lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171109125155.lglrqo6mwd5hzzb7@pd.tnic>
Date:   Thu, 9 Nov 2017 13:51:55 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Dave Hansen <dave.hansen@...ux.intel.com>
Cc:     linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        moritz.lipp@...k.tugraz.at, daniel.gruss@...k.tugraz.at,
        michael.schwarz@...k.tugraz.at, richard.fellner@...dent.tugraz.at,
        luto@...nel.org, torvalds@...ux-foundation.org,
        keescook@...gle.com, hughd@...gle.com, x86@...nel.org
Subject: Re: [PATCH 04/30] x86, kaiser: disable global pages by default with
 KAISER

On Wed, Nov 08, 2017 at 11:46:53AM -0800, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> Global pages stay in the TLB across context switches.  Since all
> contexts share the same kernel mapping, we use global pages to
> allow kernel entries in the TLB to survive when we context
> switch.
> 
> But, even having these entries in the TLB opens up something that
> an attacker can use [1].
> 
> Disable global pages so that kernel TLB entries are flushed when
> we run userspace.  This way, all accesses to kernel memory result
> in a TLB miss whether there is good data there or not.  Without
> this, even when KAISER switches pages tables, the kernel entries
> might remain in the TLB.
> 
> We keep _PAGE_GLOBAL available so that we can use it for things
> that are global even with KAISER like the entry/exit code and
> data.
> 
> 1. The double-page-fault attack:
>    http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
> 
> Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
> Cc: Moritz Lipp <moritz.lipp@...k.tugraz.at>
> Cc: Daniel Gruss <daniel.gruss@...k.tugraz.at>
> Cc: Michael Schwarz <michael.schwarz@...k.tugraz.at>
> Cc: Richard Fellner <richard.fellner@...dent.tugraz.at>
> Cc: Andy Lutomirski <luto@...nel.org>
> Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> Cc: Kees Cook <keescook@...gle.com>
> Cc: Hugh Dickins <hughd@...gle.com>
> Cc: x86@...nel.org
> ---
> 
>  b/arch/x86/include/asm/pgtable_types.h |   14 +++++++++++++-
>  b/arch/x86/mm/pageattr.c               |   16 ++++++++--------
>  2 files changed, 21 insertions(+), 9 deletions(-)

Reviewed-by: Borislav Petkov <bp@...e.de>

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ