Re: [PATCH 18/35] mm: Add guard pages around a shadow stack.

From: Andy Lutomirski
Date: Thu Feb 10 2022 - 18:07:29 EST

Next message: frowand . list: "[PATCH 1/1] of: unittest: print pass messages at PR_INFO level"
Previous message: Yury Norov: "[PATCH 07/49] KVM: x86: replace bitmap_weight with bitmap_empty where appropriate"
In reply to: Dave Hansen: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Next in thread: Edgecombe, Rick P: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 10, 2022 at 2:44 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>
> On 1/30/22 13:18, Rick Edgecombe wrote:
> > INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the
> > first and the last elements in the range, effectively touches those memory
> > areas.
> >
> > The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and
> > 255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from PAGE_SIZE.
> > Thus, putting a gap page on both ends of a shadow stack prevents INCSSP,
> > CALL, and RET from going beyond.
>
> What is the downside of not applying this patch? The shadow stack gap
> is 1MB instead of 4k?
>
> That, frankly, doesn't seem too bad. How badly do we *need* this patch?

1MB of oer-thread guard address space in a 32-bit program may be a
show stopper. Do we intend to support any of this for 32-bit?

--Andy

Next message: frowand . list: "[PATCH 1/1] of: unittest: print pass messages at PR_INFO level"
Previous message: Yury Norov: "[PATCH 07/49] KVM: x86: replace bitmap_weight with bitmap_empty where appropriate"
In reply to: Dave Hansen: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Next in thread: Edgecombe, Rick P: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]