proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-01-09 19:17:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
00547ef73f
mirror_ubuntu-kernels/include
History
Rick Edgecombe e5136e8765 mm: Warn on shadow stack memory in wrong vma 
The x86 Control-flow Enforcement Technology (CET) feature includes a new
type of memory called shadow stack. This shadow stack memory has some
unusual properties, which requires some core mm changes to function
properly.

One sharp edge is that PTEs that are both Write=0 and Dirty=1 are
treated as shadow by the CPU, but this combination used to be created by
the kernel on x86. Previous patches have changed the kernel to now avoid
creating these PTEs unless they are for shadow stack memory. In case any
missed corners of the kernel are still creating PTEs like this for
non-shadow stack memory, and to catch any re-introductions of the logic,
warn if any shadow stack PTEs (Write=0, Dirty=1) are found in non-shadow
stack VMAs when they are being zapped. This won't catch transient cases
but should have decent coverage.

In order to check if a PTE is shadow stack in core mm code, add two arch
breakouts arch_check_zapped_pte/pmd(). This will allow shadow stack
specific code to be kept in arch/x86.

Only do the check if shadow stack is supported by the CPU and configured
because in rare cases older CPUs may write Dirty=1 to a Write=0 CPU on
older CPUs. This check is handled in pte_shstk()/pmd_shstk().

Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
Tested-by: Pengfei Xu <pengfei.xu@intel.com>
Tested-by: John Allen <john.allen@amd.com>
Tested-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/all/20230613001108.3040476-18-rick.p.edgecombe%40intel.com
2023-07-11 14:12:19 -07:00
..
acpi More ACPI updates for 6.5-rc1 2023-07-06 22:25:06 -07:00
asm-generic mm: Rename arch pte_mkwrite()'s to pte_mkwrite_novma() 2023-07-11 14:10:56 -07:00
clocksource
crypto This update includes the following changes: 2023-06-30 21:27:13 -07:00
drm
dt-bindings Another set of clk driver updates and fixes for the merge window. The 2023-07-04 11:07:45 -07:00
keys KEYS: Add forward declaration in asymmetric-parser.h 2023-06-23 16:15:37 +08:00
kunit
kvm Common KVM changes for 6.5: 2023-07-01 07:07:55 -04:00
linux mm: Warn on shadow stack memory in wrong vma 2023-07-11 14:12:19 -07:00
math-emu
media media updates for v6.5-rc1 2023-07-05 10:42:32 -07:00
memory
misc
net Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
pcmcia
ras
rdma rdma: fix INFINIBAND_USER_ACCESS dependency 2023-07-03 16:55:04 -07:00
rv
scsi SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
soc Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
sound ASoC: Updates for v6.5 2023-06-26 15:38:02 +02:00
target SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
trace Including fixes from bluetooth, bpf and wireguard. 2023-07-05 15:44:45 -07:00
uapi hardening fixes for v6.5-rc1 2023-07-08 12:08:39 -07:00
ufs SCSI misc on 20230629 2023-06-30 11:57:07 -07:00
vdso
video sticon/parisc: Fix STI console on 64-bit only machines 2023-06-30 17:14:14 +02:00
xen x86: xen: add missing prototypes 2023-06-26 07:47:11 +02:00