| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Mar 2015 17:35:50 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Ingo Molnar <mingo@...nel.org>
Cc: Andy Lutomirski <luto@...nel.org>, Takashi Iwai <tiwai@...e.de>,
Denys Vlasenko <dvlasenk@...hat.com>,
Stefan Seyfried <stefan.seyfried@...glemail.com>,
X86 ML <x86@...nel.org>, Jiri Kosina <jkosina@...e.cz>,
LKML <linux-kernel@...r.kernel.org>, Tejun Heo <tj@...nel.org>
Subject: Re: [PATCH] x86, entry: Check for syscall exit work with IRQs disabled
On Tue, Mar 24, 2015 at 1:08 PM, Ingo Molnar <mingo@...nel.org> wrote:
>
> * Andy Lutomirski <luto@...nel.org> wrote:
>
>> We currently have a race: if we're preempted during syscall exit, we
>> can fail to process syscall return work that is queued up while
>> we're preempted in ret_from_sys_call after checking ti.flags.
>>
>> Fix it by disabling interrupts before checking ti.flags.
>>
>> Fixes: 96b6352c1271 x86_64, entry: Remove the syscall exit audit and schedule optimizations
>> Reported-by: Stefan Seyfried <stefan.seyfried@...glemail.com>
>> Reported-by: Takashi Iwai <tiwai@...e.de>
>> Signed-off-by: Andy Lutomirski <luto@...nel.org>
>> ---
>>
>> Ingo, I don't understand the LOCKDEP_SYS_EXIT stuff. Can you take a quick
>> look to confirm that it's okay to call it more than once?
>
> So the essence is that it wants to print this warning if we are
> holding a lock after a syscall:
>
> printk("[ BUG: lock held when returning to user space! ]\n");
>
> it manipulates no state and is not sensitive to whether it's called
> before or after return-work processing.
>
>> arch/x86/kernel/entry_64.S | 18 ++++++++++++++----
>> 1 file changed, 14 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
>> index 1d74d161687c..2babb393915e 100644
>> --- a/arch/x86/kernel/entry_64.S
>> +++ b/arch/x86/kernel/entry_64.S
>> @@ -364,12 +364,21 @@ system_call_fastpath:
>> * Has incomplete stack frame and undefined top of stack.
>> */
>> ret_from_sys_call:
>> - testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
>> - jnz int_ret_from_sys_call_fixup /* Go the the slow path */
>> -
>> LOCKDEP_SYS_EXIT
>> DISABLE_INTERRUPTS(CLBR_NONE)
>> TRACE_IRQS_OFF
>> +
>> + /*
>> + * We must check ti flags with interrupts (or at least preemption)
>> + * off because we must *never* return to userspace without
>> + * processing exit work that is enqueued if we're preempted here.
>> + * In particular, returning to userspace with any of the one-shot
>> + * flags (TIF_NOTIFY_RESUME, TIF_USER_RETURN_NOTIFY, etc) set is
>> + * very bad.
>> + */
>> + testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
>> + jnz int_ret_from_sys_call_fixup /* Go the the slow path */
>
> Should be safe to call it once again after user-work processing has
> been finished.
>
> I've picked up your fix for tip:x86/urgent.
FWIW, the tentative merge here:
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=tmp.tmp&id=a77dd1607ad88a601259a74ba4d646fa68b7cd9a
looks funny. Why aren't you jumping to int_ret_from_sys_call_irqs_off?
--Andy
>
> Thanks,
>
> Ingo
--
Andy Lutomirski
AMA Capital Management, LLC
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists