On Mon, 2022-11-21 at 09:40 +0200, Mike Rapoport wrote:

On Thu, Nov 17, 2022 at 07:57:59PM +0000, Edgecombe, Rick P wrote:

quoted

On Thu, 2022-11-17 at 12:25 +0000, Schimpe, Christina wrote:

quoted

quoted

Hmm, we definitely need to be able to set the SSP. Christina,
does
GDB need
anything else? I thought maybe toggling SHSTK_EN?

In addition to the SSP, we want to write the CET state. For
instance
for inferior calls,
we want to reset the IBT bits.
However, we won't write states that are disallowed by HW.

Sorry, I should have given more background. Peter is saying we
should
split the ptrace interface so that shadow stack and IBT are
separate. 
They would also no longer necessarily mirror the CET_U MSR format.
Instead the kernel would expose a kernel specific format that has
the
needed bits of shadow stack support. And a separate one later for
IBT.

So the question is what does shadow stack need to support for
ptrace
besides SSP? Is it only SSP? The other features are SHSTK_EN and
WRSS_EN. It might actually be nice to keep how these bits get
flipped
more controlled (remove them from ptrace). It looks like CRIU
didn't
need them.

 
CRIU reads CET_U with ptrace(PTRACE_GETREGSET, NT_X86_CET). It's done
before the injection of the parasite. The value of SHSTK_EN is used
then to
detect if shadow stack is enabled and to setup victim's shadow stack
for
sigreturn.

Hmm, can it read /proc/pid/status? It has some lines like this:
x86_Thread_features: shstk wrss
x86_Thread_features_locked: shstk wrss