From: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
To: Tom Tromey <tom@tromey.com>
Cc: "Schimpe, Christina" <christina.schimpe@intel.com>, gdb@sourceware.org
Subject: Re: Shadow stack backtrace command name
Date: Thu, 28 Dec 2023 19:34:07 -0300 [thread overview]
Message-ID: <871qb6c5y8.fsf@linaro.org> (raw)
In-Reply-To: <87a5q0eq34.fsf@tromey.com>
Tom Tromey <tom@tromey.com> writes:
>>>>>> Schimpe, Christina via Gdb <gdb@sourceware.org> writes:
>
>> A shadow stack is a second stack for a program introduced in the Intel (R)
>> Control-Flow Enforcement Technology (CET). The shadow stack is used for
>> control transfer operations to store the return addresses.
>
> One question I had is when, as a gdb user, would I want to see this
> information?
I think the most common shadow stack error a GDB user would encounter
would be when the inferior is returning from a function and gets a
SIGSEGV because the return address is wrong (e.g., because a buffer
overflow wrote over it).
There are other possibilities, for example a program can create
different shadow stacks and switch between them (e.g., when it
implements userspace-level threading) so some error could happen during
that process. E.g., in AArch64's Guarded Control Stacks, there needs to
be a special "cap" value at the end of the incoming stack and a SIGSEGV
is generated if that's not the case. In this case I think the user would
want to be able to direct the shadow stack backtrace command to print
the backtrace of that other stack, instead of the currently active one.
Another example would be trying to write to a mapped shadow stack that
is read-only. That also causes a SIGSEGV. Though not sure if the shadow
stack backtrace is relevant in this scenario.
>> It is configurable using "print symbol-filename" and COUNT.
>> The command can be called by the following names:
>> - "info shadow-stack bt", "info shadow-stack backtrace"
>
> Like others in the thread, I'm -1 on "info" as a prefix.
> I liked "bt -shadow", but I was also wondering if the information should
> just be integrated into the ordinary backtrace when available... that's
> why I'm wondering when I'd want to see this.
In my first example, it would be useful if the regular backtrace output
noted where it differs from the shadow stack. Though I think a way to
see the shadow stack backtrace by itself would still be useful.
--
Thiago
next prev parent reply other threads:[~2023-12-28 22:34 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-20 9:42 Schimpe, Christina
2023-12-20 10:59 ` Guinevere Larsen
2023-12-20 15:11 ` Schimpe, Christina
2023-12-20 11:38 ` Luis Machado
2023-12-20 15:35 ` Schimpe, Christina
2023-12-20 15:57 ` Luis Machado
2023-12-21 4:35 ` Thiago Jung Bauermann
2023-12-21 22:26 ` Shadow stack command to host related subcommands (was Re: Shadow stack backtrace command name) Thiago Jung Bauermann
2024-01-09 8:34 ` Schimpe, Christina
2023-12-23 18:22 ` Shadow stack backtrace command name Tom Tromey
2023-12-28 22:34 ` Thiago Jung Bauermann [this message]
2024-01-09 10:21 ` Schimpe, Christina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871qb6c5y8.fsf@linaro.org \
--to=thiago.bauermann@linaro.org \
--cc=christina.schimpe@intel.com \
--cc=gdb@sourceware.org \
--cc=tom@tromey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).