| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56A81B01.7010104@huawei.com> Date: Wed, 27 Jan 2016 09:18:57 +0800 From: Xishi Qiu <qiuxishi@...wei.com> To: Mark Rutland <mark.rutland@....com> CC: zhong jiang <zhongjiang@...wei.com>, Laura Abbott <labbott@...oraproject.org>, Hanjun Guo <guohanjun@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: Have any influence on set_memory_** about below patch ?? On 2016/1/13 19:28, Mark Rutland wrote: > On Wed, Jan 13, 2016 at 01:02:31PM +0800, Xishi Qiu wrote: >> Hi Mark, >> >> If I do like this, does it have the problem too? >> >> kmalloc a size >> no access >> flush tlb >> call set_memory_ro to change the page table flag >> flush tlb >> start access > > This is broken. > > The kmalloc will give you memory form the linear mapping. Even if you > allocate a page, that page could have been mapped with a section at the > PMD/PUD/PGD level. > > Other data could fall within that section (e.g. a kernel stack, > perhaps). Hi Mark, If nobody use that whole section before(however it is almost impossible), flush tlb is safe, right? Thanks, Xishi Qiu > > Additional TLB flushees do not help. There's still a race against the > asynchronous TLB logic. The TLB can allocate or destroy entries at any > tim. If there were no page table changes prior to the invalidate, the > TLB could re-allocate all existing entries immediately after the TLB > invalidate, leaving you in the same state as before. > > Thanks, > Mark. > > . >
Powered by blists - more mailing lists