lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-id: <alpine.LNX.2.00.0912051509210.879@bruno>
Date:	Sat, 05 Dec 2009 17:24:46 -0600 (CST)
From:	Joseph Parmelee <jparmele@...dbear.com>
To:	Thomas Gleixner <tglx@...utronix.de>
Cc:	Darren Hart <dvhltc@...ibm.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Ingo Molnar <mingo@...e.hu>,
	Eric Dumazet <eric.dumazet@...il.com>,
	Dinakar Guniguntala <dino@...ibm.com>,
	linux-kernel@...r.kernel.org
Subject: Re: futex_cmpxchg_enabled not set in futex_init on pentium3


Hello again:

Did some more testing and developed a bit more data, possibly relevant:

1.  Using gdb on /proc/kcore, 2.6.32 no longer allows access to 0xc0000000,
which could be accessed in 2.6.31.x, presumably showing the 16-bit real-mode
interrupt address table set up by the BIOS at physical address zero.  But
....  (see 3).

2.  Disabling the AMI BIOS corruption prevention in 2.6.32 had no effect on
the behavior described in 3 below.

3.  In 2.6.31.x the following inserted in futex_atomic_cmpxchg_inatomic() in
futex.h caused an oops.  It now works in 2.6.32.

   printk(KERN_INFO "*uaddr=%x, oldval=%x, newval=%x",
     *uaddr, oldval, newval);

Producing in dmesg:

   [    0.149408] *uaddr=f0006aa0, oldval=0, newval=0


The following also works in futex_init in futex.c:

   unsigned int testval, *nullptr=NULL;
   testval=*(unsigned int *)NULL;
   printk(KERN_INFO "curval=%x testval=%x", curval, testval);
   printk(KERN_INFO "An explicit null dereference=%x", *(unsigned int *)NULL);
   printk(KERN_INFO "An implicit null dereference=%x", *nullptr);

Producing in dmesg:

   [    0.149466] curval=f0006aa0 testval=f0006aa0
   [    0.149557] An explicit null dereference=f0006aa0
   [    0.149648] An implicit null dereference=f0006aa0


Thus it is completely clear that the virtual zero page is mapped, probably
to physical zero, during this phase of kernel initialization.

I have used 2.6.32 for only one day, but so far see no ill effects from this
other than the lack of those futex functions which rely on a null pointer
dereference fault to set futex_cmpxchg_enabled.  If zero-page mapping is now
"normal", the test in futex.c for cmpxchg functionality must be changed.


I have "fixed" this on our intel machines by simply commenting out the test
of curval in futex_init, thus causing futex_cmpxchg_enabled to be
unconditionally set.  Not suitable for prime-time obviously, but "it works
for us" until somebody with more savvy comes up with a real fix.


Yours,

Joseph
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ