lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Nov 2017 15:12:02 -0700 From: Dave Hansen <dave.hansen@...ux.intel.com> To: Thomas Gleixner <tglx@...utronix.de> Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org, moritz.lipp@...k.tugraz.at, daniel.gruss@...k.tugraz.at, michael.schwarz@...k.tugraz.at, luto@...nel.org, torvalds@...ux-foundation.org, keescook@...gle.com, hughd@...gle.com, x86@...nel.org Subject: Re: [PATCH 03/23] x86, kaiser: disable global pages On 11/01/2017 02:18 PM, Thomas Gleixner wrote: > On Tue, 31 Oct 2017, Dave Hansen wrote: >> --- a/arch/x86/include/asm/pgtable_types.h~kaiser-prep-disable-global-pages 2017-10-31 15:03:49.314064402 -0700 >> +++ b/arch/x86/include/asm/pgtable_types.h 2017-10-31 15:03:49.323064827 -0700 >> @@ -47,7 +47,12 @@ >> #define _PAGE_ACCESSED (_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED) >> #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY) >> #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE) >> +#ifdef CONFIG_X86_GLOBAL_PAGES >> #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL) >> +#else >> +/* We must ensure that kernel TLBs are unusable while in userspace */ >> +#define _PAGE_GLOBAL (_AT(pteval_t, 0)) >> +#endif > > What you really want to do here is to clear PAGE_GLOBAL in the > supported_pte_mask. probe_page_size_mask() is the proper place for that. How does something like this look? I just remove _PAGE_GLOBAL from the default __PAGE_KERNEL permissions. > https://git.kernel.org/pub/scm/linux/kernel/git/daveh/x86-kaiser.git/commit/?h=kaiser-dynamic-414rc6-20171101&id=c9f7109207f87c168a6674a4826a701bd0c7333f I was a bit worried that if we pull _PAGE_GLOBAL out of __supported_pte_mask itself, we might not be able to use it for the shadow entries that map the entry/exit code like Linus suggested.
Powered by blists - more mailing lists