18 Jul
2023
18 Jul
'23
7:10 p.m.
On Tue, Jul 18, 2023 at 05:47:32PM +0000, Edgecombe, Rick P wrote:
On Sun, 2023-07-16 at 22:50 +0100, Mark Brown wrote:
On arm64 the kernel can separately control if userspace is able to pop and push values directly onto the shadow stack via GCS push and pop instructions, supporting many scenarios where userspace needs to write to the stack with less security exposure than full write access. Add a flag to allow this to be selected when changing the shadow stack status.
Is this correct? I thought Szabolcs was saying pop was always supported, but push was optional.
It's not, I wrote this right after looking at hypervisor controls which do control push and pop.