[PATCH 02/35] prctl: Add flag for shadow stack writeability and push/pop
Edgecombe, Rick P
rick.p.edgecombe at intel.com
Tue Jul 18 10:47:32 PDT 2023
On Sun, 2023-07-16 at 22:50 +0100, Mark Brown wrote:
> On arm64 and x86 the kernel can control if there is write access to
> the
> shadow stack via specific instructions defined for the purpose,
> useful
> for things like userspace threading at the expense of some security.
> Add a flag to allow this to be selected when changing the shadow
> stack
> status.
>
> On arm64 the kernel can separately control if userspace is able to
> pop
> and push values directly onto the shadow stack via GCS push and pop
> instructions, supporting many scenarios where userspace needs to
> write
> to the stack with less security exposure than full write access. Add
> a
> flag to allow this to be selected when changing the shadow stack
> status.
Is this correct? I thought Szabolcs was saying pop was always
supported, but push was optional.
More information about the linux-arm-kernel
mailing list