Thinking out loud ... sorry for the noise
On Sun, May 17, 2026 at 01:30:22PM -0500, Richard Patel wrote:
> +int arch_prctl_set_branch_landing_pad_state(struct task_struct *t, unsigned
> long state)
> +{
> + if (!cpu_feature_enabled(X86_FEATURE_USER_IBT) || in_ia32_syscall())
> + return -EINVAL;
> +
> + if (t != current)
> + return -EINVAL;
> +
> + if (user_ibt_locked(t))
> + return -EINVAL;
> +
> + if (!(state & (PR_CFI_ENABLE | PR_CFI_DISABLE)))
> + return -EINVAL;
> +
> + if (state & PR_CFI_ENABLE && state & PR_CFI_DISABLE)
> + return -EINVAL;
I noticed the caller doesn't filter input arguments, so uapi could pass
garbage flags, and we need to filter here. Will fix and add a selftest
for this in v2.
I think the RISC-V code from which I ported this has the same problem.
> +void reset_thread_ibt(void)
> +{
> + current->thread.ibt = false;
> + current->thread.ibt_locked = false;
> +}
Should I add a comment here explaining why setting U_CET MSR is not
necessary here?
> reset_thread_features();
> + reset_thread_ibt();
There is quite obvious overlap with ARCH_SHSTK here. The problem is that
'features' is gated by USER_SHADOW_STACK, and I didn't want to cause a
mess there before asking. x86 maintainers, what is your preference?
