On Tue, May 04, 2021 at 11:25:31PM -0700, Kees Cook wrote: > It looks like PKS-protected page tables would be much like the > RO-protected text pages in the sense that there is already code in > the kernel to do things to make it writable, change text, and set it > read-only again (alternatives, ftrace, etc). We don't actually modify text by changing the mapping at all. We modify through a writable (but not executable) temporary alias on the page (on x86). Once a mapping is RX it will *never* be writable again (until we tear it all down).
