lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Jul 2022 13:17:13 -0700
From:   "Andy Lutomirski" <luto@...nel.org>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        "Borislav Petkov" <bp@...en8.de>,
        "Sean Christopherson" <seanjc@...gle.com>,
        "Andrew Morton" <akpm@...ux-foundation.org>,
        "Joerg Roedel" <jroedel@...e.de>,
        "Ard Biesheuvel" <ardb@...nel.org>
Cc:     "Andi Kleen" <ak@...ux.intel.com>,
        "Sathyanarayanan Kuppuswamy" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        "David Rientjes" <rientjes@...gle.com>,
        "Vlastimil Babka" <vbabka@...e.cz>,
        "Tom Lendacky" <thomas.lendacky@....com>,
        "Thomas Gleixner" <tglx@...utronix.de>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        "Paolo Bonzini" <pbonzini@...hat.com>,
        "Ingo Molnar" <mingo@...hat.com>,
        "Varad Gautam" <varad.gautam@...e.com>,
        "Dario Faggioli" <dfaggioli@...e.com>,
        "Dave Hansen" <dave.hansen@...el.com>,
        "Mike Rapoport" <rppt@...nel.org>,
        "David Hildenbrand" <david@...hat.com>,
        "Marcelo Henrique Cerri" <marcelo.cerri@...onical.com>,
        tim.gardner@...onical.com, khalid.elmously@...onical.com,
        philip.cox@...onical.com,
        "the arch/x86 maintainers" <x86@...nel.org>, linux-mm@...ck.org,
        linux-coco@...ts.linux.dev, linux-efi@...r.kernel.org,
        "Linux Kernel Mailing List" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCHv7 10/14] x86/mm: Avoid load_unaligned_zeropad() stepping into
 unaccepted memory



On Tue, Jun 14, 2022, at 5:02 AM, Kirill A. Shutemov wrote:
> load_unaligned_zeropad() can lead to unwanted loads across page boundaries.
> The unwanted loads are typically harmless. But, they might be made to
> totally unrelated or even unmapped memory. load_unaligned_zeropad()
> relies on exception fixup (#PF, #GP and now #VE) to recover from these
> unwanted loads.
>
> But, this approach does not work for unaccepted memory. For TDX, a load
> from unaccepted memory will not lead to a recoverable exception within
> the guest. The guest will exit to the VMM where the only recourse is to
> terminate the guest.

Why is unaccepted memory marked present in the direct map in the first place?

Having kernel code assume that every valid address is followed by several bytes of memory that may be read without side effects other than #PF also seems like a mistake, but I probably won’t win that fight. But sticking guard pages in front of definitely-not-logically present pages seems silly to me.  Let’s just not map it.

(What if MMIO memory is mapped next to regular memory?  Doing random unaligned reads that cross into MMIO seems unwise.)

Powered by blists - more mailing lists