lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250603111446.2609381-1-rppt@kernel.org>
Date: Tue,  3 Jun 2025 14:14:40 +0300
From: Mike Rapoport <rppt@...nel.org>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Jürgen Groß <jgross@...e.com>,
	Mike Rapoport <rppt@...nel.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Xin Li <xin@...or.com>,
	linux-kernel@...r.kernel.org,
	stable@...r.kernel.org,
	x86@...nel.org
Subject: [PATCH 0/5] Fixes for ITS mitigation and execmem

From: "Mike Rapoport (Microsoft)" <rppt@...nel.org>

Hi,

Jürgen Groß reported some bugs in interaction of ITS mitigation with
execmem [1] when running on a Xen PV guest.

These patches fix the issue by moving all the permissions management of
ITS memory allocated from execmem into ITS code.

I didn't test on a real Xen PV guest, but I emulated !PSE variant by
force-disabling the ROX cache in x86::execmem_arch_setup().

Peter, I took liberty to put your SoB in the patch that actually
implements the execmem permissions management in ITS, please let me know
if I need to update something about the authorship.

The patches are against v6.15.
They are also available in git:
https://web.git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git/log/?h=its-execmem/v1

[1] https://lore.kernel.org/all/20250528123557.12847-2-jgross@suse.com/

Juergen Gross (1):
  x86/mm/pat: don't collapse pages without PSE set

Mike Rapoport (Microsoft) (3):
  x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set
  x86/its: move its_pages array to struct mod_arch_specific
  Revert "mm/execmem: Unify early execmem_cache behaviour"

Peter Zijlstra (Intel) (1):
  x86/its: explicitly manage permissions for ITS pages

 arch/x86/Kconfig              |  2 +-
 arch/x86/include/asm/module.h |  8 ++++
 arch/x86/kernel/alternative.c | 89 ++++++++++++++++++++++++++---------
 arch/x86/mm/init_32.c         |  3 --
 arch/x86/mm/init_64.c         |  3 --
 arch/x86/mm/pat/set_memory.c  |  3 ++
 include/linux/execmem.h       |  8 +---
 include/linux/module.h        |  5 --
 mm/execmem.c                  | 40 ++--------------
 9 files changed, 82 insertions(+), 79 deletions(-)


base-commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca
-- 
2.47.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ