On Fri, 2025-09-26 at 16:07 +0100, Yury Khrustalev wrote: > > I think we should see a fuller solution from the glibc side before > > adding new > > kernel features like this. (apologies if I missed it). > > What do you mean by "a fuller solution from the glibc side"? A > solution > for re-using shadow stacks?
I mean some code or a fuller explained solution that uses this new kernel functionality. I think the scheme that Florian suggested in the thread linked above (longjmp() to the start of the stack) will have trouble if the thread pivots to a new shadow stack before exiting (e.g. ucontext). > Right now Glibc cannot do anything about > shadow stacks for new threads because clone3 interface doesn't allow > it. If you enable WRSS (or the arm equivalent) you can re-use shadow stacks today by writing a token.
