On Wed, Oct 30, 2024 at 02:08:59PM +0000, Mark Brown wrote:
On Sat, Oct 05, 2024 at 11:31:27AM +0100, Mark Brown wrote:
The kernel has recently added support for shadow stacks, currently x86 only using their CET feature but both arm64 and RISC-V have equivalent features (GCS and Zicfiss respectively), I am actively working on GCS[1]. With shadow stacks the hardware maintains an additional stack containing only the return addresses for branch instructions which is not generally writeable by userspace and ensures that any returns are to the recorded addresses. This provides some protection against ROP attacks and making it easier to collect call stacks. These shadow stacks are allocated in the address space of the userspace process.
Does anyone have any thoughts on this? I reworked things to specify the address for the shadow stack pointer rather than the extent of the stack as Rick and Yuri suggested, otherwise the only change from the prior version was rebasing onto the arm64 GCS support since that's queued in -next. I think the only substantial question is picking the ABI for specifying the shadow stack.
I will need more time to review this as both my primary and shadow stacks are full with other work. At a glance, I cannot offer any informed opinion for choosing ABI atm. Apologies for the delay.
Kind regards, Yury