lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 24 Nov 2017 08:17:06 -0800
From:   Andy Lutomirski <>
To:     Peter Zijlstra <>
Cc:     Ingo Molnar <>,
        "" <>,
        Dave Hansen <>,
        Thomas Gleixner <>,
        "H . Peter Anvin" <>, Borislav Petkov <>,
        Linus Torvalds <>
Subject: Re: [PATCH 30/43] x86/mm/kaiser: Map espfix structures

On Fri, Nov 24, 2017 at 5:47 AM, Peter Zijlstra <> wrote:
> On Fri, Nov 24, 2017 at 10:14:35AM +0100, Ingo Molnar wrote:
>> From: Dave Hansen <>
>> There is some rather arcane code to help when an IRET returns
>> to 16-bit segments.  It is referred to as the "espfix" code.
>> This consists of a few per-cpu variables:
>>       espfix_stack: tells us where the stack is allocated
>>                     (the bottom)
>>       espfix_waddr: tells us to where %rsp may be pointed
>>                     (the top)
>> These are in addition to the stack itself.  All three things must
>> be mapped for the espfix code to function.
>> Note: the espfix code runs with a kernel GSBASE, but user
>> (shadow) page tables.  A switch to the kernel page tables could
>> be performed instead of mapping these structures, but mapping
>> them is simpler and less likely to break the assembly.  To switch
>> over to the kernel copy, additional temporary storage would be
>> required which is in short supply in this context.
> With Andy's patches that should actually be doable, no?

I don't think it has much to do with my patches.  We can freely spill
to the stack in the espfix64 code, though.


Powered by blists - more mailing lists