Received: by 2002:a05:7412:da14:b0:e2:908c:2ebd with SMTP id fe20csp338978rdb; Fri, 6 Oct 2023 05:17:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEFoSwoWE7pHVeEMSVgjuKWIk5bZtnrK7BJTMrvYr/A8j7RMbMpgDau9XASe/A7+m0Slbxx X-Received: by 2002:a05:6358:7245:b0:14f:6a41:5d19 with SMTP id i5-20020a056358724500b0014f6a415d19mr9186068rwa.21.1696594651942; Fri, 06 Oct 2023 05:17:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696594651; cv=none; d=google.com; s=arc-20160816; b=KWwNMntc8Net/rSVdguWxoHmU5BdIFU+pb89n/qWXx4F2iVkhwDtYbNuO0xbiEs2M+ F5ksRIul5cFmbBE5RWIHXawCmZ775NnS4g5WVvxblbtGVA1s1MiV45LDJUByRE+QCIsT UevoEn/NPav+R8CPky6rrVngcreaYy5VhWKY1G1hDlTq76h+w4u9X/V+V5C3KARrrOv4 eif6jNsuc/k60PbRDaB6DNDsc+WWaFSTjfQvMZwwaztkfrBAEPOTdTBsS9al4+4CajBn MvWBL+Qj5knmrVOaMZkDHZs/hBCeQo/8hlhCff7gxvYNacbUn4qc3nB4CG64epme9z1f NkEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=g+Jlxpd7IlzSK0XotDFkdNcxd/Uar4IzwvOfjJ/Loyc=; fh=yR2Q6Ab3EenAHa7EUKahMcSBCYaMUQpFosJGht6xX1c=; b=aaqglHryy/whrlFU5m6B/2wSlfJ/PCMVvol4bR4ust+5oio5baVDAhL2l2kwjNQWFF 4wKL+ClwGP/VK2k2yoYIPQofnIsPHxx99N2Asu9E/eyqwTsY8yfNZn/QAabwU3Jlbxci 9v53DHUTnVqok9rQKIVh/+DtntT+9P/h5id9R0Sgk6UCM1UeDhe8Y+VrQ5fTGn7Mp5c4 avMelKPM81fcJENQG4J5MfAbp9YfjltjlyLhM63ckbmAq4INLNZ9jWTThQDBnEzrsa+c 8PNNCtPgyKE3tSp6afuhtMfBY0dJ0adWT2AO38XjUwl0HsphmOuWNTR43HdtGFyPE6nu 7Ltw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=D6ltmfDm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id y193-20020a638aca000000b00577f65baa3dsi3482616pgd.849.2023.10.06.05.17.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Oct 2023 05:17:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=D6ltmfDm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 69F7A82F3066; Fri, 6 Oct 2023 05:17:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232179AbjJFMRN (ORCPT + 99 others); Fri, 6 Oct 2023 08:17:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232140AbjJFMRL (ORCPT ); Fri, 6 Oct 2023 08:17:11 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A555C6; Fri, 6 Oct 2023 05:17:10 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 55541C433C7; Fri, 6 Oct 2023 12:17:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696594630; bh=EqGDo44ijwt3PzVq3fJt0gXvMnUdPHnl13/q3Gh+IJA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=D6ltmfDmvp/75b1XYAh+EJYFw/UiG6APNmLiR0Md1c9oGsu9Fiy31mMH20KZXQuYw FKgRMGjTR644c3uzTx61Cm80OZQhHhsiyjqVSP+9hqVdDS0OVgHeu/G8tpH/31UT+b 0YUh9zl6+KPXMGMBPuckQKhdexTkruFBEKPFFXXQBC/eLNKiLVjlv2VGlAJZHHCa0p lfCcMGqLD5ybTYvxe7rNBO1RZGUbORUTxeQIcTKtggoyf5KQ/ljs9Xi34jkXztew5n 5Tr5syleMJi8nkG5skjcn/oaxRzGS0K/pDWsXyFl+a9uj+kpWutmxRROX/rZ7FFEdK fdZspU9mRq+gw== Date: Fri, 6 Oct 2023 13:17:01 +0100 From: Mark Brown To: Catalin Marinas Cc: Szabolcs Nagy , Will Deacon , Jonathan Corbet , Andrew Morton , Marc Zyngier , Oliver Upton , James Morse , Suzuki K Poulose , Arnd Bergmann , Oleg Nesterov , Eric Biederman , Kees Cook , Shuah Khan , "Rick P. Edgecombe" , Deepak Gupta , Ard Biesheuvel , "H.J. Lu" , Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, kvmarm@lists.linux.dev, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org Subject: Re: [PATCH v4 03/36] arm64/gcs: Document the ABI for Guarded Control Stacks Message-ID: <638a7be5-6662-471d-a3ce-0de0ac768e99@sirena.org.uk> References: <43ec219d-bf20-47b8-a5f8-32bc3b64d487@sirena.org.uk> <38edb5c3-367e-4ab7-8cb7-aa1a5c0e330c@sirena.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fv2LrnWqf0aiVt0H" Content-Disposition: inline In-Reply-To: X-Cookie: Rome wasn't burnt in a day. X-Spam-Status: No, score=2.4 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_SBL_CSS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 06 Oct 2023 05:17:29 -0700 (PDT) X-Spam-Level: ** --fv2LrnWqf0aiVt0H Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Oct 05, 2023 at 06:23:10PM +0100, Catalin Marinas wrote: > It's not just the default size that I dislike (I think the x86 > RLIMIT_STACK or clone3() stack_size is probably good enough) but the > kernel allocating the shadow stack and inserting it into the user > address space. The actual thread stack is managed by the user but the > shadow stack is not (and we don't do this very often). Anyway, I don't > have a better solution for direct uses of clone() or clone3(), other > than running those threads with the shadow stack disabled. Not sure > that's desirable. Running threads with the shadow stack disabled if they don't explicitly request it feels like it's asking for trouble - as well as the escape route from the protection it'd provide I'd expect there to be trouble for things that do stack pivots, potentially random issues if there's a mix of ways threads are started. It's going to be a tradeoff whatever we do. --fv2LrnWqf0aiVt0H Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmUf+rwACgkQJNaLcl1U h9AHQQf7BUjbkJGRbqVL5lGyELqXE64nUXJxqNVQXzkHQ1ujZqDV/cLF9uojqJh6 yo1MngEonxyKeJjgqupcA6TzR0LGD9KvuzahtnPwSfluLAxLQG5iY2L+sA2Tdwb4 kPqoRiUS0++v1w/Oud9y0kcF6an3/im18MenqLAPGtnHPH+xE3EHipQsrYN53Fos vsFAhXwuDhqGVonMiS+J1OxVsYZ9cRcVlStwZI0JbcCPGjS/vMUsCiE1j8ERuLYr ZUNLyxMMQy35iW2uIdk67nRdv03mjTOw9yYr3akjxNW5eJeFrc804fBdZZ7YqrEE Ju28oLb7xq1zQUOX3lYKlNKWsex4KA== =iNQp -----END PGP SIGNATURE----- --fv2LrnWqf0aiVt0H--