| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c91bbad8-9e45-724b-4526-fe3674310c57@intel.com>
Date: Tue, 1 Sep 2020 10:23:11 -0700
From: "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To: Dave Martin <Dave.Martin@....com>, "H.J. Lu" <hjl.tools@...il.com>
Cc: Dave Hansen <dave.hansen@...el.com>,
Andy Lutomirski <luto@...nel.org>,
Florian Weimer <fweimer@...hat.com>, X86 ML <x86@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>,
linux-arch <linux-arch@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Jann Horn <jannh@...gle.com>, Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Weijiang Yang <weijiang.yang@...el.com>
Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for
shadow stack
On 9/1/2020 3:28 AM, Dave Martin wrote:
> On Thu, Aug 27, 2020 at 06:26:11AM -0700, H.J. Lu wrote:
>> On Wed, Aug 26, 2020 at 12:57 PM Dave Hansen <dave.hansen@...el.com> wrote:
>>>
>>> On 8/26/20 11:49 AM, Yu, Yu-cheng wrote:
>>>>> I would expect things like Go and various JITs to call it directly.
>>>>>
>>>>> If we wanted to be fancy and add a potentially more widely useful
>>>>> syscall, how about:
>>>>>
>>>>> mmap_special(void *addr, size_t length, int prot, int flags, int type);
>>>>>
>>>>> Where type is something like MMAP_SPECIAL_X86_SHSTK. Fundamentally,
>>>>> this is really just mmap() except that we want to map something a bit
>>>>> magical, and we don't want to require opening a device node to do it.
>>>>
>>>> One benefit of MMAP_SPECIAL_* is there are more free bits than MAP_*.
>>>> Does ARM have similar needs for memory mapping, Dave?
>>>
>>> No idea.
>>>
>>> But, mmap_special() is *basically* mmap2() with extra-big flags space.
>>> I suspect it will grow some more uses on top of shadow stacks. It could
>>> have, for instance, been used to allocate MPX bounds tables.
>>
>> There is no reason we can't use
>>
>> long arch_prctl (int, unsigned long, unsigned long, unsigned long, ..);
>>
>> for ARCH_X86_CET_MMAP_SHSTK. We just need to use
>>
>> syscall (SYS_arch_prctl, ARCH_X86_CET_MMAP_SHSTK, ...);
>
>
> For arm64 (and sparc etc.) we continue to use the regular mmap/mprotect
> family of calls. One or two additional arch-specific mmap flags are
> sufficient for now.
>
> Is x86 definitely not going to fit within those calls?
That can work for x86. Andy, what if we create PROT_SHSTK, which can
been seen only from the user. Once in kernel, it is translated to
VM_SHSTK. One question for mremap/mprotect is, do we allow a normal
data area to become shadow stack?
>
> For now, I can't see what arg[2] is used for (and hence the type
> argument of mmap_special()), but I haven't dug through the whole series.
If we use the approach above, then we don't need arch_prctl changes.
Thanks,
Yu-cheng
Powered by blists - more mailing lists