On Tue, 2025-08-19 at 17:21 +0100, Mark Brown wrote:
> +int arch_shstk_validate_clone(struct task_struct *t,
> + struct vm_area_struct *vma,
> + struct page *page,
> + struct kernel_clone_args *args)
> +{
> + /*
> + * SSP is aligned, so reserved bits and mode bit are a zero, just mark
> + * the token 64-bit.
> + */
What is this comment doing here? It doesn't make sense. It looks copied from
create_rstor_token()?
> + void *maddr = page_address(page);
> + unsigned long token;
> + int offset;
> + u64 expected;
> +
> + token = args->shadow_stack_token;
> + expected = (token + SS_FRAME_SIZE) | BIT(0);
Instead of the above comment, I think the important thing to say is that args-
>shadow_stack_token is 8 byte aligned, so offset can't overflow out of the page.
Maybe?
/* kernel_clone_args verification assures token address is 8 byte aligned */
> + offset = offset_in_page(token);
> +
> + if (!cmpxchg_to_user_page(vma, page, token, (unsigned long *)(maddr + offset),
> + expected, 0))
> + return -EINVAL;
> + set_page_dirty_lock(page);
> +
> + return 0;
> +}
> +
With those changes, for the series:
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
