On Tue, 2023-07-18 at 14:55 +0100, Mark Brown wrote:
On Tue, Jul 18, 2023 at 10:10:04AM +0100, Szabolcs Nagy wrote:
uint64_t *p = map_shadow_stack(0, N*8, 0);
i'd expect p[N-1] to be the end token and p[N-2] to be the cap token, not p[PAGE_ALIGN(N*8)/8-2].
Yes, that probably would be more helpful.
HJ made a similar request on the x86 side. He wanted an unaligned size passed in to result in unaligned token placement.
if we allow misalligned size here (and in munmap) then i think it's better to not page align. size%8!=0 || size<16 can be an error.
Honestly I'd be a lot happier to just not allow misalignment but that raises the issue with binaries randomly not working when moved to a kernel with a different page size. I'll have a think but possibly the safest thing would be requiring a multiple of 4K then rounding up to our actual page size.
Someday when the x86 side is finally upstream I have a manpage for map_shadow_stack. Any differences on the arm side would need to be documented, but I'm not sure why there should be any differences. Like, why not use the same flags? Or have a new flag for token+end marker that x86 can use as well?