lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 21 Sep 2007 13:15:40 -0700 (PDT)
From:	Christoph Lameter <clameter@....com>
To:	"Luck, Tony" <tony.luck@...el.com>
cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	"Siddha, Suresh B" <suresh.b.siddha@...el.com>,
	akpm@...ux-foundation.org, ak@...e.de,
	linux-kernel@...r.kernel.org,
	"Mallick, Asit K" <asit.k.mallick@...el.com>
Subject: RE: x86_64: potential critical issue with quicklists and page table
 pages

On Fri, 21 Sep 2007, Luck, Tony wrote:

> > The quicklists have a long history and this bug has therefore also been in 
> > IA64 for a long time and it also likely exists on sparc64, sh and sh64. We 
> > need the patch that I posted to fix the other platforms. And with this fix 
> > there would be nothing amiss on x86_64 either.
> 
> IA64 doesn't do a pgd>pud>pmd>pte table walk in h/w.  The VHPT leaps
> straight to the pte page (through the virtual mapping of the VHPT). So
> this wasn't a problem for IA64.

But this is concerning a page being freed before the TLB flush has been 
performed. Another process may then reuse the page and may rely on the 
fact that there is no TLB entry installed for the page that was just 
allocated. But there is still one there. The issues that result from this 
may be depend on the nature of each MMU.

Granted we usually install another TLB entry for the page mapping the page 
into a different address space and never use the old TLB. Which is likely 
the reason why we have never seen an issue before and also why this is 
probably difficult to cause any issues in the first place.

Plus this can only occur for off node pages, meaning this must involve a 
remote processor and the other processor is likely to have a completely 
different set of TLB entries.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ