Re: [RFC PATCH v2 00/15] pkeys-based page table hardening
From: Dave Hansen <hidden>
Date: 2025-01-09 16:30:48
Also in:
linux-hardening, lkml
From: Dave Hansen <hidden>
Date: 2025-01-09 16:30:48
Also in:
linux-hardening, lkml
One of the sticker things in the x86 attempt to do the same thing was context switching, both between normal tasks and in/out of exceptions and interrupts. The easiest place this manifested for us was code chunk like this: kpkeys_set_level(KPKEYS_LVL_PGTABLES); // modify page tables here kpkeys_restore_pkey_reg(); We had to make sure that we didn't get preempted and context switch over to some other task that _wasn't_ doing page table manipulation while page table writes were allowed. On x86, we had to basically start context-switching the kernel pkey register the same way we do GPRs. How is SYS_POR_EL0 being context switched?