Thread (222 messages) 222 messages, 21 authors, 2022-11-03

Re: [PATCH v2 16/39] x86/mm: Update maybe_mkwrite() for shadow stack

From: Kees Cook <hidden>
Date: 2022-10-03 18:23:05
Also in: linux-arch, linux-doc, linux-mm, lkml 

On Thu, Sep 29, 2022 at 03:29:13PM -0700, Rick Edgecombe wrote:
From: Yu-cheng Yu <redacted>

When serving a page fault, maybe_mkwrite() makes a PTE writable if there is
a write access to it, and its vma has VM_WRITE. Shadow stack accesses to
shadow stack vma's are also treated as write accesses by the fault handler.
This is because setting shadow stack memory makes it writable via some
instructions, so COW has to happen even for shadow stack reads.

So maybe_mkwrite() should continue to set VM_WRITE vma's as normally
writable, but also set VM_WRITE|VM_SHADOW_STACK vma's as shadow stack.

Do this by adding a pte_mkwrite_shstk() and a cross-arch stub. Check for
VM_SHADOW_STACK in maybe_mkwrite() and call pte_mkwrite_shstk()
accordingly.

Apply the same changes to maybe_pmd_mkwrite().

Signed-off-by: Yu-cheng Yu <redacted>
Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help