On 9/9/20 4:25 PM, Yu, Yu-cheng wrote:
On 9/9/2020 4:11 PM, Dave Hansen wrote:
On 9/9/20 4:07 PM, Yu, Yu-cheng wrote:But in a PROT_WRITE mapping, all the pte's have _PAGE_BIT_RW set. To
What if a writable mapping is passed to madvise(MADV_SHSTK)? Should
that be rejected?
It doesn't matter to me. Even if it's readable, it _stops_ being even
directly readable after it's a shadow stack, right? I don't think
writes are special in any way. If anything, we *want* it to be writable
because that indicates that it can be written to, and we will want to
write to it soon.
change them to shadow stack, we need to clear that bit from the pte's.
That will be like mprotect_fixup()/change_protection_range().
The page table hardware bits don't matter. The user-visible protection
effects matter.
For instance, we have PROT_EXEC, which *CLEARS* a hardware NX PTE bit.
The PROT_ permissions are independent of the hardware.
I don't think the interface should be influenced at *all* by what whacko
PTE bit combinations we have to set to get the behavior.