| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180223074958.m55bodw7hnzmj2yh@gmail.com>
Date: Fri, 23 Feb 2018 08:49:58 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Jan Beulich <JBeulich@...e.com>,
Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>
Cc: mingo@...e.hu, tglx@...utronix.de,
Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>, linux-kernel@...r.kernel.org,
hpa@...or.com, Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Borislav Petkov <bp@...en8.de>
Subject: Re: [PATCH v2] x86: consider effective protection attributes in W+X
check
* Jan Beulich <JBeulich@...e.com> wrote:
> >>> On 21.02.18 at 17:53, <mingo@...nel.org> wrote:
>
> > * Jan Beulich <JBeulich@...e.com> wrote:
> >
> >> Using just the leaf page table entry flags would cause a false warning
> >> in case _PAGE_RW is clear or _PAGE_NX is set in a higher level entry.
> >> Hand through both the current entry's flags as well as the accumulated
> >> effective value (the latter as pgprotval_t instead of pgprot_t, as it's
> >> not an actual entry's value).
> >>
> >> This in particular eliminates the false W+X warning when running under
> >> Xen, as commit 2cc42bac1c ("x86-64/Xen: eliminate W+X mappings") has to
> >> make the necessary adjustment in L2 rather than L1 (the reason is
> >> explained there). I.e. _PAGE_RW is clear there in L1, but _PAGE_NX is
> >> set in L2.
> >>
> >> Signed-off-by: Jan Beulich <jbeulich@...e.com>
> >> Reviewed-by: Juergen Gross <jgross@...e.com>
> >> ---
> >> v2: Re-base onto tip tree. Add Xen related paragraph to description.
> >> ---
> >> arch/x86/mm/dump_pagetables.c | 92
> > ++++++++++++++++++++++++++----------------
> >> 1 file changed, 57 insertions(+), 35 deletions(-)
> >
> > There's a build failure with CONFIG_KASAN=y enabled:
> >
> > arch/x86/mm/dump_pagetables.c: In function ‘kasan_page_table’:
> > arch/x86/mm/dump_pagetables.c:365:3: error: too few arguments to function ‘note_page’
> > arch/x86/mm/dump_pagetables.c:238:13: note: declared here
>
> Oh, I see. Question though is what to pass as the extra argument:
> Do I need to pass in the caller's effective rights, or should I take
> kasan_page_table()'s checking against kasan_zero_p?d as an
> indication that the effective permission is zero here? I'm sorry for
> this probably trivial question, but I know nothing about how KASAN
> works.
I'm not sure either - but I've Cc:-ed the KASAN gents who might be able to
help us out here?
Thanks,
Ingo
Powered by blists - more mailing lists