Re: [PATCH 34/35] x86/cet/shstk: Support wrss for userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
Subject: Re: [PATCH 34/35] x86/cet/shstk: Support wrss for userspace
From: Florian Weimer <fweimer@xxxxxxxxxx>
Date: Mon, 31 Jan 2022 08:56:45 +0100
Cc: x86@xxxxxxxxxx, "H . Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, Arnd Bergmann <arnd@xxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V . Shankar" <ravi.v.shankar@xxxxxxxxx>, Dave Martin <Dave.Martin@xxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, joao.moreira@xxxxxxxxx, John Allen <john.allen@xxxxxxx>, kcc@xxxxxxxxxx, eranian@xxxxxxxxxx
In-reply-to: <20220130211838.8382-35-rick.p.edgecombe@intel.com> (Rick Edgecombe's message of "Sun, 30 Jan 2022 13:18:37 -0800")
References: <20220130211838.8382-1-rick.p.edgecombe@intel.com> <20220130211838.8382-35-rick.p.edgecombe@intel.com>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

* Rick Edgecombe:

> For the current shadow stack implementation, shadow stacks contents cannot
> be arbitrarily provisioned with data. This property helps apps protect
> themselves better, but also restricts any potential apps that may want to
> do exotic things at the expense of a little security.
>
> The x86 shadow stack feature introduces a new instruction, wrss, which
> can be enabled to write directly to shadow stack permissioned memory from
> userspace. Allow it to get enabled via the prctl interface.

Why can't this be turned on unconditionally?

Thanks,
Florian

Follow-Ups:
- Re: [PATCH 34/35] x86/cet/shstk: Support wrss for userspace
  - From: H.J. Lu

References:
- [PATCH 00/35] Shadow stacks for userspace
  - From: Rick Edgecombe
- [PATCH 34/35] x86/cet/shstk: Support wrss for userspace
  - From: Rick Edgecombe

Prev by Date: Re: [PATCH RFC v1] drivers/base/node: consolidate node device subsystem initialization in node_dev_init()
Next by Date: Re: [PATCH v2 33/35] arm64/mm: attempt speculative mm faults first
Previous by thread: [PATCH 34/35] x86/cet/shstk: Support wrss for userspace
Next by thread: Re: [PATCH 34/35] x86/cet/shstk: Support wrss for userspace
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]