From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E620AC28B49 for ; Fri, 28 Aug 2020 01:35:40 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id A60E220776 for ; Fri, 28 Aug 2020 01:35:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="uRmcfm+e" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A60E220776 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 317A56B0002; Thu, 27 Aug 2020 21:35:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2C67F6B0003; Thu, 27 Aug 2020 21:35:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1B7A46B0006; Thu, 27 Aug 2020 21:35:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0124.hostedemail.com [216.40.44.124]) by kanga.kvack.org (Postfix) with ESMTP id 0492A6B0002 for ; Thu, 27 Aug 2020 21:35:40 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id B64EC364A for ; Fri, 28 Aug 2020 01:35:39 +0000 (UTC) X-FDA: 77198260398.19.river84_4c097af27071 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin19.hostedemail.com (Postfix) with ESMTP id 8ABA11ACEA4 for ; Fri, 28 Aug 2020 01:35:39 +0000 (UTC) X-HE-Tag: river84_4c097af27071 X-Filterd-Recvd-Size: 5984 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf23.hostedemail.com (Postfix) with ESMTP for ; Fri, 28 Aug 2020 01:35:38 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2CB942100A for ; Fri, 28 Aug 2020 01:35:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1598578537; bh=tiwxfT4ZMLpMEWhyNE2BjdBuHmjGuQJ6mucgE6D9qkc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=uRmcfm+eR0WIlwue7S9+eANKIDrpY5M+F5fBcTFGN90g2h81uyWfSVhceV5DbbGrg /Oe5GG3/y3AnqLUHitHWCx3ciML13KjKruPDw0fiif4jRsXq3GE3Z+Zx6IsOfaqJNf nVVeHjN2y0rW8BdIxt1ec8TPXeNOAQvJn+5LmDI4= Received: by mail-wm1-f44.google.com with SMTP id q9so4651705wmj.2 for ; Thu, 27 Aug 2020 18:35:37 -0700 (PDT) X-Gm-Message-State: AOAM5331iQkqBm867SMA/rAiCPiitM9VHV409Br1VRISohSKL8AWwViw 3F71QuhMPZuVXYOPUniubcR6X4IDPlSPClBFNZ5/Sg== X-Google-Smtp-Source: ABdhPJyYDWVWk+/eFi0FJX/LuTNS1lOPnideF7PaS5X0ejA+L68tTArSn1hMT49k/7qw7ckWeiQo1VUVs2+8b5+fEY8= X-Received: by 2002:a7b:c76e:: with SMTP id x14mr303768wmk.176.1598578535632; Thu, 27 Aug 2020 18:35:35 -0700 (PDT) MIME-Version: 1.0 References: <4BDFD364-798C-4537-A88E-F94F101F524B@amacapital.net> In-Reply-To: From: Andy Lutomirski Date: Thu, 27 Aug 2020 18:35:22 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack To: "H.J. Lu" Cc: "Yu, Yu-cheng" , Florian Weimer , Dave Martin , Dave Hansen , Andy Lutomirski , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Weijiang Yang Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 8ABA11ACEA4 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam04 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Aug 27, 2020 at 12:38 PM H.J. Lu wrote: > > On Thu, Aug 27, 2020 at 11:56 AM Andy Lutomirski wr= ote: > > > > > > > > > On Aug 27, 2020, at 11:13 AM, Yu, Yu-cheng wr= ote: > > > > > > =EF=BB=BFOn 8/27/2020 6:36 AM, Florian Weimer wrote: > > >> * H. J. Lu: > > >>>> On Thu, Aug 27, 2020 at 6:19 AM Florian Weimer wrote: > > >>>>> > > >>>>> * Dave Martin: > > >>>>> > > >>>>>> You're right that this has implications: for i386, libc probably= pulls > > >>>>>> more arguments off the stack than are really there in some situa= tions. > > >>>>>> This isn't a new problem though. There are already generic prct= ls with > > >>>>>> fewer than 4 args that are used on x86. > > >>>>> > > >>>>> As originally posted, glibc prctl would have to know that it has = to pull > > >>>>> an u64 argument off the argument list for ARCH_X86_CET_DISABLE. = But > > >>>>> then the u64 argument is a problem for arch_prctl as well. > > >>>>> > > >>> > > >>> Argument of ARCH_X86_CET_DISABLE is int and passed in register. > > >> The commit message and the C source say otherwise, I think (not sure > > >> about the C source, not a kernel hacker). > > > > > > H.J. Lu suggested that we fix x86 arch_prctl() to take four arguments= , and then keep MMAP_SHSTK as an arch_prctl(). Because now the map flags a= nd size are all in registers, this also solves problems being pointed out e= arlier. Without a wrapper, the shadow stack mmap call (from user space) wi= ll be: > > > > > > syscall(_NR_arch_prctl, ARCH_X86_CET_MMAP_SHSTK, size, MAP_32BIT). > > > > I admit I don=E2=80=99t see a show stopping technical reason we can=E2= =80=99t add arguments to an existing syscall, but I=E2=80=99m pretty sure i= t=E2=80=99s unprecedented, and it doesn=E2=80=99t seem like a good idea. > > prctl prototype is: > > extern int prctl (int __option, ...) > > and implemented in kernel as: > > int prctl(int option, unsigned long arg2, unsigned long arg3, > unsigned long arg4, unsigned long arg5); > > Not all prctl operations take all 5 arguments. It also applies > to arch_prctl. It is quite normal for different operations of > arch_prctl to take different numbers of arguments. If by "quite normal" you mean "does not happen", then I agree. In any event, I will not have anything to do with a patch that changes an existing syscall signature unless Linus personally acks it. So if you want to email him and linux-abi, be my guest.