Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support

From: Edgecombe, Rick P
Date: Tue Oct 04 2022 - 14:05:12 EST

Next message: Joel Fernandes: "Re: [PATCH v7 02/11] rcu: Make call_rcu() lazy to save power"
Previous message: Linus Torvalds: "Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla blues""
In reply to: Andy Lutomirski: "Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2022-10-04 at 10:46 -0700, Andy Lutomirski wrote:
> > The busy-like bit in the RSTORSSP-type token is not called out as a
> > busy bit, but instead defined as reserved (must be 0) in some
> > states.
> > (Note, it is different than the supervisor shadow stack format).
> > Yea,
> > we could just probably use it like RSTORSSP does for this
> > operation.
> >
> > Or just invent another new token format and stay away from bits
> > marked
> > reserved. Then it wouldn't have to be atomic either, since
> > userspace
> > couldn't use it.
>
> But userspace *can* use it by delivering a signal. I consider the
> scenario where two user threads set up the same altshstk and take
> signals concurrently to be about as dangerous and about as likely
> (under accidental or malicious conditions) as two user threads doing
> RSTORSSP at the same time. Someone at Intel thought the latter was a
> big deal, so maybe we should match its behavior.

Right, for alt shadow stack there should be some busy like checking or
that could happen. For regular on-thread stack signals (earlier in this
series) we don't need a busy bit.

Next message: Joel Fernandes: "Re: [PATCH v7 02/11] rcu: Make call_rcu() lazy to save power"
Previous message: Linus Torvalds: "Re: Planned changes for bugzilla.kernel.org to reduce the "Bugzilla blues""
In reply to: Andy Lutomirski: "Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]