lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191126101922.GB31379@zn.tnic>
Date:   Tue, 26 Nov 2019 11:19:22 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Joerg Roedel <joro@...tes.org>
Cc:     Dave Hansen <dave.hansen@...ux.intel.com>,
        Andy Lutomirski <luto@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>, hpa@...or.com,
        x86@...nel.org, linux-kernel@...r.kernel.org,
        Joerg Roedel <jroedel@...e.de>, stable@...r.kernel.org
Subject: Re: [PATCH -tip] x86/mm/32: Sync only to LDT_BASE_ADDR in
 vmalloc_sync_all()

On Tue, Nov 26, 2019 at 11:09:42AM +0100, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@...e.de>
> 
> When vmalloc_sync_all() iterates over the address space until
> FIX_ADDR_TOP it will sync the whole kernel address space starting from
> VMALLOC_START.
> 
> This is not a problem when the kernel address range is identical in
> all page-tables, but this is no longer the case when PTI is enabled on
> x86-32. In that case the per-process LDT is mapped in the kernel
> address range and vmalloc_sync_all() clears the LDT mapping for all
> processes.
> 
> To make LDT working again vmalloc_sync_all() must only iterate over
> the volatile parts of the kernel address range that are identical
> between all processes. This includes the VMALLOC and the PKMAP areas
> on x86-32.
> 
> The order of the ranges in the address space is:
> 
> 	VMALLOC -> PKMAP -> LDT -> CPU_ENTRY_AREA -> FIX_ADDR
> 
> So the right check in vmalloc_sync_all() is "address < LDT_BASE_ADDR"
> to make sure the VMALLOC and PKMAP areas are synchronized and the LDT
> mapping is not falsely overwritten. the CPU_ENTRY_AREA and
> the FIXMAP area are no longer synced as well, but these
> ranges are synchronized on page-table creation time and do
> not change during runtime.
> 
> This change fixes the ldt_gdt selftest in my setup.
> 
> Fixes: 7757d607c6b3 ("x86/pti: AllowCONFIG_PAGE_TABLE_ISOLATION for x86_32")
> Cc: stable@...r.kernel.org
> Signed-off-by: Joerg Roedel <jroedel@...e.de>
> ---
>  arch/x86/mm/fault.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reported-by: Borislav Petkov <bp@...e.de>
Tested-by: Borislav Petkov <bp@...e.de>

Thx Jörg!

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ