On Sun, 2023-07-16 at 22:50 +0100, Mark Brown wrote: > On arm64 and x86 the kernel can control if there is write access to > the > shadow stack via specific instructions defined for the purpose, > useful > for things like userspace threading at the expense of some security. > Add a flag to allow this to be selected when changing the shadow > stack > status. > > On arm64 the kernel can separately control if userspace is able to > pop > and push values directly onto the shadow stack via GCS push and pop > instructions, supporting many scenarios where userspace needs to > write > to the stack with less security exposure than full write access. Add > a > flag to allow this to be selected when changing the shadow stack > status. Is this correct? I thought Szabolcs was saying pop was always supported, but push was optional.
