On Thu, Aug 29, 2024 at 12:27:37AM +0100, Mark Brown wrote:
When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack.
Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications.
GCSs allocated via this mechanism will be freed when the thread exits.
Reviewed-by: Catalin Marinas catalin.marinas@arm.com Reviewed-by: Thiago Jung Bauermann thiago.bauermann@linaro.org Signed-off-by: Mark Brown broonie@kernel.org
Acked-by: Yury Khrustalev yury.khrustalev@arm.com