Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp169463imm; Thu, 30 Aug 2018 11:00:01 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYe7LHBpmndKtb4hHxuP7VQmt6RjZwuvC5UzNrcSjeVnkRQIysEdTZOIRDHnmNjkSwLcUJ7 X-Received: by 2002:aa7:8118:: with SMTP id b24-v6mr11646095pfi.78.1535652001756; Thu, 30 Aug 2018 11:00:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535652001; cv=none; d=google.com; s=arc-20160816; b=S4EsWLY995nWsuGG4qHFdAL0PinmvsBsm9fup+CKeRkwxGvp2hZH6l+zDc6mTUSebC Y6NtjGLheKQGkJS0tUVIvlKwxnKC6WaZDrvYqeD54aSQgPCNqejpQcrQMdjcK/GnEEkX Sowr9SOh0fHWAZ61Fe5+Yfx+7qkncmGKYTbc52+upladenube40LriiEXYKfb5LLcTJv w9Vqni659UY2JJJAptscCIgd1RNQDTANuY+4c3zZlXySoye3VpAHgqG2gs9cfSpB6N7N qVQHCZVvxwoL2X1h15dccTW17iljCBvMvOoaVGSJ6FYZUq6VFgZgMeyvWFcTDTx6w7EV THVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :arc-authentication-results; bh=Wz+yyrJpgRQFHoaT+AXUCSDsHvY0iTPHMl04Glg/wRE=; b=qc14sDIQ9kiDWYjhisZWqICijbf8Ta48NtxMOO7eZN1gwMD5FTT2GgEtRKIoEYnQ1r 2PozOVT4rqfJMY7RvmJea1scs0YAwUEjkvVsJVW3xIh+ATS2CxFYGGvIDn8d10vAofZr ICd97ugD3nUhacaYKhbfUSvZh7AmcsnwpLoLvqKilFR8QlArcJCM/ifVNu9LPEOWoYmT cL8MzSiQfClFfqQadDRKBZ1cU2E7bujPAdl4YHM8eugHfTrgZiPDJ8LWGInDUmDSZABW svprSNRrUqpbX8isIHLl3jUUW694o0NSvkIBX4Wvh4hmPTEGv0KHC1XUkxgtiezEu8ry bQCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s71-v6si7313145pfa.367.2018.08.30.10.59.46; Thu, 30 Aug 2018 11:00:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727228AbeH3WCA (ORCPT + 99 others); Thu, 30 Aug 2018 18:02:00 -0400 Received: from mga06.intel.com ([134.134.136.31]:45764 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726959AbeH3WB7 (ORCPT ); Thu, 30 Aug 2018 18:01:59 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Aug 2018 10:58:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,307,1531810800"; d="scan'208";a="69138882" Received: from 2b52.sc.intel.com ([143.183.136.52]) by orsmga007.jf.intel.com with ESMTP; 30 Aug 2018 10:58:40 -0700 Message-ID: <1535651666.27823.6.camel@intel.com> Subject: Re: [RFC PATCH v3 12/24] x86/mm: Modify ptep_set_wrprotect and pmdp_set_wrprotect for _PAGE_DIRTY_SW From: Yu-cheng Yu To: Dave Hansen , Jann Horn Cc: the arch/x86 maintainers , "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , kernel list , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Cyrill Gorcunov , Florian Weimer , hjl.tools@gmail.com, Jonathan Corbet , keescook@chromiun.org, Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , ravi.v.shankar@intel.com, vedvyas.shanbhogue@intel.com Date: Thu, 30 Aug 2018 10:54:26 -0700 In-Reply-To: <33d45a12-513c-eba2-a2de-3d6b630e928e@linux.intel.com> References: <20180830143904.3168-1-yu-cheng.yu@intel.com> <20180830143904.3168-13-yu-cheng.yu@intel.com> <079a55f2-4654-4adf-a6ef-6e480b594a2f@linux.intel.com> <1535649960.26689.15.camel@intel.com> <33d45a12-513c-eba2-a2de-3d6b630e928e@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2018-08-30 at 10:33 -0700, Dave Hansen wrote: > On 08/30/2018 10:26 AM, Yu-cheng Yu wrote: > > > > We don't have the guard page now, but there is a shadow stack > > token > > there, which cannot be used as a return address. > The overall concern is that we could overflow into a page that we > did > not intend.  Either another actual shadow stack or something that a > page > that the attacker constructed, like the transient scenario Jann > described. > A task could go beyond the bottom of its shadow stack by doing either 'ret' or 'incssp'.  If it is the 'ret' case, the token prevents it.  If it is the 'incssp' case, a guard page cannot prevent it entirely, right? Yu-cheng