Re: [RFC PATCH v2 15/27] mm/mprotect: Prevent mprotect from changing shadow stack

From: Dave Hansen
Date: Wed Jul 11 2018 - 12:22:32 EST

Next message: Linus Torvalds: "Re: [PATCH v35 1/5] mm: support to get hints of free page blocks"
Previous message: Alexandre Bailon: "Re: [PATCH v6 1/8] interconnect: Add generic on-chip interconnect API"
In reply to: Yu-cheng Yu: "Re: [RFC PATCH v2 15/27] mm/mprotect: Prevent mprotect from changing shadow stack"
Next in thread: Yu-cheng Yu: "[RFC PATCH v2 12/27] x86/mm: Shadow stack page fault error checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/11/2018 09:07 AM, Yu-cheng Yu wrote:
>> Why do we need to disallow this? AFAICT the worst that can happen is
>> that a process wrecks itself, so what?
> Agree. ÂI will remove the patch.

No so quick. :)

We still need to find out a way to handle things that ask for an
mprotect() which is incompatible with shadow stacks. PROT_READ without
PROT_WRITE comes to mind. We also need to be careful that we don't
copy-on-write/copy-on-access pages which fault on PROT_NONE. I *think*
it'll get done correctly but we have to be sure.

BTW, where are all the selftests for this code? We're slowly building
up a list of pathological things that need to get tested.

I don't think this can or should get merged before we have selftests.

Next message: Linus Torvalds: "Re: [PATCH v35 1/5] mm: support to get hints of free page blocks"
Previous message: Alexandre Bailon: "Re: [PATCH v6 1/8] interconnect: Add generic on-chip interconnect API"
In reply to: Yu-cheng Yu: "Re: [RFC PATCH v2 15/27] mm/mprotect: Prevent mprotect from changing shadow stack"
Next in thread: Yu-cheng Yu: "[RFC PATCH v2 12/27] x86/mm: Shadow stack page fault error checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]