On Tue, 2018-07-10 at 16:37 -0700, Dave Hansen wrote:

On 07/10/2018 03:26 PM, Yu-cheng Yu wrote:

quoted

There are three possible shadow stack PTE settings:

  Normal SHSTK PTE: (R/O + DIRTY_HW)
  SHSTK PTE COW'ed: (R/O + DIRTY_HW)
  SHSTK PTE shared as R/O data: (R/O + DIRTY_SW)

Update can_follow_write_pte/pmd for the shadow stack.

First of all, thanks for the excellent patch headers.  It's nice to
have
that reference every time even though it's repeated.

quoted

-static inline bool can_follow_write_pte(pte_t pte, unsigned int
flags)
+static inline bool can_follow_write_pte(pte_t pte, unsigned int
flags,
+					bool shstk)
 {
+	bool pte_cowed = shstk ? is_shstk_pte(pte):pte_dirty(pte);
+
 	return pte_write(pte) ||
-		((flags & FOLL_FORCE) && (flags & FOLL_COW) &&
pte_dirty(pte));
+		((flags & FOLL_FORCE) && (flags & FOLL_COW) &&
pte_cowed);
 }

Can we just pass the VMA in here?  This use is OK-ish, but I
generally
detest true/false function arguments because you can't tell what they
are when they show up without a named variable.

But...  Why does this even matter?  Your own example showed that all
shadowstack PTEs have either DIRTY_HW or DIRTY_SW set, and
pte_dirty()
checks both.

That makes this check seem a bit superfluous.

My understanding is that we don't want to follow write pte if the page
is shared as read-only.  For a SHSTK page, that is (R/O + DIRTY_SW),
which means the SHSTK page has not been COW'ed.  Is that right?

Thanks,
Yu-cheng
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html