On Wed, 2024-05-15 at 13:35 +0200, Oleg Nesterov wrote: > Let me repeat I know nothing about shadow stacks, only tried to > read Documentation/arch/x86/shstk.rst few minutes ago ;) > > On 05/13, Jiri Olsa wrote: > > > > 1) current uretprobe which are not working at the moment and we change > > the top value of shadow stack with shstk_push_frame > > 2) optimized uretprobe which needs to push new frame on shadow stack > > with shstk_update_last_frame > > > > I think we should do 1) and have current uretprobe working with shadow > > stack, which is broken at the moment > > Agreed, > > > I'm ok with not using optimized uretprobe when shadow stack is detected > > as enabled and we go with current uretprobe in that case > > But how can we detect it? Again, suppose userspace does the rdssp instruction returns the value of the shadow stack pointer. On non- shadow stack it is a nop. So you could check if the SSP is non-zero to find if shadow stack is enabled. This would catch most cases, but I guess there is the possibility of it getting enabled in a signal that hit between checking and the rest of operation. Is this uretprobe stuff signal safe in general?
