| Message ID | 20250608010338.2234530-1-thiago.bauermann@linaro.org |
|---|---|
| Headers | show |
| Series | AArch64 Guarded Control Stack support | expand |
> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> > Date: Sat, 7 Jun 2025 22:03:11 -0300 > > This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] > Add CET shadow stack support"¹ series. For convenience, I pushed the > branch users/bauermann/gcs to the GDB repo containing the whole stack. Hm... Christina's patch series included changes to the GDB manual which describe the Shadow Stack feature and its use. Shouldn't we have a similar short description of the AArch64 GCS feature in the manual? Or did I miss it? Thanks.
Thiago Jung Bauermann <thiago.bauermann@linaro.org> writes: > This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] > Add CET shadow stack support"¹ series. For convenience, I pushed the > branch users/bauermann/gcs to the GDB repo containing the whole stack. Actually, to be more precise this series depends only on two patches from the shadow stack one: [PATCH v3 08/11] gdb, gdbarch: Enable inferior calls for shadow stack support. [PATCH v3 10/11] gdb, gdbarch: Introduce gdbarch method to get the shadow stack pointer. I just updated the branch to reflect this.
Hello, Thank you for the quick review! Eli Zaretskii <eliz@gnu.org> writes: >> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> >> Date: Sat, 7 Jun 2025 22:03:11 -0300 >> >> This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] >> Add CET shadow stack support"¹ series. For convenience, I pushed the >> branch users/bauermann/gcs to the GDB repo containing the whole stack. > > Hm... Christina's patch series included changes to the GDB manual > which describe the Shadow Stack feature and its use. Shouldn't we > have a similar short description of the AArch64 GCS feature in the > manual? Or did I miss it? Yes, there is a section for GCS in patch 3, then slightly expanded in patch 4.
> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> > Cc: gdb-patches@sourceware.org > Date: Mon, 09 Jun 2025 23:35:47 -0300 > > Hello, > > Thank you for the quick review! > > Eli Zaretskii <eliz@gnu.org> writes: > > >> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> > >> Date: Sat, 7 Jun 2025 22:03:11 -0300 > >> > >> This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] > >> Add CET shadow stack support"¹ series. For convenience, I pushed the > >> branch users/bauermann/gcs to the GDB repo containing the whole stack. > > > > Hm... Christina's patch series included changes to the GDB manual > > which describe the Shadow Stack feature and its use. Shouldn't we > > have a similar short description of the AArch64 GCS feature in the > > manual? Or did I miss it? > > Yes, there is a section for GCS in patch 3, then slightly expanded in > patch 4. Ouch! This practice of sending changes to gdb.texinfo in several separate patches in the same series drives me crazy. (No, don't answer that.) Those two parts are okay, but please fix the spaces between sentences: some of them have only one SPC character, not 2, per our conventions.
Eli Zaretskii <eliz@gnu.org> writes: >> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> >> Cc: gdb-patches@sourceware.org >> Date: Mon, 09 Jun 2025 23:35:47 -0300 >> >> Hello, >> >> Thank you for the quick review! >> >> Eli Zaretskii <eliz@gnu.org> writes: >> >> >> From: Thiago Jung Bauermann <thiago.bauermann@linaro.org> >> >> Date: Sat, 7 Jun 2025 22:03:11 -0300 >> >> >> >> This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] >> >> Add CET shadow stack support"¹ series. For convenience, I pushed the >> >> branch users/bauermann/gcs to the GDB repo containing the whole stack. >> > >> > Hm... Christina's patch series included changes to the GDB manual >> > which describe the Shadow Stack feature and its use. Shouldn't we >> > have a similar short description of the AArch64 GCS feature in the >> > manual? Or did I miss it? >> >> Yes, there is a section for GCS in patch 3, then slightly expanded in >> patch 4. > > Ouch! This practice of sending changes to gdb.texinfo in several > separate patches in the same series drives me crazy. (No, don't > answer that.) Sorry about that. In v2 (and also future patch series) I'll send the documentation changes in its own patch. > Those two parts are okay, but please fix the spaces between sentences: > some of them have only one SPC character, not 2, per our conventions. Oops, I try to pay attention to that but these ones slipped. They'll be fixed when I post v2.
Hi, On 6/8/25 02:03, Thiago Jung Bauermann wrote: > Hello, > > This patch series adds support for AArch64's Guarded Control Stack (GCS) > feature in GDB and gdbserver. With it enabled, a processor will keep a > secondary stack just for return addresses and push into it when a function > is called, so that on function return it can check whether control is > returning to the correct location. This protects against corrupted stacks > and return-oriented programming. Intel has a similar Shadow Stack > feature. The Linux kernel supports GCS in userspace since v6.13. > > This patch series applies on top of Christina Schimpe's "[PATCH v3 00/11] > Add CET shadow stack support"¹ series. For convenience, I pushed the > branch users/bauermann/gcs to the GDB repo containing the whole stack. > > I know we're somewhat close to the branch day, but it would be great if > this series could get in the GDB 17.1 release... To this end I split the > GCS patches in two series, and this one contains the more straightforward > patches. > > I have a second, small series that applies on top of this one which adds a > few new commands to work with GCS/shadow stacks, and also a new frame > "decoration" to help the user see when a frame's return address doesn't > match the one on the stack. These changes may need some discussion so I'll > send them separately in the near future. > > Tested on aarch64-linux-gnu, both native and with native-extended-gdbserver. > > I'm still running regression tests for native-extended-gdbserver, and will > report here if I find any issue. > > ¹ https://inbox.sourceware.org/gdb-patches/20250507164620.2394003-1-christina.schimpe@intel.com/ > > Thiago Jung Bauermann (8): > bfd/aarch64-linux: Support reading and writing the GCS core file note > GDB: doc: Improve AArch64 and ARM subsubsection titles in gdb.texinfo > GDB, gdbserver: aarch64-linux: Initial Guarded Control Stack support > GDB: aarch64-linux: GCS support in Linux signals > GDB: aarch64-linux: Implement GCS support in displaced stepping > GDB: testsuite: Add gdb.arch/aarch64-gcs.exp testcase > GDB: testsuite: Add gdb.arch/aarch64-gcs-core.exp testcase > GDB: testsuite: Add gdb.arch/aarch64-gcs-disp-step.exp testcase > > bfd/elf.c | 31 ++++ > gdb/NEWS | 3 + > gdb/aarch64-linux-nat.c | 79 ++++++++ > gdb/aarch64-linux-tdep.c | 136 +++++++++++++- > gdb/aarch64-tdep.c | 148 ++++++++++++++- > gdb/aarch64-tdep.h | 14 ++ > gdb/arch/aarch64-gcs-linux.h | 48 +++++ > gdb/arch/aarch64.c | 8 + > gdb/arch/aarch64.h | 10 +- > gdb/doc/gdb.texinfo | 110 +++++++++--- > gdb/features/Makefile | 2 + > gdb/features/aarch64-gcs-linux.c | 21 +++ > gdb/features/aarch64-gcs-linux.xml | 18 ++ > gdb/features/aarch64-gcs.c | 14 ++ > gdb/features/aarch64-gcs.xml | 11 ++ > gdb/linux-tdep.h | 7 + > gdb/testsuite/gdb.arch/aarch64-gcs-core.c | 124 +++++++++++++ > gdb/testsuite/gdb.arch/aarch64-gcs-core.exp | 105 +++++++++++ > .../gdb.arch/aarch64-gcs-disp-step.c | 140 +++++++++++++++ > .../gdb.arch/aarch64-gcs-disp-step.exp | 90 ++++++++++ > gdb/testsuite/gdb.arch/aarch64-gcs.c | 168 ++++++++++++++++++ > gdb/testsuite/gdb.arch/aarch64-gcs.exp | 78 ++++++++ > gdb/testsuite/lib/gdb.exp | 62 ++++++- > gdbserver/linux-aarch64-low.cc | 46 +++++ > include/elf/common.h | 3 + > 25 files changed, 1435 insertions(+), 41 deletions(-) > create mode 100644 gdb/arch/aarch64-gcs-linux.h > create mode 100644 gdb/features/aarch64-gcs-linux.c > create mode 100644 gdb/features/aarch64-gcs-linux.xml > create mode 100644 gdb/features/aarch64-gcs.c > create mode 100644 gdb/features/aarch64-gcs.xml > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs-core.c > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs-core.exp > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs-disp-step.c > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs-disp-step.exp > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs.c > create mode 100644 gdb/testsuite/gdb.arch/aarch64-gcs.exp > Do you need a particular non-distro toolchain to get the kernel to enable/detect GCS at boot? Or is there some switch that needs to be enabled in QEMU?
Hello Luis, Luis Machado <luis.machado@arm.com> writes: > Hi, > > On 6/8/25 02:03, Thiago Jung Bauermann wrote: >> >> This patch series adds support for AArch64's Guarded Control Stack (GCS) >> feature in GDB and gdbserver. With it enabled, a processor will keep a >> secondary stack just for return addresses and push into it when a function >> is called, so that on function return it can check whether control is >> returning to the correct location. This protects against corrupted stacks >> and return-oriented programming. Intel has a similar Shadow Stack >> feature. The Linux kernel supports GCS in userspace since v6.13. > > Do you need a particular non-distro toolchain to get the kernel to enable/detect GCS at > boot? Or is there some switch that needs to be enabled in QEMU? No, you can build the kernel with the regular distro toolchain. I've used both the toolchain from Ubuntu 24.10 and from Ubuntu 25.04. I'm almost sure I've used Ubuntu 24.04 as well. The kernel config just needs to have CONFIG_ARM64_GCS=y. But QEMU doesn't support GCS yet unfortunately. I've been using the FVT emulator to test these patches. FWIW, implementing QEMU support for GCS is in Linaro's plan. It's being tracked here: https://linaro.atlassian.net/browse/QEMU-517
On 6/11/25 20:54, Thiago Jung Bauermann wrote: > Hello Luis, > > Luis Machado <luis.machado@arm.com> writes: > >> Hi, >> >> On 6/8/25 02:03, Thiago Jung Bauermann wrote: >>> >>> This patch series adds support for AArch64's Guarded Control Stack (GCS) >>> feature in GDB and gdbserver. With it enabled, a processor will keep a >>> secondary stack just for return addresses and push into it when a function >>> is called, so that on function return it can check whether control is >>> returning to the correct location. This protects against corrupted stacks >>> and return-oriented programming. Intel has a similar Shadow Stack >>> feature. The Linux kernel supports GCS in userspace since v6.13. >> >> Do you need a particular non-distro toolchain to get the kernel to enable/detect GCS at >> boot? Or is there some switch that needs to be enabled in QEMU? > > No, you can build the kernel with the regular distro toolchain. I've > used both the toolchain from Ubuntu 24.10 and from Ubuntu 25.04. I'm > almost sure I've used Ubuntu 24.04 as well. The kernel config just needs > to have CONFIG_ARM64_GCS=y. > > But QEMU doesn't support GCS yet unfortunately. I've been using the FVT > emulator to test these patches. Ah, that explains it. I might have to setup the FVT environment for this. But let me go through the patches first. > > FWIW, implementing QEMU support for GCS is in Linaro's plan. It's being > tracked here: https://linaro.atlassian.net/browse/QEMU-517 Great. Thanks for the info.