git.ipfire.org Git - thirdparty/linux.git/commit

author	Deepak Gupta <debug@rivosinc.com>
	Mon, 26 Jan 2026 04:09:54 +0000 (21:09 -0700)
committer	Paul Walmsley <pjw@kernel.org>
	Thu, 29 Jan 2026 09:34:21 +0000 (02:34 -0700)
commit	fd44a4a8551698757d0e7eeaa964735b471f7407
tree	912d2e92f09ec5608c85d0040237b509d2e51eeb	tree
parent	c70772afd5cc93c28f83b53d33ce9fbcd8d015da	commit \| diff

riscv/shstk: If needed allocate a new shadow stack on clone

Userspace specifies CLONE_VM to share address space and spawn new
thread. 'clone' allows userspace to specify a new stack for a new
thread. However there is no way to specify a new shadow stack base
address without changing the API. This patch allocates a new shadow
stack whenever CLONE_VM is given.

In case of CLONE_VFORK, the parent is suspended until the child
finishes; thus the child can use the parent's shadow stack. In case of
!CLONE_VM, COW kicks in because entire address space is copied from
parent to child.

'clone3' is extensible and can provide mechanisms for specifying the
shadow stack as an input parameter. This is not settled yet and is
being extensively discussed on the mailing list. Once that's settled,
this code should be adapted.

Reviewed-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Deepak Gupta <debug@rivosinc.com>
Tested-by: Andreas Korb <andreas.korb@aisec.fraunhofer.de> # QEMU, custom CVA6
Tested-by: Valentin Haudiquet <valentin.haudiquet@canonical.com>
Link: https://patch.msgid.link/20251112-v5_user_cfi_series-v23-11-b55691eacf4f@rivosinc.com
[pjw@kernel.org: cleaned up patch description]
Signed-off-by: Paul Walmsley <pjw@kernel.org>

arch/riscv/include/asm/mmu_context.h		diff \| blob \| blame \| history
arch/riscv/include/asm/usercfi.h		diff \| blob \| blame \| history
arch/riscv/kernel/process.c		diff \| blob \| blame \| history
arch/riscv/kernel/usercfi.c		diff \| blob \| blame \| history