Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK

From: Peter Zijlstra
Date: Tue Nov 15 2022 - 15:58:30 EST

Next message: Naresh Solanki: "Re: [PATCH v5 3/3] hwmon: (max6639) Change from pdata to dt configuration"
Previous message: Peter Zijlstra: "Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack."
In reply to: Edgecombe, Rick P: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Next in thread: Dave Hansen: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 15, 2022 at 08:01:12PM +0000, Edgecombe, Rick P wrote:
> > > + if (task != current) {
> > > + if (option == ARCH_CET_UNLOCK &&
> > > IS_ENABLED(CONFIG_CHECKPOINT_RESTORE)) {
> >
> > Why make this conditional on CRIU at all?
>
> Kees asked for it, I think he was worried about attackers using it to
> unlock and disable shadow stack. So wanted to lock it down to the
> maximum.

Well, distros will all have this stuff enabled no? So not much
protection in practise.

Next message: Naresh Solanki: "Re: [PATCH v5 3/3] hwmon: (max6639) Change from pdata to dt configuration"
Previous message: Peter Zijlstra: "Re: [PATCH v3 18/37] mm: Add guard pages around a shadow stack."
In reply to: Edgecombe, Rick P: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Next in thread: Dave Hansen: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]