On Wed, Feb 21, 2024 at 12:35:48AM +0000, Edgecombe, Rick P wrote: > doing. But those threads might be using shadow stack instructions > (INCSSP, RSTORSSP, etc). These are a collection of instructions that > allow limited control of the SSP. When shadow stack gets disabled, > these suddenly turn into #UD generating instructions. So any other > threads executing those instructions when shadow stack got disabled > would be in for a nasty surprise. > Glibc's permissive mode (that disables shadow stack when dlopen()ing a > DSO that doesn't support shadow stack) is quite limited because of > this. There was a POC for working around it, but I'll stop there for > now, to not spam you with the details. I'm not sure of arm and risc-v > details on this specific corner, but for x86. We have the same issue with disabling GCS causing GCS instructions to become undefined.
Attachment:
signature.asc
Description: PGP signature