From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id y9nCL3OUm2efdB8AWB0awg (envelope-from ) for ; Thu, 30 Jan 2025 10:02:11 -0500 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GyP5kRVV; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id B30EC1E105; Thu, 30 Jan 2025 10:02:11 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=4.0.0 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id EB15E1E08E for ; Thu, 30 Jan 2025 10:02:10 -0500 (EST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 89CF0385801B for ; Thu, 30 Jan 2025 15:02:10 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 89CF0385801B Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GyP5kRVV Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 3DA8E3858C56 for ; Thu, 30 Jan 2025 15:01:25 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3DA8E3858C56 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3DA8E3858C56 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738249285; cv=none; b=FjwPcMb62WRZxtLZ6XjpVCT4wdBsm/khcNEvB2QVy+9OdGWuKVPDwkBmsh6wSjS/HCG6RaVI0BQYcFjki/kblUaEs7tD/XN4CYmGT9L/RONx/EZVNEm/5F/YdXJgJcB2kw+go0ucEYdugT0gLejyWMRc9crwnUF45bYpMaiyo8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1738249285; c=relaxed/simple; bh=bkUtUbHv3U9ZSlDUMAH/G/o6HEN8Tax6KiCRChp5mdU=; h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=s1ly7UN/b5A/JMd0E1Atcqr1SFQDUY53bPXuppdrhPG3u+Qra/tKdxPaADHhS5nafjCaZbInclIzAIo/gTbn0C7cVsCR8/r1YdR/nvU0xNM8tcMwuCEChNt4FuoFkZ7g8pTkZkP2XHFG3r8i0oAb2wXpWeb6n585D3VdhDXsy4M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3DA8E3858C56 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1738249285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VVw9RV41Dw4IO3DcBpESldb4Bs0jJA4nj262gqiCRro=; b=GyP5kRVVlwINYau01XlO53TyiweHqqvXIPgLTX/WJ4I4SLV+Mv6oGljRGxOr2AeSCeYL8m 9aZwrZ34U44OquymBlRFDgVKmOMdRslRBKrKT8LnGGYRy2+gOt5CpPknRGzjr6/ZSuW1V4 UXQRLCW0AlR4DENTSA3IQgp2UD3XDUw= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-640-2OrCsi9kMoehzmp_oyxhgA-1; Thu, 30 Jan 2025 10:01:23 -0500 X-MC-Unique: 2OrCsi9kMoehzmp_oyxhgA-1 X-Mimecast-MFC-AGG-ID: 2OrCsi9kMoehzmp_oyxhgA Received: by mail-qv1-f71.google.com with SMTP id 6a1803df08f44-6d8fe8a0371so14416916d6.1 for ; Thu, 30 Jan 2025 07:01:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738249283; x=1738854083; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VVw9RV41Dw4IO3DcBpESldb4Bs0jJA4nj262gqiCRro=; b=efB0Mshxt2JnxhAgU9561Z3ZsWcsycvbUFfatpK4ZKGs7vLUv3mK0p6Ki0vYbT38ES 0o/K/zz0G2uMiSFnNG5L+9+GAsP4LGUXDbX53Dftd8HwT5klsT/AyQMoxH+tnieKlDq3 57I//frFTgtljsS4shiUqO9i4zhwbwqkPf8el4Xsv2Ngjmx+gcarFM0EcAgaMYpStt/u Wy90H31fmH903d83xWvQkcRgGTs3t/UnN8Z3gtS+799onv2j7IZgS+SR0y4nyLKXlZtv jlissQhmLJ2q96uS52bLa8ykb0Fc6OTJHrn+kcvjo568PYmD1UA0Wg5nmGhGPdIyGw2O YyiQ== X-Forwarded-Encrypted: i=1; AJvYcCWsmwGKJEoOPkqh4DF6gOuqVRced+t3FdK4kOyucqp0xO7Hpyi9NePYTi8g5dUifEJiI6SvHKEJREZHKA==@sourceware.org X-Gm-Message-State: AOJu0Yw7Pn/vYdiAypd7xjy4rVY5VvU8NUiyM466ka9Pq7vLF7PlhCvm yz++OKU3nt6gpG9dQzB71PAbXFU6ZWhBVi7TlcXQqeRpTniJOGV0H70mxz7RVAT3/qKsMJtSPA6 r7So3tx13XmEyth8FLsfCXKH2TxabVaoho1AkzXhnHZIfMLcNPG8VlyvmovP3vsJBijE= X-Gm-Gg: ASbGncuheSf6jrjLkkrLb1IWE8njzliCYpPhN/WZeY/4quNMP3iyfEt6n4WSUvSYN47 KSYhBtoHfYXCEdif4RwDcy6zIJdr7kYreYMGN5erRlySbQfK0ZgLv7Z85elFYoptKWHymazRfe9 10LZBnSBDYvz+rN1pwclFxI136vfByWas61pRkBLf531RM5VFlpygSAsD2GQjy4HIo+smMLcDfP zGsMG60D7KcuUSsrs6JxNRjC+BaygM+Z3MDs0TOmCHigwRLqgpLm1OxXU89Z5xOGFGcdknRkVow ryIFeIav9lDuQDez X-Received: by 2002:ad4:5cac:0:b0:6d8:accb:5a3d with SMTP id 6a1803df08f44-6e243c745d9mr125595806d6.34.1738249282665; Thu, 30 Jan 2025 07:01:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IFxSNm9Q8AAeInMwWDYlHAJMJrUwAXtEMdPLwg+L30hwfIM4NiJr0nQPIxnuZclA8A7P5NFzw== X-Received: by 2002:ad4:5cac:0:b0:6d8:accb:5a3d with SMTP id 6a1803df08f44-6e243c745d9mr125595266d6.34.1738249282247; Thu, 30 Jan 2025 07:01:22 -0800 (PST) Received: from ?IPV6:2804:14d:8084:9a69::1002? ([2804:14d:8084:9a69::1002]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-46fdf0a74c6sm7592051cf.6.2025.01.30.07.01.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 30 Jan 2025 07:01:21 -0800 (PST) Message-ID: Date: Thu, 30 Jan 2025 12:01:20 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 00/12] Add CET shadow stack support To: "Schimpe, Christina" , gdb-patches@sourceware.org References: <20241220200501.324191-1-christina.schimpe@intel.com> From: Guinevere Larsen In-Reply-To: <20241220200501.324191-1-christina.schimpe@intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 7hIp9dDT_hPBOsfDSsOEngR66QHSZQDcyw8kag5k-us_1738249283 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org On 12/20/24 5:04 PM, Schimpe, Christina wrote: > Hi all, > > this is a series to add amd64 shadow stack support to GDB on linux. > Shadow stack is part of the Control-flow Enforcement Technology (CET) by > Intel. > > Intel's CET provides the two capabilities to defend against ROP/COP/JOP > style control-flow subversion attacks: shadow stack and indirect branch > tracking (IBT). > > While there is linux kernel support for CET shadow stack in userspace, > there is no linux kernel support available for userspace IBT, yet. > This series therefore focuses on CET shadow stack only. > > I am looking forward to your feedback! Hi Christina, thanks for the incredible work in this series! I looked over all the patches, and sent all my comments inlined, the other patches look alright to me. I don't know if I understand enough of the code to give a review tag, and I don't have a machine with shadow stack support to test the series, so I hope this series gets some attention from global maintainers soon, I'd love to see this work merged! -- Cheers, Guinevere Larsen She/Her/Hers > > Regards, > Christina > > > Felix Willgerodt (1): > gdb, bfd: amd64 linux coredump support with shadow stack. > > Schimpe, Christina (11): > gdb, testsuite: Rename set_sanitizer_default to append_environment. > gdbserver: Add optional runtime register set type. > gdbserver: Add assert in x86_linux_read_description. > gdb: Sync up x86-gcc-cpuid.h with cpuid.h from gcc 14 branch. > gdb, gdbserver: Use xstate_bv for target description creation on x86. > gdb, gdbserver: Add support of Intel shadow stack pointer register. > gdb: Handle shadow stack pointer register unwinding for amd64 linux. > gdb, gdbarch: Enable inferior calls for shadow stack support. > gdb: Implement amd64 linux shadow stack support for inferior calls. > gdb, gdbarch: Introduce gdbarch method to get the shadow stack > pointer. > gdb: Enable displaced stepping with shadow stack on amd64 linux. > > bfd/elf.c | 24 +++ > gdb/amd64-linux-nat.c | 17 ++ > gdb/amd64-linux-tdep.c | 197 +++++++++++++++++- > gdb/amd64-tdep.c | 32 ++- > gdb/amd64-tdep.h | 9 +- > gdb/arch-utils.c | 8 + > gdb/arch-utils.h | 5 + > gdb/arch/amd64-linux-tdesc.c | 33 +-- > gdb/arch/amd64-linux-tdesc.h | 7 +- > gdb/arch/amd64.c | 25 ++- > gdb/arch/amd64.h | 10 +- > gdb/arch/i386-linux-tdesc.c | 29 +-- > gdb/arch/i386-linux-tdesc.h | 5 +- > gdb/arch/i386.c | 19 +- > gdb/arch/i386.h | 8 +- > gdb/arch/x86-linux-tdesc-features.c | 56 ++--- > gdb/arch/x86-linux-tdesc-features.h | 25 ++- > gdb/doc/gdb.texinfo | 42 ++++ > gdb/features/Makefile | 2 + > gdb/features/i386/32bit-ssp.c | 14 ++ > gdb/features/i386/32bit-ssp.xml | 11 + > gdb/features/i386/64bit-ssp.c | 14 ++ > gdb/features/i386/64bit-ssp.xml | 11 + > gdb/gdbarch-gen.c | 54 +++++ > gdb/gdbarch-gen.h | 20 ++ > gdb/gdbarch_components.py | 26 +++ > gdb/i386-tdep.c | 44 +++- > gdb/i386-tdep.h | 11 +- > gdb/infcall.c | 6 + > gdb/linux-tdep.c | 47 +++++ > gdb/linux-tdep.h | 7 + > gdb/nat/x86-gcc-cpuid.h | 153 +++++++++++--- > gdb/nat/x86-linux-tdesc.c | 20 +- > gdb/nat/x86-linux-tdesc.h | 7 +- > gdb/nat/x86-linux.c | 55 +++++ > gdb/nat/x86-linux.h | 4 + > .../gdb.arch/amd64-shadow-stack-cmds.exp | 141 +++++++++++++ > .../gdb.arch/amd64-shadow-stack-corefile.exp | 50 +++++ > .../gdb.arch/amd64-shadow-stack-disp-step.exp | 84 ++++++++ > gdb/testsuite/gdb.arch/amd64-shadow-stack.c | 35 ++++ > gdb/testsuite/gdb.arch/amd64-ssp.exp | 50 +++++ > .../gdb.base/inline-frame-cycle-unwind.py | 4 + > gdb/testsuite/gdb.base/libsegfault.exp | 2 +- > .../gdb.threads/attach-slow-waitpid.exp | 2 +- > gdb/testsuite/lib/gdb.exp | 77 ++++++- > gdb/x86-linux-nat.c | 51 ++++- > gdb/x86-linux-nat.h | 11 + > gdb/x86-tdep.c | 22 ++ > gdb/x86-tdep.h | 9 + > gdbserver/i387-fp.cc | 40 ++-- > gdbserver/linux-amd64-ipa.cc | 10 +- > gdbserver/linux-i386-ipa.cc | 6 +- > gdbserver/linux-low.cc | 40 ++-- > gdbserver/linux-low.h | 7 +- > gdbserver/linux-x86-low.cc | 44 +++- > gdbsupport/x86-xstate.h | 7 +- > 56 files changed, 1537 insertions(+), 212 deletions(-) > create mode 100644 gdb/features/i386/32bit-ssp.c > create mode 100644 gdb/features/i386/32bit-ssp.xml > create mode 100644 gdb/features/i386/64bit-ssp.c > create mode 100644 gdb/features/i386/64bit-ssp.xml > create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-cmds.exp > create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-corefile.exp > create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-disp-step.exp > create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack.c > create mode 100644 gdb/testsuite/gdb.arch/amd64-ssp.exp >