Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>, x86@xxxxxxxxxx, "H. Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, Arnd Bergmann <arnd@xxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Florian Weimer <fweimer@xxxxxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Vedvyas Shanbhogue <vedvyas.shanbhogue@xxxxxxxxx>
Subject: Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Date: Thu, 19 Jul 2018 12:31:43 -0700
In-reply-to: <1532019963.16711.61.camel@intel.com>
Openpgp: preference=signencrypt
References: <20180710222639.8241-1-yu-cheng.yu@intel.com> <20180710222639.8241-17-yu-cheng.yu@intel.com> <de510df6-7ea9-edc6-9c49-2f80f16472b4@linux.intel.com> <1531328731.15351.3.camel@intel.com> <45a85b01-e005-8cb6-af96-b23ce9b5fca7@linux.intel.com> <1531868610.3541.21.camel@intel.com> <fa9db8c5-41c8-05e9-ad8d-dc6aaf11cb04@linux.intel.com> <1531944882.10738.1.camel@intel.com> <3f158401-f0b6-7bf7-48ab-2958354b28ad@linux.intel.com> <1531955428.12385.30.camel@intel.com> <f4c90626-51d8-5551-5b77-baaff81f16bb@linux.intel.com> <1532019963.16711.61.camel@intel.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 07/19/2018 10:06 AM, Yu-cheng Yu wrote:
> Which pte_write() do you think is right?

There isn't one that's right.

The problem is that the behavior right now is ambiguous.  Some callers
of pte_write() need to know about _PAGE_RW alone and others want to know
if (_PAGE_RW || is_shstk()).

The point is that you need both, plus a big audit of all the pte_write()
users to ensure they use the right one.

For instance, see spurious_fault_check().  We can get a shadowstack
fault that also has X86_PF_WRITE, but pte_write()==0.  That might make a
shadowstack write fault falsely appear spurious.
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

References:
- [RFC PATCH v2 00/27] Control Flow Enforcement (CET)
  - From: Yu-cheng Yu
- [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Dave Hansen
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Dave Hansen
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Dave Hansen
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Dave Hansen
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Dave Hansen
- Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
  - From: Yu-cheng Yu

Prev by Date: Re: Sphinx version dependencies?
Next by Date: [PATCH RFC] cpufreq: trace frequency limits change
Previous by thread: Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
Next by thread: Re: [RFC PATCH v2 16/27] mm: Modify can_follow_write_pte/pmd for shadow stack
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Linux FS] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper] [Linux Resources]