[RFC PATCH v1 15/28] riscv/mm: Implement map_shadow_stack() syscall

Edgecombe, Rick P rick.p.edgecombe at intel.com
Fri Feb 9 12:44:53 PST 2024


On Wed, 2024-01-24 at 22:21 -0800, debug at rivosinc.com wrote:
> From: Deepak Gupta <debug at rivosinc.com>
> 
> As discussed extensively in the changelog for the addition of this
> syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the
> existing mmap() and madvise() syscalls do not map entirely well onto
> the
> security requirements for guarded control stacks since they lead to
> windows where memory is allocated but not yet protected or stacks
> which
> are not properly and safely initialised. Instead a new syscall
> map_shadow_stack() has been defined which allocates and initialises a
> shadow stack page.
> 
> This patch implements this syscall for riscv. riscv doesn't require
> token
> to be setup by kernel because user mode can do that by itself.
> However to
> provide compatiblity and portability with other architectues, user
> mode can
> specify token set flag.

A lot of this code look very familiar. We'll have to think about at
what point we could pull some of it into the code kernel.

I think if we had an arch write_user_shstk(), most of the code could be
shared here.


More information about the linux-riscv mailing list