| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201210143527.2398-2-jiangshanlai@gmail.com>
Date: Thu, 10 Dec 2020 22:35:25 +0800
From: Lai Jiangshan <jiangshanlai@...il.com>
To: linux-kernel@...r.kernel.org
Cc: Lai Jiangshan <laijs@...ux.alibaba.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH V2 2/3] x86/mm/pti: issue warning when mapping large pmd beyond specifid range
From: Lai Jiangshan <laijs@...ux.alibaba.com>
When PTI_CLONE_PTE, the caller doesn't want to expose pages beyond specifid
range and it worths a warning.
Signed-off-by: Lai Jiangshan <laijs@...ux.alibaba.com>
---
arch/x86/mm/pti.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 7ee99ef13a99..cd6da1d42ba9 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -356,6 +356,13 @@ pti_clone_pgtable(unsigned long start, unsigned long end,
* caller, so we just simply align it here.
*/
addr = round_down(addr, PMD_SIZE);
+ /*
+ * Mapping large pmd beyond [start, end) may expose
+ * secrets to user-space when it wants to clone ptes
+ * only.
+ */
+ WARN_ON_ONCE(level == PTI_CLONE_PTE &&
+ (addr < start || end < addr + PMD_SIZE));
target_pmd = pti_user_pagetable_walk_pmd(addr);
if (WARN_ON(!target_pmd))
--
2.19.1.6.gb485710b
Powered by blists - more mailing lists