| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Sep 2021 18:03:46 +0200
From: Christian Borntraeger <borntraeger@...ibm.com>
To: David Hildenbrand <david@...hat.com>, linux-kernel@...r.kernel.org
Cc: linux-s390@...r.kernel.org, kvm@...r.kernel.org,
linux-mm@...ck.org, Janosch Frank <frankja@...ux.ibm.com>,
Cornelia Huck <cohuck@...hat.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Niklas Schnelle <schnelle@...ux.ibm.com>,
Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
Ulrich Weigand <Ulrich.Weigand@...ibm.com>
Subject: Re: [PATCH resend RFC 0/9] s390: fixes, cleanups and optimizations
for page table walkers
Am 09.09.21 um 18:22 schrieb David Hildenbrand:
> Resend because I missed ccing people on the actual patches ...
>
> RFC because the patches are essentially untested and I did not actually
> try to trigger any of the things these patches are supposed to fix. It
> merely matches my current understanding (and what other code does :) ). I
> did compile-test as far as possible.
>
> After learning more about the wonderful world of page tables and their
> interaction with the mmap_sem and VMAs, I spotted some issues in our
> page table walkers that allow user space to trigger nasty behavior when
> playing dirty tricks with munmap() or mmap() of hugetlb. While some issues
> should be hard to trigger, others are fairly easy because we provide
> conventient interfaces (e.g., KVM_S390_GET_SKEYS and KVM_S390_SET_SKEYS).
>
> Future work:
> - Don't use get_locked_pte() when it's not required to actually allocate
> page tables -- similar to how storage keys are now handled. Examples are
> get_pgste() and __gmap_zap.
> - Don't use get_locked_pte() and instead let page fault logic allocate page
> tables when we actually do need page tables -- also, similar to how
> storage keys are now handled. Examples are set_pgste_bits() and
> pgste_perform_essa().
> - Maybe switch to mm/pagewalk.c to avoid custom page table walkers. For
> __gmap_zap() that's very easy.
>
> Cc: Christian Borntraeger <borntraeger@...ibm.com>
> Cc: Janosch Frank <frankja@...ux.ibm.com>
> Cc: Cornelia Huck <cohuck@...hat.com>
> Cc: Claudio Imbrenda <imbrenda@...ux.ibm.com>
> Cc: Heiko Carstens <hca@...ux.ibm.com>
> Cc: Vasily Gorbik <gor@...ux.ibm.com>
> Cc: Niklas Schnelle <schnelle@...ux.ibm.com>
> Cc: Gerald Schaefer <gerald.schaefer@...ux.ibm.com>
> Cc: Ulrich Weigand <Ulrich.Weigand@...ibm.com>
>
> David Hildenbrand (9):
> s390/gmap: validate VMA in __gmap_zap()
> s390/gmap: don't unconditionally call pte_unmap_unlock() in
> __gmap_zap()
> s390/mm: validate VMA in PGSTE manipulation functions
> s390/mm: fix VMA and page table handling code in storage key handling
> functions
> s390/uv: fully validate the VMA before calling follow_page()
> s390/pci_mmio: fully validate the VMA before calling follow_pte()
> s390/mm: no need for pte_alloc_map_lock() if we know the pmd is
> present
> s390/mm: optimize set_guest_storage_key()
> s390/mm: optimize reset_guest_reference_bit()
>
> arch/s390/kernel/uv.c | 2 +-
> arch/s390/mm/gmap.c | 11 +++-
> arch/s390/mm/pgtable.c | 109 +++++++++++++++++++++++++++------------
> arch/s390/pci/pci_mmio.c | 4 +-
> 4 files changed, 89 insertions(+), 37 deletions(-)
>
Thanks applied. Will run some test on those commits, but its already pushed
out to my next tree to give it some coverage.
g
Powered by blists - more mailing lists