On Wed, 2018-07-11 at 11:12 +0200, Peter Zijlstra wrote: > On Tue, Jul 10, 2018 at 04:10:08PM -0700, Dave Hansen wrote: > > > > On 07/10/2018 03:26 PM, Yu-cheng Yu wrote: > > > > > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> > > This still needs a changelog, even if you think it's simple. > > > > > > --- a/mm/mprotect.c > > > +++ b/mm/mprotect.c > > > @@ -446,6 +446,15 @@ static int do_mprotect_pkey(unsigned long > > > start, size_t len, > > > error = -ENOMEM; > > > if (!vma) > > > goto out; > > > + > > > + /* > > > + * Do not allow changing shadow stack memory. > > > + */ > > > + if (vma->vm_flags & VM_SHSTK) { > > > + error = -EINVAL; > > > + goto out; > > > + } > > > + > > I think this is a _bit_ draconian. Why shouldn't we be able to use > > protection keys with a shadow stack? Or, set it to PROT_NONE? > Right, and then there's also madvise() and some of the other > accessors. > > Why do we need to disallow this? AFAICT the worst that can happen is > that a process wrecks itself, so what? Agree. I will remove the patch. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html