On Fri, Aug 16, 2024 at 12:09:01PM +0100, Catalin Marinas wrote:
On Thu, Aug 01, 2024 at 01:06:32PM +0100, Mark Brown wrote:
+* EL0 GCS entries with bit 63 set are reserved for use, one such use is defined
Maybe "reserved for specific uses". The proposed sentenced feels like it's missing something.
Actually we removed the usage of bit 63 so I'll just drop this.
+* When a new thread is created by a thread which has GCS enabled then a
- new Guarded Control Stack will be allocated for the new thread with
- half the size of the standard stack.
Is the half size still the case? It also seems a bit inconsistent to have RLIMIT_STACK when GCS is enabled and half the stack size when a new thread is created.
Yes, this predates the rebase onto clone3() - I'll update.
[...]
+* When a thread is freed the Guarded Control Stack initially allocated for
- that thread will be freed. Note carefully that if the stack has been
- switched this may not be the stack currently in use by the thread.
Is this true for shadow stacks explicitly allocated by the user with map_shadow_stack()?
It is only true for the stacks allocaeted by the kernel, if we didn't allocate a stack we don't free it.
+* The signal handler will use the same GCS as the interrupted context.
I assume this is true even with sigaltstack. Not easy to have alternative shadow stack without additional ABI.
Yes.