On Fri, Sep 26, 2025 at 03:46:26PM +0000, Edgecombe, Rick P wrote:
On Fri, 2025-09-26 at 01:44 +0100, Mark Brown wrote:
I agree it seems clearly better from a security point of view to have writable shadow stacks than none at all, I don't think there's much argument there other than the concerns about the memory consumption and performance tradeoffs.
IIRC the WRSS equivalent works the same for ARM where you need to use a special instruction, right? So we are not talking about full writable
Yes, it's GCSSTR for arm64.
shadow stacks that could get attacked from any overflow, rather, limited spots that have the WRSS (or similar) instruction. In the presence of forward edge CFI, we might be able to worry less about attackers being able to actually reach it? Still not quite as locked down as having it disabled, but maybe not such a huge gap compared to the mmap/munmap() stuff that is the alternative we are weighing.
Agreed, as I said it's a definite win still - just not quite as strong.