| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Sep 2018 16:10:57 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: Dave Hansen <dave.hansen@...el.com>, Nadav Amit <namit@...are.com>,
Thomas Gleixner <tglx@...utronix.de>
Cc: linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
x86@...nel.org, Dave Hansen <dave.hansen@...ux.intel.com>,
Nadav Amit <nadav.amit@...il.com>,
Andi Kleen <ak@...ux.intel.com>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Michal Hocko <mhocko@...e.com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Andy Lutomirski <luto@...nel.org>
Subject: Re: [PATCH] x86: use WRITE_ONCE() when setting PTEs
On 09/06/2018 07:21 PM, Dave Hansen wrote:
> On 09/02/2018 11:14 AM, Nadav Amit wrote:
>> When page-table entries are set, the compiler might optimize their
>> assignment by using multiple instructions to set the PTE. This might
>> turn into a security hazard if the user somehow manages to use the
>> interim PTE. L1TF does not make our lives easier, making even an interim
>> non-present PTE a security hazard.
>>
>> Using WRITE_ONCE() to set PTEs and friends should prevent this potential
>> security hazard.
>
> But, our types are already 64-bit, and we're doing a 64-bit pointer
> write. Our WRITE_ONCE() implementation boils down to:
>
> static __always_inline void __write_once_size(...
> {
> switch (size) {
> ...
> case 8: *(volatile __u64 *)p = *(__u64 *)res; break;
>
>
> For 64-bit types, which is precisely the same thing. Right?
Notice the volatile cast. While the CPU write itself is fine, the
*compiler* can decide to do partial updates; volatile forbids it.
Powered by blists - more mailing lists