Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack

[PATCH v7 00/41] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 02/41] x86/shstk: Add Kconfig option for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Szabolcs Nagy <hidden> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Szabolcs Nagy <hidden> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Liang, Kan <hidden> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · H.J. Lu <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · H.J. Lu <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-03
[PATCH v7 03/41] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 05/41] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 04/41] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2023-03-01
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2023-03-01
[PATCH v7 09/41] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 10/41] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 11/41] mm: Introduce pte_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 06/41] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 16/41] x86/mm: Start actually marking _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 15/41] x86/mm: Update ptep/pmdp_set_wrprotect() for _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 07/41] x86: Move control protection handler to separate file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 07/41] x86: Move control protection handler to separate file · Borislav Petkov <bp@alien8.de> · 2023-03-01
[PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Borislav Petkov <bp@alien8.de> · 2023-03-02
Re: [PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
[PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Christophe Leroy <hidden> · 2023-03-01
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · David Hildenbrand <hidden> · 2023-03-01
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Borislav Petkov <bp@alien8.de> · 2023-03-02
[PATCH v7 17/41] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Borislav Petkov <bp@alien8.de> · 2023-03-03
Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Dave Hansen <hidden> · 2023-03-03
[PATCH v7 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Borislav Petkov <bp@alien8.de> · 2023-03-03
[PATCH v7 23/41] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · David Hildenbrand <hidden> · 2023-03-07
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Dave Hansen <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Borislav Petkov <bp@alien8.de> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · David Hildenbrand <hidden> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
[PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Andy Lutomirski <luto@kernel.org> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Andy Lutomirski" <luto@kernel.org> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
[PATCH v7 29/41] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-10
[PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Kees Cook <kees@kernel.org> · 2023-02-27
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
[PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Szabolcs Nagy <hidden> · 2023-03-02
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
[PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Borislav Petkov <bp@alien8.de> · 2023-03-09
[PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Szabolcs Nagy <hidden> · 2023-03-02
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-16
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Mike Rapoport <rppt@kernel.org> · 2023-03-14
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-16
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Szabolcs Nagy <hidden> · 2023-03-20
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
[PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
[PATCH v7 34/41] x86/shstk: Support WRSS for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 34/41] x86/shstk: Support WRSS for userspace · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 34/41] x86/shstk: Support WRSS for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
[PATCH v7 35/41] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 36/41] x86/shstk: Wire in shadow stack interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 37/41] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 38/41] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
[PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
[PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Borislav Petkov <bp@alien8.de> · 2023-03-13
[PATCH v7 41/41] x86/shstk: Add ARCH_SHSTK_STATUS · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27

From: H.J. Lu <hidden>
Date: 2023-03-10 20:44:09
Also in: linux-arch, linux-doc, linux-mm, lkml

On Fri, Mar 10, 2023 at 12:27 PM Edgecombe, Rick P
[off-list ref] wrote:

On Fri, 2023-03-10 at 12:00 -0800, H.J. Lu wrote:

quoted

So it does:
1. Enable shadow stack
2. Call elf libs checking functions
3. If all good, lock shadow stack. Else, disable shadow stack.
4. Return from elf checking functions and if shstk is enabled,
don't
underflow because it was enabled in step 1 and we have return
addresses
from 2 on the shadow stack

I'm wondering if this can't be improved in glibc to look like:
1. Check elf libs, and record it somewhere
2. Wait until just the right spot
3. If all good, enable and lock shadow stack.

I will try it out.

Currently glibc enables shadow stack as early as possible.  There
are only a few places where a function call in glibc never returns.
We can enable shadow stack just before calling main.   There are
quite some code paths without shadow stack protection.   Is this
an issue?

Thanks for checking. Hmm, does the loader get attacked?

Not I know of.  But there are user codes from .init_array
and .preinit_array which are executed before main.   In theory,
an attack can happen before main.

-- 
H.J.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help