lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Nov 2017 23:28:17 +0100 (CET) From: Thomas Gleixner <tglx@...utronix.de> To: Dave Hansen <dave.hansen@...ux.intel.com> cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org, moritz.lipp@...k.tugraz.at, daniel.gruss@...k.tugraz.at, michael.schwarz@...k.tugraz.at, luto@...nel.org, torvalds@...ux-foundation.org, keescook@...gle.com, hughd@...gle.com, x86@...nel.org Subject: Re: [PATCH 03/23] x86, kaiser: disable global pages On Wed, 1 Nov 2017, Dave Hansen wrote: > On 11/01/2017 02:18 PM, Thomas Gleixner wrote: > > On Tue, 31 Oct 2017, Dave Hansen wrote: > >> --- a/arch/x86/include/asm/pgtable_types.h~kaiser-prep-disable-global-pages 2017-10-31 15:03:49.314064402 -0700 > >> +++ b/arch/x86/include/asm/pgtable_types.h 2017-10-31 15:03:49.323064827 -0700 > >> @@ -47,7 +47,12 @@ > >> #define _PAGE_ACCESSED (_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED) > >> #define _PAGE_DIRTY (_AT(pteval_t, 1) << _PAGE_BIT_DIRTY) > >> #define _PAGE_PSE (_AT(pteval_t, 1) << _PAGE_BIT_PSE) > >> +#ifdef CONFIG_X86_GLOBAL_PAGES > >> #define _PAGE_GLOBAL (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL) > >> +#else > >> +/* We must ensure that kernel TLBs are unusable while in userspace */ > >> +#define _PAGE_GLOBAL (_AT(pteval_t, 0)) > >> +#endif > > > > What you really want to do here is to clear PAGE_GLOBAL in the > > supported_pte_mask. probe_page_size_mask() is the proper place for that. > > How does something like this look? I just remove _PAGE_GLOBAL from the > default __PAGE_KERNEL permissions. That should work, but how do you bring _PAGE_GLOBAL back when kaiser is disabled at boot/runtime? You might want to make __PAGE_KERNEL_GLOBAL a variable, but that might be impossible for the early ASM stuff. > I was a bit worried that if we pull _PAGE_GLOBAL out of > __supported_pte_mask itself, we might not be able to use it for the > shadow entries that map the entry/exit code like Linus suggested. Hmm. Good point. Thanks, tglx
Powered by blists - more mailing lists