|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2 06/14] x86/shstk: Create shadow stacks
On 29/05/2020 20:35, Andrew Cooper wrote: >>> + } >>> + map_pages_to_xen((unsigned long)p, virt_to_mfn(p), 1, >>> PAGE_HYPERVISOR_SHSTK); >> As already hinted at in reply to the previous patch, I think this wants >> to remain _PAGE_NONE when we don't use CET-SS. > The commit message discussed why that is not an option (currently), and > why I don't consider it a good idea to make possible. Apologies. I thought I'd written it in the commit message, but it was half in the previous patch, and not terribly clear. I've reworked both. The current practical reason is to do with clone_mappings() in the XPTI case. A wild off-stack read is far far less likely than hitting the guard page with a push first, which means that a R/O guard page is about the same usefulness to us, but results in a much more simple stack setup, as it doesn't vary attributes with enabled features. ~Andrew
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |