27, 2020, at 11:13 AM, Yu, Yu-cheng wr= ote: > > > > > > =EF=BB=BFOn 8/27/2020 6:36 AM, Florian Weimer wrote: > > >> * H. J. Lu: > > >>>> On Thu, Aug 27, 2020 at 6:19 AM Florian Weimer wrote: > > >>>>> > > >>>>> * Dave Martin: > > >>>>> > > >>>>>> You're right that this has implications: for i386, libc probably= pulls > > >>>>>> more arguments off the stack than are really there in some situa= tions. > > >>>>>> This isn't a new problem though. There are already generic prct= ls with > > >>>>>> fewer than 4 args that are used on x86. > > >>>>> > > >>>>> As originally posted, glibc prctl would have to know that it has = to pull > > >>>>> an u64 argument off the argument list for ARCH_X86_CET_DISABLE. = But > > >>>>> then the u64 argument is a problem for arch_prctl as well. > > >>>>> > > >>> > > >>> Argument of ARCH_X86_CET_DISABLE is int and passed in register. > > >> The commit message and the C source say otherwise, I think (not sure > > >> about the C source, not a kernel hacker). > > > > > > H.J. Lu suggested that we fix x86 arch_prctl() to take four arguments= , and then keep MMAP_SHSTK as an arch_prctl(). Because now the map flags a= nd size are all in registers, this also solves problems being pointed out e= arlier. Without a wrapper, the shadow stack mmap call (from user space) wi= ll be: > > > > > > syscall(_NR_arch_prctl, ARCH_X86_CET_MMAP_SHSTK, size, MAP_32BIT). > > > > I admit I don=E2=80=99t see a show stopping technical reason we can=E2= =80=99t add arguments to an existing syscall, but I=E2=80=99m pretty sure i= t=E2=80=99s unprecedented, and it doesn=E2=80=99t seem like a good idea. > > prctl prototype is: > > extern int prctl (int __option, ...) > > and implemented in kernel as: > > int prctl(int option, unsigned long arg2, unsigned long arg3, > unsigned long arg4, unsigned long arg5); > > Not all prctl operations take all 5 arguments. It also applies > to arch_prctl. It is quite normal for different operations of > arch_prctl to take different numbers of arguments. If by "quite normal" you mean "does not happen", then I agree. In any event, I will not have anything to do with a patch that changes an existing syscall signature unless Linus personally acks it. So if you want to email him and linux-abi, be my guest.