Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2023-03-08 at 10:23 +0100, Borislav Petkov wrote:
> On Mon, Feb 27, 2023 at 02:29:43PM -0800, Rick Edgecombe wrote:
> > When user shadow stack is use, Write=0,Dirty=1 is treated by the
> > CPU as
> 
>                            ^
>                            in

Oops, yes.
> 
> > shadow stack memory. So for shadow stack memory this bit
> > combination is
> > valid, but when Dirty=1,Write=1 (conventionally writable) memory is
> > being
> > write protected, the kernel has been taught to transition the
> > Dirty=1
> > bit to SavedDirty=1, to avoid inadvertently creating shadow stack
> > memory. It does this inside pte_wrprotect() because it knows the
> > PTE is
> > not intended to be a writable shadow stack entry, it is supposed to
> > be
> > write protected.
> 
> 
> > 
> > However, when a PTE is created by a raw prot using mk_pte(),
> > mk_pte()
> > can't know whether to adjust Dirty=1 to SavedDirty=1. It can't
> > distinguish between the caller intending to create a shadow stack
> > PTE or
> > needing the SavedDirty shift.
> > 
> > The kernel has been updated to not do this, and so Write=0,Dirty=1
> > memory should only be created by the pte_mkfoo() helpers. Add a
> > warning
> > to make sure no new mk_pte() start doing this.
> 
> Might wanna add the note from below here:
> 
> "... start doing this, like, for example, set_memory_rox() did."

Fine by me.

Thanks.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux