Re: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs

From: Deepak Gupta
Date: Fri Aug 15 2025 - 15:15:28 EST

Next message: Danilo Krummrich: "Re: [PATCH v2 0/2] Take ARCH_KMALLOC_MINALIGN into account for build-time XArray check"
Previous message: Waiman Long: "Re: [-next v2 4/4] cpuset: add helpers for cpus read and cpuset_mutex locks"
In reply to: Mark Brown: "Re: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs"
Next in thread: Oleg Nesterov: "Re: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 15, 2025 at 12:44:14PM +0100, Mark Brown wrote:

On Thu, Aug 14, 2025 at 10:43:45PM +0000, Edgecombe, Rick P wrote:

On Thu, 2025-08-14 at 19:33 +0100, Mark Brown wrote:

> Perhaps we should factor the logic for deciding if we need to allocate a
> userspace shadow stack out into the arch independent code and do
> something like set a flag in kernel_clone_args that the arches can
> check? I think the logic is the same for all arches at the minute and
> don't see a reason why it'd diverge.

Sounds good. Like a little start to this:
https://lore.kernel.org/lkml/20241010-shstk_converge-v1-0-631beca676e7@xxxxxxxxxxxx/

Yes, exactly.

> That'd collide a bit with my
> clone3() series, there's some overlap there with that creating another
> reason why the decision would change. Reducing the duplication would be
> nice.

Argh, I need to test the latest of that still.

Yury pointed me at some newer x86 systems I was able to get access to so
I was finally able to test that one myself before sending it out,
confirmation would be good but hopefully it's fine. I've been holding
back on sending a rebased version out since Deepak was going to help me
get set up to test it on RISC-V. Though I see now that the RISC-V code
has vanished from -next (I guess due to fallout from the issues with the
merge to Linus, it looks like there's almost nothing in the branch
currently), not sure what the plan is there?

Perhaps I should just send it out, but given the difficulty getting
anyone to pay attention I was trying to avoid issues with missing
updates for newly added RISC-V shadow stacks.

Yes I was trying to get that sorted as well. Because now I'll have to
rebase my changes to 6.17. So I wanted to make sure that it applies
cleanly. I suggest that you send it out because risc-v was left out
anyways. I'll apply your patch series on my risc-v shadow stack changes
(on top of 6.17) and will report back. It might be easier that way.

How does that sound?

Next message: Danilo Krummrich: "Re: [PATCH v2 0/2] Take ARCH_KMALLOC_MINALIGN into account for build-time XArray check"
Previous message: Waiman Long: "Re: [-next v2 4/4] cpuset: add helpers for cpus read and cpuset_mutex locks"
In reply to: Mark Brown: "Re: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs"
Next in thread: Oleg Nesterov: "Re: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]