lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100908185605.55671889@lxorguk.ukuu.org.uk>
Date:	Wed, 8 Sep 2010 18:56:05 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Nick Lowe <nick.lowe@...il.com>
Cc:	Hans-Peter Jansen <hpj@...la.net>, linux-kernel@...r.kernel.org
Subject: Re: AMD Geode NOPL emulation for kernel 2.6.36-rc2

> If a process crashes because of NOPL usage, you get the feedback loop to fix it.

Trouble is that means rebuilding entire distributios, who don't
neccessarily care about Geode. We had the same problem before with cmov
and the VIA processors, GCC programmers didn't read the Intel PPro
manual and got it wrong but it was the end users who suffered, and most of
them were not in a position to rebuild their distro (and every security
update, and test them all ...) and their distro didn't care.

So lots of people ran a kernel with a CMOV hack in it - never got
mainstream which is unfortunate because if it had it would have helped
a lot more people and had the hole in it fixed.

> The beauty of open source is that we can recompile to correct the bad
> assumption; the latest version of binutils (GAS) finally corrects the
> bad semantic that generic i686 includes NOPL.

And the reality is that this won't happen. Yes you can do it but it's an
enormously slow and inefficient way to tackle the problem.

So the patch (corrected) makes complete sense.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ