On Thu, Sep 06, 2018 at 06:38:30PM +, Nadav Amit wrote:
> Note that patch 1/6 is still needed to fix false lockdep shoutouts due to a
> recent patch.
For some reason I do not appear to have 1/6 in my inbox. Let me dig
through lkml.
On Thu, Sep 06, 2018 at 06:38:30PM +, Nadav Amit wrote:
> Note that patch 1/6 is still needed to fix false lockdep shoutouts due to a
> recent patch.
For some reason I do not appear to have 1/6 in my inbox. Let me dig
through lkml.
at 11:31 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 11:09:23AM -0700, Andy Lutomirski wrote:
>>> On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
>>> It depends what security you want. Some may consider even the short
>>> time-window in which the kernel code is writable from other cores
at 11:31 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 11:09:23AM -0700, Andy Lutomirski wrote:
>>> On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
>>> It depends what security you want. Some may consider even the short
>>> time-window in which the kernel code is writable from other cores
On Thu, Sep 06, 2018 at 11:09:23AM -0700, Andy Lutomirski wrote:
> > On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
> > It depends what security you want. Some may consider even the short
> > time-window in which the kernel code is writable from other cores as
> > insufficient for security.
> >
On Thu, Sep 06, 2018 at 11:09:23AM -0700, Andy Lutomirski wrote:
> > On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
> > It depends what security you want. Some may consider even the short
> > time-window in which the kernel code is writable from other cores as
> > insufficient for security.
> >
> On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
>
> at 10:17 AM, Peter Zijlstra wrote:
>
>>> On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
>>> In addition, there might be a couple of issues with your fix:
>>
>> It boots on my box ;-)
>>
>>> 1. __set_pte_vaddr() is not used
> On Sep 6, 2018, at 10:58 AM, Nadav Amit wrote:
>
> at 10:17 AM, Peter Zijlstra wrote:
>
>>> On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
>>> In addition, there might be a couple of issues with your fix:
>>
>> It boots on my box ;-)
>>
>>> 1. __set_pte_vaddr() is not used
at 10:17 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
>> In addition, there might be a couple of issues with your fix:
>
> It boots on my box ;-)
>
>> 1. __set_pte_vaddr() is not used exclusive by set_fixmap(). This means
>> the warning might be
at 10:17 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
>> In addition, there might be a couple of issues with your fix:
>
> It boots on my box ;-)
>
>> 1. __set_pte_vaddr() is not used exclusive by set_fixmap(). This means
>> the warning might be
On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
> I’ll give your patch a try once my server goes back online. I was (and still
> am) worried that interrupts would be disabled when __set_pte_vaddr() is
> called, which would make the fix more complicated.
Thing is, we only need the TLB
On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
> I’ll give your patch a try once my server goes back online. I was (and still
> am) worried that interrupts would be disabled when __set_pte_vaddr() is
> called, which would make the fix more complicated.
Thing is, we only need the TLB
On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
> In addition, there might be a couple of issues with your fix:
It boots on my box ;-)
> 1. __set_pte_vaddr() is not used exclusive by set_fixmap(). This means
> the warning might be wrong, but also means that these code patches (Xen’s
On Thu, Sep 06, 2018 at 05:01:25PM +, Nadav Amit wrote:
> In addition, there might be a couple of issues with your fix:
It boots on my box ;-)
> 1. __set_pte_vaddr() is not used exclusive by set_fixmap(). This means
> the warning might be wrong, but also means that these code patches (Xen’s
at 3:16 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
>> No, you got it the first time. There are in fact more fixmap abusers;
>> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
>> overwriting a _PAGE_PRESENT pte and has that
at 3:16 AM, Peter Zijlstra wrote:
> On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
>> No, you got it the first time. There are in fact more fixmap abusers;
>> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
>> overwriting a _PAGE_PRESENT pte and has that
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Thu, Sep 06, 2018 at 10:13:00AM +0200, Peter Zijlstra wrote:
> No, you got it the first time. There are in fact more fixmap abusers;
> see drivers/acpi/apei/ghes.c. Also, as long as set_fixmap() allows
> overwriting a _PAGE_PRESENT pte and has that dodgy
> __flush_tlb_one_kernel() in it, the
On Wed, Sep 05, 2018 at 07:10:46PM +, Nadav Amit wrote:
> at 12:02 PM, Nadav Amit wrote:
>
> > at 11:56 AM, Peter Zijlstra wrote:
> >
> >> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
> >>> This patch-set addresses some issues that were raised in a recent
> >>>
On Wed, Sep 05, 2018 at 07:10:46PM +, Nadav Amit wrote:
> at 12:02 PM, Nadav Amit wrote:
>
> > at 11:56 AM, Peter Zijlstra wrote:
> >
> >> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
> >>> This patch-set addresses some issues that were raised in a recent
> >>>
at 12:02 PM, Nadav Amit wrote:
> at 11:56 AM, Peter Zijlstra wrote:
>
>> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
>>> This patch-set addresses some issues that were raised in a recent
>>> correspondence and might affect the security and the correctness of code
>>> patching.
at 12:02 PM, Nadav Amit wrote:
> at 11:56 AM, Peter Zijlstra wrote:
>
>> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
>>> This patch-set addresses some issues that were raised in a recent
>>> correspondence and might affect the security and the correctness of code
>>> patching.
at 11:56 AM, Peter Zijlstra wrote:
> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
>> This patch-set addresses some issues that were raised in a recent
>> correspondence and might affect the security and the correctness of code
>> patching. (Note that patching performance is not
at 11:56 AM, Peter Zijlstra wrote:
> On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
>> This patch-set addresses some issues that were raised in a recent
>> correspondence and might affect the security and the correctness of code
>> patching. (Note that patching performance is not
On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
> This patch-set addresses some issues that were raised in a recent
> correspondence and might affect the security and the correctness of code
> patching. (Note that patching performance is not addressed by this
> patch-set).
>
> The
On Sun, Sep 02, 2018 at 10:32:18AM -0700, Nadav Amit wrote:
> This patch-set addresses some issues that were raised in a recent
> correspondence and might affect the security and the correctness of code
> patching. (Note that patching performance is not addressed by this
> patch-set).
>
> The
This patch-set addresses some issues that were raised in a recent
correspondence and might affect the security and the correctness of code
patching. (Note that patching performance is not addressed by this
patch-set).
The main issue that the patches deal with is the fact that the fixmap
PTEs that
This patch-set addresses some issues that were raised in a recent
correspondence and might affect the security and the correctness of code
patching. (Note that patching performance is not addressed by this
patch-set).
The main issue that the patches deal with is the fact that the fixmap
PTEs that
32 matches
Mail list logo