From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl.tools@gmail.com>
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com
 [IPv6:2607:f8b0:4864:20::32a])
 by sourceware.org (Postfix) with ESMTPS id A2AF3384F01B
 for <libc-alpha@sourceware.org>; Mon, 31 May 2021 16:01:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A2AF3384F01B
Received: by mail-ot1-x32a.google.com with SMTP id
 69-20020a9d0a4b0000b02902ed42f141e1so11503766otg.2
 for <libc-alpha@sourceware.org>; Mon, 31 May 2021 09:01:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=Izjwarfz2iedKXq/SnhwcSYqZO9thMcIRmRaepjvEBs=;
 b=Whm87u3EVdmeOvdtgHr0W7XCR2bCPQIICFYY0FmrnstTiYbCU2tE9ALY4xXsBKKPl8
 p2fhh9iv3Sb40uR310XqnSjJ0KiFc+dSOD75lqg4MO6dg4Qofibbm9qKeH7qnEHbhB85
 COy47M78bcfSepNGX+KYf34HC+2zogccTVWcZQMY8TtAuj4P53gfhQ+3TFl3z2HqMps/
 VaDRckbvuqad+cpiQh5wjGjk1+hYUj6EWf/PuFFyq/wDGsZQNb2pDnQrudWvH/RPWxop
 eqywhln57Omun4GUziO8PyPXLi7Q1ny8pbBLyRKrYeFpIHYfHWPlC80Fp5ksXVPYWBVd
 6ARw==
X-Gm-Message-State: AOAM533ukq2rnpr0Q2JFEkxRIpazv+nOQngxW5tqdLxxWQKDBfj04lpo
 EczHQ0sZZtoBE83rRC3OXw/7n2Gw5NiEJ4nO5gk=
X-Google-Smtp-Source: ABdhPJzM1vqsZmJa4vQJjCxt97sxqfio6aZ55/lHy2zveUGWtLjlu3aywzgjObqOSqysBqKJAqvE/81Oe2a/9Qix6x8=
X-Received: by 2002:a9d:74c5:: with SMTP id a5mr3015112otl.125.1622476888082; 
 Mon, 31 May 2021 09:01:28 -0700 (PDT)
MIME-Version: 1.0
References: <20210526123956.2712353-1-hjl.tools@gmail.com>
 <20210526123956.2712353-2-hjl.tools@gmail.com>
 <87h7ipsl03.fsf@oldenburg.str.redhat.com>
 <CAMe9rOorjfK_tx_y7158hwwP-JOisuegCF76VRDUUKJWiG2ukg@mail.gmail.com>
 <875yz5sjb4.fsf@oldenburg.str.redhat.com>
 <d8061d36-a1c8-de7d-3911-8f57fe4446b1@linaro.org>
 <CAMe9rOo1EzHoTGvV-oqLJKANKAChLdGcumB=RRep9jTDTHB-7Q@mail.gmail.com>
 <87im2zdroh.fsf@oldenburg.str.redhat.com>
 <CAMe9rOq1YWosX1vpnXr7xikEyfo1vnuPfa6NUr6hPot8eOLr6Q@mail.gmail.com>
 <87eedndr58.fsf@oldenburg.str.redhat.com>
 <CAMe9rOpwRhzf5W-gWQS8pKOnfg9QNctK23rg2trzQ7R+eKsmfw@mail.gmail.com>
 <87a6obdpl2.fsf@oldenburg.str.redhat.com>
 <CAMe9rOp8ke1XajP21PO8NxyD0EK27MHgL3mzyyUgMS+jOu3xUg@mail.gmail.com>
 <9b4afce0-0177-5798-3dcf-58e57900b004@linaro.org>
 <CAMe9rOoU4-Jw9uYcU3+-hyj4GOz_L4gq1L51hU4Lfzh4a6WhvA@mail.gmail.com>
 <cb8d8b83-9430-e28f-f41e-4324f691f10e@linaro.org>
In-Reply-To: <cb8d8b83-9430-e28f-f41e-4324f691f10e@linaro.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Mon, 31 May 2021 09:00:52 -0700
Message-ID: <CAMe9rOpj+ryaFA2m2QPDrwD0KbD_CeYJCvrDjxo9LyY79DmoGw@mail.gmail.com>
Subject: Re: [PATCH v7 1/3] Add an internal wrapper for clone,
 clone2 and clone3
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: Florian Weimer <fweimer@redhat.com>,
 GNU C Library <libc-alpha@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-3028.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_NUMSUBJECT,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2021 16:01:31 -0000

On Mon, May 31, 2021 at 8:57 AM Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
>
>
> On 31/05/2021 11:01, H.J. Lu wrote:
> > On Mon, May 31, 2021 at 6:53 AM Adhemerval Zanella
> > <adhemerval.zanella@linaro.org> wrote:
> >>
> >>
> >>
> >> On 31/05/2021 10:16, H.J. Lu wrote:
> >>> On Mon, May 31, 2021 at 6:01 AM Florian Weimer <fweimer@redhat.com> wrote:
> >>>>
> >>>> * H. J. Lu:
> >>>>
> >>>>> In the kernel, clone3 and clone go to the same piece of code.  clone won't
> >>>>> fail just because of CET.
> >>>>
> >>>> But clone won't have access to the stack boundaries.  Won't this create
> >>>> issues for setting up the shadow stack?
> >>>>
> >>>
> >>> No.  There are:
> >>>
> >>>         /* Cap shadow stack size to 4 GB */
> >>>         size = min_t(unsigned long long, rlimit(RLIMIT_STACK), SZ_4G);
> >>>         size = min(size, stack_size);
> >>>
> >>> where stack_size is passed in clone3.
> >>
> >> Right, so CET support does not really require clone3 to be used internally
> >> then? Or am I missing something?
> >
> > Shadow stack size shouldn't be more than normal stack size.  The current
> > CET kernel shadow stack size may not be optimal.  My original code did
> >
> > if (stack_size != 0)
> >   size = stack_size;
> > else
> >   size = min_t(unsigned long long, rlimit(RLIMIT_STACK), SZ_4G);
> >
> > But
> >
> > 1. I don't want to disturb it before CET changes are upstreamed.
> > 2. It can be updated AFTER it has been upstreamed.
>
> Right, so I take this is just an optimization assuming that the extra
> size would unused, right? I still failing to see why clone3 is an

Correct.

> requirement for CET enablement (if I understood this correctly).

It isn't a MUST have.  It is an improvement for CET.

> I still think supporting clone3 is a nice thing to have, specially
> for possible newer architectures and to support newer flags and
> functionalities.



-- 
H.J.