Re: [PATCH v5 4/7] arm64: probes: Add GCS support to bl/blr/ret

From: Catalin Marinas
Date: Fri Aug 15 2025 - 10:09:49 EST

Next message: Catalin Marinas: "Re: [PATCH v5 7/7] uprobes: uprobe_warn should use passed task"
Previous message: Christian Brauner: "Re: (subset) [PATCH 4/4] fs-writeback: Remove redundant __GFP_NOWARN"
In reply to: Jeremy Linton: "[PATCH v5 4/7] arm64: probes: Add GCS support to bl/blr/ret"
Next in thread: Jeremy Linton: "[PATCH v5 5/7] arm64: uprobes: Add GCS support to uretprobes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 11, 2025 at 09:10:07AM -0500, Jeremy Linton wrote:
> The arm64 probe simulation doesn't currently have logic in place
> to deal with GCS and this results in core dumps if probes are inserted
> at control flow locations. Fix-up bl, blr and ret to manipulate the
> shadow stack as needed.
>
> While we manipulate and validate the shadow stack correctly, the
> hardware provides additional security by only allowing GCS operations
> against pages which are marked to support GCS. For writing there is
> gcssttr() which enforces this, but there isn't an equivalent for
> reading. This means that uprobe users should be aware that probing on
> control flow instructions which require reading the shadow stack (ex:
> ret) offers lower security guarantees than what is achieved without
> the uprobe active.
>
> Signed-off-by: Jeremy Linton <jeremy.linton@xxxxxxx>

Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>

Next message: Catalin Marinas: "Re: [PATCH v5 7/7] uprobes: uprobe_warn should use passed task"
Previous message: Christian Brauner: "Re: (subset) [PATCH 4/4] fs-writeback: Remove redundant __GFP_NOWARN"
In reply to: Jeremy Linton: "[PATCH v5 4/7] arm64: probes: Add GCS support to bl/blr/ret"
Next in thread: Jeremy Linton: "[PATCH v5 5/7] arm64: uprobes: Add GCS support to uretprobes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]