Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp463512rdh; Thu, 23 Nov 2023 08:33:30 -0800 (PST) X-Google-Smtp-Source: AGHT+IGdRKL8+oc1TVkUUZcpsX0igEOzroC/B0ZiNbkRoLrW/BnjU342jJPJbPGwUxa5hCZ6u6JK X-Received: by 2002:a17:902:a983:b0:1c9:b2c1:139c with SMTP id bh3-20020a170902a98300b001c9b2c1139cmr5828160plb.62.1700757210360; Thu, 23 Nov 2023 08:33:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700757210; cv=none; d=google.com; s=arc-20160816; b=LHJUsF3bdW52szliW7kkjHzhGB8vLJqZa0nKs3QtyQKISiwi6VTPb3mGafiK0dXMrp CWgJabV1sie+TdztRvKE0wt73VS4ry3IODzVc3hWaV1lT8khIDEofGayAhU9+kiA92ec t8O0nTjqAQqeRW2BQy8HOiBbFrKxNzAIkbMWgZiJ5mOpicLvs/1mMZQHnplZPHBlPMlq 49tSaOAqtppBnsBV57HLihbqEaE6w9X04wD0FPkHhngcoZoliIpHXh2Sq0qqgkEBceva Sn859lYcUi1UlIJ73V6HXvJI/1ZmaPB9fWreNj1Yzbg0HDgkSP07PTuPgMPd59l1r1bv WQtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=mKKHFJ6VaxUAgyY7FTnvocg+G4JxrU89Y+CJvzR2dqY=; fh=i0Kfh4/KVPfuL+AiuIvf6sZqspsCC3D5lsk/4ERo5F8=; b=qVZvm5+6n6+p+nPlf0bHsP/3EUZdX0RloCjXdYYtKEnpTp8AFDx0rKXI2oiOR2ohgf VMxateCKBqzn3fzG2vIy22q8foynCX4I7Napr70NC6ZZi1S2dy86FONA9yG+cULM6CnQ dSbXOEZFqphO1cYseLQtnmBc2+NsEPRHy5Gcsk3FyiYgo4gWrCEsxoQi3Pn4BTrqrGd/ SlgA5YyFRR+1ni7KZLa07ERRYfYz0DFG9yI6YwrYRlaxudLoRltpM9pLLHN5ZQB3qA4p d0RQCM73CtD5Ol9zW1TK57Z17WHAZY7P+juaA/Jzaz4gxJJkQwBrMnPWOJIf830lVhHg tn8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YRHhRKo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id h3-20020a170902f54300b001cf677df8c0si1419195plf.432.2023.11.23.08.33.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 08:33:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YRHhRKo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id E13F8806E294; Thu, 23 Nov 2023 08:33:27 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229832AbjKWQdM (ORCPT + 99 others); Thu, 23 Nov 2023 11:33:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229519AbjKWQdJ (ORCPT ); Thu, 23 Nov 2023 11:33:09 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECD7B10C7 for ; Thu, 23 Nov 2023 08:33:15 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C60A2C433CA; Thu, 23 Nov 2023 16:33:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700757195; bh=SG11iwaP+p3koKgEoIVWXgRVVhH7qW0Y0/2cmw+cMpw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YRHhRKo69OXirFp+Rt89lJzssRTbqTsohTNQcXFTUxdRnQHui3q8TSYSPO8SKrQC/ apsxzb02JH6F8E2/A8Y+mQWA9CSforGzyx14GmG7KtRdXJ7Fwo5ozuYo+xctTezX+6 e4Z/UJVWbDFeJ+rPhV9+qTdkb0dQIV4kJSt7WVlBa/pi5TVSzIOXE77wAvq/ekeZ7Y fR0IriTFRegUMQnRs0pPjjJJoK6QZUFgQN2caRms+YlTkpkK8Xcqkvp6z5rxLi9DZg yQ5mBweHcpFEcaw+ukuWs7hps2RwbRsdWJWFym5IL855bTKNlgyA7iJNkrhXvxnXMP jiPPfmnIZs8Hw== Date: Thu, 23 Nov 2023 17:33:05 +0100 From: Christian Brauner To: Mark Brown Cc: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Valentin Schneider , Shuah Khan , linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , Kees Cook , jannh@google.com, linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org Subject: Re: [PATCH RFT v3 2/5] fork: Add shadow stack support to clone3() Message-ID: <20231123-ausziehen-harpune-d020d47f964c@brauner> References: <20231120-clone3-shadow-stack-v3-0-a7b8ed3e2acc@kernel.org> <20231120-clone3-shadow-stack-v3-2-a7b8ed3e2acc@kernel.org> <20231123-derivate-freikarte-6de8984caf85@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Thu, 23 Nov 2023 08:33:28 -0800 (PST) On Thu, Nov 23, 2023 at 12:17:19PM +0000, Mark Brown wrote: > On Thu, Nov 23, 2023 at 11:28:47AM +0100, Christian Brauner wrote: > > On Mon, Nov 20, 2023 at 11:54:30PM +0000, Mark Brown wrote: > > > Any reasonably maximum that should be assumed here? IOW, what happens if > > userspace starts specifying 4G shadow_stack_size with each clone3() call > > for lolz? > > I guess we could impose RLIMIT_STACK? Yeah, that also seems to be what acct_stack_growth() is using. > > > > + } else { > > > + /* > > > + * For CLONE_VFORK the child will share the parents > > > + * shadow stack. Make sure to clear the internal > > > + * tracking of the thread shadow stack so the freeing > > > + * logic run for child knows to leave it alone. > > > + */ > > > + if (clone_flags & CLONE_VFORK) { > > > + shstk->base = 0; > > > + shstk->size = 0; > > > + return 0; > > > + } > > > Why is the CLONE_VFORK handling only necessary if shadow_stack_size is > > unset? In general, a comment or explanation on the interaction between > > CLONE_VFORK and shadow_stack_size would be helpful. > > This is the existing implicit behaviour that clone() has, it's current > ABI for x86. The intent is that if the user has explicitly configured a > shadow stack then we just do whatever they asked us to do, if they So what I'm asking is: if the calling process is suspended until the child exits or exec's does it make sense for the child to even get a shadow stack? I don't know the answer which is why I'm asking.