[PATCH v6 19/33] riscv: Implements arch agnostic shadow stack prctls
Mark Brown
broonie at kernel.org
Wed Oct 9 05:44:51 PDT 2024
On Tue, Oct 08, 2024 at 03:37:01PM -0700, Deepak Gupta wrote:
> +int arch_lock_shadow_stack_status(struct task_struct *task,
> + unsigned long arg)
> +{
> + /* If shtstk not supported or not enabled on task, nothing to lock here */
> + if (!cpu_supports_shadow_stack() ||
> + !is_shstk_enabled(task))
> + return -EINVAL;
> +
> + set_shstk_lock(task);
> +
> + return 0;
> +}
This will lock the shadow stack settings regardless of the value of arg.
On arm64 the argument is a mask of bits to block changes to. While for
RISC-V you only support enables so there's only one bit that'll actually
do anything portable code could in theory try to do something like
masking writes or pushes only and get surprised that disabling shadow
stack gets blocked. For arm64 the implementaion accepts any possible
mask value, allowing for userspace to block enabling of any future
options that get added. In theory someone might end up calling with a
value of 0 (eg, if there's a config option for the bitmask to lock and
they don't bother optimising out the syscall if the value is 0) which
would definitely break.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-riscv/attachments/20241009/d800f0ef/attachment.sig>
More information about the linux-riscv
mailing list