All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86: make sure IDT is page aligned
@ 2013-07-12 18:30 Kees Cook
  2013-07-12 22:27 ` H. Peter Anvin
  2013-07-12 22:28 ` H. Peter Anvin
  0 siblings, 2 replies; 4+ messages in thread
From: Kees Cook @ 2013-07-12 18:30 UTC (permalink / raw)
  To: linux-kernel
  Cc: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, x86,
	Borislav Petkov, Fenghua Yu, Yinghai Lu, Seiji Aguchi, PaX Team

Since the IDT is referenced from a fixmap, make sure it is page aligned.
This avoids the risk of it ever being moved in the bss and having the
fixmap fail.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: PaX Team <pageexec@freemail.hu>
Cc: stable@vger.kernel.org
---
 arch/x86/kernel/head_32.S |    2 +-
 arch/x86/kernel/head_64.S |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index e65ddc6..3526dd1 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -734,7 +734,7 @@ boot_gdt_descr:
 	.word __BOOT_DS+7
 	.long boot_gdt - __PAGE_OFFSET
 
-	.word 0				# 32-bit align idt_desc.address
+	.word PAGE_SIZE			# page align idt_desc.address
 idt_descr:
 	.word IDT_ENTRIES*8-1		# idt contains 256 entries
 	.long idt_table
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 5e4d8a8..77e6d3e 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -513,7 +513,7 @@ ENTRY(phys_base)
 #include "../../x86/xen/xen-head.S"
 	
 	.section .bss, "aw", @nobits
-	.align L1_CACHE_BYTES
+	.align PAGE_SIZE
 ENTRY(idt_table)
 	.skip IDT_ENTRIES * 16
 
-- 
1.7.9.5


-- 
Kees Cook
Chrome OS Security

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] x86: make sure IDT is page aligned
  2013-07-12 18:30 [PATCH] x86: make sure IDT is page aligned Kees Cook
@ 2013-07-12 22:27 ` H. Peter Anvin
  2013-07-12 22:28 ` H. Peter Anvin
  1 sibling, 0 replies; 4+ messages in thread
From: H. Peter Anvin @ 2013-07-12 22:27 UTC (permalink / raw)
  To: Kees Cook
  Cc: linux-kernel, Thomas Gleixner, Ingo Molnar, x86, Borislav Petkov,
	Fenghua Yu, Yinghai Lu, Seiji Aguchi, PaX Team

On 07/12/2013 11:30 AM, Kees Cook wrote:
> Since the IDT is referenced from a fixmap, make sure it is page aligned.
> This avoids the risk of it ever being moved in the bss and having the
> fixmap fail.
> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Reported-by: PaX Team <pageexec@freemail.hu>
> Cc: stable@vger.kernel.org
> ---
>  arch/x86/kernel/head_32.S |    2 +-
>  arch/x86/kernel/head_64.S |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
> index e65ddc6..3526dd1 100644
> --- a/arch/x86/kernel/head_32.S
> +++ b/arch/x86/kernel/head_32.S
> @@ -734,7 +734,7 @@ boot_gdt_descr:
>  	.word __BOOT_DS+7
>  	.long boot_gdt - __PAGE_OFFSET
>  
> -	.word 0				# 32-bit align idt_desc.address
> +	.word PAGE_SIZE			# page align idt_desc.address
>  idt_descr:
>  	.word IDT_ENTRIES*8-1		# idt contains 256 entries
>  	.long idt_table
> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
> index 5e4d8a8..77e6d3e 100644
> --- a/arch/x86/kernel/head_64.S
> +++ b/arch/x86/kernel/head_64.S
> @@ -513,7 +513,7 @@ ENTRY(phys_base)
>  #include "../../x86/xen/xen-head.S"
>  	
>  	.section .bss, "aw", @nobits
> -	.align L1_CACHE_BYTES
> +	.align PAGE_SIZE
>  ENTRY(idt_table)
>  	.skip IDT_ENTRIES * 16
>  
> 

You are aligning the IDT *descriptor*, not the IDT itself?

	-hpa


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] x86: make sure IDT is page aligned
  2013-07-12 18:30 [PATCH] x86: make sure IDT is page aligned Kees Cook
  2013-07-12 22:27 ` H. Peter Anvin
@ 2013-07-12 22:28 ` H. Peter Anvin
  2013-07-12 22:43   ` Kees Cook
  1 sibling, 1 reply; 4+ messages in thread
From: H. Peter Anvin @ 2013-07-12 22:28 UTC (permalink / raw)
  To: Kees Cook
  Cc: linux-kernel, Thomas Gleixner, Ingo Molnar, x86, Borislav Petkov,
	Fenghua Yu, Yinghai Lu, Seiji Aguchi, PaX Team

On 07/12/2013 11:30 AM, Kees Cook wrote:
>  
> -	.word 0				# 32-bit align idt_desc.address
> +	.word PAGE_SIZE			# page align idt_desc.address
> 

... and this is totally confused.  This didn't change alignment one
iota, it only put the value 4096 into the padding.

	-hpa


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] x86: make sure IDT is page aligned
  2013-07-12 22:28 ` H. Peter Anvin
@ 2013-07-12 22:43   ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2013-07-12 22:43 UTC (permalink / raw)
  To: H. Peter Anvin
  Cc: LKML, Thomas Gleixner, Ingo Molnar, x86, Borislav Petkov,
	Fenghua Yu, Yinghai Lu, Seiji Aguchi, PaX Team

That was the busted patch. See the v2 I sent. Only 64-bit needs
alignment. And after looking more at it, the idt in head_64.S could be
entirely dropped in favor of using the one in arch/x86/kernel/traps.c
(after moving it out of the #ifdef.

-Kees

On Fri, Jul 12, 2013 at 3:28 PM, H. Peter Anvin <hpa@zytor.com> wrote:
> On 07/12/2013 11:30 AM, Kees Cook wrote:
>>
>> -     .word 0                         # 32-bit align idt_desc.address
>> +     .word PAGE_SIZE                 # page align idt_desc.address
>>
>
> ... and this is totally confused.  This didn't change alignment one
> iota, it only put the value 4096 into the padding.
>
>         -hpa
>



-- 
Kees Cook
Chrome OS Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-07-12 22:43 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-12 18:30 [PATCH] x86: make sure IDT is page aligned Kees Cook
2013-07-12 22:27 ` H. Peter Anvin
2013-07-12 22:28 ` H. Peter Anvin
2013-07-12 22:43   ` Kees Cook

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.