On Tue, Aug 20, 2024 at 11:57:23PM +0000, Edgecombe, Rick P wrote:
On Wed, 2024-08-21 at 00:34 +0100, Mark Brown wrote:
I was doing things this way for symmetry with how we specify the normal stack. That's a bit different since the kernel will actually use the size for the normal stack but it felt nicer to keep things looking consistent, it saves users wondering why they work differently. It's also a bit of a help with portability given that arm64 expects to have a top of stack marker above the token by default while x86 doesn't support that.
Hmm, so then on arm the kernel would look for the token down a frame. Hmm. I think it makes it even stranger ABI wise.
I think it's going to be strange one way or another, either you specify a size that we don't currently really use or you have two things both called stacks which are described differently. I suppose we could call a single parameter shadow_stack_pointer? Though I do note that as you indicated we've been going for some time and this is the first time it came up...
SHADOW_STACK_SET_MARKER can be optional (not on arm, but could be in the future). Then the shadow_stack_size to token offset behavior would depend on some historical originally supported combination of map_shadow_stack args.
I called it _SET_TOKEN, it's optional on arm64 - we check both potential locations for the token in clone3().
BTW, just to try to reduce potential future revisions, what do you think about the 8 byte alignment need? Did I miss the check somewhere?
I've added a check that both the base address and size are sizeof(void *) aligned.