Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()

From: Edgecombe, Rick P
Date: Thu Oct 26 2023 - 19:33:15 EST

Next message: Florian Fainelli: "Re: [PATCH net-next v2 3/5] net: phy: Add pluming for ethtool_{get,set}_rxnfc"
Previous message: Edgecombe, Rick P: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
In reply to: Deepak Gupta: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
Next in thread: Szabolcs.Nagy@xxxxxxx: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2023-10-26 at 13:40 -0700, Deepak Gupta wrote:
>
> FWIW, from arch specific perspective, RISC-V shadow stack extension
> has
> `ssamoswap` to perform this token exchange. But I understand x86 has
> this
> limitation (not sure about arm GCS).
>
> From security perspective:--
> Someone having ability to execute clone3 with control on input,
> probably
> already achieved some level of control flow bending because they need
> to
> corrupt memory and then carefully control registers input to clone3.
> Although if it is purely a data oriented gadget, I think it is
> possible.

struct clone_args should be data somewhere, at least temporarily.

>
> Since this RFC is mostly concerned about `size` of shadow stack. I
> think
> we should limit it to size only.

Seems reasonable to me. It still leaves open the option of adding an
shadow stack address field later AFAICT.

Next message: Florian Fainelli: "Re: [PATCH net-next v2 3/5] net: phy: Add pluming for ethtool_{get,set}_rxnfc"
Previous message: Edgecombe, Rick P: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
In reply to: Deepak Gupta: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
Next in thread: Szabolcs.Nagy@xxxxxxx: "Re: [PATCH RFC RFT 2/5] fork: Add shadow stack support to clone3()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]