Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp5815857ioo; Wed, 1 Jun 2022 13:11:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxszpfIvzd0//WRsA3QBBgbjTp2oEer7zC9Q3cXv96c7/cS+SrdanV9U16l1wx3kjgXhZpM X-Received: by 2002:aa7:864b:0:b0:518:796a:f9bb with SMTP id a11-20020aa7864b000000b00518796af9bbmr1243027pfo.9.1654114265890; Wed, 01 Jun 2022 13:11:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654114265; cv=none; d=google.com; s=arc-20160816; b=aGrwZLDtwhHR9yJNTrBI5Bq/C9RhGV1+Y4Jg9h6ZiEpGiPrLBR4dFTcq1vuITtUdA1 D43coUO8tf9505PH/HSbcSvx1SNYVqhvvsgCvoFVFn5zQ4RsV8FNPJjINbnhVrO25mKF JCDOHBMNUH6MR+SOq3BarRsTx9Ik7dfpdURRipINFxaEy8mAvocNPYTHRHrLdshSRukx qxhUymJXiAvsWHhq1qQxTGq+VqMBJYSLX3A9x65fj5xUa2spqx+P4xNy9U+sSjbN1zZi i9azNwb5ZVD04p+yli4pl5vzjbRLJQrY86gRRSpNIA+p79WGS9upNhsBd6ak1wIcC7z2 4Szg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=k9jTLjz6cIqjf+DZ1qmsoWyr2zG1V+B/zvNByHKzEp8=; b=F1RqLGNdh7vF8psMdQFOqzAy+fEjCLrZHaxjS//0MHfoGh2wlnd0ME5+604b54jDpS R8W7tq/6zp7NQ3JNs6aSnPPkjkTOqOrYpspEsuLeM3ZTWU+08dodxeqm+Wztl4nkISWr yWpWaG1UN+dTxc+9hrT4jVYrYFyupfgJwDMvAg3rl1pEHGthNsbrAx9d7uLah3SICuR5 uq25BjCSbJ4jv9nge19kg+JoA3zoiSllG2MF2vE19TdD72s2t56qiwgkdiqgouiYlVm7 MLfU46QSka5663RWrkfBvNzinAcvMbYDX/pPDPQP+uOuQ0QnQ/mVP6NWCGinPl34mKqW n7Rw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Tmy2IrqB; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id p23-20020a17090a931700b001dceae99b8bsi6998448pjo.102.2022.06.01.13.11.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jun 2022 13:11:05 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Tmy2IrqB; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 07EEBC1EC1; Wed, 1 Jun 2022 12:24:40 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344040AbiEaMAP (ORCPT + 99 others); Tue, 31 May 2022 08:00:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344022AbiEaL77 (ORCPT ); Tue, 31 May 2022 07:59:59 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56E514B876; Tue, 31 May 2022 04:59:57 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id C6DBFCE0E9F; Tue, 31 May 2022 11:59:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BAAAC385A9; Tue, 31 May 2022 11:59:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1653998394; bh=7Lbe2zyNQ0rV/hxwT06A/1O3dq6x6sIy9gX8/rG0xtw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Tmy2IrqB7ccOQs5HHqYf6TgLGfnXAIJZtPc+/nGbbCvo8aX1LEZimBe88wqFy9V+C uvtv6axBqQslJIEcqCmHaJugkFIWb+Z1TGJf0qmIzfM29u5W8NMrAAmC8ktgIpl75E gcrEmiqK0XFNQKuFpsGTYvYggWUWTxW87kTg+bDnnxhtC5uR2wiybPoB/pGb0zaA8x i+jCSOkZjgQgg9JGDLRgGwvKGGOSuZ8dg7B5XT3N41k+vwPDtPOWUa8GUiBlAGdxy4 tonA882Bd2BjYe9bNLmfo/ws8UnfaLAUVImqoIdDISbcSTFxR642KkhZQ769WLFSed swLqoEFb/vljQ== Date: Tue, 31 May 2022 14:59:37 +0300 From: Mike Rapoport To: "H.J. Lu" Cc: Andy Lutomirski , "Edgecombe, Rick P" , "bsingharora@gmail.com" , "hpa@zytor.com" , "Syromiatnikov, Eugene" , "peterz@infradead.org" , "rdunlap@infradead.org" , "keescook@chromium.org" , "0x7f454c46@gmail.com" <0x7f454c46@gmail.com>, "Eranian, Stephane" , "kirill.shutemov@linux.intel.com" , "dave.hansen@linux.intel.com" , "linux-mm@kvack.org" , "adrian@lisas.de" , "fweimer@redhat.com" , "nadav.amit@gmail.com" , "jannh@google.com" , "avagin@gmail.com" , "kcc@google.com" , "linux-arch@vger.kernel.org" , "pavel@ucw.cz" , "oleg@redhat.com" , "bp@alien8.de" , "linux-doc@vger.kernel.org" , "arnd@arndb.de" , "Moreira, Joao" , "tglx@linutronix.de" , "mike.kravetz@oracle.com" , "x86@kernel.org" , "Yang, Weijiang" , "dave.martin@arm.com" , "john.allen@amd.com" , "mingo@redhat.com" , "Hansen, Dave" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "gorcunov@gmail.com" , "Shankar, Ravi V" , "linux-api@vger.kernel.org" Subject: Re: [PATCH 00/35] Shadow stacks for userspace Message-ID: References: <5a792e77-0072-4ded-9f89-e7fcc7f7a1d6@www.fastmail.com> <05df964f-552e-402e-981c-a8bea11c555c@www.fastmail.com> <40a3500c-835a-60b0-15bf-40c6622ad013@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, On Mon, Mar 07, 2022 at 11:07:01AM -0800, H.J. Lu wrote: > On Mon, Mar 7, 2022 at 10:57 AM Mike Rapoport wrote: > > > > On Fri, Mar 04, 2022 at 11:13:19AM -0800, Andy Lutomirski wrote: > > > On 3/3/22 17:30, Edgecombe, Rick P wrote: > > Here is the CET ptrace patch on CET 5.16 kernel branch: > > https://github.com/hjl-tools/linux/commit/3a43ec29ddac56f87807161b5aeafa80f632363d It took me a while, but at last I have a version of CRIU that knows how to handle shadow stack. For the shadow stack manipulation during dump and for the creation of the sigframe for sigreturn I used the CET ptrace patch for 5.16 (thanks H.J). For the restore I had to add two modifications to the kernel APIs on top of this version of the shadow stack series: * add address parameter to map_shadow_stack() so that it'll call mmap() with MAP_FIXED if the address is requested. This is required to restore the shadow stack at the same address as it was at dump time. * add ability to unlock shadow stack features using ptrace. This is required because the current glibc (or at least in the version I used for tests) locks shadow stack state when it loads a program. This locking means that a process will either have shadow stack disabled without an ability to enable it or it will have shadow stack enabled with WRSS disabled and again, there is no way to re-enable WRSS. With that, ptrace looked like the most sensible interface to interfere with the shadow stack locking. I've pushed the kernel modifications here: https://git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git/log/?h=cet/kvm and CRIU modifications here: https://github.com/rppt/criu/tree/cet/v0.1 -- Sincerely yours, Mike.