[PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory

[PATCH v2 00/39] Shadowstacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[PATCH v2 01/39] Documentation/x86: Add CET description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Bagas Sanjaya <hidden> · 2022-09-30
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Jonathan Corbet <corbet@lwn.net> · 2022-09-30
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Bagas Sanjaya <hidden> · 2022-09-30
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Bagas Sanjaya <hidden> · 2022-10-04
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Peter Zijlstra <peterz@infradead.org> · 2022-10-05
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Bagas Sanjaya <hidden> · 2022-10-05
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Peter Zijlstra <peterz@infradead.org> · 2022-10-05
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · John Hubbard <jhubbard@nvidia.com> · 2022-10-03
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2022-10-03
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Bagas Sanjaya <hidden> · 2022-10-04
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 01/39] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2022-10-05
[PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Dave Hansen <hidden> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Borislav Petkov <bp@alien8.de> · 2022-10-12
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-13
Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack · Borislav Petkov <bp@alien8.de> · 2022-10-13
[PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · Borislav Petkov <bp@alien8.de> · 2022-10-14
Re: [PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
[PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-10-14
Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Borislav Petkov <bp@alien8.de> · 2022-10-14
[PATCH v2 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Borislav Petkov <bp@alien8.de> · 2022-10-15
Re: [PATCH v2 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-17
Re: [PATCH v2 05/39] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Borislav Petkov <bp@alien8.de> · 2022-10-17
[PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · Kees Cook <hidden> · 2022-10-04
Re: [PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · Dave Hansen <hidden> · 2022-10-04
Re: [PATCH v2 06/39] x86/fpu: Add helper for modifying xstate · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
[PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Andy Lutomirski <luto@kernel.org> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "H. Peter Anvin" <hpa@zytor.com> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-05
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · Peter Zijlstra <peterz@infradead.org> · 2022-10-05
Re: [PATCH v2 07/39] x86/cet: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-05
[PATCH v2 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Peter Zijlstra <peterz@infradead.org> · 2022-10-05
Re: [PATCH v2 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Andrew Cooper <hidden> · 2022-10-05
[PATCH v2 09/39] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 09/39] x86/mm: Move pmd_write(), pud_write() up in the file · Kees Cook <hidden> · 2022-10-03
[PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Jann Horn <jannh@google.com> · 2022-09-30
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-06
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Jann Horn <jannh@google.com> · 2022-10-03
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Dave Hansen <hidden> · 2022-10-03
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Dave Hansen <hidden> · 2022-10-05
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-05
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-05
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Peter Zijlstra <peterz@infradead.org> · 2022-10-05
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Peter Zijlstra <peterz@infradead.org> · 2022-10-14
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · Peter Zijlstra <peterz@infradead.org> · 2022-10-14
Re: [PATCH v2 10/39] x86/mm: Introduce _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
[PATCH v2 15/39] x86/mm: Check Shadow Stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 15/39] x86/mm: Check Shadow Stack page fault errors · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 15/39] x86/mm: Check Shadow Stack page fault errors · Peter Zijlstra <peterz@infradead.org> · 2022-10-14
Re: [PATCH v2 15/39] x86/mm: Check Shadow Stack page fault errors · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
[PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · Nadav Amit <hidden> · 2022-10-04
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · Peter Zijlstra <peterz@infradead.org> · 2022-10-14
Re: [PATCH v2 17/39] mm: Fixup places that call pte_mkwrite() directly · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
[PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack · Peter Zijlstra <peterz@infradead.org> · 2022-10-14
Re: [PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-14
[PATCH v2 18/39] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack. · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 18/39] mm: Add guard pages around a shadow stack. · Andrew Cooper <hidden> · 2022-10-05
[PATCH v2 19/39] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 19/39] mm/mmap: Add shadow stack pages to memory accounting · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 19/39] mm/mmap: Add shadow stack pages to memory accounting · Kirill A . Shutemov <hidden> · 2022-10-04
Re: [PATCH v2 19/39] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
[PATCH v2 11/39] x86/mm: Update pte_modify for _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Nadav Amit <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Dave Hansen <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Nadav Amit <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Nadav Amit <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Nadav Amit <hidden> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 12/39] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY to _PAGE_COW · Nadav Amit <hidden> · 2022-10-04
[PATCH v2 20/39] mm/mprotect: Exclude shadow stack from preserve_write · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[PATCH v2 13/39] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 13/39] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 13/39] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Peter Xu <peterx@redhat.com> · 2022-10-03
[PATCH v2 21/39] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Dave Hansen <hidden> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Dave Hansen <hidden> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Jann Horn <jannh@google.com> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Jann Horn <jannh@google.com> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-09-30
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Andy Lutomirski <luto@kernel.org> · 2022-10-03
Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory · Kees Cook <hidden> · 2022-10-04
[PATCH v2 14/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 14/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Kirill A . Shutemov <hidden> · 2022-10-03
Re: [PATCH v2 14/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 14/39] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Kees Cook <hidden> · 2022-10-03
[PATCH v2 23/39] x86: Introduce userspace API for CET enabling · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 23/39] x86: Introduce userspace API for CET enabling · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 23/39] x86: Introduce userspace API for CET enabling · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 23/39] x86: Introduce userspace API for CET enabling · Mike Rapoport <rppt@kernel.org> · 2022-10-06
[PATCH v2 25/39] x86/cet/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 25/39] x86/cet/shstk: Handle thread shadow stack · Mike Rapoport <rppt@kernel.org> · 2022-10-03
Re: [PATCH v2 25/39] x86/cet/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 25/39] x86/cet/shstk: Handle thread shadow stack · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 25/39] x86/cet/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
[PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Dave Hansen <hidden> · 2022-10-03
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Kees Cook <hidden> · 2022-10-04
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
RE: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · David Laight <hidden> · 2022-10-04
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Kees Cook <hidden> · 2022-10-04
RE: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · David Laight <hidden> · 2022-10-05
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-20
Re: [PATCH v2 24/39] x86/cet/shstk: Add user-mode shadow stack support · Kees Cook <hidden> · 2022-10-20
[PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-05
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · Andrew Cooper <hidden> · 2022-10-05
Re: [PATCH v2 26/39] x86/cet/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-20
[PATCH v2 28/39] x86/cet/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 28/39] x86/cet/shstk: Introduce map_shadow_stack syscall · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 28/39] x86/cet/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 28/39] x86/cet/shstk: Introduce map_shadow_stack syscall · H.J. Lu <hidden> · 2022-10-04
[PATCH v2 27/39] x86/cet/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 27/39] x86/cet/shstk: Handle signals for shadow stack · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 27/39] x86/cet/shstk: Handle signals for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-20
Re: [PATCH v2 27/39] x86/cet/shstk: Handle signals for shadow stack · Kees Cook <hidden> · 2022-10-20
[PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Andy Lutomirski <luto@kernel.org> · 2022-10-03
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Kees Cook <hidden> · 2022-10-04
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-06
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Kees Cook <hidden> · 2022-10-06
Re: [PATCH v2 29/39] x86/cet/shstk: Support wrss for userspace · Mike Rapoport <rppt@kernel.org> · 2022-10-04
[PATCH v2 31/39] x86/cet/shstk: Wire in CET interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 31/39] x86/cet/shstk: Wire in CET interface · Kees Cook <hidden> · 2022-10-03
[PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status · "Andy Lutomirski" <luto@kernel.org> · 2022-10-03
Re: [PATCH v2 30/39] x86: Expose thread features status in /proc/$PID/arch_status · Kees Cook <hidden> · 2022-10-04
[PATCH v2 32/39] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 32/39] selftests/x86: Add shadow stack test · Kees Cook <hidden> · 2022-10-03
[PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Dave Hansen <hidden> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Kees Cook <hidden> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Nathan Chancellor <nathan@kernel.org> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · John Allen <john.allen@amd.com> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Nathan Chancellor <nathan@kernel.org> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · "H. Peter Anvin" <hpa@zytor.com> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · John Allen <john.allen@amd.com> · 2022-11-03
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-20
Re: [PATCH v2 33/39] x86/cpufeatures: Limit shadow stack to Intel CPUs · Mike Rapoport <rppt@kernel.org> · 2022-10-04
[OPTIONAL/CLEANUP v2 34/39] x86: Separate out x86_regset for 32 and 64 bit · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[OPTIONAL/CLEANUP v2 35/39] x86: Improve formatting of user_regset arrays · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
[OPTIONAL/RFC v2 36/39] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [OPTIONAL/RFC v2 36/39] x86/fpu: Add helper for initing features · Chang S. Bae <hidden> · 2022-10-03
Re: [OPTIONAL/RFC v2 36/39] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
[OPTIONAL/RFC v2 37/39] x86/cet: Add PTRACE interface for CET · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [OPTIONAL/RFC v2 37/39] x86/cet: Add PTRACE interface for CET · Kees Cook <hidden> · 2022-10-03
Re: [OPTIONAL/RFC v2 37/39] x86/cet: Add PTRACE interface for CET · Mike Rapoport <rppt@kernel.org> · 2022-10-04
Re: [OPTIONAL/RFC v2 37/39] x86/cet: Add PTRACE interface for CET · Kees Cook <hidden> · 2022-10-04
[OPTIONAL/RFC v2 38/39] x86/cet/shstk: Add ARCH_CET_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [OPTIONAL/RFC v2 38/39] x86/cet/shstk: Add ARCH_CET_UNLOCK · Kees Cook <hidden> · 2022-10-04
[OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2022-09-29
Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support · Andy Lutomirski <luto@kernel.org> · 2022-10-03
Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support · "Andy Lutomirski" <luto@kernel.org> · 2022-10-04
Re: [OPTIONAL/RFC v2 39/39] x86: Add alt shadow stack support · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-04
Re: [PATCH v2 00/39] Shadowstacks for userspace · Kees Cook <hidden> · 2022-10-03
Re: [PATCH v2 00/39] Shadowstacks for userspace · Jann Horn <jannh@google.com> · 2022-10-03
Re: [PATCH v2 00/39] Shadowstacks for userspace · Kees Cook <hidden> · 2022-10-04
RE: [PATCH v2 00/39] Shadowstacks for userspace · David Laight <hidden> · 2022-10-04
Re: [PATCH v2 00/39] Shadowstacks for userspace · Kees Cook <hidden> · 2022-10-04
Re: [PATCH v2 00/39] Shadowstacks for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2022-10-03
Re: [PATCH v2 00/39] Shadowstacks for userspace · Kees Cook <hidden> · 2022-10-04

STALE1307d

From: Rick Edgecombe <rick.p.edgecombe@intel.com>
Date: 2022-09-29 22:34:22
Also in: linux-arch, linux-doc, linux-mm, lkml
Subsystem: memory management, memory management - gup (get user pages), the rest, x86 architecture (32-bit and 64-bit) · Maintainers: Andrew Morton, David Hildenbrand, Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen

Shadow stack memory is writable only in very specific, controlled ways.
However, since it is writable, the kernel treats it as such. As a result
there remain many ways for userspace to trigger the kernel to write to
shadow stack's via get_user_pages(, FOLL_WRITE) operations. To make this a
little less exposed, block writable GUPs for shadow stack VMAs.

Still allow FOLL_FORCE to write through shadow stack protections, as it
does for read-only protections.

Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---

v2:
 - New patch

 arch/x86/include/asm/pgtable.h | 3 +++
 mm/gup.c                       | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 7a769c4dbc1c..2e6a5ee70034 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h

@@ -1633,6 +1633,9 @@ static inline bool __pte_access_permitted(unsigned long pteval, bool write)
 {
 	unsigned long need_pte_bits = _PAGE_PRESENT|_PAGE_USER;
 
+	if (write && (pteval & (_PAGE_RW | _PAGE_DIRTY)) == _PAGE_DIRTY)
+		return 0;
+
 	if (write)
 		need_pte_bits |= _PAGE_RW;

diff --git a/mm/gup.c b/mm/gup.c
index 5abdaf487460..56da98f3335c 100644
--- a/mm/gup.c
+++ b/mm/gup.c

@@ -1043,7 +1043,7 @@ static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
 		return -EFAULT;
 
 	if (write) {
-		if (!(vm_flags & VM_WRITE)) {
+		if (!(vm_flags & VM_WRITE) || (vm_flags & VM_SHADOW_STACK)) {
 			if (!(gup_flags & FOLL_FORCE))
 				return -EFAULT;
 			/*

-- 
2.17.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help