lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 May 2012 17:49:24 -0700 From: Tony Luck <tony.luck@...el.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: linux-kernel@...r.kernel.org Subject: [PATCH] x86/mce: Fix check for processor context when machine check was taken. Linus pointed out that checking "m->ip" was incorrect as "0" is a legitimate value. Also we need to consider that we may have interrupted VM86 execution (in which case "CS" isn't any use in determining user/kernel). Reported-by: Linus Torvalds <torvalds@...ux-foundation.org> Signed-off-by: Tony Luck <tony.luck@...el.com> --- In case you are unable to sleep at night worrying about those poor systems that don't recover because they do the wrong thing if there is a VM86 process running, or some malicious user has a "jmp 0" at the base of a code segment. Mea culpa: Andi fixed the VM86 part of this a year and a half ago, and I failed to pick up the fix from his tree when I took over. There are some other bits I need to pick up too. arch/x86/kernel/cpu/mcheck/mce-severity.c | 11 +++++------ arch/x86/kernel/cpu/mcheck/mce.c | 2 ++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/mcheck/mce-severity.c b/arch/x86/kernel/cpu/mcheck/mce-severity.c index 0c82091..5dfb77a 100644 --- a/arch/x86/kernel/cpu/mcheck/mce-severity.c +++ b/arch/x86/kernel/cpu/mcheck/mce-severity.c @@ -165,15 +165,14 @@ static struct severity { }; /* - * If the EIPV bit is set, it means the saved IP is the - * instruction which caused the MCE. + * No need to re-check mcgstatus here. We either found a + * good value for "cs" on the stack earlier (or faked one + * for the VM86 case) - or we didn't and "m->cs" will be + * zero which we will treat conservatively as "IN_KERNEL". */ static int error_context(struct mce *m) { - if (m->mcgstatus & MCG_STATUS_EIPV) - return (m->ip && (m->cs & 3) == 3) ? IN_USER : IN_KERNEL; - /* Unknown, assume kernel */ - return IN_KERNEL; + return ((m->cs & 3) == 3) ? IN_USER : IN_KERNEL; } int mce_severity(struct mce *m, int tolerant, char **msg) diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c index 11c9166..a2d53f3 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -437,6 +437,8 @@ static inline void mce_gather_info(struct mce *m, struct pt_regs *regs) if (m->mcgstatus & (MCG_STATUS_RIPV|MCG_STATUS_EIPV)) { m->ip = regs->ip; m->cs = regs->cs; + if (v8086_mode(regs)) + m->cs |= 3; /* fake user mode for VM86 */ } /* Use accurate RIP reporting if available. */ if (rip_msr) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists