On Wed, Jan 24, 2024 at 10:21:40PM -0800, debug@xxxxxxxxxxxx wrote: > As discussed extensively in the changelog for the addition of this > syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the > existing mmap() and madvise() syscalls do not map entirely well onto the > security requirements for guarded control stacks since they lead to > windows where memory is allocated but not yet protected or stacks which > are not properly and safely initialised. Instead a new syscall > map_shadow_stack() has been defined which allocates and initialises a > shadow stack page. While I agree that this is very well written you probably want to update the references to guarded control stacks to whatever the RISC-V term is :P > --- a/include/uapi/asm-generic/mman.h > +++ b/include/uapi/asm-generic/mman.h > @@ -19,4 +19,5 @@ > #define MCL_FUTURE 2 /* lock all future mappings */ > #define MCL_ONFAULT 4 /* lock all pages that are faulted in */ > > +#define SHADOW_STACK_SET_TOKEN (1ULL << 0) /* Set up a restore token in the shadow stack */ > #endif /* __ASM_GENERIC_MMAN_H */ For arm64 I also added a SHADOW_STACK_SET_MARKER for adding a top of stack marker, did you have any thoughts on that for RISC-V? I think x86 were considering adding it too, it'd be good if we could get things consistent.
Attachment:
signature.asc
Description: PGP signature