On Mon, 2021-09-20 at 09:48 -0700, Andy Lutomirski wrote: > My general opinion here (take this with a grain of salt -- I haven't > paged back in every single detail) is that the kernel should make it > straightforward for a libc to do the right thing without nasty races, > cross-thread coordination, or unnecessary permission to write to the > stack. I *also* think that it should be possible for userspace to > manage its own shadow stack allocation if it wants to, since I'm sure > there will be JIT or green thread or other use cases that want to do > crazy things that we fail to anticipate with in-kernel magic. > > So perhaps we should keep the explicit allocation and free > operations, have a way to opt-in to WRSS being flipped on, but also > do our best to have API that handle the known cases well. > > Does that make sense? Can we have both approaches work in the same > kernel? I think so. I'll take a look at adding a prctl to enable WRSS. Since there already is ARCH_X86_CET_DISABLE to disable CET, it doesn't seem like it should escalate anything. And ARCH_X86_CET_LOCK can prevent turning it on if desired. Thanks, Rick
