| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jul 2019 16:59:31 +0000
From: Paul Burton <paul.burton@...s.com>
To: Paul Cercueil <paul@...pouillou.net>
CC: Ralf Baechle <ralf@...ux-mips.org>,
James Hogan <jhogan@...nel.org>,
"linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"od@...c.me" <od@...c.me>
Subject: Re: [PATCH] MIPS: Add support for partial kernel mode on Xburst CPUs
Hi Paul,
On Wed, Jul 24, 2019 at 07:46:54PM -0400, Paul Cercueil wrote:
> Support partial kernel mode of Xburst CPUs found in Ingenic SoCs.
> Partial kernel mode means the userspace applications have access to
> the TCSM0 banks of the VPU,
So far so (reasonably) good :)
> and can execute cache instructions.
Aaaah! Scary!
Does this allow *all* cache instructions? If so that's a big security &
stability hole - if userland can invalidate kernel data or data from
other programs then it can create all sorts of chaos.
Also do you know which Ingenic SoCs this is available on? I see it
documented in the JZ4780 Programming Manual, but Config7 bit 6 is shown
as reserved in my copy of the XBurst1 CPU Core Programming Manual.
I notice the JZ4780 documentation says it allows access "including TCSM,
CACHE instructions" which is scary too since it doesn't say that's *all*
it allows access to. Though just cache instructions by themselves are
enough to be game over for any notion of security as mentioned above.
What is it you want to do with this? I'm wondering if we could achieve
your goal is in a safer way.
Thanks,
Paul
Powered by blists - more mailing lists