lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 02 Aug 2018 15:58:35 -0700
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     linux-kernel@...r.kernel.org
Cc:     Dave Hansen <dave.hansen@...ux.intel.com>, keescook@...gle.com,
        tglx@...utronix.de, mingo@...nel.org, aarcange@...hat.com,
        jgross@...e.com, jpoimboe@...hat.com, gregkh@...uxfoundation.org,
        peterz@...radead.org, hughd@...gle.com,
        torvalds@...ux-foundation.org, bp@...en8.de, luto@...nel.org,
        ak@...ux.intel.com
Subject: [PATCH 7/7] x86/mm/pageattr: Remove implicit NX behavior


From: Dave Hansen <dave.hansen@...ux.intel.com>

This is a cleanup.  There should be functional changes in this patch.

The pageattr code has the ability to find and change aliases
mappings.  It does this for requests by default unless the
page protections being modified contain only the NX bit.

But, this behavior is rather obscure and buried very deep
within the infrastructure.  Rather than doing it implicitly
from NX, use the new CPA_NO_CHECK_ALIAS to do it more
explicitly from the call site where NX is set.

Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Kees Cook <keescook@...gle.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...nel.org>
Cc: Andrea Arcangeli <aarcange@...hat.com>
Cc: Juergen Gross <jgross@...e.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Hugh Dickins <hughd@...gle.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Andi Kleen <ak@...ux.intel.com>
---

 b/arch/x86/mm/pageattr.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff -puN arch/x86/mm/pageattr.c~x86-pageattr-nx arch/x86/mm/pageattr.c
--- a/arch/x86/mm/pageattr.c~x86-pageattr-nx	2018-08-02 15:04:48.032475796 -0700
+++ b/arch/x86/mm/pageattr.c	2018-08-02 15:04:48.036475796 -0700
@@ -1485,8 +1485,6 @@ static int change_page_attr_set_clr(unsi
 	if (in_flag & (CPA_ARRAY | CPA_PAGES_ARRAY))
 		cpa.flags |= in_flag;
 
-	/* No alias checking for _NX bit modifications */
-	checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX;
 	/* Never check aliases if the caller asks for it explicitly: */
 	if (checkalias && (in_flag & CPA_NO_CHECK_ALIAS))
 		checkalias = 0;
@@ -1750,7 +1748,9 @@ int set_memory_x(unsigned long addr, int
 	if (!(__supported_pte_mask & _PAGE_NX))
 		return 0;
 
-	return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_NX), 0);
+	/* NX is not required to be consistent across aliases. */
+	return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_NX),
+				      CPA_NO_CHECK_ALIAS);
 }
 EXPORT_SYMBOL(set_memory_x);
 
@@ -1759,7 +1759,9 @@ int set_memory_nx(unsigned long addr, in
 	if (!(__supported_pte_mask & _PAGE_NX))
 		return 0;
 
-	return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_NX), 0);
+	/* NX is not required to be consistent across aliases. */
+	return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_NX),
+				    CPA_NO_CHECK_ALIAS);
 }
 EXPORT_SYMBOL(set_memory_nx);
 
_

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ