lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFypdyt+3-JyD3U1da5EqznncxKZZKPGn4ykkD=4Q4rdvw@mail.gmail.com>
Date:   Wed, 1 Nov 2017 09:08:09 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-mm <linux-mm@...ck.org>, Kees Cook <keescook@...gle.com>,
        Hugh Dickins <hughd@...gle.com>
Subject: Re: [PATCH 00/23] KAISER: unmap most of the kernel from userspace
 page tables

On Tue, Oct 31, 2017 at 4:44 PM, Dave Hansen
<dave.hansen@...ux.intel.com> wrote:
> On 10/31/2017 04:27 PM, Linus Torvalds wrote:
>>  (c) am I reading the code correctly, and the shadow page tables are
>> *completely* duplicated?
>>
>>      That seems insane. Why isn't only tyhe top level shadowed, and
>> then lower levels are shared between the shadowed and the "kernel"
>> page tables?
>
> There are obviously two PGDs.  The userspace half of the PGD is an exact
> copy so all the lower levels are shared.  The userspace copying is
> done via the code we add to native_set_pgd().

So the thing that made me think you do all levels was that confusing
kaiser_pagetable_walk() code (and to a lesser degree
get_pa_from_mapping()).

That code definitely walks and allocates all levels.

So it really doesn't seem to be just sharing the top page table entry.

And that worries me because that seems to be a very fundamental coherency issue.

I'm assuming that this is about mapping only the individual kernel
parts, but I'd like to get comments and clarification about that.

                  Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ