| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Mar 2016 09:56:36 +0800 From: Xiao Guangrong <guangrong.xiao@...ux.intel.com> To: Paolo Bonzini <pbonzini@...hat.com> Cc: gleb@...nel.org, mtosatti@...hat.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/4] KVM: MMU: fix permission_fault() On 03/30/2016 04:09 AM, Paolo Bonzini wrote: > > > On 29/03/2016 19:43, Xiao Guangrong wrote: >> Based on the SDM: >> PK flag (bit 5). >> This flag is 1 if (1) IA32_EFER.LMA = CR4.PKE = 1; (2) the access >> causing the page-fault exception was a data access; (3) the linear >> address was a user-mode address with protection key i; and (5) the PKRU >> register (see Section 4.6.2) is such that either (a) ADi = 1; or (b) the >> following all hold: (i) WDi = 1; (ii) the access is a write access; and >> (iii) either CR0.WP = 1 or the access causing the page-fault exception >> was a user-mode access. >> >> So I think PKEY check and ordinary check are independent, i.e, PFEC.PKEY >> may be set even if the on permission on the page table is not adequate. > > x86/access.flat is currently using the "other" definition, i.e., PFEC.PK > is only set if W=1 or CR0.WP=0 && PFEC.U=0 or PFEC.W=0. Can you use it > (with ept=1 of course) to check what the processor is doing? > Sure. And ept=1 is hard to trigger MMU issue, i am enabling PKEY on shadow MMU, let's see what will happen. ;)
Powered by blists - more mailing lists