36
edits
Changes
Jump to navigation
Jump to search
→Project ideas: add arm64 Guarded Control Stack (GCS) project
Line 134:
Line 134:
+
+
+
* Mentors: Adrian Reber <areber@redhat.com>, Radostin Stoyanov <rstoyanov@fedoraproject.org>, Prajwal S N <prajwalnadig21@gmail.com>
* Mentors: Adrian Reber <areber@redhat.com>, Radostin Stoyanov <rstoyanov@fedoraproject.org>, Prajwal S N <prajwalnadig21@gmail.com>
* Suggested by: Adrian Reber
* Suggested by: Adrian Reber
+
+=== Add support for arm64 Guarded Control Stack (GCS) ===
+'''Summary:''' Support arm64 Guarded Control Stack (GCS)
+The arm64 Guarded Control Stack (GCS) feature provides support for
+hardware protected stacks of return addresses, intended to provide
+hardening against return oriented programming (ROP) attacks and to make
+it easier to gather call stacks for applications such as profiling (taken from [1]).
+We would like to support arm64 Guarded Control Stack (GCS) in CRIU, which means
+that CRIU should be able to Checkpoint/Restore applications using GCS.
+
+This task should not require any Linux kernel modifications
+but will require a lot of effort to understand Linux kernel and
+glibc support patches. We have a good example of support for
+x86 shadow stack [4] thanks to Mike.
+
+'''Links:'''
+* [1] kernel support https://lore.kernel.org/all/20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org
+* [2] libc support https://inbox.sourceware.org/libc-alpha/20250117174119.3254972-1-yury.khrustalev@arm.com
+* [3] libc tests https://inbox.sourceware.org/libc-alpha/20250210114538.1723249-1-yury.khrustalev@arm.com
+* [4] x86 support (a great reference!) https://github.com/checkpoint-restore/criu/pull/2306
+'''Details:'''
+* Skill level: expert (a lot of moving parts: Linux kernel / libc / CRIU)
+* Language: C
+* Expected size: 350 hours
+* Suggested by: Mike Rapoport <rppt@kernel.org>
+* Mentors: Mike Rapoport <rppt@kernel.org>, Andrei Vagin <avagin@gmail.com>, Alexander Mikhalitsyn <alexander@mihalicyn.com>
== Suspended project ideas ==
== Suspended project ideas ==