On Wed, Nov 08, 2017 at 11:46:53AM -0800, Dave Hansen wrote: > > From: Dave Hansen <[email protected]> > > Global pages stay in the TLB across context switches. Since all > contexts share the same kernel mapping, we use global pages to > allow kernel entries in the TLB to survive when we context > switch. > > But, even having these entries in the TLB opens up something that > an attacker can use [1]. > > Disable global pages so that kernel TLB entries are flushed when > we run userspace. This way, all accesses to kernel memory result > in a TLB miss whether there is good data there or not. Without > this, even when KAISER switches pages tables, the kernel entries > might remain in the TLB. > > We keep _PAGE_GLOBAL available so that we can use it for things > that are global even with KAISER like the entry/exit code and > data. > > 1. The double-page-fault attack: > http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf > > Signed-off-by: Dave Hansen <[email protected]> > Cc: Moritz Lipp <[email protected]> > Cc: Daniel Gruss <[email protected]> > Cc: Michael Schwarz <[email protected]> > Cc: Richard Fellner <[email protected]> > Cc: Andy Lutomirski <[email protected]> > Cc: Linus Torvalds <[email protected]> > Cc: Kees Cook <[email protected]> > Cc: Hugh Dickins <[email protected]> > Cc: [email protected] > --- > > b/arch/x86/include/asm/pgtable_types.h | 14 +++++++++++++- > b/arch/x86/mm/pageattr.c | 16 ++++++++-------- > 2 files changed, 21 insertions(+), 9 deletions(-)
Reviewed-by: Borislav Petkov <[email protected]> -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
