Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp413653rdb; Tue, 5 Dec 2023 08:45:13 -0800 (PST) X-Google-Smtp-Source: AGHT+IE04oA71523839Qfhh0qSzeH86Hkcy9WRJajw4QISBq5z+sRM0wVjU+D3CcGDCl3aqUnguL X-Received: by 2002:a05:6a20:9f49:b0:18f:354f:58c1 with SMTP id ml9-20020a056a209f4900b0018f354f58c1mr2355379pzb.10.1701794712511; Tue, 05 Dec 2023 08:45:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701794712; cv=none; d=google.com; s=arc-20160816; b=lkgaZHWgUV1nKUR5wLkRJ6Dk0rrMXVsyUUj0aIwFVkRW4Pwb2xbllOFGQOYztiSm27 qWQMbr219Ums3z8vDBSMmAZJCNSqsQWJ+YXTixES/HJUekYf471kg/jfo0w1uys3GDE1 Rov5N8vj78m0sfG3eoJIdUdHql+0U2a6/xE/jxUaNYY3+I4kaYkJtolgEVqYvLN+nSeD /cITOPnhQBk7KT6yCNdTPyv3CLWBfaQHGNVBqG6YrfzT042TszIb2tPy01mae18Ae3Qy 7CSSHMg+CJLPXxoNCvvOip5omMlLUs1m47hZyQEFwYWXLmkne6fuD0jXru1IEoL+PsR7 FluQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=MU5qRCBaKPwCKQSNbQHDfD4qgkISlXIGoWIYNRnkaG0=; fh=xVitkehEXZK4oS1NZWZuIpcFV5Oxh7DF7N9Oo4mFH+I=; b=Vf7B79kwpVk+RxSErZz7VG+MDS3+c6d7tPZztNKwJxW6xU59REoY2y/vJ4/qWMGxwS 3p6oybDyve4ULtUrT1eA8rDmnmSMm+bqLWb14KZlZ2FVuYYJ2a4IO7jl6TRwL66AARCH PXc0od5lqUN8Gt1ppQFWnNXigc0Nhw6u6oukvUv12cLL17On/CCmmAY+twJaOKR9FvmZ yMufmFO8FP6Lc+jbmo/5OLlTA+LHn9LCGSZhGx049T365+bQRXWjEkkIuz5zRNve7UgS E1UJwwOkM9YnQC9prbq/23G+6Aac92aX07nCpIjBkI3GFDDd0toZNrxTuB0qa63XtA52 Fxsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OKtrLOuu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id s190-20020a632cc7000000b005a9fde46fa0si9753656pgs.130.2023.12.05.08.45.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 08:45:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OKtrLOuu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 3304A8061385; Tue, 5 Dec 2023 08:44:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232132AbjLEQnp (ORCPT + 99 others); Tue, 5 Dec 2023 11:43:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231820AbjLEQno (ORCPT ); Tue, 5 Dec 2023 11:43:44 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03729B2 for ; Tue, 5 Dec 2023 08:43:51 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D8AB2C433C7; Tue, 5 Dec 2023 16:43:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701794630; bh=bW3OrJbYp0bj7igkmuhy/a8fB4L68pG99Ed2bPNX7D8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=OKtrLOuuzsIJEvtJbodeJDDqyNZhcMw2XYqVbA/dlzeiW5j6c1Oori5+rCJHBJL0N AoMjz0uYXkSw2g7Egm3G9+/18GWtQxbc5E9k/FJvCclJjMJxPOapumx21dhLn15+jH GWKCpCOWpqj/eG7+5kiUNq2kUFogM9pw5dVkgl19S5rs7qQ984N/WKvF4P1LskuSEz TA7ajMQ+y39xuyXxZW5CAFMMjeCK7YJOS1UEsVf5RlJa1NOj/fnrXqqmWKqXj6Kwex QNtVj+NDLGGaoFjVZqyp3Wx+VWsE13mUb/5lzRAqy1E4zl2EHVnyweDanvIC98LVtw 9TrRETeQSanYQ== Date: Tue, 5 Dec 2023 16:43:41 +0000 From: Mark Brown To: "Edgecombe, Rick P" Cc: "dietmar.eggemann@arm.com" , "keescook@chromium.org" , "shuah@kernel.org" , "brauner@kernel.org" , "dave.hansen@linux.intel.com" , "debug@rivosinc.com" , "mgorman@suse.de" , "Szabolcs.Nagy@arm.com" , "fweimer@redhat.com" , "linux-kernel@vger.kernel.org" , "mingo@redhat.com" , "hjl.tools@gmail.com" , "rostedt@goodmis.org" , "vincent.guittot@linaro.org" , "tglx@linutronix.de" , "vschneid@redhat.com" , "catalin.marinas@arm.com" , "bristot@redhat.com" , "will@kernel.org" , "hpa@zytor.com" , "peterz@infradead.org" , "jannh@google.com" , "bp@alien8.de" , "bsegall@google.com" , "linux-kselftest@vger.kernel.org" , "linux-api@vger.kernel.org" , "x86@kernel.org" , "juri.lelli@redhat.com" Subject: Re: [PATCH RFT v4 5/5] kselftest/clone3: Test shadow stack support Message-ID: <098f5d43-e093-4316-9b86-80833c2b94ec@sirena.org.uk> References: <20231128-clone3-shadow-stack-v4-0-8b28ffe4f676@kernel.org> <20231128-clone3-shadow-stack-v4-5-8b28ffe4f676@kernel.org> <4898975452179af46f38daa6979b32ba94001419.camel@intel.com> <345cf31a-3663-4974-9b2a-54d2433e64a7@sirena.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="geVM8gTWdCwKEGG9" Content-Disposition: inline In-Reply-To: X-Cookie: I've Been Moved! X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 05 Dec 2023 08:44:00 -0800 (PST) --geVM8gTWdCwKEGG9 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 05, 2023 at 04:01:50PM +0000, Edgecombe, Rick P wrote: > Hmm, I didn't realize you were planning to have the kernel support > upstream before the libc support was in testable shape. It's not a "could someone run it" thing - it's about trying ensure that we get coverage from people who are just running the selftests as part of general testing coverage rather than with the specific goal of testing this one feature. Even when things start to land there will be a considerable delay before they filter out so that all the enablement is in CI systems off the shelf and it'd be good to have coverage in that interval. > > What's the issue with working around the missing support?=A0 My > > understanding was that there should be no ill effects from repeated > > attempts to enable.=A0 We could add a check for things already being > > enabled > Normally the loader enables shadow stack and glibc then knows to do > things in special ways when it is successful. If it instead manually > enables in the app: > - The app can't return from main() without disabling shadow stack=A0 > beforehand. Luckily this test directly calls exit() > - The app can't do longjmp() > - The app can't do ucontext stuff > - The enabling code needs to be carefully crafted (the inline problem=A0 > you hit) > I guess it's not a huge list, and mostly tests will run ok. But it > doesn't seem right to add somewhat hacky shadow stack crud into generic > tests. Right, it's a small and fairly easily auditable list - it's more about the app than the double enable which was what I thought your concern was. It's a bit annoying definitely and not something we want to do in general but for something like this where we're adding specific coverage for API extensions for the feature it seems like a reasonable tradeoff. If the x86 toolchain/libc support is widely enough deployed (or you just don't mind any missing coverage) we could use the toolchain support there and only have the manual enable for arm64, it'd be inconsistent but not wildly so. > So you were planning to enable GCS in this test manually as well? How > many tests were you planning to add it like this? Yes, the current version of the arm64 series has the equivalent support for GCS. I was only planning to do this along with adding specific coverage for shadow stacks/GCS, general stuff that doesn't have any specific support can get covered as part of system testing with the toolchain and libc support. The only case beyond that I've done is some arm64 specific stress tests which are written as standalone assembler programs, those wouldn't get enabled by the toolchain anyway and have some chance of catching context switch or signal handling issues should they occur. It seemed worth it for the few lines of assembly it takes. --geVM8gTWdCwKEGG9 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmVvUzwACgkQJNaLcl1U h9C+jAf+Md2bTNdvJs2oIqh+pACXbkAHBDvJZ/N1O5qY7yBLok1tIPJANG0jKFYX 6PxRyrDBuvQ47eZfaV2+7ea/+13vVBkVuPTI1503ktL8/gHGkBAfjTbpvj2Y9AOU 8SpeWDdlYSmo1F+o34hhroFMh5i1OY+l+vJ+FQaZIvcl9T/Duhe+9fe1xY5t49A5 gnCQXEDUxaLWeVb7WpcKlClGEX90GJyI94OrQ4wuIylpc98x9YQuGAiEdJcPLm+g IK7nqgioxopCgNhdhXy8nnR8r7WQUlxW7g/MMc+3DIOhLRoegISD6zpls62PDJbQ VF3UWrKSNa1UlF+p6OgWRKeODawTZg== =2dm/ -----END PGP SIGNATURE----- --geVM8gTWdCwKEGG9--