[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kfence_protect_page() writing L1TF vulnerable PTE



During tests with QubesOS a problem was found which seemed to be related
to kfence_protect_page() writing a L1TF vulnerable page table entry [1].

Looking into the function I'm seeing:

        set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));

I don't think this can be correct, as keeping the PFN unmodified and
just removing the _PAGE_PRESENT bit is wrong regarding L1TF.

There should be at least the highest PFN bit set in order to be L1TF
safe.


Juergen

[1]: https://github.com/QubesOS/qubes-issues/issues/7935

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.