From: Guinevere Larsen <guinevere@redhat.com>
To: "Schimpe, Christina" <christina.schimpe@intel.com>,
gdb-patches@sourceware.org
Subject: Re: [PATCH 00/12] Add CET shadow stack support
Date: Thu, 30 Jan 2025 12:01:20 -0300 [thread overview]
Message-ID: <f7a6c63f-df59-4cd0-a90e-c577db7a9613@redhat.com> (raw)
In-Reply-To: <20241220200501.324191-1-christina.schimpe@intel.com>
On 12/20/24 5:04 PM, Schimpe, Christina wrote:
> Hi all,
>
> this is a series to add amd64 shadow stack support to GDB on linux.
> Shadow stack is part of the Control-flow Enforcement Technology (CET) by
> Intel.
>
> Intel's CET provides the two capabilities to defend against ROP/COP/JOP
> style control-flow subversion attacks: shadow stack and indirect branch
> tracking (IBT).
>
> While there is linux kernel support for CET shadow stack in userspace,
> there is no linux kernel support available for userspace IBT, yet.
> This series therefore focuses on CET shadow stack only.
>
> I am looking forward to your feedback!
Hi Christina, thanks for the incredible work in this series!
I looked over all the patches, and sent all my comments inlined, the
other patches look alright to me. I don't know if I understand enough of
the code to give a review tag, and I don't have a machine with shadow
stack support to test the series, so I hope this series gets some
attention from global maintainers soon, I'd love to see this work merged!
--
Cheers,
Guinevere Larsen
She/Her/Hers
>
> Regards,
> Christina
>
>
> Felix Willgerodt (1):
> gdb, bfd: amd64 linux coredump support with shadow stack.
>
> Schimpe, Christina (11):
> gdb, testsuite: Rename set_sanitizer_default to append_environment.
> gdbserver: Add optional runtime register set type.
> gdbserver: Add assert in x86_linux_read_description.
> gdb: Sync up x86-gcc-cpuid.h with cpuid.h from gcc 14 branch.
> gdb, gdbserver: Use xstate_bv for target description creation on x86.
> gdb, gdbserver: Add support of Intel shadow stack pointer register.
> gdb: Handle shadow stack pointer register unwinding for amd64 linux.
> gdb, gdbarch: Enable inferior calls for shadow stack support.
> gdb: Implement amd64 linux shadow stack support for inferior calls.
> gdb, gdbarch: Introduce gdbarch method to get the shadow stack
> pointer.
> gdb: Enable displaced stepping with shadow stack on amd64 linux.
>
> bfd/elf.c | 24 +++
> gdb/amd64-linux-nat.c | 17 ++
> gdb/amd64-linux-tdep.c | 197 +++++++++++++++++-
> gdb/amd64-tdep.c | 32 ++-
> gdb/amd64-tdep.h | 9 +-
> gdb/arch-utils.c | 8 +
> gdb/arch-utils.h | 5 +
> gdb/arch/amd64-linux-tdesc.c | 33 +--
> gdb/arch/amd64-linux-tdesc.h | 7 +-
> gdb/arch/amd64.c | 25 ++-
> gdb/arch/amd64.h | 10 +-
> gdb/arch/i386-linux-tdesc.c | 29 +--
> gdb/arch/i386-linux-tdesc.h | 5 +-
> gdb/arch/i386.c | 19 +-
> gdb/arch/i386.h | 8 +-
> gdb/arch/x86-linux-tdesc-features.c | 56 ++---
> gdb/arch/x86-linux-tdesc-features.h | 25 ++-
> gdb/doc/gdb.texinfo | 42 ++++
> gdb/features/Makefile | 2 +
> gdb/features/i386/32bit-ssp.c | 14 ++
> gdb/features/i386/32bit-ssp.xml | 11 +
> gdb/features/i386/64bit-ssp.c | 14 ++
> gdb/features/i386/64bit-ssp.xml | 11 +
> gdb/gdbarch-gen.c | 54 +++++
> gdb/gdbarch-gen.h | 20 ++
> gdb/gdbarch_components.py | 26 +++
> gdb/i386-tdep.c | 44 +++-
> gdb/i386-tdep.h | 11 +-
> gdb/infcall.c | 6 +
> gdb/linux-tdep.c | 47 +++++
> gdb/linux-tdep.h | 7 +
> gdb/nat/x86-gcc-cpuid.h | 153 +++++++++++---
> gdb/nat/x86-linux-tdesc.c | 20 +-
> gdb/nat/x86-linux-tdesc.h | 7 +-
> gdb/nat/x86-linux.c | 55 +++++
> gdb/nat/x86-linux.h | 4 +
> .../gdb.arch/amd64-shadow-stack-cmds.exp | 141 +++++++++++++
> .../gdb.arch/amd64-shadow-stack-corefile.exp | 50 +++++
> .../gdb.arch/amd64-shadow-stack-disp-step.exp | 84 ++++++++
> gdb/testsuite/gdb.arch/amd64-shadow-stack.c | 35 ++++
> gdb/testsuite/gdb.arch/amd64-ssp.exp | 50 +++++
> .../gdb.base/inline-frame-cycle-unwind.py | 4 +
> gdb/testsuite/gdb.base/libsegfault.exp | 2 +-
> .../gdb.threads/attach-slow-waitpid.exp | 2 +-
> gdb/testsuite/lib/gdb.exp | 77 ++++++-
> gdb/x86-linux-nat.c | 51 ++++-
> gdb/x86-linux-nat.h | 11 +
> gdb/x86-tdep.c | 22 ++
> gdb/x86-tdep.h | 9 +
> gdbserver/i387-fp.cc | 40 ++--
> gdbserver/linux-amd64-ipa.cc | 10 +-
> gdbserver/linux-i386-ipa.cc | 6 +-
> gdbserver/linux-low.cc | 40 ++--
> gdbserver/linux-low.h | 7 +-
> gdbserver/linux-x86-low.cc | 44 +++-
> gdbsupport/x86-xstate.h | 7 +-
> 56 files changed, 1537 insertions(+), 212 deletions(-)
> create mode 100644 gdb/features/i386/32bit-ssp.c
> create mode 100644 gdb/features/i386/32bit-ssp.xml
> create mode 100644 gdb/features/i386/64bit-ssp.c
> create mode 100644 gdb/features/i386/64bit-ssp.xml
> create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-cmds.exp
> create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-corefile.exp
> create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-disp-step.exp
> create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack.c
> create mode 100644 gdb/testsuite/gdb.arch/amd64-ssp.exp
>
next prev parent reply other threads:[~2025-01-30 15:02 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-20 20:04 Schimpe, Christina
2024-12-20 20:04 ` [PATCH 01/12] gdb, testsuite: Rename set_sanitizer_default to append_environment Schimpe, Christina
2025-01-28 13:45 ` Guinevere Larsen
2025-01-30 13:07 ` Schimpe, Christina
2025-01-30 14:27 ` Tom de Vries
2025-01-30 16:39 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 02/12] gdbserver: Add optional runtime register set type Schimpe, Christina
2025-01-28 13:35 ` Guinevere Larsen
2025-01-30 10:28 ` Schimpe, Christina
2025-01-30 13:53 ` Guinevere Larsen
2025-01-30 17:43 ` Schimpe, Christina
2025-02-06 2:59 ` Thiago Jung Bauermann
2025-02-06 12:15 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 03/12] gdbserver: Add assert in x86_linux_read_description Schimpe, Christina
2025-02-06 3:00 ` Thiago Jung Bauermann
2024-12-20 20:04 ` [PATCH 04/12] gdb: Sync up x86-gcc-cpuid.h with cpuid.h from gcc 14 branch Schimpe, Christina
2025-02-06 3:03 ` Thiago Jung Bauermann
2025-02-06 12:23 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 05/12] gdb, gdbserver: Use xstate_bv for target description creation on x86 Schimpe, Christina
2025-01-30 14:51 ` Guinevere Larsen
2025-01-30 16:45 ` Schimpe, Christina
2025-02-06 3:09 ` Thiago Jung Bauermann
2025-02-06 12:33 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 06/12] gdb, gdbserver: Add support of Intel shadow stack pointer register Schimpe, Christina
2025-02-06 3:13 ` Thiago Jung Bauermann
2025-02-06 14:33 ` Schimpe, Christina
2025-02-08 3:44 ` Thiago Jung Bauermann
2024-12-20 20:04 ` [PATCH 07/12] gdb, bfd: amd64 linux coredump support with shadow stack Schimpe, Christina
2025-02-06 3:15 ` Thiago Jung Bauermann
2025-02-07 11:54 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 08/12] gdb: Handle shadow stack pointer register unwinding for amd64 linux Schimpe, Christina
2025-01-30 14:29 ` Guinevere Larsen
2025-01-30 16:11 ` Schimpe, Christina
2025-01-30 16:13 ` Guinevere Larsen
2025-01-30 16:40 ` Schimpe, Christina
2025-02-06 3:30 ` Thiago Jung Bauermann
2025-02-06 14:40 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 09/12] gdb, gdbarch: Enable inferior calls for shadow stack support Schimpe, Christina
2025-02-06 3:31 ` Thiago Jung Bauermann
2025-02-06 15:07 ` Schimpe, Christina
2025-02-08 3:57 ` Thiago Jung Bauermann
2025-02-10 8:37 ` Schimpe, Christina
2024-12-20 20:04 ` [PATCH 10/12] gdb: Implement amd64 linux shadow stack support for inferior calls Schimpe, Christina
2025-02-06 3:34 ` Thiago Jung Bauermann
2025-02-07 11:55 ` Schimpe, Christina
2024-12-20 20:05 ` [PATCH 11/12] gdb, gdbarch: Introduce gdbarch method to get the shadow stack pointer Schimpe, Christina
2025-01-28 20:27 ` Guinevere Larsen
2025-01-30 10:33 ` Luis Machado
2025-01-30 12:34 ` Schimpe, Christina
2025-01-30 13:42 ` Guinevere Larsen
2025-02-06 3:35 ` Thiago Jung Bauermann
2025-02-07 12:01 ` Schimpe, Christina
2025-02-08 4:03 ` Thiago Jung Bauermann
2025-02-10 8:58 ` Schimpe, Christina
2025-02-11 1:53 ` Thiago Jung Bauermann
2025-02-15 3:45 ` Thiago Jung Bauermann
2025-02-16 10:45 ` Schimpe, Christina
2025-02-20 8:48 ` Schimpe, Christina
2025-02-21 5:10 ` Thiago Jung Bauermann
2025-02-21 9:41 ` Schimpe, Christina
2024-12-20 20:05 ` [PATCH 12/12] gdb: Enable displaced stepping with shadow stack on amd64 linux Schimpe, Christina
2024-12-20 20:14 ` Eli Zaretskii
2025-01-02 9:04 ` Schimpe, Christina
2025-01-02 9:15 ` Eli Zaretskii
2025-02-06 3:37 ` Thiago Jung Bauermann
2025-01-16 14:01 ` [PING][PATCH 00/12] Add CET shadow stack support Schimpe, Christina
2025-01-27 9:44 ` [PING*2][PATCH " Schimpe, Christina
2025-01-30 15:01 ` Guinevere Larsen [this message]
2025-01-30 17:46 ` [PATCH " Schimpe, Christina
2025-02-04 3:57 ` Thiago Jung Bauermann
2025-02-04 9:40 ` Schimpe, Christina
2025-02-06 3:44 ` Thiago Jung Bauermann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7a6c63f-df59-4cd0-a90e-c577db7a9613@redhat.com \
--to=guinevere@redhat.com \
--cc=christina.schimpe@intel.com \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox