Skip to content

[PW_SID:1057353] mm: arch/shstk: Common shadow stack mapping helper and VM_NOHUGEPAGE #1493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
linux-riscv-bot wants to merge 5 commits into
base: workflow__riscv__fixes
Choose a base branch
from
+37 −34
Open

[PW_SID:1057353] mm: arch/shstk: Common shadow stack mapping helper and VM_NOHUGEPAGE #1493

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
46004dd
mm: Introduce vm_mmap_shadow_stack() as a helper for VM_SHADOW_STACK …
ctmarinas Feb 24, 2026
4870265
arm64: gcs: Use the new common vm_mmap_shadow_stack() helper
ctmarinas Feb 24, 2026
0b287ef
riscv: shstk: Use the new common vm_mmap_shadow_stack() helper
ctmarinas Feb 24, 2026
bf1e727
x86: shstk: Use the new common vm_mmap_shadow_stack() helper
ctmarinas Feb 24, 2026
01b969c
mm: Do not map the shadow stack as THP
ctmarinas Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 1 addition & 13 deletions arch/arm64/mm/gcs.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,7 @@

static unsigned long alloc_gcs(unsigned long addr, unsigned long size)
{
int flags = MAP_ANONYMOUS | MAP_PRIVATE;
struct mm_struct *mm = current->mm;
unsigned long mapped_addr, unused;

if (addr)
flags |= MAP_FIXED_NOREPLACE;

mmap_write_lock(mm);
mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags,
VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL);
mmap_write_unlock(mm);

return mapped_addr;
return vm_mmap_shadow_stack(addr, size, 0);
}

static unsigned long gcs_size(unsigned long size)
Expand Down
12 changes: 1 addition & 11 deletions arch/riscv/kernel/usercfi.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,17 +230,7 @@ int restore_user_shstk(struct task_struct *tsk, unsigned long shstk_ptr)
static unsigned long allocate_shadow_stack(unsigned long addr, unsigned long size,
unsigned long token_offset, bool set_tok)
{
int flags = MAP_ANONYMOUS | MAP_PRIVATE;
struct mm_struct *mm = current->mm;
unsigned long populate;

if (addr)
flags |= MAP_FIXED_NOREPLACE;

mmap_write_lock(mm);
addr = do_mmap(NULL, addr, size, PROT_READ, flags,
VM_SHADOW_STACK | VM_WRITE, 0, &populate, NULL);
mmap_write_unlock(mm);
addr = vm_mmap_shadow_stack(addr, size, 0);

if (!set_tok || IS_ERR_VALUE(addr))
goto out;
Expand Down
12 changes: 2 additions & 10 deletions arch/x86/kernel/shstk.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,17 +100,9 @@ static int create_rstor_token(unsigned long ssp, unsigned long *token_addr)
static unsigned long alloc_shstk(unsigned long addr, unsigned long size,
unsigned long token_offset, bool set_res_tok)
{
int flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_ABOVE4G;
struct mm_struct *mm = current->mm;
unsigned long mapped_addr, unused;
unsigned long mapped_addr;

if (addr)
flags |= MAP_FIXED_NOREPLACE;

mmap_write_lock(mm);
mapped_addr = do_mmap(NULL, addr, size, PROT_READ, flags,
VM_SHADOW_STACK | VM_WRITE, 0, &unused, NULL);
mmap_write_unlock(mm);
mapped_addr = vm_mmap_shadow_stack(addr, size, MAP_ABOVE4G);

if (!set_res_tok || IS_ERR_VALUE(mapped_addr))
goto out;
Expand Down
4 changes: 4 additions & 0 deletions include/linux/mm.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3698,6 +3698,10 @@ extern int vm_munmap(unsigned long, size_t);
extern unsigned long __must_check vm_mmap(struct file *, unsigned long,
unsigned long, unsigned long,
unsigned long, unsigned long);
#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK
extern unsigned long __must_check vm_mmap_shadow_stack(unsigned long addr,
unsigned long len, unsigned long flags);
#endif

struct vm_unmapped_area_info {
#define VM_UNMAPPED_AREA_TOPDOWN 1
Expand Down
29 changes: 29 additions & 0 deletions mm/util.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -618,6 +618,35 @@ unsigned long vm_mmap(struct file *file, unsigned long addr,
}
EXPORT_SYMBOL(vm_mmap);

#ifdef CONFIG_ARCH_HAS_USER_SHADOW_STACK
/*
* Perform a userland memory mapping for a shadow stack into the current
* process address space. This is intended to be used by architectures that
* support user shadow stacks.
*/
unsigned long vm_mmap_shadow_stack(unsigned long addr, unsigned long len,
unsigned long flags)
{
struct mm_struct *mm = current->mm;
unsigned long ret, unused;
vm_flags_t vm_flags = VM_SHADOW_STACK;

flags |= MAP_ANONYMOUS | MAP_PRIVATE;
if (addr)
flags |= MAP_FIXED_NOREPLACE;

if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE))
vm_flags |= VM_NOHUGEPAGE;

mmap_write_lock(mm);
ret = do_mmap(NULL, addr, len, PROT_READ | PROT_WRITE, flags,
vm_flags, 0, &unused, NULL);
mmap_write_unlock(mm);

return ret;
}
#endif /* CONFIG_ARCH_HAS_USER_SHADOW_STACK */

/**
* __vmalloc_array - allocate memory for a virtually contiguous array.
* @n: number of elements.
Expand Down
Loading