lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Jan 2022 09:54:57 -0800
From:   ira.weiny@...el.com
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Dan Williams <dan.j.williams@...el.com>
Cc:     Ira Weiny <ira.weiny@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH V8 36/44] memremap_pages: Reserve a PKS PKey for eventual use by PMEM

From: Ira Weiny <ira.weiny@...el.com>

The persistent memory (PMEM) driver uses the memremap_pages facility to
provide 'struct page' metadata (vmemmap) for PMEM.  Given that PMEM
capacity maybe orders of magnitude higher capacity than System RAM it
presents a large vulnerability surface to stray writes.  Unlike stray
writes to System RAM, which may result in a crash or other undesirable
behavior, stray writes to PMEM additionally are more likely to result in
permanent data loss. Reboot is not a remediation for PMEM corruption
like it is for System RAM.

Given that PMEM access from the kernel is limited to a constrained set
of locations (PMEM driver, Filesystem-DAX, and direct-I/O to a DAX
page), it is amenable to supervisor pkey protection.  PMEM uses the
memmap facility to map it's pages into the direct map.

Reserve a PKey for use by the memmap facility.

Signed-off-by: Ira Weiny <ira.weiny@...el.com>
---
 include/linux/pks-keys.h | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/linux/pks-keys.h b/include/linux/pks-keys.h
index a3fcd8df8688..46bb9a18da5a 100644
--- a/include/linux/pks-keys.h
+++ b/include/linux/pks-keys.h
@@ -42,14 +42,16 @@
  *
  */
 enum pks_pkey_consumers {
-	PKS_KEY_DEFAULT		= 0, /* Must be 0 for default PTE values */
-	PKS_KEY_TEST		= 1,
-	PKS_KEY_NR_CONSUMERS	= 2,
+	PKS_KEY_DEFAULT			= 0, /* Must be 0 for default PTE values */
+	PKS_KEY_TEST			= 1,
+	PKS_KEY_PGMAP_PROTECTION	= 2,
+	PKS_KEY_NR_CONSUMERS		= 3,
 };
 
 #define PKS_INIT_VALUE (PKR_RW_KEY(PKS_KEY_DEFAULT)		| \
 			PKR_AD_KEY(PKS_KEY_TEST)	| \
-			PKR_AD_KEY(2)	| PKR_AD_KEY(3)		| \
+			PKR_AD_KEY(PKS_KEY_PGMAP_PROTECTION)	| \
+			PKR_AD_KEY(3)	| \
 			PKR_AD_KEY(4)	| PKR_AD_KEY(5)		| \
 			PKR_AD_KEY(6)	| PKR_AD_KEY(7)		| \
 			PKR_AD_KEY(8)	| PKR_AD_KEY(9)		| \
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ