Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h > > index e1650da01323..d087c3aa0514 100644 > > --- a/arch/x86/entry/calling.h > > +++ b/arch/x86/entry/calling.h > > @@

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h > > index e1650da01323..d087c3aa0514 100644 > > --- a/arch/x86/entry/calling.h > > +++ b/arch/x86/entry/calling.h > > @@ -2,6 +2,7 @@ > >

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > diff --git a/Documentation/x86/kaiser.txt b/Documentation/x86/kaiser.txt > > new file mode 100644 > > Here some text cleanups/typos fixes on top, after reading through it: Applied,

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > diff --git a/Documentation/x86/kaiser.txt b/Documentation/x86/kaiser.txt > > new file mode 100644 > > Here some text cleanups/typos fixes on top, after reading through it: Applied, thanks!

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch), noexec=off

On Sun, 26 Nov 2017, Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > + * Take a PGD location (pgdp) and a pgd value that needs > > + * to be set there. Populates the shadow and returns > > + * the resulting PGD that must be set in the kernel copy > > + *

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch), noexec=off

On Sun, 26 Nov 2017, Borislav Petkov wrote: > On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > > + * Take a PGD location (pgdp) and a pgd value that needs > > + * to be set there. Populates the shadow and returns > > + * the resulting PGD that must be set in the kernel copy > > + *

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch), noexec=off

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > + * Take a PGD location (pgdp) and a pgd value that needs > + * to be set there. Populates the shadow and returns > + * the resulting PGD that must be set in the kernel copy > + * of the page tables. > + */ > +static inline pgd_t

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch), noexec=off

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > + * Take a PGD location (pgdp) and a pgd value that needs > + * to be set there. Populates the shadow and returns > + * the resulting PGD that must be set in the kernel copy > + * of the page tables. > + */ > +static inline pgd_t

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h > index e1650da01323..d087c3aa0514 100644 > --- a/arch/x86/entry/calling.h > +++ b/arch/x86/entry/calling.h > @@ -2,6 +2,7 @@ > #include > #include > #include >

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h > index e1650da01323..d087c3aa0514 100644 > --- a/arch/x86/entry/calling.h > +++ b/arch/x86/entry/calling.h > @@ -2,6 +2,7 @@ > #include > #include > #include >

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > diff --git a/Documentation/x86/kaiser.txt b/Documentation/x86/kaiser.txt > new file mode 100644 Here some text cleanups/typos fixes on top, after reading through it: --- diff --git a/Documentation/x86/kaiser.txt

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 06:23:53PM +0100, Ingo Molnar wrote: > diff --git a/Documentation/x86/kaiser.txt b/Documentation/x86/kaiser.txt > new file mode 100644 Here some text cleanups/typos fixes on top, after reading through it: --- diff --git a/Documentation/x86/kaiser.txt

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > > +static pte_t *kaiser_shadow_pagetable_walk(unsigned long address, > > + unsigned long flags) > > +{ > > + pte_t *pte; > > + pmd_t *pmd; > >

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > > +static pte_t *kaiser_shadow_pagetable_walk(unsigned long address, > > + unsigned long flags) > > +{ > > + pte_t *pte; > > + pmd_t *pmd; > > + pud_t *pud; > > +

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Dave Hansen wrote: > On 11/24/2017 04:16 AM, Peter Zijlstra wrote: > > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > >> +The minimalistic kernel portion of the user page tables try to > >> +map only what is needed to enter/exit the kernel such as

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Dave Hansen wrote: > On 11/24/2017 04:16 AM, Peter Zijlstra wrote: > > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > >> +The minimalistic kernel portion of the user page tables try to > >> +map only what is needed to enter/exit the kernel such as the > >> +entry/exit

[PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

From: Dave Hansen These patches are based on work from a team at Graz University of Technology: https://github.com/IAIK/KAISER . This work would not have been possible without their work as a starting point. KAISER is a countermeasure against side channel attacks

[PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

From: Dave Hansen These patches are based on work from a team at Graz University of Technology: https://github.com/IAIK/KAISER . This work would not have been possible without their work as a starting point. KAISER is a countermeasure against side channel attacks against kernel virtual memory.

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On 11/24/2017 04:16 AM, Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: >> +The minimalistic kernel portion of the user page tables try to >> +map only what is needed to enter/exit the kernel such as the >> +entry/exit functions themselves and the interrupt

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On 11/24/2017 04:16 AM, Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: >> +The minimalistic kernel portion of the user page tables try to >> +map only what is needed to enter/exit the kernel such as the >> +entry/exit functions themselves and the interrupt

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > > Note: The original KAISER authors signed-off on their patch. Some of > > their code has been broken out into other patches in this series, but > > their SoB was only retained here.

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

* Peter Zijlstra wrote: > On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > > Note: The original KAISER authors signed-off on their patch. Some of > > their code has been broken out into other patches in this series, but > > their SoB was only retained here. > > This is not in

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > +static pte_t *kaiser_shadow_pagetable_walk(unsigned long address, > +unsigned long flags) > +{ > + pte_t *pte; > + pmd_t *pmd; > + pud_t *pud; > + p4d_t *p4d; > + pgd_t *pgd

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > +static pte_t *kaiser_shadow_pagetable_walk(unsigned long address, > +unsigned long flags) > +{ > + pte_t *pte; > + pmd_t *pmd; > + pud_t *pud; > + p4d_t *p4d; > + pgd_t *pgd

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > +The minimalistic kernel portion of the user page tables try to > +map only what is needed to enter/exit the kernel such as the > +entry/exit functions themselves and the interrupt descriptor > +table (IDT). There

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > +The minimalistic kernel portion of the user page tables try to > +map only what is needed to enter/exit the kernel such as the > +entry/exit functions themselves and the interrupt descriptor > +table (IDT). There

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > Note: The original KAISER authors signed-off on their patch. Some of > their code has been broken out into other patches in this series, but > their SoB was only retained here. This is not in fact the case anymore.. > Signed-off-by:

Re: [PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

On Fri, Nov 24, 2017 at 10:14:30AM +0100, Ingo Molnar wrote: > Note: The original KAISER authors signed-off on their patch. Some of > their code has been broken out into other patches in this series, but > their SoB was only retained here. This is not in fact the case anymore.. > Signed-off-by:

[PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

From: Dave Hansen These patches are based on work from a team at Graz University of Technology: https://github.com/IAIK/KAISER . This work would not have been possible without their work as a starting point. KAISER is a countermeasure against side channel attacks

[PATCH 25/43] x86/mm/kaiser: Unmap kernel from userspace page tables (core patch)

From: Dave Hansen These patches are based on work from a team at Graz University of Technology: https://github.com/IAIK/KAISER . This work would not have been possible without their work as a starting point. KAISER is a countermeasure against side channel attacks against kernel virtual memory.