git.ipfire.org Git - thirdparty/linux.git/commit

author	Deepak Gupta <debug@rivosinc.com>
	Mon, 26 Jan 2026 04:09:54 +0000 (21:09 -0700)
committer	Paul Walmsley <pjw@kernel.org>
	Mon, 26 Jan 2026 04:09:54 +0000 (21:09 -0700)
commit	540de7ade1e1327119e367ec5f662a627b3fe9f9
tree	2cb0e7b26c1cae5481bbd600f5172663a4ff48db	tree
parent	c68c2ef9d64169317a6e0e6f0506953637760409	commit \| diff

riscv/mm: update write protect to work on shadow stacks

'fork' implements copy-on-write (COW) by making pages readonly in both
child and parent.

ptep_set_wrprotect() and pte_wrprotect() clear _PAGE_WRITE in PTE.
The assumption is that the page is readable and, on a fault,
copy-on-write happens.

To implement COW on shadow stack pages, clearing the W bit makes them
XWR = 000. This will result in the wrong PTE setting, which allows no
permissions, but with V=1 and the PFN field pointing to the final
page. Instead, the desired behavior is to turn it into a readable
page, take an access (load/store) fault on sspush/sspop (shadow stack)
and then perform COW on such pages. This way regular reads would still
be allowed and not lead to COW maintaining current behavior of COW on
non-shadow stack but writeable memory.

On the other hand, this doesn't interfere with existing COW for
read-write memory. The assumption is always that _PAGE_READ must have
been set, and thus, setting _PAGE_READ is harmless.

Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Reviewed-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> # QEMU, custom CVA6
Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-9-b55691eacf4f@rivosinc.com
[pjw@kernel.org: clarify patch description]
Signed-off-by: Paul Walmsley <pjw@kernel.org>