lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=khD7fSVv_tC6TogimjJshEErj6Em8mCcDF+SM@mail.gmail.com>
Date:	Wed, 8 Sep 2010 18:51:46 +0100
From:	Nick Lowe <nick.lowe@...il.com>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	Hans-Peter Jansen <hpj@...la.net>, linux-kernel@...r.kernel.org
Subject: Re: AMD Geode NOPL emulation for kernel 2.6.36-rc2

Hi,

It would only be through back-porting a form of this patch that it
would affect existing distributions, surely?

Why should it make it to the stable tree and a new kernel, though? The
chances are that if a distribution moves to a new kernel, they'll move
all the other packages up with it.

The Latest Ubuntu, for example, has been compiled against a version of
binutils that does not have this problem.

And nobody has answered what happens when NOPLs are used to
synchronise with something else? Surely that can lead to subtle, hard
to debug breakage? Isn't that plain worse than refusing to run or
breaking out of execution?

A CMOV was never used in that way so the fact it took longer to trap
and execute an emulation wouldn't have been a problem.

Cheers,

Nick

On Wed, Sep 8, 2010 at 6:56 PM, Alan Cox <alan@...rguk.ukuu.org.uk> wrote:
>> If a process crashes because of NOPL usage, you get the feedback loop to fix it.
>
> Trouble is that means rebuilding entire distributios, who don't
> neccessarily care about Geode. We had the same problem before with cmov
> and the VIA processors, GCC programmers didn't read the Intel PPro
> manual and got it wrong but it was the end users who suffered, and most of
> them were not in a position to rebuild their distro (and every security
> update, and test them all ...) and their distro didn't care.
>
> So lots of people ran a kernel with a CMOV hack in it - never got
> mainstream which is unfortunate because if it had it would have helped
> a lot more people and had the hole in it fixed.
>
>> The beauty of open source is that we can recompile to correct the bad
>> assumption; the latest version of binutils (GAS) finally corrects the
>> bad semantic that generic i686 includes NOPL.
>
> And the reality is that this won't happen. Yes you can do it but it's an
> enormously slow and inefficient way to tackle the problem.
>
> So the patch (corrected) makes complete sense.
>
> Alan
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ