| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e432d102-7f69-7ba3-6146-c0165eef87e1@intel.com>
Date: Tue, 7 Apr 2020 15:21:59 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Yu-cheng Yu <yu-cheng.yu@...el.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>, x86-patch-review@...el.com
Subject: Re: [RFC PATCH v9 14/27] mm: Handle Shadow Stack page fault
On 4/7/20 11:14 AM, Yu-cheng Yu wrote:
> On Wed, 2020-02-26 at 16:08 -0800, Dave Hansen wrote:
>>> diff --git a/mm/memory.c b/mm/memory.c
>>> index 45442d9a4f52..6daa28614327 100644
>>> --- a/mm/memory.c
>>> +++ b/mm/memory.c
>>> @@ -772,7 +772,8 @@ copy_one_pte(struct mm_struct *dst_mm, struct mm_struct *src_mm,
>>> * If it's a COW mapping, write protect it both
>>> * in the parent and the child
>>> */
>>> - if (is_cow_mapping(vm_flags) && pte_write(pte)) {
>>> + if ((is_cow_mapping(vm_flags) && pte_write(pte)) ||
>>> + arch_copy_pte_mapping(vm_flags)) {
>>> ptep_set_wrprotect(src_mm, addr, src_pte);
>>> pte = pte_wrprotect(pte);
>>> }
>>
>> You have to modify this because pte_write()==0 for shadow stack PTEs, right?
>>
>> Aren't shadow stack ptes *logically* writable, even if they don't have
>> the write bit set? What would happen if we made pte_write()==1 for them?
>
> Here the vm_flags needs to have VM_MAYWRITE, and the PTE needs to have
> _PAGE_WRITE. A shadow stack does not have either.
I literally mean taking pte_write(), and doing something l
static inline int pte_write(pte_t pte)
{
if (pte_present(pte) && pte_is_shadow_stack(pte))
return 1;
return pte_flags(pte) & _PAGE_RW;
}
Then if is_cow_mapping() returns true for shadow stack VMAs, the above
code doesn't need to change.
> To fix checking vm_flags, what about adding a "arch_is_cow_mappping()" to the
> generic is_cow_mapping()?
That makes good sense to me.
> For the PTE, the check actually tries to determine if the PTE is not already
> being copy-on-write, which is:
>
> (!_PAGE_RW && !_PAGE_DIRTY_HW)
>
> So what about making it pte_cow()?
>
> /*
> * The PTE is in copy-on-write status.
> */
> static inline int pte_cow(pte_t pte)
> {
> return !(pte_flags(pte) & (_PAGE_WRITE | _PAGE_DIRTY_HW));
> }
... with appropriate comments that seems fine to me.
Powered by blists - more mailing lists