| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jun 2023 11:43:08 +0100
From: Lee Jones <lee@...nel.org>
To: dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, x86@...nel.org,
hpa@...or.com, linux-mm@...ck.org
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/1] x86/mm/KASLR: Store pud_page_tramp into entry
rather than page
On Fri, 16 Jun 2023, Lee Jones wrote:
> On Wed, 14 Jun 2023, Lee Jones wrote:
>
> > set_pgd() expects to be passed whole pages to operate on, whereas
> > trampoline_pgd_entry is, as the name suggests, an entry. The
> > ramifications for using set_pgd() here are that the following thread of
> > execution will not only place the suggested value into the
> > trampoline_pgd_entry (8-Byte globally stored [.bss]) variable, PTI will
> > also attempt to replicate that value into the non-existent neighboring
> > user page (located +4k away), leading to the corruption of other global
> > [.bss] stored variables.
> >
> > Suggested-by: Dave Hansen <dave.hansen@...ux.intel.com>
> > Signed-off-by: Lee Jones <lee@...nel.org>
> > ---
> > arch/x86/mm/kaslr.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
>
> Is there any more you need from me at this point?
>
> Would you like me to resubmit with the Fixes: tag applied, or is
> someone happy to apply it on merge?
Superstar, thanks Dave.
--
Lee Jones [李琼斯]
Powered by blists - more mailing lists