Speaker
Igor Svilenkov Bozic
(CRIU)
Description
Shadow stacks are a key security feature to guard against ROP attacks. Mike Rapoport has worked on enabling checkpoint/restore support for CET-based shadow stacks.
This talk extends that work in the realm of Arm64, specifically the GCS Guarded Control Stack (GCS) ARM extension. I'll present the process of adding GCS support to CRIU, including how process state is detected, dumped and restored, and what changes were required to happen in the parasite code.
I'll cover a key challenge which was meeting the kernel’s sigframe expectations for GCS tokens, a critical part of getting reliable restore. I’ll also discuss the debugging process that led to identifying and understanding gaps in the kernel’s GCS support during dump and restore.
Primary author
Igor Svilenkov Bozic
(CRIU)