On Tue, Apr 28, 2020 at 9:33 AM Andy Lutomirski <l...@amacapital.net> wrote: > > > > > > On Apr 28, 2020, at 9:14 AM, Peter Zijlstra <pet...@infradead.org> wrote: > > > > On Tue, Apr 28, 2020 at 02:41:33PM +0100, Andrew Cooper wrote: > >> Its fine to focus on userspace first, but the kernel is far more simple. > >> > >> Looking at that presentation, the only thing missing for kernel is the > >> notrack thunks, in the unlikely case that such code would be tolerated > >> (Frankly, I don't expect Xen or Linux to run with notrack enabled, as > >> there is no legacy code to be concerned with). > > > > Uhhh.. ftrace and kretprobes play dodgy games with the > > return stack, doesn't that make the CET thing slightly more interesting? > > It’s definitely interesting. But there isn’t legacy code involved — we can > recompile and fix the world :)
All codes which manually change return address on stack must be updated to also adjust shadow stack. -- H.J.
