| Message ID | 20210316151054.5405-8-yu-cheng.yu@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Control-flow Enforcement: Shadow Stack | expand |
On Tue, Mar 16, 2021 at 08:10:33AM -0700, Yu-cheng Yu wrote: > The x86 family of processors do not directly create read-only and Dirty > PTEs. These PTEs are created by software. One such case is that kernel > read-only pages are historically setup as Dirty. > > New processors that support Shadow Stack regard read-only and Dirty PTEs as > shadow stack pages. This results in ambiguity between shadow stack and > kernel read-only pages. To resolve this, removed Dirty from kernel read- > only pages. > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> > Cc: "H. Peter Anvin" <hpa@zytor.com> > Cc: Kees Cook <keescook@chromium.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Christoph Hellwig <hch@lst.de> > Cc: Andy Lutomirski <luto@kernel.org> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: Borislav Petkov <bp@alien8.de> > Cc: Peter Zijlstra <peterz@infradead.org> Looks good to me. Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
On 3/22/2021 2:13 AM, Kirill A. Shutemov wrote: > On Tue, Mar 16, 2021 at 08:10:33AM -0700, Yu-cheng Yu wrote: >> The x86 family of processors do not directly create read-only and Dirty >> PTEs. These PTEs are created by software. One such case is that kernel >> read-only pages are historically setup as Dirty. >> >> New processors that support Shadow Stack regard read-only and Dirty PTEs as >> shadow stack pages. This results in ambiguity between shadow stack and >> kernel read-only pages. To resolve this, removed Dirty from kernel read- >> only pages. >> >> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> >> Cc: "H. Peter Anvin" <hpa@zytor.com> >> Cc: Kees Cook <keescook@chromium.org> >> Cc: Thomas Gleixner <tglx@linutronix.de> >> Cc: Dave Hansen <dave.hansen@linux.intel.com> >> Cc: Christoph Hellwig <hch@lst.de> >> Cc: Andy Lutomirski <luto@kernel.org> >> Cc: Ingo Molnar <mingo@redhat.com> >> Cc: Borislav Petkov <bp@alien8.de> >> Cc: Peter Zijlstra <peterz@infradead.org> > > Looks good to me. > > Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> > Thanks for reviewing. Yu-cheng
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index f24d7ef8fffa..9db61817dfff 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -192,10 +192,10 @@ enum page_cache_mode { #define _KERNPG_TABLE (__PP|__RW| 0|___A| 0|___D| 0| 0| _ENC) #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 16f878c26667..6bebb95a6988 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -1932,7 +1932,7 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rw(unsigned long addr, int numpages)
The x86 family of processors do not directly create read-only and Dirty PTEs. These PTEs are created by software. One such case is that kernel read-only pages are historically setup as Dirty. New processors that support Shadow Stack regard read-only and Dirty PTEs as shadow stack pages. This results in ambiguity between shadow stack and kernel read-only pages. To resolve this, removed Dirty from kernel read- only pages. Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Peter Zijlstra <peterz@infradead.org> --- arch/x86/include/asm/pgtable_types.h | 6 +++--- arch/x86/mm/pat/set_memory.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)