Re: [PATCH v5 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 19, 2023 at 01:22:50PM -0800, Rick Edgecombe wrote:
> From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> 
> When shadow stack is in use, Write=0,Dirty=1 PTE are preserved for
> shadow stack. Copy-on-write PTEs then have Write=0,Cow=1.
> 
> When a PTE goes from Write=1,Dirty=1 to Write=0,Cow=1, it could
> become a transient shadow stack PTE in two cases:
> 
> 1. Some processors can start a write but end up seeing a Write=0 PTE by
>    the time they get to the Dirty bit, creating a transient shadow stack
>    PTE. However, this will not occur on processors supporting shadow
>    stack, and a TLB flush is not necessary.
> 
> 2. When _PAGE_DIRTY is replaced with _PAGE_COW non-atomically, a transient
>    shadow stack PTE can be created as a result. Thus, prevent that with
>    cmpxchg.
> 
> In the case of pmdp_set_wrprotect(), for nopmd configs the ->pmd operated
> on does not exist and the logic would need to be different. Although the
> extra functionality will normally be optimized out when user shadow
> stacks are not configured, also exclude it in the preprocessor stage so
> that it will still compile. User shadow stack is not supported there by
> Linux anyway. Leave the cpu_feature_enabled() check so that the
> functionality also gets disabled based on runtime detection of the
> feature.
> 
> Similarly, compile it out in ptep_set_wrprotect() due to a clang warning
> on i386. Like above, the code path should get optimized out on i386
> since shadow stack is not supported on 32 bit kernels, but this makes
> the compiler happy.
> 
> Dave Hansen, Jann Horn, Andy Lutomirski, and Peter Zijlstra provided many
> insights to the issue. Jann Horn provided the cmpxchg solution.
> 
> Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx>
> Tested-by: John Allen <john.allen@xxxxxxx>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

-- 
Kees Cook




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux