Thread (49 messages) 49 messages, 4 authors, 2021-02-03

Re: [PATCH v18 21/25] x86/cet/shstk: Handle signals for shadow stack

From: Dave Hansen <hidden>
Date: 2021-02-01 22:54:13
Also in: linux-arch, linux-doc, linux-mm, lkml

On 1/27/21 1:25 PM, Yu-cheng Yu wrote:
To deliver a signal, create a shadow stack restore token and put a restore
token and the signal restorer address on the shadow stack.  For sigreturn,
verify the token and restore the shadow stack pointer.

Introduce WRUSS, which is a kernel-mode instruction but writes directly to
user shadow stack.  It is used to construct the user signal stack as
described above.

Introduce a signal context extension struct 'sc_ext', which is used to save
shadow stack restore token address and WAIT_ENDBR status.  WAIT_ENDBR will
be introduced later in the Indirect Branch Tracking (IBT) series, but add
that into sc_ext now to keep the struct stable in case the IBT series is
applied later.
This changelog needs some work.  It's got a lot of "what" and not enough
"why".

Why do we need a token?
What function does it serve?
What does it protect against?
Why do we need a signal context extension?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help