Re: [PATCH v4 03/36] arm64/gcs: Document the ABI for Guarded Control Stacks
From: Mark Brown
Date: Fri Oct 06 2023 - 08:17:15 EST
On Thu, Oct 05, 2023 at 06:23:10PM +0100, Catalin Marinas wrote:
> It's not just the default size that I dislike (I think the x86
> RLIMIT_STACK or clone3() stack_size is probably good enough) but the
> kernel allocating the shadow stack and inserting it into the user
> address space. The actual thread stack is managed by the user but the
> shadow stack is not (and we don't do this very often). Anyway, I don't
> have a better solution for direct uses of clone() or clone3(), other
> than running those threads with the shadow stack disabled. Not sure
> that's desirable.
Running threads with the shadow stack disabled if they don't explicitly
request it feels like it's asking for trouble - as well as the escape
route from the protection it'd provide I'd expect there to be trouble
for things that do stack pivots, potentially random issues if there's a
mix of ways threads are started. It's going to be a tradeoff whatever
we do.
Attachment:
signature.asc
Description: PGP signature