[PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
@ 2026-01-30  9:43 Breno Leitao
  2026-02-02 13:11 ` Mark Brown
  2026-02-02 14:44 ` Will Deacon
  0 siblings, 2 replies; 4+ messages in thread
From: Breno Leitao @ 2026-01-30  9:43 UTC (permalink / raw)
  To: Catalin Marinas, Will Deacon, Thiago Jung Bauermann, Mark Brown
  Cc: linux-arm-kernel, linux-kernel, Breno Leitao

alloc_gcs() returns an error-encoded pointer on failure, which comes
from do_mmap(), not NULL.

The current NULL check fails to detect errors, which could lead to using
an invalid GCS address.

Use IS_ERR_VALUE() to properly detect errors, consistent with the
check in gcs_alloc_thread_stack().

Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
Signed-off-by: Breno Leitao <leitao@debian.org>
---
PS: This was compiled-tested only, given I unfortunately don't have
a hardware to test on _yet_.
---
 arch/arm64/mm/gcs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
index 6e93f78de79b1..efce7642b1d7b 100644
--- a/arch/arm64/mm/gcs.c
+++ b/arch/arm64/mm/gcs.c
@@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
 
 		size = gcs_size(0);
 		gcs = alloc_gcs(0, size);
-		if (!gcs)
-			return -ENOMEM;
+		if (IS_ERR_VALUE(gcs))
+			return PTR_ERR((void *)gcs);
 
 		task->thread.gcspr_el0 = gcs + size - sizeof(u64);
 		task->thread.gcs_base = gcs;

---
base-commit: 8dfce8991b95d8625d0a1d2896e42f93b9d7f68d
change-id: 20260129-arm64_cgs-496817025d1e

Best regards,
--  
Breno Leitao <leitao@debian.org>


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
  2026-01-30  9:43 [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status() Breno Leitao
@ 2026-02-02 13:11 ` Mark Brown
  2026-02-02 14:44 ` Will Deacon
  1 sibling, 0 replies; 4+ messages in thread
From: Mark Brown @ 2026-02-02 13:11 UTC (permalink / raw)
  To: Breno Leitao
  Cc: Catalin Marinas, Will Deacon, Thiago Jung Bauermann,
	linux-arm-kernel, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 493 bytes --]

On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> alloc_gcs() returns an error-encoded pointer on failure, which comes
> from do_mmap(), not NULL.

Good spot, thanks:

Reviewed-by: Mark Brown <broonie@kernel.org>

> PS: This was compiled-tested only, given I unfortunately don't have
> a hardware to test on _yet_.

You can run with the Arm software models, shrinkwrap provides a
convenient way to do that:

  https://shrinkwrap.docs.arm.com/en/latest/

or the very latest qemu.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 484 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
  2026-01-30  9:43 [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status() Breno Leitao
  2026-02-02 13:11 ` Mark Brown
@ 2026-02-02 14:44 ` Will Deacon
  2026-02-02 15:10   ` Breno Leitao
  1 sibling, 1 reply; 4+ messages in thread
From: Will Deacon @ 2026-02-02 14:44 UTC (permalink / raw)
  To: Breno Leitao
  Cc: Catalin Marinas, Thiago Jung Bauermann, Mark Brown,
	linux-arm-kernel, linux-kernel

On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> alloc_gcs() returns an error-encoded pointer on failure, which comes
> from do_mmap(), not NULL.
> 
> The current NULL check fails to detect errors, which could lead to using
> an invalid GCS address.
> 
> Use IS_ERR_VALUE() to properly detect errors, consistent with the
> check in gcs_alloc_thread_stack().
> 
> Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> PS: This was compiled-tested only, given I unfortunately don't have
> a hardware to test on _yet_.
> ---
>  arch/arm64/mm/gcs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> index 6e93f78de79b1..efce7642b1d7b 100644
> --- a/arch/arm64/mm/gcs.c
> +++ b/arch/arm64/mm/gcs.c
> @@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
>  
>  		size = gcs_size(0);
>  		gcs = alloc_gcs(0, size);
> -		if (!gcs)
> -			return -ENOMEM;
> +		if (IS_ERR_VALUE(gcs))
> +			return PTR_ERR((void *)gcs);

Why do you need to go via PTR_ERR() here? 'gcs' is an 'unsigned long' so
can't we just return that directly?

Will

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
  2026-02-02 14:44 ` Will Deacon
@ 2026-02-02 15:10   ` Breno Leitao
  0 siblings, 0 replies; 4+ messages in thread
From: Breno Leitao @ 2026-02-02 15:10 UTC (permalink / raw)
  To: Will Deacon
  Cc: Catalin Marinas, Thiago Jung Bauermann, Mark Brown,
	linux-arm-kernel, linux-kernel

On Mon, Feb 02, 2026 at 02:44:43PM +0000, Will Deacon wrote:
> On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> > alloc_gcs() returns an error-encoded pointer on failure, which comes
> > from do_mmap(), not NULL.
> > 
> > The current NULL check fails to detect errors, which could lead to using
> > an invalid GCS address.
> > 
> > Use IS_ERR_VALUE() to properly detect errors, consistent with the
> > check in gcs_alloc_thread_stack().
> > 
> > Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
> > Signed-off-by: Breno Leitao <leitao@debian.org>
> > ---
> > PS: This was compiled-tested only, given I unfortunately don't have
> > a hardware to test on _yet_.
> > ---
> >  arch/arm64/mm/gcs.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> > index 6e93f78de79b1..efce7642b1d7b 100644
> > --- a/arch/arm64/mm/gcs.c
> > +++ b/arch/arm64/mm/gcs.c
> > @@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
> >  
> >  		size = gcs_size(0);
> >  		gcs = alloc_gcs(0, size);
> > -		if (!gcs)
> > -			return -ENOMEM;
> > +		if (IS_ERR_VALUE(gcs))
> > +			return PTR_ERR((void *)gcs);
> 
> Why do you need to go via PTR_ERR() here? 'gcs' is an 'unsigned long' so
> can't we just return that directly?

yea, PTR_ERR() is not helping here. We can definitely return gcs
directly.

I will update it,
--breno

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-02-02 15:10 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-30  9:43 [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status() Breno Leitao
2026-02-02 13:11 ` Mark Brown
2026-02-02 14:44 ` Will Deacon
2026-02-02 15:10   ` Breno Leitao

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox