[PATCH 02/35] prctl: Add flag for shadow stack writeability and push/pop

From: Mark Brown
Date: Sun Jul 16 2023 - 17:53:18 EST


On arm64 and x86 the kernel can control if there is write access to the
shadow stack via specific instructions defined for the purpose, useful
for things like userspace threading at the expense of some security.
Add a flag to allow this to be selected when changing the shadow stack
status.

On arm64 the kernel can separately control if userspace is able to pop
and push values directly onto the shadow stack via GCS push and pop
instructions, supporting many scenarios where userspace needs to write
to the stack with less security exposure than full write access. Add a
flag to allow this to be selected when changing the shadow stack status.

Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
---
include/uapi/linux/prctl.h | 2 ++
1 file changed, 2 insertions(+)

diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h
index 9fdc77fa2bfe..e88d2ddcdb2d 100644
--- a/include/uapi/linux/prctl.h
+++ b/include/uapi/linux/prctl.h
@@ -321,5 +321,7 @@ struct prctl_mm_map {
#define PR_SET_SHADOW_STACK_STATUS 72
# define PR_SHADOW_STACK_LOCK (1UL << 0)
# define PR_SHADOW_STACK_ENABLE (1UL << 1)
+# define PR_SHADOW_STACK_WRITE (1UL << 2)
+# define PR_SHADOW_STACK_PUSH (1UL << 3)

#endif /* _LINUX_PRCTL_H */

--
2.30.2