• Rick Edgecombe's avatar
    x86/mm: Start actually marking _PAGE_SAVED_DIRTY · bb3aadf7
    Rick Edgecombe authored
    The recently introduced _PAGE_SAVED_DIRTY should be used instead of the
    HW Dirty bit whenever a PTE is Write=0, in order to not inadvertently
    create shadow stack PTEs. Update pte_mk*() helpers to do this, and apply
    the same changes to pmd and pud. Since there is no x86 version of
    pte_mkwrite() to hold this arch specific logic, create one. Add it to
    x86/mm/pgtable.c instead of x86/asm/include/pgtable.h as future patches
    will require it to live in pgtable.c and it will make the diff easier
    for reviewers.
    
    Since CPUs without shadow stack support could create Write=0,Dirty=1
    PTEs, only return true for pte_shstk() if the CPU also supports shadow
    stack. This will prevent these HW creates PTEs as showing as true for
    pte_write().
    
    For pte_modify() this is a bit trickier. It takes a "raw" pgprot_t which
    was not necessarily created with any of the existing PTE bit helpers.
    That means that it can return a pte_t with Write=0,Dirty=1, a shadow
    stack PTE, when it did not intend to create one.
    
    Modify it to also move _PAGE_DIRTY to _PAGE_SAVED_DIRTY. To avoid
    creating Write=0,Dirty=1 PTEs, pte_modify() needs to avoid:
    1. Marking Write=0 PTEs Dirty=1
    2. Marking Dirty=1 PTEs Write=0
    
    The first case cannot happen as the existing behavior of pte_modify() is to
    filter out any Dirty bit passed in newprot. Handle the second case by
    shifting _PAGE_DIRTY=1 to _PAGE_SAVED_DIRTY=1 if the PTE was write
    protected by the pte_modify() call. Apply the same changes to pmd_modify().
    Co-developed-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
    Signed-off-by: default avatarYu-cheng Yu <yu-cheng.yu@intel.com>
    Signed-off-by: default avatarRick Edgecombe <rick.p.edgecombe@intel.com>
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Acked-by: default avatarMike Rapoport (IBM) <rppt@kernel.org>
    Tested-by: default avatarPengfei Xu <pengfei.xu@intel.com>
    Tested-by: default avatarJohn Allen <john.allen@amd.com>
    Tested-by: default avatarKees Cook <keescook@chromium.org>
    Link: https://lore.kernel.org/all/20230613001108.3040476-13-rick.p.edgecombe%40intel.com
    bb3aadf7
pgtable.h 40.4 KB