Re: [RFC PATCH v3 00/15] pkeys-based page table hardening

[Maxwell Bland]

On Fri, Apr 04, 2025 at 09:57:02AM +0200, Kevin Brodsky wrote:
> On 28/03/2025 17:15, Maxwell Bland wrote:
> Overall this seems worth investigating. I wonder, have you considered
> how accessors would find the shadow memory? It could of course be linked
> directly from task_struct, but then nothing prevents that pointer from
> being corrupted. I can't think of another cheap way to link $p$ though.
> This is not a full-blown shadow memory approach, so I'm not sure we can
> reserve a whole chunk of the address space for that purpose.

Hi, apologies for the delay again, I had much fire to put out last week.

I saw you posted a V4 for this, so I'll close out this chain.

W.r.t. the above, it may be possible to segment the RB tree in vmalloc.c
and designate an allocation region for this purpose. I did something
similar to enforce PXNTable-across-vmalloc a year or so ago which ended
up successful on a production device.

I plan to experiment a bit with different approaches and will probably
send the code to the mailing list once/if I get something together (also
if it isn't pre-empted by someone smarter and faster doing something
better).  (-:

> Indeed. For experimenting a Coccinelle script to convert direct access
> to certain members to a function call is probably easier :)

This does keep it in-kernel, which is nice, and I will keep this in mind
as I write.

Thank you for the discussion and patch, as well as the newest one!

- Maxwell Bland