From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C632EC636CC for ; Mon, 13 Feb 2023 14:56:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D83B6B007B; Mon, 13 Feb 2023 09:56:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 160F66B007D; Mon, 13 Feb 2023 09:56:31 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 000DD6B007E; Mon, 13 Feb 2023 09:56:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id DC5F06B007B for ; Mon, 13 Feb 2023 09:56:30 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id A83AF1C62CA for ; Mon, 13 Feb 2023 14:56:30 +0000 (UTC) X-FDA: 80462569740.26.FBAF601 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf22.hostedemail.com (Postfix) with ESMTP id 59A45C0022 for ; Mon, 13 Feb 2023 14:56:27 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=hS+TfkJc; spf=pass (imf22.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676300187; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UcbvgdOnqyzXVAQogo/oCkD+sYlM47nFoe7fwRrExSo=; b=dH19mpwa8/X6JkceVZyGenSgfaDTdxW9BEaw42/6NgCnEU/+WQbEyGSZa3jvtzsiqz/CUp pmmVTOcqyFpZW/H+PkKKqEypC56vebnGjinh3+wzy/kb5TLm4rGk7y30RY//13XAeqjDM7 DYcUQqvv4z8V+43cl1OwhjJ3tny67Ao= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=hS+TfkJc; spf=pass (imf22.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676300187; a=rsa-sha256; cv=none; b=QRIxK+LucjrL4h8t96FdusxESZq/6NTCHboVIcP7SezZ4fIHTWViQ9LYPramxz3wzmhi/b ksaY49QAmZsEj+0JEQTuXMsHtxCsIM0fijQijGcO/+40ziUfV6sgy46uY2YDRyvG7Ngz/k CkmZIRY6+SUxT8oGIozMz3Nm3CgeL/U= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1676300186; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UcbvgdOnqyzXVAQogo/oCkD+sYlM47nFoe7fwRrExSo=; b=hS+TfkJcbEl3SBRsqWNqXMDEG2+xrfESdtZWPzM6u59AiiHWDbni2gc4aauP0ybGPjFIPg CtdGX2LiA23PDqQ3NtlBb7NXh4AnkJX+ctU4Znkwjf2Rv81NAyy5S4n3ol9hlTItQidGDL 13WlYKrLN9BEygn9ka8YZy2aZf6fhus= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-227-Ps6WcjMvMfi69Hi7a2ev0w-1; Mon, 13 Feb 2023 09:56:25 -0500 X-MC-Unique: Ps6WcjMvMfi69Hi7a2ev0w-1 Received: by mail-wr1-f71.google.com with SMTP id g8-20020a5d46c8000000b002c54a27803cso1635399wrs.22 for ; Mon, 13 Feb 2023 06:56:24 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UcbvgdOnqyzXVAQogo/oCkD+sYlM47nFoe7fwRrExSo=; b=pMsfn+g5FnU1rpXU/lO3WlLiv+BZfdgexpntCCQIREnniO34ejzb3YmciOhlJAZ0hu 0NGfUnvAKKbslvJpTF0ulrkGVzP2AHXVOC3yRD8Qb4q0uWiq5focYJrcUPddW8b20PHz dPa4lEYtR/0qesmoru9TzYEyng55f7zb7eT25AzI7cplvUZNFF5G8NFsMDj9/2e6rp+t i6YNs4rTGu1kmj5qZ3b4e41F0bk/Jc6zU8ngiiRBjF3sJaDpMUGqwlebR3wauoxPHRaN 5xwx4PwiwdPZcY4Jq/xYV1pcAp5bPjRcLBTH2c/XoF2tcigWcmKsS1/SEFudd7LttIyD 1tXA== X-Gm-Message-State: AO0yUKWVNhWXdohcDvTKgRDbQBJHoHp3byBy6iesK1pS8kg94ab0PQGp i3NoeK6vSL3m8jbHxAXZyusMg+JhnkHSOOPEII+/hepuQXtKbTQSiQ8mZzLWLnWNuET940b2SYl lP2h/9PbVRU4= X-Received: by 2002:adf:e5ce:0:b0:2c5:4d97:4a23 with SMTP id a14-20020adfe5ce000000b002c54d974a23mr6683045wrn.70.1676300183675; Mon, 13 Feb 2023 06:56:23 -0800 (PST) X-Google-Smtp-Source: AK7set/wp7iAqKD66CPLnH5FMLYm4u2nsJT3GTHCfZvBlZXNJR8IoCTQJqlclnW3q98J4QCVN7UwtQ== X-Received: by 2002:adf:e5ce:0:b0:2c5:4d97:4a23 with SMTP id a14-20020adfe5ce000000b002c54d974a23mr6683036wrn.70.1676300183412; Mon, 13 Feb 2023 06:56:23 -0800 (PST) Received: from ?IPV6:2003:cb:c705:6d00:5870:9639:1c17:8162? (p200300cbc7056d00587096391c178162.dip0.t-ipconnect.de. [2003:cb:c705:6d00:5870:9639:1c17:8162]) by smtp.gmail.com with ESMTPSA id g9-20020a5d5409000000b002c558228b6dsm3365811wrv.12.2023.02.13.06.56.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 13 Feb 2023 06:56:22 -0800 (PST) Message-ID: <7693247c-a55d-a375-3621-1b07115a9d99@redhat.com> Date: Mon, 13 Feb 2023 15:56:22 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [PATCH v1 RFC Zisslpcfi 11/20] mmu: maybe_mkwrite updated to manufacture shadow stack PTEs To: Deepak Gupta Cc: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Andrew Morton , linux-mm@kvack.org References: <20230213045351.3945824-1-debug@rivosinc.com> <20230213045351.3945824-12-debug@rivosinc.com> <2d6eefb8-c7c5-7d32-9a75-ae716f828cd9@redhat.com> <20230213143754.GC3943238@debug.ba.rivosinc.com> From: David Hildenbrand Organization: Red Hat In-Reply-To: <20230213143754.GC3943238@debug.ba.rivosinc.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 59A45C0022 X-Rspam-User: X-Stat-Signature: 35siedzmzt8tdzfe3uk4asieidzsjtfr X-HE-Tag: 1676300187-239623 X-HE-Meta: U2FsdGVkX1+QGLFhcLM1W2Qboy14AC/sLNe8MQPNaxvzM0ma6fV6M4GvUEWvuF+wwWg7t2QuYKP9B0LyOPodUlSapbPvgD53mx7OW+nARoPDXGKvQr0zu7r6yc6Enrw7gtigeiqx6e8i0F8ff4IZRMBofVM/ME30q+jAr4IVUx3HuLfkDEQ2T4g2lbMTq6C1DcqzmIREkm2GfSGpQ63APQBs+M8/HfeJM8KuWoVh1Sh2dZBrZE1a3bZFKt3nJeq/sy3yfLOCBB6ct1YcGazho1cPrtc06DjUUGUhF19xWPMbPbfTSFSIha17K6CIBrcrm4RMpmOwojES8w6iEZaMs+DSOaaT/+SyYKjX/YnRjb01S4To9rD99J1KstSvzOKaD+bt3JxPmG8LDCYbuR7FnOcz9EA3PZDypVQMonu3Bij5+5eq+jBajMtiP6LcH3OhucgsZY2iPVuWAmf5lXKLiE6bn+4ZfweZN/T17fTeOvA5FLyneHW8b6ePhkKIctviDS3rDJVZeKi8aIxJ5UYqXmzKS7HkGfRJntckvunhRpTJRyqcC3PSGDqkA6d1AWA2xMa/9wD4fe6rraKmohfBxVX26yDK+18PDy5sX/zSx8IUZ53FtE47tCHh4V8CfE1HWk+Qr9yfC/vYqUNEp9IkFwD40YRV1oOoUqk1WGrDWOuyyQYq0ReUvjn+TwTHo14vEnwSca9p+DHa2l147Dhg7QU45DcBGojhhV4RyBEap/6Nx8yc4xL2kiiOjoyBcAzYUwP9MvEcxX6izL2eHdpRZ5U6EG4TNGnq29eXWvuyIGX695Q5izl+6X9YLsCxz5bfr0UpI5y3E6bPGO731uz3AQUhHSHarwAILOD1x7o3o8/XobgTmaMpbRfyL3fFTNS12zvGEJL2BjaEPAujcU+Us6Jr/XwfHGT+c4aaui+x5edWbFj7DK1NKdNFZyZ/wrFUX+mXBGX3IqtkF9Lmegm dRvoR4Mm g8fMn3yYiGUF7ck26K6g5D9SZB659vA1cR49XjJzAVft3koS36sa4CiImlZ4Mm60J9NRdE9Yr+Vt9ESfrXA1L42su9ZWENiYGccweaSzyo2pfG5IlC3jaaJcUKCwgfMssJbAvbV/nqUT8lP8427G2tRVIuan3XIayVY/QIve/PDxvVdXI2C4v/rTosIzsx9AhF6+GDhMXG2j3uTLNb6Vw+kFNA7KfqsfSGaA96tFNnjoRUJSnH4dlhASt2EACT7Vg9AYvGZXNQYxsRPJR/7sCi1qqABW8I1goMey2g9gphXZh0H9boJXZz1sCb34KJ3vt7V+ibNqFn9w6jGPt0W9g9wnhtY6t1xqyFLqkP9xxSI2u8xUtvn/KnXfDw+2uToUk/ugdkgf/FBTAMDyW2BKettvMWoPiU8L/+Q4bt6YMZiYSsMyE7W0LQnT0GAfbEu7keu7tJyKlgBURAPpJJCoMGA6L7omMGEhuOoNpsOXJiihWmrQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 13.02.23 15:37, Deepak Gupta wrote: > On Mon, Feb 13, 2023 at 01:05:16PM +0100, David Hildenbrand wrote: >> On 13.02.23 05:53, Deepak Gupta wrote: >>> maybe_mkwrite creates PTEs with WRITE encodings for underlying arch if >>> VM_WRITE is turned on in vma->vm_flags. Shadow stack memory is a write- >>> able memory except it can only be written by certain specific >>> instructions. This patch allows maybe_mkwrite to create shadow stack PTEs >>> if vma is shadow stack VMA. Each arch can define which combination of VMA >>> flags means a shadow stack. >>> >>> Additionally pte_mkshdwstk must be provided by arch specific PTE >>> construction headers to create shadow stack PTEs. (in arch specific >>> pgtable.h). >>> >>> This patch provides dummy/stub pte_mkshdwstk if CONFIG_USER_SHADOW_STACK >>> is not selected. >>> >>> Signed-off-by: Deepak Gupta >>> --- >>> include/linux/mm.h | 23 +++++++++++++++++++++-- >>> include/linux/pgtable.h | 4 ++++ >>> 2 files changed, 25 insertions(+), 2 deletions(-) >>> >>> diff --git a/include/linux/mm.h b/include/linux/mm.h >>> index 8f857163ac89..a7705bc49bfe 100644 >>> --- a/include/linux/mm.h >>> +++ b/include/linux/mm.h >>> @@ -1093,6 +1093,21 @@ static inline unsigned long thp_size(struct page *page) >>> void free_compound_page(struct page *page); >>> #ifdef CONFIG_MMU >>> + >>> +#ifdef CONFIG_USER_SHADOW_STACK >>> +bool arch_is_shadow_stack_vma(struct vm_area_struct *vma); >>> +#endif >>> + >>> +static inline bool >>> +is_shadow_stack_vma(struct vm_area_struct *vma) >>> +{ >>> +#ifdef CONFIG_USER_SHADOW_STACK >>> + return arch_is_shadow_stack_vma(vma); >>> +#else >>> + return false; >>> +#endif >>> +} >>> + >>> /* >>> * Do pte_mkwrite, but only if the vma says VM_WRITE. We do this when >>> * servicing faults for write access. In the normal case, do always want >>> @@ -1101,8 +1116,12 @@ void free_compound_page(struct page *page); >>> */ >>> static inline pte_t maybe_mkwrite(pte_t pte, struct vm_area_struct *vma) >>> { >>> - if (likely(vma->vm_flags & VM_WRITE)) >>> - pte = pte_mkwrite(pte); >>> + if (likely(vma->vm_flags & VM_WRITE)) { >>> + if (unlikely(is_shadow_stack_vma(vma))) >>> + pte = pte_mkshdwstk(pte); >>> + else >>> + pte = pte_mkwrite(pte); >>> + } >>> return pte; >> >> Exactly what we are trying to avoid in the x86 approach right now. >> Please see the x86 series on details, we shouldn't try reinventing the >> wheel but finding a core-mm approach that fits multiple architectures. >> >> https://lkml.kernel.org/r/20230119212317.8324-1-rick.p.edgecombe@intel.com > > Thanks David for comment here. I looked at x86 approach. This patch > actually written in a way which is not re-inventing wheel and is following > a core-mm approach that fits multiple architectures. > > Change above checks `is_shadow_stack_vma` and if it returns true then only > it manufactures shadow stack pte else it'll make a regular writeable mapping. > > Now if we look at `is_shadow_stack_vma` implementation, it returns false if > `CONFIG_USER_SHADOW_STACK` is not defined. If `CONFIG_USER_SHADOW_STACK is > defined then it calls `arch_is_shadow_stack_vma` which should be implemented > by arch specific code. This allows each architecture to define their own vma > flag encodings for shadow stack (riscv chooses presence of only `VM_WRITE` > which is analogous to choosen PTE encodings on riscv W=1,R=0,X=0) > > Additionally pte_mkshdwstk will be nop if not implemented by architecture. > > Let me know if this make sense. If I am missing something here, let me know. See the discussion in that thread. The idea is to pass a VMA to pte_mkwrite() and let it handle how to actually set it writable. -- Thanks, David / dhildenb