lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c16ed8f5c960c34f05b88b84a31f28a610f6a3cf.camel@infradead.org>
Date: Tue, 03 Dec 2024 17:56:31 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: kexec@...ts.infradead.org
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
 Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
 x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, "Kirill A. Shutemov"
 <kirill.shutemov@...ux.intel.com>, Kai Huang <kai.huang@...el.com>, Nikolay
 Borisov <nik.borisov@...e.com>,  linux-kernel@...r.kernel.org, Simon Horman
 <horms@...nel.org>, Dave Young <dyoung@...hat.com>, Peter Zijlstra
 <peterz@...radead.org>, jpoimboe@...nel.org,  bsz@...zon.de
Subject: Re: [RFC PATCH v4 05/20] x86/mm: Add _PAGE_NOPTISHADOW bit to avoid
 updating userspace page tables

On Wed, 2024-11-27 at 19:00 +0000, David Woodhouse wrote:
> From: David Woodhouse <dwmw@...zon.co.uk>
> 
> The set_p4d() and set_pgd() functions (in 4-level or 5-level page table setups
> respectively) assume that the root page table is actually a 8KiB allocation,
> with the userspace root immediately after the kernel root page table (so that
> the former can enforce NX on on all the subordinate pages, which are actually
> shared).
> 
> However, users of the kernel_ident_mapping_init() code do not give it an 8KiB
> allocation for its PGD. Both swsusp_arch_resume() and acpi_mp_setup_reset()
> allocate only a single 4KiB page. The kexec code on x86_64 currently gets
> away with it purely by chance, because it allocates 8KiB for its "control
> code page" and then actually uses the first half for the PGD, then copies the
> actual trampoline code into the second half only after the identmap code has
> finished scribbling over it.
> 
> Fix this by defining a _PAGE_NOPTISHADOW bit (which can use the same bit as
> _PAGE_SAVED_DIRTY since one is only for the PGD/P4D root and the other is
> exclusively for leaf PTEs.). This instructs __pti_set_user_pgtbl() not to
> write to the userspace 'shadow' PGD.
> 
> Strictly, the _PAGE_NOPTISHADOW bit doesn't need to be written out to the
> actual page tables; since __pti_set_user_pgtbl() returns the value to be
> written to the kernel page table, it could be filtered out. But there seems
> to be no benefit to actually doing so.

Ping? I think the rest of the kexec-debug series is in fairly good
shape; this is the only part I'm slightly unsure about.


Download attachment "smime.p7s" of type "application/pkcs7-signature" (5965 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ