Re: [PATCH 00/10] Control Flow Enforcement - Part (3) | linux-doc

[PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 08/10] mm: Prevent mremap of shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 08/10] mm: Prevent mremap of shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 08/10] mm: Prevent mremap of shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 07/10] mm: Prevent mprotect from changing shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Cyrill Gorcunov <hidden> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-08
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Thomas Gleixner <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Thomas Gleixner <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · H.J. Lu <hidden> · 2018-06-12
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-18
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Florian Weimer <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@amacapital.net> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@amacapital.net> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@amacapital.net> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2018-06-19
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Andy Lutomirski <luto@amacapital.net> · 2018-06-20
Re: [PATCH 06/10] x86/cet: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2018-06-21
[PATCH 04/10] x86/cet: Handle thread shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Florian Weimer <hidden> · 2018-06-07
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Florian Weimer <hidden> · 2018-06-08
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-08
Re: [PATCH 04/10] x86/cet: Handle thread shadow stack · Yu-cheng Yu <hidden> · 2018-06-08
[PATCH 05/10] x86/cet: ELF header parsing of Control Flow Enforcement · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 05/10] x86/cet: ELF header parsing of Control Flow Enforcement · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 05/10] x86/cet: ELF header parsing of Control Flow Enforcement · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 09/10] mm: Prevent madvise from changing shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 09/10] mm: Prevent madvise from changing shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 09/10] mm: Prevent madvise from changing shadow stack · Nadav Amit <hidden> · 2018-06-07
Re: [PATCH 09/10] mm: Prevent madvise from changing shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 10/10] mm: Prevent munmap and remap_file_pages of shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 10/10] mm: Prevent munmap and remap_file_pages of shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 10/10] mm: Prevent munmap and remap_file_pages of shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 02/10] x86/cet: Introduce WRUSS instruction · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Peter Zijlstra <peterz@infradead.org> · 2018-06-07
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Peter Zijlstra <peterz@infradead.org> · 2018-06-11
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Yu-cheng Yu <hidden> · 2018-06-11
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Balbir Singh <bsingharora@gmail.com> · 2018-06-14
Re: [PATCH 02/10] x86/cet: Introduce WRUSS instruction · Yu-cheng Yu <hidden> · 2018-06-14
[PATCH 03/10] x86/cet: Signal handling for shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Andy Lutomirski <luto@amacapital.net> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Florian Weimer <hidden> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Cyrill Gorcunov <hidden> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Cyrill Gorcunov <hidden> · 2018-06-08
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 03/10] x86/cet: Signal handling for shadow stack · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-07
[PATCH 01/10] x86/cet: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-07
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Balbir Singh <bsingharora@gmail.com> · 2018-06-12
Re: [PATCH 01/10] x86/cet: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Balbir Singh <bsingharora@gmail.com> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Andy Lutomirski <luto@kernel.org> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Andy Lutomirski <luto@kernel.org> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-12
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Balbir Singh <bsingharora@gmail.com> · 2018-06-14
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-14
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Balbir Singh <bsingharora@gmail.com> · 2018-06-17
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Andy Lutomirski <luto@kernel.org> · 2018-06-18
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Balbir Singh <bsingharora@gmail.com> · 2018-06-19
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Jann Horn <jannh@google.com> · 2018-06-26
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-26
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Andy Lutomirski <luto@kernel.org> · 2018-06-26
Re: [PATCH 00/10] Control Flow Enforcement - Part (3) · Yu-cheng Yu <hidden> · 2018-06-26

Re: [PATCH 00/10] Control Flow Enforcement - Part (3)

From: Andy Lutomirski <luto@kernel.org>
Date: 2018-06-26 05:27:16
Also in: linux-api, linux-arch, linux-mm, lkml

On Thu, Jun 7, 2018 at 7:41 AM Yu-cheng Yu [off-list ref] wrote:

This series introduces CET - Shadow stack

I think you should add some mitigation against sigreturn-oriented
programming.  How about creating some special token on the shadow
stack that indicates the presence of a signal frame at a particular
address when delivering a signal and verifying and popping that token
in sigreturn?  The token could be literally the address of the signal
frame, and you could make this unambiguous by failing sigreturn if CET
is on and the signal frame is in executable memory.

IOW, it would be a shame if sigreturn() itself became a convenient
CET-bypassing gadget.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help