Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/3/23 06:00, Borislav Petkov wrote:
> On Mon, Feb 27, 2023 at 02:29:35PM -0800, Rick Edgecombe wrote:
>> @@ -1310,6 +1324,23 @@ void do_user_addr_fault(struct pt_regs *regs,
>>  
>>  	perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
>>  
>> +	/*
>> +	 * For conventionally writable pages, a read can be serviced with a
>> +	 * read only PTE. But for shadow stack, there isn't a concept of
>> +	 * read-only shadow stack memory. If it a PTE has the shadow stack
> s/it //
> 
>> +	 * permission, it can be modified via CALL and RET instructions. So
>> +	 * core MM needs to fault in a writable PTE and do things it already
>> +	 * does for write faults.
>> +	 *
>> +	 * Shadow stack accesses (read or write) need to be serviced with
>> +	 * shadow stack permission memory, which always include write
>> +	 * permissions. So in the case of a shadow stack read access, treat it
>> +	 * as a WRITE fault. This will make sure that MM will prepare
>> +	 * everything (e.g., break COW) such that maybe_mkwrite() can create a
>> +	 * proper shadow stack PTE.

I ended up just chopping that top paragraph out and rewording it a bit.  I think this still expresses the intent in a lot less space:

        /*
         * Read-only permissions can not be expressed in shadow stack PTEs.
         * Treat all shadow stack accesses as WRITE faults. This ensures
         * that the MM will prepare everything (e.g., break COW) such that
         * maybe_mkwrite() can create a proper shadow stack PTE.
         */





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux