lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Nov 2017 15:12:02 -0700
From:   Dave Hansen <dave.hansen@...ux.intel.com>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        moritz.lipp@...k.tugraz.at, daniel.gruss@...k.tugraz.at,
        michael.schwarz@...k.tugraz.at, luto@...nel.org,
        torvalds@...ux-foundation.org, keescook@...gle.com,
        hughd@...gle.com, x86@...nel.org
Subject: Re: [PATCH 03/23] x86, kaiser: disable global pages

On 11/01/2017 02:18 PM, Thomas Gleixner wrote:
> On Tue, 31 Oct 2017, Dave Hansen wrote:
>> --- a/arch/x86/include/asm/pgtable_types.h~kaiser-prep-disable-global-pages	2017-10-31 15:03:49.314064402 -0700
>> +++ b/arch/x86/include/asm/pgtable_types.h	2017-10-31 15:03:49.323064827 -0700
>> @@ -47,7 +47,12 @@
>>  #define _PAGE_ACCESSED	(_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED)
>>  #define _PAGE_DIRTY	(_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
>>  #define _PAGE_PSE	(_AT(pteval_t, 1) << _PAGE_BIT_PSE)
>> +#ifdef CONFIG_X86_GLOBAL_PAGES
>>  #define _PAGE_GLOBAL	(_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
>> +#else
>> +/* We must ensure that kernel TLBs are unusable while in userspace */
>> +#define _PAGE_GLOBAL	(_AT(pteval_t, 0))
>> +#endif
> 
> What you really want to do here is to clear PAGE_GLOBAL in the
> supported_pte_mask. probe_page_size_mask() is the proper place for that.

How does something like this look?  I just remove _PAGE_GLOBAL from the
default __PAGE_KERNEL permissions.

> https://git.kernel.org/pub/scm/linux/kernel/git/daveh/x86-kaiser.git/commit/?h=kaiser-dynamic-414rc6-20171101&id=c9f7109207f87c168a6674a4826a701bd0c7333f

I was a bit worried that if we pull _PAGE_GLOBAL out of
__supported_pte_mask itself, we might not be able to use it for the
shadow entries that map the entry/exit code like Linus suggested.

Powered by blists - more mailing lists