Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3()

[PATCH RFC RFT v2 0/5] fork: Support shadow stacks in clone3() · Mark Brown <broonie@kernel.org> · 2023-11-14
[PATCH RFC RFT v2 1/5] mm: Introduce ARCH_HAS_USER_SHADOW_STACK · Mark Brown <broonie@kernel.org> · 2023-11-14
Re: [PATCH RFC RFT v2 1/5] mm: Introduce ARCH_HAS_USER_SHADOW_STACK · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-14
Re: [PATCH RFC RFT v2 1/5] mm: Introduce ARCH_HAS_USER_SHADOW_STACK · Mark Brown <broonie@kernel.org> · 2023-11-15
Re: [PATCH RFC RFT v2 1/5] mm: Introduce ARCH_HAS_USER_SHADOW_STACK · David Hildenbrand <hidden> · 2023-11-15
Re: [PATCH RFC RFT v2 1/5] mm: Introduce ARCH_HAS_USER_SHADOW_STACK · Deepak Gupta <hidden> · 2023-11-15
[PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-14
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-15
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-15
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Szabolcs.Nagy@arm.com <hidden> · 2023-11-15
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-15
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Szabolcs.Nagy@arm.com <hidden> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Szabolcs.Nagy@arm.com <hidden> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Szabolcs.Nagy@arm.com <hidden> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-17
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-20
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Mark Brown <broonie@kernel.org> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-16
Re: [PATCH RFC RFT v2 2/5] fork: Add shadow stack support to clone3() · Deepak Gupta <hidden> · 2023-11-17
[PATCH RFC RFT v2 3/5] selftests/clone3: Factor more of main loop into test_clone3() · Mark Brown <broonie@kernel.org> · 2023-11-14
[PATCH RFC RFT v2 4/5] selftests/clone3: Allow tests to flag if -E2BIG is a valid error code · Mark Brown <broonie@kernel.org> · 2023-11-14
[PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · Mark Brown <broonie@kernel.org> · 2023-11-14
Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-14
Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · Mark Brown <broonie@kernel.org> · 2023-11-15
Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-11-17
Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · Deepak Gupta <hidden> · 2023-11-17
Re: [PATCH RFC RFT v2 5/5] kselftest/clone3: Test shadow stack support · Mark Brown <broonie@kernel.org> · 2023-11-20

From: Szabolcs.Nagy@arm.com <hidden>
Date: 2023-11-16 13:12:57
Also in: linux-kselftest, lkml

The 11/16/2023 12:33, Mark Brown wrote:

On Thu, Nov 16, 2023 at 10:32:06AM +0000, Szabolcs.Nagy@arm.com wrote:

quoted

The 11/16/2023 00:52, Edgecombe, Rick P wrote:

quoted

On Wed, 2023-11-15 at 18:43 +0000, Mark Brown wrote:

quoted

while CLONE_VFORK allows the child to use the parent shadow
stack (parent and child cannot execute at the same time and
the child wont return to frames created by the parent), we
want to enable precise size accounting of the shadow stack
so requesting a new shadow stack should work if new stack
is specified.

quoted

but stack==0 can force shadow_stack_size==0.

quoted

i guess the tricky case is stack!=0 && shadow_stack_size==0:
the user may want a new shadow stack with default size logic,
or (with !CLONE_VM || CLONE_VFORK) wants to use the existing
shadow stack from the parent.

If shadow_stack_size is 0 then we're into clone() behaviour and doing
the default/implicit handling which is to do exactly what the above
describes.

sounds good.

quoted

What is the case for stack=sp bit of the logic?

quoted

iirc it is not documented in the clone man page what stack=0
means and of course you don't want sp==0 in the vfork child
so some targets sets stack to sp in vfork, others set it 0
and expect the kernel to do the right thing.

The manual page explicitly says that not specifying a stack means to use
the same stack area as the parent.

not for clone. clone3 yes.

quoted

this likely does not apply to clone3 where the size has to be
specified so maybe stack==sp does not need special treatment.

You'd have to be jumping through hoops to manage to get the same stack
pointer while explicitly specifying a stack with clone3() on
architectures where the stack grows down.  I'm not sure there's a
reasonable use case.

ok makes sense.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help