Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp2697743rdb;
        Fri, 8 Dec 2023 16:59:38 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHOhO0L+yEbquaUEgBy9H8dtUPyO5TWFGnq6vTZTuqzV3cuFIBiOHdBlo25V8CEI3iWieom
X-Received: by 2002:a05:6358:91a8:b0:16b:c401:e714 with SMTP id j40-20020a05635891a800b0016bc401e714mr1206414rwa.5.1702083577940;
        Fri, 08 Dec 2023 16:59:37 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702083577; cv=none;
        d=google.com; s=arc-20160816;
        b=kqzc1geo95SE9e6P9IWu2wnQqt+aUj3zhOMCayoP0KilJx/D8vqZtYz3Ygr9qSrurH
         cg3P5sfjeorg/lP1+WnEEHYbrlPQEfnAIW8hEM36JeViiP19ghCIH5z11TlDitwX7guV
         vGbnO/eP+xIqNuOhYUBJfR8Poer7jeQPPOxa+bhEO354AAVytA0S1Wf/e6ouOPv83lfZ
         Kz+I4IScNkpjwzKqzq6EdPvMfdFJDcdBSv3Y5z1Ae6Kzjuwhp4RelYXoP2jshkxDS744
         jMkgmrsqB5pZlirAFpCVP7UJFmpx8XYRIKj2cuQwGNFKasijJfT8pI/jLbAVhF1oG2kr
         hORQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:reply-to
         :in-reply-to:references:mime-version:dkim-signature;
        bh=4xB8OrZERO5Rc7R1JqpBtCzHbgKs7lLfjwuEVh+zHQ0=;
        fh=4PfzrfnLitCNDPiZBGthtef6oQ5lJHKl3Sh7Te0fN4U=;
        b=QBn6Yl0ZrfcmrMbyrW02WDTYZA1JNTr9XFFKGSoFZJPBZ8rwikR69/aVLWhuPy8uWs
         IQNgVBIjeJtnWVYfAj4Tlfjg5MMVIf+ZXNdxXF7d4End0mKrzRRQTxPNTF9h8UCEe4Jo
         z+ma1QKQ9iOAH/Bbx54ZWe279Zh2KsJUGsVkZrlqeoaVvNq1Im1V8lxZwlxVSOTCTX9u
         J8926VZ22RvC2sIzQpC5p/v4bmazr/eYwstfhmpFeKyCiYWfcIJubMc6gtE+SpRXOnCT
         CIBAoOgfLQP5zfX3wuwoDn5/pPXQuZzfS2rSkCeRKgRpKKgxksRtQ49SmuYqoYUfFV+K
         I5qw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail-com.20230601.gappssmtp.com header.s=20230601 header.b="P/HLUXnp";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
        by mx.google.com with ESMTPS id x8-20020a17090a164800b002886288d945si2439237pje.114.2023.12.08.16.59.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 08 Dec 2023 16:59:37 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail-com.20230601.gappssmtp.com header.s=20230601 header.b="P/HLUXnp";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 1600F81121E9;
	Fri,  8 Dec 2023 16:59:37 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229884AbjLIA7Z (ORCPT <rfc822;abrown110010@gmail.com>
        + 99 others); Fri, 8 Dec 2023 19:59:25 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43534 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229525AbjLIA7Y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 8 Dec 2023 19:59:24 -0500
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7D0111710;
        Fri,  8 Dec 2023 16:59:29 -0800 (PST)
Received: by mail-qt1-x82e.google.com with SMTP id d75a77b69052e-42542b1ed5dso17553071cf.1;
        Fri, 08 Dec 2023 16:59:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail-com.20230601.gappssmtp.com; s=20230601; t=1702083568; x=1702688368; darn=vger.kernel.org;
        h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=4xB8OrZERO5Rc7R1JqpBtCzHbgKs7lLfjwuEVh+zHQ0=;
        b=P/HLUXnpNVaFZj36qWUhFhsTV/d8q/pXm1//j3+mtGHw8/HpMRLvkX5Qi7PArCA/Q/
         RR/NkSUfs8yp4kR+K6mA58LcwBdbM1iGN0VU2yDxUB+9bvpASC7IXYVVBBi/MrH1otMk
         RlmzxvansJCTU11IU8NDg2LsmTNkKPF2jydkWJo86qCsw7WGzs6dSZq+zz+4fAVKstQO
         DhqKHzPf21Ae4hSegskcIBDoi/jEZcw1CDOruHOCuXNri01oxyamCM9AEnMQ5WgTnwwE
         PCr4BKq1ZVAK2/hHzbjIA4OmoSg6/6Fj7J/jPDpBXt6lpnlA35MXVISiHfglyv9lPYZ9
         BtAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1702083568; x=1702688368;
        h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4xB8OrZERO5Rc7R1JqpBtCzHbgKs7lLfjwuEVh+zHQ0=;
        b=pFxY3QwunbKkg36jQuIkfBJQWlt4AJYnf1SBYpa9ZgeMgouMCdSk07RLQ8z4fYF16K
         IVJhq6elSdsCe8VcolP8lCgaSPQDzLN59+u/QfyeSETfjFMafJ8Km2UVvHAAeSq0/lTp
         tvgh+KuUE43CQyjG1VdVt5qDRzqOY9OUbhNNBSoYLHfj8Bjb+Ldb7qX/H/zB1AwLumyr
         HjSHap7+AWFz/vROxfU/qPZxQ/atL9YX5C3qHqVsyoLqcO5jhGWsFqkkEXY1wR/kE5xy
         uaagZrPeK0PIKNYI8St9trgAqWfSwQdhKg1gB79Z/tq3zB4VqVjSCvjZ3OyFSoC9RMEs
         qHMw==
X-Gm-Message-State: AOJu0YxymwRRKL+k8lIqiFe/kFNOVuOH07FIOedIRkfmJ+RDGHMjdLqG
        QJQprUxREGGQth7F3wL7Em7EWRj8woePAoTQMUg=
X-Received: by 2002:ac8:5a8e:0:b0:425:4043:96f4 with SMTP id
 c14-20020ac85a8e000000b00425404396f4mr1034352qtc.129.1702083568530; Fri, 08
 Dec 2023 16:59:28 -0800 (PST)
MIME-Version: 1.0
References: <20231128-clone3-shadow-stack-v4-0-8b28ffe4f676@kernel.org>
In-Reply-To: <20231128-clone3-shadow-stack-v4-0-8b28ffe4f676@kernel.org>
Reply-To: robert@ocallahan.org
From:   "Robert O'Callahan" <robert@ocallahan.org>
Date:   Sat, 9 Dec 2023 13:59:16 +1300
Message-ID: <CAOp6jLY8aEFOOqe4ADkgeACvat+07_F_Xj963FhyXkF+0F5Pqw@mail.gmail.com>
Subject: Re: [PATCH RFT v4 0/5] fork: Support shadow stacks in clone3()
To:     Mark Brown <broonie@kernel.org>
Cc:     "Rick P. Edgecombe" <rick.p.edgecombe@intel.com>,
        Deepak Gupta <debug@rivosinc.com>,
        Szabolcs Nagy <Szabolcs.Nagy@arm.com>,
        "H.J. Lu" <hjl.tools@gmail.com>,
        Florian Weimer <fweimer@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
        "H. Peter Anvin" <hpa@zytor.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Juri Lelli <juri.lelli@redhat.com>,
        Vincent Guittot <vincent.guittot@linaro.org>,
        Dietmar Eggemann <dietmar.eggemann@arm.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
        Daniel Bristot de Oliveira <bristot@redhat.com>,
        Valentin Schneider <vschneid@redhat.com>,
        Christian Brauner <brauner@kernel.org>,
        Shuah Khan <shuah@kernel.org>, linux-kernel@vger.kernel.org,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        Kees Cook <keescook@chromium.org>, jannh@google.com,
        linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org,
        David Hildenbrand <david@redhat.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
        HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 08 Dec 2023 16:59:37 -0800 (PST)

On Wed, 29 Nov 2023 at 07:31, Mark Brown <broonie@kernel.org> wrote:
> Since clone3() is readily extensible let's add support for specifying a
> shadow stack when creating a new thread or process in a similar manner
> to how the normal stack is specified, keeping the current implicit
> allocation behaviour if one is not specified either with clone3() or
> through the use of clone().  Unlike normal stacks only the shadow stack
> size is specified, similar issues to those that lead to the creation of
> map_shadow_stack() apply.

rr (https://rr-project.org) records program execution and then reruns
it with exactly the same behavior (down to memory contents and
register values). To replay clone() etc in an application using shadow
stacks, we'll need to be able to ensure the shadow stack is mapped at
the same address during the replay run as during the recording run. We
ptrace the replay tasks and have the ability to execute arbitrary
syscalls in them. It sounds like we might be able to make this work by
overriding clone_args::shadow_stack_size to zero in the call to
clone3(), instead having the replay task call map_shadow_stack() to
put the the shadow stack in the right place, and then setting its SSP
via ptrace. Will that work?

Thanks,
Rob
-- 
Su ot deraeppa sah dna Rehtaf eht htiw saw hcihw, efil lanrete eht uoy
ot mialcorp ew dna, ti ot yfitset dna ti nees evah ew; deraeppa efil
eht. Efil fo Drow eht gninrecnoc mialcorp ew siht - dehcuot evah sdnah
ruo dna ta dekool evah ew hcihw, seye ruo htiw nees evah ew hcihw,
draeh evah ew hcihw, gninnigeb eht morf saw hcihw taht.