Re: [PATCH 18/35] mm: Add guard pages around a shadow stack.

From: Dave Hansen
Date: Thu Feb 10 2022 - 17:43:49 EST

Next message: Kalesh Singh: "[PATCH 2/7] KVM: arm64: Factor out private range VA allocation"
Previous message: Kalesh Singh: "[PATCH 1/7] KVM: arm64: Map the stack pages in the 'private' range"
In reply to: David Laight: "RE: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Next in thread: Andy Lutomirski: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/30/22 13:18, Rick Edgecombe wrote:
> INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the
> first and the last elements in the range, effectively touches those memory
> areas.
>
> The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and
> 255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from PAGE_SIZE.
> Thus, putting a gap page on both ends of a shadow stack prevents INCSSP,
> CALL, and RET from going beyond.

What is the downside of not applying this patch? The shadow stack gap
is 1MB instead of 4k?

That, frankly, doesn't seem too bad. How badly do we *need* this patch?

Next message: Kalesh Singh: "[PATCH 2/7] KVM: arm64: Factor out private range VA allocation"
Previous message: Kalesh Singh: "[PATCH 1/7] KVM: arm64: Map the stack pages in the 'private' range"
In reply to: David Laight: "RE: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Next in thread: Andy Lutomirski: "Re: [PATCH 18/35] mm: Add guard pages around a shadow stack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]