Thread (92 messages) 92 messages, 7 authors, 2022-11-22

Re: [PATCH v3 36/37] x86/cet/shstk: Add ARCH_CET_UNLOCK

From: Dave Hansen <hidden>
Date: 2022-11-15 21:01:05
Also in: linux-arch, linux-doc, linux-mm, lkml 

On 11/15/22 12:57, Peter Zijlstra wrote:
On Tue, Nov 15, 2022 at 08:01:12PM +0000, Edgecombe, Rick P wrote:
quoted
quoted
quoted
+	if (task != current) {
+		if (option == ARCH_CET_UNLOCK &&
IS_ENABLED(CONFIG_CHECKPOINT_RESTORE)) {
Why make this conditional on CRIU at all?
Kees asked for it, I think he was worried about attackers using it to
unlock and disable shadow stack. So wanted to lock it down to the
maximum.
Well, distros will all have this stuff enabled no? So not much
protection in practise.
Yeah, that's true for the distros.

But, I would imagine that our more paranoid friends like the ChromeOS
folks might appreciate this.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help