lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCETrX0udgL=00a-trceOVXCTqRMfTieBDJKdnYacoH9-9kSg@mail.gmail.com>
Date:   Mon, 4 Dec 2017 14:27:57 -0800
From:   Andy Lutomirski <luto@...nel.org>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andy Lutomirsky <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Borislav Petkov <bpetkov@...e.de>,
        Greg KH <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...gle.com>,
        Hugh Dickins <hughd@...gle.com>,
        Brian Gerst <brgerst@...il.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Denys Vlasenko <dvlasenk@...hat.com>,
        Rik van Riel <riel@...hat.com>,
        Boris Ostrovsky <boris.ostrovsky@...cle.com>,
        Juergen Gross <jgross@...e.com>,
        David Laight <David.Laight@...lab.com>,
        Eduardo Valentin <eduval@...zon.com>, aliguori@...zon.com,
        Will Deacon <will.deacon@....com>,
        Daniel Gruss <daniel.gruss@...k.tugraz.at>,
        Dave Hansen <dave.hansen@...ux.intel.com>
Subject: Re: [patch 31/60] x86/mm/kpti: Add mapping helper functions

On Mon, Dec 4, 2017 at 6:07 AM, Thomas Gleixner <tglx@...utronix.de> wrote:
> From: Dave Hansen <dave.hansen@...ux.intel.com>
>
> Add the pagetable helper functions do manage the separate user space page
> tables.
>
> [ tglx: Split out from the big combo kaiser patch ]

> +/*
> + * Take a PGD location (pgdp) and a pgd value that needs to be set there.
> + * Populates the user and returns the resulting PGD that must be set in
> + * the kernel copy of the page tables.
> + */
> +static inline pgd_t kpti_set_user_pgd(pgd_t *pgdp, pgd_t pgd)
> +{
> +#ifdef CONFIG_KERNEL_PAGE_TABLE_ISOLATION
> +       if (!static_cpu_has_bug(X86_BUG_CPU_SECURE_MODE_KPTI))
> +               return pgd;
> +
> +       if (pgd_userspace_access(pgd)) {
> +               if (pgdp_maps_userspace(pgdp)) {
> +                       /*
> +                        * The user page tables get the full PGD,
> +                        * accessible from userspace:
> +                        */
> +                       kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd;
> +                       /*
> +                        * For the copy of the pgd that the kernel uses,
> +                        * make it unusable to userspace.  This ensures on
> +                        * in case that a return to userspace with the
> +                        * kernel CR3 value, userspace will crash instead
> +                        * of running.
> +                        *
> +                        * Note: NX might be not available or disabled.
> +                        */
> +                       if (__supported_pte_mask & _PAGE_NX)
> +                               pgd.pgd |= _PAGE_NX;
> +               }
> +       } else if (pgd_userspace_access(*pgdp)) {
> +               /*
> +                * We are clearing a _PAGE_USER PGD for which we presumably
> +                * populated the user PGD.  We must now clear the user PGD
> +                * entry.
> +                */
> +               if (pgdp_maps_userspace(pgdp)) {
> +                       kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd;
> +               } else {
> +                       /*
> +                        * Attempted to clear a _PAGE_USER PGD which is in
> +                        * the kernel porttion of the address space.  PGDs
> +                        * are pre-populated and we never clear them.
> +                        */
> +                       WARN_ON_ONCE(1);
> +               }
> +       } else {
> +               /*
> +                * _PAGE_USER was not set in either the PGD being set or
> +                * cleared.  All kernel PGDs should be pre-populated so
> +                * this should never happen after boot.
> +                */
> +               WARN_ON_ONCE(system_state == SYSTEM_RUNNING);
> +       }
> +#endif
> +       /* return the copy of the PGD we want the kernel to use: */
> +       return pgd;
> +}
> +

I mentioned this earlier, but I think this should be:


  VM_BUG_ON(pgdp points to a usermode table);

  if (pgdp_maps_userspace(pgdp)) {
    /* Install the pgd as requested into the usermode tables. */
    kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd;

    if (pgd_val(pgd) & _PAGE_USER) {
      /*
       * This is a normal user pgd -- the kernelmode mapping should have NX
       * set to prevent erroneous usermode execution with the kernel tables.
       */
      return __pgd(pgd_val(pgd) | _PAGE_NX;
    } else {
      /* This is a weird mapping, e.g. EFI.  Map it straight through. */
      return pgd;
    }
  } else {
    /*
     * We can get here due to vmalloc, a vmalloc fault, memory
hot-add, or initial setup
     * of kernelmode page tables.  Regardless of which particular code
path we're in,
     * these mappings should not be automatically propagated to the
usermode tables.
     */
    return pgd;
  }
}

That should make all the VSYSCALL nastiness go away.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ