On 07/10/2018 03:26 PM, Yu-cheng Yu wrote: > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> This still needs a changelog, even if you think it's simple. > --- a/mm/mprotect.c > +++ b/mm/mprotect.c > @@ -446,6 +446,15 @@ static int do_mprotect_pkey(unsigned long start, size_t len, > error = -ENOMEM; > if (!vma) > goto out; > + > + /* > + * Do not allow changing shadow stack memory. > + */ > + if (vma->vm_flags & VM_SHSTK) { > + error = -EINVAL; > + goto out; > + } > + I think this is a _bit_ draconian. Why shouldn't we be able to use protection keys with a shadow stack? Or, set it to PROT_NONE? -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html