| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Apr 2007 17:45:07 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: "H. Peter Anvin" <hpa@...or.com>, Andrew Morton <akpm@...ux-foundation.org>, Andi Kleen <ak@...e.de>, Zachary Amsden <zach@...are.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] i386: For debugging, make the initial page table setup less forgiving. Jeremy Fitzhardinge <jeremy@...p.org> writes: > Eric W. Biederman wrote: >> No. Please just remove the conditionals on the leaf pages. >> > > So, to be specific, you mean make updating the pte_t entries (and pmd_t > entries which refer to hugepages) entries unconditional? I mean make updating pte_t and pmd_t entries that refer to identity mapped physical pages unconditional. >> We know exactly what we require them to be, there is minimal >> cost and no downside to just setting the pte entries to >> what we want them to be for the identity mapping. >> >> It doesn't make sense for paravirtualization or anything else to >> influence that. >> >> This may be redoing work that has been done before but it is >> doing it all one common place. >> > > The issue is not a matter of avoiding duplicate work, but making sure > all the pagetables are consistent from Xen's perspective. > > Specifically, you may not ever, at any time, create a writable mapping > of a page which is currently part of an active pagetable. This means > that when we're creating mappings of physical memory, the pages which > are part of the current pagetable must be mapped RO. The easiest way I > found to guarantee that is to copy the Xen-provided pagetable as a > template, and only update pages which are missing. Hmm. I now see your problem. > The other way I could do this is to have special-purpose init-time > version of xen_set_pte which checks to see if it's making a RO mapping > RW, and refuse to do it. That would minimize the changes to mm/init.c, > but give init-time set_pte rather unexpected hidden semantics. Yes. However how do we handle attempting to create this kind of mapping when mmap /dev/mem? or /dev/kmem? I'm pretty certain there are other paths through the kernel where we can get page table mapping. Right now by leaving things read-only you are hiding from the kernel what you are really trying to do. That makes me distinctly uncomfortable. In general when things get swept under the rug we can never handle the properly. Although this issue may be small enough it doesn't matter. I suspect what we want to do is come up with a function to call to test to see if a page should be read-only and map such pages _PAGE_KERNEL_RO, or _PAGE_KERNEL_RO_EXEC if it's code. Speaking of things what are paravirt_alloc_pd and parafirt_alloc_pd supposed to do? Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists