Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp683640pxb; Wed, 3 Feb 2021 15:18:28 -0800 (PST) X-Google-Smtp-Source: ABdhPJyw99LU9L2lA0LuPlaqTnVmi/V9Zr+3MtLhlfMupRj2XWHr2LxT/5XX84lGV0ywfFS5WXJ4 X-Received: by 2002:a17:906:7d4f:: with SMTP id l15mr5345633ejp.95.1612394308767; Wed, 03 Feb 2021 15:18:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612394308; cv=none; d=google.com; s=arc-20160816; b=RVz+1B0QEd85AWqhww0JqxDamynSZ0Z1zqRB9aUHzcoNCQWE5Cjbk8hFNWnuNZTWkI +E+ZP/khoqMPDSK42/+3AJXo6gAx803InRiZYk+oZYjk5eDO4/CPx/FcuU8zu9oKFNvh vjvRTEEdTMSX/2WjoSi8qwZvQqPkBr5W5+KK3pxkVXNU2ed6hJM/h5ZjDqP5FoFvg6JM QI0qB+txTAcz9K31/byePQTG+Pmd80ZeTF2Xd7PtQuj8e/GPRQMWtTiuQ1n1UXio1bf+ xp2IjASH8GLx2ebJyckD7ic+OUQlC6QAqpAuKn8MYD27+2bh3aIo2L9aDBWuqeWu6sN6 goJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=qGadpDfwRJWpC2VMvtXx4M7Wdq4gbXDmZPtDFWMlmP8=; b=mjwmHuSbUSus7k2PztKN3omGAfBFz2Vc3Yh/fYZTCQR1kCF2k+F4pvxuBQB3ZDAQAl aCWT4eHUq4fe3sJMIa+fzCGhhQFU/NOX1nGN4ufZ4ngCp8bcWbEVtqxUJfPhTca74Kit 55TKcswugqdpyU21bBjb8wc4kOP53WL/G9VtidHIlv8dSzsvPLLrg27X0ZcZmocUXVyv feRErLfWgox6TZn7egR2hmLubNZcuCDB/HkxwTvl2bsgbf68qmICBHyuOwDA8oALPOLb VZzAmzzYomJTZ2MYkWkE84oee3JQpzQ+/gpgR6VhqjJcJv1RBBCZMNEnJ03cscY+fqiC Eg7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t1si2318788ejd.359.2021.02.03.15.18.04; Wed, 03 Feb 2021 15:18:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233645AbhBCXQY (ORCPT + 99 others); Wed, 3 Feb 2021 18:16:24 -0500 Received: from mga06.intel.com ([134.134.136.31]:30210 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233178AbhBCW6U (ORCPT ); Wed, 3 Feb 2021 17:58:20 -0500 IronPort-SDR: p4sagMfNC4U9Gstkrf1LH1uhLTlFRf6z90CZfTOMYVVdPcTmSKG+8rLOVmlcolN3C76qK3GNdU m2pIcBdvgedA== X-IronPort-AV: E=McAfee;i="6000,8403,9884"; a="242642363" X-IronPort-AV: E=Sophos;i="5.79,399,1602572400"; d="scan'208";a="242642363" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2021 14:56:28 -0800 IronPort-SDR: woT7ayVHYuWM03LADVTzdACqpwb/TVH7VKnOOcjPAWpYki3RKqO73cQNkg45cOFD5UygRlUxzD XQjL1FzdqGWQ== X-IronPort-AV: E=Sophos;i="5.79,399,1602572400"; d="scan'208";a="507921122" Received: from yyu32-desk.sc.intel.com ([143.183.136.146]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Feb 2021 14:56:27 -0800 From: Yu-cheng Yu To: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang , Pengfei Xu Cc: Yu-cheng Yu Subject: [PATCH v19 14/25] x86/mm: Update maybe_mkwrite() for shadow stack Date: Wed, 3 Feb 2021 14:55:36 -0800 Message-Id: <20210203225547.32221-15-yu-cheng.yu@intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20210203225547.32221-1-yu-cheng.yu@intel.com> References: <20210203225547.32221-1-yu-cheng.yu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When serving a page fault, maybe_mkwrite() makes a PTE writable if its vma has VM_WRITE. A shadow stack vma has VM_SHSTK. Its PTEs have _PAGE_DIRTY, but not _PAGE_WRITE. In fork(), _PAGE_DIRTY is cleared to effect copy-on-write, and in page fault, _PAGE_DIRTY is restored and the shadow stack page is writable again. Update maybe_mkwrite() by introducing arch_maybe_mkwrite(), which sets _PAGE_DIRTY for a shadow stack PTE. Apply the same changes to maybe_pmd_mkwrite(). Signed-off-by: Yu-cheng Yu --- arch/x86/Kconfig | 4 ++++ arch/x86/mm/pgtable.c | 18 ++++++++++++++++++ include/linux/mm.h | 2 ++ include/linux/pgtable.h | 24 ++++++++++++++++++++++++ mm/huge_memory.c | 2 ++ 5 files changed, 50 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 074b3c0e6bf6..35de64559a59 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1954,6 +1954,9 @@ config X86_SGX config ARCH_HAS_SHADOW_STACK def_bool n +config ARCH_MAYBE_MKWRITE + def_bool n + config X86_CET prompt "Intel Control-flow protection for user-mode" def_bool n @@ -1961,6 +1964,7 @@ config X86_CET depends on AS_WRUSS select ARCH_USES_HIGH_VMA_FLAGS select ARCH_HAS_SHADOW_STACK + select ARCH_MAYBE_MKWRITE help Control-flow protection is a set of hardware features which place additional restrictions on indirect branches. These help diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index f6a9e2e36642..0f4fbf51a9fc 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -610,6 +610,24 @@ int pmdp_clear_flush_young(struct vm_area_struct *vma, } #endif +#ifdef CONFIG_ARCH_MAYBE_MKWRITE +pte_t arch_maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) +{ + if (likely(vma->vm_flags & VM_SHSTK)) + pte = pte_mkwrite_shstk(pte); + return pte; +} + +#ifdef CONFIG_TRANSPARENT_HUGEPAGE +pmd_t arch_maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma) +{ + if (likely(vma->vm_flags & VM_SHSTK)) + pmd = pmd_mkwrite_shstk(pmd); + return pmd; +} +#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +#endif /* CONFIG_ARCH_MAYBE_MKWRITE */ + /** * reserve_top_address - reserves a hole in the top of kernel address space * @reserve - size of hole to reserve diff --git a/include/linux/mm.h b/include/linux/mm.h index 7be5f8b874aa..abd756e426fc 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -993,6 +993,8 @@ static inline pte_t maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) { if (likely(vma->vm_flags & VM_WRITE)) pte = pte_mkwrite(pte); + else + pte = arch_maybe_mkwrite(pte, vma); return pte; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index 8fcdfa52eb4b..d8452218d09b 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1439,6 +1439,30 @@ static inline bool arch_has_pfn_modify_check(void) } #endif /* !_HAVE_ARCH_PFN_MODIFY_ALLOWED */ +#ifdef CONFIG_MMU +#ifdef CONFIG_ARCH_MAYBE_MKWRITE +pte_t arch_maybe_mkwrite(pte_t pte, struct vm_area_struct *vma); + +#ifdef CONFIG_TRANSPARENT_HUGEPAGE +pmd_t arch_maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma); +#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ + +#else /* !CONFIG_ARCH_MAYBE_MKWRITE */ +static inline pte_t arch_maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) +{ + return pte; +} + +#ifdef CONFIG_TRANSPARENT_HUGEPAGE +static inline pmd_t arch_maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma) +{ + return pmd; +} +#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ + +#endif /* CONFIG_ARCH_MAYBE_MKWRITE */ +#endif /* CONFIG_MMU */ + /* * Architecture PAGE_KERNEL_* fallbacks * diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 9237976abe72..bfec65c9308b 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -478,6 +478,8 @@ pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma) { if (likely(vma->vm_flags & VM_WRITE)) pmd = pmd_mkwrite(pmd); + else + pmd = arch_maybe_pmd_mkwrite(pmd, vma); return pmd; } -- 2.21.0