On Fri, Aug 16, 2024 at 09:44:46AM +0100, Catalin Marinas wrote:
We could, in theory, consume this token in the parent before the child mm is created. The downside is that if a parent forks multiple processes using the same shadow stack, it will have to set the token each time. I'd be fine with this, that's really only for the mostly theoretical case where one doesn't use CLONE_VM and still want a separate stack and shadow stack.
I originally implemented things that way but people did complain about the !CLONE_VM case, which does TBH seem reasonable. Note that the parent won't as standard be able to set the token again - since the shadow stack is not writable to userspace by default it'd instead need to allocate a whole new shadow stack for each child.
I change back to parsing the token in the parent but I don't want to end up in a cycle of bouncing between the two implementations depending on who's reviewed the most recent version.