lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a353184f-af84-92b5-d839-bd34b75da5a3@infradead.org>
Date:   Thu, 4 Jan 2018 22:57:32 -0800
From:   Randy Dunlap <rdunlap@...radead.org>
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        linux-kernel@...r.kernel.org
Cc:     x86@...nel.org, keescook@...omium.org, moritz.lipp@...k.tugraz.at,
        daniel.gruss@...k.tugraz.at, michael.schwarz@...k.tugraz.at,
        richard.fellner@...dent.tugraz.at, luto@...nel.org,
        torvalds@...ux-foundation.org, hughd@...gle.com
Subject: Re: [PATCH] [v3] x86/doc: add PTI description

On 01/04/18 21:38, Dave Hansen wrote:

> +Page Table Management
> +=====================
> +
> +When PTI is enabled, the kernel manages two sets of page tables.
> +The first set is very similar to the single set which is present in
> +kernels without PTI.  This includes a complete mapping of userspace
> +that the kernel can use for things like copy_to_user().
> +
> +Although _complete_, the user portion of the kernel page tables is
> +crippled by setting the NX bit in the top level.  This ensures
> +that any missed kernel->user CR3 switch will immediately crash
> +userspace upon executing its first instruction.
> +
> +The userspace page tables map only the kernel data needed to enter
> +and exit the kernel.  This data is entirely contained in the 'struct
> +cpu_entry_area' structure which is placed in the fixmap which gives
> +each CPU's copy of the area has a compile-time-fixed virtual
> +address.

drop /has/ above.

> +
> +For new userspace mappings, the kernel makes the entries in its
> +page tables like normal.  The only difference is when the kernel
> +makes entries in the top (PGD) level.  In addition to setting the
> +entry in the main kernel PGD, a copy of the entry is made in the
> +userspace page tables' PGD.

-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ