Re: [PATCH 0/5] mm: arch/shstk: Common shadow stack mapping helper and VM_NOHUGEPAGE

[Deepak Gupta]

+ Kito, Jesse, Valentin and Heinrich.

I had to rebuild toolchain by bumping up prctl (prctl conflict in 7.0 merge led
to landing pad prctls bumping by 1)

Jesse/Kito,

So you might want to do that as well before sending out next iteration of libc
changes.

Rest inline.

On Tue, Feb 24, 2026 at 05:57:52PM +0000, Catalin Marinas wrote:
> Hi,
>
> arm64, riscv and x86 all implement shadow stack support and use a
> similar pattern for mapping the user shadow stack (originally cloned
> from x86). Extract this common pattern into a shared helper -
> vm_mmap_shadow_stack().
>
> Patch 1 introduces vm_mmap_shadow_stack() in mm/util.c, which wraps
> do_mmap() with the flags required for a VM_SHADOW_STACK mapping. The
> helper uses PROT_READ|PROT_WRITE prot bits instead of the earlier x86
> approach of PROT_READ with an explicit VM_WRITE vm_flag. Functionally
> there is no difference. I looked up the history of this flag on the
> lists but it wasn't conclusive. My guess is that the original aim was to
> mark the vma not writable but that would confuse the kernel, so it ended
> up with the VM_WRITE flag instead.
>
> Patches 2-4 update arm64, riscv and x86 respectively to use the new
> helper, removing the duplicated mmap logic.
>
> Patch 5 forces VM_NOHUGEPAGE when allocating the shadow stack via the
> new helper, mirroring what commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK
> to VM_NOHUGEPAGE") did for normal stacks. It will save some memory,
> especially when the ulimit -s is high.
>
> Boot-tested on x86, fully tested on arm64. I do not have a compiler
> version that supports the -march=rv64ima_zicfiss_zicfilp option for
> riscv, so any help with testing is welcome.

Catalin,

FWIW, I applied your patches on v7.0-rc1 and risc-v cfi kselftest passes

# ./cfitests
TAP version 13
# Starting risc-v tests
# Landing pad and shadow stack are enabled for binary
# cfi_ptrace_test, ptrace test succeeded
# Executing RISC-V shadow stack self tests
1..5
# Exercising shadow stack fork test
# Parent pid 130 and child pid 132
# dummy calls for sspush and sspopchk in context of parent
# Spewing out shadow stack ptr: 7fff914b7fb8
  This is to ensure shadow stack is indeed enabled and working
# Waiting on child to finish
# dummy calls for sspush and sspopchk in context of child
# Spewing out shadow stack ptr: 7fff914b7fb8
  This is to ensure shadow stack is indeed enabled and working
ok 1 shstk fork test
# Exercising shadow stack map test
ok 2 map shadow stack syscall
# Exercising shadow stack gup tests
ok 3 shadow stack gup tests
# Exercising shadow stack signal test
ok 4 shadow stack signal tests
# Exercising shadow stack protection test (WPT)
ok 5 memory protections of shadow stack memory
# Totals: pass:5 fail:0 xfail:0 xpass:0 skip:0 error:0
#

So you can tag tested by for risc-v.

> Thanks.
>
> Catalin Marinas (5):
>  mm: Introduce vm_mmap_shadow_stack() as a helper for VM_SHADOW_STACK
>    mappings
>  arm64: gcs: Use the new common vm_mmap_shadow_stack() helper
>  riscv: shstk: Use the new common vm_mmap_shadow_stack() helper
>  x86: shstk: Use the new common vm_mmap_shadow_stack() helper
>  mm: Do not map the shadow stack as THP
>
> arch/arm64/mm/gcs.c         | 14 +-------------
> arch/riscv/kernel/usercfi.c | 12 +-----------
> arch/x86/kernel/shstk.c     | 12 ++----------
> include/linux/mm.h          |  4 ++++
> mm/util.c                   | 29 +++++++++++++++++++++++++++++
> 5 files changed, 37 insertions(+), 34 deletions(-)