| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Aug 2012 17:23:31 +0200 From: Andrea Arcangeli <aarcange@...hat.com> To: Benjamin Herrenschmidt <benh@...nel.crashing.org> Cc: Vaidyanathan Srinivasan <svaidy@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, linux-mm@...ck.org, Hillf Danton <dhillf@...il.com>, Dan Smith <danms@...ibm.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu>, Paul Turner <pjt@...gle.com>, Suresh Siddha <suresh.b.siddha@...el.com>, Mike Galbraith <efault@....de>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Lai Jiangshan <laijs@...fujitsu.com>, Bharata B Rao <bharata.rao@...il.com>, Lee Schermerhorn <Lee.Schermerhorn@...com>, Rik van Riel <riel@...hat.com>, Johannes Weiner <hannes@...xchg.org>, Srivatsa Vaddagiri <vatsa@...ux.vnet.ibm.com>, Christoph Lameter <cl@...ux.com>, Alex Shi <alex.shi@...el.com>, Mauricio Faria de Oliveira <mauricfo@...ux.vnet.ibm.com>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Don Morris <don.morris@...com>, Tony Breeds <tbreeds@....ibm.com>, Kumar Gala <galak@...nel.crashing.org> Subject: Re: [PATCH 33/36] autonuma: powerpc port Hi Benjamin, On Thu, Aug 23, 2012 at 03:11:00PM +1000, Benjamin Herrenschmidt wrote: > Basically PROT_NONE turns into _PAGE_PRESENT without _PAGE_USER for us. Maybe the simplest is to implement pte_numa as !_PAGE_USER too. No need to clear the _PAGE_PRESENT bit and to alter pte_present() if clearing _PAGE_USER already achieves it. It should be trivial to add the vma parameter to pte_numa(pte, vma) so you can implement pte_numa by checking the vma->vm_page_prot in the inline pte_numa function, to be able to tell if it's a real prot none (in which case pte_numa return false) or if it's the NUMA hinting page fault. In the latter case pte_numa will return true. > However, the embedded ppc situation is more interesting... and it looks > like it is indeed broken, meaning that a user can coerce the kernel into > accessing PROT_NONE on its behalf with copy_from_user & co (though read > only really). > > Looks like the SW TLB handlers used on embedded should also check > whether the address is a user or kernel address, and enforce _PAGE_USER > in the former case. They might have done in the past, it's possible that > it's code we lost, but as it is, it's broken. > > The case of HW loaded TLB embedded will need a different definition of > PAGE_NONE as well I suspect. Kumar, can you have a look ? Even if we can't track copy-user accesses with the NUMA hinting page faults, AUTONUMA should still work fairly well. The flakey PROTNONE on embedded, is more a problem in itself than it would be for pte_numa on embedded. OTOH AutoNUMA working on embedded isn't important so it may be just better to disable it until !_PAGE_USER is reliable. > I wasn't especially thinking of ppc32... there's also hash64-4k or > embedded 64... Also pgtable.h is common, so all those added uses of > _PAGE_NUMA_PTE to static inline functions are going to break the build > unless _PAGE_NUMA_PTE is #defined to 0 when not used (we do that for a > bunch of bits in pte-common.h already). It'd be actually worse if it would build ;). But I guess using _PAGE_USER to implement pte_numa will solve the problem for 4k page size too. We can discuss this during kernel summit ;). Thanks a lot! Andrea -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists