On Fri, Aug 16, 2024 at 09:44:46AM +0100, Catalin Marinas wrote: > We could, in theory, consume this token in the parent before the child > mm is created. The downside is that if a parent forks multiple > processes using the same shadow stack, it will have to set the token > each time. I'd be fine with this, that's really only for the mostly > theoretical case where one doesn't use CLONE_VM and still want a > separate stack and shadow stack. I originally implemented things that way but people did complain about the !CLONE_VM case, which does TBH seem reasonable. Note that the parent won't as standard be able to set the token again - since the shadow stack is not writable to userspace by default it'd instead need to allocate a whole new shadow stack for each child. I change back to parsing the token in the parent but I don't want to end up in a cycle of bouncing between the two implementations depending on who's reviewed the most recent version.
Attachment:
signature.asc
Description: PGP signature
