From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CE65EB64D7 for ; Fri, 16 Jun 2023 17:00:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D42636B0074; Fri, 16 Jun 2023 13:00:35 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF23B6B0075; Fri, 16 Jun 2023 13:00:35 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B93358E0001; Fri, 16 Jun 2023 13:00:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id A5EB06B0074 for ; Fri, 16 Jun 2023 13:00:35 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 5FBB5A0C7D for ; Fri, 16 Jun 2023 17:00:35 +0000 (UTC) X-FDA: 80909224830.28.EDE60C0 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf13.hostedemail.com (Postfix) with ESMTP id 6CA842001D for ; Fri, 16 Jun 2023 17:00:33 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RoXjZJcK; spf=pass (imf13.hostedemail.com: domain of lee@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=lee@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686934833; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=w74tfYM5eSaz/gLFbVd7+gkcYZFaYsPKji9h+rYyyVw=; b=xlV5XIIsqrYHJ848TlwE6r1CNJGZruOxytv/sO9fXFprZg+k7w55pwERjd5z52/3fdqI8n qeMsnvYewEiBd6v6zmCJhZROV5ul92f/SI09I51U8W4PwkSX4GN7CfxFFcOukhpDvzJymg VdiKB4e893S8pV1rRQnb9lSlCNfVbjs= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=RoXjZJcK; spf=pass (imf13.hostedemail.com: domain of lee@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=lee@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686934833; a=rsa-sha256; cv=none; b=pfGgDZqT2jhVMEtgrT71IVVU/sBA/HINVbchFbqwC2f9qPI8ZOxz42i+tKlqOJz3d+lh8x 5GM7OHztxqKSE2+TK9Z+D/BRJiGkMJTB0qCm4aakbEpgAoCIf+bWmzr2vXBo0jWY6AtMRW ap/hUQOYkQe/rVjO6hYh6B9hsmbpCcE= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C6A1A61D3C; Fri, 16 Jun 2023 17:00:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B28EBC433CA; Fri, 16 Jun 2023 17:00:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686934830; bh=bBDGc7l+rp9aL56+CDe+wYli295kdN5xV+/yUxzXB2U=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RoXjZJcKmF7VUovmc25dlYZ7bZupC6kQfX7pDjiQaODyhpOeGZxCiFf21vPXfAwfP 8+F5YkVnbWNFVt6sYpMarSafwIkFNaSWz0K8q01rE2tfoQ+TwBt4o5RNcK63i/Zsyj 8nXF0skvL2WB5z/6v0lBUdAx7g1OZlHRMrMsx8uIFsxmRuRA/m7/w3ylzDhgoCsHvO KzSH1LXsvvp9EVK04jY8eO+kL0O8W3sa5xnwcPCzYCu7dNZzvl7BDCrZ6dRFaNt3OV Mz2ZLS+mfc13zG/Ih5VW1mOHdZquspBxinKG9cK1y3HB+xxMtITAXuBfgtqWM82073 943N4gMUeY2Jg== Date: Fri, 16 Jun 2023 18:00:27 +0100 From: Lee Jones To: dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, hpa@zytor.com, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 1/1] x86/mm/KASLR: Store pud_page_tramp into entry rather than page Message-ID: <20230616170027.GM3635807@google.com> References: <20230614163859.924309-1-lee@kernel.org> <20230614163859.924309-2-lee@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230614163859.924309-2-lee@kernel.org> X-Rspamd-Queue-Id: 6CA842001D X-Rspam-User: X-Stat-Signature: 7d4nqok53b1ziqmi4uxk44bnsdjs6gcp X-Rspamd-Server: rspam01 X-HE-Tag: 1686934833-811172 X-HE-Meta: U2FsdGVkX1+hPW2KliOWzJcmtlfrJx9/R6vu2Q9TG3l66uYvv9sqkFyU0sYSGp1Y5m5vNp+54/JKJGkqn/tJSLNrAVNXHHdFE3IAYY4iT/3p7y9y6g+NxKataJeDrV9hYwnkS0VJnDVgzOqgrmIxcKHboGaC2WouuxP/LPQfX8Sbz6aAligwWqMos5yveGfwsQ6KNBGBLuqolu52pydMpEj3Xph47jeoNcjyexjsOArCT0BFpZU2ftyjQGfEBlsWyKSUU6EplUoPDjY+dX4HMdRTqEOvMkQdI5neGQzbnmCxxgMX+LFOJ7nk4YqcmYFr5XAf+rk0DF120CSlpSMAre2UU1zZOoeZ7cBK0wbf43zw9ZS0+OkeMd/I9PKSnTqRYX4wJ0Fxsk+mZ/oFUnmfJMu8SJsiH1/i3T1IXNN44SjwgowGOszssupjj0Ks1qoCwo7g1KnJGHDdhC+HPyrkadvhvaR2X+Qgn6T5TIRkCferuuE3p4yQ9VLTqhpJSL/ZEd5SSUN9fvqWzh65br6eP9V5oCS7D9A5NBAiMNnmzDlHHaE1C8Hvp5XAuk3ppqL58AJZgFrBuXZdRvFZG4Q2Yg7aEkOm/t2RB7uXpixAY6TkK93q9TU1jLHNjfnzCRVjiYwhCqlv8mrtdjS4+2yFEgmDJ/7bTxSekP/C/LDgvB9c84NHsrahpz1HrDAUAKI9mf5gvLrL4M7zdWgMy8xUXiXcnwRppYE39WCnM1r5NQQ52cYjTTzwpjf9IlSq/WknqLrw3I/2o8KKAi/rOVLpBMHoV7wgcT3nrT+F0yurTqLorpCOw8xhWbLx7BadWiBBDC2hjiOE9GblBD1Uc85ytrwaOptC9zgc5CpdXxs3433aKXgIjANRi3fdDJvsnAaSpyB+Ov0bKq8xBv0CWNz0TgmwRxtPpabIGss0JUI9Yd6yFGmafuyJlLsusBd+nsigiXBwoA753dQHPIXTjYi zcUNs1Pq Y4wSi6LDchI1+G+zaH9UdtKWT1rYtyRWhq0PmLcWKLm5MrbR+XzWpnwSJwEimC5vPjpWfX/kYk62C1B0NEJQ27+Wlwjq0DBOF6HVHHIgxCrTmSnsxIqQvkax77NjQOGl6ZiaZNWwLIcoiDp02o7eLeEooDVyBWkbosi33ah3+Ua8UoQFrlx7dGyahfKBLIIaAox8C6iYtE4tG7lRa2AXWCodQvCTk1VmX4NCf9chLlkBT3+12DYXT6w7znhClT1dh+QeuaDgDvSV0t7RePqoabN1Avo/ValHLB82AJev2mwDRFCDcrwRXvEGoGrKunOj88NNDpIbgIBfOB1AXtNZDbmCKXCMOQ91On2ZpK7uUBopZMwWNVveeqo6AEg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 14 Jun 2023, Lee Jones wrote: > set_pgd() expects to be passed whole pages to operate on, whereas > trampoline_pgd_entry is, as the name suggests, an entry. The > ramifications for using set_pgd() here are that the following thread of > execution will not only place the suggested value into the > trampoline_pgd_entry (8-Byte globally stored [.bss]) variable, PTI will > also attempt to replicate that value into the non-existent neighboring > user page (located +4k away), leading to the corruption of other global > [.bss] stored variables. > > Suggested-by: Dave Hansen > Signed-off-by: Lee Jones > --- > arch/x86/mm/kaslr.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) Is there any more you need from me at this point? Would you like me to resubmit with the Fixes: tag applied, or is someone happy to apply it on merge? > diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c > index 557f0fe25dff4..37db264866b64 100644 > --- a/arch/x86/mm/kaslr.c > +++ b/arch/x86/mm/kaslr.c > @@ -172,10 +172,10 @@ void __meminit init_trampoline_kaslr(void) > set_p4d(p4d_tramp, > __p4d(_KERNPG_TABLE | __pa(pud_page_tramp))); > > - set_pgd(&trampoline_pgd_entry, > - __pgd(_KERNPG_TABLE | __pa(p4d_page_tramp))); > + trampoline_pgd_entry = > + __pgd(_KERNPG_TABLE | __pa(p4d_page_tramp)); > } else { > - set_pgd(&trampoline_pgd_entry, > - __pgd(_KERNPG_TABLE | __pa(pud_page_tramp))); > + trampoline_pgd_entry = > + __pgd(_KERNPG_TABLE | __pa(pud_page_tramp)); > } > } > -- > 2.41.0.162.gfafddb0af9-goog > -- Lee Jones [李琼斯]