On Fri, Aug 16, 2024 at 02:52:28PM +0000, Edgecombe, Rick P wrote:
On Fri, 2024-08-16 at 09:44 +0100, Catalin Marinas wrote:
BTW, since it's the parent setting up the shadow stack in its own address space before forking, I think at least the read can avoid access_remote_vm() and we could do it earlier, even before the new process is created.
Hmm. Makes sense. It's a bit racy since the parent could consume that token from another thread, but it would be a race in any case.
So it sounds like we might be coming round to this? I've got a new version that verifies the VM_SHADOW_STACK good to go but if we're going to switch back to consuming the token in the parent context I may as well do that. Like I said in the other mail I'd rather not flip flop on this.