From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 150B3C7EE2E for ; Mon, 27 Feb 2023 22:55:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7C35E6B0075; Mon, 27 Feb 2023 17:55:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 772B16B007E; Mon, 27 Feb 2023 17:55:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 613836B0080; Mon, 27 Feb 2023 17:55:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4D9CF6B0075 for ; Mon, 27 Feb 2023 17:55:06 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 18ADB1205FF for ; Mon, 27 Feb 2023 22:55:06 +0000 (UTC) X-FDA: 80514579012.02.D6723AA Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf30.hostedemail.com (Postfix) with ESMTP id BBCE980004 for ; Mon, 27 Feb 2023 22:55:02 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jkyfoc7W; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677538503; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oNi6mfEbmP/vFHqH7MNrcb1hzS4qKjn0LsQ+6mder/s=; b=Wtc97ZCZtS+M/CidM54c3JwDtWW2JG+iGm8amCmnSrQUemvQwigbCMCtCyVvaSrPWHWblv /S9HexnzdJ6nw9stnlg7xzS1bNX6yv+TmaHxiFgpncIJL1JTKlZBZ+iHq5Fv1y90dvGGny ADG3hs0QTmzyRCFReeUUnZNjv6P9b0k= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=jkyfoc7W; spf=pass (imf30.hostedemail.com: domain of kees@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=kees@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677538503; a=rsa-sha256; cv=none; b=D968MuXxjO1Nq+UPIG0XIp0ykYFC/F14Ayzda+dj6pcyZ92kZJDI1sxHT0ASnid5c29Rk+ bOKt+6Kpq1EgynydB2A+FUxlwtQlSFrrhi91C0bFbxOfbs5LzrTCu9fSj4XWryPJmhhBHj RgskYes55qvHgOfA61ANUT9OcUh4LDo= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 42C92CE1232; Mon, 27 Feb 2023 22:54:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C1E1C433EF; Mon, 27 Feb 2023 22:54:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1677538497; bh=oNi6mfEbmP/vFHqH7MNrcb1hzS4qKjn0LsQ+6mder/s=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=jkyfoc7WmIqGSDHAErhNPdiw90sU7qesTifylbE9t0zOFWxaIqUzgVNlxr26T6aGj gg4gsxsqemQKMK9uNyBOBd7Mxy1C15AangqA85eY910ebxHxZMjhxh744f0XV0BHSu neJ7cx6+uhnTFA2BEZd/FLvO7kNr2fAnnMB/MrCpEWKRptokU8CUr2d19sLQZwOLve eXaEIWymlZei8tzgHdzpURbXt9XW33FHI9WBmgbLpwmcxChUsusNlajirBTq6E3uN4 Cq5q42kwt2th5oj6cG3YsukWTzq2lrsIIqBRRPL9FbhUjxx7tS0Kd3oa475Sasg1Y7 dNlZiR56TrO1Q== Date: Mon, 27 Feb 2023 14:54:51 -0800 From: Kees Cook To: Rick Edgecombe , x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com CC: rick.p.edgecombe@intel.com Subject: =?US-ASCII?Q?Re=3A_=5BPATCH_v7_27/41=5D_x86/mm=3A_Warn_if?= =?US-ASCII?Q?_create_Write=3D0=2CDirty=3D1_with_raw_prot?= User-Agent: K-9 Mail for Android In-Reply-To: <20230227222957.24501-28-rick.p.edgecombe@intel.com> References: <20230227222957.24501-1-rick.p.edgecombe@intel.com> <20230227222957.24501-28-rick.p.edgecombe@intel.com> Message-ID: <4D6EB652-3271-485E-A15B-0AE0FA98DFC7@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: BBCE980004 X-Rspam-User: X-Stat-Signature: m8k76fjzt9yxzbt3xcpdo7ks8nba8iab X-HE-Tag: 1677538502-762092 X-HE-Meta: U2FsdGVkX1+HNFQ8u6GzEXK+svMSGhN38s328J5NroAC6OrgQDs9navyKoaD5EC+pwpmPOhKum4xEqV7BwVRwEnsvBfOPGzWTqJg8YV7RF4yKGmsW/pZhdc7PeqdMHQsx+Go/j3LqXRfaJCzEqpd5BtRyoYTRKz9sWjlyxsnzGNnNJ17jXqGmYzsfk+ueSPMBDo9VH56A5HldSbgDpOvcH5qudDSERWgDwMIl5uKifaEA+0DupORs5EXlXiWrXaB5BBeE8gSIIZpSfN2kMI7tFym5jlTJNLggPWCprmZH4eu9I9QVJ3qFWjeDwz3Ss2nHQLPPS9KQASbDW24n6uK4k6G65TKDE25cBnuWz7jBRs9y4H9jVzrb+iPjfbKsfJ56XTiS22sb+3cNaiF/kP0RKFQ9q9lw524yPqaIrQta2AnmpEwR1/SWJMM95W+Qn6r8lsOLSaklFdVJHTnn/EsWAWgXjdDW3nsP1aICPMBMD3jCHKSe39O/I9imuSpcMD78+13G/BK0X2XdEbzthnd8gu7Gy8OPyNv6leI9zOvEkOpeUY18Fm7YzSITsCCvPs9ZiEADAxYTbtMSbSRX+H2ZpgSpquiv4g+IiigS4EpSQ+7b8KtOsA2cMcXRO59vt1aL7XOqXs+vje8AaabplVaPra0ZoDmt3osF366AKQxTERWUH5nMnWzJi6ZuWIh0/JZFMiSVjt2icsEVO0fIH4Fks3JwOUxJEsxzuJsvqv5ApWWpkEAnggOgMR8yXtNFx7ePWZlgX5N2btrrCSUMR+Do4winxXVosfRF7oAfOOLzH9WGretUy1BoDy6AqXDOdi9AU+8Qvel3PQlTGg9EKc4GhcK+xGwsegDeJc7C1QyJUgKWTKJWMxO3UkrChbBMmEG/LX4Zhfc2ycMauj3moLzIH6yRGt2JG3pGK/aNIMG6H//wV04TLsqnuyJ5yVyEz2ioCr0az7I9ulIEzQEdeU ijYeAHu3 VN8hOrct3MeoESbU9xPliU/KDHXM2nC139Jf1fIjh5ANLIaYDL7whXJB1sFxUazY6yVlMy1gfB6infsjo0OorpklSZMwR+NA+iqHVTp3b5z35o+oNYHKjlF3kwiR2IYY9KY4F7VZoK3/KQJyRWYJrZPwUUvHJoRFCkDenkCeHOkw7wPgLJUfH9BXoIVk20Xy3orjryizGIlOs5DRI9/ptsiMlIE+4b8nvMzgSzP1fREvSozAiNU0G38ps5RMCv/Ww0+yHZtB1bMd4xZR4Bfj6oDOcniRVT1VrILqSTwOq7qV+OTjyu1sPN5AGWceFQ7nPKLfGXneyatN4VCyJOZMWBlSjmblBp17jJpccKqLGpm536Q43pSkRowTgjOcJ3wLfg4M1Pg1ntsMkKDNQQsC4X6F3HN+cXByexC2Us+w6RXn8k7xVKTXZKGkqz3+uc04rHBYn+AyvLjqbMPhbvYB+bI1KWmv5B+YoaypYV88yo/aVU5uYwiSe64APPzSR4UpHHT3O3K4e2bYumJEBB3FsIBLciTWwRRLQR8ZtMgv2Wm+++9QaBkeVcGCz8jZE+Qyvwlfcpqj2ijjrzxgimUGliMPGE0SIrjllVZ+1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On February 27, 2023 2:29:43 PM PST, Rick Edgecombe wrote: >When user shadow stack is use, Write=3D0,Dirty=3D1 is treated by the CPU = as >shadow stack memory=2E So for shadow stack memory this bit combination is >valid, but when Dirty=3D1,Write=3D1 (conventionally writable) memory is b= eing >write protected, the kernel has been taught to transition the Dirty=3D1 >bit to SavedDirty=3D1, to avoid inadvertently creating shadow stack >memory=2E It does this inside pte_wrprotect() because it knows the PTE is >not intended to be a writable shadow stack entry, it is supposed to be >write protected=2E > >However, when a PTE is created by a raw prot using mk_pte(), mk_pte() >can't know whether to adjust Dirty=3D1 to SavedDirty=3D1=2E It can't >distinguish between the caller intending to create a shadow stack PTE or >needing the SavedDirty shift=2E > >The kernel has been updated to not do this, and so Write=3D0,Dirty=3D1 >memory should only be created by the pte_mkfoo() helpers=2E Add a warning >to make sure no new mk_pte() start doing this=2E > >Tested-by: Pengfei Xu >Tested-by: John Allen >Tested-by: Kees Cook >Acked-by: Mike Rapoport (IBM) >Signed-off-by: Rick Edgecombe Reviewed-by: Kees Cook --=20 Kees Cook