| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Nov 2017 15:11:51 -0800
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
richard.fellner@...dent.tugraz.at, moritz.lipp@...k.tugraz.at,
daniel.gruss@...k.tugraz.at, michael.schwarz@...k.tugraz.at,
luto@...nel.org, torvalds@...ux-foundation.org,
keescook@...gle.com, hughd@...gle.com, x86@...nel.org
Subject: Re: [PATCH 08/30] x86, kaiser: unmap kernel from userspace page
tables (core patch)
On 11/20/2017 09:21 AM, Thomas Gleixner wrote:
>> +KAISER logically keeps a "copy" of the page tables which unmap
>> +the kernel while in userspace. The kernel manages the page
>> +tables as normal, but the "copying" is done with a few tricks
>> +that mean that we do not have to manage two full copies.
>> +The first trick is that for any any new kernel mapping, we
>> +presume that we do not want it mapped to userspace. That means
>> +we normally have no copying to do. We only copy the kernel
>> +entries over to the shadow in response to a kaiser_add_*()
>> +call which is rare.
> When KAISER is enabled the kernel manages two page tables for the kernel
> mappings. The regular page table which is used while executing in kernel
> space and a shadow copy which only contains the mapping entries which are
> required for the kernel-userspace transition. These mappings have to be
> copied into the shadow page tables explicitely with the kaiser_add_*()
> functions.
This misses a few important points that I think the original text
touches on. I gave it another go:
> Page Table Management
> =====================
>
> When KAISER is enabled, the kernel manages two sets of page
> tables. The first copy is very similar to what would be present
> for a kernel without KAISER. This includes a complete mapping of
> userspace that the kernel can use for things like copy_to_user().
>
> The second (shadow) is used when running userspace and mirrors the
> mapping of userspace present in the kernel copy. It maps a only
> the kernel data needed to enter and exit the kernel.
>
> The shadow is populated by the kaiser_add_*() functions. Only
> kernel data which has been explicity mapped will appear in the
> shadow copy. These calls are rare at runtime.
>
> For a new userspace mapping, the kernel makes the entries in its
> page tables like normal. The only difference is when the kernel
> makes entries in the top (PGD) level. In addition to setting the
> entry in the main kernel PGD, a copy if the entry is made in the
> shadow PGD.
>
> For user space mappings the kernel creates an entry in the kernel
> PGD and the same entry in the shadow PGD, so the underlying page
> table to which the PGD entry points is shared down to the PTE
> level. This leaves a single, shared set of userspace page tables
> to manage. One PTE to lock, one set set of accessed bits, dirty
> bits, etc...
Powered by blists - more mailing lists