lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 1 Jul 2016 11:23:01 +0200
From:	Borislav Petkov <bp@...en8.de>
To:	Dave Hansen <dave@...1.net>
Cc:	linux-kernel@...r.kernel.org, x86@...nel.org, linux-mm@...ck.org,
	torvalds@...ux-foundation.org, akpm@...ux-foundation.org,
	ak@...ux.intel.com, mhocko@...e.com, dave.hansen@...ux.intel.com,
	luto@...nel.org, stable@...r.kernel.org
Subject: Re: [PATCH 1/6] x86: fix duplicated X86_BUG(9) macro

On Thu, Jun 30, 2016 at 05:12:10PM -0700, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> epufeatures.h currently defines X86_BUG(9) twice on 32-bit:
> 
> 	#define X86_BUG_NULL_SEG        X86_BUG(9) /* Nulling a selector preserves the base */
> 	...
> 	#ifdef CONFIG_X86_32
> 	#define X86_BUG_ESPFIX          X86_BUG(9) /* "" IRET to 16-bit SS corrupts ESP/RSP high bits */
> 	#endif
> 
> I think what happened was that this added the X86_BUG_ESPFIX, but
> in an #ifdef below most of the bugs:
> 
> 	[58a5aac5] x86/entry/32: Introduce and use X86_BUG_ESPFIX instead of paravirt_enabled
> 
> Then this came along and added X86_BUG_NULL_SEG, but collided
> with the earlier one that did the bug below the main block
> defining all the X86_BUG()s.
> 
> 	[7a5d6704] x86/cpu: Probe the behavior of nulling out a segment at boot time
> 
> Signed-off-by: Dave Hansen <dave.hansen@...ux.intel.com>
> Acked-by: Andy Lutomirski <luto@...nel.org>
> Cc: stable@...r.kernel.org
> ---
> 
>  b/arch/x86/include/asm/cpufeatures.h |    6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff -puN arch/x86/include/asm/cpufeatures.h~knl-leak-10-fix-x86-bugs-macros arch/x86/include/asm/cpufeatures.h
> --- a/arch/x86/include/asm/cpufeatures.h~knl-leak-10-fix-x86-bugs-macros	2016-06-30 17:10:41.215185869 -0700
> +++ b/arch/x86/include/asm/cpufeatures.h	2016-06-30 17:10:41.218186005 -0700
> @@ -301,10 +301,6 @@
>  #define X86_BUG_FXSAVE_LEAK	X86_BUG(6) /* FXSAVE leaks FOP/FIP/FOP */
>  #define X86_BUG_CLFLUSH_MONITOR	X86_BUG(7) /* AAI65, CLFLUSH required before MONITOR */
>  #define X86_BUG_SYSRET_SS_ATTRS	X86_BUG(8) /* SYSRET doesn't fix up SS attrs */
> -#define X86_BUG_NULL_SEG	X86_BUG(9) /* Nulling a selector preserves the base */
> -#define X86_BUG_SWAPGS_FENCE	X86_BUG(10) /* SWAPGS without input dep on GS */
> -
> -
>  #ifdef CONFIG_X86_32
>  /*
>   * 64-bit kernels don't use X86_BUG_ESPFIX.  Make the define conditional

So I'd remove the "#ifdef CONFIG_X86_32" ifdeffery too and make that bit
unconditional - so what, we have enough free bits. But I'd leave the
comment to still avoid the confusion :)

-- 
Regards/Gruss,
    Boris.

ECO tip #101: Trim your mails when you reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ