Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp916504lqg; Sat, 2 Mar 2024 07:03:29 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXJDVJTysW83hrZ9YdsuI19EScqF1+rBlVxyMSW8mH9Amnx31M3ivdM7bmpLeXblQ/4/ptqOFLRmgsPAhcIheqzDbr1BJWap/0E7V4cXA== X-Google-Smtp-Source: AGHT+IGqss0xaJpPtmFpjvhzOMYpJ/TjYOMjx1Z17eRSzTo7Nk0oxqptjGqKaMsdQlePoqQ6CATe X-Received: by 2002:ad4:5103:0:b0:690:6e4:8a70 with SMTP id g3-20020ad45103000000b0069006e48a70mr4732844qvp.21.1709391809515; Sat, 02 Mar 2024 07:03:29 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709391809; cv=pass; d=google.com; s=arc-20160816; b=tvNvGUiPry1nvQEqx9/Hu2WB8tlF2/RZRDVstIF6jTBPm0bSaIoiwQU7azx5deMOnz JRXOvnnxhDVVWmXtZcPCqSJZmVDmLYgswVBldEgrTAWTbq9rEVAoU58r/fLZ43N2SOnv SLoNcU53zonc5gl4LLDPiRSs68bSK1DW8sF4wQ+YnGmoWXkBRdVGqiZ8yfbiEqEkenJ7 umRQfTYDj9ZSrHrNoDGBlo30DUeaDZQHrmslZDymAZVK8eF/VBDaPTu1lEMOzTa2vs8T cSA1TdBYFAF65irOff2ndDlO1wv+0X0dnQ+wX4iH4q7e/5Fw6Vhg2PfuDchukJjaTK3u Eveg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:mail-followup-to :message-id:subject:cc:to:from:date; bh=RaMmWzUo0lkez42SqkbQqmg2eeNPwVJz6wKxe+L3p6M=; fh=oAMTX4vvfLT+hNv1Iot3Foknw77QfBm6nREMu79Z91c=; b=hn1gWH9VipkpqksbQNdCzGkWryBGDqFGLVmsTaZH3wZKQGhjIdmgobsTwNsQRj+x+m A4RX661MzTYTOKpep9aNqaVVq5X+ekhJX4Gk04t2E569S3PbhCznlgLBpqd7yoLG0i9D /Nxc+VrY2HWoRq4h/rpcPS/7OE0O+CmmaX1657Dq9itO/bPN7Us6rCHV/iJPvH6nLU4D KDt2xEOifGPLwSpGaZnNfeS7MTbbldXFKaeL0bOJ7/57amxlOFCrnahwpPL8U0NmXr8x yWWQTtn1Z329J8yn6cE6OiYtay/551e/OtkM0YAcvwVJL2GxYHtsoqdjK6Cc4kv7+Go3 oEAg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=port70.net); spf=pass (google.com: domain of linux-kernel+bounces-89467-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89467-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id i7-20020ad45c67000000b0068f41b53618si5947473qvh.262.2024.03.02.07.03.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 02 Mar 2024 07:03:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-89467-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=port70.net); spf=pass (google.com: domain of linux-kernel+bounces-89467-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89467-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 2BC8C1C20FF7 for ; Sat, 2 Mar 2024 15:03:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6C89917C7C; Sat, 2 Mar 2024 15:03:16 +0000 (UTC) Received: from port70.net (port70.net [81.7.13.123]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7488713FFA; Sat, 2 Mar 2024 15:03:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=81.7.13.123 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709391795; cv=none; b=AMYLg8N/4qrCqPw9ORGMPbZKu1LN5Sj6BdazhNyb8woUDMZAxjiSGspc+v8Ui5RMNu2eaLVacXZ2tLjjPjQqXlyMefomQ8Xw6+cuV1pk4Ut+2CirNqFKLMNypLKrk0898DM233sZizazGYmzwPN1393SOHfw9oXfc8Y9s3JemcU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709391795; c=relaxed/simple; bh=F+Ft9ySflUOsjYRoTJD/SuxsOSEZzbIMaYW9w/glpJY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=a0bMNapnZQa0/quYl7TDYybdZwf7CKj/0H0By6h7DqP9XawkWoSR+aIAMtq+XjSHGR1rjjEv7UbIHlii3pDBhvTZ+9nv5StBR3EHYqegB8MTHSfmLOJ6yzI5bt7hKDvjcTu39UnB1emDFSOJCsxwqSL1njDZSzUwlJnIcGug/gA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=port70.net; spf=pass smtp.mailfrom=port70.net; arc=none smtp.client-ip=81.7.13.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=port70.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=port70.net Received: by port70.net (Postfix, from userid 1002) id 691CEABEC0C7; Sat, 2 Mar 2024 15:57:02 +0100 (CET) Date: Sat, 2 Mar 2024 15:57:02 +0100 From: Szabolcs Nagy To: Mark Brown Cc: "dalias@libc.org" , "Edgecombe, Rick P" , "linux-arch@vger.kernel.org" , "suzuki.poulose@arm.com" , "Szabolcs.Nagy@arm.com" , "musl@lists.openwall.com" , "linux-fsdevel@vger.kernel.org" , "linux-riscv@lists.infradead.org" , "kvmarm@lists.linux.dev" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "catalin.marinas@arm.com" , "oliver.upton@linux.dev" , "palmer@dabbelt.com" , "debug@rivosinc.com" , "aou@eecs.berkeley.edu" , "shuah@kernel.org" , "arnd@arndb.de" , "maz@kernel.org" , "oleg@redhat.com" , "fweimer@redhat.com" , "keescook@chromium.org" , "james.morse@arm.com" , "ebiederm@xmission.com" , "will@kernel.org" , "brauner@kernel.org" , "hjl.tools@gmail.com" , "linux-kselftest@vger.kernel.org" , "paul.walmsley@sifive.com" , "ardb@kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-mm@kvack.org" , "thiago.bauermann@linaro.org" , "akpm@linux-foundation.org" , "sorear@fastmail.com" , "linux-doc@vger.kernel.org" Subject: Re: [musl] Re: [PATCH v8 00/38] arm64/gcs: Provide support for GCS in userspace Message-ID: <20240302145702.GD1884416@port70.net> Mail-Followup-To: Mark Brown , "dalias@libc.org" , "Edgecombe, Rick P" , "linux-arch@vger.kernel.org" , "suzuki.poulose@arm.com" , "Szabolcs.Nagy@arm.com" , "musl@lists.openwall.com" , "linux-fsdevel@vger.kernel.org" , "linux-riscv@lists.infradead.org" , "kvmarm@lists.linux.dev" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "catalin.marinas@arm.com" , "oliver.upton@linux.dev" , "palmer@dabbelt.com" , "debug@rivosinc.com" , "aou@eecs.berkeley.edu" , "shuah@kernel.org" , "arnd@arndb.de" , "maz@kernel.org" , "oleg@redhat.com" , "fweimer@redhat.com" , "keescook@chromium.org" , "james.morse@arm.com" , "ebiederm@xmission.com" , "will@kernel.org" , "brauner@kernel.org" , "hjl.tools@gmail.com" , "linux-kselftest@vger.kernel.org" , "paul.walmsley@sifive.com" , "ardb@kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-mm@kvack.org" , "thiago.bauermann@linaro.org" , "akpm@linux-foundation.org" , "sorear@fastmail.com" , "linux-doc@vger.kernel.org" References: <22a53b78-10d7-4a5a-a01e-b2f3a8c22e94@app.fastmail.com> <4c7bdf8fde9cc45174f10b9221fa58ffb450b755.camel@intel.com> <20240220185714.GO4163@brightrain.aerifal.cx> <9fc9c45ff6e14df80ad023e66ff7a978bd4ec91c.camel@intel.com> <20240220235415.GP4163@brightrain.aerifal.cx> <20240221012736.GQ4163@brightrain.aerifal.cx> <20240221145800.GR4163@brightrain.aerifal.cx> <4a3809e8-61b2-4341-a868-292ba6e64e8a@sirena.org.uk> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4a3809e8-61b2-4341-a868-292ba6e64e8a@sirena.org.uk> * Mark Brown [2024-02-21 17:36:12 +0000]: > On Wed, Feb 21, 2024 at 09:58:01AM -0500, dalias@libc.org wrote: > > On Wed, Feb 21, 2024 at 01:53:10PM +0000, Mark Brown wrote: > > > On Tue, Feb 20, 2024 at 08:27:37PM -0500, dalias@libc.org wrote: > > > > On Wed, Feb 21, 2024 at 12:35:48AM +0000, Edgecombe, Rick P wrote: > > > > > > (INCSSP, RSTORSSP, etc). These are a collection of instructions that > > > > > allow limited control of the SSP. When shadow stack gets disabled, > > > > > these suddenly turn into #UD generating instructions. So any other > > > > > threads executing those instructions when shadow stack got disabled > > > > > would be in for a nasty surprise. > > > > > This is the kernel's problem if that's happening. It should be > > > > trapping these and returning immediately like a NOP if shadow stack > > > > has been disabled, not generating SIGILL. > > > > I'm not sure that's going to work out well, all it takes is some code > > > that's looking at the shadow stack and expecting something to happen as > > > a result of the instructions it's executing and we run into trouble. A > > > I said NOP but there's no reason it strictly needs to be a NOP. It > > could instead do something reasonable to convey the state of racing > > with shadow stack being disabled. > > This feels like it's getting complicated and I fear it may be an uphill > struggle to get such code merged, at least for arm64. My instinct is the aarch64 behaviour is already nop for gcs instructions when gcs is disabled. the isa was designed so async disable is possible. only x86 linux would have to emulate this. > that it's going to be much more robust and generally tractable to let > things run to some suitable synchronisation point and then disable > there, but if we're going to do that then userspace can hopefully > arrange to do the disabling itself through the standard disable > interface anyway. Presumably it'll want to notice things being disabled > at some point anyway? TBH that's been how all the prior proposals for > process wide disable I've seen were done.