The 03/16/2023 12:30, Deepak Gupta wrote: > On Tue, Mar 14, 2023 at 12:19 AM Mike Rapoport <rppt@xxxxxxxxxx> wrote: > > As for the userspace convenience, it is anyway required to add special > > code for creating the shadow stack and it wouldn't matter if that code > > would use mmap(NEW_FLAG) or map_shadow_stack(). > > Yes *strictly* from userspace convenience, it doesn't matter which option. everybody seems to assume that the new syscall only matters for the code allocating the shadow stack. there are tools like strace, seccomp,.. that need to learn about the new syscall and anything that's built on top of them as well as libc api interposers like address sanitizer need to learn about the related new libc apis (if there are any.. which will be another long debate on the userspace side, delaying the usability of shadow stacks even more). such tools already know about mmap and often can handle new flags without much change. i agree that too much special logic in mmap is not ideal and using an mmap flag limits future extensions of both mmap and shadow map functionality. but i disagree that a new syscall is generally easy for userspace to deal with. in this case the cost seems acceptable to me, but it's not free at all.
