From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A053EC6FA8E for ; Thu, 2 Mar 2023 17:36:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3D93A6B0078; Thu, 2 Mar 2023 12:36:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B0036B007B; Thu, 2 Mar 2023 12:36:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 250946B007D; Thu, 2 Mar 2023 12:36:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 151386B0078 for ; Thu, 2 Mar 2023 12:36:00 -0500 (EST) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id E1E151A0430 for ; Thu, 2 Mar 2023 17:35:59 +0000 (UTC) X-FDA: 80524661238.27.B2E18EA Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2052.outbound.protection.outlook.com [40.107.21.52]) by imf10.hostedemail.com (Postfix) with ESMTP id 2C5E6C0026 for ; Thu, 2 Mar 2023 17:35:54 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b="Ib/1m531"; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b="Ib/1m531"; spf=pass (imf10.hostedemail.com: domain of Szabolcs.Nagy@arm.com designates 40.107.21.52 as permitted sender) smtp.mailfrom=Szabolcs.Nagy@arm.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=pass (policy=none) header.from=arm.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677778555; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kZxst8M5C7DdL/kU7LhPi9LvQSZLihKjPf4whJMg8SU=; b=Pp69tfz+APPo+z8kW3hzIzx5mbJXUV05L843OZRQzvgMRLZ9rZs7PSy3sxU7c1wp9pUXgR 6TGfFSdP7YHCzuyW8XNoO+EpBvMkRIsh1cAi0wtpvsKNgbq3wF/Gzplsdw5Cm55F1CiP4T trClddmdR9G6gd5bucL+JpycCXpAGik= ARC-Authentication-Results: i=2; imf10.hostedemail.com; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b="Ib/1m531"; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b="Ib/1m531"; spf=pass (imf10.hostedemail.com: domain of Szabolcs.Nagy@arm.com designates 40.107.21.52 as permitted sender) smtp.mailfrom=Szabolcs.Nagy@arm.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=pass (policy=none) header.from=arm.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1677778555; a=rsa-sha256; cv=fail; b=0zbH4GG1oJddyalJRuZoIgtsWu0EgDm0p/Wo1bk/tKkPV6gaKTYaUDXYLmgPqhfP8B88Jc utvMsOxQU6mbrcr08YSZ6H2pD1TVhOlgWvrR1ZvModvhkQNXUFLJkYL+J0mNZXNPQmKdI6 f03toF7GRNQ79VHCw+WnBFwm3UHQnM0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kZxst8M5C7DdL/kU7LhPi9LvQSZLihKjPf4whJMg8SU=; b=Ib/1m531NorcKNq4phRYbnkLOZwazSyRRm/4NyxZ66Oi4IB++ZR2OpXxxAoz4C4X16yYAXNUA/8ixOcv+gy0cybK0nqxSdeSLqfSKh0ZZUj8dXEIazFOiAtDZhpgRPqSsvkNiZCfu3BHEfE/Zg8TuzTvFfitiyehcYWjkTNI1+E= Received: from DB8PR06CA0029.eurprd06.prod.outlook.com (2603:10a6:10:100::42) by PR3PR08MB5754.eurprd08.prod.outlook.com (2603:10a6:102:91::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.18; Thu, 2 Mar 2023 17:35:14 +0000 Received: from DBAEUR03FT019.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:100:cafe::43) by DB8PR06CA0029.outlook.office365.com (2603:10a6:10:100::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.19 via Frontend Transport; Thu, 2 Mar 2023 17:35:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT019.mail.protection.outlook.com (100.127.142.129) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.19 via Frontend Transport; Thu, 2 Mar 2023 17:35:13 +0000 Received: ("Tessian outbound 55ffa3012b8f:v135"); Thu, 02 Mar 2023 17:35:11 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 087dc406b1087843 X-CR-MTA-TID: 64aa7808 Received: from ea16d2d9266e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 22678EB6-7A56-4017-BBF4-0F79C7469A93.1; Thu, 02 Mar 2023 17:35:01 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ea16d2d9266e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 02 Mar 2023 17:35:01 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DP2xOA6uA8QHx6Itqmi4yN1S0OVMGnUbtPuQptQq7T9GZF/I7/1y4y3ffVum7+38pSDrwUpkMzLJLTRBUzSMldoba65yVay5u7hnIyvsaZ12FHhwCUR5uZdhdDT/Gz5IPX7lA2hz8Us/QId1g4GH2oIrRhTqMXN179vu3HKvudaDWQVZuXA38PovZ/iMvaouSD1iaJab3pQMAVwVbdHvISbrMl7MJKr2GH3ZdQp2RUHaMHAw9YN828ioHMGjCVD6RrOLgqY8pB1DRboz9pTWle90n7cfsFfQBvEhcGvU/OYLciR7dBdZQHBFkjSXTv3nMNwWjbIEhjzZFg1wVwVd7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kZxst8M5C7DdL/kU7LhPi9LvQSZLihKjPf4whJMg8SU=; b=ZfEmUFMBR2UbGlMv0T/KAKF/S5Xut9HaqFJav61Gnhym77NBmX52K2FQHT5i+8eKy7Bam3UQEZ0dvXT53CWh6jwbzyscfPKmTjM05kdGsfbRAV71oZqZEkZ1S8flnlo/tDcrqLv+111ZsPQvocHJ8KgRFF2kyW9hFjQ5O/Xnqe8r+3K77b2RQHLzQGIIQ6Ewh1E3ftCNLUcxjsjtZZhTcPPPWDAMj6r85UHqJ4S0VBabhf3CvbpJRBd0D8/cfBZCKiChwOTq2XPz0VOdDz4GhnriNVwxyxJdsbSHgLWh6h69cuvDiPPpyUD58HR+8T5mq7TooC1y3LQB36rHqwMG8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kZxst8M5C7DdL/kU7LhPi9LvQSZLihKjPf4whJMg8SU=; b=Ib/1m531NorcKNq4phRYbnkLOZwazSyRRm/4NyxZ66Oi4IB++ZR2OpXxxAoz4C4X16yYAXNUA/8ixOcv+gy0cybK0nqxSdeSLqfSKh0ZZUj8dXEIazFOiAtDZhpgRPqSsvkNiZCfu3BHEfE/Zg8TuzTvFfitiyehcYWjkTNI1+E= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by AM8PR08MB6627.eurprd08.prod.outlook.com (2603:10a6:20b:368::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6156.19; Thu, 2 Mar 2023 17:34:56 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e3d1:5a4:db0c:43cc]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::e3d1:5a4:db0c:43cc%6]) with mapi id 15.20.6134.027; Thu, 2 Mar 2023 17:34:56 +0000 Date: Thu, 2 Mar 2023 17:34:40 +0000 From: Szabolcs Nagy To: Rick Edgecombe , x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com Cc: Yu-cheng Yu , nd@arm.com, al.grant@arm.com Subject: Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack Message-ID: References: <20230227222957.24501-1-rick.p.edgecombe@intel.com> <20230227222957.24501-31-rick.p.edgecombe@intel.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230227222957.24501-31-rick.p.edgecombe@intel.com> X-ClientProxiedBy: LO4P123CA0212.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a5::19) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: DB9PR08MB7179:EE_|AM8PR08MB6627:EE_|DBAEUR03FT019:EE_|PR3PR08MB5754:EE_ X-MS-Office365-Filtering-Correlation-Id: cdc93acf-9ca8-492b-5faf-08db1b447acb x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: PA/jQEX62PRhY1JLUBJ+b4SDv5jnOV2P+T9T+WP5QRS1KyXmRUXsrbiajXFDDGWFD4m+ZX7F5gGlPcKeVKGwRhq5P7eEbeKi8GDQ2kg8IgNDNd0zSGvnf20CSk74171YEISYNjnCCM2xkB5l0VncTvPV2j9DuAB4OxEBcklJnhyodNNE+kJIeVvBnd5BP6P4YhzzzRThViWN6BtCNfzgMSQZ75pa5D173eyiRc8bTvMSkishEm2+UBsMhcKqz692e+X7pe6h56OS1XOrToiRJrFM0GC6odu1nRYyMcOy1runq2A1JvqT25MrQUIadySa+WX4AxIxlH9FG8pxCVKKAuTyEVsAnS6bWmwtWsx0na1bJVHjjm8CZB7AzuxDXUQDMaAyJDJDb/KvG1xcKIwGq0cOUU99iMWBQn7sDUhm3ZINNeZDDEbYZgOjsJaaWQCAmVY41RIcri+587paP1sXQIvkGLlCcZlJRtVoSz78cniVvVacTkyAgov2OMRS2UiqCAsXbULDSItFI4E2vcfc6Q5xAn+f2LRpabrTJKt2lf0zxUaIFrrl35R+isVX4n/+SRt3hZhLNjswuv8OB0+p7yQ1QKmph4DwDUqE1N4HX1BNWKbc13Fjzji4YzpREKTpRyDAXask4QKCcl3iWlJZFAN/fVfuw6eUC3j7ffE58Z2qA9BorPnmeo41csKb5bN4 X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(346002)(136003)(396003)(376002)(366004)(451199018)(36756003)(6666004)(6486002)(6512007)(6506007)(186003)(26005)(2616005)(41300700001)(110136005)(316002)(4326008)(66556008)(44832011)(2906002)(8676002)(66476007)(7406005)(5660300002)(478600001)(7416002)(8936002)(38100700002)(86362001)(921005)(66946007)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR08MB6627 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT019.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 3addd604-2708-4e02-3290-08db1b44701b X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lT3lCu7Buj3IkGvwj2oq2Fcf1aQTXNDjtXC/VJTgE0b4m5mUmxvSB6hG6YxpuwUAl/qnTdRQmKeE14jA7KuKMcJSGfMeSYX3UFqLAdrH9WC6IQnXi8IAwAz7PDJCcG2Nr0X9dqkPmtaYTsa1/t28utp8NPrMdqh2GiVAijZcOD85BBUXzb0LWUmXnQ+2zEXgxfAuLzgPX/3yh15XrN5pEIQenMP0UO6cJIo13KTD7K3KBLfyYUScJlN08tXK2a2HCIoKzmym/qNwylGl3tIQGnnJE8UA7ekdDueCh/BsiEDZk/1qYRKsA0/mVfcs0nWpJCKJSNWTZlumsJYZMOKOB4OUHFIlDdsgJ4+Rl94kvJqujfKShWHNxzx3gRtsup+Like5zvdpsh5PCKcvBJ2A1yFG0uGf9hPkZMJd+Tor2QSEWZ7JOlpU5sRuy2WkO3Q0VIxlODNAQCWs8HSz+58ERbq4Xfo4vmuscMQeGJiOfmC5RtolpKRuZxnOhiSvvFKu8CHsg8ZvFY7nl+QKSyu3FnHApR8MNRssnJTUQv0De9gReD4nE8dh5Jgw+4eswuO0D6EZ+x5ZGPRQqc5XQOsg+vOQDbLRlf60O91U64q2/fibD4/sxrUAeJ4Tg4RIDbKz57vNbFZAlQENYp/ccuhuvdoC7Sk75u6R34S3EUTeJXdOCm/pasAvOQ7H8uKpcoOCGyzH21bh+TCdZy/8tIvq6UyTRpUhQxafHwmRsNkDMAg= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(376002)(396003)(136003)(39860400002)(346002)(451199018)(40470700004)(46966006)(36840700001)(40460700003)(36756003)(6666004)(186003)(6506007)(336012)(6486002)(2616005)(6512007)(316002)(4326008)(41300700001)(26005)(110136005)(70206006)(70586007)(44832011)(2906002)(8676002)(8936002)(82740400003)(478600001)(81166007)(5660300002)(86362001)(356005)(82310400005)(40480700001)(921005)(36860700001)(83380400001)(47076005);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2023 17:35:13.4775 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cdc93acf-9ca8-492b-5faf-08db1b447acb X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT019.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5754 X-Rspamd-Queue-Id: 2C5E6C0026 X-Stat-Signature: idxd54iudgbiro8yb3dtayoaxi8ixqrs X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1677778554-712824 X-HE-Meta: U2FsdGVkX1/u/sZoq+lOt2ahjjYyz/8axd0F5nUO70sSMh47Cg4hv+cLl/b5MYz6trheeO4FrytvKUfHqRF7l74G2rY0nMJij01gi8HBtsFnf2m9p8/54/NkdYVRF4RNqVpLrof4KgSrRrT4jwNdTHre5lgo2On0zOW8OokUwYrfodgClWyZThPmOb/tW01pNa7NHQ/b5PlqCcNgBfeEAQAlVjHqYfQnODEsdUkAgot1cfAD2Tj4oeOujiOVwP/ifYN6Ql8MO0OdG+C0T1cMCfC2Mhgi5Rho4aAF0T+gMFjLbPNDWCYsMwEQa+BWnNu4805sBfdBw2oeotioJpba8xSn1EhVEIEC2hENa3YBCM3ToNk8PRVkiXOLdtqNlEgvIyFrgaRc8F4C0ZlsVA8JAgvRwdbP3hAiXPag+9ajzsjLx/UyPrHVijGIygLtas2hZVZH97MfqLMVZlQd92oii3Od/qBz2GBBPgD4UEQrLwmZ+DeOaCksdXdf+7o7RDTYRyAJrKi1qjdXkojfhOfryb20m5zuU8ASn6gFov4lj/FBxswGP5up1fewtqogp18eLoxo0Cdke7sJK2PKH2V3o9quLELPkOHjiaVSOhUxM7F2BEVHZg326OYn2vQvVVYB2ledkoLjZkEckSAZHnO7mcY4R02S/zvbMbnjTadSX+oSBxZvK8LCpzA27LMmnEBJe1aiKWr0WVIhfsgua2EHUaTsIrPV0oW6TwvpTlZI5iss4AZAzMt07GjAgpHSMhAdHIn6Hge4Ecc4WSE/jdhp03oZyrlkM0o5us/gbHU4375cIwNiFlcr1MEPBNLbXQRPw7CqEIUHlSLEXHxj6AB0mtjEqzREVmABod7xUepLB4uZx5rNtXM320w0xHHKT8OM4ZkMt3qUSih8j7W77/AR4azdhZ3oV1jidCfEWtNpbX7vXQNWcK/GHIjjz6EHsnlqVP10KbI86c23Dj5nevg u2veSxFd igcB7U1FXMDQusy6S2NuBRVQq1/MRMtkw2GiZBZ68lzgNgix19LmIV+YSZVtggmQH5oagQenhPwiTl2ZbmUbFlAFHuxwRkOhz0eRw3ny1n5ouYcUPubig9vx0u3f49DblpDwNDaKAEVw/QVmx/JoGk+NGYCOIMcK99FVY8CA6ZMoGhhsnHzu5CAIorpqCeMrUhvJFSun267eetBk0JU1tCWMkoZMbalS4RayfhCXnWCK+TGisdaOYatcEHq+HJj9t5GRcvGJCowwxOpt+C1F5hV45NQnnkOB5IjaEWEgzKHuITuCzhzdy6lSuhWTj1QUKMFKCfedq4wkQmDz3gLaXpAyf1TMB9JjLB5jlBWxLgPz9Y8XPlSngVsHUlamV5vQFo2BH+HpxwQGIjo/r9zoziVZtTsxhtg+rpK5SAfWr2uIX88ej4k2ukN3oFsE8XRM9O8w063MjTtVgJAkwLvPPCfbs8tLI6r39n3Quz3lOR2TH1MOfD+zZhF12DXaenmvgqct585FQxbA9nKLOftd8nBeyXrihpBmi2BFPcukLd8L27rytPOxO2Bf6iMufPhQno3/lM66v83RBbcdXBGQAFR5b2msiNOE/s6jTwQBGnyzThU8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The 02/27/2023 14:29, Rick Edgecombe wrote: > For shadow stack enabled vfork(), the parent and child can share the same > shadow stack, like they can share a normal stack. Since the parent is > suspended until the child terminates, the child will not interfere with > the parent while executing as long as it doesn't return from the vfork() > and overwrite up the shadow stack. The child can safely overwrite down > the shadow stack, as the parent can just overwrite this later. So CET does > not add any additional limitations for vfork(). > > Userspace implementing posix vfork() can actually prevent the child from > returning from the vfork() calling function, using CET. Glibc does this > by adjusting the shadow stack pointer in the child, so that the child > receives a #CP if it tries to return from vfork() calling function. this commit message implies there is protection against the vfork child clobbering the parent's shadow stack, but actually the child can INCSSP (or longjmp) and then clobber it. so the glibc code just tries to catch bugs and accidents not a strong security mechanism. i'd skip this paragraph.