AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the implementation of Guarded Control Stack (GCS) support for CRIU on ARM64 architecture in this 24-minute conference talk from the Linux Plumbers Conference. Learn about the critical security feature designed to protect against Return-Oriented Programming (ROP) attacks and discover how checkpoint/restore functionality can be extended to support ARM's GCS extension. Examine the technical process of adding GCS support to CRIU, including methods for detecting, dumping, and restoring process state, along with necessary modifications to parasite code. Understand the significant challenge of meeting kernel sigframe expectations for GCS tokens, which proves essential for reliable restoration processes. Gain insights into the debugging methodology used to identify and address gaps in the kernel's GCS support during dump and restore operations, building upon Mike Rapoport's previous work on CET-based shadow stacks for x86 architectures.
