[PATCH v22 17/28] riscv/signal: save and restore of shadow stack for signal
Paul Walmsley
pjw at kernel.org
Fri Oct 31 13:07:32 PDT 2025
On Thu, 23 Oct 2025, Deepak Gupta via B4 Relay wrote:
> From: Deepak Gupta <debug at rivosinc.com>
>
> Save shadow stack pointer in sigcontext structure while delivering signal.
> Restore shadow stack pointer from sigcontext on sigreturn.
>
> As part of save operation, kernel uses `ssamoswap` to save snapshot of
> current shadow stack on shadow stack itself (can be called as a save
> token). During restore on sigreturn, kernel retrieves token from top of
> shadow stack and validates it. This allows that user mode can't arbitrary
> pivot to any shadow stack address without having a token and thus provide
> strong security assurance between signaly delivery and sigreturn window.
>
> Use ABI compatible way of saving/restoring shadow stack pointer into
> signal stack. This follows what Vector extension, where extra registers
> are placed in a form of extension header + extension body in the stack.
> The extension header indicates the size of the extra architectural
> states plus the size of header itself, and a magic identifier of the
> extension. Then, the extensions body contains the new architectural
> states in the form defined by uapi.
>
> Signed-off-by: Andy Chiu <andy.chiu at sifive.com>
> Signed-off-by: Deepak Gupta <debug at rivosinc.com>
This patch causes some 'checkpatch.pl --strict' messages:
CHECK: Comparison to NULL could be written "!saved_shstk_ptr"
#271: FILE: arch/riscv/kernel/usercfi.c:186:
+ if (saved_shstk_ptr == NULL)
CHECK: Lines should not end with a '('
#300: FILE: arch/riscv/kernel/usercfi.c:215:
+ pr_info_ratelimited(
I've fixed them up here in the event that v22 goes in, but please do the
same on your side in case a new version is needed.
- Paul
More information about the linux-riscv
mailing list