Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp3474662pxb;
        Fri, 11 Feb 2022 00:02:25 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzo9cah7sNKr81pk3Y/UpB2qhWOsRquAeavzUcb5hslK8rgQiYmhVt9ZZzrFxctmhn8V7AF
X-Received: by 2002:a05:6402:27d4:: with SMTP id c20mr601144ede.182.1644566545019;
        Fri, 11 Feb 2022 00:02:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644566545; cv=none;
        d=google.com; s=arc-20160816;
        b=lylACC0LmIjG46OsBcKwF1bDKkH/rgfLQzki5Mi99vESbZAeyVozc1YRGnqQqOec4n
         VaivBA1/pDeoKFQIH8cNdLLN0qMHsCpkeB1KYpdJhlrxm2wixDOr8SOLUx4J6McLtu54
         FwxGsZTm4pKAahYapBBiqtg8c2tcIyBAhzj9nyS7TIVQyxuyDqgESMPg7GcD4pbr0KWw
         msTqXbsaENrdMsajyPHxbl98AOPfbmcPFsPpulZJ0mszXtrdto1hSRNbtEU8N/BKtD4V
         bJVPv8helLGhmmfC8b8KT0JgBS/hO5f+JXKIpzZUXs0yNH0OvXDDbFvPdDObd4nncDY4
         1Meg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=Q7JQx7Pz1v8Z/nMfl7rvplR7FgqchrdS8vRoRpNLRM8=;
        b=0L/l2TXxQ8aP3wyScrlPpd7AF5SoNPkQuxdPEPOWHREsZwsFPty0AtpOxUgbFNuXq5
         3OY9TyagxgRfxN5NltJv6aCEarLeQv0OTvPeNoNYqI5On3cYhL6+D5jnXoeugsDXNcJv
         9tprHqoSF43tv+np86Hy/z6i7gctv8eYXfI3TXwy7vwdnJG2sAXljingxyLuxm4u+nU4
         1r58CH8pVHoWMcBGyj4FVb2/jzeCIQL5bpdLLoBHdEKsJQQxnR7f8NoUhAi3ODZF1z83
         RJyugjrHAHFMZGDxlgo3Y2J2mFmKgOPNAhO1a3Svepgahg8ZLl31hRr02o4pSdb4sUfS
         WCQw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=X0hya5AD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ne30si2579817ejc.923.2022.02.11.00.01.57;
        Fri, 11 Feb 2022 00:02:25 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=X0hya5AD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345145AbiBJWnq (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Thu, 10 Feb 2022 17:43:46 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:60810 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S244866AbiBJWno (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Feb 2022 17:43:44 -0500
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD0F15F41;
        Thu, 10 Feb 2022 14:43:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1644533023; x=1676069023;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=3M8IIwvsuOqGIFi2k0uaq5Qj6oZtRqaS6GfOESfH9CM=;
  b=X0hya5ADAOmuvFoDifDsSXV/gmlS/M0AxwFneZhASUfMAVt4+XklMNf3
   dZbe088wA7w24OtTlxPrJc4t9QCFHsy+ajI5rWAlr0gSOvh1NwUXnqR1O
   fzL6GyaUfws6kOpWtv77YCn6DKBCvXN7IT3V4alvhExUhAJbYO043ArA/
   wFW4FzidJMTvEJRHh9zCXBV7nI+5xhq1A8x9MLdMQcwW6dVXcm5FAC2xQ
   ODxgXRFBPexpEEHGNuEkCHpkBtW5udrg1EaRYUhgVlTpLNE1NkLJO8c3I
   sGxa43jwLYexxPn5Y16vIUscWi1X/FIxNeLTc+AD6s3luyGcnSEivqvL9
   g==;
X-IronPort-AV: E=McAfee;i="6200,9189,10254"; a="249819281"
X-IronPort-AV: E=Sophos;i="5.88,359,1635231600"; 
   d="scan'208";a="249819281"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Feb 2022 14:43:43 -0800
X-IronPort-AV: E=Sophos;i="5.88,359,1635231600"; 
   d="scan'208";a="500561782"
Received: from pengyusu-mobl.amr.corp.intel.com (HELO [10.212.149.216]) ([10.212.149.216])
  by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Feb 2022 14:43:42 -0800
Message-ID: <4c216532-2b68-dd95-93f1-542df4786d7a@intel.com>
Date:   Thu, 10 Feb 2022 14:43:39 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Subject: Re: [PATCH 18/35] mm: Add guard pages around a shadow stack.
Content-Language: en-US
To:     Rick Edgecombe <rick.p.edgecombe@intel.com>, x86@kernel.org,
        "H . Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-mm@kvack.org,
        linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H . J . Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V . Shankar" <ravi.v.shankar@intel.com>,
        Dave Martin <Dave.Martin@arm.com>,
        Weijiang Yang <weijiang.yang@intel.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        joao.moreira@intel.com, John Allen <john.allen@amd.com>,
        kcc@google.com, eranian@google.com
Cc:     Yu-cheng Yu <yu-cheng.yu@intel.com>
References: <20220130211838.8382-1-rick.p.edgecombe@intel.com>
 <20220130211838.8382-19-rick.p.edgecombe@intel.com>
From:   Dave Hansen <dave.hansen@intel.com>
In-Reply-To: <20220130211838.8382-19-rick.p.edgecombe@intel.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 1/30/22 13:18, Rick Edgecombe wrote:
> INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the
> first and the last elements in the range, effectively touches those memory
> areas.
> 
> The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and
> 255 * 4 = 1020 bytes by INCSSPD.  Both ranges are far from PAGE_SIZE.
> Thus, putting a gap page on both ends of a shadow stack prevents INCSSP,
> CALL, and RET from going beyond.

What is the downside of not applying this patch?  The shadow stack gap
is 1MB instead of 4k?

That, frankly, doesn't seem too bad.  How badly do we *need* this patch?