lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5162C1A8.4060904@canonical.com>
Date:	Mon, 08 Apr 2013 15:10:00 +0200
From:	Stefan Bader <stefan.bader@...onical.com>
To:	Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...nel.org>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andy Whitcroft <apw@...onical.com>,
	Mel Gorman <mgorman@...e.de>
Subject: Re: x86/mm/pageattr: Code without effect?

On 08.04.2013 14:51, Borislav Petkov wrote:
> On Mon, Apr 08, 2013 at 02:28:47PM +0200, Stefan Bader wrote:
>> To enforce the PSE bit here sounds reasonably right. And also apply
>> canon_pgprot, too. GLOBAL I don't know for sure.
> 
> Well sure, you don't want to flush those from the TLB if it is kernel
> memory since it is mapped in every process AFAICT.
> 
>> By the way there is a usage of new_prot a bit down of
>> try_preserve_large_page which probably should be changed into
>> req_prot, too. That was enforcing the canon_pgprot before the change.
>> So that may be considered a regression to before.
> 
> Which one?

         * that we limited the number of possible pages already to
         * the number of pages in the large page.
         */
        if (address == (address & pmask) && cpa->numpages == (psize >>
PAGE_SHIFT)) {
                /*
                 * The address is aligned and the number of pages
                 * covers the full page.
                 */
                new_pte = pfn_pte(pte_pfn(old_pte), new_prot);
                                                     ^

This one. The first patch changed

-               new_pte = pfn_pte(pte_pfn(old_pte), canon_pgprot(new_prot));
+               new_pte = pfn_pte(pte_pfn(old_pte), new_prot);

The fixup patch drops new_prot completely from being initialized and only works
on req_prot. Probably it would be best to also drop the definition of new_prot.
I think it then completely unused.

-Stefan

> 
> Actually, after Andrea's patch it all makes sense - we initialize
> new_prot from req_prot *after* all protections checks. new_prot are,
> IMHO, the final protection bits which we are actually going to change.
> 



Download attachment "signature.asc" of type "application/pgp-signature" (900 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ