Re: [PATCH] arm64: mm: force write fault for atomic RMW instructions

From: Yang Shi
Date: Fri May 17 2024 - 12:11:10 EST

Next message: Sean Christopherson: "Re: [PATCH] x86/kvm/tdx: Save %rbp in TDX_MODULE_CALL"
Previous message: Aurelien Aptel: "[PATCH] fs/fuse: use correct name fuse_conn_list in docstring"
Next in thread: Yang Shi: "Re: [PATCH] arm64: mm: force write fault for atomic RMW instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/14/24 3:53 AM, Catalin Marinas wrote:

On Mon, May 13, 2024 at 09:19:39PM -0600, Yang Shi wrote:

That said, I'm not keen on this kernel workaround. If openjdk decides to
improve some security and goes for PROT_EXEC-only mappings of its text
sections, the above trick will no longer work.

I noticed futex does replace insns. IIUC, the below sequence should
can do the trick for exec-only, right?

disable privileged
read insn with ldxr
enable privileged

Do you mean not using the unprivileged LDTR as in get_user()? You don't
even need an LDXR, just plain LDR but with the extable entry etc.

However, with PIE we got proper execute-only permission (not the kind of
fake one where we disabled the PTE_USER bit while keeping PTE_UXN as 0).
So the futex-style approach won't work unless we changed the PIE_E1
entry for _PAGE_EXECONLY to be PIE_R by the kernel.

I see. Thanks. Yes, I did see this works without PIE. As you said in the earlier email, exec-only is not that popular yet. I think we can just ignore it for now.

Next message: Sean Christopherson: "Re: [PATCH] x86/kvm/tdx: Save %rbp in TDX_MODULE_CALL"
Previous message: Aurelien Aptel: "[PATCH] fs/fuse: use correct name fuse_conn_list in docstring"
Next in thread: Yang Shi: "Re: [PATCH] arm64: mm: force write fault for atomic RMW instructions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]