Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory

[PATCH v7 00/41] Shadow stacks for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 02/41] x86/shstk: Add Kconfig option for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Szabolcs Nagy <hidden> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Szabolcs Nagy <hidden> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · Liang, Kan <hidden> · 2023-03-06
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · H.J. Lu <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · szabolcs.nagy@arm.com <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · H.J. Lu <hidden> · 2023-03-03
Re: [PATCH v7 01/41] Documentation/x86: Add CET shadow stack description · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-03
[PATCH v7 03/41] x86/cpufeatures: Add CPU feature flags for shadow stacks · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 05/41] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 04/41] x86/cpufeatures: Enable CET CR4 bit for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 12/41] s390/mm: Introduce pmd_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2023-03-01
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-01
Re: [PATCH v7 08/41] x86/shstk: Add user control-protection fault handler · Borislav Petkov <bp@alien8.de> · 2023-03-01
[PATCH v7 09/41] x86/mm: Remove _PAGE_DIRTY from kernel RO pages · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 10/41] x86/mm: Move pmd_write(), pud_write() up in the file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 11/41] mm: Introduce pte_mkwrite_kernel() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 06/41] x86/fpu: Add helper for modifying xstate · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 16/41] x86/mm: Start actually marking _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 15/41] x86/mm: Update ptep/pmdp_set_wrprotect() for _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 07/41] x86: Move control protection handler to separate file · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 07/41] x86: Move control protection handler to separate file · Borislav Petkov <bp@alien8.de> · 2023-03-01
[PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · Borislav Petkov <bp@alien8.de> · 2023-03-02
Re: [PATCH v7 14/41] x86/mm: Introduce _PAGE_SAVED_DIRTY · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
[PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Christophe Leroy <hidden> · 2023-03-01
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · David Hildenbrand <hidden> · 2023-03-01
Re: [PATCH v7 13/41] mm: Make pte_mkwrite() take a VMA · Borislav Petkov <bp@alien8.de> · 2023-03-02
[PATCH v7 17/41] mm: Move VM_UFFD_MINOR_BIT from 37 to 38 · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 18/41] mm: Introduce VM_SHADOW_STACK for shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Borislav Petkov <bp@alien8.de> · 2023-03-03
Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors · Dave Hansen <hidden> · 2023-03-03
[PATCH v7 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 20/41] x86/mm: Teach pte_mkwrite() about stack memory · Borislav Petkov <bp@alien8.de> · 2023-03-03
[PATCH v7 23/41] mm: Re-introduce vm_flags to do_mmap() · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · David Hildenbrand <hidden> · 2023-03-07
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Dave Hansen <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-17
Re: [PATCH v7 22/41] mm/mmap: Add shadow stack pages to memory accounting · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Borislav Petkov <bp@alien8.de> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · David Hildenbrand <hidden> · 2023-03-07
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 21/41] mm: Add guard pages around a shadow stack. · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 25/41] x86/mm: Introduce MAP_ABOVE4G · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
[PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Andy Lutomirski <luto@kernel.org> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Andy Lutomirski" <luto@kernel.org> · 2023-03-06
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-07
Re: [PATCH v7 24/41] mm: Don't allow write GUPs to shadow stack memory · Deepak Gupta <hidden> · 2023-03-17
[PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 26/41] mm: Warn on shadow stack memory in wrong vma · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
[PATCH v7 29/41] x86/shstk: Add user-mode shadow stack support · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · H.J. Lu <hidden> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 28/41] x86: Introduce userspace API for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-10
[PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Kees Cook <kees@kernel.org> · 2023-02-27
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 27/41] x86/mm: Warn if create Write=0,Dirty=1 with raw prot · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
[PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Szabolcs Nagy <hidden> · 2023-03-02
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-08
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-08
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 30/41] x86/shstk: Handle thread shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
[PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 31/41] x86/shstk: Introduce routines modifying shstk · Borislav Petkov <bp@alien8.de> · 2023-03-09
[PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Szabolcs Nagy <hidden> · 2023-03-02
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-02
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-09
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-16
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Mike Rapoport <rppt@kernel.org> · 2023-03-14
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Deepak Gupta <hidden> · 2023-03-16
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Szabolcs Nagy <hidden> · 2023-03-20
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
Re: [PATCH v7 33/41] x86/shstk: Introduce map_shadow_stack syscall · Borislav Petkov <bp@alien8.de> · 2023-03-10
[PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-09
Re: [PATCH v7 32/41] x86/shstk: Handle signals for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-09
[PATCH v7 34/41] x86/shstk: Support WRSS for userspace · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 34/41] x86/shstk: Support WRSS for userspace · Borislav Petkov <bp@alien8.de> · 2023-03-10
Re: [PATCH v7 34/41] x86/shstk: Support WRSS for userspace · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-10
[PATCH v7 35/41] x86: Expose thread features in /proc/$PID/status · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 36/41] x86/shstk: Wire in shadow stack interface · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 37/41] selftests/x86: Add shadow stack test · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
[PATCH v7 38/41] x86/fpu: Add helper for initing features · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · Borislav Petkov <bp@alien8.de> · 2023-03-13
Re: [PATCH v7 38/41] x86/fpu: Add helper for initing features · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
[PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 39/41] x86: Add PTRACE interface for shadow stack · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
[PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Borislav Petkov <bp@alien8.de> · 2023-03-11
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · "Edgecombe, Rick P" <rick.p.edgecombe@intel.com> · 2023-03-13
Re: [PATCH v7 40/41] x86/shstk: Add ARCH_SHSTK_UNLOCK · Borislav Petkov <bp@alien8.de> · 2023-03-13
[PATCH v7 41/41] x86/shstk: Add ARCH_SHSTK_STATUS · Rick Edgecombe <rick.p.edgecombe@intel.com> · 2023-02-27

From: "Andy Lutomirski" <luto@kernel.org>
Date: 2023-03-06 18:58:31
Also in: linux-arch, linux-doc, linux-mm, lkml

On Mon, Mar 6, 2023, at 10:33 AM, Edgecombe, Rick P wrote:

On Mon, 2023-03-06 at 10:15 -0800, Andy Lutomirski wrote:

quoted

On Mon, Mar 6, 2023 at 5:10 AM Borislav Petkov [off-list ref] wrote:

quoted

On Mon, Feb 27, 2023 at 02:29:40PM -0800, Rick Edgecombe wrote:

quoted

The x86 Control-flow Enforcement Technology (CET) feature
includes a new
type of memory called shadow stack. This shadow stack memory has
some
unusual properties, which requires some core mm changes to
function
properly.

Shadow stack memory is writable only in very specific, controlled
ways.
However, since it is writable, the kernel treats it as such. As a
result

quoted

there remain many ways for userspace to trigger the kernel to
write to
shadow stack's via get_user_pages(, FOLL_WRITE) operations. To
make this a

Is there an alternate mechanism, or do we still want to allow
FOLL_FORCE so that debuggers can write it?

Yes, GDB shadow stack support uses it via both ptrace poke and
/proc/pid/mem apparently. So some ability to write through is needed
for debuggers. But not CRIU actually. It uses WRSS.

There was also some discussion[0] previously about how apps might
prefer to block /proc/self/mem for general security reasons. Blocking
shadow stack writes while you allow text writes is probably not that
impactful security-wise. So I thought it would be better to leave the
logic simpler. Then when /proc/self/mem could be locked down per the
discussion, shadow stack can be locked down the same way.

Ah, I am guilty of reading your changelog but not the code.

You said:

Shadow stack memory is writable only in very specific, controlled ways.
However, since it is writable, the kernel treats it as such. As a result
there remain many ways for userspace to trigger the kernel to write to
shadow stack's via get_user_pages(, FOLL_WRITE) operations. To make this a
little less exposed, block writable GUPs for shadow stack VMAs.

I read that as *denying* FOLL_FORCE.  Maybe clarify the changelog?

[0] 
https://lore.kernel.org/lkml/E857CF98-EEB2-4F83-8305-0A52B463A661@kernel.org/ (local)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help