On Thu, 2023-11-16 at 18:41 +0000, Mark Brown wrote:

quoted

What about a CLONE_NEW_SHSTK for clone3 that forces a new shadow
stack?
So keep the existing logic, but the new flag can override the logic
for
!CLONE_VM and CLONE_VFORK if the caller wants. The behavior of
shadow_stack_size is then simple. 0 means use default size, !0
means
use the passed size. No need to overload and tie up args->stack.

That does seem like it cuts through the ambiguous cases.  If we go
for
that it feels like we should require the flag when specifying a size,
just to be sure that everything is clear.  Though having said that we
could just always allocate a shadow stack if a size is specified
regardless of the flags, requiring people who want non-default
behaviour
to have some idea what stack size they want.  I don't think I have
strong opinons between having the new flag or always allocating a
stack
if a size is specified.

Either of those seem fine to me, but it would be nice to get it vetted
by the libc folks before committing. I'd maybe lean towards the one you
suggested without the new flag.