From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11E20C5478A for ; Wed, 21 Feb 2024 20:19:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8B81D6B009B; Wed, 21 Feb 2024 15:19:16 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 868016B009C; Wed, 21 Feb 2024 15:19:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6E1F06B009D; Wed, 21 Feb 2024 15:19:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 54E986B009B for ; Wed, 21 Feb 2024 15:19:16 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 25814120B2A for ; Wed, 21 Feb 2024 20:19:16 +0000 (UTC) X-FDA: 81816925512.07.603E9EA Received: from mail-yb1-f171.google.com (mail-yb1-f171.google.com [209.85.219.171]) by imf15.hostedemail.com (Postfix) with ESMTP id 5F0A5A000C for ; Wed, 21 Feb 2024 20:19:14 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=gjWdMQol; spf=pass (imf15.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.219.171 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1708546754; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dC0/jGGGg/HFaRyL81RjL7rrIVZv2xHBQs/cZSwhbtU=; b=eJ7O7LHzSjte4C2psxHf/gfR8Ajne1Nc0u8QCqUyAHBciQobobPpn6yKPeTs7Cfgr5FL5e GlurGMY6ZB8lql3sLx8aXKFRi/mlIxDVct0ziiFUHHiWy8sUA1T1asKFGrNvvH3pGxf5Lo ngpm+148rEiiwR2RjKTKb6gTgqP5qc4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708546754; a=rsa-sha256; cv=none; b=XjP477ejwuIxHwe+nJIVIo+jgaI4JKfM/r6aTDV561NXUTxRyJwMo77jyYrnqarJC18AHq 8dhJbq7TQ28df92IOPhkBfCAk1AUvgdKCQ86k2zxmQS7QSCGTkjEya9cjHVLiXc4V/+XOa PwMyoqUFzIYwj2r+X8/XW8+QvG8pDkw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=gjWdMQol; spf=pass (imf15.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.219.171 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-yb1-f171.google.com with SMTP id 3f1490d57ef6-dcdb210cb6aso7881066276.2 for ; Wed, 21 Feb 2024 12:19:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708546753; x=1709151553; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=dC0/jGGGg/HFaRyL81RjL7rrIVZv2xHBQs/cZSwhbtU=; b=gjWdMQolxYcScHxMH/F9ECWXrZxThWJhlni2YA+rrRtOB/4pW95knRyc1tsMk0hAQs r884qEUtznH1QL7mk4nQ+Pymuidwymj7GnQ/79f5TdT8jGyFC32PcRfi+XnVNKQ1M4wf FH1WzAjGo4s8vaeZcHb/Bt+6wUf/ocQpVeHUAouDjqdInIL+ee6gxXLW19J006YwXiOe DM0clMHpvjxFbSbrsZSioahpKmOSWRKgMMZLz4nwb1A9vviK2pEgJeHeIDkW5y2XlYYB kpV0h2pvtnapUArUbjq2g4zjtW6yBhvdLvEAH/uYnzXOa5H+YNxII9Rd2o44/NBMQGVf +lrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708546753; x=1709151553; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dC0/jGGGg/HFaRyL81RjL7rrIVZv2xHBQs/cZSwhbtU=; b=aWn/iRSer17eGFxX1Xs7AWmLhzUogGroHtJ0Ql6vtOsmJNLu6Ky7qR8oC+CHq75n22 DAzUTjhXdE4h58wn24bM5+l3CZc+VmW+rr/CjzC7z+pic5GGheJxGDdQ9EFE2F/KWyuP 4XOlqCMxFjhvOzPBj8L8IArrkH0ox45s0LJRO3lOvNcM5k/Y0bKwQnLjxKGkNmGFfTXk OUcStHkEp5j1FP55R1wIuRxybuzfHL6e34NdIkYiihdrBQyw4ElngcaifZQptxHQeH2N wxa1i0JG+xlDfDilqSi6yh6Ks91yyeHaCSO/Ok68c/sFOEgWcxJ0Qdq08TrmR6ihJBBO NC0g== X-Forwarded-Encrypted: i=1; AJvYcCXBIQAgkaYkX8frRZn19+PDWAgdW7gizc7JYyCmEqmYWUpWBUs6haRlDP6spaCJCd2hCmSM/033vLXjc1reVDOVPvc= X-Gm-Message-State: AOJu0Yyx9WnLLO8nkO1dwV0f3sab8CgSbDwaeBwlQ5CBZkRG02we63bd qjK+PPgG+7jOSwaIKPsVVC5l81NAgq9N2qTEoi/NyF0mPLTHwvrFpbAdmNof8fMCnTW9vMtUGUF R25IZNj95myHjA0B7RChoV2HF1nw= X-Google-Smtp-Source: AGHT+IH3LQerluMYb9fAN1mFFrYm7uBDz1sUFvXpU3AHFaytahksdyc6iEy7q2HkrUujPZEoOh6XClpzAjLcebGmCEk= X-Received: by 2002:a25:a543:0:b0:dc7:497e:cddf with SMTP id h61-20020a25a543000000b00dc7497ecddfmr380363ybi.33.1708546753425; Wed, 21 Feb 2024 12:19:13 -0800 (PST) MIME-Version: 1.0 References: <20240220235415.GP4163@brightrain.aerifal.cx> <20240221012736.GQ4163@brightrain.aerifal.cx> <20240221145800.GR4163@brightrain.aerifal.cx> <4a3809e8-61b2-4341-a868-292ba6e64e8a@sirena.org.uk> <20240221175717.GS4163@brightrain.aerifal.cx> <20240221183055.GT4163@brightrain.aerifal.cx> <20240221190639.GU4163@brightrain.aerifal.cx> In-Reply-To: From: "H.J. Lu" Date: Wed, 21 Feb 2024 12:18:37 -0800 Message-ID: Subject: Re: [musl] Re: [PATCH v8 00/38] arm64/gcs: Provide support for GCS in userspace To: "Edgecombe, Rick P" Cc: "dalias@libc.org" , "linux-arch@vger.kernel.org" , "suzuki.poulose@arm.com" , "Szabolcs.Nagy@arm.com" , "musl@lists.openwall.com" , "linux-fsdevel@vger.kernel.org" , "linux-riscv@lists.infradead.org" , "kvmarm@lists.linux.dev" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "catalin.marinas@arm.com" , "broonie@kernel.org" , "oliver.upton@linux.dev" , "palmer@dabbelt.com" , "debug@rivosinc.com" , "aou@eecs.berkeley.edu" , "shuah@kernel.org" , "arnd@arndb.de" , "maz@kernel.org" , "oleg@redhat.com" , "fweimer@redhat.com" , "keescook@chromium.org" , "james.morse@arm.com" , "ebiederm@xmission.com" , "will@kernel.org" , "brauner@kernel.org" , "linux-kselftest@vger.kernel.org" , "paul.walmsley@sifive.com" , "ardb@kernel.org" , "linux-arm-kernel@lists.infradead.org" , "linux-mm@kvack.org" , "thiago.bauermann@linaro.org" , "akpm@linux-foundation.org" , "sorear@fastmail.com" , "linux-doc@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5F0A5A000C X-Rspam-User: X-Stat-Signature: t31na586wocaecqp7beqpth99y88ds1a X-Rspamd-Server: rspam03 X-HE-Tag: 1708546754-998089 X-HE-Meta: U2FsdGVkX1/pMRYrlZEsiDb/mvqX9jMJBXLtk86Y9FMf3QQ2Fx7y7prbO4eUbnaNs4eCkB5LsVtlaIKo8mR4nVTJo8s/SPZyYO2pweRAdG24t99DIwc/Xawq5RyXiiTWxLYLy/ZtWfvQsjqno1tP1SO5+aZPM/QxuN15SkjUUwNMJnA4mJnP/+sLXsVtdBZYPz/TBWOgUBjT5Zj3tItc3KRRHB3COJVikPC+WiCWtmbJdMLB6j0+VuPyQozWy3CLrOIQXGkNdNcwXnGlqF7N4uivps/A40bHYlVlCK/GXOM82/Ofk3koV+R2gqIhn0eqztJ/tm/0knxsIWOCWHLR8FLEudVZRGs1ARLkILi23MYoMCzX0shfaPFXa+8ZCQb1SodItI27+JXkoRGkfXxC9n8DYuzpiwzIVz9pz2DEM23KKPBoYi0037WuDMrDAzRp3YyeGX8W6PwNr0G06FMiZDIL6Cqz3WLeU13QayFr/9CiiWfMKFNmVo3vc8+V5IvuZ4DlzyQR2nDs7AXW31Ps+SCXhAx9y6VZ3FQK7OsJib8kSVGdP36RzOmyepR+CvOmHit4M2AoiFPx5AjxxNj1rH0OURc8n/RQ/Si0W0H7dvr6CG+ll2bQIQm8p2/l/M3HwYB1zRzkTHinq0QarpsTazA71YqtCWAbPk3gDHfaIMPhANVTdWyuHf/nvB5/5JJ3y4ZCcnYqrW1iParZX3pystgMZ7Ut/K3fN0t4dWQYO/h+kKiOahLOkI/ZML6wTCSJpJorMW+EenF1evmSoLy65A6ho6an2snpTufdpmGFqo8quyVxdVWLVtxgBAYXP0HuyONXNmnN6wUmkXRdhvwuzs/47U7jZXHR374C7Q7WDyBind11SgoQr75k7P/NVIFkkbPLU93Jpmb2sHNGHPFc7wkNtPdh9M0RTc5iX84j5Kxu/88MsNT5xcfDkWgUYTLc7r2pVmkh18P+B9cyi/o eO1pxwQe NwgnNpGn2fJbxIViDmw7zinAiVNvC3cVbYFpWv4mAgnBg/l23IMt9Clv7CVc4bPPE3jmnUBeYy0iZx0y74/zN9lpFdMscUIE0luYE6pz/76x0vT54F3OEIi0+eZesz5ZhUGoFEn9Sm8sCkSzp/WJNPPuupJRIrXl2NO8xuNWFX5yDYm9BLY0NNyJZ2M0oIIh9LLPhk0PxGY45dJbAjmdrMApyC3wJVKAybfHR1IEeJmsKfWTx+dxEejFqdsNplg8k4sqoYnY0Tdtn6ioZU5+hzZNIXRPmb0PsMY6xhS43tDmKvFwzZ/lgD/WU4SjjdqxEeEuxGiBBlg/RLfdw9WqgGxLO1sH0ynUVTvduh/50XpZqMaYNODkzWJuf5USsHlm3xey914mBSEPwd5XiLl2T+2y8n6hcF+9GN4F2GAkdp1qjRUW5IIJmQmPukCLsJanvRd/33FvC4EfN5jGEDcggRXP7baKhT/2tNlJPiTuFIE9Syskv7I03mF0Kuqb3TEdGU+I+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.013187, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Feb 21, 2024 at 11:22=E2=80=AFAM Edgecombe, Rick P wrote: > > On Wed, 2024-02-21 at 14:06 -0500, dalias@libc.org wrote: > > Due to arbitrarily nestable signal frames, no, this does not suffice. > > An interrupted operation using the lock could be arbitrarily delayed, > > even never execute again, making any call to dlopen deadlock. > > Doh! Yep, it is not robust to this. The only thing that could be done > would be a timeout in dlopen(). Which would make the whole thing just > better than nothing. > > > > > > > > > > It's fine to turn RDSSP into an actual emulated read of the SSP, or > > at > > least an emulated load of zero so that uninitialized data is not left > > in the target register. > > We can't intercept RDSSP, but it becomes a NOP by default. (disclaimer > x86-only knowledge). > > > If doing the latter, code working with the > > shadow stack just needs to be prepared for the possibility that it > > could be async-disabled, and check the return value. > > > > I have not looked at all the instructions that become #UD but I > > suspect they all have reasonable trivial ways to implement a > > "disabled" version of them that userspace can act upon reasonably. > > This would have to be thought through functionally and performance > wise. I'm not opposed if can come up with a fully fleshed out plan. How > serious are you in pursuing musl support, if we had something like > this? > > HJ, any thoughts on whether glibc would use this as well? Assuming that we are talking about permissive mode, if kernel can suppress UD, we don't need to disable SHSTK. Glibc can enable ARCH_SHSTK_SUPPRESS_UD instead. > It is probably worth mentioning that from the security side (as Mark > mentioned there is always tension in the tradeoffs on these features), > permissive mode is seen by some as something that weakens security too > much. Apps could call dlopen() on a known unsupported DSO before doing > ROP. I don't know if you have any musl users with specific shadow stack > use cases to ask about this. --=20 H.J.