Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace

From: Andy Lutomirski
Date: Mon Oct 03 2022 - 19:00:48 EST

Next message: Ricardo Neri: "Re: [RFC PATCH 23/23] x86/process: Reset hardware history in context switch"
Previous message: Doug Anderson: "Re: [PATCH 1/2] arm64: dts: qcom: sdm845: align TLMM pin configuration with DT schema"
In reply to: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Next in thread: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/3/22 15:28, Kees Cook wrote:

On Thu, Sep 29, 2022 at 03:29:26PM -0700, Rick Edgecombe wrote:

For the current shadow stack implementation, shadow stacks contents easily
be arbitrarily provisioned with data.

I can't parse this sentence.

This property helps apps protect
themselves better, but also restricts any potential apps that may want to
do exotic things at the expense of a little security.

Is anything using this right now? Wouldn't thing be safer without WRSS?
(Why can't we skip this patch?)

So that people don't write programs that need either (shstk off) or (shstk on and WRSS on) and crash or otherwise fail on kernels that support shstk but don't support WRSS, perhaps?

Next message: Ricardo Neri: "Re: [RFC PATCH 23/23] x86/process: Reset hardware history in context switch"
Previous message: Doug Anderson: "Re: [PATCH 1/2] arm64: dts: qcom: sdm845: align TLMM pin configuration with DT schema"
In reply to: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Next in thread: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]