* Deepak Gupta: > In case of shadow stack, it similar situation. If enabled compiler > decides to insert sspush and sspopchk. They necessarily won't be > prologue or epilogue but somewhere in function body as deemed fit by > compiler, thus increasing the complexity of runtime patching. > > More so, here are wishing for kernel to do this patching for usermode > vDSO when there is no guarantee of such of rest of usermode (which if > was compiled with shadow stack would have faulted before vDSO's > sspush/sspopchk if ran on pre-zimop hardware)
I think this capability is desirable so that you can use a distribution kernel during CFI userspace bringup. Thanks, Florian
