lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  3 Jul 2018 13:52:25 +0200
From:   Joerg Roedel <joro@...tes.org>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>
Cc:     hpa@...or.com, Linus Torvalds <torvalds@...ux-foundation.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Andy Lutomirski <luto@...capital.net>,
        Borislav Petkov <bp@...en8.de>, Jiri Kosina <jkosina@...e.cz>,
        linux-kernel@...r.kernel.org,
        Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
        Joerg Roedel <jroedel@...e.de>
Subject: [PATCH 2/3] x86/pti: Call pti_init() after mark_readonly()

From: Joerg Roedel <jroedel@...e.de>

PTI init code clones some parts of the kernel mappings to the user-space
page-table. For the kernel and user-space page-table to be consistent,
the cloning should happen when the relevant parts of the kernel
page-table are finished, which is right after mark_readonly() returns.

Signed-off-by: Joerg Roedel <jroedel@...e.de>
---
 init/main.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/init/main.c b/init/main.c
index 3b4ada1..0b5d0f1 100644
--- a/init/main.c
+++ b/init/main.c
@@ -524,8 +524,6 @@ static void __init mm_init(void)
 	ioremap_huge_init();
 	/* Should be run before the first non-init thread is created */
 	init_espfix_bsp();
-	/* Should be run after espfix64 is set up. */
-	pti_init();
 }
 
 asmlinkage __visible void __init start_kernel(void)
@@ -1065,6 +1063,12 @@ static int __ref kernel_init(void *unused)
 	jump_label_invalidate_initmem();
 	free_initmem();
 	mark_readonly();
+	/*
+	 * Kernel text/rodata/data sections have the right protections
+	 * now. If necessary, init PTI and clone the relevant pieces
+	 * to the user-space page-table.
+	 */
+	pti_init();
 	system_state = SYSTEM_RUNNING;
 	numa_default_policy();
 
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ