From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 48F3A1E1E12; Wed, 3 Sep 2025 15:34:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756913653; cv=none; b=L3cwjztA+RR0lPErGL8MrKY/ztNvzoK4T/9dunCJPWAXkzaOr1XPOF0CHO/qsZXE1tUrjzxRwO7WrhVnRk/tLNhEtR1wDFYG705CM/V8QSOY57fWjAfGOaQmQbd6JSCZUyR6yoEVY4+pglz7mP8ezx27Zfe2abb9qNu3I0jQOog= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756913653; c=relaxed/simple; bh=SKxGYBjZVCad35Td5KYLSPQCKCGpbRI8Hm6stRtJ3V0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nN+6ShUHokfz1IVW2NVdqwCfIJ9/VtvX3a42ksLbUFr3fHW4K4IbgOj4sIAoJSH8xXbseGv1eByFl4pSUzs3rTFghvyeATm3MAYjaW4NPSSHQbrmaVmO85uJmR61hCIYPvLWthCJTrXsVC2k146TKbcPdkgRJn3RyEf/PIUViko= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2027C4CEE7; Wed, 3 Sep 2025 15:34:07 +0000 (UTC) Date: Wed, 3 Sep 2025 16:34:05 +0100 From: Catalin Marinas To: Mark Brown Cc: "Rick P. Edgecombe" , Deepak Gupta , Szabolcs Nagy , "H.J. Lu" , Florian Weimer , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Christian Brauner , Shuah Khan , linux-kernel@vger.kernel.org, Will Deacon , jannh@google.com, Andrew Morton , Yury Khrustalev , Wilco Dijkstra , linux-kselftest@vger.kernel.org, linux-api@vger.kernel.org, Kees Cook Subject: Re: [PATCH v20 4/8] fork: Add shadow stack support to clone3() Message-ID: References: <20250902-clone3-shadow-stack-v20-0-4d9fff1c53e7@kernel.org> <20250902-clone3-shadow-stack-v20-4-4d9fff1c53e7@kernel.org> <734e4c2c-a478-4019-86f7-4965c2b042e1@sirena.org.uk> Precedence: bulk X-Mailing-List: linux-api@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <734e4c2c-a478-4019-86f7-4965c2b042e1@sirena.org.uk> On Wed, Sep 03, 2025 at 11:01:05AM +0100, Mark Brown wrote: > On Tue, Sep 02, 2025 at 10:02:07PM +0100, Catalin Marinas wrote: > > On Tue, Sep 02, 2025 at 11:21:48AM +0100, Mark Brown wrote: > > > + mmap_read_lock(mm); > > > + > > > + addr = untagged_addr_remote(mm, args->shadow_stack_token); > > > + page = get_user_page_vma_remote(mm, addr, FOLL_FORCE | FOLL_WRITE, > > > + &vma); > > > However, I wonder whether it makes sense to use the remote mm access > > here at all. Does this code ever run without CLONE_VM? If not, this is > > all done within the current mm context. > > Yes, userspace can select if it wants CLONE_VM or not so we should > handle that case. We discussed this on prior versions and we felt that > while we couldn't immediately see the use case for !CLONE_VM there > wasn't a good reason to restrict the creativity of userspace developers, > and given that you can specify the regular stack in these cases it seems > logical that you'd also be able to specify the shadow stack. Yeah. Not sure it makes much sense in practice but if we allow a new stack without CLONE_VM, we should also allow a shadow stack. Thanks for the clarification. Reviewed-by: Catalin Marinas