Re: [PATCH v7 19/41] x86/mm: Check shadow stack page fault errors
From: Borislav Petkov
Date: Fri Mar 03 2023 - 09:00:34 EST
On Mon, Feb 27, 2023 at 02:29:35PM -0800, Rick Edgecombe wrote:
> @@ -1310,6 +1324,23 @@ void do_user_addr_fault(struct pt_regs *regs,
>
> perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, address);
>
> + /*
> + * For conventionally writable pages, a read can be serviced with a
> + * read only PTE. But for shadow stack, there isn't a concept of
> + * read-only shadow stack memory. If it a PTE has the shadow stack
s/it //
> + * permission, it can be modified via CALL and RET instructions. So
> + * core MM needs to fault in a writable PTE and do things it already
> + * does for write faults.
> + *
> + * Shadow stack accesses (read or write) need to be serviced with
> + * shadow stack permission memory, which always include write
> + * permissions. So in the case of a shadow stack read access, treat it
> + * as a WRITE fault. This will make sure that MM will prepare
> + * everything (e.g., break COW) such that maybe_mkwrite() can create a
> + * proper shadow stack PTE.
> + */
> + if (error_code & X86_PF_SHSTK)
> + flags |= FAULT_FLAG_WRITE;
> if (error_code & X86_PF_WRITE)
> flags |= FAULT_FLAG_WRITE;
> if (error_code & X86_PF_INSTR)
> --
> 2.17.1
>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette