On Tue, Dec 12, 2023 at 11:17:11AM -0800, Deepak Gupta wrote:
On Wed, Nov 22, 2023 at 1:43 AM Mark Brown broonie@kernel.org wrote:
+/*
- Set the current shadow stack configuration. Enabling the shadow
- stack will cause a shadow stack to be allocated for the thread.
- */
+#define PR_SET_SHADOW_STACK_STATUS 72 +# define PR_SHADOW_STACK_ENABLE (1UL << 0)
Other architecture may require disabling shadow stack if glibc tunables is set to permissive mode. In permissive mode, if glibc encounters `dlopen` on an object which doesn't support shadow stack, glibc should be able to issue PR_SHADOW_STACK_DISABLE.
Architectures can choose to implement or not but I think arch agnostic code should enumerate this.
The current implementation for arm64 and therefore API for the prctl() is that whatever combination of flags is specified will be set, this means that setting the status to something that does not include _ENABLE will result in disabling and we don't need a separate flag for disable. We have use cases that make active use of disabling at runtime.
Please delete unneeded context from replies, it makes it much easier to find new content.