lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 20 Feb 2009 12:37:31 -0500 (EST)
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Ingo Molnar <mingo@...e.hu>
cc:	Andrew Morton <akpm@...ux-foundation.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: [git pull v2] x86 page fault checker



Ingo,

I added your suggestion, and even tested it out. I cherry picked
a branch to remove your split_large fix, added this output, and then
added the changes that triggered the original bug. I got a very nasty 
warning, but the kernel resumed fine.

------------[ cut here ]------------
WARNING: at arch/x86/mm/fault.c:495 do_page_fault+0x2aa/0x890()
Hardware name: Precision WorkStation 470   
PMD has incorrect permission bits
[...]


Thanks,

-- Steve

Please pull the latest tip/x86/urgent tree, which can be found at:

  git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-2.6-trace.git
tip/x86/urgent


Steven Rostedt (1):
      x86: check PMD in spurious_fault handler

----
 arch/x86/mm/fault.c |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)
---------------------------
commit 3c3e5694add02e665bbbd0fecfbbdcc0b903097a
Author: Steven Rostedt <srostedt@...hat.com>
Date:   Thu Feb 19 11:46:36 2009 -0500

    x86: check PMD in spurious_fault handler
    
    Impact: fix to prevent hard lockup on bad PMD permissions
    
    If the PMD does not have the correct permissions for a page access,
    but the PTE does, the spurious fault handler will mistake the fault
    as a lazy TLB transaction. This will result in an infinite loop of:
    
     fault -> spurious_fault check (pass) -> return to code -> fault
    
    This patch adds a check and a warn on if the PTE passes the permissions
    but the PMD does not.
    
    [ Updated: Ingo Molnar suggested using WARN_ONCE with some text ]
    
    Signed-off-by: Steven Rostedt <srostedt@...hat.com>

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c76ef1d..278d645 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -455,6 +455,7 @@ static int spurious_fault(unsigned long address,
 	pud_t *pud;
 	pmd_t *pmd;
 	pte_t *pte;
+	int ret;
 
 	/* Reserved-bit violation or user access to kernel space? */
 	if (error_code & (PF_USER | PF_RSVD))
@@ -482,7 +483,17 @@ static int spurious_fault(unsigned long address,
 	if (!pte_present(*pte))
 		return 0;
 
-	return spurious_fault_check(error_code, pte);
+	ret = spurious_fault_check(error_code, pte);
+	if (!ret)
+		return 0;
+
+	/*
+	 * Make sure we have permissions in PMD
+	 * If not, then there's a bug in the page tables.
+	 */
+	ret = spurious_fault_check(error_code, (pte_t *) pmd);
+	WARN_ONCE(!ret, "PMD has incorrect permission bits\n");
+	return ret;
 }
 
 /*

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ