| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Mar 2015 17:20:09 -0700 From: Andy Lutomirski <luto@...capital.net> To: Dave Hansen <dave.hansen@...el.com>, Borislav Petkov <bp@...en8.de> Cc: Thomas Gleixner <tglx@...utronix.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, Rik van Riel <riel@...hat.com>, Suresh Siddha <sbsiddha@...il.com>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, Fenghua Yu <fenghua.yu@...el.com>, Oleg Nesterov <oleg@...hat.com> Subject: Re: [PATCH 01/17] x86, fpu: wrap get_xsave_addr() to make it safer [add Borislav] I swear it would actually be an improvement if we just randomized the function names. fpu_817, fpu_717, etc. At least no one would think they understand them... On Tue, Mar 24, 2015 at 5:18 PM, Andy Lutomirski <luto@...capital.net> wrote: > On Tue, Mar 24, 2015 at 5:12 PM, Dave Hansen <dave.hansen@...el.com> wrote: >> On 03/24/2015 04:52 PM, Andy Lutomirski wrote: >>> On Tue, Mar 24, 2015 at 4:42 PM, Dave Hansen <dave.hansen@...el.com> wrote: >>>> On 03/24/2015 03:28 PM, Andy Lutomirski wrote: >>>>> Your function appears to be getting it for write (I assume that's what >>>>> the unlazy_fpu is for), so I'd rather have it called >>>>> tsk_get_xsave_field_for_write or something like that. >>>> >>>> It should be entirely read-only. >>>> >>>> For MPX (the only user of get_xsave_addr() iirc), we are only worried >>>> about getting the status codes (and addresses) out of the bndstatus >>>> register and making sure that the kernel-recorded bounds directory >>>> address matches the bndcfgu (configuration) register. >>>> >>>> We don't ever write to the registers. >>> >>> So why are you unlazying it? >> >> Oleg actually suggested it. >> >>> IIUC, the xstae for current can be in one of three logical states: >>> >>> 1. Live in CPU regs. The in-memory copy is garbage and the state is >>> in CPU regs. >>> 2. Lazy. The in-memory copy and the CPU regs match. Writing to >>> either copy is illegal. >>> 3. In memory only. Writing to the in-memory copy is safe. >>> >>> IIUC, you want to read the xstate, do you're okay with #2 or #3. This >>> would be tsk_get_xsave_field_for_read in my terminology. >>> >>> If you want to write the xstate, you'd need to be in state #3, which >>> would be tsk_get_xsave_field_for_write. >>> >>> IIUC, unlazy_fpu just moves from from state 2 to 3. >> >> I won't completely claim to understand what's going on with the FPU >> code, but I think your analysis is a bit off. >> >> unlazy_fpu() does __save_init_fpu() which (among other things) calls >> xsave to dump the CPU registers to memory. That doesn't make any sense >> to do if "The in-memory copy and the CPU regs match." >> >> IOW, unlazy_fpu() is called when the in-memory copy is garbage and takes >> us to a state where we can look at the in-memory copy. > > I think that __save_init_fpu (called by unlazy_fpu) does that, but > __thread_fpu_end calls __thread_clear_has_fpu, which, in turn, zaps > fpu_owner_task, which will force an unnecessary xrstor. Or maybe not > if we have further bugs. > > Holy crap these functions are poorly named. Also, what, if anything, > guarantees that fpu_owner_task is set on entry to userspace? Do we > even need it to be set? Oleg, help? > > --Andy > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists