Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK

From: Dave Hansen
Date: Tue Nov 15 2022 - 16:01:05 EST

Next message: Hans de Goede: "Re: [PATCH v2 6/7] platform/x86: ideapad-laptop: Keyboard backlight support for more IdeaPads"
Previous message: Maximilian Luz: "Re: [PATCH v2] ACPI: make remove callback of ACPI driver void"
In reply to: Peter Zijlstra: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/15/22 12:57, Peter Zijlstra wrote:
> On Tue, Nov 15, 2022 at 08:01:12PM +0000, Edgecombe, Rick P wrote:
>>>> + if (task != current) {
>>>> + if (option == ARCH_CET_UNLOCK &&
>>>> IS_ENABLED(CONFIG_CHECKPOINT_RESTORE)) {
>>> Why make this conditional on CRIU at all?
>> Kees asked for it, I think he was worried about attackers using it to
>> unlock and disable shadow stack. So wanted to lock it down to the
>> maximum.
> Well, distros will all have this stuff enabled no? So not much
> protection in practise.

Yeah, that's true for the distros.

But, I would imagine that our more paranoid friends like the ChromeOS
folks might appreciate this.

Next message: Hans de Goede: "Re: [PATCH v2 6/7] platform/x86: ideapad-laptop: Keyboard backlight support for more IdeaPads"
Previous message: Maximilian Luz: "Re: [PATCH v2] ACPI: make remove callback of ACPI driver void"
In reply to: Peter Zijlstra: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Next in thread: Peter Zijlstra: "Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]