| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180110211118.A314040D@viggo.jf.intel.com>
Date: Wed, 10 Jan 2018 13:11:18 -0800
From: Dave Hansen <dave.hansen@...ux.intel.com>
To: linux-kernel@...r.kernel.org
Cc: x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>,
ning.sun@...el.com, tglx@...utronix.de, mingo@...hat.com,
hpa@...or.com, tboot-devel@...ts.sourceforge.net,
aarcange@...hat.com, jcm@...hat.com, dwmw@...zon.co.uk,
pbonzini@...hat.com, gnomes@...rguk.ukuu.org.uk,
torvalds@...ux-foundation.org, andi@...stfloor.org,
gregkh@...ux-foundation.org, tim.c.chen@...ux.intel.com,
law@...hat.com, nickc@...hat.com, luto@...nel.org,
peterz@...radead.org
Subject: [PATCH] x86/pti: unpoison pgd for trusted boot
I believe this should replace 262b6b30087 in -tip.
The patch in -tip potentially misses the pgd clearing if pud_alloc()
sets a PGD. It would also be nice to have that comment back.
Note that the -tip commit probably works in *practice* because for
two adjacent calls to map_tboot_page() that share a PGD entry, the
first will clear NX, *then* allocate and set the PGD (without NX
clear). The second call will *not* allocate but will clear the NX
bit.
--
From: Dave Hansen <dave.hansen@...ux.intel.com>
This is another case similar to what EFI does: create a new set of
page tables, map some code at a low address, and jump to it. PTI
mistakes this low address for userspace and mistakenly marks it
non-executable in an effort to make it unusable for userspace. Undo
the poison to allow execution.
Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Ning Sun <ning.sun@...el.com>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: "H. Peter Anvin" <hpa@...or.com>
Cc: x86@...nel.org
Cc: tboot-devel@...ts.sourceforge.net
Cc: linux-kernel@...r.kernel.org
Cc: Andrea Arcangeli <aarcange@...hat.com>
CC: Jon Masters <jcm@...hat.com>
Cc: "Woodhouse, David" <dwmw@...zon.co.uk>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Alan Cox <gnomes@...rguk.ukuu.org.uk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andi Kleen <andi@...stfloor.org>
Cc: Greg Kroah-Hartman <gregkh@...ux-foundation.org>
CC: "Tim Chen" <tim.c.chen@...ux.intel.com>
Cc: Jeff Law <law@...hat.com>
Cc: Nick Clifton <nickc@...hat.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Peter Zijlstra <peterz@...radead.org>
---
b/arch/x86/kernel/tboot.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff -puN arch/x86/kernel/tboot.c~pti-tboot-fix arch/x86/kernel/tboot.c
--- a/arch/x86/kernel/tboot.c~pti-tboot-fix 2018-01-09 17:12:49.776734656 -0800
+++ b/arch/x86/kernel/tboot.c 2018-01-09 17:12:49.784734656 -0800
@@ -138,6 +138,17 @@ static int map_tboot_page(unsigned long
return -1;
set_pte_at(&tboot_mm, vaddr, pte, pfn_pte(pfn, prot));
pte_unmap(pte);
+
+ /*
+ * PTI poisons low addresses in the kernel page tables in the
+ * name of making them unusable for userspace. To execute
+ * code at such a low address, the poison must be cleared.
+ *
+ * Note: 'pgd' actually gets set in p4d_alloc() _or_
+ * pud_alloc() depending on 4/5-level paging.
+ */
+ pgd->pgd &= ~_PAGE_NX;
+
return 0;
}
_
Powered by blists - more mailing lists