lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Nov 2017 23:28:17 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Dave Hansen <dave.hansen@...ux.intel.com>
cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        moritz.lipp@...k.tugraz.at, daniel.gruss@...k.tugraz.at,
        michael.schwarz@...k.tugraz.at, luto@...nel.org,
        torvalds@...ux-foundation.org, keescook@...gle.com,
        hughd@...gle.com, x86@...nel.org
Subject: Re: [PATCH 03/23] x86, kaiser: disable global pages

On Wed, 1 Nov 2017, Dave Hansen wrote:
> On 11/01/2017 02:18 PM, Thomas Gleixner wrote:
> > On Tue, 31 Oct 2017, Dave Hansen wrote:
> >> --- a/arch/x86/include/asm/pgtable_types.h~kaiser-prep-disable-global-pages	2017-10-31 15:03:49.314064402 -0700
> >> +++ b/arch/x86/include/asm/pgtable_types.h	2017-10-31 15:03:49.323064827 -0700
> >> @@ -47,7 +47,12 @@
> >>  #define _PAGE_ACCESSED	(_AT(pteval_t, 1) << _PAGE_BIT_ACCESSED)
> >>  #define _PAGE_DIRTY	(_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
> >>  #define _PAGE_PSE	(_AT(pteval_t, 1) << _PAGE_BIT_PSE)
> >> +#ifdef CONFIG_X86_GLOBAL_PAGES
> >>  #define _PAGE_GLOBAL	(_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
> >> +#else
> >> +/* We must ensure that kernel TLBs are unusable while in userspace */
> >> +#define _PAGE_GLOBAL	(_AT(pteval_t, 0))
> >> +#endif
> > 
> > What you really want to do here is to clear PAGE_GLOBAL in the
> > supported_pte_mask. probe_page_size_mask() is the proper place for that.
> 
> How does something like this look?  I just remove _PAGE_GLOBAL from the
> default __PAGE_KERNEL permissions.

That should work, but how do you bring _PAGE_GLOBAL back when kaiser is
disabled at boot/runtime?

You might want to make __PAGE_KERNEL_GLOBAL a variable, but that might be
impossible for the early ASM stuff.

> I was a bit worried that if we pull _PAGE_GLOBAL out of
> __supported_pte_mask itself, we might not be able to use it for the
> shadow entries that map the entry/exit code like Linus suggested.

Hmm. Good point.  

Thanks,

	tglx

Powered by blists - more mailing lists