Date: Tue, 9 Oct 2018 13:41:26 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Dave Hansen <dave.hansen@...ux.intel.com> Subject: Linux kernel: "Meltdown leaks with Global kernel mapping" Hi, I didn't look into this closely, but I think it needs to be brought in here. Back in August, Dave Hansen reported what may be ways to bypass PTI protection in the Linux kernel in some cases. Dave's fixes got into Linux 4.18.5, but maybe not into any other releases nor into distros, except for those that updated to 4.18.5 (apparently, some SUSE branch and some Yocto branch?) Start of a relevant thread: https://lists.openwall.net/linux-kernel/2018/08/02/976 The Subject says "close two Meltdown leaks with Global kernel mapping", but it isn't immediately clear to me what "two" leaks there are. Only one appears to be clearly described: https://lists.openwall.net/linux-kernel/2018/08/02/979 The corresponding commit: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti-urgent&id=c40a56a7818cfe735fc93a69e1875f8bba834483 There are mentions of "r/w kernel text issue" and "unused hole" issue - is this why "two"? But "r/w kernel text" feels irrelevant to Meltdown. I've attached the two LKML postings above for archival on oss-security as well. Alexander View attachment "lkml-close-two-meltdown-leaks.txt" of type "text/plain" (3099 bytes) View attachment "lkml-remove-freed-kernel-image-areas.txt" of type "text/plain" (10579 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.