On Tue, 2022-12-27 at 12:42 +0100, Borislav Petkov wrote:

On Fri, Dec 02, 2022 at 04:35:38PM -0800, Rick Edgecombe wrote:

quoted

 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
 {
+       pteval_t _page_chg_mask_no_dirty = _PAGE_CHG_MASK &
~_PAGE_DIRTY;
        pteval_t val = pte_val(pte), oldval = val;
+       pte_t pte_result;
 
        /*
         * Chop off the NX bit (if present), and add the NX portion
of
         * the newprot (if present):
         */
-       val &= _PAGE_CHG_MASK;
-       val |= check_pgprot(newprot) & ~_PAGE_CHG_MASK;
+       val &= _page_chg_mask_no_dirty;
+       val |= check_pgprot(newprot) & ~_page_chg_mask_no_dirty;
        val = flip_protnone_guard(oldval, val, PTE_PFN_MASK);
-       return __pte(val);
+
+       pte_result = __pte(val);
+
+       /*
+        * Dirty bit is not preserved above so it can be done

Just for my own understanding: are you saying here that
flip_protnone_guard() might end up setting _PAGE_DIRTY in val...

quoted

+        * in a special way for the shadow stack case, where it
+        * needs to set _PAGE_COW. pte_mkcow() will do this in
+        * the case of shadow stack.
+        */
+       if (pte_dirty(pte_result))
+               pte_result = pte_mkcow(pte_result);

... and in that case we need to turn it into a _PAGE_COW setting?

The comment is referring to the dirty bits possibly coming from
newprot, but looking at it now I think the code was broken trying to
fix the recent soft dirty test breakage. Now it might lose pre-existing
dirty bits in the pte unessarily... I think. I'm temporarily without
access to my test equipment so will have to get back to you on this.
Thanks for flagging that something looks off.