lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sat, 5 Dec 2009 10:06:39 -0500 (EST)
From:	Bart Oldeman <bartoldeman@...rs.sourceforge.net>
To:	Thomas Gleixner <tglx@...utronix.de>
cc:	linux-kernel@...r.kernel.org, mingo@...e.hu,
	"K.Prasad" <prasad@...ux.vnet.ibm.com>, stable@...nel.org
Subject: Re: [PATCH] x86, vm86: fix preemption bug for int3 breakpoint
 handlers.

Thomas,

On Mon, 25 May 2009, Thomas Gleixner wrote:
> On Sun, 24 May 2009, Bart Oldeman wrote:
>> --- a/arch/x86/kernel/vm86_32.c
>> +++ b/arch/x86/kernel/vm86_32.c
>> @@ -551,8 +551,12 @@ cannot_handle:
>>  int handle_vm86_trap(struct kernel_vm86_regs *regs, long error_code, int
>> trapno)
>>  {
>>  	if (VMPI.is_vm86pus) {
>> -		if ((trapno == 3) || (trapno == 1))
>> +		if ((trapno == 3) || (trapno == 1)) {
>> +			/* re-enable preemption: return_to_32bit()
>> +			   jumps straight to entry_32.S */
>> +			dec_preempt_count();
>
>  This will break other callers of handle_vm86_trap().

sorry for the late reply, I was just pointed out by someone else about the
existence of this bug again. You are right of course. Below is a new 
patch.

Note that on the linux-2.6-x86.git tree, commit 
08d68323d1f0c34452e614263b212ca556dae47f ("hw-breakpoints: modifying
generic debug exception to use thread-specific debug registers") broke 
vm86 debug exceptions as well again. The trouble is that 
handle_vm86_trap() may jump and change the stack to let the kernel return 
to 32 bit user space, so the handle_vm86_trap() call itself may not 
return.

--
Impact: fix kernel bug such as:
May 22 16:47:47 localhost kernel: note: dosemu.bin[5281] exited with preempt_count 1

Commit be716615fe596ee117292dc615e95f707fb67fd1 ("x86, vm86:
fix preemption bug"), fixed the problem for debug exceptions but not for 
breakpoints. This change also fixes breakpoints.

Cc: stable@...nel.org
Signed-off-by: Bart Oldeman <bartoldeman@...rs.sourceforge.net>
---
  arch/x86/kernel/traps.c |    7 ++++++-
  1 file changed, 6 insertions(+), 1 deletion(-)

--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -181,9 +181,14 @@ kernel_trap:

  #ifdef CONFIG_X86_32
  vm86_trap:
+	/* reenable preemption: handle_vm86_trap() might sleep */
+	dec_preempt_count();
  	if (handle_vm86_trap((struct kernel_vm86_regs *) regs,
-						error_code, trapnr))
+						error_code, trapnr)) {
+		inc_preempt_count();
  		goto trap_signal;
+	}
+	inc_preempt_count();
  	return;
  #endif
  }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ