Re: [PATCH v23 15/28] x86/mm: Update maybe_mkwrite() for shadow stack
From: Borislav Petkov
Date: Wed Mar 17 2021 - 11:57:15 EST
On Tue, Mar 16, 2021 at 08:10:41AM -0700, Yu-cheng Yu wrote:
> When serving a page fault, maybe_mkwrite() makes a PTE writable if its vma
> has VM_WRITE.
>
> A shadow stack vma has VM_SHSTK. Its PTEs have _PAGE_DIRTY, but not
> _PAGE_WRITE. In fork(), _PAGE_DIRTY is cleared to effect copy-on-write,
to cause
> and in page fault, _PAGE_DIRTY is restored and the shadow stack page is
in the page fault handler...
> writable again.
>
> Update maybe_mkwrite() by introducing arch_maybe_mkwrite(), which sets
> _PAGE_DIRTY for a shadow stack PTE.
>
> Apply the same changes to maybe_pmd_mkwrite().
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> arch/x86/Kconfig | 4 ++++
> arch/x86/mm/pgtable.c | 18 ++++++++++++++++++
> include/linux/mm.h | 2 ++
> include/linux/pgtable.h | 24 ++++++++++++++++++++++++
> mm/huge_memory.c | 2 ++
> 5 files changed, 50 insertions(+)
Looks straightforward to me but I guess it needs a mm person's ack.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette