From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A66E6C5478A
	for <linux-mm@archiver.kernel.org>; Wed, 21 Feb 2024 20:25:46 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 22F2E6B0078; Wed, 21 Feb 2024 15:25:46 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1DEF66B007B; Wed, 21 Feb 2024 15:25:46 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 080DB6B0098; Wed, 21 Feb 2024 15:25:46 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id EA8F46B0078
	for <linux-mm@kvack.org>; Wed, 21 Feb 2024 15:25:45 -0500 (EST)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 696DD140B2D
	for <linux-mm@kvack.org>; Wed, 21 Feb 2024 20:25:45 +0000 (UTC)
X-FDA: 81816941850.28.6180BBA
Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179])
	by imf05.hostedemail.com (Postfix) with ESMTP id 86BCA100017
	for <linux-mm@kvack.org>; Wed, 21 Feb 2024 20:25:43 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=VcHOemLT;
	spf=pass (imf05.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1708547143;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=KUZZ04EW9/qUv3qL29C/Oq6T36PR4Q6EbgcYZzQ1nWg=;
	b=p6JEcOiqaPW7nLSoCm2dgzDyqy5eVOYbfNQNRR1gTA4dJIe+skLz1Mn3Ua3U2YMkYOOjZf
	YmQv5TTdZD3o16RRqPwTq/w8fLu8bCw/F0J6OqM078y7AYccCE/AaTIQhjlETR8LLNGovL
	JLUmGdDeiBhJkAVDSyDGvklE0eWVptk=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=VcHOemLT;
	spf=pass (imf05.hostedemail.com: domain of hjl.tools@gmail.com designates 209.85.219.179 as permitted sender) smtp.mailfrom=hjl.tools@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1708547143; a=rsa-sha256;
	cv=none;
	b=sFgFgPfElR7XfT837DqcpV370xYZKxDsU3UvwPMWhL1Kf+I2W7UaGnTlaDbLoNhhs/1G9D
	GfFfVSHbGS1nR5HZE6u1V+/M/2+ya4uEKdokhcBP+7+Hj8UWmu7Wg8d5wLVPUkgSoe2HjN
	Q9qnusJAXNYwct+ywI5g2mcG8D7Wb5k=
Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-dcd9e34430cso7218330276.1
        for <linux-mm@kvack.org>; Wed, 21 Feb 2024 12:25:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1708547142; x=1709151942; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=KUZZ04EW9/qUv3qL29C/Oq6T36PR4Q6EbgcYZzQ1nWg=;
        b=VcHOemLTgCB54nCbtcrrdLcyPVSRirell/UvvyUK+NK+mTWM1ByOZtOLeXAOB2eJP1
         uFuPQZYUe8kFr8tvs261cw1V0jNVax9dpSBvodViCSQkJEpDWQg+2VBNzEVpxjTOU7dz
         I3+NXIfUPj7t2b0UI854s8/LXULle2+0wwLv7kivfdKneONaNAfGpAonqc9B12Gd5m1v
         veaU9VoDJ2RpSnytZPPBn6M/2OnjfBwHk6jBJhENIFe670qihxiNU6FLZwR9LVDOs3tJ
         dtyw4KfqVfPTUGuZvhaV2IeLkDYAszP3OPTcNj1HttF7omsiF6etM20NzNT70bU1vN+H
         Ee6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1708547142; x=1709151942;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=KUZZ04EW9/qUv3qL29C/Oq6T36PR4Q6EbgcYZzQ1nWg=;
        b=L3rCZuaL64zEngb865DDTKw2eVAxT6NsMcMwtDezuoOQivGdWzKv3ry0jl5U0kG6B1
         I6Ur24DC9CfpYVCHD+BwSxacWE2jHqxxvzzggqvCK11jw2xxIwwZnEs6zO1OTaNhAxSa
         Ufd007MGTmosGv3kY6Lym94ub0bZbowxkKEnVSdL8Xn6ZD3J2MdUpvrK3YMKOl7f4HOe
         U2f1/BDfBYoJKNPyMVneOMcVKpgCTn7PeHUw0hCE2O1QqC1BPXurCGsylKDEzrfNA/Q0
         U09712jQOH7/WsgUp5D2EGD0eH2ZjuCBgKMNPAYGFnadHysaQPojlbQhSlgIG/xGmCZI
         uaPQ==
X-Forwarded-Encrypted: i=1; AJvYcCVB4xPaSdBsqjF3CHxCYDxbpio5iB/kLahHT+E20hveNT/dAc8fVrdpfRkyBRZ5pgckoGUbNEIelIAira5b4Poo39o=
X-Gm-Message-State: AOJu0YwvSg7np3OD6iiy03MHXOJzRJkZtHaUSdh35vV7t2JiU/IVW/ON
	UXTjoEn8h58DN99B5j7s2rtAY7HMTasnYcguK7LwBvtZEKTyLrFGYNfLZDg5QHWsdvopRui2mWq
	4jzxTTTJqUnkbsKoPeQOTCJ3AHHk=
X-Google-Smtp-Source: AGHT+IHulW4fhdXYsgZSX5RqxAxS95jeQrXQWkLqG01c1LAdpuKIFalEI/fkzodUlC0P2/EUntFG0c+fYBgzVA4WA2w=
X-Received: by 2002:a25:1f8b:0:b0:dc7:46ef:8b9e with SMTP id
 f133-20020a251f8b000000b00dc746ef8b9emr389206ybf.29.1708547142617; Wed, 21
 Feb 2024 12:25:42 -0800 (PST)
MIME-Version: 1.0
References: <20240220235415.GP4163@brightrain.aerifal.cx> <a57d6c7eada4b9a7c35addbc8556f5b53a0c3e6f.camel@intel.com>
 <20240221012736.GQ4163@brightrain.aerifal.cx> <d18f060d-37ac-48b1-9f67-a5c5db79b34e@sirena.org.uk>
 <20240221145800.GR4163@brightrain.aerifal.cx> <4a3809e8-61b2-4341-a868-292ba6e64e8a@sirena.org.uk>
 <20240221175717.GS4163@brightrain.aerifal.cx> <f4a54297767eb098d903404cbe8860d655d79bed.camel@intel.com>
 <20240221183055.GT4163@brightrain.aerifal.cx> <c3085fbe10193dfe59b25bc7da776e60779b0e8c.camel@intel.com>
 <20240221190639.GU4163@brightrain.aerifal.cx> <e3a432c0fa9f5fe837e9d2fc7b36304709a34428.camel@intel.com>
 <CAMe9rOoUO-D7Uoj9s3eq+w9pJBZ=iucEDpU4hqtJYtPmW5T4dQ@mail.gmail.com>
In-Reply-To: <CAMe9rOoUO-D7Uoj9s3eq+w9pJBZ=iucEDpU4hqtJYtPmW5T4dQ@mail.gmail.com>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 21 Feb 2024 12:25:06 -0800
Message-ID: <CAMe9rOr1frpnKSnVQrqeiKK3aAR3xpG=VAiPYLOR9OpHnHhYUw@mail.gmail.com>
Subject: Re: [musl] Re: [PATCH v8 00/38] arm64/gcs: Provide support for GCS in userspace
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "dalias@libc.org" <dalias@libc.org>, 
	"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>, 
	"suzuki.poulose@arm.com" <suzuki.poulose@arm.com>, "Szabolcs.Nagy@arm.com" <Szabolcs.Nagy@arm.com>, 
	"musl@lists.openwall.com" <musl@lists.openwall.com>, 
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>, 
	"linux-riscv@lists.infradead.org" <linux-riscv@lists.infradead.org>, 
	"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>, "corbet@lwn.net" <corbet@lwn.net>, 
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, 
	"catalin.marinas@arm.com" <catalin.marinas@arm.com>, "broonie@kernel.org" <broonie@kernel.org>, 
	"oliver.upton@linux.dev" <oliver.upton@linux.dev>, "palmer@dabbelt.com" <palmer@dabbelt.com>, 
	"debug@rivosinc.com" <debug@rivosinc.com>, "aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>, 
	"shuah@kernel.org" <shuah@kernel.org>, "arnd@arndb.de" <arnd@arndb.de>, "maz@kernel.org" <maz@kernel.org>, 
	"oleg@redhat.com" <oleg@redhat.com>, "fweimer@redhat.com" <fweimer@redhat.com>, 
	"keescook@chromium.org" <keescook@chromium.org>, "james.morse@arm.com" <james.morse@arm.com>, 
	"ebiederm@xmission.com" <ebiederm@xmission.com>, "will@kernel.org" <will@kernel.org>, 
	"brauner@kernel.org" <brauner@kernel.org>, 
	"linux-kselftest@vger.kernel.org" <linux-kselftest@vger.kernel.org>, 
	"paul.walmsley@sifive.com" <paul.walmsley@sifive.com>, "ardb@kernel.org" <ardb@kernel.org>, 
	"linux-arm-kernel@lists.infradead.org" <linux-arm-kernel@lists.infradead.org>, 
	"linux-mm@kvack.org" <linux-mm@kvack.org>, 
	"thiago.bauermann@linaro.org" <thiago.bauermann@linaro.org>, 
	"akpm@linux-foundation.org" <akpm@linux-foundation.org>, "sorear@fastmail.com" <sorear@fastmail.com>, 
	"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 86BCA100017
X-Rspam-User: 
X-Stat-Signature: wo3j47bfi4akuri6u9hkkr91r9eb5bjr
X-Rspamd-Server: rspam01
X-HE-Tag: 1708547143-674710
X-HE-Meta: U2FsdGVkX18oaYnhzEDR7j2WQqnrq7trFfye9sScQyPe3NkStxKJtTVpmHCh8HW27qF9ptLbLs4O2NAdNrINVouIUkOwxeUUIEGJ2le7C/IeZw/Bl+YP7dXU5tozh/v7teLRwBpE779k4oAR0Ps5TWicFJkYWoOy4M3lj8FCBTAu9enmYjZJFp1zE3ExN5Uxbf25SryHEAdtGMjGKLCkJEF6ip+9KIMWMNwIA49lwHfG3ridROz4dR/5Lm4RcX+YE26HgVADKhwW373RZ7hRlnhtVNixPZMyTauC3myRvDXHGimFCujKboCPHhQQO+OIJ8CUAbs0V6aBaq4yo+IX2CrcQqsrUzp6f9pPUtd+n1rqv9cWMjHM9/l0lWDgmv093XL5CpQi0avfstyLIUKXTWFFjcGc2oa9hsbsle3hvwLcAaVQzGRiMeG4z7Wu3XWRn7wg6m7lcWgnObIBRFmYZ4qRFH4vrfk9OA8IC7fGrbv9y357wUMBL54kD/ZwPxqCUMEXZNY44C+EtGSaNGW4bFLYskx4m9Z55P8opqY/P2YoRr2osvKiQAgObV1TxpHphMoD6GzWppNN1BuLxwLznp90ZoyS1+HYHJK+Q5+rHkLzq0mTFMtrCfFuAuS8JZqD+0re6qgtH3rKtWa3spLCUHeKfDfsmfkjs+9USonprs2BWsj9bfTVunceqaB44cNnOAUVjN7d9Ga60f9lFY0wzk/yv1PulCocItVg0oleEpq2aFs67XTnAYbGfGif2OcdGP2lCqQ50iSshURhfrDFJ8ZKfu+CZ+4KFlJTnvmV86bDCS+AUnipRyZkvqpcIdTPRmEAyaCaBXywi5VoAq0p6hzOtk630lPP5LW6/7bUYrQfCFu6j0Ot/LMeu00s3evZH8mmallORJ3df/wrhXoA6jRdB4ENW6DPszcIzgOrAFqwUo7m9B3IOFzurrTjUIzVQAG8chevK/RVesSh20U
 Gbevgkfi
 dYSF9p9HaaUrqXmZw64BHuw4tabGNTbwMwRhuk3YSpZYGrdXOiVG0omEb+DAJi/G93kHXFWbjwUGGSMgRIPjjAkE8KhQ7xGq2ABvXhh8MDAyR4JOb0qBIUgAqDjBkDVLd2cbiCTEXytw1tXJzkYBYDPoG8iBCtuuKhp+qE709KmYcXSQI572tg2re7FIodSGblV/FZHWjt/68qHuMrvnaebfTuh5Cr4iC6mm1rabWnD/jVemQJfNoPvLT+ll3DINT49tVuhGdmv0LoZQPxNWnTgnXuXVgpsn6n6HegIbAnIZDkNZwsAUD02FunzxZ8yr2XGR99IzuBxSM6CXBsdvCmHufR3xCnPt5cWtDCCSmCR9L5h2cE+CyAD6Mh86jPAGjuEz34yjR2wOfoAgrKT5cSuig/oPW/P5+EB2MVwCLeglQsCzZYQEw5xEjIPls3IhGkshfRT+I+VvOvemz05aCwIfT4SHdpkcqHSZwNCTuVKSQ7OAW8Sezt6Rw4D/lqqQT8Au7NYvwMXLLF/XkUjOUx8KsTg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.012447, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Feb 21, 2024 at 12:18=E2=80=AFPM H.J. Lu <hjl.tools@gmail.com> wrot=
e:
>
> On Wed, Feb 21, 2024 at 11:22=E2=80=AFAM Edgecombe, Rick P
> <rick.p.edgecombe@intel.com> wrote:
> >
> > On Wed, 2024-02-21 at 14:06 -0500, dalias@libc.org wrote:
> > > Due to arbitrarily nestable signal frames, no, this does not suffice.
> > > An interrupted operation using the lock could be arbitrarily delayed,
> > > even never execute again, making any call to dlopen deadlock.
> >
> > Doh! Yep, it is not robust to this. The only thing that could be done
> > would be a timeout in dlopen(). Which would make the whole thing just
> > better than nothing.
> >
> > >
> > > >
> > >
> > > It's fine to turn RDSSP into an actual emulated read of the SSP, or
> > > at
> > > least an emulated load of zero so that uninitialized data is not left
> > > in the target register.
> >
> > We can't intercept RDSSP, but it becomes a NOP by default. (disclaimer
> > x86-only knowledge).
> >
> > >  If doing the latter, code working with the
> > > shadow stack just needs to be prepared for the possibility that it
> > > could be async-disabled, and check the return value.
> > >
> > > I have not looked at all the instructions that become #UD but I
> > > suspect they all have reasonable trivial ways to implement a
> > > "disabled" version of them that userspace can act upon reasonably.
> >
> > This would have to be thought through functionally and performance
> > wise. I'm not opposed if can come up with a fully fleshed out plan. How
> > serious are you in pursuing musl support, if we had something like
> > this?
> >
> > HJ, any thoughts on whether glibc would use this as well?
>
> Assuming that we are talking about permissive mode,  if kernel can
> suppress UD, we don't need to disable SHSTK.   Glibc can enable
> ARCH_SHSTK_SUPPRESS_UD instead.

Kernel must suppress all possible SHSTK UDs.

> > It is probably worth mentioning that from the security side (as Mark
> > mentioned there is always tension in the tradeoffs on these features),
> > permissive mode is seen by some as something that weakens security too
> > much. Apps could call dlopen() on a known unsupported DSO before doing
> > ROP. I don't know if you have any musl users with specific shadow stack
> > use cases to ask about this.
>
>
>
> --
> H.J.



--=20
H.J.