From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 719F8C4320E for ; Tue, 17 Aug 2021 20:13:15 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id F1D0260EB9 for ; Tue, 17 Aug 2021 20:13:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F1D0260EB9 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=amacapital.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 70CA98D0001; Tue, 17 Aug 2021 16:13:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6BD466B0072; Tue, 17 Aug 2021 16:13:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5ABAC8D0001; Tue, 17 Aug 2021 16:13:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0198.hostedemail.com [216.40.44.198]) by kanga.kvack.org (Postfix) with ESMTP id 3F0E26B0071 for ; Tue, 17 Aug 2021 16:13:14 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id E45698249980 for ; Tue, 17 Aug 2021 20:13:13 +0000 (UTC) X-FDA: 78485671866.01.39E4898 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by imf23.hostedemail.com (Postfix) with ESMTP id 9AB249000736 for ; Tue, 17 Aug 2021 20:13:13 +0000 (UTC) Received: by mail-pj1-f51.google.com with SMTP id om1-20020a17090b3a8100b0017941c44ce4so7192756pjb.3 for ; Tue, 17 Aug 2021 13:13:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=Qn12Bt9lqkgM5Y8ZA32WQkTEE6ZrP4WykYQaAHbU6bw=; b=ZxGaRtIt0oBicK9RMeZa/zpUJ73fThIcSyHiWhc6pHKYYanyug7eKtat/O3c5kO5mw gHRwyxDy3AneGChipItpQ7AGbSoStDQNCgP17rEZ04NNruirntDKGQ5oArsT6Rf8l5mq FD6bPE7pI1gIqFgVvHXZi5ErvPUUfOpbVmxvOQPjoatcIL9hafPEs2tslUe61IOOA9Ip YYtM22LzKxHubSB8LayLmab6h006bJ483+BiX9MOeLdUAI384Q2kg/BSN0DCsa/q/xBh /bn21nVc5wPJzHgclOptUAYiOUKZWeYsx8VyLDrycaLyO5LmotQtsp+KgX+NYlupgRkS D4zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=Qn12Bt9lqkgM5Y8ZA32WQkTEE6ZrP4WykYQaAHbU6bw=; b=jwZ2+MdLge6we1blu5grZVM4uqGyyyajYUwONm5zv4m2J81wkup8Iysu/dH/vP1I9i l7UJLRpt8e5H8tc5EIOpqFYw6Sq6ceZzf8o9MSAjmT9tT1gLy0aOI2P2kNVSnnwlWJaP w6bHKr7TJAdeRW2xLmDi43Y4EsrWfl0fi49xOeTe3cz5f+aLDikSsRZob80pJ5iWMcou LdF6WnHznwn3qVlViWgeK2xhajC7Y8cWT0q7pfZcwX76/GoI1czP6a+nBExIiZPfcth+ KDCVIERs2WExaQNntva6+npPExS34MLW6S1C96igPaNqTQRRUPidSESPAVyuQgp12zOJ siew== X-Gm-Message-State: AOAM532ReeUoxjAPFPepvydeKnURmlawtN5E6bkbij4jAUxs4ooUUW0R VlWc6z9y8ABZNi4UhBgVT5/tiA== X-Google-Smtp-Source: ABdhPJy1rQGRBW8og3iBsiEHWYdl0Z67c7meR88EwdCS+j3BmrvipKWVwAm5pIZRYgXr8OiaPjva8A== X-Received: by 2002:a17:902:db01:b0:12d:ccb0:f8b1 with SMTP id m1-20020a170902db0100b0012dccb0f8b1mr4250158plx.43.1629231192511; Tue, 17 Aug 2021 13:13:12 -0700 (PDT) Received: from smtpclient.apple ([2601:646:c200:1ef2:e1d8:e750:e609:cd1d]) by smtp.gmail.com with ESMTPSA id a2sm4165198pgb.19.2021.08.17.13.13.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Aug 2021 13:13:11 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Andy Lutomirski Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v28 09/32] x86/mm: Introduce _PAGE_COW Date: Tue, 17 Aug 2021 13:13:09 -0700 Message-Id: <1A27F5DF-477B-45B7-AD33-CC68D9B7CB89@amacapital.net> References: Cc: "Yu, Yu-cheng" , x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Dave Martin , Weijiang Yang , Pengfei Xu , Haitao Huang , Rick P Edgecombe , "Kirill A . Shutemov" In-Reply-To: To: Borislav Petkov X-Mailer: iPhone Mail (18G82) X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 9AB249000736 X-Stat-Signature: qe5zbkagks7mxa756wguf5yazjonbg9j Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=ZxGaRtIt; dmarc=none; spf=pass (imf23.hostedemail.com: domain of luto@amacapital.net designates 209.85.216.51 as permitted sender) smtp.mailfrom=luto@amacapital.net X-HE-Tag: 1629231193-905532 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > On Aug 17, 2021, at 12:53 PM, Borislav Petkov wrote: >=20 > =EF=BB=BFOn Tue, Aug 17, 2021 at 11:24:29AM -0700, Yu, Yu-cheng wrote: >> Indeed, this can be looked at in a few ways. We can visualize pte_write(= ) >> as 'CPU can write to it with MOV' or 'CPU can write to it with any opcode= s'. >> Depending on whatever pte_write() is, copy-on-write code can be adjusted >> accordingly. >=20 > Can be? >=20 > I think you should exclude shadow stack pages from being writable > and treat them as read-only. How the CPU writes them is immaterial - > pte/pmd_write() is used by normal kernel code to query whether the page > is writable or not by any instruction - not by the CPU. >=20 > And since normal kernel code cannot write shadow stack pages, then for > that code those pages are read-only. >=20 > If special kernel code using shadow stack management insns needs > to modify a shadow stack, then it can check whether a page is > pte/pmd_shstk() but that code is special anyway. >=20 > Hell, a shadow stack page is (Write=3D0, Dirty=3D1) so calling it writable= > ^^^^^^^ > is simply wrong. But it *is* writable using WRUSS, and it=E2=80=99s also writable by CALL, WR= SS, etc. Now if the mm code tries to write protect it and expects sensible semantics,= the results could be interesting. At the very least, someone would need to v= alidate that RET reading a read only shadow stack page does the right thing.= >=20 > Thx. >=20 > --=20 > Regards/Gruss, > Boris. >=20 > https://people.kernel.org/tglx/notes-about-netiquette