Re: [PATCH v29 23/32] x86/cet/shstk: Add user-mode shadow stack support
From: Dave Hansen <hidden>
Date: 2021-09-01 15:24:34
Also in:
linux-api, linux-arch, linux-mm, lkml
On 9/1/21 6:00 AM, Borislav Petkov wrote:
quoted
So, this code takes the coward's way out: it *forces* TIF_NEED_FPU_LOAD to be clear by making the registers live with fpregs_restore_userregs(). That lets it just use WRMSR instead of dealing with the XSAVE buffer directly. If it didn't do this with the *WHOLE* set of user FPU state, we'd need more fine-granted "NEED_*_LOAD" tracking than our one FPU bit. This is also *only* safe because the task is newly-exec()'d and the FPU state was just reset. Otherwise, we might have had to worry that the non-PL3 SSPs have garbage or that non-SHSTK bits are set in MSR_IA32_U_CET. That said, after staring at it, I *think* this code is functionally correct and OK performance-wise.Right, except that that is being done in setup_signal_shadow_stack()/restore_signal_shadow_stack() too, for the restore token. Which means, a potential XRSTOR each time just for a single MSR. That means, twice per signal in the worst case. Which means, shadow stack should be pretty noticeable in signal-heavy benchmarks...
Ahh, good point. I totally missed the signal side. Yu-cheng, it would probably be wise to take a look at where TIF_NEED_FPU_LOAD is set in the signal paths. I suspect the new shadow stack code is clearing it pretty quickly. That's not *necessarily* a waste because it has to be XRSTOR'd somewhere before returning to userspace. But, it does impose an extra XSAVE/XRSTOR burden if the code is preempted somewhere between setup_signal_shadow_stack()/restore_signal_shadow_stack() and the return to usersspace. Some performance numbers would be nice. Even nicer would be to make your code work without requiring TIF_NEED_FPU_LOAD to be clear, or actively clearing it.