| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Apr 2020 14:01:25 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Christoph Hellwig <hch@....de>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>, x86@...nel.org,
linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
"K. Y. Srinivasan" <kys@...rosoft.com>,
Stephen Hemminger <stephen@...workplumber.org>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: hv_hypercall_pg page permissios
> On Apr 7, 2020, at 12:38 AM, Christoph Hellwig <hch@....de> wrote:
>
> On Tue, Apr 07, 2020 at 09:28:01AM +0200, Vitaly Kuznetsov wrote:
>> Christoph Hellwig <hch@....de> writes:
>>
>>> Hi all,
>>>
>>> The x86 Hyper-V hypercall page (hv_hypercall_pg) is the only allocation
>>> in the kernel using __vmalloc with exectutable persmissions, and the
>>> only user of PAGE_KERNEL_RX. Is there any good reason it needs to
>>> be readable? Otherwise we could use vmalloc_exec and kill off
>>> PAGE_KERNEL_RX. Note that before 372b1e91343e6 ("drivers: hv: Turn off
>>> write permission on the hypercall page") it was even mapped writable..
>>
>> [There is nothing secret in the hypercall page, by reading it you can
>> figure out if you're running on Intel or AMD (VMCALL/VMMCALL) but it's
>> likely not the only possible way :-)]
>>
>> I see no reason for hv_hypercall_pg to remain readable. I just
>> smoke-tested
>
> Thanks, I have the same in my WIP tree, but just wanted to confirm this
> makes sense.
Just to make sure we’re all on the same page: x86 doesn’t normally have an execute-only mode. Executable memory in the kernel is readable unless you are using fancy hypervisor-based XO support.
Powered by blists - more mailing lists