On Wed, Feb 03, 2021 at 02:55:29PM -0800, Yu-cheng Yu wrote: > The x86 family of processors do not directly create read-only and Dirty > PTEs. These PTEs are created by software. One such case is that kernel > read-only pages are historically setup as Dirty. > > New processors that support Shadow Stack regard read-only and Dirty PTEs as > shadow stack pages. This results in ambiguity between shadow stack and > kernel read-only pages. To resolve this, removed Dirty from kernel read- > only pages.
Does this have any other side-effects? Otherwise, sure: Reviewed-by: Kees Cook <[email protected]> -Kees > > Signed-off-by: Yu-cheng Yu <[email protected]> > Cc: "H. Peter Anvin" <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Thomas Gleixner <[email protected]> > Cc: Dave Hansen <[email protected]> > Cc: Christoph Hellwig <[email protected]> > Cc: Andy Lutomirski <[email protected]> > Cc: Ingo Molnar <[email protected]> > Cc: Borislav Petkov <[email protected]> > Cc: Peter Zijlstra <[email protected]> > --- > arch/x86/include/asm/pgtable_types.h | 6 +++--- > arch/x86/mm/pat/set_memory.c | 2 +- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/include/asm/pgtable_types.h > b/arch/x86/include/asm/pgtable_types.h > index 394757ee030a..b8b79d618bbc 100644 > --- a/arch/x86/include/asm/pgtable_types.h > +++ b/arch/x86/include/asm/pgtable_types.h > @@ -194,10 +194,10 @@ enum page_cache_mode { > #define _KERNPG_TABLE (__PP|__RW| 0|___A| 0|___D| 0| > 0| _ENC) > #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) > #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) > -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) > -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) > +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) > +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) > #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| > 0|___G| __NC) > -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) > +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) > #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) > #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) > #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) > diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c > index 16f878c26667..6bebb95a6988 100644 > --- a/arch/x86/mm/pat/set_memory.c > +++ b/arch/x86/mm/pat/set_memory.c > @@ -1932,7 +1932,7 @@ int set_memory_nx(unsigned long addr, int numpages) > > int set_memory_ro(unsigned long addr, int numpages) > { > - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); > + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | > _PAGE_DIRTY), 0); > } > > int set_memory_rw(unsigned long addr, int numpages) > -- > 2.21.0 > -- Kees Cook
