On Tue, 2018-07-10 at 15:52 -0700, Dave Hansen wrote:
> On 07/10/2018 03:26 PM, Yu-cheng Yu wrote:
> >
> > +++ b/arch/x86/include/asm/traps.h
> > @@ -157,6 +157,7 @@ enum {
> > * bit 3 == 1: use of reserved
> > bit detected
> > * bit 4 == 1: fault was an
> > instruction fetch
> > * bit 5 == 1: protection keys
> > block access
> > + * bit 6 == 1: shadow stack
> > access fault
> > */
> Could we document this bit better?
>
> Is this a fault where the *processor* thought it should be a shadow
> stack fault? Or is it also set on faults to valid shadow stack PTEs
> that just happen to fault for other reasons, say protection keys?
Thanks Vedvyas for explaining this to me.
I will add this to comments:
This flag is 1 if (1) CR4.CET = 1; and (2) the access causing the page-
fault exception was a shadow-stack data access.
So this bit does not report the reason for the fault. It reports the
type of access; i.e. it was a shadow-stack-load or a shadow-stack-store
that took the page fault. The fault could have been caused by any
variety of reasons including protection keys.
