lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 08 Mar 2012 08:35:12 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Fernando Luis Vázquez Cao 
	<fernando@....ntt.co.jp>
Cc:	Don Zickus <dzickus@...hat.com>, linux-tip-commits@...r.kernel.org,
	torvalds@...ux-foundation.org, kexec@...ts.infradead.org,
	linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
	hpa@...or.com, mingo@...e.hu, Yinghai Lu <yinghai@...nel.org>,
	akpm@...ux-foundation.org, vgoyal@...hat.com
Subject: Re: [PATCH 1/2] boot: ignore early NMIs

Fernando Luis Vázquez Cao <fernando@....ntt.co.jp> writes:

>> Is just a jump and not a move followed by a jump still 10 bytes?
>> I hate to say it but I think this fails miserably for any exception
>> after a nmi.
>
> Thank you for the heads up! Actually, it was working for the
> exceptions after the nmi but with a corrupted esi (vector
> number). My original intention was to fill the empty space
> with nops but forgot to actually implement it... Sorry about
> that. Will fix for the next iteration.

Sound good, and thank you very much for tackling this.

>> I expect the simplest solution is to modify early_idt_handler to test
>> for vector == 2.
>
> That is precisely what I did on a previous version but that would
> involve using registers which need to be saved and restored and
> I wanted to avoid using the stack in the NMI path. We would also
> need to add a "pushq rsi " in early_idt_handlers which implies
> modifying "early_idt_handlers" definition in "segment.h".
>
> If you are OK with it I would like to go with the approach in
> the two patches I sent.

I am fine with your approach.  I suggest a big fat comment mentioning
the 10 byte requirement and the register requirement.

Neither one is locally obvious which makes it easy to goof when
modifying the code.

>> Doing something less brittle than:
>>> extern const char early_idt_handlers[NUM_EXCEPTION_VECTORS][10];
>> in segment.h might be a good idea as well.
>
> Yes, I agree. I will give it some thought.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ