On Thu, Jan 19, 2023 at 01:23:10PM -0800, Rick Edgecombe wrote: > For the current shadow stack implementation, shadow stacks contents can't > easily be provisioned with arbitrary data. This property helps apps > protect themselves better, but also restricts any potential apps that may > want to do exotic things at the expense of a little security. > > The x86 shadow stack feature introduces a new instruction, WRSS, which > can be enabled to write directly to shadow stack permissioned memory from > userspace. Allow it to get enabled via the prctl interface. > > Only enable the userspace WRSS instruction, which allows writes to > userspace shadow stacks from userspace. Do not allow it to be enabled > independently of shadow stack, as HW does not support using WRSS when > shadow stack is disabled. > > From a fault handler perspective, WRSS will behave very similar to WRUSS, > which is treated like a user access from a #PF err code perspective. > > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx> > Tested-by: John Allen <john.allen@xxxxxxx> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
