On Tue, 2022-12-20 at 22:29 +0100, Borislav Petkov wrote:
> On Fri, Dec 02, 2022 at 04:35:37PM -0800, Rick Edgecombe wrote:
> > There are six bits left available to software in the 64-bit PTE
> > after
> > consuming a bit for _PAGE_COW. No space is consumed in 32-bit
> > kernels
> > because shadow stacks are not enabled there.
> >
> > This is a prepratory patch. Changes to actually start marking
> > _PAGE_COW
>
> Unknown word [prepratory] in commit message.
> Suggestions: ['preparatory',
Sorry about all these spelling errors.
>
> > will follow once other pieces are in place.
>
> And regardless, you don't really need this sentence at all, AFAICT.
>
> ...
Ok.
>
> > +/*
> > + * Normally COW memory can result in Dirty=1,Write=0 PTs. But in
> > the case
> ^^^
>
> PTEs.
Thanks.
>
> > + * of X86_FEATURE_USER_SHSTK, the software COW bit is used, since
> > the
> > + * Dirty=1,Write=0 will result in the memory being treated as
> > shaodw stack
> > + * by the HW. So when creating COW memory, a software bit is used
> > + * _PAGE_BIT_COW. The following functions pte_mkcow() and
> > pte_clear_cow()
> > + * take a PTE marked conventially COW (Dirty=1) and transition it
> > to the
>
> Unknown word [conventially] in comment.
> Suggestions: ['conventionally', ...
>
> > + * shadow stack compatible version of COW (Cow=1).
> > + */
> > +
>
> ^ Superfluous newline.
Thanks.
>
> > +static inline pte_t pte_mkcow(pte_t pte)
> > +{
> > + if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
> > + return pte;
> > +
> > + pte = pte_clear_flags(pte, _PAGE_DIRTY);
> > + return pte_set_flags(pte, _PAGE_COW);
> > +}
> > +
> > +static inline pte_t pte_clear_cow(pte_t pte)
> > +{
> > + /*
> > + * _PAGE_COW is unnecessary on !X86_FEATURE_USER_SHSTK
> > kernels.
>
> I'm guessing this "unnecessary" is supposed to mean that on kernels
> not
> supporting shadow stack, a COW page uses the old bit flags?
>
> I.e., Dirty=1,Write=0?
>
> Might as well write it this way to be perfectly clear.
Right, I can clarify.
>
> > + * See the _PAGE_COW definition for more details.
> > + */
> > + if (!cpu_feature_enabled(X86_FEATURE_USER_SHSTK))
> > + return pte;
> > +
> > + /*
> > + * PTE is getting copied-on-write, so it will be dirtied
> > + * if writable, or made shadow stack if shadow stack and
> > + * being copied on access. Set they dirty bit for both
>
> "Set the dirty bit.."
Oof.
>
> > + * cases.
> > + */
> > + pte = pte_set_flags(pte, _PAGE_DIRTY);
> > + return pte_clear_flags(pte, _PAGE_COW);
> > +}
>
> Rest looks ok.
Thanks.
>
> Thx.
>
