On Fri, Sep 26, 2025 at 03:46:26PM +0000, Edgecombe, Rick P wrote: > On Fri, 2025-09-26 at 01:44 +0100, Mark Brown wrote:
> > I agree it seems clearly better from a security point of view to have > > writable shadow stacks than none at all, I don't think there's much > > argument there other than the concerns about the memory consumption > > and performance tradeoffs. > IIRC the WRSS equivalent works the same for ARM where you need to use a > special instruction, right? So we are not talking about full writable Yes, it's GCSSTR for arm64. > shadow stacks that could get attacked from any overflow, rather, > limited spots that have the WRSS (or similar) instruction. In the > presence of forward edge CFI, we might be able to worry less about > attackers being able to actually reach it? Still not quite as locked > down as having it disabled, but maybe not such a huge gap compared to > the mmap/munmap() stuff that is the alternative we are weighing. Agreed, as I said it's a definite win still - just not quite as strong.
signature.asc
Description: PGP signature
