From: Chao Gao Skip mapping the shadow stack as a writable page and the redundant memory zeroing. Currently, the shadow stack is allocated using alloc_page(), then mapped as a writable page, zeroed, and finally mapped as a shadow stack page. The memory zeroing is redundant as alloc_page() already does that. This also eliminates the need for invlpg, as the shadow stack is no longer mapped writable. Signed-off-by: Chao Gao [mks: drop invlpg() as it's no longer needed, adapted changelog accordingly] Signed-off-by: Mathias Krause [sean: add a comment to explain the magic shadow stack protections] Signed-off-by: Sean Christopherson --- x86/cet.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/x86/cet.c b/x86/cet.c index 51a54a50..e2681886 100644 --- a/x86/cet.c +++ b/x86/cet.c @@ -67,7 +67,6 @@ int main(int ac, char **av) { char *shstk_virt; unsigned long shstk_phys; - unsigned long *ptep; pteval_t pte = 0; bool rvc; @@ -89,18 +88,14 @@ int main(int ac, char **av) shstk_virt = alloc_vpage(); shstk_phys = (unsigned long)virt_to_phys(alloc_page()); - /* Install the new page. */ - pte = shstk_phys | PT_PRESENT_MASK | PT_WRITABLE_MASK | PT_USER_MASK; + /* + * Install a mapping for the shadow stack page. Shadow stack pages are + * denoted by an "impossible" combination of a !WRITABLE, DIRTY PTE + * (writes from CPU for shadow stack operations are allowed, but writes + * from software are not). + */ + pte = shstk_phys | PT_PRESENT_MASK | PT_USER_MASK | PT_DIRTY_MASK; install_pte(current_page_table(), 1, shstk_virt, pte, 0); - memset(shstk_virt, 0x0, PAGE_SIZE); - - /* Mark it as shadow-stack page. */ - ptep = get_pte_level(current_page_table(), shstk_virt, 1); - *ptep &= ~PT_WRITABLE_MASK; - *ptep |= PT_DIRTY_MASK; - - /* Flush the paging cache. */ - invlpg((void *)shstk_virt); /* Enable shadow-stack protection */ wrmsr(MSR_IA32_U_CET, ENABLE_SHSTK_BIT); -- 2.52.0.rc1.455.g30608eb744-goog