| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251022220755.1026144-1-usamaarif642@gmail.com>
Date: Wed, 22 Oct 2025 23:06:24 +0100
From: Usama Arif <usamaarif642@...il.com>
To: dwmw@...zon.co.uk,
tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...ux.intel.com,
ardb@...nel.org,
hpa@...or.com
Cc: x86@...nel.org,
apopple@...dia.com,
thuth@...hat.com,
nik.borisov@...e.com,
kas@...nel.org,
linux-kernel@...r.kernel.org,
linux-efi@...r.kernel.org,
kernel-team@...a.com,
Usama Arif <usamaarif642@...il.com>,
Michael van der Westhuizen <rmikey@...a.com>,
Tobias Fleig <tfleig@...a.com>
Subject: [PATCH 0/3] x86: Fix kexec 5-level to 4-level paging transition
This series addresses critical bugs in the kexec path when transitioning
from a kernel using 5-level page tables to one using 4-level page tables.
The root cause is improper handling of PGD entry value during the page level
transition. Specifically p4d value is masked with PAGE_MASK instead of
PTE_PFN_MASK, failing to account for high-order software bits like
_PAGE_BIT_NOPTISHADOW (bit 58).
When bit 58 (_PAGE_BIT_NOPTISHADOW) is set in the source kernel, the target
4-level kernel doesn't recognize it and fails to mask it properly, leading
to kexec failure.
This series fixes the issue in three parts:
Patch 1: Fixes the x86 boot compressed code path by replacing direct CR3
dereferencing with read_cr3_pa() and using PTE_PFN_MASK instead
of PAGE_MASK.
Patch 2: Applies the same fix to the EFI stub code path. (Done in a
separate patch as Fixes tag is different).
Patch 3: Moves _PAGE_BIT_NOPTISHADOW from bit 58 (_PAGE_BIT_SOFTW5) to
bit 9 (_PAGE_BIT_SOFTW1), which is already properly masked by
older kernels. This provides backward compatibility without
requiring patches 1 and 2 to be applied to all existing kernel versions,
which is not feasible for production systems or live patching.
Co-developed-by: Kiryl Shutsemau <kas@...nel.org>
Signed-off-by: Kiryl Shutsemau <kas@...nel.org>
Signed-off-by: Usama Arif <usamaarif642@...il.com>
Reported-by: Michael van der Westhuizen <rmikey@...a.com>
Reported-by: Tobias Fleig <tfleig@...a.com>
The patches are based on aaa9c3550b60d6259d6ea8b1175ade8d1242444e (next-20251022)
Usama Arif (3):
x86/boot: Fix page table access in 5-level to 4-level paging
transition
efi/libstub: Fix page table access in 5-level to 4-level paging
transition
x86/mm: Move _PAGE_BIT_NOPTISHADOW from bit 58 to bit 9
arch/x86/boot/compressed/pgtable_64.c | 8 +++++---
arch/x86/include/asm/pgtable_types.h | 4 ++--
drivers/firmware/efi/libstub/x86-5lvl.c | 5 ++++-
3 files changed, 11 insertions(+), 6 deletions(-)
--
2.47.3
Powered by blists - more mailing lists