lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Nov 2022 19:02:31 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     x86@...nel.org, dave.hansen@...el.com,
        linux-kernel@...r.kernel.org, oliver.sang@...el.com
Subject: Re: [PATCH 1/4] x86/mm: Add a few comments

On Thu, Nov 10, 2022 at 08:22:54AM -0800, Linus Torvalds wrote:
> On Thu, Nov 10, 2022 at 4:58 AM Peter Zijlstra <peterz@...radead.org> wrote:
> >
> > It's a shame to hide useful comments in Changelogs, add some to the
> > code.
> >
> > Shamelessly stolen from commit:
> 
> When the comment says how the image is mapped into two places,
> wouldn't it be good to also have the reason *why* rather than just
> what..

Agreed, and I think I can actually answer this. How about I change it
into something like this:

/*
 * The kernel image is mapped into two places in the virtual address space
 * (addresses without KASLR, of course):
 *
 * 1. The kernel direct map (0xffff880000000000)
 * 2. The "high kernel map" (0xffffffff81000000)
 *
 * We actually execute out of #2. If we get the address of a kernel symbol, it
 * points to #2, but almost all physical-to-virtual translations point to #1.
 *
 * This is so that we can have both a directmap of all physical memory
 * *and* take full advantage of the limited (s32) immediate addressing
 * range (2G) of x86_64.
 *
 * See Documentation/x86/x86_64/mm.rst for more details.
 */

> That said, my real commentary for this patch set is not that
> particular instance, but the bigger picture - that this code is still
> a bit opaque as to why these things are done.

Yes, small steps I suppose. It took me way longer than it should have to
figure out what this code was actually doing. And why we shouldn't
propagate those NX bits in the various cases.

> Do we need any of those alias passes at all for pure protection bit
> changes? I thought we only did these because things like cacheability
> bits have to be in sync due to machine checks etc?
> 
> Or am I missing some case where writability matters too?

I _think_, but I'm not actually sure, that it matters in exactly that
case dhansen mentions, where we do a physical to virtual address
translation and expect access to match whatever alias we originally came
from.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ