lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZdaZj0pqaVJiNOUg@debug.ba.rivosinc.com>
Date: Wed, 21 Feb 2024 16:47:11 -0800
From: Deepak Gupta <debug@...osinc.com>
To: Mark Brown <broonie@...nel.org>
Cc: rick.p.edgecombe@...el.com, Szabolcs.Nagy@....com,
	kito.cheng@...ive.com, keescook@...omium.org,
	ajones@...tanamicro.com, paul.walmsley@...ive.com,
	palmer@...belt.com, conor.dooley@...rochip.com, cleger@...osinc.com,
	atishp@...shpatra.org, alex@...ti.fr, bjorn@...osinc.com,
	alexghiti@...osinc.com, corbet@....net, aou@...s.berkeley.edu,
	oleg@...hat.com, akpm@...ux-foundation.org, arnd@...db.de,
	ebiederm@...ssion.com, shuah@...nel.org, brauner@...nel.org,
	guoren@...nel.org, samitolvanen@...gle.com, evan@...osinc.com,
	xiao.w.wang@...el.com, apatel@...tanamicro.com,
	mchitale@...tanamicro.com, waylingii@...il.com,
	greentime.hu@...ive.com, heiko@...ech.de, jszhang@...nel.org,
	shikemeng@...weicloud.com, david@...hat.com, charlie@...osinc.com,
	panqinglin2020@...as.ac.cn, willy@...radead.org,
	vincent.chen@...ive.com, andy.chiu@...ive.com, gerg@...nel.org,
	jeeheng.sia@...rfivetech.com, mason.huo@...rfivetech.com,
	ancientmodern4@...il.com, mathis.salmen@...sal.de,
	cuiyunhui@...edance.com, bhe@...hat.com, chenjiahao16@...wei.com,
	ruscur@...sell.cc, bgray@...ux.ibm.com, alx@...nel.org,
	baruch@...s.co.il, zhangqing@...ngson.cn, catalin.marinas@....com,
	revest@...omium.org, josh@...htriplett.org, joey.gouly@....com,
	shr@...kernel.io, omosnace@...hat.com, ojeda@...nel.org,
	jhubbard@...dia.com, linux-doc@...r.kernel.org,
	linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, linux-arch@...r.kernel.org,
	linux-kselftest@...r.kernel.org
Subject: Re: [RFC PATCH v1 15/28] riscv/mm: Implement map_shadow_stack()
 syscall

On Tue, Feb 06, 2024 at 04:01:28PM +0000, Mark Brown wrote:
>On Wed, Jan 24, 2024 at 10:21:40PM -0800, debug@...osinc.com wrote:
>
>> As discussed extensively in the changelog for the addition of this
>> syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the
>> existing mmap() and madvise() syscalls do not map entirely well onto the
>> security requirements for guarded control stacks since they lead to
>> windows where memory is allocated but not yet protected or stacks which
>> are not properly and safely initialised. Instead a new syscall
>> map_shadow_stack() has been defined which allocates and initialises a
>> shadow stack page.
>
>While I agree that this is very well written you probably want to update
>the references to guarded control stacks to whatever the RISC-V term is :P

Noted. I'll do that in next patchset.

>
>> --- a/include/uapi/asm-generic/mman.h
>> +++ b/include/uapi/asm-generic/mman.h
>> @@ -19,4 +19,5 @@
>>  #define MCL_FUTURE	2		/* lock all future mappings */
>>  #define MCL_ONFAULT	4		/* lock all pages that are faulted in */
>>
>> +#define SHADOW_STACK_SET_TOKEN (1ULL << 0)     /* Set up a restore token in the shadow stack */
>>  #endif /* __ASM_GENERIC_MMAN_H */
>
>For arm64 I also added a SHADOW_STACK_SET_MARKER for adding a top of
>stack marker, did you have any thoughts on that for RISC-V?  I think x86
>were considering adding it too, it'd be good if we could get things
>consistent.

Please correct me on this. A token at the top which can't be consumed to restore
but *just* purely as marker, right?
It's a good design basic with not a lot of cost.

I think risc-v should be able to converge on that.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ