RE: Shadow stack backtrace command name

public inbox for gdb@sourceware.org
 help / color / mirror / Atom feed

From: "Schimpe, Christina" <christina.schimpe@intel.com>
To: Thiago Jung Bauermann <thiago.bauermann@linaro.org>,
	Tom Tromey <tom@tromey.com>
Cc: "gdb@sourceware.org" <gdb@sourceware.org>
Subject: RE: Shadow stack backtrace command name
Date: Tue, 9 Jan 2024 10:21:02 +0000	[thread overview]
Message-ID: <SN7PR11MB7638463DD955713D5768D3F3F96A2@SN7PR11MB7638.namprd11.prod.outlook.com> (raw)
In-Reply-To: <871qb6c5y8.fsf@linaro.org>

Hi all, 

Thanks a lot for your feedback and ideas. Please see my comments below.

> >> A shadow stack is a second stack for a program introduced in the
> >> Intel (R) Control-Flow Enforcement Technology (CET).  The shadow
> >> stack is used for control transfer operations to store the return addresses.
> >
> > One question I had is when, as a gdb user, would I want to see this
> > information?

> I think the most common shadow stack error a GDB user would encounter
> would be when the inferior is returning from a function and gets a SIGSEGV
> because the return address is wrong (e.g., because a buffer overflow wrote over
> it).
> 
> There are other possibilities, for example a program can create different shadow
> stacks and switch between them (e.g., when it implements userspace-level
> threading) so some error could happen during that process. E.g., in AArch64's
> Guarded Control Stacks, there needs to be a special "cap" value at the end of the
> incoming stack and a SIGSEGV is generated if that's not the case. In this case I
> think the user would want to be able to direct the shadow stack backtrace
> command to print the backtrace of that other stack, instead of the currently
> active one.

Yes, I agree here. Common use cases would be debugging of stack corruption
or more complex scenarios that cause a control protection exception, as Thiago
points out.

> Another example would be trying to write to a mapped shadow stack that is
> read-only. That also causes a SIGSEGV. Though not sure if the shadow stack
> backtrace is relevant in this scenario.
> 
> >> It is configurable using "print symbol-filename" and COUNT.
> >> The command can be called by the following names:
> >> - "info shadow-stack bt", "info shadow-stack backtrace"
> >
> > Like others in the thread, I'm -1 on "info" as a prefix.
> > I liked "bt -shadow", but I was also wondering if the information
> > should just be integrated into the ordinary backtrace when
> > available... that's why I'm wondering when I'd want to see this.
> 
> In my first example, it would be useful if the regular backtrace output noted
> where it differs from the shadow stack. Though I think a way to see the shadow
> stack backtrace by itself would still be useful.

I like the idea to combine the outputs as the traces can be easily compared by
the user in this way. 

However, based on the use cases that I am aware of, I am not sure if the user
wants to always see the shadow stack bt in the ordinary bt output (if shadow
stack is enabled).

In addition, I wonder how the output would look like. Dependent on the source
code of the debugged program, the frames of the ordinary bt command can be
very long already. 

Christina

Intel Deutschland GmbH
Registered Address: Am Campeon 10, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de <http://www.intel.de>
Managing Directors: Christin Eisenschmid, Sharon Heck, Tiffany Doon Silva  
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

     prev parent reply	other threads:[~2024-01-09 10:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-20  9:42 Schimpe, Christina
2023-12-20 10:59 ` Guinevere Larsen
2023-12-20 15:11   ` Schimpe, Christina
2023-12-20 11:38 ` Luis Machado
2023-12-20 15:35   ` Schimpe, Christina
2023-12-20 15:57     ` Luis Machado
2023-12-21  4:35       ` Thiago Jung Bauermann
2023-12-21 22:26 ` Shadow stack command to host related subcommands (was Re: Shadow stack backtrace command name) Thiago Jung Bauermann
2024-01-09  8:34   ` Schimpe, Christina
2023-12-23 18:22 ` Shadow stack backtrace command name Tom Tromey
2023-12-28 22:34   ` Thiago Jung Bauermann
2024-01-09 10:21     ` Schimpe, Christina [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SN7PR11MB7638463DD955713D5768D3F3F96A2@SN7PR11MB7638.namprd11.prod.outlook.com \
    --to=christina.schimpe@intel.com \
    --cc=gdb@sourceware.org \
    --cc=thiago.bauermann@linaro.org \
    --cc=tom@tromey.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).