git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Mark Brown <broonie@kernel.org>
	Tue, 1 Oct 2024 22:59:01 +0000 (23:59 +0100)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Fri, 4 Oct 2024 11:04:39 +0000 (12:04 +0100)
commit	506496bcbb4204c9ff5cfe82b1b90e1f14366992
tree	3569b7e312107aa691bb2e4457574cd698bb3694	tree
parent	fc84bc5378a8c852308fa022957b8976adb5aa6a	commit \| diff

arm64/gcs: Ensure that new threads have a GCS

When a new thread is created by a thread with GCS enabled the GCS needs
to be specified along with the regular stack.

Unfortunately plain clone() is not extensible and existing clone3()
users will not specify a stack so all existing code would be broken if
we mandated specifying the stack explicitly. For compatibility with
these cases and also x86 (which did not initially implement clone3()
support for shadow stacks) if no GCS is specified we will allocate one
so when a thread is created which has GCS enabled allocate one for it.
We follow the extensively discussed x86 implementation and allocate
min(RLIMIT_STACK/2, 2G). Since the GCS only stores the call stack and not
any variables this should be more than sufficient for most applications.

GCSs allocated via this mechanism will be freed when the thread exits.

Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Acked-by: Yury Khrustalev <yury.khrustalev@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241001-arm64-gcs-v13-22-222b78d87eee@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/include/asm/gcs.h		diff \| blob \| blame \| history
arch/arm64/include/asm/mmu_context.h		diff \| blob \| blame \| history
arch/arm64/kernel/process.c		diff \| blob \| blame \| history
arch/arm64/mm/gcs.c		diff \| blob \| blame \| history