Commit 53c99852 authored Feb 02, 2026 by Breno Leitao Committed by Will Deacon Feb 03, 2026

arm64/gcs: Fix error handling in arch_set_shadow_stack_status()



alloc_gcs() returns an error-encoded pointer on failure, which comes
from do_mmap(), not NULL.

The current NULL check fails to detect errors, which could lead to using
an invalid GCS address.

Use IS_ERR_VALUE() to properly detect errors, consistent with the
check in gcs_alloc_thread_stack().

Fixes: b57180c7 ("arm64/gcs: Implement shadow stack prctl() interface")
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Will Deacon <will@kernel.org>

parent bb0c99e0

arch/arm64/mm/gcs.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -199,8 +199,8 @@ int arch_set_shadow_stack_status(struct task_struct *task, unsigned long arg)

		size = gcs_size(0);
		gcs = alloc_gcs(0, size);
		if (!gcs)
		return -ENOMEM;
		if (IS_ERR_VALUE(gcs))
		return gcs;

		task->thread.gcspr_el0 = gcs + size - sizeof(u64);
		task->thread.gcs_base = gcs;