git.ipfire.org Git - thirdparty/linux.git/commit

author	Deepak Gupta <debug@rivosinc.com>
	Mon, 26 Jan 2026 04:09:54 +0000 (21:09 -0700)
committer	Paul Walmsley <pjw@kernel.org>
	Thu, 29 Jan 2026 09:15:20 +0000 (02:15 -0700)
commit	c70772afd5cc93c28f83b53d33ce9fbcd8d015da
tree	d59021653d703d29a20e45414f88a4a87dc74c25	tree
parent	540de7ade1e1327119e367ec5f662a627b3fe9f9	commit \| diff

riscv/mm: Implement map_shadow_stack() syscall

As discussed extensively in the changelog for the addition of this
syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the
existing mmap() and madvise() syscalls do not map entirely well onto the
security requirements for shadow stack memory since they lead to windows
where memory is allocated but not yet protected or stacks which are not
properly and safely initialised. Instead a new syscall map_shadow_stack()
has been defined which allocates and initialises a shadow stack page.

This patch implements this syscall for riscv. riscv doesn't require
tokens to be setup by kernel because user mode can do that by
itself. However to provide compatibility and portability with other
architectues, user mode can specify token set flag.

Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-10-b55691eacf4f@rivosinc.com
Link: https://lore.kernel.org/linux-riscv/aXfRPJvoSsOW8AwM@debug.ba.rivosinc.com/
[pjw@kernel.org: added allocate_shadow_stack() fix per Deepak; fixed bug found by sparse]
Signed-off-by: Paul Walmsley <pjw@kernel.org>

arch/riscv/kernel/Makefile		diff \| blob \| blame \| history
arch/riscv/kernel/usercfi.c	[new file with mode: 0644]	blob