Re: [PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2023-03-08 at 09:53 +0100, Borislav Petkov wrote:
> On Mon, Feb 27, 2023 at 02:29:42PM -0800, Rick Edgecombe wrote:
> > The x86 Control-flow Enforcement Technology (CET) feature includes
> > a new
> > type of memory called shadow stack. This shadow stack memory has
> > some
> > unusual properties, which requires some core mm changes to function
> > properly.
> > 
> > One sharp edge is that PTEs that are both Write=0 and Dirty=1 are
> > treated as shadow by the CPU, but this combination used to be
> > created by
> > the kernel on x86. Previous patches have changed the kernel to now
> > avoid
> > creating these PTEs unless they are for shadow stack memory. In
> > case any
> > missed corners of the kernel are still creating PTEs like this for
> > non-shadow stack memory, and to catch any re-introductions of the
> > logic,
> > warn if any shadow stack PTEs (Write=0, Dirty=1) are found in non-
> > shadow
> > stack VMAs when they are being zapped. This won't catch transient
> > cases
> > but should have decent coverage. It will be compiled out when
> > shadow
> > stack is not configured.
> > 
> > In order to check if a pte is shadow stack in core mm code, add two
> > arch
> 
> s/pte/PTE/

Yes, it matches the rest.




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux