112  * The shadow stack only stores the return address and not any variables
125  * Writes on shadow stack can either be `sspush` or `ssamoswap`. `sspush` can happen
126  * implicitly on current shadow stack pointed to by CSR_SSP. `ssamoswap` takes pointer to
127  * shadow stack. To keep it simple, we plan to use `ssamoswap` to perform writes on shadow
133 	 * Never expect -1 on shadow stack. Expect return addresses and zero  in amo_user_shstk()
156  * Create a restore token on the shadow stack.  A token is always XLEN wide
180  * Save user shadow stack pointer on the shadow stack itself and return a pointer to saved location.
204  * Restores the user shadow stack pointer from the token on the shadow stack for task 'tsk'.
265 	 * which perform writes to CSR_SSP properly, shadow stack pivoting is not possible. Since  in SYSCALL_DEFINE3()
266 	 * CSR_SSP is writable by user mode, it itself can setup a shadow stack token subsequent  in SYSCALL_DEFINE3()
287  * This gets called during clone/clone3/fork. And is needed to allocate a shadow stack for
289  * thus need a separate shadow stack too. How a separate shadow stack is specified by
291  * This function simply returns 0 if shadow stacks are not supported or if separate shadow
299 	/* If shadow stack is not supported, return 0 */  in shstk_alloc_thread_stack()
304 	 * If shadow stack is not enabled on the new thread, skip any  in shstk_alloc_thread_stack()
305 	 * switch to a new shadow stack.  in shstk_alloc_thread_stack()
311 	 * For CLONE_VFORK the child will share the parents shadow stack.  in shstk_alloc_thread_stack()
321 	 * For !CLONE_VM the child will use a copy of the parents shadow  in shstk_alloc_thread_stack()
328 	 * reaching here means, CLONE_VM was specified and thus a separate shadow  in shstk_alloc_thread_stack()
345 	/* If shadow stack is not supported or not enabled, nothing to release */  in shstk_release()
351 	 * shadow stack allocated, and exit_thread() calls this function to  in shstk_release()
359 	 * We know shadow stack is enabled but if base is NULL, then  in shstk_release()
360 	 * this task is not managing its own shadow stack (CLONE_VFORK). So  in shstk_release()
378 	/* this means shadow stack is enabled on the task */  in arch_get_shadow_stack_status()
401 	/* Request is to enable shadow stack and shadow stack is not enabled already */  in arch_set_shadow_stack_status()
403 		/* shadow stack was allocated and enable request again  in arch_set_shadow_stack_status()
418 	 * If a request to disable shadow stack happens, let's go ahead and release it  in arch_set_shadow_stack_status()
420 	 * not releasing the shadow stack (because it might be needed in parent). Although  in arch_set_shadow_stack_status()
422 	 * then in that case, it'll get entirely new shadow stack because following condition  in arch_set_shadow_stack_status()
424 	 *  - shadow stack was not enabled for vforked child  in arch_set_shadow_stack_status()
425 	 *  - shadow stack base was anyways pointing to 0  in arch_set_shadow_stack_status()
426 	 * This shouldn't be a big issue because we want parent to have availability of shadow  in arch_set_shadow_stack_status()
428 	 * time we want VFORKed child to break away and establish new shadow stack if it desires  in arch_set_shadow_stack_status()
524 …pr_info("RISC-V user CFI disabled via cmdline - shadow stack status : %s, landing pad status : %s\…  in setup_global_riscv_enable()