Unikraft GSoC22: Shadow Stack: July 11, 2022

--- title: "Unikraft GSoC22: Shadow Stack: July 11, 2022" tags: unikraft, gsoc, shadow-stack datetime: 2022-07-11T16:30:00+02:00 location: Online, Discord (https://bit.ly/UnikraftDiscord), the `#monkey-business` voice channel teams: - gsoc participants: - Maria - Răzvan - Vlad --- ### Agenda Status updates ### Discussions MS: I have a draft implementation of shadow-stack support on aarch64. The `x18` register is initialized to the memory used by the shadow stack in `ukboot`, by making a call to `malloc()`. RD: How can you tell it's working? MS: I could test with a POC. RD: I suggest you dump the contents of the stack and the shadow stack and show them compared to the default build (i.e. return values are located on the main stack). You can use GDB for this. MS: Currently only the `main.c` file is built is shadow-stack support. MS: It works but I get a trap at the end of the run. It's because the `x18` register, used for the shadow stack is required to have a particular value at end. VB/RD: There needs to be a clean-up / destructor at the end. MS: I will be away for three days (July 25-28, 2022). RD: We won't have the meeting on July 25, 2022. RD: Let's aim to have a draft implementation of shadow-stack support in two weeks time. RD: Let's settle for a deadline of Monday, July 18, 2022 for a draft PR submission of shadow stack support. RD/VB: The submitted PR will have to have a configuration file as part of the `Build options` section. It will have to exclude early source code files, as `x18` won't be compiled then. RD: It's very good to start the upstreaming process early. Still, this will take quite some time, I don't think it will make it to the 0.11 release in September. Most likely it will be part of the 0.12 release in November. RD: The use of `malloc()` in the boot code will have a critical review from the community, since booting should be very fast. RD: We'll consider next steps. VB: We'll do performance measurement metrics. The Android version is using a caching mechanism. RD: We may consider using gcc-12 that provides shadow stack support. MS/VB: There is x86 shadow-support but for clang-8, which is an old version. RD: We may consider other safety mechanisms such as `FORTIFY_SOURCE`. MS: CET (*Control-flow Enhancement Technology*) may be an option. ### TODOs and Decisions MS: Post a message regarding current status and thanks to Marc and Michalis for their work. MS: By next meeting on Monday, July 18, 2022, have a draft PR with the implementation. MS: Document issues with x86 and shadow stack.