lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6e1e22a5-1b7f-2783-351e-c8ed2d4893b8@intel.com>
Date:   Tue, 8 Sep 2020 11:25:20 -0700
From:   "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To:     Dave Hansen <dave.hansen@...el.com>,
        Andy Lutomirski <luto@...nel.org>
Cc:     Dave Martin <Dave.Martin@....com>, "H.J. Lu" <hjl.tools@...il.com>,
        Florian Weimer <fweimer@...hat.com>, X86 ML <x86@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Balbir Singh <bsingharora@...il.com>,
        Borislav Petkov <bp@...en8.de>,
        Cyrill Gorcunov <gorcunov@...il.com>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Eugene Syromiatnikov <esyr@...hat.com>,
        Jann Horn <jannh@...gle.com>, Jonathan Corbet <corbet@....net>,
        Kees Cook <keescook@...omium.org>,
        Mike Kravetz <mike.kravetz@...cle.com>,
        Nadav Amit <nadav.amit@...il.com>,
        Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
        Peter Zijlstra <peterz@...radead.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@...el.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
        Weijiang Yang <weijiang.yang@...el.com>
Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for
 shadow stack

On 9/8/2020 10:57 AM, Dave Hansen wrote:
> On 9/8/20 10:50 AM, Yu, Yu-cheng wrote:
>> What about this:
>>
>> - Do not add any new syscall or arch_prctl for creating a new shadow stack.
>>
>> - Add a new arch_prctl that can turn an anonymous mapping to a shadow
>> stack mapping.
>>
>> This allows the application to do whatever is necessary.  It can even
>> allow GDB or JIT code to create or fix a call stack.
> 
> Fine with me.  But, it's going to effectively be
> 
> 	arch_prctl(PR_CONVERT_TO_SHS..., addr, len);
> 
> when it could just as easily be:
> 
> 	madvise(addr, len, MADV_SHSTK...);
> 
> Or a new syscall.  The only question in my mind is whether we want to do
> something generic that we can use for other similar things in the
> future, like:
> 
> 	madvise2(addr, len, flags, MADV2_SHSTK...);
> 
> I don't really feel strongly about it, though.  Could you please share
> your logic on why you want a prctl() as opposed to a whole new syscall?
> 

A new syscall is more intrusive, I think.  When creating a new shadow 
stack, the kernel also installs a restore token on the top of the new 
shadow stack, and it is somewhat x86-specific.  So far no other arch's 
need this.

Yes, madvise is better if the kernel only needs to change the mapping. 
The application itself can create the restore token before calling 
madvise().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ