1. Patchew
  2. linux
  3. View series

[PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()

Breno Leitao posted 1 patch 1 week, 2 days ago
There is a newer version of this series
arch/arm64/mm/gcs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
Posted by Breno Leitao 1 week, 2 days ago 
alloc_gcs() returns an error-encoded pointer on failure, which comes
from do_mmap(), not NULL.

The current NULL check fails to detect errors, which could lead to using
an invalid GCS address.

Use IS_ERR_VALUE() to properly detect errors, consistent with the
check in gcs_alloc_thread_stack().

Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
Signed-off-by: Breno Leitao <leitao@debian.org>
---
PS: This was compiled-tested only, given I unfortunately don't have
a hardware to test on _yet_.
---
 arch/arm64/mm/gcs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
index 6e93f78de79b1..efce7642b1d7b 100644
--- a/arch/arm64/mm/gcs.c
+++ b/arch/arm64/mm/gcs.c
@@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
 
 		size = gcs_size(0);
 		gcs = alloc_gcs(0, size);
-		if (!gcs)
-			return -ENOMEM;
+		if (IS_ERR_VALUE(gcs))
+			return PTR_ERR((void *)gcs);
 
 		task->thread.gcspr_el0 = gcs + size - sizeof(u64);
 		task->thread.gcs_base = gcs;

---
base-commit: 8dfce8991b95d8625d0a1d2896e42f93b9d7f68d
change-id: 20260129-arm64_cgs-496817025d1e

Best regards,
--  
Breno Leitao <leitao@debian.org>
Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
Posted by Will Deacon 6 days, 5 hours ago 
On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> alloc_gcs() returns an error-encoded pointer on failure, which comes
> from do_mmap(), not NULL.
> 
> The current NULL check fails to detect errors, which could lead to using
> an invalid GCS address.
> 
> Use IS_ERR_VALUE() to properly detect errors, consistent with the
> check in gcs_alloc_thread_stack().
> 
> Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
> Signed-off-by: Breno Leitao <leitao@debian.org>
> ---
> PS: This was compiled-tested only, given I unfortunately don't have
> a hardware to test on _yet_.
> ---
>  arch/arm64/mm/gcs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> index 6e93f78de79b1..efce7642b1d7b 100644
> --- a/arch/arm64/mm/gcs.c
> +++ b/arch/arm64/mm/gcs.c
> @@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
>  
>  		size = gcs_size(0);
>  		gcs = alloc_gcs(0, size);
> -		if (!gcs)
> -			return -ENOMEM;
> +		if (IS_ERR_VALUE(gcs))
> +			return PTR_ERR((void *)gcs);

Why do you need to go via PTR_ERR() here? 'gcs' is an 'unsigned long' so
can't we just return that directly?

Will
Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
Posted by Breno Leitao 6 days, 5 hours ago 
On Mon, Feb 02, 2026 at 02:44:43PM +0000, Will Deacon wrote:
> On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> > alloc_gcs() returns an error-encoded pointer on failure, which comes
> > from do_mmap(), not NULL.
> > 
> > The current NULL check fails to detect errors, which could lead to using
> > an invalid GCS address.
> > 
> > Use IS_ERR_VALUE() to properly detect errors, consistent with the
> > check in gcs_alloc_thread_stack().
> > 
> > Fixes: b57180c75c7eb ("arm64/gcs: Implement shadow stack prctl() interface")
> > Signed-off-by: Breno Leitao <leitao@debian.org>
> > ---
> > PS: This was compiled-tested only, given I unfortunately don't have
> > a hardware to test on _yet_.
> > ---
> >  arch/arm64/mm/gcs.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/arch/arm64/mm/gcs.c b/arch/arm64/mm/gcs.c
> > index 6e93f78de79b1..efce7642b1d7b 100644
> > --- a/arch/arm64/mm/gcs.c
> > +++ b/arch/arm64/mm/gcs.c
> > @@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)
> >  
> >  		size = gcs_size(0);
> >  		gcs = alloc_gcs(0, size);
> > -		if (!gcs)
> > -			return -ENOMEM;
> > +		if (IS_ERR_VALUE(gcs))
> > +			return PTR_ERR((void *)gcs);
> 
> Why do you need to go via PTR_ERR() here? 'gcs' is an 'unsigned long' so
> can't we just return that directly?

yea, PTR_ERR() is not helping here. We can definitely return gcs
directly.

I will update it,
--breno
Re: [PATCH] arm64/gcs: Fix error handling in arch_set_shadow_stack_status()
Posted by Mark Brown 6 days, 7 hours ago 
On Fri, Jan 30, 2026 at 01:43:09AM -0800, Breno Leitao wrote:
> alloc_gcs() returns an error-encoded pointer on failure, which comes
> from do_mmap(), not NULL.

Good spot, thanks:

Reviewed-by: Mark Brown <broonie@kernel.org>

> PS: This was compiled-tested only, given I unfortunately don't have
> a hardware to test on _yet_.

You can run with the Arm software models, shrinkwrap provides a
convenient way to do that:

  https://shrinkwrap.docs.arm.com/en/latest/

or the very latest qemu.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.