| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090527170118.GC4024@prithivi.gnumonks.org> Date: Wed, 27 May 2009 19:01:18 +0200 From: Harald Welte <HaraldWelte@...tech.com> To: "H. Peter Anvin" <hpa@...or.com> Cc: lkml@...ethan.org, Ingo Molnar <mingo@...e.hu>, Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org, Alan Cox <alan@...rguk.ukuu.org.uk> Subject: LOCK prefix on uni processor has its use (was Re: [BUG FIX] Make x86_32 uni-processor Atomic ops, Atomic) Hi hpa and others, On Sat, May 23, 2009 at 04:44:08PM -0700, H. Peter Anvin wrote: > It looks like there might be a problem with the C7-M ... Michael reports > that if he sets LOCK_PREFIX to "lock;" it works, but that shouldn't be > necessary for a uniprocessor. It seems, they are neccessary. Here are some statements from the CPU logic guys at VIA/Centaur: * A read-modify-write sequence cannot be interupted. * All X86 instructions except rep-strings are atomic wrt interrupts. * The lock prefix has uses on a UP processor: It keeps DMA devices from interfering with a read-modify-write sequence Furthermore, they have done some experimentation in the past, making the CPU simply ignore the LOCK prefix on uni-processor (running a certain popular proprietary operating system): It doesn't work, presumably of the abovementioned DMA related conflict. Also, the engineers believe that it is only a matter of time until different CPU/chipset combination would expose the same bug. Since the in-order single-retire C7-M is more vulnerable than out-of-order, multiple-retire CPU's, they are not surprised that the issue shows first on the C7-M. The recommendation from the CPU engineers, unsurprisingly, thus is to put the LOCK prefixes back where they were. Hope this helps you. Now if I understand the issues correctly, it would mean that there is some driver code that modifies a certain chunk of memory, while DMA of some peripheral is also accessing that memory. I suppose it would not have to be the same actual address, but probably being within the same cache line is already sufficient. Now the question is: Is this a valid operation of a driver? Should the driver do such things, or is such a driver broken? When would that occur? I'm trying to come up with a case, but typically you e.g. allocate some DMA buffer and then don't touch it until the hardware has processed it. Regards, -- - Harald Welte <HaraldWelte@...tech.com> http://linux.via.com.tw/ ============================================================================ VIA Free and Open Source Software Liaison -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists