Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the implementation of Guarded Control Stack (GCS) support for CRIU on ARM64 architecture in this 24-minute conference talk from the Linux Plumbers Conference. Learn about the critical security feature designed to protect against Return-Oriented Programming (ROP) attacks and discover how checkpoint/restore functionality can be extended to support ARM's GCS extension. Examine the technical process of adding GCS support to CRIU, including methods for detecting, dumping, and restoring process state, along with necessary modifications to parasite code. Understand the significant challenge of meeting kernel sigframe expectations for GCS tokens, which proves essential for reliable restoration processes. Gain insights into the debugging methodology used to identify and address gaps in the kernel's GCS support during dump and restore operations, building upon Mike Rapoport's previous work on CET-based shadow stacks for x86 architectures.
