lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 15 Dec 2017 16:01:45 -0800
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>,
        tglx@...utronix.de, luto@...nel.org, bp@...e.de, brgerst@...il.com,
        dvlasenk@...hat.com, hpa@...or.com, jpoimboe@...hat.com,
        torvalds@...ux-foundation.org, peterz@...radead.org,
        riel@...hat.com
Subject: [PATCH] x86/kpti: WARN if kernel memory mapped to userspace is non-global


From: Dave Hansen <dave.hansen@...ux.intel.com>

All memory being mapped out to userspace is shared.  That means that
it is both safe and _expected_ to have the page table Global bit set.

If a PMD is found without Global set, it either a place that could be
performing better, or something unexpected is being mapped out to
userspace.  Both of those are things for which a warning is good.

Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Borislav Petkov <bp@...e.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Rik van Riel <riel@...hat.com>
---

 b/arch/x86/mm/kpti.c |    3 +++
 1 file changed, 3 insertions(+)

diff -puN arch/x86/mm/kpti.c~kaiser-set-global-in-kernel-for-shared arch/x86/mm/kpti.c
--- a/arch/x86/mm/kpti.c~kaiser-set-global-in-kernel-for-shared	2017-12-15 09:47:52.884717268 -0800
+++ b/arch/x86/mm/kpti.c	2017-12-15 10:00:39.134715357 -0800
@@ -157,6 +157,9 @@ kpti_clone_pmds(unsigned long start, uns
 		if (WARN_ON(!target_pmd))
 			return;
 
+		/* Only clone PMDs which we *intend* to share: */
+		WARN_ON_ONCE(!(pmd_flags(*target_pmd) & _PAGE_GLOBAL));
+
 		/*
 		 * Copy the PMD.  That is, the kernelmode and usermode
 		 * tables will share the last-level page tables of this
_

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ