Try   HackMD

Agenda

Status updates

Discussions

MS: I have a draft implementation of shadow-stack support on aarch64.
The x18 register is initialized to the memory used by the shadow stack in ukboot, by making a call to malloc().

RD: How can you tell it's working?

MS: I could test with a POC.

RD: I suggest you dump the contents of the stack and the shadow stack and show them compared to the default build (i.e. return values are located on the main stack).
You can use GDB for this.

MS: Currently only the main.c file is built is shadow-stack support.

MS: It works but I get a trap at the end of the run.
It's because the x18 register, used for the shadow stack is required to have a particular value at end.

VB/RD: There needs to be a clean-up / destructor at the end.

MS: I will be away for three days (July 25-28, 2022).

RD: We won't have the meeting on July 25, 2022.

RD: Let's aim to have a draft implementation of shadow-stack support in two weeks time.

RD: Let's settle for a deadline of Monday, July 18, 2022 for a draft PR submission of shadow stack support.

RD/VB: The submitted PR will have to have a configuration file as part of the Build options section.
It will have to exclude early source code files, as x18 won't be compiled then.

RD: It's very good to start the upstreaming process early.
Still, this will take quite some time, I don't think it will make it to the 0.11 release in September.
Most likely it will be part of the 0.12 release in November.

RD: The use of malloc() in the boot code will have a critical review from the community, since booting should be very fast.

RD: We'll consider next steps.

VB: We'll do performance measurement metrics.
The Android version is using a caching mechanism.

RD: We may consider using gcc-12 that provides shadow stack support.

MS/VB: There is x86 shadow-support but for clang-8, which is an old version.

RD: We may consider other safety mechanisms such as FORTIFY_SOURCE.

MS: CET (Control-flow Enhancement Technology) may be an option.

TODOs and Decisions

MS: Post a message regarding current status and thanks to Marc and Michalis for their work.

MS: By next meeting on Monday, July 18, 2022, have a draft PR with the implementation.

MS: Document issues with x86 and shadow stack.

Last changed by 
Razvan Deaconescu
0
88

Read more

Unikraft Maintainers: July 11, 2022

Agenda coding / naming conventions: https://docs.google.com/document/d/1_iRkdBjQtnqOj798ZNr23OQTWQcXPdpDsnfBikm6Pcg/edit commit signing / GPG OSS growth Discussions :lock: GPG Signing? RD: It seems to add difficulty to new contributors.

Jul 11, 2022
Read more from Razvan Deaconescu
Published on HackMD