Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
Subject: Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Mon, 3 Oct 2022 15:28:47 -0700
Cc: x86@xxxxxxxxxx, "H . Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, Arnd Bergmann <arnd@xxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, "H . J . Lu" <hjl.tools@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V . Shankar" <ravi.v.shankar@xxxxxxxxx>, Weijiang Yang <weijiang.yang@xxxxxxxxx>, "Kirill A . Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>, joao.moreira@xxxxxxxxx, John Allen <john.allen@xxxxxxx>, kcc@xxxxxxxxxx, eranian@xxxxxxxxxx, rppt@xxxxxxxxxx, jamorris@xxxxxxxxxxxxxxxxxxx, dethoma@xxxxxxxxxxxxx
In-reply-to: <20220929222936.14584-30-rick.p.edgecombe@intel.com>
References: <20220929222936.14584-1-rick.p.edgecombe@intel.com> <20220929222936.14584-30-rick.p.edgecombe@intel.com>

On Thu, Sep 29, 2022 at 03:29:26PM -0700, Rick Edgecombe wrote:
> For the current shadow stack implementation, shadow stacks contents easily
> be arbitrarily provisioned with data.

I can't parse this sentence.

> This property helps apps protect
> themselves better, but also restricts any potential apps that may want to
> do exotic things at the expense of a little security.

Is anything using this right now? Wouldn't thing be safer without WRSS?
(Why can't we skip this patch?)

-- 
Kees Cook

Follow-Ups:
- Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
  - From: Mike Rapoport
- Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
  - From: Andy Lutomirski

References:
- [PATCH v2 00/39] Shadowstacks for userspace
  - From: Rick Edgecombe
- [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
  - From: Rick Edgecombe

Prev by Date: Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW
Next by Date: Re: [PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status
Previous by thread: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
Next by thread: Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]