Re: [PATCH v2 22/39] mm: Don't allow write GUPs to shadow stack memory
From: Kees Cook
Date: Mon Oct 03 2022 - 14:39:20 EST
On Thu, Sep 29, 2022 at 03:29:19PM -0700, Rick Edgecombe wrote:
> [...]
> Still allow FOLL_FORCE to write through shadow stack protections, as it
> does for read-only protections.
As I asked in the cover letter: why do we need to add this for shstk? It
was a mistake for general memory. :P
> [...]
> diff --git a/mm/gup.c b/mm/gup.c
> index 5abdaf487460..56da98f3335c 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -1043,7 +1043,7 @@ static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
> return -EFAULT;
>
> if (write) {
> - if (!(vm_flags & VM_WRITE)) {
> + if (!(vm_flags & VM_WRITE) || (vm_flags & VM_SHADOW_STACK)) {
> if (!(gup_flags & FOLL_FORCE))
> return -EFAULT;
> /*
How about this instead:
return -EFAULT;
if (write) {
+ if (vm_flags & VM_SHADOW_STACK)
+ return -EFAULT;
if (!(vm_flags & VM_WRITE)) {
if (!(gup_flags & FOLL_FORCE))
return -EFAULT;
--
Kees Cook