lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 5 Aug 2011 20:20:25 -0400
From:	Andrew Lutomirski <luto@....edu>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Andi Kleen <andi@...stfloor.org>, x86@...nel.org,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
	lueckintel@...oo.com, kimwooyoung@...il.com
Subject: Re: New vsyscall emulation breaks JITs

On Fri, Aug 5, 2011 at 6:11 PM, Andrew Lutomirski <luto@....edu> wrote:
> On Fri, Aug 5, 2011 at 6:06 PM, H. Peter Anvin <hpa@...or.com> wrote:
>> On 08/05/2011 02:26 PM, Andrew Lutomirski wrote:
>>>
>>> For a boot time switch, it might be nicer to just switch between the
>>> current int 0xcc sequence and the older
>>>
>>> mov cx, 0x<magic>
>>> int 0xcc
>>> ret
>>>
>>> sequence.
>>>
>>> That way there's a ret in the vsyscall page but no syscall instruction.
>>>
>>
>> Refresh my memory... we have what... six legacy vsyscall entry points?
>> We could, hypothetically, burn six interrupt vectors with them.  If we
>> get them from the 0x40-0x4f range, then they are harmless standalone REX
>> prefixes (and INC/DEC instructions in 32-bit mode.)
>
> Only three.  I have no real objection to burning two more vectors.
> 0xCD would also be safe.  ISTR that lower numbers like 0x40 might
> actually mean something (ISA?).  32-bit semantics are irrelevant
> because 32-bit code can't jump to the vsyscall page anyway.

I was thinking of 0x20 - 0x39.  0x40, 0x41, and 0x42 should do the
trick.  I'll cook up a patch.

If you want to keep those vectors available for devices as well, we
could hook do_general_protection instead, but that's a little messy.
Are there x86 machines out there that are starved for interrupt
vectors?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists