On Wed, Oct 24, 2018 at 11:49:17AM -0700, Andy Lutomirski wrote: > On Tue, Oct 23, 2018 at 9:32 AM Kirill A. Shutemov > <kirill.shutemov@xxxxxxxxxxxxxxx> wrote: > > > > modify_ldt(2) leaves old LDT mapped after we switch over to the new one. > > Memory for the old LDT gets freed and the pages can be re-used. > > > > Leaving the mapping in place can have security implications. The mapping > > is present in userspace copy of page tables and Meltdown-like attack can > > read these freed and possibly reused pages. > > Code looks okay. But: > > > - /* > > - * Did we already have the top level entry allocated? We can't > > - * use pgd_none() for this because it doens't do anything on > > - * 4-level page table kernels. > > - */ > > - pgd = pgd_offset(mm, LDT_BASE_ADDR); > > This looks like an unrelated cleanup. Can it be its own patch? Okay, I'll move it into a separate patch in v3. I'll some more time for comments on v2 before respin. -- Kirill A. Shutemov
