On Thu, Oct 05, 2023 at 06:23:10PM +0100, Catalin Marinas wrote: > It's not just the default size that I dislike (I think the x86 > RLIMIT_STACK or clone3() stack_size is probably good enough) but the > kernel allocating the shadow stack and inserting it into the user > address space. The actual thread stack is managed by the user but the > shadow stack is not (and we don't do this very often). Anyway, I don't > have a better solution for direct uses of clone() or clone3(), other > than running those threads with the shadow stack disabled. Not sure > that's desirable. Running threads with the shadow stack disabled if they don't explicitly request it feels like it's asking for trouble - as well as the escape route from the protection it'd provide I'd expect there to be trouble for things that do stack pivots, potentially random issues if there's a mix of ways threads are started. It's going to be a tradeoff whatever we do.
Attachment:
signature.asc
Description: PGP signature
