lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 31 Oct 2017 11:07:57 -0700
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     linux-kernel@...r.kernel.org
Cc:     linux-mm@...ck.org, Dave Hansen <dave.hansen@...ux.intel.com>,
        x86@...nel.org, luto@...nel.org
Subject: [PATCH] x86, mm: make alternatives code do stronger TLB flush


From: Dave Hansen <dave.hansen@...ux.intel.com>

local_flush_tlb() does a CR3 write.  But, that kind of TLB flush is
not guaranteed to invalidate global pages.  The entire kernel is
mapped with global pages.

Also, now that we have PCIDs, local_flush_tlb() will only flush the
*current* PCID.  It would not flush the entries for all PCIDs.
At the moment, this is a moot point because all kernel pages are
_PAGE_GLOBAL which do not really *have* a particular PCID.

Use the stronger __flush_tlb_all() which does flush global pages.

This was found because of a warning I added to __native_flush_tlb()
to look for calls to it when PCIDs are enabled.  This patch does
not fix any bug known to be hit in practice.

Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: x86@...nel.org
Cc: Andy Lutomirski <luto@...nel.org>
---

 b/arch/x86/kernel/alternative.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff -puN arch/x86/kernel/alternative.c~x86-mm-text-poke-misses-global-pages arch/x86/kernel/alternative.c
--- a/arch/x86/kernel/alternative.c~x86-mm-text-poke-misses-global-pages	2017-10-31 10:28:44.306557256 -0700
+++ b/arch/x86/kernel/alternative.c	2017-10-31 10:28:44.309557393 -0700
@@ -722,7 +722,8 @@ void *text_poke(void *addr, const void *
 	clear_fixmap(FIX_TEXT_POKE0);
 	if (pages[1])
 		clear_fixmap(FIX_TEXT_POKE1);
-	local_flush_tlb();
+	/* Make sure to flush Global pages: */
+	__flush_tlb_all();
 	sync_core();
 	/* Could also do a CLFLUSH here to speed up CPU recovery; but
 	   that causes hangs on some VIA CPUs. */
_

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ