| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Mar 2021 10:27:53 -0700
From: "Yu, Yu-cheng" <yu-cheng.yu@...el.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org, linux-api@...r.kernel.org,
Arnd Bergmann <arnd@...db.de>,
Andy Lutomirski <luto@...nel.org>,
Balbir Singh <bsingharora@...il.com>,
Borislav Petkov <bp@...en8.de>,
Cyrill Gorcunov <gorcunov@...il.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Eugene Syromiatnikov <esyr@...hat.com>,
Florian Weimer <fweimer@...hat.com>,
"H.J. Lu" <hjl.tools@...il.com>, Jann Horn <jannh@...gle.com>,
Jonathan Corbet <corbet@....net>,
Kees Cook <keescook@...omium.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Oleg Nesterov <oleg@...hat.com>, Pavel Machek <pavel@....cz>,
Peter Zijlstra <peterz@...radead.org>,
Randy Dunlap <rdunlap@...radead.org>,
"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@...el.com>,
Dave Martin <Dave.Martin@....com>,
Weijiang Yang <weijiang.yang@...el.com>,
Pengfei Xu <pengfei.xu@...el.com>,
Haitao Huang <haitao.huang@...el.com>
Subject: Re: [PATCH v23 14/28] x86/mm: Shadow Stack page fault error checking
On 3/22/2021 3:38 AM, Kirill A. Shutemov wrote:
> On Tue, Mar 16, 2021 at 08:10:40AM -0700, Yu-cheng Yu wrote:
[...]
>>
>> diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
>> index a73347e2cdfc..4316732a18c6 100644
>> --- a/arch/x86/mm/fault.c
>> +++ b/arch/x86/mm/fault.c
>> @@ -1100,6 +1100,17 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
>> (error_code & X86_PF_INSTR), foreign))
>> return 1;
>>
>> + /*
>> + * Verify a shadow stack access is within a shadow stack VMA.
>> + * It is always an error otherwise. Normal data access to a
>> + * shadow stack area is checked in the case followed.
>> + */
>> + if (error_code & X86_PF_SHSTK) {
>> + if (!(vma->vm_flags & VM_SHSTK))
>> + return 1;
>> + return 0;
>
> Any reason to return 0 here? I would rather keep the single return 0 in
> the function, after all checks are done.
>
For shadow stack fault, X86_PF_SHSTK and X86_PF_WRITE both can be set.
So for shadow stack fault, return from here and don't go into the normal
write fault case.
Thanks,
Yu-cheng
>> + }
>> +
>> if (error_code & X86_PF_WRITE) {
>> /* write, present and write, not present: */
>> if (unlikely(!(vma->vm_flags & VM_WRITE)))
>> @@ -1293,6 +1304,14 @@ void do_user_addr_fault(struct pt_regs *regs,
>>
>> perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
>>
>> + /*
>> + * Clearing _PAGE_DIRTY is used to detect shadow stack access.
>> + * This method cannot distinguish shadow stack read vs. write.
>> + * For valid shadow stack accesses, set FAULT_FLAG_WRITE to effect
>> + * copy-on-write.
>> + */
>> + if (error_code & X86_PF_SHSTK)
>> + flags |= FAULT_FLAG_WRITE;
>> if (error_code & X86_PF_WRITE)
>> flags |= FAULT_FLAG_WRITE;
>> if (error_code & X86_PF_INSTR)
>> --
>> 2.21.0
>>
>
Powered by blists - more mailing lists