On Fri, Aug 11, 2023 at 03:23:12PM +0100, Catalin Marinas wrote:
#define PIE_E1 ( \
- PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS), PIE_RW) | \
- PIRx_ELx_PERM(pte_pi_index(_PAGE_GCS_RO), PIE_R) | \
Had some thoughts on this. Why do we need the EL1 GCS attributes to map to RW? The instructions we'd use to write the shadow stack are the GCS 'T' variants that run as user already.
The only instructions we have in the kernel that would run as EL1 on a user address are the exclusives (futex code or the old deprecated emulation but we don't care about them in this context). So I wonder whether the kernel PIE entry could simply be PIE_NONE_O. Would this be too restrictive for future uses? Given the coherency between a GCS access and a standard data access, we may want to restrict it now until we have a use-case.
Good point. I remember I originally wrote that before I checked into how things like copying pages for ptrace worked but they don't keep the GCSness of the page so they're fine.
I don't think we need to worry about future uses since these are slots reserved for GCS use, if we need a different value later