On Wed, Nov 08, 2017 at 11:46:53AM -0800, Dave Hansen wrote: > > From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> > > Global pages stay in the TLB across context switches. Since all > contexts share the same kernel mapping, we use global pages to > allow kernel entries in the TLB to survive when we context > switch. > > But, even having these entries in the TLB opens up something that > an attacker can use [1]. > > Disable global pages so that kernel TLB entries are flushed when > we run userspace. This way, all accesses to kernel memory result > in a TLB miss whether there is good data there or not. Without > this, even when KAISER switches pages tables, the kernel entries > might remain in the TLB. > > We keep _PAGE_GLOBAL available so that we can use it for things > that are global even with KAISER like the entry/exit code and > data. > > 1. The double-page-fault attack: > http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf > > Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> > Cc: Moritz Lipp <moritz.lipp@xxxxxxxxxxxxxx> > Cc: Daniel Gruss <daniel.gruss@xxxxxxxxxxxxxx> > Cc: Michael Schwarz <michael.schwarz@xxxxxxxxxxxxxx> > Cc: Richard Fellner <richard.fellner@xxxxxxxxxxxxxxxxx> > Cc: Andy Lutomirski <luto@xxxxxxxxxx> > Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxx> > Cc: Hugh Dickins <hughd@xxxxxxxxxx> > Cc: x86@xxxxxxxxxx > --- > > b/arch/x86/include/asm/pgtable_types.h | 14 +++++++++++++- > b/arch/x86/mm/pageattr.c | 16 ++++++++-------- > 2 files changed, 21 insertions(+), 9 deletions(-) Reviewed-by: Borislav Petkov <bp@xxxxxxx> -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
