| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 May 2024 15:13:59 +0000 From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com> To: "olsajiri@...il.com" <olsajiri@...il.com>, "oleg@...hat.com" <oleg@...hat.com> CC: "songliubraving@...com" <songliubraving@...com>, "luto@...nel.org" <luto@...nel.org>, "mhiramat@...nel.org" <mhiramat@...nel.org>, "andrii@...nel.org" <andrii@...nel.org>, "debug@...osinc.com" <debug@...osinc.com>, "john.fastabend@...il.com" <john.fastabend@...il.com>, "linux-api@...r.kernel.org" <linux-api@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>, "rostedt@...dmis.org" <rostedt@...dmis.org>, "ast@...nel.org" <ast@...nel.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "linux-man@...r.kernel.org" <linux-man@...r.kernel.org>, "yhs@...com" <yhs@...com>, "daniel@...earbox.net" <daniel@...earbox.net>, "peterz@...radead.org" <peterz@...radead.org>, "linux-trace-kernel@...r.kernel.org" <linux-trace-kernel@...r.kernel.org>, "bp@...en8.de" <bp@...en8.de>, "bpf@...r.kernel.org" <bpf@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org> Subject: Re: [PATCHv5 bpf-next 6/8] x86/shstk: Add return uprobe support On Wed, 2024-05-15 at 13:35 +0200, Oleg Nesterov wrote: > Let me repeat I know nothing about shadow stacks, only tried to > read Documentation/arch/x86/shstk.rst few minutes ago ;) > > On 05/13, Jiri Olsa wrote: > > > > 1) current uretprobe which are not working at the moment and we change > > the top value of shadow stack with shstk_push_frame > > 2) optimized uretprobe which needs to push new frame on shadow stack > > with shstk_update_last_frame > > > > I think we should do 1) and have current uretprobe working with shadow > > stack, which is broken at the moment > > Agreed, > > > I'm ok with not using optimized uretprobe when shadow stack is detected > > as enabled and we go with current uretprobe in that case > > But how can we detect it? Again, suppose userspace does the rdssp instruction returns the value of the shadow stack pointer. On non- shadow stack it is a nop. So you could check if the SSP is non-zero to find if shadow stack is enabled. This would catch most cases, but I guess there is the possibility of it getting enabled in a signal that hit between checking and the rest of operation. Is this uretprobe stuff signal safe in general?
Powered by blists - more mailing lists