From: Oleg Nesterov <oleg@redhat.com>
To: Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@kernel.org>,
Jens Axboe <axboe@kernel.dk>,
Peter Zijlstra <peterz@infradead.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Sohil Mehta <sohil.mehta@intel.com>,
Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org
Subject: [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs
Date: Thu, 14 Aug 2025 12:14:35 +0200 [thread overview]
Message-ID: <20250814101435.GA17362@redhat.com> (raw)
In-Reply-To: <20250814101340.GA17288@redhat.com>
If a features_enabled(ARCH_SHSTK_SHSTK) userspace thread creates a
PF_USER_WORKER thread, shstk_alloc_thread_stack() allocates the shadow
stack for no reason, the new (kernel) thread will never return to usermode.
Plus the current code doesn't even look correct, in this case fpu_clone()
won't call update_fpu_shstk().
Add the new "bool minimal = !!args->fn" argument (which matches that of
fpu_clone()) to shstk_alloc_thread_stack() and change it to do
reset_thread_features(tsk) if "minimal" is true.
With this patch ssp_get() -> ssp_active(target) should never return true
if target->flags & PF_USER_WORKER.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
---
arch/x86/include/asm/shstk.h | 4 ++--
arch/x86/kernel/process.c | 2 +-
arch/x86/kernel/shstk.c | 11 ++++++++++-
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/arch/x86/include/asm/shstk.h b/arch/x86/include/asm/shstk.h
index 92d449cc352a..dfb2aeebc25f 100644
--- a/arch/x86/include/asm/shstk.h
+++ b/arch/x86/include/asm/shstk.h
@@ -17,7 +17,7 @@ struct thread_shstk {
long shstk_prctl(struct task_struct *task, int option, unsigned long arg2);
void reset_thread_features(struct task_struct *task);
unsigned long shstk_alloc_thread_stack(struct task_struct *p, unsigned long clone_flags,
- unsigned long stack_size);
+ bool minimal, unsigned long stack_size);
void shstk_free(struct task_struct *p);
int setup_signal_shadow_stack(struct ksignal *ksig);
int restore_signal_shadow_stack(void);
@@ -28,7 +28,7 @@ static inline long shstk_prctl(struct task_struct *task, int option,
unsigned long arg2) { return -EINVAL; }
static inline void reset_thread_features(struct task_struct *task) {}
static inline unsigned long shstk_alloc_thread_stack(struct task_struct *p,
- unsigned long clone_flags,
+ unsigned long clone_flags, bool minimal,
unsigned long stack_size) { return 0; }
static inline void shstk_free(struct task_struct *p) {}
static inline int setup_signal_shadow_stack(struct ksignal *ksig) { return 0; }
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 1b7960cf6eb0..e932e0e53972 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -209,7 +209,7 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args)
* is disabled, new_ssp will remain 0, and fpu_clone() will know not to
* update it.
*/
- new_ssp = shstk_alloc_thread_stack(p, clone_flags, args->stack_size);
+ new_ssp = shstk_alloc_thread_stack(p, clone_flags, args->fn, args->stack_size);
if (IS_ERR_VALUE(new_ssp))
return PTR_ERR((void *)new_ssp);
diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c
index e6d3b1371b11..3da22c6f5874 100644
--- a/arch/x86/kernel/shstk.c
+++ b/arch/x86/kernel/shstk.c
@@ -192,11 +192,20 @@ void reset_thread_features(struct task_struct *tsk)
}
unsigned long shstk_alloc_thread_stack(struct task_struct *tsk, unsigned long clone_flags,
- unsigned long stack_size)
+ bool minimal, unsigned long stack_size)
{
struct thread_shstk *shstk = &tsk->thread.shstk;
unsigned long addr, size;
+ /*
+ * Kernel threads cloned from userspace thread never return to
+ * usermode.
+ */
+ if (minimal) {
+ reset_thread_features(tsk);
+ return 0;
+ }
+
/*
* If shadow stack is not enabled on the new thread, skip any
* switch to a new shadow stack.
--
2.25.1.362.g51ebf55
next prev parent reply other threads:[~2025-08-14 10:16 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-14 10:13 [PATCH 0/6] x86/fpu: don't abuse x86_task_fpu(PF_USER_WORKER) in .regset_get() paths Oleg Nesterov
2025-08-14 10:14 ` [PATCH 1/6] x86/fpu: change copy_xstate_to_uabi_buf() to accept fpstate + pkru instead of task_struct Oleg Nesterov
2025-08-14 16:46 ` Edgecombe, Rick P
2025-08-15 12:22 ` Oleg Nesterov
2025-08-14 10:14 ` [PATCH 2/6] x86/fpu: regset: introduce get_fpstate() helper Oleg Nesterov
2025-08-14 10:14 ` [PATCH 3/6] x86/fpu: fold sync_fpstate() into get_fpstate() Oleg Nesterov
2025-08-14 10:14 ` [PATCH 4/6] x86/shstk: add "task_struct *tsk" argument to reset_thread_features() Oleg Nesterov
2025-08-14 10:14 ` Oleg Nesterov [this message]
2025-08-14 17:03 ` [PATCH 5/6] x86/shstk: don't create the shadow stack for PF_USER_WORKERs Edgecombe, Rick P
2025-08-14 18:33 ` Mark Brown
2025-08-14 22:43 ` Edgecombe, Rick P
2025-08-15 11:44 ` Mark Brown
2025-08-15 19:11 ` Deepak Gupta
2025-08-18 17:27 ` Mark Brown
2025-08-19 17:41 ` Deepak Gupta
2025-08-15 13:01 ` Oleg Nesterov
2025-08-15 13:08 ` Oleg Nesterov
2025-08-15 15:28 ` Mark Brown
2025-08-15 15:43 ` Oleg Nesterov
2025-08-15 15:48 ` Mark Brown
2025-08-15 16:00 ` Oleg Nesterov
2025-08-15 17:08 ` Mark Brown
2025-08-15 12:17 ` Oleg Nesterov
2025-08-15 16:19 ` Edgecombe, Rick P
2025-08-15 16:54 ` Oleg Nesterov
2025-08-15 17:46 ` Edgecombe, Rick P
2025-08-15 19:13 ` Oleg Nesterov
2025-08-14 10:14 ` [PATCH 6/6] x86/fpu: change get_fpstate() to return &init_fpstate if PF_USER_WORKER Oleg Nesterov
2025-08-15 15:52 ` [PATCH 0/6] x86/fpu: don't abuse x86_task_fpu(PF_USER_WORKER) in .regset_get() paths Oleg Nesterov
2025-08-15 15:59 ` Dave Hansen
2025-08-15 16:02 ` Oleg Nesterov
2025-08-15 16:32 ` Sohil Mehta
2025-08-15 19:33 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250814101435.GA17362@redhat.com \
--to=oleg@redhat.com \
--cc=axboe@kernel.dk \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=sohil.mehta@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).