From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 065EAEB64D8 for ; Thu, 22 Jun 2023 09:19:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 93AD78D0003; Thu, 22 Jun 2023 05:19:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C3F28D0001; Thu, 22 Jun 2023 05:19:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F00F8D0003; Thu, 22 Jun 2023 05:19:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 57E1B8D0001 for ; Thu, 22 Jun 2023 05:19:22 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 2D3C0160153 for ; Thu, 22 Jun 2023 09:19:22 +0000 (UTC) X-FDA: 80929835364.10.7328517 Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2082.outbound.protection.outlook.com [40.107.8.82]) by imf26.hostedemail.com (Postfix) with ESMTP id 46555140011 for ; Thu, 22 Jun 2023 09:19:17 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=XnSHxi38; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=XnSHxi38; dmarc=pass (policy=none) header.from=arm.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); spf=pass (imf26.hostedemail.com: domain of Szabolcs.Nagy@arm.com designates 40.107.8.82 as permitted sender) smtp.mailfrom=Szabolcs.Nagy@arm.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687425558; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5k7XCf5B1pDsHOAGX0ZIEyFrwYcrSyuWkj5C8WZaQro=; b=6gzm6L2+f+WAtt3YftFcXdFcZBjClEwiuyqYVABmyI6AShzirlGXWOQtyRV3CWOWy47VNO ksAvNMyZQkhnNW7C9EjvySE3PMEckgb2LS5pxmluiaMwhpmv3b5gZ4ez/qReeSk86xsiUl LgcdgIXVk2QlKTrHTLgMZeaxVEIJN8s= ARC-Authentication-Results: i=2; imf26.hostedemail.com; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=XnSHxi38; dkim=pass header.d=armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=XnSHxi38; dmarc=pass (policy=none) header.from=arm.com; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); spf=pass (imf26.hostedemail.com: domain of Szabolcs.Nagy@arm.com designates 40.107.8.82 as permitted sender) smtp.mailfrom=Szabolcs.Nagy@arm.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1687425558; a=rsa-sha256; cv=fail; b=vQ8UWl6byQ7egG9TD4eRadV5YgehjUlefHCZca9+mNsJzYBtCD0TbLxn74OilY/CQkxV5x bG/+hu97GTk7w1pa+QlLcIuTglEZGOa9N0FQcSlHcAbo687q1zuk7gA/Y9HhB/rukhPDo9 z33d9/ig4S0G5GvWXs4LVqLtySILLrU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5k7XCf5B1pDsHOAGX0ZIEyFrwYcrSyuWkj5C8WZaQro=; b=XnSHxi38T6oqoZlbI0Fy3inZ/aP3rEMQU2AMSsupz8Gfy30lSe5g5VIdfvHHk9Q2jftjWr54gEO8ivvK+6JNG7dvVKGjiO5kOX7xmzYUjYvr/Qv2hRXSFqa69xrg1mbKIEENmfvKe9eclh0DUMvbZrsRyMfYqlMzNqpYqY8rUOU= Received: from AS4P189CA0001.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:5d7::6) by GV2PR08MB9160.eurprd08.prod.outlook.com (2603:10a6:150:e0::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 09:19:06 +0000 Received: from AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:5d7:cafe::91) by AS4P189CA0001.outlook.office365.com (2603:10a6:20b:5d7::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.23 via Frontend Transport; Thu, 22 Jun 2023 09:19:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT053.mail.protection.outlook.com (100.127.140.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24 via Frontend Transport; Thu, 22 Jun 2023 09:19:05 +0000 Received: ("Tessian outbound e2424c13b707:v142"); Thu, 22 Jun 2023 09:19:04 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 99a5ce0491afae30 X-CR-MTA-TID: 64aa7808 Received: from 186d5a01a5ab.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id C9F25E68-0F24-436B-B230-F0A839A556A7.1; Thu, 22 Jun 2023 09:18:57 +0000 Received: from EUR02-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 186d5a01a5ab.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 22 Jun 2023 09:18:57 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WK+2Kbp3LSJcI+ePj0X1TBJyVLtdf1K2rc+i9m4d2xeP14+yXy8bGknQuGo9B3yGG1LEizWxHo+vbLeDrXUqqjK6Hmh9lNfG0BDS/QbBhk5WnYZKa80iOlCkq+94CDuQrPFSPBLllwmIvn3EcvX4OKqhGVMIEAetTVOOJH2Uhp1kRCCmoA5jtZTBa0qnvRdbs64Ti98gZJvqnKhn3QNlTWdPg4qi8GvHE1SWIzWzaFmDPivERc2SL0Yg2QtCgwTHC/QjPyCHf3PuFsmvMV/kYhSPybg1Ff67PcOeJQgcHQcX1KU6DiNGwk/S8UwrVxoFPJ2nbiubfVDpSRWo+yOqVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5k7XCf5B1pDsHOAGX0ZIEyFrwYcrSyuWkj5C8WZaQro=; b=OxJkCuVmggrgJXSKjMBy6CtVN7kGSMHK8bT1rEcnvCX2M09gLoufwmpS6X17o5szw+gDtsPRAAmbNyMInSYYfHSjN12Y+4An1LHcHUzISXZuB5QLqPHFqUpacideinBNg+1oxM+SvmQJwEGfpYV+ZbWa5HBcOEQo1cFPzK3POPRpv3AwcwpqSclMJ22a83le5FISGebA8Iesy15cvXdWxIGrv99lwKwSdObIH4jLMCdyWV/UDf7e/uc/L6OAQ/XXmH2fYKOF8NKzlKh790UpX7BHK9tZf22Gx+nalxEzfhQmDmb1T4DQAEsnU8ROmHX3Iib02IeOR+zt9oov5h7sVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5k7XCf5B1pDsHOAGX0ZIEyFrwYcrSyuWkj5C8WZaQro=; b=XnSHxi38T6oqoZlbI0Fy3inZ/aP3rEMQU2AMSsupz8Gfy30lSe5g5VIdfvHHk9Q2jftjWr54gEO8ivvK+6JNG7dvVKGjiO5kOX7xmzYUjYvr/Qv2hRXSFqa69xrg1mbKIEENmfvKe9eclh0DUMvbZrsRyMfYqlMzNqpYqY8rUOU= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) by GV2PR08MB7956.eurprd08.prod.outlook.com (2603:10a6:150:a9::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 22 Jun 2023 09:18:52 +0000 Received: from DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::43b7:3a83:5cbe:4559]) by DB9PR08MB7179.eurprd08.prod.outlook.com ([fe80::43b7:3a83:5cbe:4559%4]) with mapi id 15.20.6521.023; Thu, 22 Jun 2023 09:18:52 +0000 Date: Thu, 22 Jun 2023 10:18:38 +0100 From: "szabolcs.nagy@arm.com" To: "Edgecombe, Rick P" , "broonie@kernel.org" Cc: "Xu, Pengfei" , "tglx@linutronix.de" , "linux-arch@vger.kernel.org" , "kcc@google.com" , "Lutomirski, Andy" , "nadav.amit@gmail.com" , "kirill.shutemov@linux.intel.com" , "david@redhat.com" , "Schimpe, Christina" , "linux-doc@vger.kernel.org" , "peterz@infradead.org" , "corbet@lwn.net" , "nd@arm.com" , "dethoma@microsoft.com" , "jannh@google.com" , "linux-kernel@vger.kernel.org" , "debug@rivosinc.com" , "pavel@ucw.cz" , "bp@alien8.de" , "mike.kravetz@oracle.com" , "linux-api@vger.kernel.org" , "rppt@kernel.org" , "jamorris@linux.microsoft.com" , "arnd@arndb.de" , "john.allen@amd.com" , "rdunlap@infradead.org" , "bsingharora@gmail.com" , "oleg@redhat.com" , "andrew.cooper3@citrix.com" , "keescook@chromium.org" , "x86@kernel.org" , "gorcunov@gmail.com" , "Yu, Yu-cheng" , "fweimer@redhat.com" , "hpa@zytor.com" , "mingo@redhat.com" , "hjl.tools@gmail.com" , "linux-mm@kvack.org" , "Syromiatnikov, Eugene" , "Torvalds, Linus" , "akpm@linux-foundation.org" , "dave.hansen@linux.intel.com" , "Yang, Weijiang" , "Eranian, Stephane" Subject: Re: [PATCH v9 23/42] Documentation/x86: Add CET shadow stack description Message-ID: References: <64837d2af3ae39bafd025b3141a04f04f4323205.camel@intel.com> <5794e4024a01e9c25f0951a7386cac69310dbd0f.camel@intel.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-ClientProxiedBy: LO4P265CA0036.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:2ae::12) To DB9PR08MB7179.eurprd08.prod.outlook.com (2603:10a6:10:2cc::19) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: DB9PR08MB7179:EE_|GV2PR08MB7956:EE_|AM7EUR03FT053:EE_|GV2PR08MB9160:EE_ X-MS-Office365-Filtering-Correlation-Id: 1dcd40bd-19d1-4987-3874-08db7301b9f1 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: YRWnrzwfb2Ty0Xt5pefOZIW2muOzoSwEkzQcQGObdoSwsVEXZXZ7bGKjWu6/RtfWnxJnlc9Gh3VFQIebCAoaRraGv4SGEN7HPEB+/zTDXZEtYHA7HAHFT852ElBV9A9smbd+6nR2/fzoJoR17FNTj87ik6W4E1fnSf9NE3rGEipI3qWoVUdGTjEoS/2D/RPvJ8CJulOSL2IkFZ2bg2pCE7xqwrV2wgwC+SKFk3qK1/wkZPWz8V+p05TlkuteeuTwPj5ukAeQ5EZ7AvEi3EigguDlw2+ZN0w0AthmPKe8hjHac3zn/CeB37QqX5AHrKNSHGdrC4mAlnTQgdOJbZmevR55LN6UKkR4P4cpt3kF78CHvFrido8gZKjWmQZNSAwbREPPFYIKcFWDrs4hHuB2BUgVmLOrGnYJ/qQkXDQCRKiIDwYbbQr+pqmcgNRQeLGuYU/ERscUZZHJ0P4dLpzuPqq1IwQHGEmDfd0OeZC46zAB4TmCzDACuYiUVmz5Cbsue4jmpf/4tMG1xAFGhhiDxaieygt+MonhbKqa8xzrELYXqfMZpaiDKyFTx6HJZD0U X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR08MB7179.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(376002)(396003)(346002)(366004)(451199021)(54906003)(2616005)(86362001)(110136005)(478600001)(6666004)(6486002)(186003)(4326008)(41300700001)(316002)(83380400001)(6512007)(6506007)(26005)(66476007)(66946007)(66556008)(8936002)(8676002)(5660300002)(36756003)(7416002)(7406005)(38100700002)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB7956 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 67c16379-6672-4029-0c86-08db7301b1f1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vbEcN9RlgFG6bZh/LOAjTPKab2G68HO0coMmX1FKL9fZQVOajRGUxbj/tuwy6qVhmbeu1xXSBd0gxO8kvFk8POdwnFuurdlA+/B5KJXdJ169MGnmOPA/3NYxIdk8b+xf9H0jDOovJi3TfqHHM+5BNHnK0o9E5r+VXYBbD3nYzn/hq1WkSVRlVJtbYWQoS/e9fH2xgJUYp9gdRdgq6twWuJpUEnqtjHFtj2vRDdd3MpNR69p44/q7dX+mZjp8vT7AW9/xf7/fjM3rZTRC1+J2eqstnINe3sFWNGVxISr//6qgYqHdiOveUbL6GZ1MJA5gsSXje5TGHdFTVCsGRLFqCoynGT7ox8QJfMv2zJ4QeNyBBBjtrktoqVKX3FeMFWyoCO3EvlN2rqznGrn80K8I6Xod/GqZYGXosoyhVx0QheL1vWD/jQweIU5yAK0at4hz5x67Aq400sVbaNo6bEtPMf2TmU87cgiVHUaMDFnnDNK7/8NZjNAhgPSg566jpPEmClww0bHsPbFcDHCffYmrDEWNjnfId/8ILgzcV8abMLMfdLUzypsB8M+WMksT4VEp8zmhNeIDgiLQqE+1DC8FUyH1ux0SCl5OZFHYZumeS6g5VpAWYH95KS5IKvCOWRXGvEzvG1QIlnbyLpqEnmq0O+0dm/MIPf2j2yWQ3TVyiTa6ffXsoPIK/hyjr5j/7dhSLuTURpMNvnxIK7RtKMUpdISDw/6Sh8YB8ay32Q49OM19KgWuPo0bR+ZubxHvS2uq X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(136003)(376002)(346002)(396003)(39860400002)(451199021)(36840700001)(46966006)(40470700004)(356005)(82310400005)(81166007)(86362001)(40480700001)(40460700003)(316002)(2616005)(8676002)(41300700001)(8936002)(70206006)(70586007)(4326008)(336012)(83380400001)(5660300002)(6506007)(6486002)(6666004)(478600001)(107886003)(54906003)(110136005)(26005)(6512007)(186003)(36756003)(36860700001)(2906002)(47076005)(82740400003);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jun 2023 09:19:05.4031 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1dcd40bd-19d1-4987-3874-08db7301b9f1 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB9160 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 46555140011 X-Stat-Signature: a8mqsh389ptross7dp4mugp854mfqj9s X-Rspam-User: X-HE-Tag: 1687425557-935911 X-HE-Meta: U2FsdGVkX18U+dHNPuB7mIv3DlkH41Jd+u3eU5kpzcs0uixJYNpmTnExDGTThMsEzH31oua91i3Aia1paz/eGN8IzCeM1tdyfFTrrllyHu4SodZEDBjCScWkijVNABxopuE1zA1xp2yLWW3/BkVV/Sp224K8GPiAxuCKnm2rrySZeu/SSq2qMgPBXbTUckvP5PHsw7eSbgJxTLrlNdDMSryKjCZk6KDzrp298coSu28HBgmaQZtlMQcNHdpIIw5IkWl8LWIXtS4LnSbTMXYNIdfsWiRCMP40QGO0wc2ssJcA1Sde+jelSQiJFcD63QxBwWKmYY+mlxnndi4bz1/KuH6bRYK4J9F5NfRXzxoV7OVpeF6ycA59PgCV09BQOfd+oOv68yK0mkMKyZJICj8VmC+8uoy1WZEwVTKdQAdy9xwz019FGj69NnPLQFCFuccUBbbRKnwH9B/PIaNxGhQjN2U/emP5q2WnPLhLhJXAYAmDOuJmh0rexGf/BhB57nkmaBhHfivAStZ+T9GpCU47PpdYh37+bmXBgketQieukalarlqaSnIV9MbOSdc28RLbwdsmkYvZTbhHxGczaSVxqvNQQpS83PiQt5UcKUoZ1JKQp2aFbWqioAW3gNV1kBjUqttN6AMTYwZpQAgWmEb1AER6jVBCv3zXI9m6oruLMIJOlsusW29w7iUKbfrYWGnlP7sW44Nt1G0YBXYGyMBFAIFGsW6Zh93PZWpXktqHTfHbcemeToOYjyN/SCTHSMgZpcn+fL8VGMLUkGeF+1640Y9Ea60o5mxUhaRRa2Jlbwv4ZlfolFEm4a5JvLXhH3aDykwYGF5rjYAbvMP+AKDxVjTzKqi9wO0Xxo8B6Sbu70g5u1jmLxFDb4R6GM0d0yn8fs3dhSSPyRGr9bcMKoH3JK5nuWDJOeVUG5jd/Vrxehv1jtSsnwr6/26WEbUoZG+msD7uD9/N3nG6UaFuLW9 W9cwm864 xc7Y2+5kTdOUHrLFzPhxf00ctjAbL37MFCYqmBerfVswvqL8F23Jk4cibrYLRKs5gkrunW04dDtorsdnJNjPKAqXjzcIQELiv7q1DoCGDNdfR0IaDqCb/doEL7TeXP4v4eE+tnC8IXgpuzBBKWPET6ydQWOWyw1tlmZzyynKbmS2lAgrxm8vOIxNHRbBFuYIU8DeMZVouwLqeVNBdpJYRqD2LA/B1VIl4jPe1WfI0XDPRKZaAAf6ucuQNt2Iw1mfkbC8UY7pGVNey+04yxqyjv7r5hKuDkpgDviZmVStp8uXE6pYqopbLnfeZd/SX+ZfWYNWSTSxQqN28Pa6dO5QqdqlGJdO81pMRVVbq6fYZaU2+mtIrbt6WgVhFyqBN0rkCn1obuAEZraYgttTx3HeVMpyWTdcwV7VC3qtxsIvSSyy79EXo172Vn5oZwd1+WoEh7goUZfC52GKc92sN5kYeObDUvIDlH61JaHsUwRRAwo/LBr//hFhvdSjdQxEAZYMYxOD+Hz9sLl05WFPGdN6mzObVd+DhXrAUmK4vNg2vbqb7zoymbgwVM6ehHqeIoUpSrE3ME0kL8djblwAliLmVuNGb4QgHrqtiZxwWE6eRWQJDeDYBxpVuGhofGB5NNwqu9RJWzmXBYY3GpDw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The 06/21/2023 18:54, Edgecombe, Rick P wrote: > On Wed, 2023-06-21 at 12:36 +0100, szabolcs.nagy@arm.com wrote: > > > The 06/20/2023 19:34, Edgecombe, Rick P wrote: > > > > > I actually did a POC for this, but rejected it. The problem is, > > > > > if > > > > > there is a shadow stack overflow at that point then the kernel > > > > > > > can't > > > > > push the shadow stack token to the old stack. And shadow stack > > > > > > > overflow > > > > > is exactly the alt shadow stack use case. So it doesn't really > > > > > > > solve > > > > > the problem. > > > > > > the restore token in the alt shstk case does not regress anything > > > but > > > makes some use-cases work. > > > > > > alt shadow stack is important if code tries to jump in and out of > > > signal handlers (dosemu does this with swapcontext) and for that a > > > restore token is needed. > > > > > > alt shadow stack is important if the original shstk did not > > > overflow > > > but the signal handler would overflow it (small thread stack, huge > > > sigaltstack case). > > > > > > alt shadow stack is also important for crash reporting on shstk > > > overflow even if longjmp does not work then. longjmp to a > > > makecontext > > > stack would still work and longjmp back to the original stack can > > > be > > > made to mostly work by an altshstk option to overwrite the top > > > entry > > > with a restore token on overflow (this can break unwinding though). > > > > > There was previously a request to create an alt shadow stack for the > purpose of handling shadow stack overflow. So you are now suggesting to > to exclude that and instead target a different use case for alt shadow > stack? that is not what i said. > But I'm not sure how much we should change the ABI at this point since > we are constrained by existing userspace. If you read the history, we > may end up needing to deprecate the whole elf bit for this and other > reasons. i'm not against deprecating the elf bit, but i think binary marking will be difficult for this kind of feature no matter what (code may be incompatible for complex runtime dependent reasons). > So should we struggle to find a way to grow the existing ABI without > disturbing the existing userspace? Or should we start with something, > finally, and see where we need to grow and maybe get a chance at a > fresh start to grow it? > > Like, maybe 3 people will show up saying "hey, I *really* need to use > shadow stack and longjmp from a ucontext stack", and no one says > anything about shadow stack overflow. Then we know what to do. And > maybe dosemu decides it doesn't need to implement shadow stack (highly > likely I would think). Now that I think about it, AFAIU SS_AUTODISARM > was created for dosemu, and the alt shadow stack patch adopted this > behavior. So it's speculation that there is even a problem in that > scenario. > > Or maybe people just enable WRSS for longjmp() and directly jump back > to the setjmp() point. Do most people want fast setjmp/longjmp() at the > cost of a little security? > > Even if, with enough discussion, we could optimize for all > hypotheticals without real user feedback, I don't see how it helps > users to hold shadow stack. So I think we should move forward with the > current ABI. you may not get a second chance to fix a security feature. it will be just disabled if it causes problems.