Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp502356rdh; Thu, 23 Nov 2023 09:35:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IFu9k0e3liY3brUyR2+nl0K06FPyv3e+Bkk75lmFafJkFo958lvPTeARot7NmVpMqzExsNc X-Received: by 2002:a05:6a00:8e05:b0:6c3:46f0:beed with SMTP id io5-20020a056a008e0500b006c346f0beedmr159946pfb.11.1700760957848; Thu, 23 Nov 2023 09:35:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700760957; cv=none; d=google.com; s=arc-20160816; b=zMbDq+J9/NqYJUqGcuBQeEPrZYajCnvCBuzyfLQXkZK8WnLcvchcZuxkmc0axkwkQU HgcJkJ7Tze6C74bmkPaGOhr07cUe+OnSA0InLjWqzYSNFCeAOMObv3su4DNugyNJT8Km pgPkMIF3wqNy6bvQg6ib0etZwpF3IRlwonZqHopp6JmzUe6hNSZHoL1pt0kIvzamRzMm SDWSsU/e6GjQ7LHbkSzvcbs3n0LqdahvbRFKtVqbKRZYDyntBTGM6YSVMIkrJuhnOPLt 99CMmpMmBhrS3MNHIc+IdMmkyJeK0+qAFjLv+aMPY49yr3x/oxCJtGIPRsl7dD2sHDZw QAfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=lw41kDW7l6IQw4PmcIkHhi0tsRJXRYrEAGrr1qZxMV4=; fh=/NGAuUPd0B8+OZEhPfy37TvYhCStcl0T+pBeZos5FWE=; b=VCXSLhoK+TggCPmwTTEXfGyK4dQbpN4nfF7k8vmz7CJ8W+1DgmI3hiqFEalw5Wfxef 3LNXQD3ezcIx4XUQeH3hczqOVJ6Zb31gu1CdElb0+Go4DwPCBQcIQsSAX0i1czIcR/2X pW8/izkZzBjWA4tVxhKTczQIkXSIUf0F9WcV74XytQsXwBk+ajAz1jnIrnFNfWMUz+Nk HlTR2zVjLkY3pVOw3AjPIyen+tWhq8uneLh6CXHs0qTVHzOjBjfYzz/haiQ+XZTR1PuP CTMC5lrezGxWzPbVY/WVTTnYAQQtcE8NXIFdXRffCUbh1NUnOI+TQ1wWyK3Drn2PIHWk XewQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KY1lQexw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id k19-20020aa788d3000000b006cbdfc1696asi1632064pff.341.2023.11.23.09.35.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 09:35:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=KY1lQexw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 3183F80417F2; Thu, 23 Nov 2023 09:35:52 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345172AbjKWRfh (ORCPT + 99 others); Thu, 23 Nov 2023 12:35:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229921AbjKWRfg (ORCPT ); Thu, 23 Nov 2023 12:35:36 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D98B8B9 for ; Thu, 23 Nov 2023 09:35:42 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E27BCC433CC; Thu, 23 Nov 2023 17:35:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1700760942; bh=/73LHzEUuMC+UbtJ5BdZY8QbIJypb3dNXKHEGBhyUfk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KY1lQexwEHntktudEDLo2U/ya2/15YkepNxQSkua05q8GbSv6SrrINT35F3cF/9SN nVVuTeTKuFby1C2Q2H9+GAtGpc3HmEwhDoSMRjdrnDZ7qd8YIV7PXYL7d3b0tOSPW0 y7mw/lZsUVYDLUtrAv1a3ClM+o5NKYp0Gprp7NcVJrSepRcjEsTppbDPIu4rYAqPhq CPn+qYP6jrRFi7gx+yV6h+UfDlNYqR+RSiEZM4yd6J+0quh157aUnC+PPHDcVK7GKV v6z9a7G+dQuNhkhiiJDlH3d4BufRFhu6hioME38hjy6Ql6uspZzj41LliW1R+CMLeN S/BNLPWNqi4TQ== Date: Thu, 23 Nov 2023 17:35:38 +0000 From: Mark Brown To: Christian Brauner Cc: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Valentin Schneider , Shuah Khan , linux-kernel@vger.kernel.org, Catalin Marinas , Will Deacon , Kees Cook , jannh@google.com, linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org Subject: Re: [PATCH RFT v3 2/5] fork: Add shadow stack support to clone3() Message-ID: References: <20231120-clone3-shadow-stack-v3-0-a7b8ed3e2acc@kernel.org> <20231120-clone3-shadow-stack-v3-2-a7b8ed3e2acc@kernel.org> <20231123-derivate-freikarte-6de8984caf85@brauner> <20231123-ausziehen-harpune-d020d47f964c@brauner> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CndIlGpPnv8RlVC+" Content-Disposition: inline In-Reply-To: <20231123-ausziehen-harpune-d020d47f964c@brauner> X-Cookie: Slow day. Practice crawling. X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 23 Nov 2023 09:35:52 -0800 (PST) --CndIlGpPnv8RlVC+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Nov 23, 2023 at 05:33:05PM +0100, Christian Brauner wrote: > On Thu, Nov 23, 2023 at 12:17:19PM +0000, Mark Brown wrote: > > > > + if (clone_flags & CLONE_VFORK) { > > > > + shstk->base = 0; > > > > + shstk->size = 0; > > > > + return 0; > > > > + } > > > Why is the CLONE_VFORK handling only necessary if shadow_stack_size is > > > unset? In general, a comment or explanation on the interaction between > > > CLONE_VFORK and shadow_stack_size would be helpful. > > This is the existing implicit behaviour that clone() has, it's current > > ABI for x86. The intent is that if the user has explicitly configured a > > shadow stack then we just do whatever they asked us to do, if they > So what I'm asking is: if the calling process is suspended until the > child exits or exec's does it make sense for the child to even get a > shadow stack? I don't know the answer which is why I'm asking. We were initially doing some suppression of stack creation based on the flags but based on prior discussion we decided it wasn't worth it. There was some question about corner cases (IIRC the main one was posix_spawn()), but generally the thinking here was that since userspace explicitly asked for the shadow stack in the worst case it'll just be inefficient and userspace can fix things by just not doing that. If we just create the shadow stack whenever it's requested then it makes the kernel side handling really simple to implement/verify and we don't have to worry about having missed any use cases with combinations of flags that we've not anticipated. --CndIlGpPnv8RlVC+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmVfjWoACgkQJNaLcl1U h9AaCAf9ESVElI0jUJmzKPT+rOMQcmn2utfrXnIajA0L2w8qephayJtaRS/cumi6 x79EY3sWCc3/7DU8ZokCs+1hlLe2YXBcHChU9mPSM5r910muGEmRFmDNYvXT0MDx zTAxwD1JezQm/xx+eao6qAXcndvSWtQ07KRkY+7kGh48MaBu6ea7ZHGLX36KLU3D FGZ4pwQjZAEZniikVAMKqkMiZgPWLaklyuu86hpWa1m5m9t6j3O97Zc7zsT9EhvO +L9dshnSTGK00sGneVJrznPPUm6w+9xYsAO8YNFfVMDSEeezBH3nKHxDGaGONOyP jacIFPP64N2TZMtsNbsQpUCrFXE4DQ== =+O4D -----END PGP SIGNATURE----- --CndIlGpPnv8RlVC+--