Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors
From: Borislav Petkov <bp@alien8.de>
Date: 2023-03-03 14:00:34
Also in:
linux-arch, linux-doc, linux-mm, lkml
On Mon, Feb 27, 2023 at 02:29:35PM -0800, Rick Edgecombe wrote:
quoted hunk ↗ jump to hunk
@@ -1310,6 +1324,23 @@ void do_user_addr_fault(struct pt_regs *regs, perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address); + /* + * For conventionally writable pages, a read can be serviced with a + * read only PTE. But for shadow stack, there isn't a concept of + * read-only shadow stack memory. If it a PTE has the shadow stack
s/it //
+ * permission, it can be modified via CALL and RET instructions. So + * core MM needs to fault in a writable PTE and do things it already + * does for write faults. + * + * Shadow stack accesses (read or write) need to be serviced with + * shadow stack permission memory, which always include write + * permissions. So in the case of a shadow stack read access, treat it + * as a WRITE fault. This will make sure that MM will prepare + * everything (e.g., break COW) such that maybe_mkwrite() can create a + * proper shadow stack PTE. + */ + if (error_code & X86_PF_SHSTK) + flags |= FAULT_FLAG_WRITE; if (error_code & X86_PF_WRITE) flags |= FAULT_FLAG_WRITE; if (error_code & X86_PF_INSTR) -- 2.17.1
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette