[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180923023315.GF8537@350D>
Date: Sun, 23 Sep 2018 12:33:15 +1000
From: Balbir Singh <bsingharora@...il.com>
To: Jonathan Adams <jwadams@...gle.com>
Cc: dwmw@...zon.co.uk, torvalds@...ux-foundation.org,
konrad.wilk@...cle.com, deepa.srinivasan@...cle.com,
Jim Mattson <jmattson@...gle.com>, andrew.cooper3@...rix.com,
linux-kernel@...r.kernel.org, boris.ostrovsky@...cle.com,
linux-mm@...ck.org, tglx@...utronix.de, joao.m.martins@...cle.com,
pradeep.vincent@...cle.com, ak@...ux.intel.com,
khalid.aziz@...cle.com, kanth.ghatraju@...cle.com,
liran.alon@...cle.com, keescook@...gle.com,
jsteckli@...inf.tu-dresden.de, kernel-hardening@...ts.openwall.com,
chris.hyser@...cle.com, tyhicks@...onical.com,
john.haxby@...cle.com, jcm@...hat.com
Subject: Re: Redoing eXclusive Page Frame Ownership (XPFO) with isolated CPUs
in mind (for KVM to isolate its guests per CPU)
On Wed, Sep 19, 2018 at 08:43:07AM -0700, Jonathan Adams wrote:
> (apologies again; resending due to formatting issues)
> On Tue, Sep 18, 2018 at 6:03 PM Balbir Singh <bsingharora@...il.com> wrote:
> >
> > On Mon, Aug 20, 2018 at 09:52:19PM +0000, Woodhouse, David wrote:
> > > On Mon, 2018-08-20 at 14:48 -0700, Linus Torvalds wrote:
> > > >
> > > > Of course, after the long (and entirely unrelated) discussion about
> > > > the TLB flushing bug we had, I'm starting to worry about my own
> > > > competence, and maybe I'm missing something really fundamental, and
> > > > the XPFO patches do something else than what I think they do, or my
> > > > "hey, let's use our Meltdown code" idea has some fundamental weakness
> > > > that I'm missing.
> > >
> > > The interesting part is taking the user (and other) pages out of the
> > > kernel's 1:1 physmap.
> > >
> > > It's the *kernel* we don't want being able to access those pages,
> > > because of the multitude of unfixable cache load gadgets.
> >
> > I am missing why we need this since the kernel can't access
> > (SMAP) unless we go through to the copy/to/from interface
> > or execute any of the user pages. Is it because of the dependency
> > on the availability of those features?
> >
> SMAP protects against kernel accesses to non-PRIV (i.e. userspace)
> mappings, but that isn't relevant to what's being discussed here.
>
> Davis is talking about the kernel Direct Map, which is a PRIV (i.e.
> kernel) mapping of all physical memory on the system, at
> VA = (base + PA).
> Since this mapping exists for all physical addresses, speculative
> load gadgets (and the processor's prefetch mechanism, etc.) can
> load arbitrary data even if it is only otherwise mapped into user
> space.
Load aribtrary data with no permission checks (strict RWX).
>
> XPFO fixes this by unmapping the Direct Map translations when the
> page is allocated as a user page. The mapping is only restored:
> 1. temporarily if the kernel needs direct access to the page
> (i.e. to zero it, access it from a device driver, etc),
> 2. when the page is freed
>
> And in so doing, significantly reduces the amount of non-kernel data
> vulnerable to speculative execution attacks against the kernel.
> (and reduces what data can be loaded into the L1 data cache while
> in kernel mode, to be peeked at by the recent L1 Terminal Fault
> vulnerability).
I see and there is no way for gadgets to invoke this path from
user space to make their speculation successful? We still have to
flush L1, indepenedent of whether XPFO is enabled or not right?
Balbir Singh.
Powered by blists - more mailing lists