lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAMj1kXH8ogAzr-_yCWgqzj+NLVpvBGkm_XOJppSm2jcS4P8eUQ@mail.gmail.com>
Date: Tue, 28 Oct 2025 14:43:56 +0100
From: Ard Biesheuvel <ardb@...nel.org>
To: Usama Arif <usamaarif642@...il.com>
Cc: dwmw@...zon.co.uk, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, 
	dave.hansen@...ux.intel.com, hpa@...or.com, x86@...nel.org, 
	apopple@...dia.com, thuth@...hat.com, nik.borisov@...e.com, kas@...nel.org, 
	linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org, kernel-team@...a.com, 
	Michael van der Westhuizen <rmikey@...a.com>, Tobias Fleig <tfleig@...a.com>
Subject: Re: [PATCH v2 0/2] x86: Fix kexec 5-level to 4-level paging transition

On Tue, 28 Oct 2025 at 11:57, Usama Arif <usamaarif642@...il.com> wrote:
>
> This series addresses critical bugs in the kexec path when transitioning
> from a kernel using 5-level page tables to one using 4-level page tables.
>
> The root cause is improper handling of PGD entry value during the page level
> transition. Specifically PGD entry value is masked with PAGE_MASK instead of
> PTE_PFN_MASK, failing to account for high-order software bits like
> _PAGE_BIT_NOPTISHADOW (bit 58).
>
> When bit 58 (_PAGE_BIT_NOPTISHADOW) is set in the source kernel, the target
> 4-level kernel doesn't recognize it and fails to mask it properly, leading
> to kexec failure.
>
> Patch 1: Fixes the x86 boot compressed code path by replacing direct CR3
> dereferencing with read_cr3_pa() and using PTE_PFN_MASK instead
> of PAGE_MASK.
>
> Patch 2: Applies the same fix to the EFI stub code path. (Done in a
> separate patch as Fixes tag is different).
>
>
> Co-developed-by: Kiryl Shutsemau <kas@...nel.org>
> Signed-off-by: Kiryl Shutsemau <kas@...nel.org>
> Signed-off-by: Usama Arif <usamaarif642@...il.com>
> Reported-by: Michael van der Westhuizen <rmikey@...a.com>
> Reported-by: Tobias Fleig <tfleig@...a.com>
>
> The patches are based on aaa9c3550b60d6259d6ea8b1175ade8d1242444e (next-20251022)
>
> v1 -> v2:
> - Remove patch 3 from v1 to fix kexec for source kernel in 5-level to 4-level
>   transition where the 4 level kernel doesnt have patch 1 and 2 (Dave Hansen)
> - Add include for asm/pgtable.h to fix build for x86_64-allnoconfig (kernel test bot)
> - Use native_read_cr3_pa and for both paths (Ard Biesheuvel)
>
> Usama Arif (2):
>   x86/boot: Fix page table access in 5-level to 4-level paging
>     transition
>   efi/libstub: Fix page table access in 5-level to 4-level paging
>     transition
>

Reviewed-by: Ard Biesheuvel <ardb@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ