| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Mar 2012 09:33:50 -0400 From: Don Zickus <dzickus@...hat.com> To: Fernando Luis Vázquez Cao <fernando@....ntt.co.jp> Cc: "H. Peter Anvin" <hpa@...or.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-tip-commits@...r.kernel.org, torvalds@...ux-foundation.org, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de, mingo@...e.hu, Yinghai Lu <yinghai@...nel.org>, akpm@...ux-foundation.org, vgoyal@...hat.com Subject: Re: [PATCH 1/2] boot: ignore early NMIs On Tue, Mar 13, 2012 at 11:11:49AM +0900, Fernando Luis Vázquez Cao wrote: > On 03/13/2012 05:16 AM, H. Peter Anvin wrote: > >On 03/12/2012 01:04 PM, H. Peter Anvin wrote: > >>On 03/12/2012 01:01 PM, Eric W. Biederman wrote: > >>>The basic problem is which source do we block this at? How many > >>>sources are their? And architecturally last I looked x86 no longer > >>>has a NMI disable EFI and similar systems want to get away without > >>>a CMOS legacy clock because designers so often get them wrong. > >>> > >>On all processors which have an LAPIC you can block all NMI sources at > >>the LAPIC. I think it's safe to assume that if you don't have an LAPIC > >>-- an ancient system by now -- you have port 70h. > >> > >One thing: *disabling* the LAPIC will allow external NMIs coming in on > >LINT1 through, since the LAPIC in the disabled state tries to mimic the > >no-LAPIC configuration. So I don't think you want to disable LAPIC as > >much as disable the interrupt vectors within. > > Does this sound like a plan to get the ball rolling?: > > 1.- Merge Don's patch to disable the LAPIC in kdump reboot path (this > fixes a real issue seen in the field, is a net win and certainly not a > regression - indeed it makes the code simpler because the I/O > APICs are left untouched). I think you mean my patch to stop disabling the I/O APIC. That patch hasn't seen any new issues. It was the piece that stopped disabling the LAPIC that opened the doors for NMIs to fault the system. > > 2.- Merge my patch set to ignore early NMIs (this brings the behavior > of the boot code in line with what we do in the rest of the kernel > a we can avoid situations were a spurious NMI causes the kernel > to halt). The early NMI handler is temporary and the final NMI > handler installed shortly afterwards will take care of subsequent > NMIs. > > 3.- Make sure that spurious NMIs (i.e. NMIs that for whatever reason > could not be stopped at the source) received during the reboot > path to the kdump kernel do not cause a triple fault or a system > lockup. This is under testing. This will require changes in kexec-tools as the purgatory code zaps the GDT I believe. This is going to make a 'complete solution' dependent on a version of kexec-tools. Not sure what we want to do there. > > 4.- Identify all the NMI sources and keep them from reaching the CPU > when it can be done in a race-free way. Cheers, Don -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists