Re: [PATCH v18 21/25] x86/cet/shstk: Handle signals for shadow stack
From: Dave Hansen <hidden>
Date: 2021-02-01 22:54:13
Also in:
linux-arch, linux-doc, linux-mm, lkml
From: Dave Hansen <hidden>
Date: 2021-02-01 22:54:13
Also in:
linux-arch, linux-doc, linux-mm, lkml
On 1/27/21 1:25 PM, Yu-cheng Yu wrote:
To deliver a signal, create a shadow stack restore token and put a restore token and the signal restorer address on the shadow stack. For sigreturn, verify the token and restore the shadow stack pointer. Introduce WRUSS, which is a kernel-mode instruction but writes directly to user shadow stack. It is used to construct the user signal stack as described above. Introduce a signal context extension struct 'sc_ext', which is used to save shadow stack restore token address and WAIT_ENDBR status. WAIT_ENDBR will be introduced later in the Indirect Branch Tracking (IBT) series, but add that into sc_ext now to keep the struct stable in case the IBT series is applied later.
This changelog needs some work. It's got a lot of "what" and not enough "why". Why do we need a token? What function does it serve? What does it protect against? Why do we need a signal context extension?