On Mon, Feb 27, 2023 at 02:29:40PM -0800, Rick Edgecombe wrote:
> The x86 Control-flow Enforcement Technology (CET) feature includes a new
> type of memory called shadow stack. This shadow stack memory has some
> unusual properties, which requires some core mm changes to function
> properly.
>
> Shadow stack memory is writable only in very specific, controlled ways.
> However, since it is writable, the kernel treats it as such. As a result
^
,
> there remain many ways for userspace to trigger the kernel to write to
> shadow stack's via get_user_pages(, FOLL_WRITE) operations. To make this a
"stacks"
or "to write to a shadow stack via..."
> little less exposed, block writable GUPs for shadow stack VMAs.
GUPs?
I supposed this means "prevent get_user_pages() from pinning pages to
which the corresponding VMA is a shadow stack one."?
Or something like that which is less mm-internal speak...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
