lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 31 Aug 2018 09:07:22 +0200
From:   Joerg Roedel <>
To:     Meelis Roos <>
Cc:     Linux Kernel list <>,, Thomas Gleixner <>
Subject: Re: 32-bit PTI with THP = userspace corruption

On Fri, Aug 31, 2018 at 07:12:44AM +0300, Meelis Roos wrote:
> > Thanks for the report! I'll try to reproduce the problem tomorrow and
> > investigate it. Can you please check if any of the kernel configurations
> > that show the bug has CONFIG_X86_PAE set? If not, can you please test
> > if enabling this option still triggers the problem?
> Will check, but out of my memery there were 2 G3 HP Proliants that did 
> not fit into the pattern (problem did not appear). I have more than 4G 
> RAM in those and HIGHMEM_4G there, maybe that's it?

Yeah, I thought a bit about it, and for legacy paging the PMD paging
level is the root-level where we do the mirroring between kernel and
user page-table for PTI. This means we also need to collect A/D bits
from both entries, which we don't do yet.

But that all means it shouldn't happen with CONFIG_X86_PAE=y.

I'll try to reproduce and work on a fix.



Powered by blists - more mailing lists