| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Jul 2023 10:39:57 +0100
From: Szabolcs Nagy <szabolcs.nagy@....com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
"Lutomirski, Andy" <luto@...nel.org>
Cc: "Xu, Pengfei" <pengfei.xu@...el.com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
"kcc@...gle.com" <kcc@...gle.com>,
"nadav.amit@...il.com" <nadav.amit@...il.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"david@...hat.com" <david@...hat.com>,
"Schimpe, Christina" <christina.schimpe@...el.com>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"peterz@...radead.org" <peterz@...radead.org>,
"corbet@....net" <corbet@....net>, "nd@....com" <nd@....com>,
"broonie@...nel.org" <broonie@...nel.org>,
"dethoma@...rosoft.com" <dethoma@...rosoft.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>, "pavel@....cz" <pavel@....cz>,
"bp@...en8.de" <bp@...en8.de>,
"debug@...osinc.com" <debug@...osinc.com>,
"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
"rppt@...nel.org" <rppt@...nel.org>,
"john.allen@....com" <john.allen@....com>,
"jamorris@...ux.microsoft.com" <jamorris@...ux.microsoft.com>,
"rdunlap@...radead.org" <rdunlap@...radead.org>,
"mike.kravetz@...cle.com" <mike.kravetz@...cle.com>,
"jannh@...gle.com" <jannh@...gle.com>,
"oleg@...hat.com" <oleg@...hat.com>,
"andrew.cooper3@...rix.com" <andrew.cooper3@...rix.com>,
"keescook@...omium.org" <keescook@...omium.org>,
"gorcunov@...il.com" <gorcunov@...il.com>,
"arnd@...db.de" <arnd@...db.de>,
"Yu, Yu-cheng" <yu-cheng.yu@...el.com>,
"fweimer@...hat.com" <fweimer@...hat.com>,
"hpa@...or.com" <hpa@...or.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"hjl.tools@...il.com" <hjl.tools@...il.com>,
"bsingharora@...il.com" <bsingharora@...il.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"Syromiatnikov, Eugene" <esyr@...hat.com>,
"Yang, Weijiang" <weijiang.yang@...el.com>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"Torvalds, Linus" <torvalds@...ux-foundation.org>,
"Eranian, Stephane" <eranian@...gle.com>,
libc-alpha@...rceware.org, dalias@...c.org,
branislav.rankov@....com
Subject: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack
description
The 07/11/2023 09:08, szabolcs.nagy--- via Libc-alpha wrote:
> the decision is for x86 shadow stack linux abi to use
>
> shadow stack size = stack size
>
> or
>
> shadow stack size = stack size + 1 page
>
> as default policy when alt stack signals use the same
> shadow stack, not a separate one.
>
> note: smallest stack frame size is 8bytes, same as the
> shadow stack entry. on a target where smallest frame
> size is 2x shadow stack entry size, the formula would
> use (stack size / 2).
i convinced myself that shadow stack size = stack size
works:
libc can reserve N bytes on the initial stack frame so
when the stack overflows there will be at least N bytes
on the shadow stack usable for signal handling.
this is only bad for tiny user allocated stacks where libc
should not consume too much stack space. but e.g. glibc
already uses >128 bytes on the initial stack frame for its
cancellation jumpbuf so 16 deep signal call stack is
already guaranteed to work.
the glibc makecontext code has to be adjusted, but that's
a libc side discussion.
the shadow stack of the main stack can still overflow, but
that requires increasing RLIMIT_STACK at runtime which is
not very common.
Powered by blists - more mailing lists