Re: [PATCH v28 09/32] x86/mm: Introduce _PAGE_COW
From: Borislav Petkov <bp@alien8.de>
Date: 2021-08-17 20:24:39
Also in:
linux-api, linux-arch, linux-mm, lkml
From: Borislav Petkov <bp@alien8.de>
Date: 2021-08-17 20:24:39
Also in:
linux-api, linux-arch, linux-mm, lkml
On Tue, Aug 17, 2021 at 01:13:09PM -0700, Andy Lutomirski wrote:
quoted
If special kernel code using shadow stack management insns needs to modify a shadow stack, then it can check whether a page is pte/pmd_shstk() but that code is special anyway. Hell, a shadow stack page is (Write=0, Dirty=1) so calling it writable ^^^^^^^ is simply wrong.But it *is* writable using WRUSS, and it’s also writable by CALL,
Well, if we have to be precise, CALL doesn't write it directly - it causes for shadow stack to be written as part of CALL's execution. Yeah yeah, potato potato.
WRSS, etc.
Thus the "special kernel code" thing above. I've left it in instead of snipping it.
Now if the mm code tries to write protect it and expects sensible semantics, the results could be interesting. At the very least, someone would need to validate that RET reading a read only shadow stack page does the right thing.
Huh?
A shadow stack page is RO (W=0).
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette