Re: [PATCH RFT v8 4/9] fork: Add shadow stack support to clone3()

From: Mark Brown
Date: Fri Aug 16 2024 - 13:17:43 EST

Next message: Simon Horman: "Re: [net PATCH] octeontx2-af: Fix CPT AF register offset calculation"
Previous message: Pali Rohár: "Re: [PATCH v3 1/2] platform/x86:dell-laptop: Add knobs to change battery charge settings"
In reply to: Jann Horn: "Re: [PATCH RFT v8 4/9] fork: Add shadow stack support to clone3()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 16, 2024 at 07:08:09PM +0200, Jann Horn wrote:

> Yeah, having a FOLL_FORCE write in clone3 would be a weakness for
> userspace CFI and probably make it possible to violate mseal()
> restrictions that are supposed to enforce that address space regions
> are read-only.

Note that this will only happen for shadow stack pages (with the new
version) and only for a valid token at the specific address. mseal()ing
a shadow stack to be read only is hopefully not going to go terribly
well for userspace.

> Though, did anyone in the thread yet suggest that you could do this
> before the child process has fully materialized but after the child MM
> has been set up? Somewhere in copy_process() between copy_mm() and the
> "/* No more failure paths after this point. */" comment?

Yes, I'e got a version that does that waiting to go pending some
discussion on if we even do the check for the token in the child mm.

Attachment: signature.asc
Description: PGP signature

Next message: Simon Horman: "Re: [net PATCH] octeontx2-af: Fix CPT AF register offset calculation"
Previous message: Pali Rohár: "Re: [PATCH v3 1/2] platform/x86:dell-laptop: Add knobs to change battery charge settings"
In reply to: Jann Horn: "Re: [PATCH RFT v8 4/9] fork: Add shadow stack support to clone3()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]