On Tue, Feb 08, 2022 at 11:16:51AM +0200, Mike Rapoport wrote: > > > Any thoughts on how you would _like_ to see this resolved? > > Ideally, CRIU will need a knob that will tell the kernel/CET machinery > where the next RET will jump, along the lines of > restore_signal_shadow_stack() AFAIU. > > But such a knob will immediately reduce the security value of the entire > thing, and I don't have good ideas how to deal with it :( Probably a kind of latch in the task_struct which would trigger off once returt to a different address happened, thus we would be able to jump inside paratite code. Of course such trigger should be available under proper capability only.
