On Wed, 2023-03-08 at 10:23 +0100, Borislav Petkov wrote: > On Mon, Feb 27, 2023 at 02:29:43PM -0800, Rick Edgecombe wrote: > > When user shadow stack is use, Write=0,Dirty=1 is treated by the > > CPU as > > ^ > in Oops, yes. > > > shadow stack memory. So for shadow stack memory this bit > > combination is > > valid, but when Dirty=1,Write=1 (conventionally writable) memory is > > being > > write protected, the kernel has been taught to transition the > > Dirty=1 > > bit to SavedDirty=1, to avoid inadvertently creating shadow stack > > memory. It does this inside pte_wrprotect() because it knows the > > PTE is > > not intended to be a writable shadow stack entry, it is supposed to > > be > > write protected. > > > > > > However, when a PTE is created by a raw prot using mk_pte(), > > mk_pte() > > can't know whether to adjust Dirty=1 to SavedDirty=1. It can't > > distinguish between the caller intending to create a shadow stack > > PTE or > > needing the SavedDirty shift. > > > > The kernel has been updated to not do this, and so Write=0,Dirty=1 > > memory should only be created by the pte_mkfoo() helpers. Add a > > warning > > to make sure no new mk_pte() start doing this. > > Might wanna add the note from below here: > > "... start doing this, like, for example, set_memory_rox() did." Fine by me. Thanks.
