Re: [PATCH 7/9] x86/mm: Shadow stack page fault error checking

[PATCH 0/9] Control Flow Enforcement - Part (2) · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Andy Lutomirski <luto@amacapital.net> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Andy Lutomirski <luto@kernel.org> · 2018-06-08
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-08
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · kbuild test robot <hidden> · 2018-06-08
Re: [PATCH 6/9] x86/mm: Introduce ptep_set_wrprotect_flush and related functions · kbuild test robot <hidden> · 2018-06-08
[PATCH 8/9] x86/cet: Handle shadow stack page fault · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 9/9] x86/cet: Handle THP/HugeTLB shadow stack page copying · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 7/9] x86/mm: Shadow stack page fault error checking · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 7/9] x86/mm: Shadow stack page fault error checking · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 7/9] x86/mm: Shadow stack page fault error checking · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 7/9] x86/mm: Shadow stack page fault error checking · Dave Hansen <dave.hansen@linux.intel.com> · 2018-06-07
[PATCH 5/9] x86/mm: Introduce _PAGE_DIRTY_SW · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 5/9] x86/mm: Introduce _PAGE_DIRTY_SW · kbuild test robot <hidden> · 2018-06-08
[PATCH 4/9] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 4/9] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW · kbuild test robot <hidden> · 2018-06-08
[PATCH 3/9] mm: Introduce VM_SHSTK for shadow stack memory · Yu-cheng Yu <hidden> · 2018-06-07
[PATCH 1/9] x86/cet: Control protection exception handler · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 1/9] x86/cet: Control protection exception handler · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 1/9] x86/cet: Control protection exception handler · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 1/9] x86/cet: Control protection exception handler · kbuild test robot <hidden> · 2018-06-08
Re: [PATCH 1/9] x86/cet: Control protection exception handler · kbuild test robot <hidden> · 2018-06-08
[PATCH 2/9] x86/cet: Add Kconfig option for user-mode shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 2/9] x86/cet: Add Kconfig option for user-mode shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07
Re: [PATCH 2/9] x86/cet: Add Kconfig option for user-mode shadow stack · Yu-cheng Yu <hidden> · 2018-06-07
Re: [PATCH 2/9] x86/cet: Add Kconfig option for user-mode shadow stack · Andy Lutomirski <luto@kernel.org> · 2018-06-07

From: Andy Lutomirski <luto@kernel.org>
Date: 2018-06-07 16:26:57
Also in: linux-arch, linux-mm, lkml

On Thu, Jun 7, 2018 at 7:40 AM Yu-cheng Yu [off-list ref] wrote:

If a page fault is triggered by a shadow stack access (e.g.
call/ret) or shadow stack management instructions (e.g.
wrussq), then bit[6] of the page fault error code is set.

In access_error(), we check if a shadow stack page fault
is within a shadow stack memory area.

Signed-off-by: Yu-cheng Yu <redacted>

quoted hunk ↗ jump to hunk

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 73bd8c95ac71..2b3b9170109c 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c

@@ -1166,6 +1166,17 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
                                       (error_code & X86_PF_INSTR), foreign))
                return 1;

+       /*
+        * Verify X86_PF_SHSTK is within a shadow stack VMA.
+        * It is always an error if there is a shadow stack
+        * fault outside a shadow stack VMA.
+        */
+       if (error_code & X86_PF_SHSTK) {
+               if (!(vma->vm_flags & VM_SHSTK))
+                       return 1;
+               return 0;
+       }
+

What, if anything, would go wrong without this change?  It seems like
it might be purely an optimization.  If so, can you mention that in
the comment?
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help