On Wed, 2024-01-24 at 22:21 -0800, debug@rivosinc.com wrote:
From: Deepak Gupta debug@rivosinc.com
As discussed extensively in the changelog for the addition of this syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the existing mmap() and madvise() syscalls do not map entirely well onto the security requirements for guarded control stacks since they lead to windows where memory is allocated but not yet protected or stacks which are not properly and safely initialised. Instead a new syscall map_shadow_stack() has been defined which allocates and initialises a shadow stack page.
This patch implements this syscall for riscv. riscv doesn't require token to be setup by kernel because user mode can do that by itself. However to provide compatiblity and portability with other architectues, user mode can specify token set flag.
A lot of this code look very familiar. We'll have to think about at what point we could pull some of it into the code kernel.
I think if we had an arch write_user_shstk(), most of the code could be shared here.