Re: [PATCH v28 09/32] x86/mm: Introduce _PAGE_COW
From: "Andy Lutomirski" <luto@kernel.org>
Date: 2021-08-17 20:52:25
Also in:
linux-api, linux-arch, linux-doc, lkml
From: "Andy Lutomirski" <luto@kernel.org>
Date: 2021-08-17 20:52:25
Also in:
linux-api, linux-arch, linux-doc, lkml
On Tue, Aug 17, 2021, at 1:24 PM, Borislav Petkov wrote:
On Tue, Aug 17, 2021 at 01:13:09PM -0700, Andy Lutomirski wrote:quoted
quoted
If special kernel code using shadow stack management insns needs to modify a shadow stack, then it can check whether a page is pte/pmd_shstk() but that code is special anyway. Hell, a shadow stack page is (Write=0, Dirty=1) so calling it writable ^^^^^^^ is simply wrong.But it *is* writable using WRUSS, and it’s also writable by CALL,Well, if we have to be precise, CALL doesn't write it directly - it causes for shadow stack to be written as part of CALL's execution. Yeah yeah, potato potato.
Potahto.
quoted
WRSS, etc.Thus the "special kernel code" thing above. I've left it in instead of snipping it.
WRSS can be used from user mode depending on the configuration.
quoted
Now if the mm code tries to write protect it and expects sensible semantics, the results could be interesting. At the very least, someone would need to validate that RET reading a read only shadow stack page does the right thing.Huh? A shadow stack page is RO (W=0).
Double-you shmouble-you. You can't write it with MOV, but you can write it from user code and from kernel code. As far as the mm is concerned, I think it should be considered writable. Although... anyone who tries to copy_to_user() it is going to be a bit surprised. Hmm.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette