553
edits
Changes
mLine 22:
Line 22: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
* Expected size: 350 hours
* Expected size: 350 hours
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Prajwal S N <prajwalnadig21@gmail.com>, Adrian Reber <areber@redhat.com>
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Prajwal S N <prajwalnadig21@gmail.com>, Adrian Reber <areber@redhat.com>
=== Add support for arm64 Guarded Control Stack (GCS) ===
'''Summary:''' Support arm64 Guarded Control Stack (GCS)
The arm64 Guarded Control Stack (GCS) feature provides support for
hardware protected stacks of return addresses, intended to provide
hardening against return oriented programming (ROP) attacks and to make
it easier to gather call stacks for applications such as profiling (taken from [1]).
We would like to support arm64 Guarded Control Stack (GCS) in CRIU, which means
that CRIU should be able to Checkpoint/Restore applications using GCS.
This task should not require any Linux kernel modifications
but will require a lot of effort to understand Linux kernel and
glibc support patches. We have a good example of support for
x86 shadow stack [4].
'''Links:'''
* [1] kernel support https://lore.kernel.org/all/20241001-arm64-gcs-v13-0-222b78d87eee@kernel.org
* [2] libc support https://inbox.sourceware.org/libc-alpha/20250117174119.3254972-1-yury.khrustalev@arm.com
* [3] libc tests https://inbox.sourceware.org/libc-alpha/20250210114538.1723249-1-yury.khrustalev@arm.com
* [4] x86 support https://github.com/checkpoint-restore/criu/pull/2306
'''Details:'''
* Contributor: [https://github.com/svilenkov Igor Svilenkov Bozic]
* [https://github.com/checkpoint-restore/criu/pull/2725 Final Report]
* [https://drive.google.com/file/d/1Uoz_E5K-1zRcZwEWXKVcsNtxmdzDIpiY/view?usp=sharing Presentation Recording]
* Linux Plumbers Conference Talk: [https://lpc.events/event/19/contributions/2237/ Guarded Control Stack on arm64: Challenges in Enabling Shadow Stack Support for CRIU]
* Skill level: expert (a lot of moving parts: Linux kernel / libc / CRIU)
* Language: C
* Expected size: 350 hours
* Suggested by: Mike Rapoport <rppt@kernel.org>
* Mentors: Mike Rapoport <rppt@kernel.org>, Andrei Vagin <avagin@gmail.com>, Alexander Mikhalitsyn <alexander@mihalicyn.com>
=== Kubernetes operator for managing container checkpoints ===
=== Kubernetes operator for managing container checkpoints ===