On Tue, Dec 05, 2023 at 12:26:57AM +0000, Edgecombe, Rick P wrote:
On Tue, 2023-11-28 at 18:22 +0000, Mark Brown wrote:
- size = adjust_shstk_size(stack_size); + size = adjust_shstk_size(size); addr = alloc_shstk(0, size, 0, false);
Hmm. I didn't test this, but in the copy_process(), copy_mm() happens before this point. So the shadow stack would get mapped in current's MM (i.e. the parent). So in the !CLONE_VM case with shadow_stack_size!=0 the SSP in the child will be updated to an area that is not mapped in the child. I think we need to pass tsk->mm into alloc_shstk(). But such an exotic clone usage does give me pause, regarding whether all of this is premature.
Hrm, right. And we then can't use do_mmap() either. I'd be somewhat tempted to disallow that specific case for now rather than deal with it though that's not really in the spirit of just always following what the user asked for.