Re: [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW
From: Dave Hansen
Date: Thu Aug 30 2018 - 13:36:19 EST
On 08/30/2018 10:26 AM, Yu-cheng Yu wrote:
> We don't have the guard page now, but there is a shadow stack token
> there, which cannot be used as a return address.
The overall concern is that we could overflow into a page that we did
not intend. Either another actual shadow stack or something that a page
that the attacker constructed, like the transient scenario Jann described.