Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace

From: Mike Rapoport
Date: Tue Oct 04 2022 - 04:31:32 EST

Next message: Borislav Petkov: "[GIT PULL] x86/sgx for 6.1"
Previous message: Andy Shevchenko: "Re: [PATCH 11/20] gpio/rockchip: add of_node for gpiochip"
In reply to: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 03, 2022 at 03:28:47PM -0700, Kees Cook wrote:
> On Thu, Sep 29, 2022 at 03:29:26PM -0700, Rick Edgecombe wrote:
> > For the current shadow stack implementation, shadow stacks contents easily
> > be arbitrarily provisioned with data.
>
> I can't parse this sentence.
>
> > This property helps apps protect
> > themselves better, but also restricts any potential apps that may want to
> > do exotic things at the expense of a little security.
>
> Is anything using this right now? Wouldn't thing be safer without WRSS?
> (Why can't we skip this patch?)

CRIU uses WRSS to restore the shadow stack contents.

> --
> Kees Cook

--
Sincerely yours,
Mike.

Next message: Borislav Petkov: "[GIT PULL] x86/sgx for 6.1"
Previous message: Andy Shevchenko: "Re: [PATCH 11/20] gpio/rockchip: add of_node for gpiochip"
In reply to: Kees Cook: "Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]