| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jan 2016 11:28:13 +0000 From: Mark Rutland <mark.rutland@....com> To: Xishi Qiu <qiuxishi@...wei.com> Cc: zhong jiang <zhongjiang@...wei.com>, Laura Abbott <labbott@...oraproject.org>, Hanjun Guo <guohanjun@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: Have any influence on set_memory_** about below patch ?? On Wed, Jan 13, 2016 at 01:02:31PM +0800, Xishi Qiu wrote: > Hi Mark, > > If I do like this, does it have the problem too? > > kmalloc a size > no access > flush tlb > call set_memory_ro to change the page table flag > flush tlb > start access This is broken. The kmalloc will give you memory form the linear mapping. Even if you allocate a page, that page could have been mapped with a section at the PMD/PUD/PGD level. Other data could fall within that section (e.g. a kernel stack, perhaps). Additional TLB flushees do not help. There's still a race against the asynchronous TLB logic. The TLB can allocate or destroy entries at any tim. If there were no page table changes prior to the invalidate, the TLB could re-allocate all existing entries immediately after the TLB invalidate, leaving you in the same state as before. Thanks, Mark.
Powered by blists - more mailing lists