* H. J. Lu: > On Sun, Jan 30, 2022 at 11:57 PM Florian Weimer <fweimer@xxxxxxxxxx> wrote: >> >> * Rick Edgecombe: >> >> > For the current shadow stack implementation, shadow stacks contents cannot >> > be arbitrarily provisioned with data. This property helps apps protect >> > themselves better, but also restricts any potential apps that may want to >> > do exotic things at the expense of a little security. >> > >> > The x86 shadow stack feature introduces a new instruction, wrss, which >> > can be enabled to write directly to shadow stack permissioned memory from >> > userspace. Allow it to get enabled via the prctl interface. >> >> Why can't this be turned on unconditionally? > > WRSS can be a security risk since it defeats the whole purpose of > Shadow Stack. If an application needs to write to shadow stack, > it can make a syscall to enable it. After the CET patches are checked > in Linux kernel, I will make a proposal to allow applications or shared > libraries to opt-in WRSS through a linker option, a compiler option or > a function attribute. Ahh, that makes sense. I assumed that without WRSS, the default was to allow plain writes. 8-) Thanks, Florian
