Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp706437pxp; Fri, 11 Mar 2022 12:54:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJw+QP6ReOVM8ZQGqM1XTFQbDbH7KtIFLJWa9/igmIsozgzdrREAQ48ZQP3GlJpObWlITPh5 X-Received: by 2002:a63:204f:0:b0:365:612c:e159 with SMTP id r15-20020a63204f000000b00365612ce159mr9917455pgm.461.1647032060848; Fri, 11 Mar 2022 12:54:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1647032060; cv=none; d=google.com; s=arc-20160816; b=P+wIxju6qMWiPpleRdHUkPyJhLIIJ9JrfJnBmMxm0HcrRVtBKV2G380jgrKUJSgb1L 1r2EQnzhyDLAPWnVVEgWWaTyKL67eWXGoRuIfECT9wOXyf38MEUnVvZKLWBuKvZXK1h2 HFcxmdjvq2LWlGKA+eff4+elgskwqeK9wjr8JGX9AnB1wqA9uAWPISyJ58CZIxq/+fsU XU5qR3cEQylwr7qh784t3R9nwYPWKtnc6od802c1/ZIeN+h8SxA9RextG3SLoQqcYMP4 m4Qcvd7nvEYBGl1qcOQdvincEuLPZrQOuJB9hWl8AbXY9qtzVnS8IAKVxAorJRRZ/V3G AYHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=2U3aEAbneNBK24+ar+pgU2UrEYmwWKgrc4wX8Xj0WBc=; b=FnWskslYsw9kVvoWxYiPRkfqPlvMiqvCvK0SjetkWcGL2D9DV40iyBxZh3WkUSiiWo 7xP4uC7UI7PPtPlwOiqzDMSvkhIC5CJuCnPwhYptPqguNRO1OQXQaC/bAiXq+JY1fRZy tvSA5w3QkkCoSq7x8SQeYKvb/Wx/FdCHSzWU269hb2RfbOHseNGYGQniFNr2aR7nvlSK yg+TTxjS8Ov/vjkQn0LnK8ktNxJdZqiIyDQRTa0iTNm3/rrTW5T628scfB3qcxwhIfnp I4dqKgM7BBiTP37giZ9wPXVpAgd0OJfvdXM0i1CtvQLfWcC3/3D+KGgHh8+xIusNbeqe +pOQ== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id k7-20020a170902ba8700b0014fd63a44e2si8373653pls.534.2022.03.11.12.54.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Mar 2022 12:54:20 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3648C1E2FCF; Fri, 11 Mar 2022 12:45:50 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345759AbiCKCrj (ORCPT + 99 others); Thu, 10 Mar 2022 21:47:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239089AbiCKCrh (ORCPT ); Thu, 10 Mar 2022 21:47:37 -0500 Received: from out30-44.freemail.mail.aliyun.com (out30-44.freemail.mail.aliyun.com [115.124.30.44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF2981A41E9; Thu, 10 Mar 2022 18:46:34 -0800 (PST) X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R161e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04423;MF=ashimida@linux.alibaba.com;NM=1;PH=DS;RN=23;SR=0;TI=SMTPD_---0V6rDYwB_1646966789; Received: from 192.168.193.160(mailfrom:ashimida@linux.alibaba.com fp:SMTPD_---0V6rDYwB_1646966789) by smtp.aliyun-inc.com(127.0.0.1); Fri, 11 Mar 2022 10:46:30 +0800 Message-ID: Date: Thu, 10 Mar 2022 18:46:29 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [PATCH v3 2/2] lkdtm: Add Shadow Call Stack tests Content-Language: en-US To: Kees Cook Cc: akpm@linux-foundation.org, arnd@arndb.de, catalin.marinas@arm.com, gregkh@linuxfoundation.org, linux@roeck-us.net, luc.vanoostenryck@gmail.com, elver@google.com, mark.rutland@arm.com, masahiroy@kernel.org, ojeda@kernel.org, nathan@kernel.org, npiggin@gmail.com, ndesaulniers@google.com, samitolvanen@google.com, shuah@kernel.org, tglx@linutronix.de, will@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org References: <20220303073340.86008-1-ashimida@linux.alibaba.com> <20220303074339.86337-1-ashimida@linux.alibaba.com> <202203031010.0A492D114@keescook> <202203031105.A1B4CAE6@keescook> <92a767c4-09e1-8783-2581-9848bb72890d@linux.alibaba.com> <202203091211.4F00F560@keescook> From: Dan Li In-Reply-To: <202203091211.4F00F560@keescook> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/9/22 12:16, Kees Cook wrote: > On Mon, Mar 07, 2022 at 07:16:36AM -0800, Dan Li wrote: >> But currently it still crashes when I try to enable >> "-mbranch-protection=pac-ret+leaf+bti". >> >> Because the address of "&&redirected" is not encrypted under pac, >> the autiasp check will fail when set_return_addr returns, and >> eventually cause the function to crash when it returns to "&&redirected" >> ("&&redirected" as a reserved label always seems to start with a bti j >> insn). > > Strictly speaking, this is entirely correct. :) > >> For lkdtm, if we're going to handle both cases in one function, maybe >> it would be better to turn off the -mbranch-protection=pac-ret+leaf+bti >> and maybe also turn off -O2 options for the function :) > > If we can apply a function attribute to turn off pac for the "does this > work without protections", that should be sufficient. > Got it, will do in the next version :) Thanks, Dan.