| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Mar 2016 15:57:40 -0700 From: Andy Lutomirski <luto@...capital.net> To: Andi Kleen <andi@...stfloor.org> Cc: X86 ML <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: Updated version of RD/WR FS/GS BASE patchkit On Mon, Mar 21, 2016 at 3:52 PM, Andi Kleen <andi@...stfloor.org> wrote: >> No. My objection is that there needs to be an explicit statement what >> the semantics are. If the agreed-upon semantics are "undefined >> behavior if GS != 0 and GSBASE doesn't match the descriptor", so be >> it, but this needs to be a conscious decision and needs to be weighed >> against the alternatives. > > Documentation/x86/fsgs.txt already has this statement: > >>>> > Another requirement is that the FS or GS selector has to be zero > (is normally true unless changed explicitly). When it is non-zero > the context switch assumes the bases were loaded through the LDT/GDT, > and will reload that. > <<< > > Is that sufficient? > Maybe. Are there better options? Could we, for example, actually try to preserve the state if this happens? Would it be worth it? >> >> The actual implementation details are just details. They need to >> match the intended semantics, of course. > > I believe my implementation matches the paragraph above. > > -Andi > > -- > ak@...ux.intel.com -- Speaking for myself only. -- Andy Lutomirski AMA Capital Management, LLC
Powered by blists - more mailing lists