On Wed, 2023-03-08 at 09:53 +0100, Borislav Petkov wrote: > On Mon, Feb 27, 2023 at 02:29:42PM -0800, Rick Edgecombe wrote: > > The x86 Control-flow Enforcement Technology (CET) feature includes > > a new > > type of memory called shadow stack. This shadow stack memory has > > some > > unusual properties, which requires some core mm changes to function > > properly. > > > > One sharp edge is that PTEs that are both Write=0 and Dirty=1 are > > treated as shadow by the CPU, but this combination used to be > > created by > > the kernel on x86. Previous patches have changed the kernel to now > > avoid > > creating these PTEs unless they are for shadow stack memory. In > > case any > > missed corners of the kernel are still creating PTEs like this for > > non-shadow stack memory, and to catch any re-introductions of the > > logic, > > warn if any shadow stack PTEs (Write=0, Dirty=1) are found in non- > > shadow > > stack VMAs when they are being zapped. This won't catch transient > > cases > > but should have decent coverage. It will be compiled out when > > shadow > > stack is not configured. > > > > In order to check if a pte is shadow stack in core mm code, add two > > arch > > s/pte/PTE/ Yes, it matches the rest.
