On Thu, 2023-10-26 at 13:40 -0700, Deepak Gupta wrote: > > FWIW, from arch specific perspective, RISC-V shadow stack extension > has > `ssamoswap` to perform this token exchange. But I understand x86 has > this > limitation (not sure about arm GCS). > > From security perspective:-- > Someone having ability to execute clone3 with control on input, > probably > already achieved some level of control flow bending because they need > to > corrupt memory and then carefully control registers input to clone3. > Although if it is purely a data oriented gadget, I think it is > possible. struct clone_args should be data somewhere, at least temporarily. > > Since this RFC is mostly concerned about `size` of shadow stack. I > think > we should limit it to size only. Seems reasonable to me. It still leaves open the option of adding an shadow stack address field later AFAICT.
