Re: [PATCH 2/2] x86/ldt: Unmap PTEs for the slow before freeing LDT

From: Andy Lutomirski
Date: Wed Oct 24 2018 - 14:49:33 EST

Next message: Andy Lutomirski: "Re: [v3 01/12] taint: Introduce a new taint flag (insecure)"
Previous message: Rob Herring: "Re: [PATCH v2 2/3] dt-bindings: clk: add documentation for the SiFive PRCI driver"
In reply to: Christoph Hellwig: "Re: [PATCH 2/2] x86/ldt: Unmap PTEs for the slow before freeing LDT"
Next in thread: Kirill A. Shutemov: "Re: [PATCH 2/2] x86/ldt: Unmap PTEs for the slow before freeing LDT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 23, 2018 at 9:32 AM Kirill A. Shutemov
<kirill.shutemov@xxxxxxxxxxxxxxx> wrote:
>
> modify_ldt(2) leaves old LDT mapped after we switch over to the new one.
> Memory for the old LDT gets freed and the pages can be re-used.
>
> Leaving the mapping in place can have security implications. The mapping
> is present in userspace copy of page tables and Meltdown-like attack can
> read these freed and possibly reused pages.

Code looks okay. But:

> - /*
> - * Did we already have the top level entry allocated? We can't
> - * use pgd_none() for this because it doens't do anything on
> - * 4-level page table kernels.
> - */
> - pgd = pgd_offset(mm, LDT_BASE_ADDR);

This looks like an unrelated cleanup. Can it be its own patch?

Next message: Andy Lutomirski: "Re: [v3 01/12] taint: Introduce a new taint flag (insecure)"
Previous message: Rob Herring: "Re: [PATCH v2 2/3] dt-bindings: clk: add documentation for the SiFive PRCI driver"
In reply to: Christoph Hellwig: "Re: [PATCH 2/2] x86/ldt: Unmap PTEs for the slow before freeing LDT"
Next in thread: Kirill A. Shutemov: "Re: [PATCH 2/2] x86/ldt: Unmap PTEs for the slow before freeing LDT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]