| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 16:39:40 -0400 From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, Steven Rostedt <rostedt@...tedt.homelinux.com>, Frederic Weisbecker <fweisbec@...il.com>, Thomas Gleixner <tglx@...utronix.de>, Christoph Hellwig <hch@....de>, Li Zefan <lizf@...fujitsu.com>, Lai Jiangshan <laijs@...fujitsu.com>, Johannes Berg <johannes.berg@...el.com>, Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>, Arnaldo Carvalho de Melo <acme@...radead.org>, Tom Zanussi <tzanussi@...il.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Andi Kleen <andi@...stfloor.org>, "H. Peter Anvin" <hpa@...or.com>, Jeremy Fitzhardinge <jeremy@...p.org>, "Frank Ch. Eigler" <fche@...hat.com>, Tejun Heo <htejun@...il.com> Subject: Re: [patch 1/2] x86_64 page fault NMI-safe * Linus Torvalds (torvalds@...ux-foundation.org) wrote [...] > In fact, I wonder if we couldn't just do a software NMI disable > instead? Hav ea per-cpu variable (in the _core_ percpu areas that get > allocated statically) that points to the NMI stack frame, and just > make the NMI code itself do something like > > NMI entry: Let's try to figure out how far we can go with this idea. First, to answer Ingo's critic, let's assume we do a stack frame copy before entering the "generic" nmi handler routine. > - load percpu NMI stack frame pointer > - if non-zero we know we're nested, and should ignore this NMI: > - we're returning to kernel mode, so return immediately by using > "popf/ret", which also keeps NMI's disabled in the hardware until the > "real" NMI iret happens. Maybe incrementing a per-cpu missed NMIs count could be appropriate here so we know how many NMIs should be replayed at iret ? > - before the popf/iret, use the NMI stack pointer to make the NMI > return stack be invalid and cause a fault I assume you mean "popf/ret" here. So assuming we use a frame copy, we should change the nmi stack pointer in the nesting 0 nmi stack copy, so the nesting 0 NMI iret will trigger the fault. > - set the NMI stack pointer to the current stack pointer That would mean bringing back the NMI stack pointer to the (nesting - 1) nmi stack copy. > > NMI exit (not the above "immediate exit because we nested"): > clear the percpu NMI stack pointer This would be rather: - Copy the nesting 0 stack copy back onto the real nmi stack. - clear the percpu nmi stack pointer ** ! > Just do the iret. Which presumably faults if we changed the return stack for an invalid one and executes as many NMIs as there are "missed nmis" counted (missed nmis should probably be read with an xchg() instruction). So, one question persists, regarding the "** !" comment: what do we do if an NMI comes in exactly at that point ? I'm afraid it will overwrite the "real" nmi stack, and therefore drop all the "pending" nmis by setting the nmi stack return address to a valid one. Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists