On Wed, Jan 24, 2024 at 10:21:40PM -0800, debug@xxxxxxxxxxxx wrote:
> As discussed extensively in the changelog for the addition of this
> syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the
> existing mmap() and madvise() syscalls do not map entirely well onto the
> security requirements for guarded control stacks since they lead to
> windows where memory is allocated but not yet protected or stacks which
> are not properly and safely initialised. Instead a new syscall
> map_shadow_stack() has been defined which allocates and initialises a
> shadow stack page.
While I agree that this is very well written you probably want to update
the references to guarded control stacks to whatever the RISC-V term is :P
> --- a/include/uapi/asm-generic/mman.h
> +++ b/include/uapi/asm-generic/mman.h
> @@ -19,4 +19,5 @@
> #define MCL_FUTURE 2 /* lock all future mappings */
> #define MCL_ONFAULT 4 /* lock all pages that are faulted in */
>
> +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */
> #endif /* __ASM_GENERIC_MMAN_H */
For arm64 I also added a SHADOW_STACK_SET_MARKER for adding a top of
stack marker, did you have any thoughts on that for RISC-V? I think x86
were considering adding it too, it'd be good if we could get things
consistent.
Attachment:
signature.asc
Description: PGP signature
