Message ID | 20230716-arm64-gcs-v1-2-bf567f93bba6@kernel.org |
---|---|
State | New |
Headers | show |
Series | arm64/gcs: Provide support for GCS at EL0 | expand |
On Sun, 2023-07-16 at 22:50 +0100, Mark Brown wrote: > On arm64 and x86 the kernel can control if there is write access to > the > shadow stack via specific instructions defined for the purpose, > useful > for things like userspace threading at the expense of some security. > Add a flag to allow this to be selected when changing the shadow > stack > status. > > On arm64 the kernel can separately control if userspace is able to > pop > and push values directly onto the shadow stack via GCS push and pop > instructions, supporting many scenarios where userspace needs to > write > to the stack with less security exposure than full write access. Add > a > flag to allow this to be selected when changing the shadow stack > status. Is this correct? I thought Szabolcs was saying pop was always supported, but push was optional.
On Tue, Jul 18, 2023 at 05:47:32PM +0000, Edgecombe, Rick P wrote: > On Sun, 2023-07-16 at 22:50 +0100, Mark Brown wrote: > > On arm64 the kernel can separately control if userspace is able to > > pop > > and push values directly onto the shadow stack via GCS push and pop > > instructions, supporting many scenarios where userspace needs to > > write > > to the stack with less security exposure than full write access. Add > > a > > flag to allow this to be selected when changing the shadow stack > > status. > Is this correct? I thought Szabolcs was saying pop was always > supported, but push was optional. It's not, I wrote this right after looking at hypervisor controls which do control push and pop.
diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h index 9fdc77fa2bfe..e88d2ddcdb2d 100644 --- a/include/uapi/linux/prctl.h +++ b/include/uapi/linux/prctl.h @@ -321,5 +321,7 @@ struct prctl_mm_map { #define PR_SET_SHADOW_STACK_STATUS 72 # define PR_SHADOW_STACK_LOCK (1UL << 0) # define PR_SHADOW_STACK_ENABLE (1UL << 1) +# define PR_SHADOW_STACK_WRITE (1UL << 2) +# define PR_SHADOW_STACK_PUSH (1UL << 3) #endif /* _LINUX_PRCTL_H */
On arm64 and x86 the kernel can control if there is write access to the shadow stack via specific instructions defined for the purpose, useful for things like userspace threading at the expense of some security. Add a flag to allow this to be selected when changing the shadow stack status. On arm64 the kernel can separately control if userspace is able to pop and push values directly onto the shadow stack via GCS push and pop instructions, supporting many scenarios where userspace needs to write to the stack with less security exposure than full write access. Add a flag to allow this to be selected when changing the shadow stack status. Signed-off-by: Mark Brown <broonie@kernel.org> --- include/uapi/linux/prctl.h | 2 ++ 1 file changed, 2 insertions(+)