Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack

From: Edgecombe, Rick P
Date: Thu Sep 23 2021 - 19:32:57 EST

Next message: Sean Anderson: "Re: [PATCH v7 3/3] pwm: Add support for Xilinx AXI Timer"
Previous message: Kees Cook: "[PATCH] proc: Disable /proc/$pid/wchan"
In reply to: Andy Lutomirski: "Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2021-09-20 at 09:48 -0700, Andy Lutomirski wrote:
> My general opinion here (take this with a grain of salt -- I haven't
> paged back in every single detail) is that the kernel should make it
> straightforward for a libc to do the right thing without nasty races,
> cross-thread coordination, or unnecessary permission to write to the
> stack. I *also* think that it should be possible for userspace to
> manage its own shadow stack allocation if it wants to, since I'm sure
> there will be JIT or green thread or other use cases that want to do
> crazy things that we fail to anticipate with in-kernel magic.
>
> So perhaps we should keep the explicit allocation and free
> operations, have a way to opt-in to WRSS being flipped on, but also
> do our best to have API that handle the known cases well.
>
> Does that make sense? Can we have both approaches work in the same
> kernel?

I think so. I'll take a look at adding a prctl to enable WRSS. Since
there already is ARCH_X86_CET_DISABLE to disable CET, it doesn't seem
like it should escalate anything. And ARCH_X86_CET_LOCK can prevent
turning it on if desired.

Thanks,

Rick

Next message: Sean Anderson: "Re: [PATCH v7 3/3] pwm: Add support for Xilinx AXI Timer"
Previous message: Kees Cook: "[PATCH] proc: Disable /proc/$pid/wchan"
In reply to: Andy Lutomirski: "Re: [NEEDS-REVIEW] Re: [PATCH v11 25/25] x86/cet/shstk: Add arch_prctl functions for shadow stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]