Received: by 2002:a05:622a:4ca:b0:41c:c224:f26f with SMTP id q10csp534417qtx; Thu, 16 Nov 2023 10:41:56 -0800 (PST) X-Google-Smtp-Source: AGHT+IHux0hXfbYcaRvhMSiXAN0h8OXahdj66BtEF8c+DxCvl22/uEL+zS3pl7bVHnJt9Fu4yFiZ X-Received: by 2002:a17:902:e80d:b0:1cc:1106:cf5b with SMTP id u13-20020a170902e80d00b001cc1106cf5bmr12659592plg.19.1700160115652; Thu, 16 Nov 2023 10:41:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700160115; cv=none; d=google.com; s=arc-20160816; b=uuw9F26ESxeqpIsg5k184+VsT/slA4M7x+1+udmGi52TwdXo1iihBiU+TMCBPcccou /TlPn4lksgPsoDEAOO7H+eWInwDaD7eQ+Z0egUR+8WdAcaUl4b2AwY9a0RkLUMttvSo3 0YkQcHb4gRiQ/IxmqawBrUovTaubPIAG5s/foNfkth/ctc7C9T33fxU3USybR6GRhweb nMfp5EhXhDoOL2sUjKDK6Clq0jWdsYPvKoAS4vQEmj7COZzuMZViquIquEMCV7/HOzaS zVi4N4t32fj0A3gm0qIsbWe5ezSufZDmBFNPoX3Wc4cAylBpFlTrdPUR9Bqm7PatWTRZ rGYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=g5/FyTeQFgg2uCZ1C3tSb1RrSa1Sm7Tp50L2nbFRqOk=; fh=CQZg7lmF1cDV1k1r16GVXs9vqkQP9OkQM5fx1CfDRYE=; b=uMSIgAWZtkBn9Vnf1hflCeW/bOZSLR9+GX9btn/C0MQ5B1nAZfCkIwaGl4QxZFJgGj awyFAud0MTzj0UrdOAIPEFEo/6TlXe4rgiR+ry0ki6ifukSmX9nTQq3sS6MEAl7OjlUp Svgqj5MGrZvo0BHtwt/dihO3v27CgZsLDjos8Xo/u9u/b7M+eVIjRTuXLCsh9Fi510BE 64OxngZ1rQ5zNcXMlycrop+OmunE/IDmjFbcTG5ePwgZLUFac7NXlb3v+qOt8f+HvYu3 h4brNalStVzUa4lVpoX81C74o5uJC1+O3FE3WU22AMOlvXN9CuvmcC9bEbzjLl5VoHap ME1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pma9qkeR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id d1-20020a170902cec100b001c89c86160bsi13332813plg.385.2023.11.16.10.41.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Nov 2023 10:41:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pma9qkeR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id CB0958089E60; Thu, 16 Nov 2023 10:41:32 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345368AbjKPSlW (ORCPT + 99 others); Thu, 16 Nov 2023 13:41:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229513AbjKPSlU (ORCPT ); Thu, 16 Nov 2023 13:41:20 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D56CE194 for ; Thu, 16 Nov 2023 10:41:17 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 869CDC433C7; Thu, 16 Nov 2023 18:41:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700160077; bh=axDloRwFo8G9keDVvfti1AbZSDYwXXFVtTtUR/GsIhE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=pma9qkeRVPQcWRu3uBsdtKvpuVIgNSNViUMZuUAsPzW0fPCAwJupH64Rorn1lXigY oaSevdGsXzgdUA358FZmo3L3HdiGxwBi4lzyktHO6ps8ysOMJduDj1QhTP5VAYpkUk r4jpy7BB/GULp/bmBvJ/VYwJK9ImBUMhB/XaYQCa7gHHQ+wT9qvjCrG0pqpBcrjdH8 kA2/xCGko6HFcbNsf1vbFrliwyVvLF9DQ+lKv+ukKtXX2dKDbOOibJN2URvD1vF6o3 WTWoD98qttsiSQhb09vJTJvaiFrjRcq+wSM/iKMaTgDRshlU5vr22WTT9su8wzPKcj RueF5t/2ZQovg== Date: Thu, 16 Nov 2023 18:41:08 +0000 From: Mark Brown To: "Edgecombe, Rick P" Cc: "Szabolcs.Nagy@arm.com" , "dietmar.eggemann@arm.com" , "keescook@chromium.org" , "shuah@kernel.org" , "brauner@kernel.org" , "dave.hansen@linux.intel.com" , "debug@rivosinc.com" , "mgorman@suse.de" , "linux-api@vger.kernel.org" , "fweimer@redhat.com" , "linux-kernel@vger.kernel.org" , "mingo@redhat.com" , "rostedt@goodmis.org" , "hjl.tools@gmail.com" , "tglx@linutronix.de" , "vschneid@redhat.com" , "catalin.marinas@arm.com" , "vincent.guittot@linaro.org" , "bristot@redhat.com" , "will@kernel.org" , "hpa@zytor.com" , "peterz@infradead.org" , "jannh@google.com" , "bp@alien8.de" , "bsegall@google.com" , "linux-kselftest@vger.kernel.org" , "Pandey, Sunil K" , "x86@kernel.org" , "juri.lelli@redhat.com" Subject: Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() Message-ID: References: <1bd189e0-a7dd-422c-9766-ef1c9b0d3df8@sirena.org.uk> <54d3bc9c-9890-49f0-9e9d-78ea4d0d7199@sirena.org.uk> <9ce63f824b768f9635e55150815ee614fdee1d73.camel@intel.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="6jnoQqzq7uwk9KbQ" Content-Disposition: inline In-Reply-To: <9ce63f824b768f9635e55150815ee614fdee1d73.camel@intel.com> X-Cookie: micro: X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 16 Nov 2023 10:41:33 -0800 (PST) --6jnoQqzq7uwk9KbQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Nov 16, 2023 at 06:11:17PM +0000, Edgecombe, Rick P wrote: > Now that I've thought about it more, removing the CLONE_VFORK part of > the logic has several downsides. It is a little extra work to create > and unmap a shadow stack for an operation that is supposed to be this > limited fast thing. It does rather feel like it's defeating the point of the thing. > It also will change the SSP(let me know if anyone has a general term we > can use) for the child. So if you have like: SSP seems fine, we're already using shadow stack here. > What about a CLONE_NEW_SHSTK for clone3 that forces a new shadow stack? > So keep the existing logic, but the new flag can override the logic for > !CLONE_VM and CLONE_VFORK if the caller wants. The behavior of > shadow_stack_size is then simple. 0 means use default size, !0 means > use the passed size. No need to overload and tie up args->stack. That does seem like it cuts through the ambiguous cases. If we go for that it feels like we should require the flag when specifying a size, just to be sure that everything is clear. Though having said that we could just always allocate a shadow stack if a size is specified regardless of the flags, requiring people who want non-default behaviour to have some idea what stack size they want. I don't think I have strong opinons between having the new flag or always allocating a stack if a size is specified. --6jnoQqzq7uwk9KbQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmVWYkMACgkQJNaLcl1U h9AnPQf+OrS9UnpK/M86Qe+eZ528KWBeQ9RRfz6xqRg0c/kGK8aPqBjZTcIlGNKo d+yKeTyTrlEaJLLd7jod/7KrOJjsYSDVokQXwODuLjTZYQJpPzJaHqXs/7gTrCHl bi7ce8CTK1y0SBanxfqk+uhy+26/tXCuF6DEytoY4dTwOn88k+L2ol0D17BeqHmm 7jLLDyvzl8FSLnksehEldYXRveieFSWJB2zODhPtQvRwbzsymNPkEXN+oVvCxiTh kIFOodspI8EmbIDryfo9U0xzfbaYTgg+2tB9C36LVNTg6idLgi6eeAB0nFk7+6x6 kVKeD4/4OM8Gtp9VErF0qo5dP468EQ== =Iru+ -----END PGP SIGNATURE----- --6jnoQqzq7uwk9KbQ--