after many years of procrastination, private (née unreadable) kstacks are about to graduate from PoC to production. not possible without some existing infrastructure we've developed for UDEREF and other features over a decade ago. payoff++ :)

Dec 29, 2021 · 8:37 PM UTC

3
8
31
Replying to @paxteam
While the first thing that comes to mind when thinking “kstack” is RANDKSTACK, the first hits on Google point to @jonoberheide’s Stackjacking (paid ads?). Curious about the new feature ;)
1
1
the goal is simple: a given cpu can access only the current kstack, #PF on everyone else's (modulo some complications when such 'foreign' kstack accesses are intended). basically this is similar to what you already have in userland between process stacks.
3
3
Replying to @paxteam
GIF
Replying to @paxteam
It seems the days of stack overflow direct control of the control flow are numbered. What's your take on Intel's shadow stacks? Corporate doesn't believe in separating stacks into data and code and in stacks growing upwards would solve anything. What's your take?