Thread (62 messages) 62 messages, 5 authors, 2021-08-21

Re: [PATCH v28 09/32] x86/mm: Introduce _PAGE_COW

From: Borislav Petkov <bp@alien8.de>
Date: 2021-08-17 20:24:39
Also in: linux-arch, linux-doc, linux-mm, lkml

On Tue, Aug 17, 2021 at 01:13:09PM -0700, Andy Lutomirski wrote:
quoted
If special kernel code using shadow stack management insns needs
to modify a shadow stack, then it can check whether a page is
pte/pmd_shstk() but that code is special anyway.

Hell, a shadow stack page is (Write=0, Dirty=1) so calling it writable
                 ^^^^^^^
is simply wrong.
But it *is* writable using WRUSS, and it’s also writable by CALL,
Well, if we have to be precise, CALL doesn't write it directly - it
causes for shadow stack to be written as part of CALL's execution. Yeah
yeah, potato potato.
WRSS, etc.
Thus the "special kernel code" thing above. I've left it in instead of
snipping it.
Now if the mm code tries to write protect it and expects sensible
semantics, the results could be interesting. At the very least,
someone would need to validate that RET reading a read only shadow
stack page does the right thing.
Huh?

A shadow stack page is RO (W=0).

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help