Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace

[PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 01/36] prctl: arch-agnostic prctl for shadow stack · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 02/36] arm64: Document boot requirements for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 03/36] arm64/gcs: Document the ABI for Guarded Control Stacks · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 04/36] arm64/sysreg: Add new system registers for GCS · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 05/36] arm64/sysreg: Add definitions for architected GCS caps · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 06/36] arm64/gcs: Add manual encodings of GCS instructions · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 07/36] arm64/gcs: Provide copy_to_user_gcs() · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 08/36] arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 09/36] arm64/mm: Allocate PIE slots for EL0 guarded control stack · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 10/36] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mark Brown <broonie@kernel.org> · 2023-07-31
Re: [PATCH v3 10/36] mm: Define VM_SHADOW_STACK for arm64 when we support GCS · Mike Rapoport <rppt@kernel.org> · 2023-08-01
[PATCH v3 11/36] arm64/mm: Map pages for guarded control stack · Mark Brown <broonie@kernel.org> · 2023-07-31
Re: [PATCH v3 11/36] arm64/mm: Map pages for guarded control stack · Mike Rapoport <rppt@kernel.org> · 2023-08-01
Re: [PATCH v3 11/36] arm64/mm: Map pages for guarded control stack · Mark Brown <broonie@kernel.org> · 2023-08-01
[PATCH v3 12/36] KVM: arm64: Manage GCS registers for guests · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 13/36] arm64/gcs: Allow GCS usage at EL0 and EL1 · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 14/36] arm64/idreg: Add overrride for GCS · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 15/36] arm64/hwcap: Add hwcap for GCS · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 16/36] arm64/traps: Handle GCS exceptions · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 17/36] arm64/mm: Handle GCS data aborts · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 18/36] arm64/gcs: Context switch GCS state for EL0 · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 19/36] arm64/gcs: Allocate a new GCS for threads with GCS enabled · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 20/36] arm64/gcs: Implement shadow stack prctl() interface · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-07-31
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-07-31
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-07-31
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-07-31
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mike Rapoport <rppt@kernel.org> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-08-01
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-02
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-04
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-08-04
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-04
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Szabolcs Nagy <hidden> · 2023-08-07
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-07
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Szabolcs Nagy <hidden> · 2023-08-08
Re: [PATCH v3 21/36] arm64/mm: Implement map_shadow_stack() · Mark Brown <broonie@kernel.org> · 2023-08-08
[PATCH v3 22/36] arm64/signal: Set up and restore the GCS context for signal handlers · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 23/36] arm64/signal: Expose GCS state in signal frames · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 24/36] arm64/ptrace: Expose GCS via ptrace and core files · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 25/36] arm64: Add Kconfig for Guarded Control Stack (GCS) · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 26/36] kselftest/arm64: Verify the GCS hwcap · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 27/36] kselftest/arm64: Add GCS as a detected feature in the signal tests · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 29/36] kselftest/arm64: Allow signals tests to specify an expected si_code · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 30/36] kselftest/arm64: Always run signals tests with GCS enabled · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 28/36] kselftest/arm64: Add framework support for GCS to signal handling tests · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 33/36] kselftest/arm64: Add test coverage for GCS mode locking · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 35/36] kselftest/arm64: Add a GCS stress test · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 31/36] kselftest/arm64: Add very basic GCS test program · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 32/36] kselftest/arm64: Add a GCS test program built with the system libc · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 34/36] selftests/arm64: Add GCS signal tests · Mark Brown <broonie@kernel.org> · 2023-07-31
[PATCH v3 36/36] kselftest/arm64: Enable GCS for the FP stress tests · Mark Brown <broonie@kernel.org> · 2023-07-31
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Will Deacon <will@kernel.org> · 2023-08-01
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Mark Brown <broonie@kernel.org> · 2023-08-01
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Szabolcs Nagy <hidden> · 2023-08-08
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Will Deacon <will@kernel.org> · 2023-08-08
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Mark Brown <broonie@kernel.org> · 2023-08-08
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Will Deacon <will@kernel.org> · 2023-08-10
Re: [PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace · Mark Brown <broonie@kernel.org> · 2023-08-10

From: Mark Brown <broonie@kernel.org>
Date: 2023-08-01 15:10:12
Also in: kvmarm, linux-arch, linux-doc, linux-fsdevel, linux-kselftest, linux-mm, linux-riscv, lkml

On Tue, Aug 01, 2023 at 03:13:20PM +0100, Will Deacon wrote:

On Mon, Jul 31, 2023 at 02:43:09PM +0100, Mark Brown wrote:

quoted

The arm64 Guarded Control Stack (GCS) feature provides support for
hardware protected stacks of return addresses, intended to provide
hardening against return oriented programming (ROP) attacks and to make
it easier to gather call stacks for applications such as profiling.

Why is this better than Clang's software shadow stack implementation? It
would be nice to see some justification behind adding all this, rather
than it being an architectural tick-box exercise.

Mainly that it's hardware enforced (as the quoted paragraph says).  This
makes it harder to attack, and hopefully it's also a bit faster (how
measurable that might be will be an open question, but even NOPs in
function entry/exit tend to get noticed).

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help