lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6CCE1B41-1865-4B09-8CEF-B83932775C3D@infradead.org>
Date: Thu, 12 Dec 2024 21:59:02 +0000
From: David Woodhouse <dwmw2@...radead.org>
To: Dave Hansen <dave.hansen@...el.com>, Nathan Chancellor <nathan@...nel.org>
CC: "Ning, Hongyu" <hongyu.ning@...ux.intel.com>, kexec@...ts.infradead.org,
 Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
 Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
 x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
 "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
 Kai Huang <kai.huang@...el.com>, Nikolay Borisov <nik.borisov@...e.com>,
 linux-kernel@...r.kernel.org, Simon Horman <horms@...nel.org>,
 Dave Young <dyoung@...hat.com>, Peter Zijlstra <peterz@...radead.org>,
 jpoimboe@...nel.org, bsz@...zon.de
Subject: Re: [PATCH] x86/kexec: Only write through identity mapping of control page

On 12 December 2024 21:43:57 GMT, Dave Hansen <dave.hansen@...el.com> wrote:
>On 12/12/24 13:32, David Woodhouse wrote:
>> On 12 December 2024 21:18:10 GMT, Dave Hansen <dave.hansen@...el.com> wrote:
>>> On 12/12/24 12:11, David Woodhouse wrote:
>>>> From: David Woodhouse <dwmw@...zon.co.uk>
>>>>
>>>> The virtual mapping of the control page may have been _PAGE_GLOBAL and
>>>> thus its PTE might not have been flushed on the %cr3 switch and
>>>> it might effectively still be read-only. Move the writes to it
>>>> down into the identity_mapped() function where the same
>>>> %rip-relative addressing will get the new mapping.
>>>> 
>>>> The stack is fine, as that's using the identity mapped address
>>>> anyway.
>>> 
>>> Shouldn't we also ensure that Global entries don't bite anyone
>>> else? Something like the completely untested attached patch?
>> Doesn't hurt, but this is an identity mapping so absolutely
>> everything other than this one page is going to be in the low
>> (positive) part of the canonical address space, so won't have had
>> global pages in the first place will they?
>
>Right, it's generally _not_ a problem. But it _can_ be a surprising
>problem which is why we're all looking at it today. ;)
>
>> Probably a kind thing to do for whatever we're passing control to
>> though :)
>> 
>> I'll round it up into the tree and send it out with the next batch of
>> debug support. Care to give me a SoB for it? You can
>> s/CR0_PGE/CR4_PGE/ too if you like but I can do that myself as well.
>Here's a fixed one with a changelog and a SoB. Still 100% gloriously
>untested though.
Ta. I'll play with it in the morning. May actually shift it earlier and use it instead of my other fix, so we can actually write to the virtual address.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ