On Wed, Aug 23, 2023 at 02:11:07PM +0100, Catalin Marinas wrote: > Yes, this should work. Any invocation of clone() or clone3() without a > shadow stack would disable GCS. What about the reverse, should GCS be > enabled for a thread even if the clone3() caller has GCS disabled? I > guess we shouldn't since GCS enabling depends on the prctl() state set > previously. It has a fairly obvious intended meaning so we could do it easily enough but OTOH allowing it opens up the idea of people wanting to specify GCS flags which starts to seem like more trouble than it's worth compared to just having them do the prctl() in the new thread.
Attachment:
signature.asc
Description: PGP signature