Hi Christophe, I think I've covered everything you've mentioned in the v3 I'm about to send, except for: >> + /* mark early shadow region as RO and wipe */ >> + pte = __pte(__pa(kasan_early_shadow_page) | >> + pgprot_val(PAGE_KERNEL_RO) | _PAGE_PTE); > > Any reason for _PAGE_PTE being required here and not being included in > PAGE_KERNEL_RO ? I'm not 100% sure quite what you mean here. I think you're asking: why do we need to supply _PAGE_PTE here, shouldn't PAGE_KERNEL_RO set that bit or cover that case? _PAGE_PTE is defined by section 5.7.10.2 of Book III of ISA 3.0: bit 1 (linux bit 62) is 'Leaf (entry is a PTE)' I originally had this because it was set in Balbir's original implementation, but the bit is also set by pte_mkpte which is called in set_pte_at, so I also think it's right to set it. I don't know why it's not included in the permission classes; I suspect it's because it's not conceptually a permission, it's set and cleared in things like swp entry code. Does that answer your question? Regards, Daniel
